xref: /OK3568_Linux_fs/kernel/include/linux/keyslot-manager.h (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0 */
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun  * Copyright 2019 Google LLC
4*4882a593Smuzhiyun  */
5*4882a593Smuzhiyun 
6*4882a593Smuzhiyun #ifndef __LINUX_KEYSLOT_MANAGER_H
7*4882a593Smuzhiyun #define __LINUX_KEYSLOT_MANAGER_H
8*4882a593Smuzhiyun 
9*4882a593Smuzhiyun #include <linux/bio.h>
10*4882a593Smuzhiyun #include <linux/blk-crypto.h>
11*4882a593Smuzhiyun 
12*4882a593Smuzhiyun /* Inline crypto feature bits.  Must set at least one. */
13*4882a593Smuzhiyun enum {
14*4882a593Smuzhiyun 	/* Support for standard software-specified keys */
15*4882a593Smuzhiyun 	BLK_CRYPTO_FEATURE_STANDARD_KEYS = BIT(0),
16*4882a593Smuzhiyun 
17*4882a593Smuzhiyun 	/* Support for hardware-wrapped keys */
18*4882a593Smuzhiyun 	BLK_CRYPTO_FEATURE_WRAPPED_KEYS = BIT(1),
19*4882a593Smuzhiyun };
20*4882a593Smuzhiyun 
21*4882a593Smuzhiyun struct blk_keyslot_manager;
22*4882a593Smuzhiyun 
23*4882a593Smuzhiyun /**
24*4882a593Smuzhiyun  * struct blk_ksm_ll_ops - functions to manage keyslots in hardware
25*4882a593Smuzhiyun  * @keyslot_program:	Program the specified key into the specified slot in the
26*4882a593Smuzhiyun  *			inline encryption hardware.
27*4882a593Smuzhiyun  * @keyslot_evict:	Evict key from the specified keyslot in the hardware.
28*4882a593Smuzhiyun  *			The key is provided so that e.g. dm layers can evict
29*4882a593Smuzhiyun  *			keys from the devices that they map over.
30*4882a593Smuzhiyun  *			Returns 0 on success, -errno otherwise.
31*4882a593Smuzhiyun  * @derive_raw_secret:	(Optional) Derive a software secret from a
32*4882a593Smuzhiyun  *			hardware-wrapped key.  Returns 0 on success, -EOPNOTSUPP
33*4882a593Smuzhiyun  *			if unsupported on the hardware, or another -errno code.
34*4882a593Smuzhiyun  *
35*4882a593Smuzhiyun  * This structure should be provided by storage device drivers when they set up
36*4882a593Smuzhiyun  * a keyslot manager - this structure holds the function ptrs that the keyslot
37*4882a593Smuzhiyun  * manager will use to manipulate keyslots in the hardware.
38*4882a593Smuzhiyun  */
39*4882a593Smuzhiyun struct blk_ksm_ll_ops {
40*4882a593Smuzhiyun 	int (*keyslot_program)(struct blk_keyslot_manager *ksm,
41*4882a593Smuzhiyun 			       const struct blk_crypto_key *key,
42*4882a593Smuzhiyun 			       unsigned int slot);
43*4882a593Smuzhiyun 	int (*keyslot_evict)(struct blk_keyslot_manager *ksm,
44*4882a593Smuzhiyun 			     const struct blk_crypto_key *key,
45*4882a593Smuzhiyun 			     unsigned int slot);
46*4882a593Smuzhiyun 	int (*derive_raw_secret)(struct blk_keyslot_manager *ksm,
47*4882a593Smuzhiyun 				 const u8 *wrapped_key,
48*4882a593Smuzhiyun 				 unsigned int wrapped_key_size,
49*4882a593Smuzhiyun 				 u8 *secret, unsigned int secret_size);
50*4882a593Smuzhiyun };
51*4882a593Smuzhiyun 
52*4882a593Smuzhiyun struct blk_keyslot_manager {
53*4882a593Smuzhiyun 	/*
54*4882a593Smuzhiyun 	 * The struct blk_ksm_ll_ops that this keyslot manager will use
55*4882a593Smuzhiyun 	 * to perform operations like programming and evicting keys on the
56*4882a593Smuzhiyun 	 * device
57*4882a593Smuzhiyun 	 */
58*4882a593Smuzhiyun 	struct blk_ksm_ll_ops ksm_ll_ops;
59*4882a593Smuzhiyun 
60*4882a593Smuzhiyun 	/*
61*4882a593Smuzhiyun 	 * The maximum number of bytes supported for specifying the data unit
62*4882a593Smuzhiyun 	 * number.
63*4882a593Smuzhiyun 	 */
64*4882a593Smuzhiyun 	unsigned int max_dun_bytes_supported;
65*4882a593Smuzhiyun 
66*4882a593Smuzhiyun 	/*
67*4882a593Smuzhiyun 	 * The supported features as a bitmask of BLK_CRYPTO_FEATURE_* flags.
68*4882a593Smuzhiyun 	 * Most drivers should set BLK_CRYPTO_FEATURE_STANDARD_KEYS here.
69*4882a593Smuzhiyun 	 */
70*4882a593Smuzhiyun 	unsigned int features;
71*4882a593Smuzhiyun 
72*4882a593Smuzhiyun 	/*
73*4882a593Smuzhiyun 	 * Array of size BLK_ENCRYPTION_MODE_MAX of bitmasks that represents
74*4882a593Smuzhiyun 	 * whether a crypto mode and data unit size are supported. The i'th
75*4882a593Smuzhiyun 	 * bit of crypto_mode_supported[crypto_mode] is set iff a data unit
76*4882a593Smuzhiyun 	 * size of (1 << i) is supported. We only support data unit sizes
77*4882a593Smuzhiyun 	 * that are powers of 2.
