]>
git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - arch/s390/include/asm/pkey.h
2 * Kernelspace interface to the pkey device driver
4 * Copyright IBM Corp. 2016
6 * Author: Harald Freudenberger <freude@de.ibm.com>
13 #include <linux/ioctl.h>
14 #include <linux/types.h>
15 #include <uapi/asm/pkey.h>
18 * Generate (AES) random secure key.
19 * @param cardnr may be -1 (use default card)
20 * @param domain may be -1 (use default domain)
21 * @param keytype one of the PKEY_KEYTYPE values
22 * @param seckey pointer to buffer receiving the secure key
23 * @return 0 on success, negative errno value on failure
25 int pkey_genseckey(__u16 cardnr
, __u16 domain
,
26 __u32 keytype
, struct pkey_seckey
*seckey
);
29 * Generate (AES) secure key with given key value.
30 * @param cardnr may be -1 (use default card)
31 * @param domain may be -1 (use default domain)
32 * @param keytype one of the PKEY_KEYTYPE values
33 * @param clrkey pointer to buffer with clear key data
34 * @param seckey pointer to buffer receiving the secure key
35 * @return 0 on success, negative errno value on failure
37 int pkey_clr2seckey(__u16 cardnr
, __u16 domain
, __u32 keytype
,
38 const struct pkey_clrkey
*clrkey
,
39 struct pkey_seckey
*seckey
);
42 * Derive (AES) proteced key from the (AES) secure key blob.
43 * @param cardnr may be -1 (use default card)
44 * @param domain may be -1 (use default domain)
45 * @param seckey pointer to buffer with the input secure key
46 * @param protkey pointer to buffer receiving the protected key and
47 * additional info (type, length)
48 * @return 0 on success, negative errno value on failure
50 int pkey_sec2protkey(__u16 cardnr
, __u16 domain
,
51 const struct pkey_seckey
*seckey
,
52 struct pkey_protkey
*protkey
);
55 * Derive (AES) protected key from a given clear key value.
56 * @param keytype one of the PKEY_KEYTYPE values
57 * @param clrkey pointer to buffer with clear key data
58 * @param protkey pointer to buffer receiving the protected key and
59 * additional info (type, length)
60 * @return 0 on success, negative errno value on failure
62 int pkey_clr2protkey(__u32 keytype
,
63 const struct pkey_clrkey
*clrkey
,
64 struct pkey_protkey
*protkey
);
67 * Search for a matching crypto card based on the Master Key
68 * Verification Pattern provided inside a secure key.
69 * @param seckey pointer to buffer with the input secure key
70 * @param cardnr pointer to cardnr, receives the card number on success
71 * @param domain pointer to domain, receives the domain number on success
72 * @param verify if set, always verify by fetching verification pattern
74 * @return 0 on success, negative errno value on failure. If no card could be
75 * found, -ENODEV is returned.
77 int pkey_findcard(const struct pkey_seckey
*seckey
,
78 __u16
*cardnr
, __u16
*domain
, int verify
);
81 * Find card and transform secure key to protected key.
82 * @param seckey pointer to buffer with the input secure key
83 * @param protkey pointer to buffer receiving the protected key and
84 * additional info (type, length)
85 * @return 0 on success, negative errno value on failure
87 int pkey_skey2pkey(const struct pkey_seckey
*seckey
,
88 struct pkey_protkey
*protkey
);
91 * Verify the given secure key for being able to be useable with
92 * the pkey module. Check for correct key type and check for having at
93 * least one crypto card being able to handle this key (master key
94 * or old master key verification pattern matches).
95 * Return some info about the key: keysize in bits, keytype (currently
96 * only AES), flag if key is wrapped with an old MKVP.
97 * @param seckey pointer to buffer with the input secure key
98 * @param pcardnr pointer to cardnr, receives the card number on success
99 * @param pdomain pointer to domain, receives the domain number on success
100 * @param pkeysize pointer to keysize, receives the bitsize of the key
101 * @param pattributes pointer to attributes, receives additional info
102 * PKEY_VERIFY_ATTR_AES if the key is an AES key
103 * PKEY_VERIFY_ATTR_OLD_MKVP if key has old mkvp stored in
104 * @return 0 on success, negative errno value on failure. If no card could
105 * be found which is able to handle this key, -ENODEV is returned.
107 int pkey_verifykey(const struct pkey_seckey
*seckey
,
108 u16
*pcardnr
, u16
*pdomain
,
109 u16
*pkeysize
, u32
*pattributes
);
111 #endif /* _KAPI_PKEY_H */