Lines Matching defs:key
33 MODULE_DESCRIPTION("s390 protected key interface");
35 #define KEYBLOBBUFSIZE 8192 /* key buffer size used for internal processing */
37 #define PROTKEYBLOBBUFSIZE 256 /* protected key buffer size used internal */
39 #define AES_WK_VP_SIZE 32 /* Size of WK VP block appended to a prot key */
65 /* inside view of a protected key token (only type 0x00 version 0x01) */
67 u8 type; /* 0x00 for PAES specific key tokens */
69 u8 version; /* should be 0x01 for protected AES key token */
71 u32 keytype; /* key type, one of the PKEY_KEYTYPE values */
73 u8 protkey[MAXPROTKEYSIZE]; /* the protected key blob */
76 /* inside view of a clear key token (type 0x00 version 0x02) */
78 u8 type; /* 0x00 for PAES specific key tokens */
80 u8 version; /* 0x02 for clear key token */
82 u32 keytype; /* key type, one of the PKEY_KEYTYPE_* values */
84 u8 clearkey[]; /* clear key value */
103 * Create a protected key from a clear key value via PCKMO instruction.
118 /* 16 byte key, 32 byte aes wkvp, total 48 bytes */
124 /* 24 byte key, 32 byte aes wkvp, total 56 bytes */
130 /* 32 byte key, 32 byte aes wkvp, total 64 bytes */
136 /* 32 byte key, 32 byte aes wkvp, total 64 bytes */
142 /* 48 byte key, 32 byte aes wkvp, total 80 bytes */
148 /* 80 byte key, 32 byte aes wkvp, total 112 bytes */
154 /* 32 byte key, 32 byte aes wkvp, total 64 bytes */
160 /* 64 byte key, 32 byte aes wkvp, total 96 bytes */
172 DEBUG_ERR("%s prot key buffer size too small: %u < %d\n",
196 /* copy created protected key to key buffer including the wkvp block */
205 * Find card and transform secure key into protected key.
207 static int pkey_skey2pkey(const u8 *key, u8 *protkey,
210 struct keytoken_header *hdr = (struct keytoken_header *)key;
218 * addressed where the master key was changed after last fetch
221 * key verification pattern match not ignored.
224 rc = cca_findcard(key, &cardnr, &domain, verify);
231 rc = cca_sec2protkey(cardnr, domain, key,
235 rc = cca_cipher2protkey(cardnr, domain, key,
253 * Construct EP11 key with given clear key value.
272 /* go through the list of apqns and try to bild an ep11 key */
291 * Find card and transform EP11 secure key into protected key.
293 static int pkey_ep11key2pkey(const u8 *key, size_t keylen,
302 /* build a list of apqns suitable for this key */
306 ep11_kb_wkvp(key, keylen));
314 rc = ep11_kblob2protkey(card, dom, key, keylen,
328 * Verify key and give back some info about the key.
338 /* check the secure key for valid AES secure key */
347 /* try to find a card which can handle this key */
353 /* key mkvp matches to old master key mkvp */
354 DEBUG_DBG("%s secure key has old mkvp\n", __func__);
371 * Generate a random protected key
387 /* generate a dummy random clear key */
390 /* convert it to a dummy protected key */
396 /* replace the key part of the protected key with random bytes */
403 * Verify if a protected key is still valid
410 u8 key[MAXPROTKEYSIZE];
436 DEBUG_ERR("%s invalid protected key size %u for keytype %u\n",
444 memcpy(param.key, protkey, protkeylen);
449 DEBUG_ERR("%s protected key is not valid\n", __func__);
456 /* Helper for pkey_nonccatok2pkey, handles aes clear key token */
472 DEBUG_ERR("%s non clear key aes token: invalid key len %u\n",
483 /* PCKMO failed, so try the CCA secure key way */
508 DEBUG_ERR("%s unable to build protected key from clear", __func__);
515 /* Helper for pkey_nonccatok2pkey, handles ecc clear key token */
545 DEBUG_ERR("%s non clear key ecc token: invalid key len %u\n",
554 DEBUG_ERR("%s unable to build protected key from clear",
562 * Transform a non-CCA key token into a protected key
564 static int pkey_nonccatok2pkey(const u8 *key, u32 keylen,
567 struct keytoken_header *hdr = (struct keytoken_header *)key;
576 t = (struct protaeskeytoken *)key;
586 struct clearkeytoken *t = (struct clearkeytoken *)key;
607 DEBUG_ERR("%s unknown/unsupported non cca clear key type %u\n",
614 /* check ep11 key for exportable as protected key */
615 rc = ep11_check_aes_key(debug_info, 3, key, keylen, 1);
618 rc = pkey_ep11key2pkey(key, keylen,
623 /* check ep11 key with header for exportable as protected key */
624 rc = ep11_check_aes_key_with_hdr(debug_info, 3, key, keylen, 1);
627 rc = pkey_ep11key2pkey(key, keylen,
640 * Transform a CCA internal key token into a protected key
642 static int pkey_ccainttok2pkey(const u8 *key, u32 keylen,
645 struct keytoken_header *hdr = (struct keytoken_header *)key;
662 return pkey_skey2pkey(key, protkey, protkeylen, protkeytype);
666 * Transform a key blob (of any type) into a protected key
668 int pkey_keyblob2pkey(const u8 *key, u32 keylen,
