1 /* SPDX-License-Identifier: GPL-2.0 */
3 * Copyright 2019 Google LLC
6 #ifndef __LINUX_BLK_CRYPTO_PROFILE_H
7 #define __LINUX_BLK_CRYPTO_PROFILE_H
10 #include <linux/blk-crypto.h>
12 struct blk_crypto_profile;
15 * struct blk_crypto_ll_ops - functions to control inline encryption hardware
17 * Low-level operations for controlling inline encryption hardware. This
18 * interface must be implemented by storage drivers that support inline
19 * encryption. All functions may sleep, are serialized by profile->lock, and
20 * are never called while profile->dev (if set) is runtime-suspended.
22 struct blk_crypto_ll_ops {
25 * @keyslot_program: Program a key into the inline encryption hardware.
27 * Program @key into the specified @slot in the inline encryption
28 * hardware, overwriting any key that the keyslot may already contain.
29 * The keyslot is guaranteed to not be in-use by any I/O.
31 * This is required if the device has keyslots. Otherwise (i.e. if the
32 * device is a layered device, or if the device is real hardware that
33 * simply doesn't have the concept of keyslots) it is never called.
35 * Must return 0 on success, or -errno on failure.
37 int (*keyslot_program)(struct blk_crypto_profile *profile,
38 const struct blk_crypto_key *key,
42 * @keyslot_evict: Evict a key from the inline encryption hardware.
44 * If the device has keyslots, this function must evict the key from the
45 * specified @slot. The slot will contain @key, but there should be no
46 * need for the @key argument to be used as @slot should be sufficient.
47 * The keyslot is guaranteed to not be in-use by any I/O.
49 * If the device doesn't have keyslots itself, this function must evict
50 * @key from any underlying devices. @slot won't be valid in this case.
52 * If there are no keyslots and no underlying devices, this function
55 * Must return 0 on success, or -errno on failure.
57 int (*keyslot_evict)(struct blk_crypto_profile *profile,
58 const struct blk_crypto_key *key,
63 * struct blk_crypto_profile - inline encryption profile for a device
65 * This struct contains a storage device's inline encryption capabilities (e.g.
66 * the supported crypto algorithms), driver-provided functions to control the
67 * inline encryption hardware (e.g. programming and evicting keys), and optional
68 * device-independent keyslot management data.
70 struct blk_crypto_profile {
72 /* public: Drivers must initialize the following fields. */
75 * @ll_ops: Driver-provided functions to control the inline encryption
76 * hardware, e.g. program and evict keys.
78 struct blk_crypto_ll_ops ll_ops;
81 * @max_dun_bytes_supported: The maximum number of bytes supported for
82 * specifying the data unit number (DUN). Specifically, the range of
83 * supported DUNs is 0 through (1 << (8 * max_dun_bytes_supported)) - 1.
85 unsigned int max_dun_bytes_supported;
88 * @modes_supported: Array of bitmasks that specifies whether each
89 * combination of crypto mode and data unit size is supported.
90 * Specifically, the i'th bit of modes_supported[crypto_mode] is set if
91 * crypto_mode can be used with a data unit size of (1 << i). Note that
92 * only data unit sizes that are powers of 2 can be supported.
94 unsigned int modes_supported[BLK_ENCRYPTION_MODE_MAX];
97 * @dev: An optional device for runtime power management. If the driver
98 * provides this device, it will be runtime-resumed before any function
99 * in @ll_ops is called and will remain resumed during the call.
103 /* private: The following fields shouldn't be accessed by drivers. */
105 /* Number of keyslots, or 0 if not applicable */
106 unsigned int num_slots;
109 * Serializes all calls to functions in @ll_ops as well as all changes
110 * to @slot_hashtable. This can also be taken in read mode to look up
111 * keyslots while ensuring that they can't be changed concurrently.
113 struct rw_semaphore lock;
115 /* List of idle slots, with least recently used slot at front */
116 wait_queue_head_t idle_slots_wait_queue;
117 struct list_head idle_slots;
118 spinlock_t idle_slots_lock;
121 * Hash table which maps struct *blk_crypto_key to keyslots, so that we
122 * can find a key's keyslot in O(1) time rather than O(num_slots).
123 * Protected by 'lock'.
125 struct hlist_head *slot_hashtable;
126 unsigned int log_slot_ht_size;
128 /* Per-keyslot data */
129 struct blk_crypto_keyslot *slots;
132 int blk_crypto_profile_init(struct blk_crypto_profile *profile,
133 unsigned int num_slots);
135 int devm_blk_crypto_profile_init(struct device *dev,
136 struct blk_crypto_profile *profile,
137 unsigned int num_slots);
139 unsigned int blk_crypto_keyslot_index(struct blk_crypto_keyslot *slot);
141 blk_status_t blk_crypto_get_keyslot(struct blk_crypto_profile *profile,
142 const struct blk_crypto_key *key,
143 struct blk_crypto_keyslot **slot_ptr);
145 void blk_crypto_put_keyslot(struct blk_crypto_keyslot *slot);
147 bool __blk_crypto_cfg_supported(struct blk_crypto_profile *profile,
148 const struct blk_crypto_config *cfg);
150 int __blk_crypto_evict_key(struct blk_crypto_profile *profile,
151 const struct blk_crypto_key *key);
153 void blk_crypto_reprogram_all_keys(struct blk_crypto_profile *profile);
155 void blk_crypto_profile_destroy(struct blk_crypto_profile *profile);
157 void blk_crypto_intersect_capabilities(struct blk_crypto_profile *parent,
158 const struct blk_crypto_profile *child);
160 bool blk_crypto_has_capabilities(const struct blk_crypto_profile *target,
161 const struct blk_crypto_profile *reference);
163 void blk_crypto_update_capabilities(struct blk_crypto_profile *dst,
164 const struct blk_crypto_profile *src);
166 #endif /* __LINUX_BLK_CRYPTO_PROFILE_H */
projects / linux-2.6-microblaze.git / blob