78*4882a593Smuzhiyun 	 */
79*4882a593Smuzhiyun 	unsigned int crypto_modes_supported[BLK_ENCRYPTION_MODE_MAX];
80*4882a593Smuzhiyun 
81*4882a593Smuzhiyun 	/* Device for runtime power management (NULL if none) */
82*4882a593Smuzhiyun 	struct device *dev;
83*4882a593Smuzhiyun 
84*4882a593Smuzhiyun 	/* Here onwards are *private* fields for internal keyslot manager use */
85*4882a593Smuzhiyun 
86*4882a593Smuzhiyun 	unsigned int num_slots;
87*4882a593Smuzhiyun 
88*4882a593Smuzhiyun 	/* Protects programming and evicting keys from the device */
89*4882a593Smuzhiyun 	struct rw_semaphore lock;
90*4882a593Smuzhiyun 
91*4882a593Smuzhiyun 	/* List of idle slots, with least recently used slot at front */
92*4882a593Smuzhiyun 	wait_queue_head_t idle_slots_wait_queue;
93*4882a593Smuzhiyun 	struct list_head idle_slots;
94*4882a593Smuzhiyun 	spinlock_t idle_slots_lock;
95*4882a593Smuzhiyun 
96*4882a593Smuzhiyun 	/*
97*4882a593Smuzhiyun 	 * Hash table which maps struct *blk_crypto_key to keyslots, so that we
98*4882a593Smuzhiyun 	 * can find a key's keyslot in O(1) time rather than O(num_slots).
99*4882a593Smuzhiyun 	 * Protected by 'lock'.
100*4882a593Smuzhiyun 	 */
101*4882a593Smuzhiyun 	struct hlist_head *slot_hashtable;
102*4882a593Smuzhiyun 	unsigned int log_slot_ht_size;
103*4882a593Smuzhiyun 
104*4882a593Smuzhiyun 	/* Per-keyslot data */
105*4882a593Smuzhiyun 	struct blk_ksm_keyslot *slots;
106*4882a593Smuzhiyun };
107*4882a593Smuzhiyun 
108*4882a593Smuzhiyun int blk_ksm_init(struct blk_keyslot_manager *ksm, unsigned int num_slots);
109*4882a593Smuzhiyun 
110*4882a593Smuzhiyun int devm_blk_ksm_init(struct device *dev, struct blk_keyslot_manager *ksm,
111*4882a593Smuzhiyun 		      unsigned int num_slots);
112*4882a593Smuzhiyun 
113*4882a593Smuzhiyun blk_status_t blk_ksm_get_slot_for_key(struct blk_keyslot_manager *ksm,
114*4882a593Smuzhiyun 				      const struct blk_crypto_key *key,
115*4882a593Smuzhiyun 				      struct blk_ksm_keyslot **slot_ptr);
116*4882a593Smuzhiyun 
117*4882a593Smuzhiyun unsigned int blk_ksm_get_slot_idx(struct blk_ksm_keyslot *slot);
118*4882a593Smuzhiyun 
119*4882a593Smuzhiyun void blk_ksm_put_slot(struct blk_ksm_keyslot *slot);
120*4882a593Smuzhiyun 
121*4882a593Smuzhiyun bool blk_ksm_crypto_cfg_supported(struct blk_keyslot_manager *ksm,
122*4882a593Smuzhiyun 				  const struct blk_crypto_config *cfg);
123*4882a593Smuzhiyun 
124*4882a593Smuzhiyun int blk_ksm_evict_key(struct blk_keyslot_manager *ksm,
125*4882a593Smuzhiyun 		      const struct blk_crypto_key *key);
126*4882a593Smuzhiyun 
127*4882a593Smuzhiyun void blk_ksm_reprogram_all_keys(struct blk_keyslot_manager *ksm);
128*4882a593Smuzhiyun 
129*4882a593Smuzhiyun void blk_ksm_destroy(struct blk_keyslot_manager *ksm);
130*4882a593Smuzhiyun 
131*4882a593Smuzhiyun int blk_ksm_derive_raw_secret(struct blk_keyslot_manager *ksm,
132*4882a593Smuzhiyun 			      const u8 *wrapped_key,
133*4882a593Smuzhiyun 			      unsigned int wrapped_key_size,
134*4882a593Smuzhiyun 			      u8 *secret, unsigned int secret_size);
135*4882a593Smuzhiyun 
136*4882a593Smuzhiyun void blk_ksm_intersect_modes(struct blk_keyslot_manager *parent,
137*4882a593Smuzhiyun 			     const struct blk_keyslot_manager *child);
138*4882a593Smuzhiyun 
139*4882a593Smuzhiyun void blk_ksm_init_passthrough(struct blk_keyslot_manager *ksm);
140*4882a593Smuzhiyun 
141*4882a593Smuzhiyun bool blk_ksm_is_superset(struct blk_keyslot_manager *ksm_superset,
142*4882a593Smuzhiyun 			 struct blk_keyslot_manager *ksm_subset);
143*4882a593Smuzhiyun 
144*4882a593Smuzhiyun void blk_ksm_update_capabilities(struct blk_keyslot_manager *target_ksm,
145*4882a593Smuzhiyun 				 struct blk_keyslot_manager *reference_ksm);
146*4882a593Smuzhiyun 
147*4882a593Smuzhiyun #endif /* __LINUX_KEYSLOT_MANAGER_H */
148