1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Copyright 2019 Google LLC 4 */ 5 6 #ifndef __LINUX_BLK_CRYPTO_PROFILE_H 7 #define __LINUX_BLK_CRYPTO_PROFILE_H 8 9 #include <linux/bio.h> 10 #include <linux/blk-crypto.h> 11 12 struct blk_crypto_profile; 13 14 /** 15 * struct blk_crypto_ll_ops - functions to control inline encryption hardware 16 * 17 * Low-level operations for controlling inline encryption hardware. This 18 * interface must be implemented by storage drivers that support inline 19 * encryption. All functions may sleep, are serialized by profile->lock, and 20 * are never called while profile->dev (if set) is runtime-suspended. 21 */ 22 struct blk_crypto_ll_ops { 23 24 /** 25 * @keyslot_program: Program a key into the inline encryption hardware. 26 * 27 * Program @key into the specified @slot in the inline encryption 28 * hardware, overwriting any key that the keyslot may already contain. 29 * The keyslot is guaranteed to not be in-use by any I/O. 30 * 31 * This is required if the device has keyslots. Otherwise (i.e. if the 32 * device is a layered device, or if the device is real hardware that 33 * simply doesn't have the concept of keyslots) it is never called. 34 * 35 * Must return 0 on success, or -errno on failure. 36 */ 37 int (*keyslot_program)(struct blk_crypto_profile *profile, 38 const struct blk_crypto_key *key, 39 unsigned int slot); 40 41 /** 42 * @keyslot_evict: Evict a key from the inline encryption hardware. 43 * 44 * If the device has keyslots, this function must evict the key from the 45 * specified @slot. The slot will contain @key, but there should be no 46 * need for the @key argument to be used as @slot should be sufficient. 47 * The keyslot is guaranteed to not be in-use by any I/O. 48 * 49 * If the device doesn't have keyslots itself, this function must evict 50 * @key from any underlying devices. @slot won't be valid in this case. 51 * 52 * If there are no keyslots and no underlying devices, this function 53 * isn't required. 54 * 55 * Must return 0 on success, or -errno on failure. 56 */ 57 int (*keyslot_evict)(struct blk_crypto_profile *profile, 58 const struct blk_crypto_key *key, 59 unsigned int slot); 60 61 /** 62 * @derive_sw_secret: Derive the software secret from a hardware-wrapped 63 * key in ephemerally-wrapped form. 64 * 65 * This only needs to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED 66 * is supported. 67 * 68 * Must return 0 on success, -EBADMSG if the key is invalid, or another 69 * -errno code on other errors. 70 */ 71 int (*derive_sw_secret)(struct blk_crypto_profile *profile, 72 const u8 *eph_key, size_t eph_key_size, 73 u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]); 74 75 /** 76 * @import_key: Create a hardware-wrapped key by importing a raw key. 77 * 78 * This only needs to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED 79 * is supported. 80 * 81 * On success, must write the new key in long-term wrapped form to 82 * @lt_key and return its size in bytes. On failure, must return a 83 * -errno value. 84 */ 85 int (*import_key)(struct blk_crypto_profile *profile, 86 const u8 *raw_key, size_t raw_key_size, 87 u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); 88 89 /** 90 * @generate_key: Generate a hardware-wrapped key. 91 * 92 * This only needs to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED 93 * is supported. 94 * 95 * On success, must write the new key in long-term wrapped form to 96 * @lt_key and return its size in bytes. On failure, must return a 97 * -errno value. 98 */ 99 int (*generate_key)(struct blk_crypto_profile *profile, 100 u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); 101 102 /** 103 * @prepare_key: Prepare a hardware-wrapped key to be used. 104 * 105 * Prepare a hardware-wrapped key to be used by converting it from 106 * long-term wrapped form to ephemerally-wrapped form. This only needs 107 * to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED is supported. 108 * 109 * On success, must write the key in ephemerally-wrapped form to 110 * @eph_key and return its size in bytes. On failure, must return 111 * -EBADMSG if the key is invalid, or another -errno on other error. 