1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Copyright 2019 Google LLC 4 */ 5 6 #ifndef __LINUX_KEYSLOT_MANAGER_H 7 #define __LINUX_KEYSLOT_MANAGER_H 8 9 #include <linux/bio.h> 10 #include <linux/blk-crypto.h> 11 12 struct blk_keyslot_manager; 13 14 /** 15 * struct blk_ksm_ll_ops - functions to manage keyslots in hardware 16 * @keyslot_program: Program the specified key into the specified slot in the 17 * inline encryption hardware. 18 * @keyslot_evict: Evict key from the specified keyslot in the hardware. 19 * The key is provided so that e.g. dm layers can evict 20 * keys from the devices that they map over. 21 * Returns 0 on success, -errno otherwise. 22 * 23 * This structure should be provided by storage device drivers when they set up 24 * a keyslot manager - this structure holds the function ptrs that the keyslot 25 * manager will use to manipulate keyslots in the hardware. 26 */ 27 struct blk_ksm_ll_ops { 28 int (*keyslot_program)(struct blk_keyslot_manager *ksm, 29 const struct blk_crypto_key *key, 30 unsigned int slot); 31 int (*keyslot_evict)(struct blk_keyslot_manager *ksm, 32 const struct blk_crypto_key *key, 33 unsigned int slot); 34 }; 35 36 struct blk_keyslot_manager { 37 /* 38 * The struct blk_ksm_ll_ops that this keyslot manager will use 39 * to perform operations like programming and evicting keys on the 40 * device 41 */ 42 struct blk_ksm_ll_ops ksm_ll_ops; 43 44 /* 45 * The maximum number of bytes supported for specifying the data unit 46 * number. 47 */ 48 unsigned int max_dun_bytes_supported; 49 50 /* 51 * Array of size BLK_ENCRYPTION_MODE_MAX of bitmasks that represents 52 * whether a crypto mode and data unit size are supported. The i'th 53 * bit of crypto_mode_supported[crypto_mode] is set iff a data unit 54 * size of (1 << i) is supported. We only support data unit sizes 55 * that are powers of 2. 56 */ 57 unsigned int crypto_modes_supported[BLK_ENCRYPTION_MODE_MAX]; 58 59 /* Device for runtime power management (NULL if none) */ 60 struct device *dev; 61 62 /* Here onwards are *private* fields for internal keyslot manager use */ 63 64 unsigned int num_slots; 65 66 /* Protects programming and evicting keys from the device */ 67 struct rw_semaphore lock; 68 69 /* List of idle slots, with least recently used slot at front */ 70 wait_queue_head_t idle_slots_wait_queue; 71 struct list_head idle_slots; 72 spinlock_t idle_slots_lock; 73 74 /* 75 * Hash table which maps struct *blk_crypto_key to keyslots, so that we 76 * can find a key's keyslot in O(1) time rather than O(num_slots). 77 * Protected by 'lock'. 78 */ 79 struct hlist_head *slot_hashtable; 80 unsigned int log_slot_ht_size; 81 82 /* Per-keyslot data */ 83 struct blk_ksm_keyslot *slots; 84 }; 85 86 int blk_ksm_init(struct blk_keyslot_manager *ksm, unsigned int num_slots); 87 88 blk_status_t blk_ksm_get_slot_for_key(struct blk_keyslot_manager *ksm, 89 const struct blk_crypto_key *key, 90 struct blk_ksm_keyslot **slot_ptr); 91 92 unsigned int blk_ksm_get_slot_idx(struct blk_ksm_keyslot *slot); 93 94 void blk_ksm_put_slot(struct blk_ksm_keyslot *slot); 95 96 bool blk_ksm_crypto_cfg_supported(struct blk_keyslot_manager *ksm, 97 const struct blk_crypto_config *cfg); 98 99 int blk_ksm_evict_key(struct blk_keyslot_manager *ksm, 100 const struct blk_crypto_key *key); 101 102 void blk_ksm_reprogram_all_keys(struct blk_keyslot_manager *ksm); 103 104 void blk_ksm_destroy(struct blk_keyslot_manager *ksm); 105 106 #endif /* __LINUX_KEYSLOT_MANAGER_H */ 107