Merge "ANDROID: block: backport the ability to specify max_dun_bytes"

	/* Get device keyslot if supported */

	if (keyslot_manager_crypto_mode_supported(q->ksm,

				bc->bc_key->crypto_mode,

				blk_crypto_key_dun_bytes(bc->bc_key),

				bc->bc_key->data_unit_size,

				bc->bc_key->is_hw_wrapped)) {

		err = bio_crypt_ctx_acquire_keyslot(bc, q->ksm);

 *                @is_hw_wrapped has to be set for such keys)

 * @is_hw_wrapped: Denotes @raw_key is wrapped.

 * @crypto_mode: identifier for the encryption algorithm to use

 * @dun_bytes: number of bytes that will be used to specify the DUN when this

 *	       key is used

 * @data_unit_size: the data unit size to use for en/decryption

 *

 * Return: The blk_crypto_key that was prepared, or an ERR_PTR() on error.  When

			const u8 *raw_key, unsigned int raw_key_size,

			bool is_hw_wrapped,

			enum blk_crypto_mode_num crypto_mode,

			unsigned int dun_bytes,

			unsigned int data_unit_size)

{

	const struct blk_crypto_mode *mode;

	static siphash_key_t hash_key;

	u32 hash;

	memset(blk_key, 0, sizeof(*blk_key));

			return -EINVAL;

	}

	if (dun_bytes <= 0 || dun_bytes > BLK_CRYPTO_MAX_IV_SIZE)

		return -EINVAL;

	if (!is_power_of_2(data_unit_size))

		return -EINVAL;

	 * precomputed here so that it only needs to be computed once per key.

	 */

	get_random_once(&hash_key, sizeof(hash_key));

	blk_key->hash = siphash(raw_key, raw_key_size, &hash_key);

	hash = (u32)siphash(raw_key, raw_key_size, &hash_key);

	blk_crypto_key_set_hash_and_dun_bytes(blk_key, hash, dun_bytes);

	return 0;

}

/**

 * blk_crypto_start_using_mode() - Start using blk-crypto on a device

 * @crypto_mode: the crypto mode that will be used

 * @dun_bytes: number of bytes that will be used to specify the DUN

 * @data_unit_size: the data unit size that will be used

 * @is_hw_wrapped_key: whether the key will be hardware-wrapped

 * @q: the request queue for the device

 *	   algorithm is disabled in the crypto API; or another -errno code.

 */

int blk_crypto_start_using_mode(enum blk_crypto_mode_num crypto_mode,

				unsigned int dun_bytes,

				unsigned int data_unit_size,

				bool is_hw_wrapped_key,

				struct request_queue *q)

{

	if (keyslot_manager_crypto_mode_supported(q->ksm, crypto_mode,

						  data_unit_size,

						  dun_bytes, data_unit_size,

						  is_hw_wrapped_key))

		return 0;

	if (is_hw_wrapped_key) {

{

	if (q->ksm &&

	    keyslot_manager_crypto_mode_supported(q->ksm, key->crypto_mode,

						  blk_crypto_key_dun_bytes(key),

						  key->data_unit_size,

						  key->is_hw_wrapped))

		return keyslot_manager_evict_key(q->ksm, key);

	struct keyslot_mgmt_ll_ops ksm_ll_ops;

	unsigned int features;

	unsigned int crypto_mode_supported[BLK_ENCRYPTION_MODE_MAX];

	unsigned int max_dun_bytes_supported;

	void *ll_priv_data;

#ifdef CONFIG_PM

	ksm->features = features;

	memcpy(ksm->crypto_mode_supported, crypto_mode_supported,

	       sizeof(ksm->crypto_mode_supported));

	ksm->max_dun_bytes_supported = BLK_CRYPTO_MAX_IV_SIZE;

	ksm->ll_priv_data = ll_priv_data;

	keyslot_manager_set_dev(ksm, dev);

}

EXPORT_SYMBOL_GPL(keyslot_manager_create);

void keyslot_manager_set_max_dun_bytes(struct keyslot_manager *ksm,

				       unsigned int max_dun_bytes)

{

	ksm->max_dun_bytes_supported = max_dun_bytes;

}

EXPORT_SYMBOL_GPL(keyslot_manager_set_max_dun_bytes);

static inline struct hlist_head *

hash_bucket_for_key(struct keyslot_manager *ksm,

		    const struct blk_crypto_key *key)

{

	return &ksm->slot_hashtable[key->hash & (ksm->slot_hashtable_size - 1)];

	return &ksm->slot_hashtable[blk_crypto_key_hash(key) &

				    (ksm->slot_hashtable_size - 1)];

}

static void remove_slot_from_lru_list(struct keyslot_manager *ksm, int slot)

 *					     combination is supported by a ksm.

 * @ksm: The keyslot manager to check

 * @crypto_mode: The crypto mode to check for.

 * @dun_bytes: The number of bytes that will be used to specify the DUN

 * @data_unit_size: The data_unit_size for the mode.

 * @is_hw_wrapped_key: Whether a hardware-wrapped key will be used.

