On Wed, 21 Aug 2019 at 08:42, boojin.kim <boojin.kim@xxxxxxxxxxx> wrote: > > Diskcipher supports cryptographic operations of inline crypto engines like > FMP. Inline crypto engine refers to hardware and solutions implemented > to encrypt data stored in storage device. > > When encrypting using the FMP, Additional control is required > to carry and maintain the crypto information between > the encryption user(fscrypt, DM-crypt) and FMP driver. > Diskcipher provides this control. > > Diskcipher is a symmetric key cipher in linux crypto API to support FMP. > FMP are registered with the cihper algorithm that uses diskcipher. > > Diskcipher has three major steps. > The first step is to assign a cipher and set the key. > The second step is to pass the cipher through the BIO to the storage > driver. > The third step is to get the cipher from BIO and request a crypt > to FMP algorithm. > > In the first step, encryption users such as fscrypt or dm-crypt > allocate/release a diskcipher and set key into the diskcipher. > Diskcipher provides allocate(), free(), and setkey() that are similar > to existing ciphers. > > In the second step, BIO is used to pass the diskcipher to the storage > driver. > The BIO submitters such as ext4, f2fs and DM-crypt set diskcipher to BIO. > Diskcipher provides the set () API for this. > > In the third step, the storage driver extracts the diskcipher from the BIO > and requests the actual encryption behavior to inline crypto engine driver. > Diskcipher provides get() and crypt() APIs for this. > > Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > Cc: David S. Miller <davem@xxxxxxxxxxxxx> > Signed-off-by: Boojin Kim <boojin.kim@xxxxxxxxxxx> > --- > crypto/Kconfig | 9 ++ > crypto/Makefile | 1 + > crypto/diskcipher.c | 349 > ++++++++++++++++++++++++++++++++++++++++++++ > crypto/testmgr.c | 157 ++++++++++++++++++++ > include/crypto/diskcipher.h | 245 +++++++++++++++++++++++++++++++ > include/linux/crypto.h | 1 + > 6 files changed, 762 insertions(+) > create mode 100644 crypto/diskcipher.c > create mode 100644 include/crypto/diskcipher.h > > diff --git a/crypto/Kconfig b/crypto/Kconfig > index 455a335..382d43a 100644 > --- a/crypto/Kconfig > +++ b/crypto/Kconfig > @@ -1636,6 +1636,15 @@ config CRYPTO_TWOFISH_AVX_X86_64 > See also: > <http://www.schneier.com/twofish.html> > > +config CRYPTO_DISKCIPHER > + bool "Diskcipher support" > + default n > + help > + Disk cipher algorithm > + > + This cipher supports the crypt operation of the block host device > + that has inline crypto engine. > + > comment "Compression" > > config CRYPTO_DEFLATE > diff --git a/crypto/Makefile b/crypto/Makefile > index 0d2cdd5..71df76a 100644 > --- a/crypto/Makefile > +++ b/crypto/Makefile > @@ -165,6 +165,7 @@ obj-$(CONFIG_CRYPTO_USER_API_AEAD) += algif_aead.o > obj-$(CONFIG_CRYPTO_ZSTD) += zstd.o > obj-$(CONFIG_CRYPTO_OFB) += ofb.o > obj-$(CONFIG_CRYPTO_ECC) += ecc.o > +obj-$(CONFIG_CRYPTO_DISKCIPHER) += diskcipher.o > > ecdh_generic-y += ecdh.o > ecdh_generic-y += ecdh_helper.o > diff --git a/crypto/diskcipher.c b/crypto/diskcipher.c > new file mode 100644 > index 0000000..ffe95a5 > --- /dev/null > +++ b/crypto/diskcipher.c > @@ -0,0 +1,349 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later > +/* > + * Copyright (C) 2017 Samsung Electronics Co., Ltd. > + * > + * This program is free software; you can redistribute it and/or modify > + * it under the terms of the GNU General Public License as published by > + * the Free Software Foundation; either version 2 of the License, or > + * (at your option) any later version. > + */ > + > +#include <linux/kernel.h> > +#include <linux/blkdev.h> > +#include <linux/errno.h> > +#include <linux/module.h> > +#include <linux/seq_file.h> > +#include <linux/string.h> > +#include <linux/crypto.h> > +#include <crypto/algapi.h> > +#include <crypto/diskcipher.h> > +#include <linux/delay.h> > +#include <linux/mm_types.h> > +#include <linux/fs.h> > +#include <linux/fscrypt.h> > + > +#include "internal.h" > + > +static int crypto_diskcipher_check(struct bio *bio) > +{ > + struct crypto_diskcipher *ci = NULL; > + struct inode *inode = NULL; > + struct page *page = NULL; > + > + if (!bio) { > + pr_err("%s: doesn't exist bio\n", __func__); > + return 0; > + } > + > + /* enc without fscrypt */ > + ci = bio->bi_aux_private; > + if (!ci->inode) > + return 0; > + if (ci->algo == 0) > + return 0; > + > + page = bio->bi_io_vec[0].bv_page; > + if (!page || PageAnon(page) || !page->mapping || > !page->mapping->host) Your patch looks corrupted - wrapped by mailer. The easiest way usually is to use git format-patch and git send-email - then you do not have to worry about formatting etc. Best regards, Krzysztof
