Revert "ANDROID: block: add hardware-wrapped key support"

This reverts ANDROID-block-add-hardware-wrapped-key-support.patch
because it is part of the hardware-wrapped keys feature, which conflicts
heavily with upstream refactoring in 5.16.  I've also reworked the
hardware-wrapped key patches when proposing them upstream
(https://lore.kernel.org/linux-block/20210916174928.65529-1-ebiggers@kernel.org).

To unblock the 5.16 merge, revert the hardware-wrapped key patches for
now.  I'll apply a new version of them after the 5.16 merge.

Bug: 160883801
Change-Id: I63378e3d37dfb0704133895795635990304a52c9
Signed-off-by: Eric Biggers <ebiggers@google.com>
(cherry picked from commit 1bb04b8e03)

block/blk-crypto-fallback.c

@@ -553,7 +553,6 @@ static int blk_crypto_fallback_init(void)
 
 	blk_crypto_ksm.ksm_ll_ops = blk_crypto_ksm_ll_ops;
 	blk_crypto_ksm.max_dun_bytes_supported = BLK_CRYPTO_MAX_IV_SIZE;
-	blk_crypto_ksm.features = BLK_CRYPTO_FEATURE_STANDARD_KEYS;
 
 	/* All blk-crypto modes have a crypto API fallback. */
 	for (i = 0; i < BLK_ENCRYPTION_MODE_MAX; i++)

block/blk-crypto.c

@@ -307,13 +307,8 @@ int __blk_crypto_rq_bio_prep(struct request *rq, struct bio *bio,
 /**
  * blk_crypto_init_key() - Prepare a key for use with blk-crypto
  * @blk_key: Pointer to the blk_crypto_key to initialize.
- * @raw_key: Pointer to the raw key.
- * @raw_key_size: Size of raw key.  Must be at least the required size for the
- *                chosen @crypto_mode; see blk_crypto_modes[].  (It's allowed
- *                to be longer than the mode's actual key size, in order to
- *                support inline encryption hardware that accepts wrapped keys.
- *                @is_hw_wrapped has to be set for such keys)
- * @is_hw_wrapped: Denotes @raw_key is wrapped.
+ * @raw_key: Pointer to the raw key. Must be the correct length for the chosen
+ *	     @crypto_mode; see blk_crypto_modes[].
  * @crypto_mode: identifier for the encryption algorithm to use
  * @dun_bytes: number of bytes that will be used to specify the DUN when this
  *	       key is used
@@ -322,9 +317,7 @@ int __blk_crypto_rq_bio_prep(struct request *rq, struct bio *bio,
  * Return: 0 on success, -errno on failure.  The caller is responsible for
  *	   zeroizing both blk_key and raw_key when done with them.
  */
-int blk_crypto_init_key(struct blk_crypto_key *blk_key,
-			const u8 *raw_key, unsigned int raw_key_size,
-			bool is_hw_wrapped,
+int blk_crypto_init_key(struct blk_crypto_key *blk_key, const u8 *raw_key,
 			enum blk_crypto_mode_num crypto_mode,
 			unsigned int dun_bytes,
 			unsigned int data_unit_size)
@@ -336,17 +329,9 @@ int blk_crypto_init_key(struct blk_crypto_key *blk_key,
 	if (crypto_mode >= ARRAY_SIZE(blk_crypto_modes))
 		return -EINVAL;
 
-	BUILD_BUG_ON(BLK_CRYPTO_MAX_WRAPPED_KEY_SIZE < BLK_CRYPTO_MAX_KEY_SIZE);
-
 	mode = &blk_crypto_modes[crypto_mode];
-	if (is_hw_wrapped) {
-		if (raw_key_size < mode->keysize ||
-		    raw_key_size > BLK_CRYPTO_MAX_WRAPPED_KEY_SIZE)
-			return -EINVAL;
-	} else {
-		if (raw_key_size != mode->keysize)
-			return -EINVAL;
-	}
+	if (mode->keysize == 0)
+		return -EINVAL;
 
 	if (dun_bytes == 0 || dun_bytes > mode->ivsize)
 		return -EINVAL;
@@ -357,10 +342,9 @@ int blk_crypto_init_key(struct blk_crypto_key *blk_key,
 	blk_key->crypto_cfg.crypto_mode = crypto_mode;
 	blk_key->crypto_cfg.dun_bytes = dun_bytes;
 	blk_key->crypto_cfg.data_unit_size = data_unit_size;
-	blk_key->crypto_cfg.is_hw_wrapped = is_hw_wrapped;
 	blk_key->data_unit_size_bits = ilog2(data_unit_size);
-	blk_key->size = raw_key_size;
-	memcpy(blk_key->raw, raw_key, raw_key_size);
+	blk_key->size = mode->keysize;
+	memcpy(blk_key->raw, raw_key, mode->keysize);
 
