Lines Matching defs:key
32 MODULE_DESCRIPTION("s390 protected key interface");
34 #define KEYBLOBBUFSIZE 8192 /* key buffer size used for internal processing */
35 #define PROTKEYBLOBBUFSIZE 256 /* protected key buffer size used internal */
62 /* inside view of a protected key token (only type 0x00 version 0x01) */
64 u8 type; /* 0x00 for PAES specific key tokens */
66 u8 version; /* should be 0x01 for protected AES key token */
68 u32 keytype; /* key type, one of the PKEY_KEYTYPE values */
70 u8 protkey[MAXPROTKEYSIZE]; /* the protected key blob */
73 /* inside view of a clear key token (type 0x00 version 0x02) */
75 u8 type; /* 0x00 for PAES specific key tokens */
77 u8 version; /* 0x02 for clear AES key token */
79 u32 keytype; /* key type, one of the PKEY_KEYTYPE values */
81 u8 clearkey[]; /* clear key value */
85 * Create a protected key from a clear key value.
136 /* copy created protected key */
145 * Find card and transform secure key into protected key.
147 static int pkey_skey2pkey(const u8 *key, struct pkey_protkey *pkey)
151 struct keytoken_header *hdr = (struct keytoken_header *)key;
155 * addressed where the master key was changed after last fetch
158 * key verification pattern match not ignored.
161 rc = cca_findcard(key, &cardnr, &domain, verify);
169 key, pkey->protkey,
174 key, pkey->protkey,
191 * Construct EP11 key with given clear key value.
206 /* go through the list of apqns and try to bild an ep11 key */
224 * Find card and transform EP11 secure key into protected key.
226 static int pkey_ep11key2pkey(const u8 *key, struct pkey_protkey *pkey)
231 struct ep11keyblob *kb = (struct ep11keyblob *) key;
233 /* build a list of apqns suitable for this key */
244 rc = ep11_kblob2protkey(card, dom, key, kb->head.len,
258 * Verify key and give back some info about the key.
268 /* check the secure key for valid AES secure key */
277 /* try to find a card which can handle this key */
283 /* key mkvp matches to old master key mkvp */
284 DEBUG_DBG("%s secure key has old mkvp\n", __func__);
301 * Generate a random protected key
325 /* generate a dummy random clear key */
328 /* convert it to a dummy protected key */
333 /* replace the key part of the protected key with random bytes */
340 * Verify if a protected key is still valid
347 u8 key[MAXPROTKEYSIZE];
372 memcpy(param.key, protkey->protkey, sizeof(param.key));
377 DEBUG_ERR("%s protected key is not valid\n", __func__);
385 * Transform a non-CCA key token into a protected key
387 static int pkey_nonccatok2pkey(const u8 *key, u32 keylen,
392 struct keytoken_header *hdr = (struct keytoken_header *)key;
400 t = (struct protaeskeytoken *)key;
419 t = (struct clearaeskeytoken *)key;
428 /* alloc temp key buffer space */
438 /* PCKMO failed, so try the CCA secure key way */
450 /* now we should really have an protected key */
451 DEBUG_ERR("%s unable to build protected key from clear",
456 /* check ep11 key for exportable as protected key */
457 rc = ep11_check_aes_key(debug_info, 3, key, keylen, 1);
460 rc = pkey_ep11key2pkey(key, protkey);
464 /* check ep11 key with header for exportable as protected key */
465 rc = ep11_check_aes_key_with_hdr(debug_info, 3, key, keylen, 1);
468 rc = pkey_ep11key2pkey(key + sizeof(struct ep11kblob_header),
483 * Transform a CCA internal key token into a protected key
485 static int pkey_ccainttok2pkey(const u8 *key, u32 keylen,
488 struct keytoken_header *hdr = (struct keytoken_header *)key;
505 return pkey_skey2pkey(key, protkey);
509 * Transform a key blob (of any type) into a protected key
511 int pkey_keyblob2pkey(const u8 *key, u32 keylen,
515 struct keytoken_header *hdr = (struct keytoken_header *)key;
524 rc = pkey_nonccatok2pkey(key, keylen, protkey);
527 rc = pkey_ccainttok2pkey(key, keylen, protkey);
551 /* check key type and size */
605 /* check key type and size */
649 static int pkey_verifykey2(const u8 *key, size_t keylen,
656 struct keytoken_header *hdr = (struct keytoken_header *)key;
663 struct secaeskeytoken *t = (struct secaeskeytoken *)key;
665 rc = cca_check_secaeskeytoken(debug_info, 3, key, 0);
