• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * Copyright 2019 Google LLC
4  */
5 
6 #ifndef __LINUX_KEYSLOT_MANAGER_H
7 #define __LINUX_KEYSLOT_MANAGER_H
8 
9 #include <linux/bio.h>
10 
11 #ifdef CONFIG_BLK_INLINE_ENCRYPTION
12 
13 struct keyslot_manager;
14 
15 /**
16  * struct keyslot_mgmt_ll_ops - functions to manage keyslots in hardware
17  * @keyslot_program:	Program the specified key into the specified slot in the
18  *			inline encryption hardware.
19  * @keyslot_evict:	Evict key from the specified keyslot in the hardware.
20  *			The key is provided so that e.g. dm layers can evict
21  *			keys from the devices that they map over.
22  *			Returns 0 on success, -errno otherwise.
23  * @derive_raw_secret:	(Optional) Derive a software secret from a
24  *			hardware-wrapped key.  Returns 0 on success, -EOPNOTSUPP
25  *			if unsupported on the hardware, or another -errno code.
26  *
27  * This structure should be provided by storage device drivers when they set up
28  * a keyslot manager - this structure holds the function ptrs that the keyslot
29  * manager will use to manipulate keyslots in the hardware.
30  */
31 struct keyslot_mgmt_ll_ops {
32 	int (*keyslot_program)(struct keyslot_manager *ksm,
33 			       const struct blk_crypto_key *key,
34 			       unsigned int slot);
35 	int (*keyslot_evict)(struct keyslot_manager *ksm,
36 			     const struct blk_crypto_key *key,
37 			     unsigned int slot);
38 	int (*derive_raw_secret)(struct keyslot_manager *ksm,
39 				 const u8 *wrapped_key,
40 				 unsigned int wrapped_key_size,
41 				 u8 *secret, unsigned int secret_size);
42 };
43 
44 struct keyslot_manager *keyslot_manager_create(unsigned int num_slots,
45 	const struct keyslot_mgmt_ll_ops *ksm_ops,
46 	const unsigned int crypto_mode_supported[BLK_ENCRYPTION_MODE_MAX],
47 	void *ll_priv_data);
48 
49 int keyslot_manager_get_slot_for_key(struct keyslot_manager *ksm,
50 				     const struct blk_crypto_key *key);
51 
52 void keyslot_manager_get_slot(struct keyslot_manager *ksm, unsigned int slot);
53 
54 void keyslot_manager_put_slot(struct keyslot_manager *ksm, unsigned int slot);
55 
56 bool keyslot_manager_crypto_mode_supported(struct keyslot_manager *ksm,
57 					   enum blk_crypto_mode_num crypto_mode,
58 					   unsigned int data_unit_size);
59 
60 int keyslot_manager_evict_key(struct keyslot_manager *ksm,
61 			      const struct blk_crypto_key *key);
62 
63 void keyslot_manager_reprogram_all_keys(struct keyslot_manager *ksm);
64 
65 void *keyslot_manager_private(struct keyslot_manager *ksm);
66 
67 void keyslot_manager_destroy(struct keyslot_manager *ksm);
68 
69 struct keyslot_manager *keyslot_manager_create_passthrough(
70 	const struct keyslot_mgmt_ll_ops *ksm_ops,
71 	const unsigned int crypto_mode_supported[BLK_ENCRYPTION_MODE_MAX],
72 	void *ll_priv_data);
73 
74 void keyslot_manager_intersect_modes(struct keyslot_manager *parent,
75 				     const struct keyslot_manager *child);
76 
77 int keyslot_manager_derive_raw_secret(struct keyslot_manager *ksm,
78 				      const u8 *wrapped_key,
79 				      unsigned int wrapped_key_size,
80 				      u8 *secret, unsigned int secret_size);
81 
82 #endif /* CONFIG_BLK_INLINE_ENCRYPTION */
83 
84 #endif /* __LINUX_KEYSLOT_MANAGER_H */
85