include/linux/blk-crypto-profile.h

Source file repositories/reference/linux-study-clean/include/linux/blk-crypto-profile.h

File Facts

System
Linux kernel
Corpus path
include/linux/blk-crypto-profile.h
Extension
.h
Size
8100 bytes
Lines
229
Domain
Representative Device Path
Bucket
PCIe NVMe Storage Path
Inferred role
Representative Device Path: implementation source
Status
source implementation candidate

Why This File Exists

Part of the selected hardware vertical slice: PCI discovery, driver binding, NVMe queues, block requests, DMA, interrupts, and completion.

Dependency Surface

Detected Declarations

Annotated Snippet

struct blk_crypto_ll_ops {

	/**
	 * @keyslot_program: Program a key into the inline encryption hardware.
	 *
	 * Program @key into the specified @slot in the inline encryption
	 * hardware, overwriting any key that the keyslot may already contain.
	 * The keyslot is guaranteed to not be in-use by any I/O.
	 *
	 * This is required if the device has keyslots.  Otherwise (i.e. if the
	 * device is a layered device, or if the device is real hardware that
	 * simply doesn't have the concept of keyslots) it is never called.
	 *
	 * Must return 0 on success, or -errno on failure.
	 */
	int (*keyslot_program)(struct blk_crypto_profile *profile,
			       const struct blk_crypto_key *key,
			       unsigned int slot);

	/**
	 * @keyslot_evict: Evict a key from the inline encryption hardware.
	 *
	 * If the device has keyslots, this function must evict the key from the
	 * specified @slot.  The slot will contain @key, but there should be no
	 * need for the @key argument to be used as @slot should be sufficient.
	 * The keyslot is guaranteed to not be in-use by any I/O.
	 *
	 * If the device doesn't have keyslots itself, this function must evict
	 * @key from any underlying devices.  @slot won't be valid in this case.
	 *
	 * If there are no keyslots and no underlying devices, this function
	 * isn't required.
	 *
	 * Must return 0 on success, or -errno on failure.
	 */
	int (*keyslot_evict)(struct blk_crypto_profile *profile,
			     const struct blk_crypto_key *key,
			     unsigned int slot);

	/**
	 * @derive_sw_secret: Derive the software secret from a hardware-wrapped
	 *		      key in ephemerally-wrapped form.
	 *
	 * This only needs to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED
	 * is supported.
	 *
	 * Must return 0 on success, -EBADMSG if the key is invalid, or another
	 * -errno code on other errors.
	 */
	int (*derive_sw_secret)(struct blk_crypto_profile *profile,
				const u8 *eph_key, size_t eph_key_size,
				u8 sw_secret[BLK_CRYPTO_SW_SECRET_SIZE]);

	/**
	 * @import_key: Create a hardware-wrapped key by importing a raw key.
	 *
	 * This only needs to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED
	 * is supported.
	 *
	 * On success, must write the new key in long-term wrapped form to
	 * @lt_key and return its size in bytes.  On failure, must return a
	 * -errno value.
	 */
	int (*import_key)(struct blk_crypto_profile *profile,
			  const u8 *raw_key, size_t raw_key_size,
			  u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]);

	/**
	 * @generate_key: Generate a hardware-wrapped key.
	 *
	 * This only needs to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED
	 * is supported.
	 *
	 * On success, must write the new key in long-term wrapped form to
	 * @lt_key and return its size in bytes.  On failure, must return a
	 * -errno value.
	 */
	int (*generate_key)(struct blk_crypto_profile *profile,
			    u8 lt_key[BLK_CRYPTO_MAX_HW_WRAPPED_KEY_SIZE]);

	/**
	 * @prepare_key: Prepare a hardware-wrapped key to be used.
	 *
	 * Prepare a hardware-wrapped key to be used by converting it from
	 * long-term wrapped form to ephemerally-wrapped form.  This only needs
	 * to be implemented if BLK_CRYPTO_KEY_TYPE_HW_WRAPPED is supported.
	 *
	 * On success, must write the key in ephemerally-wrapped form to
	 * @eph_key and return its size in bytes.  On failure, must return
	 * -EBADMSG if the key is invalid, or another -errno on other error.

Annotation

Implementation Notes