mirror of https://github.com/Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
135 lines
4.0 KiB
135 lines
4.0 KiB
/* SPDX-License-Identifier: GPL-2.0 */ |
|
/* |
|
* Copyright 2019 Google LLC |
|
*/ |
|
|
|
#ifndef __LINUX_BLK_CRYPTO_H |
|
#define __LINUX_BLK_CRYPTO_H |
|
|
|
#include <linux/types.h> |
|
|
|
enum blk_crypto_mode_num { |
|
BLK_ENCRYPTION_MODE_INVALID, |
|
BLK_ENCRYPTION_MODE_AES_256_XTS, |
|
BLK_ENCRYPTION_MODE_AES_128_CBC_ESSIV, |
|
BLK_ENCRYPTION_MODE_ADIANTUM, |
|
BLK_ENCRYPTION_MODE_MAX, |
|
}; |
|
|
|
#define BLK_CRYPTO_MAX_KEY_SIZE 64 |
|
/** |
|
* struct blk_crypto_config - an inline encryption key's crypto configuration |
|
* @crypto_mode: encryption algorithm this key is for |
|
* @data_unit_size: the data unit size for all encryption/decryptions with this |
|
* key. This is the size in bytes of each individual plaintext and |
|
* ciphertext. This is always a power of 2. It might be e.g. the |
|
* filesystem block size or the disk sector size. |
|
* @dun_bytes: the maximum number of bytes of DUN used when using this key |
|
*/ |
|
struct blk_crypto_config { |
|
enum blk_crypto_mode_num crypto_mode; |
|
unsigned int data_unit_size; |
|
unsigned int dun_bytes; |
|
}; |
|
|
|
/** |
|
* struct blk_crypto_key - an inline encryption key |
|
* @crypto_cfg: the crypto configuration (like crypto_mode, key size) for this |
|
* key |
|
* @data_unit_size_bits: log2 of data_unit_size |
|
* @size: size of this key in bytes (determined by @crypto_cfg.crypto_mode) |
|
* @raw: the raw bytes of this key. Only the first @size bytes are used. |
|
* |
|
* A blk_crypto_key is immutable once created, and many bios can reference it at |
|
* the same time. It must not be freed until all bios using it have completed |
|
* and it has been evicted from all devices on which it may have been used. |
|
*/ |
|
struct blk_crypto_key { |
|
struct blk_crypto_config crypto_cfg; |
|
unsigned int data_unit_size_bits; |
|
unsigned int size; |
|
u8 raw[BLK_CRYPTO_MAX_KEY_SIZE]; |
|
}; |
|
|
|
#define BLK_CRYPTO_MAX_IV_SIZE 32 |
|
#define BLK_CRYPTO_DUN_ARRAY_SIZE (BLK_CRYPTO_MAX_IV_SIZE / sizeof(u64)) |
|
|
|
/** |
|
* struct bio_crypt_ctx - an inline encryption context |
|
* @bc_key: the key, algorithm, and data unit size to use |
|
* @bc_dun: the data unit number (starting IV) to use |
|
* |
|
* A bio_crypt_ctx specifies that the contents of the bio will be encrypted (for |
|
* write requests) or decrypted (for read requests) inline by the storage device |
|
* or controller, or by the crypto API fallback. |
|
*/ |
|
struct bio_crypt_ctx { |
|
const struct blk_crypto_key *bc_key; |
|
u64 bc_dun[BLK_CRYPTO_DUN_ARRAY_SIZE]; |
|
}; |
|
|
|
#include <linux/blk_types.h> |
|
#include <linux/blkdev.h> |
|
|
|
struct request; |
|
struct request_queue; |
|
|
|
#ifdef CONFIG_BLK_INLINE_ENCRYPTION |
|
|
|
static inline bool bio_has_crypt_ctx(struct bio *bio) |
|
{ |
|
return bio->bi_crypt_context; |
|
} |
|
|
|
void bio_crypt_set_ctx(struct bio *bio, const struct blk_crypto_key *key, |
|
const u64 dun[BLK_CRYPTO_DUN_ARRAY_SIZE], |
|
gfp_t gfp_mask); |
|
|
|
bool bio_crypt_dun_is_contiguous(const struct bio_crypt_ctx *bc, |
|
unsigned int bytes, |
|
const u64 next_dun[BLK_CRYPTO_DUN_ARRAY_SIZE]); |
|
|
|
int blk_crypto_init_key(struct blk_crypto_key *blk_key, const u8 *raw_key, |
|
enum blk_crypto_mode_num crypto_mode, |
|
unsigned int dun_bytes, |
|
unsigned int data_unit_size); |
|
|
|
int blk_crypto_start_using_key(const struct blk_crypto_key *key, |
|
struct request_queue *q); |
|
|
|
int blk_crypto_evict_key(struct request_queue *q, |
|
const struct blk_crypto_key *key); |
|
|
|
bool blk_crypto_config_supported(struct request_queue *q, |
|
const struct blk_crypto_config *cfg); |
|
|
|
#else /* CONFIG_BLK_INLINE_ENCRYPTION */ |
|
|
|
static inline bool bio_has_crypt_ctx(struct bio *bio) |
|
{ |
|
return false; |
|
} |
|
|
|
#endif /* CONFIG_BLK_INLINE_ENCRYPTION */ |
|
|
|
int __bio_crypt_clone(struct bio *dst, struct bio *src, gfp_t gfp_mask); |
|
/** |
|
* bio_crypt_clone - clone bio encryption context |
|
* @dst: destination bio |
|
* @src: source bio |
|
* @gfp_mask: memory allocation flags |
|
* |
|
* If @src has an encryption context, clone it to @dst. |
|
* |
|
* Return: 0 on success, -ENOMEM if out of memory. -ENOMEM is only possible if |
|
* @gfp_mask doesn't include %__GFP_DIRECT_RECLAIM. |
|
*/ |
|
static inline int bio_crypt_clone(struct bio *dst, struct bio *src, |
|
gfp_t gfp_mask) |
|
{ |
|
if (bio_has_crypt_ctx(src)) |
|
return __bio_crypt_clone(dst, src, gfp_mask); |
|
return 0; |
|
} |
|
|
|
#endif /* __LINUX_BLK_CRYPTO_H */
|
|
|