blk-crypto.h - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
blk-crypto.h (4115B)
      1/* SPDX-License-Identifier: GPL-2.0 */
      2/*
      3 * Copyright 2019 Google LLC
      4 */
      5
      6#ifndef __LINUX_BLK_CRYPTO_H
      7#define __LINUX_BLK_CRYPTO_H
      8
      9#include <linux/types.h>
     10
     11enum blk_crypto_mode_num {
     12	BLK_ENCRYPTION_MODE_INVALID,
     13	BLK_ENCRYPTION_MODE_AES_256_XTS,
     14	BLK_ENCRYPTION_MODE_AES_128_CBC_ESSIV,
     15	BLK_ENCRYPTION_MODE_ADIANTUM,
     16	BLK_ENCRYPTION_MODE_MAX,
     17};
     18
     19#define BLK_CRYPTO_MAX_KEY_SIZE		64
     20/**
     21 * struct blk_crypto_config - an inline encryption key's crypto configuration
     22 * @crypto_mode: encryption algorithm this key is for
     23 * @data_unit_size: the data unit size for all encryption/decryptions with this
     24 *	key.  This is the size in bytes of each individual plaintext and
     25 *	ciphertext.  This is always a power of 2.  It might be e.g. the
     26 *	filesystem block size or the disk sector size.
     27 * @dun_bytes: the maximum number of bytes of DUN used when using this key
     28 */
     29struct blk_crypto_config {
     30	enum blk_crypto_mode_num crypto_mode;
     31	unsigned int data_unit_size;
     32	unsigned int dun_bytes;
     33};
     34
     35/**
     36 * struct blk_crypto_key - an inline encryption key
     37 * @crypto_cfg: the crypto configuration (like crypto_mode, key size) for this
     38 *		key
     39 * @data_unit_size_bits: log2 of data_unit_size
     40 * @size: size of this key in bytes (determined by @crypto_cfg.crypto_mode)
     41 * @raw: the raw bytes of this key.  Only the first @size bytes are used.
     42 *
     43 * A blk_crypto_key is immutable once created, and many bios can reference it at
     44 * the same time.  It must not be freed until all bios using it have completed
     45 * and it has been evicted from all devices on which it may have been used.
     46 */
     47struct blk_crypto_key {
     48	struct blk_crypto_config crypto_cfg;
     49	unsigned int data_unit_size_bits;
     50	unsigned int size;
     51	u8 raw[BLK_CRYPTO_MAX_KEY_SIZE];
     52};
     53
     54#define BLK_CRYPTO_MAX_IV_SIZE		32
     55#define BLK_CRYPTO_DUN_ARRAY_SIZE	(BLK_CRYPTO_MAX_IV_SIZE / sizeof(u64))
     56
     57/**
     58 * struct bio_crypt_ctx - an inline encryption context
     59 * @bc_key: the key, algorithm, and data unit size to use
     60 * @bc_dun: the data unit number (starting IV) to use
     61 *
     62 * A bio_crypt_ctx specifies that the contents of the bio will be encrypted (for
     63 * write requests) or decrypted (for read requests) inline by the storage device
     64 * or controller, or by the crypto API fallback.
     65 */
     66struct bio_crypt_ctx {
     67	const struct blk_crypto_key	*bc_key;
     68	u64				bc_dun[BLK_CRYPTO_DUN_ARRAY_SIZE];
     69};
     70
     71#include <linux/blk_types.h>
     72#include <linux/blkdev.h>
     73
     74struct request;
     75struct request_queue;
     76
     77#ifdef CONFIG_BLK_INLINE_ENCRYPTION
     78
     79static inline bool bio_has_crypt_ctx(struct bio *bio)
     80{
     81	return bio->bi_crypt_context;
     82}
     83
     84void bio_crypt_set_ctx(struct bio *bio, const struct blk_crypto_key *key,
     85		       const u64 dun[BLK_CRYPTO_DUN_ARRAY_SIZE],
     86		       gfp_t gfp_mask);
     87
     88bool bio_crypt_dun_is_contiguous(const struct bio_crypt_ctx *bc,
     89				 unsigned int bytes,
     90				 const u64 next_dun[BLK_CRYPTO_DUN_ARRAY_SIZE]);
     91
     92int blk_crypto_init_key(struct blk_crypto_key *blk_key, const u8 *raw_key,
     93			enum blk_crypto_mode_num crypto_mode,
     94			unsigned int dun_bytes,
     95			unsigned int data_unit_size);
     96
     97int blk_crypto_start_using_key(const struct blk_crypto_key *key,
     98			       struct request_queue *q);
     99
    100int blk_crypto_evict_key(struct request_queue *q,
    101			 const struct blk_crypto_key *key);
    102
    103bool blk_crypto_config_supported(struct request_queue *q,
    104				 const struct blk_crypto_config *cfg);
    105
    106#else /* CONFIG_BLK_INLINE_ENCRYPTION */
    107
    108static inline bool bio_has_crypt_ctx(struct bio *bio)
    109{
    110	return false;
    111}
    112
    113#endif /* CONFIG_BLK_INLINE_ENCRYPTION */
    114
    115int __bio_crypt_clone(struct bio *dst, struct bio *src, gfp_t gfp_mask);
    116/**
    117 * bio_crypt_clone - clone bio encryption context
    118 * @dst: destination bio
    119 * @src: source bio
    120 * @gfp_mask: memory allocation flags
    121 *
    122 * If @src has an encryption context, clone it to @dst.
    123 *
    124 * Return: 0 on success, -ENOMEM if out of memory.  -ENOMEM is only possible if
    125 *	   @gfp_mask doesn't include %__GFP_DIRECT_RECLAIM.
    126 */
    127static inline int bio_crypt_clone(struct bio *dst, struct bio *src,
    128				  gfp_t gfp_mask)
    129{
    130	if (bio_has_crypt_ctx(src))
    131		return __bio_crypt_clone(dst, src, gfp_mask);
    132	return 0;
    133}
    134
    135#endif /* __LINUX_BLK_CRYPTO_H */