1 /* SPDX-License-Identifier: GPL-2.0 */
3 * Copyright 2019 Google LLC
6 #ifndef __LINUX_BLK_CRYPTO_H
7 #define __LINUX_BLK_CRYPTO_H
9 #include <linux/types.h>
11 enum blk_crypto_mode_num {
12 BLK_ENCRYPTION_MODE_INVALID,
13 BLK_ENCRYPTION_MODE_AES_256_XTS,
14 BLK_ENCRYPTION_MODE_AES_128_CBC_ESSIV,
15 BLK_ENCRYPTION_MODE_ADIANTUM,
16 BLK_ENCRYPTION_MODE_MAX,
19 #define BLK_CRYPTO_MAX_KEY_SIZE 64
21 * struct blk_crypto_config - an inline encryption key's crypto configuration
22 * @crypto_mode: encryption algorithm this key is for
23 * @data_unit_size: the data unit size for all encryption/decryptions with this
24 * key. This is the size in bytes of each individual plaintext and
25 * ciphertext. This is always a power of 2. It might be e.g. the
26 * filesystem block size or the disk sector size.
27 * @dun_bytes: the maximum number of bytes of DUN used when using this key
29 struct blk_crypto_config {
30 enum blk_crypto_mode_num crypto_mode;
31 unsigned int data_unit_size;
32 unsigned int dun_bytes;
36 * struct blk_crypto_key - an inline encryption key
37 * @crypto_cfg: the crypto configuration (like crypto_mode, key size) for this
39 * @data_unit_size_bits: log2 of data_unit_size
40 * @size: size of this key in bytes (determined by @crypto_cfg.crypto_mode)
41 * @raw: the raw bytes of this key. Only the first @size bytes are used.
43 * A blk_crypto_key is immutable once created, and many bios can reference it at
44 * the same time. It must not be freed until all bios using it have completed
45 * and it has been evicted from all devices on which it may have been used.
47 struct blk_crypto_key {
48 struct blk_crypto_config crypto_cfg;
49 unsigned int data_unit_size_bits;
51 u8 raw[BLK_CRYPTO_MAX_KEY_SIZE];
54 #define BLK_CRYPTO_MAX_IV_SIZE 32
55 #define BLK_CRYPTO_DUN_ARRAY_SIZE (BLK_CRYPTO_MAX_IV_SIZE / sizeof(u64))
58 * struct bio_crypt_ctx - an inline encryption context
59 * @bc_key: the key, algorithm, and data unit size to use
60 * @bc_dun: the data unit number (starting IV) to use
62 * A bio_crypt_ctx specifies that the contents of the bio will be encrypted (for
63 * write requests) or decrypted (for read requests) inline by the storage device
64 * or controller, or by the crypto API fallback.
66 struct bio_crypt_ctx {
67 const struct blk_crypto_key *bc_key;
68 u64 bc_dun[BLK_CRYPTO_DUN_ARRAY_SIZE];
71 #include <linux/blk_types.h>
72 #include <linux/blkdev.h>
77 #ifdef CONFIG_BLK_INLINE_ENCRYPTION
79 static inline bool bio_has_crypt_ctx(struct bio *bio)
81 return bio->bi_crypt_context;
84 void bio_crypt_set_ctx(struct bio *bio, const struct blk_crypto_key *key,
85 const u64 dun[BLK_CRYPTO_DUN_ARRAY_SIZE],
88 bool bio_crypt_dun_is_contiguous(const struct bio_crypt_ctx *bc,
90 const u64 next_dun[BLK_CRYPTO_DUN_ARRAY_SIZE]);
92 int blk_crypto_init_key(struct blk_crypto_key *blk_key, const u8 *raw_key,
93 enum blk_crypto_mode_num crypto_mode,
94 unsigned int dun_bytes,
95 unsigned int data_unit_size);
97 int blk_crypto_start_using_key(const struct blk_crypto_key *key,
98 struct request_queue *q);
100 int blk_crypto_evict_key(struct request_queue *q,
101 const struct blk_crypto_key *key);
103 bool blk_crypto_config_supported(struct request_queue *q,
104 const struct blk_crypto_config *cfg);
106 #else /* CONFIG_BLK_INLINE_ENCRYPTION */
108 static inline bool bio_has_crypt_ctx(struct bio *bio)
113 #endif /* CONFIG_BLK_INLINE_ENCRYPTION */
115 int __bio_crypt_clone(struct bio *dst, struct bio *src, gfp_t gfp_mask);
117 * bio_crypt_clone - clone bio encryption context
118 * @dst: destination bio
120 * @gfp_mask: memory allocation flags
122 * If @src has an encryption context, clone it to @dst.
124 * Return: 0 on success, -ENOMEM if out of memory. -ENOMEM is only possible if
125 * @gfp_mask doesn't include %__GFP_DIRECT_RECLAIM.
127 static inline int bio_crypt_clone(struct bio *dst, struct bio *src,
130 if (bio_has_crypt_ctx(src))
131 return __bio_crypt_clone(dst, src, gfp_mask);
135 #endif /* __LINUX_BLK_CRYPTO_H */