Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * Copyright 2019 Google LLC
4 */
5
6#ifndef __LINUX_KEYSLOT_MANAGER_H
7#define __LINUX_KEYSLOT_MANAGER_H
8
9#include <linux/bio.h>
10#include <linux/blk-crypto.h>
11
12struct blk_keyslot_manager;
13
14/**
15 * struct blk_ksm_ll_ops - functions to manage keyslots in hardware
16 * @keyslot_program: Program the specified key into the specified slot in the
17 * inline encryption hardware.
18 * @keyslot_evict: Evict key from the specified keyslot in the hardware.
19 * The key is provided so that e.g. dm layers can evict
20 * keys from the devices that they map over.
21 * Returns 0 on success, -errno otherwise.
22 *
23 * This structure should be provided by storage device drivers when they set up
24 * a keyslot manager - this structure holds the function ptrs that the keyslot
25 * manager will use to manipulate keyslots in the hardware.
26 */
27struct blk_ksm_ll_ops {
28 int (*keyslot_program)(struct blk_keyslot_manager *ksm,
29 const struct blk_crypto_key *key,
30 unsigned int slot);
31 int (*keyslot_evict)(struct blk_keyslot_manager *ksm,
32 const struct blk_crypto_key *key,
33 unsigned int slot);
34};
35
36struct blk_keyslot_manager {
37 /*
38 * The struct blk_ksm_ll_ops that this keyslot manager will use
39 * to perform operations like programming and evicting keys on the
40 * device
41 */
42 struct blk_ksm_ll_ops ksm_ll_ops;
43
44 /*
45 * The maximum number of bytes supported for specifying the data unit
46 * number.
47 */
48 unsigned int max_dun_bytes_supported;
49
50 /*
51 * Array of size BLK_ENCRYPTION_MODE_MAX of bitmasks that represents
52 * whether a crypto mode and data unit size are supported. The i'th
53 * bit of crypto_mode_supported[crypto_mode] is set iff a data unit
54 * size of (1 << i) is supported. We only support data unit sizes
55 * that are powers of 2.
56 */
57 unsigned int crypto_modes_supported[BLK_ENCRYPTION_MODE_MAX];
58
59 /* Device for runtime power management (NULL if none) */
60 struct device *dev;
61
62 /* Here onwards are *private* fields for internal keyslot manager use */
63
64 unsigned int num_slots;
65
66 /* Protects programming and evicting keys from the device */
67 struct rw_semaphore lock;
68
69 /* List of idle slots, with least recently used slot at front */
70 wait_queue_head_t idle_slots_wait_queue;
71 struct list_head idle_slots;
72 spinlock_t idle_slots_lock;
73
74 /*
75 * Hash table which maps struct *blk_crypto_key to keyslots, so that we
76 * can find a key's keyslot in O(1) time rather than O(num_slots).
77 * Protected by 'lock'.
78 */
79 struct hlist_head *slot_hashtable;
80 unsigned int log_slot_ht_size;
81
82 /* Per-keyslot data */
83 struct blk_ksm_keyslot *slots;
84};
85
86int blk_ksm_init(struct blk_keyslot_manager *ksm, unsigned int num_slots);
87
88blk_status_t blk_ksm_get_slot_for_key(struct blk_keyslot_manager *ksm,
89 const struct blk_crypto_key *key,
90 struct blk_ksm_keyslot **slot_ptr);
91
92unsigned int blk_ksm_get_slot_idx(struct blk_ksm_keyslot *slot);
93
94void blk_ksm_put_slot(struct blk_ksm_keyslot *slot);
95
96bool blk_ksm_crypto_cfg_supported(struct blk_keyslot_manager *ksm,
97 const struct blk_crypto_config *cfg);
98
99int blk_ksm_evict_key(struct blk_keyslot_manager *ksm,
100 const struct blk_crypto_key *key);
101
102void blk_ksm_reprogram_all_keys(struct blk_keyslot_manager *ksm);
103
104void blk_ksm_destroy(struct blk_keyslot_manager *ksm);
105
106#endif /* __LINUX_KEYSLOT_MANAGER_H */