671 struct keytoken_header *hdr = (struct keytoken_header *)key;
681 rc = pkey_nonccatok2pkey(key, keylen,
685 rc = pkey_ccainttok2pkey(key, keylen,
709 /* check key type and size */
771 /* check key type and size */
826 static int pkey_verifykey2(const u8 *key, size_t keylen,
831 struct keytoken_header *hdr = (struct keytoken_header *)key;
840 struct secaeskeytoken *t = (struct secaeskeytoken *)key;
842 rc = cca_check_secaeskeytoken(debug_info, 3, key, 0);
870 struct cipherkeytoken *t = (struct cipherkeytoken *)key;
872 rc = cca_check_secaescipherkey(debug_info, 3, key, 0, 1);
907 struct ep11keyblob *kb = (struct ep11keyblob *)key;
910 rc = ep11_check_aes_key(debug_info, 3, key, keylen, 1);
921 ep11_kb_wkvp(key, keylen));
933 struct ep11kblob_header *kh = (struct ep11kblob_header *)key;
937 key, keylen, 1);
948 ep11_kb_wkvp(key, keylen));
967 const u8 *key, size_t keylen,
970 struct keytoken_header *hdr = (struct keytoken_header *)key;
984 if (cca_check_secaeskeytoken(debug_info, 3, key, 0))
989 if (cca_check_secaescipherkey(debug_info, 3, key, 0, 1))
998 if (ep11_check_aes_key(debug_info, 3, key, keylen, 1))
1002 key, keylen, 1))
1005 return pkey_nonccatok2pkey(key, keylen,
1023 rc = cca_sec2protkey(card, dom, key,
1027 rc = cca_cipher2protkey(card, dom, key,
1031 rc = ep11_kblob2protkey(card, dom, key, keylen,
1042 static int pkey_apqns4key(const u8 *key, size_t keylen, u32 flags,
1045 struct keytoken_header *hdr = (struct keytoken_header *)key;
1057 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {
1059 (key + sizeof(struct ep11kblob_header));
1074 is_ep11_keyblob(key)) {
1075 struct ep11keyblob *kb = (struct ep11keyblob *)key;
1093 struct secaeskeytoken *t = (struct secaeskeytoken *)key;
1100 struct cipherkeytoken *t = (struct cipherkeytoken *)key;
1117 struct eccprivkeytoken *t = (struct eccprivkeytoken *)key;
1220 const u8 *key, size_t keylen,
1223 struct keytoken_header *hdr = (struct keytoken_header *)key;
1235 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {
1236 /* EP11 AES key blob with header */
1237 if (ep11_check_aes_key_with_hdr(debug_info, 3, key, keylen, 1))
1241 is_ep11_keyblob(key + sizeof(struct ep11kblob_header))) {
1242 /* EP11 ECC key blob with header */
1243 if (ep11_check_ecc_key_with_hdr(debug_info, 3, key, keylen, 1))
1247 is_ep11_keyblob(key)) {
1248 /* EP11 AES key blob with header in session field */
1249 if (ep11_check_aes_key(debug_info, 3, key, keylen, 1))
1253 /* CCA AES data key */
1256 if (cca_check_secaeskeytoken(debug_info, 3, key, 0))
1259 /* CCA AES cipher key */
1262 if (cca_check_secaescipherkey(debug_info, 3, key, 0, 1))
1270 /* CCA ECC (private) key */
1273 if (cca_check_sececckeytoken(debug_info, 3, key, keylen, 1))
1276 return pkey_nonccatok2pkey(key, keylen,
1291 is_ep11_keyblob(key + sizeof(struct ep11kblob_header)))
1292 rc = ep11_kblob2protkey(card, dom, key, hdr->len,
1297 is_ep11_keyblob(key))
1298 rc = ep11_kblob2protkey(card, dom, key, hdr->len,
1303 rc = cca_sec2protkey(card, dom, key, protkey,
1307 rc = cca_cipher2protkey(card, dom, key, protkey,
1310 rc = cca_ecc2protkey(card, dom, key, protkey,
1491 kkey = _copy_key_from_user(ktp.key, ktp.keylen);
1532 if (kgs.key) {
1537 if (copy_to_user(kgs.key, kkey, klen)) {
1574 if (kcs.key) {
1579 if (copy_to_user(kcs.key, kkey, klen)) {
1598 kkey = _copy_key_from_user(kvk.key, kvk.keylen);
1623 kkey = _copy_key_from_user(ktp.key, ktp.keylen);
1660 kkey = _copy_key_from_user(kak.key, kak.keylen);
1746 kkey = _copy_key_from_user(ktp.key, ktp.keylen);
1797 * Sysfs attribute read function for all protected key binary attributes.
1799 * protected key blob is generated with each read. In case of partial reads
1800 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
1832 /* xts needs a second protected key, reuse protkey struct */
1922 * Sysfs attribute read function for all secure key ccadata binary attributes.
1924 * protected key blob is generated with each read. In case of partial reads
1925 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
2028 * Sysfs attribute read function for all secure key ccacipher binary attributes.
2030 * secure key blob is generated with each read. In case of partial reads
2031 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
2047 /* build a list of apqns able to generate an cipher key */
2148 * Sysfs attribute read function for all ep11 aes key binary attributes.
2150 * secure key blob is generated with each read. In case of partial reads
2151 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
2152 * This function and the sysfs attributes using it provide EP11 key blobs
2170 /* build a list of apqns able to generate an cipher key */