 	return 0;
 }
@@ -374,10 +358,8 @@ EXPORT_SYMBOL_GPL(blk_crypto_init_key);
 bool blk_crypto_config_supported(struct request_queue *q,
 				 const struct blk_crypto_config *cfg)
 {
-	if (IS_ENABLED(CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK) &&
-	    !cfg->is_hw_wrapped)
-		return true;
-	return blk_ksm_crypto_cfg_supported(q->ksm, cfg);
+	return IS_ENABLED(CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK) ||
+	       blk_ksm_crypto_cfg_supported(q->ksm, cfg);
 }
 
 /**
@@ -400,10 +382,6 @@ int blk_crypto_start_using_key(const struct blk_crypto_key *key,
 {
 	if (blk_ksm_crypto_cfg_supported(q->ksm, &key->crypto_cfg))
 		return 0;
-	if (key->crypto_cfg.is_hw_wrapped) {
-		pr_warn_once("hardware doesn't support wrapped keys\n");
-		return -EOPNOTSUPP;
-	}
 	return blk_crypto_fallback_start_using_mode(key->crypto_cfg.crypto_mode);
 }
 EXPORT_SYMBOL_GPL(blk_crypto_start_using_key);

block/keyslot-manager.c

@@ -340,13 +340,6 @@ bool blk_ksm_crypto_cfg_supported(struct blk_keyslot_manager *ksm,
 		return false;
 	if (ksm->max_dun_bytes_supported < cfg->dun_bytes)
 		return false;
-	if (cfg->is_hw_wrapped) {
-		if (!(ksm->features & BLK_CRYPTO_FEATURE_WRAPPED_KEYS))
-			return false;
-	} else {
-		if (!(ksm->features & BLK_CRYPTO_FEATURE_STANDARD_KEYS))
-			return false;
-	}
 	return true;
 }
 
@@ -460,44 +453,6 @@ void blk_ksm_unregister(struct request_queue *q)
 	q->ksm = NULL;
 }
 
-/**
- * blk_ksm_derive_raw_secret() - Derive software secret from wrapped key
- * @ksm: The keyslot manager
- * @wrapped_key: The wrapped key
- * @wrapped_key_size: Size of the wrapped key in bytes
- * @secret: (output) the software secret
- * @secret_size: (output) the number of secret bytes to derive
- *
- * Given a hardware-wrapped key, ask the hardware to derive a secret which
- * software can use for cryptographic tasks other than inline encryption.  The
- * derived secret is guaranteed to be cryptographically isolated from the key
- * with which any inline encryption with this wrapped key would actually be
- * done.  I.e., both will be derived from the unwrapped key.
- *
- * Return: 0 on success, -EOPNOTSUPP if hardware-wrapped keys are unsupported,
- *	   or another -errno code.
- */
-int blk_ksm_derive_raw_secret(struct blk_keyslot_manager *ksm,
-			      const u8 *wrapped_key,
-			      unsigned int wrapped_key_size,
-			      u8 *secret, unsigned int secret_size)
-{
-	int err;
-
-	if (ksm->ksm_ll_ops.derive_raw_secret) {
-		blk_ksm_hw_enter(ksm);
-		err = ksm->ksm_ll_ops.derive_raw_secret(ksm, wrapped_key,
-							wrapped_key_size,
-							secret, secret_size);
-		blk_ksm_hw_exit(ksm);
-	} else {
-		err = -EOPNOTSUPP;
-	}
-
-	return err;
-}
-EXPORT_SYMBOL_GPL(blk_ksm_derive_raw_secret);
-
 /**
  * blk_ksm_intersect_modes() - restrict supported modes by child device
  * @parent: The keyslot manager for parent device
@@ -523,12 +478,10 @@ void blk_ksm_intersect_modes(struct blk_keyslot_manager *parent,
 			parent->crypto_modes_supported[i] &=
 				child->crypto_modes_supported[i];
 		}
-		parent->features &= child->features;
 	} else {
 		parent->max_dun_bytes_supported = 0;
 		memset(parent->crypto_modes_supported, 0,
 		       sizeof(parent->crypto_modes_supported));
-		parent->features = 0;
 	}
 }
 EXPORT_SYMBOL_GPL(blk_ksm_intersect_modes);
@@ -568,9 +521,6 @@ bool blk_ksm_is_superset(struct blk_keyslot_manager *ksm_superset,
 		return false;
 	}
 
