7abc033ea9
Introduce the ability for an encryption key to be passed through 'struct bio' to the "PFK" module for use by inline encryption with Qualcomm ICE. This will be used to specify a default key for metadata encryption. Instead of referencing the keyring key (struct key) directly as we did in the marlin kernel, require users to provide a structure directly containing the key material. Referencing a keyring key from struct bio is incorrect because userspace can call keyctl_revoke() at any time, causing the key's payload to be freed; so unless the key semaphore is held, there's no guarantee the payload will live until the bio is done. For now, leave in place most of the PFK code, including the "get the bio's inode and call back into ext4 to get the key" hack. This is necessary for now, though really this should be implemented by having ext4 set the key in its bios, and refactoring the "PFK" module's functionality into more appropriate places in block/ and drivers/. But in any case, keys specified by ext4 will override the "default" key, as intended. Signed-off-by: Eric Biggers <ebiggers@google.com> Change-Id: I4295abaeecf6f7ab8c9854eb80d928f40500fde2
71 lines
1.9 KiB
C
71 lines
1.9 KiB
C
/* Copyright (c) 2015-2017, The Linux Foundation. All rights reserved.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 and
|
|
* only version 2 as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*/
|
|
|
|
#ifndef PFK_H_
|
|
#define PFK_H_
|
|
|
|
#include <linux/bio.h>
|
|
|
|
struct ice_crypto_setting;
|
|
|
|
/*
|
|
* Default key for inline encryption.
|
|
*
|
|
* For now only AES-256-XTS is supported, so this is a fixed length. But if
|
|
* ever needed, this should be made variable-length with a 'mode' and 'size'.
|
|
* (Remember to update pfk_allow_merge_bio() when doing so!)
|
|
*/
|
|
#define BLK_ENCRYPTION_KEY_SIZE_AES_256_XTS 64
|
|
|
|
struct blk_encryption_key {
|
|
u8 raw[BLK_ENCRYPTION_KEY_SIZE_AES_256_XTS];
|
|
};
|
|
|
|
#ifdef CONFIG_PFK
|
|
|
|
int pfk_load_key_start(const struct bio *bio,
|
|
struct ice_crypto_setting *ice_setting, bool *is_pfe, bool);
|
|
int pfk_load_key_end(const struct bio *bio, bool *is_pfe);
|
|
int pfk_remove_key(const unsigned char *key, size_t key_size);
|
|
bool pfk_allow_merge_bio(const struct bio *bio1, const struct bio *bio2);
|
|
void pfk_clear_on_reset(void);
|
|
|
|
#else
|
|
static inline int pfk_load_key_start(const struct bio *bio,
|
|
struct ice_crypto_setting *ice_setting, bool *is_pfe, bool async)
|
|
{
|
|
return -ENODEV;
|
|
}
|
|
|
|
static inline int pfk_load_key_end(const struct bio *bio, bool *is_pfe)
|
|
{
|
|
return -ENODEV;
|
|
}
|
|
|
|
static inline int pfk_remove_key(const unsigned char *key, size_t key_size)
|
|
{
|
|
return -ENODEV;
|
|
}
|
|
|
|
static inline bool pfk_allow_merge_bio(const struct bio *bio1,
|
|
const struct bio *bio2)
|
|
{
|
|
return true;
|
|
}
|
|
|
|
static inline void pfk_clear_on_reset(void)
|
|
{}
|
|
|
|
#endif /* CONFIG_PFK */
|
|
|
|
#endif /* PFK_H */
|