693 struct cipherkeytoken *t = (struct cipherkeytoken *)key;
695 rc = cca_check_secaescipherkey(debug_info, 3, key, 0, 1);
730 struct ep11keyblob *kb = (struct ep11keyblob *)key;
732 rc = ep11_check_aes_key(debug_info, 3, key, keylen, 1);
760 const u8 *key, size_t keylen,
764 struct keytoken_header *hdr = (struct keytoken_header *)key;
777 if (cca_check_secaeskeytoken(debug_info, 3, key, 0))
782 if (cca_check_secaescipherkey(debug_info, 3, key, 0, 1))
793 if (ep11_check_aes_key(debug_info, 3, key, keylen, 1))
796 return pkey_nonccatok2pkey(key, keylen, pkey);
810 rc = cca_sec2protkey(card, dom, key, pkey->protkey,
814 rc = cca_cipher2protkey(card, dom, key, pkey->protkey,
816 else { /* EP11 AES secure key blob */
817 struct ep11keyblob *kb = (struct ep11keyblob *) key;
820 rc = ep11_kblob2protkey(card, dom, key, kb->head.len,
831 static int pkey_apqns4key(const u8 *key, size_t keylen, u32 flags,
836 struct keytoken_header *hdr = (struct keytoken_header *)key;
844 && is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {
847 (key + sizeof(struct ep11kblob_header));
861 && is_ep11_keyblob(key)) {
863 struct ep11keyblob *kb = (struct ep11keyblob *) key;
880 struct secaeskeytoken *t = (struct secaeskeytoken *)key;
887 struct cipherkeytoken *t = (struct cipherkeytoken *)key;
905 struct eccprivkeytoken *t = (struct eccprivkeytoken *)key;
1001 const u8 *key, size_t keylen, u32 *protkeytype,
1005 struct keytoken_header *hdr = (struct keytoken_header *)key;
1016 && is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {
1017 /* EP11 AES key blob with header */
1018 if (ep11_check_aes_key_with_hdr(debug_info, 3, key, keylen, 1))
1022 && is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {
1023 /* EP11 ECC key blob with header */
1024 if (ep11_check_ecc_key_with_hdr(debug_info, 3, key, keylen, 1))
1028 && is_ep11_keyblob(key)) {
1029 /* EP11 AES key blob with header in session field */
1030 if (ep11_check_aes_key(debug_info, 3, key, keylen, 1))
1034 /* CCA AES data key */
1037 if (cca_check_secaeskeytoken(debug_info, 3, key, 0))
1040 /* CCA AES cipher key */
1043 if (cca_check_secaescipherkey(debug_info, 3, key, 0, 1))
1051 /* CCA ECC (private) key */
1054 if (cca_check_sececckeytoken(debug_info, 3, key, keylen, 1))
1059 rc = pkey_nonccatok2pkey(key, keylen, &pkey);
1079 && is_ep11_keyblob(key + sizeof(struct ep11kblob_header)))
1080 rc = ep11_kblob2protkey(card, dom, key, hdr->len,
1084 && is_ep11_keyblob(key))
1085 rc = ep11_kblob2protkey(card, dom, key, hdr->len,
1089 rc = cca_sec2protkey(card, dom, key, protkey,
1093 rc = cca_cipher2protkey(card, dom, key, protkey,
1096 rc = cca_ecc2protkey(card, dom, key, protkey,
1269 kkey = _copy_key_from_user(ktp.key, ktp.keylen);
1308 if (kgs.key) {
1313 if (copy_to_user(kgs.key, kkey, klen)) {
1350 if (kcs.key) {
1355 if (copy_to_user(kcs.key, kkey, klen)) {
1374 kkey = _copy_key_from_user(kvk.key, kvk.keylen);
1399 kkey = _copy_key_from_user(ktp.key, ktp.keylen);
1433 kkey = _copy_key_from_user(kak.key, kak.keylen);
1519 kkey = _copy_key_from_user(ktp.key, ktp.keylen);
1570 * Sysfs attribute read function for all protected key binary attributes.
1572 * protected key blob is generated with each read. In case of partial reads
1573 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1690 * Sysfs attribute read function for all secure key ccadata binary attributes.
1692 * protected key blob is generated with each read. In case of partial reads
1693 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1796 * Sysfs attribute read function for all secure key ccacipher binary attributes.
1798 * secure key blob is generated with each read. In case of partial reads
1799 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1815 /* build a list of apqns able to generate an cipher key */
1916 * Sysfs attribute read function for all ep11 aes key binary attributes.
1918 * secure key blob is generated with each read. In case of partial reads
1919 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1920 * This function and the sysfs attributes using it provide EP11 key blobs
1938 /* build a list of apqns able to generate an cipher key */