935b0c41ff
We need a way to tell which type of keys the inline crypto hardware
supports (standard, wrapped, or both), so that fallbacks can be used
when needed (either blk-crypto-fallback, or fscrypt fs-layer crypto).
We can't simply assume that
keyslot_mgmt_ll_ops::derive_raw_secret == NULL
means only standard keys are supported and that
keyslot_mgmt_ll_ops::derive_raw_secret != NULL
means that only wrapped keys are supported, because device-mapper
devices always implement this method. Also, hardware might support both
types of keys.
Therefore, add a field keyslot_manager::features which contains a
bitmask of flags which indicate the supported types of keys. Drivers
will need to fill this in. This patch makes the UFS standard crypto
code set BLK_CRYPTO_FEATURE_STANDARD_KEYS, but UFS variant drivers may
need to set BLK_CRYPTO_FEATURE_WRAPPED_KEYS instead.
Then, make keyslot_manager_crypto_mode_supported() take the key type
into account.
Bug: 137270441
Bug: 151100202
Test: 'atest vts_kernel_encryption_test' on Pixel 4 with the
inline crypto patches backported, and also on Cuttlefish.
Change-Id: Ied846c2767c1fd2f438792dcfd3649157e68b005
Signed-off-by: Eric Biggers <ebiggers@google.com>
59 lines
1.2 KiB
C
59 lines
1.2 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Copyright 2019 Google LLC
|
|
*/
|
|
|
|
#ifndef __LINUX_BLK_CRYPTO_H
|
|
#define __LINUX_BLK_CRYPTO_H
|
|
|
|
#include <linux/bio.h>
|
|
|
|
#ifdef CONFIG_BLK_INLINE_ENCRYPTION
|
|
|
|
int blk_crypto_submit_bio(struct bio **bio_ptr);
|
|
|
|
bool blk_crypto_endio(struct bio *bio);
|
|
|
|
int blk_crypto_init_key(struct blk_crypto_key *blk_key,
|
|
const u8 *raw_key, unsigned int raw_key_size,
|
|
bool is_hw_wrapped,
|
|
enum blk_crypto_mode_num crypto_mode,
|
|
unsigned int data_unit_size);
|
|
|
|
int blk_crypto_start_using_mode(enum blk_crypto_mode_num crypto_mode,
|
|
unsigned int data_unit_size,
|
|
bool is_hw_wrapped_key,
|
|
struct request_queue *q);
|
|
|
|
int blk_crypto_evict_key(struct request_queue *q,
|
|
const struct blk_crypto_key *key);
|
|
|
|
#else /* CONFIG_BLK_INLINE_ENCRYPTION */
|
|
|
|
static inline int blk_crypto_submit_bio(struct bio **bio_ptr)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline bool blk_crypto_endio(struct bio *bio)
|
|
{
|
|
return true;
|
|
}
|
|
|
|
#endif /* CONFIG_BLK_INLINE_ENCRYPTION */
|
|
|
|
#ifdef CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK
|
|
|
|
int blk_crypto_fallback_init(void);
|
|
|
|
#else /* CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK */
|
|
|
|
static inline int blk_crypto_fallback_init(void)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
#endif /* CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK */
|
|
|
|
#endif /* __LINUX_BLK_CRYPTO_H */
|