Back to home page

OSCL-LXR
 
 

     

0001 /* SPDX-License-Identifier: GPL-2.0 */
0002 /*
0003  * Copyright 2019 Google LLC
0004  */
0005 
0006 #ifndef __LINUX_BLK_CRYPTO_H
0007 #define __LINUX_BLK_CRYPTO_H
0008 
0009 #include <linux/types.h>
0010 
0011 enum blk_crypto_mode_num {
0012     BLK_ENCRYPTION_MODE_INVALID,
0013     BLK_ENCRYPTION_MODE_AES_256_XTS,
0014     BLK_ENCRYPTION_MODE_AES_128_CBC_ESSIV,
0015     BLK_ENCRYPTION_MODE_ADIANTUM,
0016     BLK_ENCRYPTION_MODE_MAX,
0017 };
0018 
0019 #define BLK_CRYPTO_MAX_KEY_SIZE     64
0020 /**
0021  * struct blk_crypto_config - an inline encryption key's crypto configuration
0022  * @crypto_mode: encryption algorithm this key is for
0023  * @data_unit_size: the data unit size for all encryption/decryptions with this
0024  *  key.  This is the size in bytes of each individual plaintext and
0025  *  ciphertext.  This is always a power of 2.  It might be e.g. the
0026  *  filesystem block size or the disk sector size.
0027  * @dun_bytes: the maximum number of bytes of DUN used when using this key
0028  */
0029 struct blk_crypto_config {
0030     enum blk_crypto_mode_num crypto_mode;
0031     unsigned int data_unit_size;
0032     unsigned int dun_bytes;
0033 };
0034 
0035 /**
0036  * struct blk_crypto_key - an inline encryption key
0037  * @crypto_cfg: the crypto configuration (like crypto_mode, key size) for this
0038  *      key
0039  * @data_unit_size_bits: log2 of data_unit_size
0040  * @size: size of this key in bytes (determined by @crypto_cfg.crypto_mode)
0041  * @raw: the raw bytes of this key.  Only the first @size bytes are used.
0042  *
0043  * A blk_crypto_key is immutable once created, and many bios can reference it at
0044  * the same time.  It must not be freed until all bios using it have completed
0045  * and it has been evicted from all devices on which it may have been used.
0046  */
0047 struct blk_crypto_key {
0048     struct blk_crypto_config crypto_cfg;
0049     unsigned int data_unit_size_bits;
0050     unsigned int size;
0051     u8 raw[BLK_CRYPTO_MAX_KEY_SIZE];
0052 };
0053 
0054 #define BLK_CRYPTO_MAX_IV_SIZE      32
0055 #define BLK_CRYPTO_DUN_ARRAY_SIZE   (BLK_CRYPTO_MAX_IV_SIZE / sizeof(u64))
0056 
0057 /**
0058  * struct bio_crypt_ctx - an inline encryption context
0059  * @bc_key: the key, algorithm, and data unit size to use
0060  * @bc_dun: the data unit number (starting IV) to use
0061  *
0062  * A bio_crypt_ctx specifies that the contents of the bio will be encrypted (for
0063  * write requests) or decrypted (for read requests) inline by the storage device
0064  * or controller, or by the crypto API fallback.
0065  */
0066 struct bio_crypt_ctx {
0067     const struct blk_crypto_key *bc_key;
0068     u64             bc_dun[BLK_CRYPTO_DUN_ARRAY_SIZE];
0069 };
0070 
0071 #include <linux/blk_types.h>
0072 #include <linux/blkdev.h>
0073 
0074 struct request;
0075 struct request_queue;
0076 
0077 #ifdef CONFIG_BLK_INLINE_ENCRYPTION
0078 
0079 static inline bool bio_has_crypt_ctx(struct bio *bio)
0080 {
0081     return bio->bi_crypt_context;
0082 }
0083 
0084 void bio_crypt_set_ctx(struct bio *bio, const struct blk_crypto_key *key,
0085                const u64 dun[BLK_CRYPTO_DUN_ARRAY_SIZE],
0086                gfp_t gfp_mask);
0087 
0088 bool bio_crypt_dun_is_contiguous(const struct bio_crypt_ctx *bc,
0089                  unsigned int bytes,
0090                  const u64 next_dun[BLK_CRYPTO_DUN_ARRAY_SIZE]);
0091 
0092 int blk_crypto_init_key(struct blk_crypto_key *blk_key, const u8 *raw_key,
0093             enum blk_crypto_mode_num crypto_mode,
0094             unsigned int dun_bytes,
0095             unsigned int data_unit_size);
0096 
0097 int blk_crypto_start_using_key(const struct blk_crypto_key *key,
0098                    struct request_queue *q);
0099 
0100 int blk_crypto_evict_key(struct request_queue *q,
0101              const struct blk_crypto_key *key);
0102 
0103 bool blk_crypto_config_supported(struct request_queue *q,
0104                  const struct blk_crypto_config *cfg);
0105 
0106 #else /* CONFIG_BLK_INLINE_ENCRYPTION */
0107 
0108 static inline bool bio_has_crypt_ctx(struct bio *bio)
0109 {
0110     return false;
0111 }
0112 
0113 #endif /* CONFIG_BLK_INLINE_ENCRYPTION */
0114 
0115 int __bio_crypt_clone(struct bio *dst, struct bio *src, gfp_t gfp_mask);
0116 /**
0117  * bio_crypt_clone - clone bio encryption context
0118  * @dst: destination bio
0119  * @src: source bio
0120  * @gfp_mask: memory allocation flags
0121  *
0122  * If @src has an encryption context, clone it to @dst.
0123  *
0124  * Return: 0 on success, -ENOMEM if out of memory.  -ENOMEM is only possible if
0125  *     @gfp_mask doesn't include %__GFP_DIRECT_RECLAIM.
0126  */
0127 static inline int bio_crypt_clone(struct bio *dst, struct bio *src,
0128                   gfp_t gfp_mask)
0129 {
0130     if (bio_has_crypt_ctx(src))
0131         return __bio_crypt_clone(dst, src, gfp_mask);
0132     return 0;
0133 }
0134 
0135 #endif /* __LINUX_BLK_CRYPTO_H */
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!