Linux/include/linux/blk-crypto.h

Version: ~ [ linux-6.11-rc3 ] ~ [ linux-6.10.4 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.45 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.104 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.164 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.223 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.281 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.319 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Copyright 2019 Google LLC 4 */ 5 6 #ifndef __LINUX_BLK_CRYPTO_H 7 #define __LINUX_BLK_CRYPTO_H 8 9 #include <linux/types.h> 10 11 enum blk_crypto_mode_num { 12 BLK_ENCRYPTION_MODE_INVALID, 13 BLK_ENCRYPTION_MODE_AES_256_XTS, 14 BLK_ENCRYPTION_MODE_AES_128_CBC_ESSIV, 15 BLK_ENCRYPTION_MODE_ADIANTUM, 16 BLK_ENCRYPTION_MODE_SM4_XTS, 17 BLK_ENCRYPTION_MODE_MAX, 18 }; 19 20 #define BLK_CRYPTO_MAX_KEY_SIZE 64 21 /** 22 * struct blk_crypto_config - an inline encryption key's crypto configuration 23 * @crypto_mode: encryption algorithm this key is for 24 * @data_unit_size: the data unit size for all encryption/decryptions with this 25 * key. This is the size in bytes of each individual plaintext and 26 * ciphertext. This is always a power of 2. It might be e.g. the 27 * filesystem block size or the disk sector size. 28 * @dun_bytes: the maximum number of bytes of DUN used when using this key 29 */ 30 struct blk_crypto_config { 31 enum blk_crypto_mode_num crypto_mode; 32 unsigned int data_unit_size; 33 unsigned int dun_bytes; 34 }; 35 36 /** 37 * struct blk_crypto_key - an inline encryption key 38 * @crypto_cfg: the crypto configuration (like crypto_mode, key size) for this 39 * key 40 * @data_unit_size_bits: log2 of data_unit_size 41 * @size: size of this key in bytes (determined by @crypto_cfg.crypto_mode) 42 * @raw: the raw bytes of this key. Only the first @size bytes are used. 43 * 44 * A blk_crypto_key is immutable once created, and many bios can reference it at 45 * the same time. It must not be freed until all bios using it have completed 46 * and it has been evicted from all devices on which it may have been used. 47 */ 48 struct blk_crypto_key { 49 struct blk_crypto_config crypto_cfg; 50 unsigned int data_unit_size_bits; 51 unsigned int size; 52 u8 raw[BLK_CRYPTO_MAX_KEY_SIZE]; 53 }; 54 55 #define BLK_CRYPTO_MAX_IV_SIZE 32 56 #define BLK_CRYPTO_DUN_ARRAY_SIZE (BLK_CRYPTO_MAX_IV_SIZE / sizeof(u64)) 57 58 /** 59 * struct bio_crypt_ctx - an inline encryption context 60 * @bc_key: the key, algorithm, and data unit size to use 61 * @bc_dun: the data unit number (starting IV) to use 62 * 63 * A bio_crypt_ctx specifies that the contents of the bio will be encrypted (for 64 * write requests) or decrypted (for read requests) inline by the storage device 65 * or controller, or by the crypto API fallback. 66 */ 67 struct bio_crypt_ctx { 68 const struct blk_crypto_key *bc_key; 69 u64 bc_dun[BLK_CRYPTO_DUN_ARRAY_SIZE]; 70 }; 71 72 #include <linux/blk_types.h> 73 #include <linux/blkdev.h> 74 75 #ifdef CONFIG_BLK_INLINE_ENCRYPTION 76 77 static inline bool bio_has_crypt_ctx(struct bio *bio) 78 { 79 return bio->bi_crypt_context; 80 } 81 82 void bio_crypt_set_ctx(struct bio *bio, const struct blk_crypto_key *key, 83 const u64 dun[BLK_CRYPTO_DUN_ARRAY_SIZE], 84 gfp_t gfp_mask); 85 86 bool bio_crypt_dun_is_contiguous(const struct bio_crypt_ctx *bc, 87 unsigned int bytes, 88 const u64 next_dun[BLK_CRYPTO_DUN_ARRAY_SIZE]); 89 90 int blk_crypto_init_key(struct blk_crypto_key *blk_key, const u8 *raw_key, 91 enum blk_crypto_mode_num crypto_mode, 92 unsigned int dun_bytes, 93 unsigned int data_unit_size); 94 95 int blk_crypto_start_using_key(struct block_device *bdev, 96 const struct blk_crypto_key *key); 97 98 void blk_crypto_evict_key(struct block_device *bdev, 99 const struct blk_crypto_key *key); 100 101 bool blk_crypto_config_supported_natively(struct block_device *bdev, 102 const struct blk_crypto_config *cfg); 103 bool blk_crypto_config_supported(struct block_device *bdev, 104 const struct blk_crypto_config *cfg); 105 106 #else /* CONFIG_BLK_INLINE_ENCRYPTION */ 107 108 static inline bool bio_has_crypt_ctx(struct bio *bio) 109 { 110 return false; 111 } 112 113 #endif /* CONFIG_BLK_INLINE_ENCRYPTION */ 114 115 int __bio_crypt_clone(struct bio *dst, struct bio *src, gfp_t gfp_mask); 116 /** 117 * bio_crypt_clone - clone bio encryption context 118 * @dst: destination bio 119 * @src: source bio 120 * @gfp_mask: memory allocation flags 121 * 122 * If @src has an encryption context, clone it to @dst. 123 * 124 * Return: 0 on success, -ENOMEM if out of memory. -ENOMEM is only possible if 125 * @gfp_mask doesn't include %__GFP_DIRECT_RECLAIM. 126 */ 127 static inline int bio_crypt_clone(struct bio *dst, struct bio *src, 128 gfp_t gfp_mask) 129 { 130 if (bio_has_crypt_ctx(src)) 131 return __bio_crypt_clone(dst, src, gfp_mask); 132 return 0; 133 } 134 135 #endif /* __LINUX_BLK_CRYPTO_H */ 136

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/include/linux/blk-crypto.h

TOMOYO Linux Cross Reference
Linux/include/linux/blk-crypto.h