-	if (ksm_subset->features & ~ksm_superset->features)
-		return false;
-
 	return true;
 }
 EXPORT_SYMBOL_GPL(blk_ksm_is_superset);
@@ -607,8 +557,6 @@ void blk_ksm_update_capabilities(struct blk_keyslot_manager *target_ksm,
 
 	target_ksm->max_dun_bytes_supported =
 				reference_ksm->max_dun_bytes_supported;
-
-	target_ksm->features = reference_ksm->features;
 }
 EXPORT_SYMBOL_GPL(blk_ksm_update_capabilities);
 

drivers/md/dm-default-key.c

@@ -231,8 +231,7 @@ static int default_key_ctr(struct dm_target *ti, unsigned int argc, char **argv)
 		       (dkc->sector_bits - SECTOR_SHIFT);
 	dun_bytes = DIV_ROUND_UP(fls64(dkc->max_dun), 8);
 
-	err = blk_crypto_init_key(&dkc->key, raw_key, cipher->key_size,
-				  false, cipher->mode_num,
+	err = blk_crypto_init_key(&dkc->key, raw_key, cipher->mode_num,
 				  dun_bytes, dkc->sector_size);
 	if (err) {
 		ti->error = "Error initializing blk-crypto key";

drivers/md/dm-table.c

@@ -1303,8 +1303,6 @@ static int dm_table_construct_keyslot_manager(struct dm_table *t)
 	ksm->max_dun_bytes_supported = UINT_MAX;
 	memset(ksm->crypto_modes_supported, 0xFF,
 	       sizeof(ksm->crypto_modes_supported));
-	ksm->features = BLK_CRYPTO_FEATURE_STANDARD_KEYS |
-			BLK_CRYPTO_FEATURE_WRAPPED_KEYS;
 
 	for (i = 0; i < dm_table_get_num_targets(t); i++) {
 		ti = dm_table_get_target(t, i);

drivers/mmc/host/cqhci-crypto.c

@@ -209,8 +209,6 @@ int cqhci_crypto_init(struct cqhci_host *cq_host)
 	/* Unfortunately, CQHCI crypto only supports 32 DUN bits. */
 	ksm->max_dun_bytes_supported = 4;
 
-	ksm->features = BLK_CRYPTO_FEATURE_STANDARD_KEYS;
-
 	/*
 	 * Cache all the crypto capabilities and advertise the supported crypto
 	 * modes and data unit sizes to the block layer.

drivers/scsi/ufs/ufshcd-crypto.c

@@ -195,7 +195,6 @@ int ufshcd_hba_init_crypto_capabilities(struct ufs_hba *hba)
 	hba->ksm.ksm_ll_ops = ufshcd_ksm_ops;
 	/* UFS only supports 8 bytes for any DUN */
 	hba->ksm.max_dun_bytes_supported = 8;
-	hba->ksm.features = BLK_CRYPTO_FEATURE_STANDARD_KEYS;
 	hba->ksm.dev = hba->dev;
 
 	/*

fs/crypto/inline_crypt.c

@@ -106,7 +106,6 @@ int fscrypt_select_encryption_impl(struct fscrypt_info *ci)
 	crypto_cfg.crypto_mode = ci->ci_mode->blk_crypto_mode;
 	crypto_cfg.data_unit_size = sb->s_blocksize;
 	crypto_cfg.dun_bytes = fscrypt_get_dun_bytes(ci);
-	crypto_cfg.is_hw_wrapped = false;
 	num_devs = fscrypt_get_num_devices(sb);
 	devs = kmalloc_array(num_devs, sizeof(*devs), GFP_KERNEL);
 	if (!devs)
@@ -145,9 +144,8 @@ int fscrypt_prepare_inline_crypt_key(struct fscrypt_prepared_key *prep_key,
 	blk_key->num_devs = num_devs;
 	fscrypt_get_devices(sb, num_devs, blk_key->devs);
 
-	err = blk_crypto_init_key(&blk_key->base, raw_key, ci->ci_mode->keysize,
-				  false, crypto_mode, fscrypt_get_dun_bytes(ci),
-				  sb->s_blocksize);
+	err = blk_crypto_init_key(&blk_key->base, raw_key, crypto_mode,
+				  fscrypt_get_dun_bytes(ci), sb->s_blocksize);
 	if (err) {
 		fscrypt_err(inode, "error %d initializing blk-crypto key", err);
 		goto fail;

include/linux/blk-crypto.h

@@ -17,8 +17,6 @@ enum blk_crypto_mode_num {
 };
 