 *

 */

bool keyslot_manager_crypto_mode_supported(struct keyslot_manager *ksm,

					   enum blk_crypto_mode_num crypto_mode,

					   unsigned int dun_bytes,

					   unsigned int data_unit_size,

					   bool is_hw_wrapped_key)

{

		if (!(ksm->features & BLK_CRYPTO_FEATURE_STANDARD_KEYS))

			return false;

	}

	return ksm->crypto_mode_supported[crypto_mode] & data_unit_size;

	if (!(ksm->crypto_mode_supported[crypto_mode] & data_unit_size))

		return false;

	return ksm->max_dun_bytes_supported >= dun_bytes;

}

/**

	ksm->features = features;

	memcpy(ksm->crypto_mode_supported, crypto_mode_supported,

	       sizeof(ksm->crypto_mode_supported));

	ksm->max_dun_bytes_supported = BLK_CRYPTO_MAX_IV_SIZE;

	ksm->ll_priv_data = ll_priv_data;

	keyslot_manager_set_dev(ksm, dev);

		unsigned int i;

		parent->features &= child->features;

		parent->max_dun_bytes_supported =

			min(parent->max_dun_bytes_supported,

			    child->max_dun_bytes_supported);

		for (i = 0; i < ARRAY_SIZE(child->crypto_mode_supported); i++) {

			parent->crypto_mode_supported[i] &=

				child->crypto_mode_supported[i];

		}

	} else {

		parent->features = 0;

		parent->max_dun_bytes_supported = 0;

		memset(parent->crypto_mode_supported, 0,

		       sizeof(parent->crypto_mode_supported));

	}

	err = blk_crypto_init_key(&dkc->key, raw_key, cipher->key_size,

				  dkc->is_hw_wrapped, cipher->mode_num,

				  dkc->sector_size);

				  sizeof(u64), dkc->sector_size);

	if (err) {

		ti->error = "Error initializing blk-crypto key";

		goto bad;

	}

	err = blk_crypto_start_using_mode(cipher->mode_num, dkc->sector_size,

					  dkc->is_hw_wrapped,

	err = blk_crypto_start_using_mode(cipher->mode_num, sizeof(u64),

					  dkc->sector_size, dkc->is_hw_wrapped,

					  dkc->dev->bdev->bd_queue);

	if (err) {

		ti->error = "Error starting to use blk-crypto";

		err = -ENOMEM;

		goto out_free_caps;

	}

	keyslot_manager_set_max_dun_bytes(hba->ksm, sizeof(u64));

	return 0;

		sb->s_cop->get_devices(sb, devs);

}

static unsigned int fscrypt_get_dun_bytes(const struct fscrypt_info *ci)

{

	unsigned int dun_bytes = 8;

	if (fscrypt_policy_flags(&ci->ci_policy) &

	    FSCRYPT_POLICY_FLAG_DIRECT_KEY)

		dun_bytes += FS_KEY_DERIVATION_NONCE_SIZE;

	return dun_bytes;

}

/* Enable inline encryption for this file if supported. */

int fscrypt_select_encryption_impl(struct fscrypt_info *ci,

				   bool is_hw_wrapped_key)

	const struct inode *inode = ci->ci_inode;

	struct super_block *sb = inode->i_sb;

	enum blk_crypto_mode_num crypto_mode = ci->ci_mode->blk_crypto_mode;

	unsigned int dun_bytes;

	struct request_queue **devs;

	int num_devs;

	int i;

	fscrypt_get_devices(sb, num_devs, devs);

	dun_bytes = fscrypt_get_dun_bytes(ci);

	for (i = 0; i < num_devs; i++) {

		if (!keyslot_manager_crypto_mode_supported(devs[i]->ksm,

							   crypto_mode,

							   dun_bytes,

							   sb->s_blocksize,

							   is_hw_wrapped_key))

			goto out_free_devs;

	const struct inode *inode = ci->ci_inode;

	struct super_block *sb = inode->i_sb;

	enum blk_crypto_mode_num crypto_mode = ci->ci_mode->blk_crypto_mode;

	unsigned int dun_bytes;

	int num_devs;

	int queue_refs = 0;

	struct fscrypt_blk_crypto_key *blk_key;

	blk_key->num_devs = num_devs;

	fscrypt_get_devices(sb, num_devs, blk_key->devs);

	dun_bytes = fscrypt_get_dun_bytes(ci);

	BUILD_BUG_ON(FSCRYPT_MAX_HW_WRAPPED_KEY_SIZE >

		     BLK_CRYPTO_MAX_WRAPPED_KEY_SIZE);

	err = blk_crypto_init_key(&blk_key->base, raw_key, raw_key_size,

				  is_hw_wrapped, crypto_mode, sb->s_blocksize);

				  is_hw_wrapped, crypto_mode, dun_bytes,

				  sb->s_blocksize);

	if (err) {

		fscrypt_err(inode, "error %d initializing blk-crypto key", err);

		goto fail;

		}

		queue_refs++;

		err = blk_crypto_start_using_mode(crypto_mode, sb->s_blocksize,

		err = blk_crypto_start_using_mode(crypto_mode, dun_bytes,

						  sb->s_blocksize,

						  is_hw_wrapped,

						  blk_key->devs[i]);

		if (err) {