112 */ 113 int (*prepare_key)(struct blk_crypto_profile *profile, 114 const u8 *lt_key, size_t lt_key_size, 115 u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); 116 }; 117 118 /** 119 * struct blk_crypto_profile - inline encryption profile for a device 120 * 121 * This struct contains a storage device's inline encryption capabilities (e.g. 122 * the supported crypto algorithms), driver-provided functions to control the 123 * inline encryption hardware (e.g. programming and evicting keys), and optional 124 * device-independent keyslot management data. 125 */ 126 struct blk_crypto_profile { 127 128 /* public: Drivers must initialize the following fields. */ 129 130 /** 131 * @ll_ops: Driver-provided functions to control the inline encryption 132 * hardware, e.g. program and evict keys. 133 */ 134 struct blk_crypto_ll_ops ll_ops; 135 136 /** 137 * @max_dun_bytes_supported: The maximum number of bytes supported for 138 * specifying the data unit number (DUN). Specifically, the range of 139 * supported DUNs is 0 through (1 << (8 * max_dun_bytes_supported)) - 1. 140 */ 141 unsigned int max_dun_bytes_supported; 142 143 /** 144 * @key_types_supported: A bitmask of the supported key types: 145 * BLK_CRYPTO_KEY_TYPE_RAW and/or BLK_CRYPTO_KEY_TYPE_HW_WRAPPED. 146 */ 147 unsigned int key_types_supported; 148 149 /** 150 * @modes_supported: Array of bitmasks that specifies whether each 151 * combination of crypto mode and data unit size is supported. 152 * Specifically, the i'th bit of modes_supported[crypto_mode] is set if 153 * crypto_mode can be used with a data unit size of (1 << i). Note that 154 * only data unit sizes that are powers of 2 can be supported. 155 */ 156 unsigned int modes_supported[BLK_ENCRYPTION_MODE_MAX]; 157 158 /** 159 * @dev: An optional device for runtime power management. If the driver 160 * provides this device, it will be runtime-resumed before any function 161 * in @ll_ops is called and will remain resumed during the call. 162 */ 163 struct device *dev; 164 165 /* private: The following fields shouldn't be accessed by drivers. */ 166 167 /* Number of keyslots, or 0 if not applicable */ 168 unsigned int num_slots; 169 170 /* 171 * Serializes all calls to functions in @ll_ops as well as all changes 172 * to @slot_hashtable. This can also be taken in read mode to look up 173 * keyslots while ensuring that they can't be changed concurrently. 174 */ 175 struct rw_semaphore lock; 176 struct lock_class_key lockdep_key; 177 178 /* List of idle slots, with least recently used slot at front */ 179 wait_queue_head_t idle_slots_wait_queue; 180 struct list_head idle_slots; 181 spinlock_t idle_slots_lock; 182 183 /* 184 * Hash table which maps struct *blk_crypto_key to keyslots, so that we 185 * can find a key's keyslot in O(1) time rather than O(num_slots). 186 * Protected by 'lock'. 187 */ 188 struct hlist_head *slot_hashtable; 189 unsigned int log_slot_ht_size; 190 191 /* Per-keyslot data */ 192 struct blk_crypto_keyslot *slots; 193 }; 194 195 int blk_crypto_profile_init(struct blk_crypto_profile *profile, 196 unsigned int num_slots); 197 198 int devm_blk_crypto_profile_init(struct device *dev, 199 struct blk_crypto_profile *profile, 200 unsigned int num_slots); 201 202 unsigned int blk_crypto_keyslot_index(struct blk_crypto_keyslot *slot); 203 204 void blk_crypto_reprogram_all_keys(struct blk_crypto_profile *profile); 205 206 void blk_crypto_profile_destroy(struct blk_crypto_profile *profile); 207 208 int blk_crypto_import_key(struct blk_crypto_profile *profile, 209 const u8 *raw_key, size_t raw_key_size, 210 u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); 211 212 int blk_crypto_generate_key(struct blk_crypto_profile *profile, 213 u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); 214 215 int blk_crypto_prepare_key(struct blk_crypto_profile *profile, 216 const u8 *lt_key, size_t lt_key_size, 217 u8 eph_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]); 218 219 void blk_crypto_intersect_capabilities(struct blk_crypto_profile *parent, 220 const struct blk_crypto_profile *child); 221 222 bool blk_crypto_has_capabilities(const struct blk_crypto_profile *target, 223 const struct blk_crypto_profile *reference); 224 225 void blk_crypto_update_capabilities(struct blk_crypto_profile *dst, 226 const struct blk_crypto_profile *src); 227 228 #endif /* __LINUX_BLK_CRYPTO_PROFILE_H */ 229