Merge "ANDROID: block: require drivers to declare supported crypto key type(s)"

	return false;

}

/**

 * blk_crypto_start_using_mode() - Start using a crypto algorithm on a device

 * @mode_num: the blk_crypto_mode we want to allocate ciphers for.

 * @data_unit_size: the data unit size that will be used

 * @q: the request queue for the device

 *

 * Upper layers must call this function to ensure that a the crypto API fallback

 * has transforms for this algorithm, if they become necessary.

 *

 * Return: 0 on success and -err on error.

/*

 * Prepare blk-crypto-fallback for the specified crypto mode.

 * Returns -ENOPKG if the needed crypto API support is missing.

 */

int blk_crypto_start_using_mode(enum blk_crypto_mode_num mode_num,

				unsigned int data_unit_size,

				struct request_queue *q)

int blk_crypto_fallback_start_using_mode(enum blk_crypto_mode_num mode_num)

{

	const char *cipher_str = blk_crypto_modes[mode_num].cipher_str;

	struct blk_crypto_keyslot *slotp;

	unsigned int i;

	int err = 0;

	if (likely(smp_load_acquire(&tfms_inited[mode_num])))

		return 0;

	/*

	 * If the keyslot manager of the request queue supports this

	 * crypto mode, then we don't need to allocate this mode.

	 */

	if (keyslot_manager_crypto_mode_supported(q->ksm, mode_num,

						  data_unit_size))

		return 0;

	mutex_lock(&tfms_init_lock);

	if (likely(tfms_inited[mode_num]))

		goto out;

	for (i = 0; i < blk_crypto_num_keyslots; i++) {

		slotp = &blk_crypto_keyslots[i];

		slotp->tfms[mode_num] = crypto_alloc_skcipher(

					blk_crypto_modes[mode_num].cipher_str,

					0, 0);

		slotp->tfms[mode_num] = crypto_alloc_skcipher(cipher_str, 0, 0);

		if (IS_ERR(slotp->tfms[mode_num])) {

			err = PTR_ERR(slotp->tfms[mode_num]);

			if (err == -ENOENT) {

				pr_warn_once("Missing crypto API support for \"%s\"\n",

					     cipher_str);

				err = -ENOPKG;

			}

			slotp->tfms[mode_num] = NULL;

			goto out_free_tfms;

		}

	mutex_unlock(&tfms_init_lock);

	return err;

}

EXPORT_SYMBOL_GPL(blk_crypto_start_using_mode);

int blk_crypto_fallback_evict_key(const struct blk_crypto_key *key)

{

		crypto_mode_supported[i] = 0xFFFFFFFF;

	crypto_mode_supported[BLK_ENCRYPTION_MODE_INVALID] = 0;

	blk_crypto_ksm = keyslot_manager_create(NULL, blk_crypto_num_keyslots,

	blk_crypto_ksm = keyslot_manager_create(

				NULL, blk_crypto_num_keyslots,

				&blk_crypto_ksm_ll_ops,

				BLK_CRYPTO_FEATURE_STANDARD_KEYS,

				crypto_mode_supported, NULL);

	if (!blk_crypto_ksm)

		return -ENOMEM;

#ifdef CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK

int blk_crypto_fallback_start_using_mode(enum blk_crypto_mode_num mode_num);

int blk_crypto_fallback_submit_bio(struct bio **bio_ptr);

bool blk_crypto_queue_decrypt_bio(struct bio *bio);

#else /* CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK */

static inline int

blk_crypto_fallback_start_using_mode(enum blk_crypto_mode_num mode_num)

{

	pr_warn_once("crypto API fallback is disabled\n");

	return -ENOPKG;

}

static inline bool bio_crypt_fallback_crypted(const struct bio_crypt_ctx *bc)

{

	return false;

	/* Get device keyslot if supported */

	if (keyslot_manager_crypto_mode_supported(q->ksm,

						  bc->bc_key->crypto_mode,

						  bc->bc_key->data_unit_size)) {

						  bc->bc_key->data_unit_size,

						  bc->bc_key->is_hw_wrapped)) {

		err = bio_crypt_ctx_acquire_keyslot(bc, q->ksm);

		if (!err)

			return 0;

}

EXPORT_SYMBOL_GPL(blk_crypto_init_key);

/**

 * blk_crypto_start_using_mode() - Start using blk-crypto on a device

 * @crypto_mode: the crypto mode that will be used

 * @data_unit_size: the data unit size that will be used

 * @is_hw_wrapped_key: whether the key will be hardware-wrapped

 * @q: the request queue for the device

 *

 * Upper layers must call this function to ensure that either the hardware

 * supports the needed crypto settings, or the crypto API fallback has

 * transforms for the needed mode allocated and ready to go.

 *

 * Return: 0 on success; -ENOPKG if the hardware doesn't support the crypto

 *	   settings and blk-crypto-fallback is either disabled or the needed

 *	   algorithm is disabled in the crypto API; or another -errno code.