 #define BLK_CRYPTO_MAX_KEY_SIZE		64
-#define BLK_CRYPTO_MAX_WRAPPED_KEY_SIZE                128
-
 /**
  * struct blk_crypto_config - an inline encryption key's crypto configuration
  * @crypto_mode: encryption algorithm this key is for
@@ -27,14 +25,11 @@ enum blk_crypto_mode_num {
  *	ciphertext.  This is always a power of 2.  It might be e.g. the
  *	filesystem block size or the disk sector size.
  * @dun_bytes: the maximum number of bytes of DUN used when using this key
- * @is_hw_wrapped: @raw points to a wrapped key to be used by an inline
- *	encryption hardware that accepts wrapped keys.
  */
 struct blk_crypto_config {
 	enum blk_crypto_mode_num crypto_mode;
 	unsigned int data_unit_size;
 	unsigned int dun_bytes;
-	bool is_hw_wrapped;
 };
 
 /**
@@ -53,7 +48,7 @@ struct blk_crypto_key {
 	struct blk_crypto_config crypto_cfg;
 	unsigned int data_unit_size_bits;
 	unsigned int size;
-	u8 raw[BLK_CRYPTO_MAX_WRAPPED_KEY_SIZE];
+	u8 raw[BLK_CRYPTO_MAX_KEY_SIZE];
 };
 
 #define BLK_CRYPTO_MAX_IV_SIZE		32
@@ -94,9 +89,7 @@ bool bio_crypt_dun_is_contiguous(const struct bio_crypt_ctx *bc,
 				 unsigned int bytes,
 				 const u64 next_dun[BLK_CRYPTO_DUN_ARRAY_SIZE]);
 
-int blk_crypto_init_key(struct blk_crypto_key *blk_key,
-			const u8 *raw_key, unsigned int raw_key_size,
-			bool is_hw_wrapped,
+int blk_crypto_init_key(struct blk_crypto_key *blk_key, const u8 *raw_key,
 			enum blk_crypto_mode_num crypto_mode,
 			unsigned int dun_bytes,
 			unsigned int data_unit_size);

include/linux/keyslot-manager.h

@@ -9,15 +9,6 @@
 #include <linux/bio.h>
 #include <linux/blk-crypto.h>
 
-/* Inline crypto feature bits.  Must set at least one. */
-enum {
-	/* Support for standard software-specified keys */
-	BLK_CRYPTO_FEATURE_STANDARD_KEYS = BIT(0),
-
-	/* Support for hardware-wrapped keys */
-	BLK_CRYPTO_FEATURE_WRAPPED_KEYS = BIT(1),
-};
-
 struct blk_keyslot_manager;
 
 /**
@@ -28,9 +19,6 @@ struct blk_keyslot_manager;
  *			The key is provided so that e.g. dm layers can evict
  *			keys from the devices that they map over.
  *			Returns 0 on success, -errno otherwise.
- * @derive_raw_secret:	(Optional) Derive a software secret from a
- *			hardware-wrapped key.  Returns 0 on success, -EOPNOTSUPP
- *			if unsupported on the hardware, or another -errno code.
  *
  * This structure should be provided by storage device drivers when they set up
  * a keyslot manager - this structure holds the function ptrs that the keyslot
@@ -43,10 +31,6 @@ struct blk_ksm_ll_ops {
 	int (*keyslot_evict)(struct blk_keyslot_manager *ksm,
 			     const struct blk_crypto_key *key,
 			     unsigned int slot);
-	int (*derive_raw_secret)(struct blk_keyslot_manager *ksm,
-				 const u8 *wrapped_key,
-				 unsigned int wrapped_key_size,
-				 u8 *secret, unsigned int secret_size);
 };
 
 struct blk_keyslot_manager {
@@ -63,12 +47,6 @@ struct blk_keyslot_manager {
 	 */
 	unsigned int max_dun_bytes_supported;
 
-	/*
-	 * The supported features as a bitmask of BLK_CRYPTO_FEATURE_* flags.
-	 * Most drivers should set BLK_CRYPTO_FEATURE_STANDARD_KEYS here.
-	 */
-	unsigned int features;
-
 	/*
 	 * Array of size BLK_ENCRYPTION_MODE_MAX of bitmasks that represents
 	 * whether a crypto mode and data unit size are supported. The i'th
@@ -128,11 +106,6 @@ void blk_ksm_reprogram_all_keys(struct blk_keyslot_manager *ksm);
 
 void blk_ksm_destroy(struct blk_keyslot_manager *ksm);
 
-int blk_ksm_derive_raw_secret(struct blk_keyslot_manager *ksm,
-			      const u8 *wrapped_key,
-			      unsigned int wrapped_key_size,
-			      u8 *secret, unsigned int secret_size);
-
 void blk_ksm_intersect_modes(struct blk_keyslot_manager *parent,
 			     const struct blk_keyslot_manager *child);