 */

int blk_crypto_start_using_mode(enum blk_crypto_mode_num crypto_mode,

				unsigned int data_unit_size,

				bool is_hw_wrapped_key,

				struct request_queue *q)

{

	if (keyslot_manager_crypto_mode_supported(q->ksm, crypto_mode,

						  data_unit_size,

						  is_hw_wrapped_key))

		return 0;

	if (is_hw_wrapped_key) {

		pr_warn_once("hardware doesn't support wrapped keys\n");

		return -EOPNOTSUPP;

	}

	return blk_crypto_fallback_start_using_mode(crypto_mode);

}

EXPORT_SYMBOL_GPL(blk_crypto_start_using_mode);

/**

 * blk_crypto_evict_key() - Evict a key from any inline encryption hardware

 *			    it may have been programmed into

{

	if (q->ksm &&

	    keyslot_manager_crypto_mode_supported(q->ksm, key->crypto_mode,

						  key->data_unit_size))

						  key->data_unit_size,

						  key->is_hw_wrapped))

		return keyslot_manager_evict_key(q->ksm, key);

	return blk_crypto_fallback_evict_key(key);

struct keyslot_manager {

	unsigned int num_slots;

	struct keyslot_mgmt_ll_ops ksm_ll_ops;

	unsigned int features;

	unsigned int crypto_mode_supported[BLK_ENCRYPTION_MODE_MAX];

	void *ll_priv_data;

 * @ksm_ll_ops: The struct keyslot_mgmt_ll_ops for the device that this keyslot

 *		manager will use to perform operations like programming and

 *		evicting keys.

 * @features: The supported features as a bitmask of BLK_CRYPTO_FEATURE_* flags.

 *	      Most drivers should set BLK_CRYPTO_FEATURE_STANDARD_KEYS here.

 * @crypto_mode_supported:	Array of size BLK_ENCRYPTION_MODE_MAX of

 *				bitmasks that represents whether a crypto mode

 *				and data unit size are supported. The i'th bit

	struct device *dev,

	unsigned int num_slots,

	const struct keyslot_mgmt_ll_ops *ksm_ll_ops,

	unsigned int features,

	const unsigned int crypto_mode_supported[BLK_ENCRYPTION_MODE_MAX],

	void *ll_priv_data)

{

	ksm->num_slots = num_slots;

	ksm->ksm_ll_ops = *ksm_ll_ops;

	ksm->features = features;

	memcpy(ksm->crypto_mode_supported, crypto_mode_supported,

	       sizeof(ksm->crypto_mode_supported));

	ksm->ll_priv_data = ll_priv_data;

}

/**

 * keyslot_manager_crypto_mode_supported() - Find out if a crypto_mode/data

 *					     unit size combination is supported

 *					     by a ksm.

 * keyslot_manager_crypto_mode_supported() - Find out if a crypto_mode /

 *					     data unit size / is_hw_wrapped_key

 *					     combination is supported by a ksm.

 * @ksm: The keyslot manager to check

 * @crypto_mode: The crypto mode to check for.

 * @data_unit_size: The data_unit_size for the mode.

 * @is_hw_wrapped_key: Whether a hardware-wrapped key will be used.

 *

 * Calls and returns the result of the crypto_mode_supported function specified

 * by the ksm.

 *

 * Context: Process context.

 * Return: Whether or not this ksm supports the specified crypto_mode/

 *	   data_unit_size combo.

 * Return: Whether or not this ksm supports the specified crypto settings.

 */

bool keyslot_manager_crypto_mode_supported(struct keyslot_manager *ksm,

					   enum blk_crypto_mode_num crypto_mode,

					   unsigned int data_unit_size)

					   unsigned int data_unit_size,

					   bool is_hw_wrapped_key)

{

	if (!ksm)

		return false;

		return false;

	if (WARN_ON(!is_power_of_2(data_unit_size)))

		return false;

	if (is_hw_wrapped_key) {

		if (!(ksm->features & BLK_CRYPTO_FEATURE_WRAPPED_KEYS))

			return false;

	} else {

		if (!(ksm->features & BLK_CRYPTO_FEATURE_STANDARD_KEYS))

			return false;

	}

	return ksm->crypto_mode_supported[crypto_mode] & data_unit_size;

}

 * keyslot_manager_create_passthrough() - Create a passthrough keyslot manager

 * @dev: Device for runtime power management (NULL if none)

 * @ksm_ll_ops: The struct keyslot_mgmt_ll_ops

 * @features: Bitmask of BLK_CRYPTO_FEATURE_* flags

 * @crypto_mode_supported: Bitmasks for supported encryption modes

 * @ll_priv_data: Private data passed as is to the functions in ksm_ll_ops.

 *

struct keyslot_manager *keyslot_manager_create_passthrough(

	struct device *dev,

	const struct keyslot_mgmt_ll_ops *ksm_ll_ops,

	unsigned int features,

	const unsigned int crypto_mode_supported[BLK_ENCRYPTION_MODE_MAX],

	void *ll_priv_data)

{

		return NULL;

	ksm->ksm_ll_ops = *ksm_ll_ops;

	ksm->features = features;

	memcpy(ksm->crypto_mode_supported, crypto_mode_supported,

	       sizeof(ksm->crypto_mode_supported));

	ksm->ll_priv_data = ll_priv_data;

	if (child) {

		unsigned int i;

		parent->features &= child->features;

		for (i = 0; i < ARRAY_SIZE(child->crypto_mode_supported); i++) {

			parent->crypto_mode_supported[i] &=

				child->crypto_mode_supported[i];

		}

	} else {

		parent->features = 0;

		memset(parent->crypto_mode_supported, 0,

		       sizeof(parent->crypto_mode_supported));

	}

	}

	err = blk_crypto_start_using_mode(cipher->mode_num, dkc->sector_size,

					  dkc->is_hw_wrapped,

					  dkc->dev->bdev->bd_queue);

	if (err) {

		ti->error = "Error starting to use blk-crypto";