summaryrefslogtreecommitdiff
path: root/arch/s390/include/uapi
diff options
context:
space:
mode:
authorHarald Freudenberger <freude@linux.vnet.ibm.com>2017-03-15 11:08:27 +0100
committerMartin Schwidefsky <schwidefsky@de.ibm.com>2017-03-22 08:29:13 +0100
commite61a6134e7a547939a0b7056bcf6b12d75b6d355 (patch)
tree00b5cd6d04e1b379cbd9863d802ffff5f4681c05 /arch/s390/include/uapi
parent15d3387c3c7cfe8c8c790bfbe829364782b70d43 (diff)
downloadlwn-e61a6134e7a547939a0b7056bcf6b12d75b6d355.tar.gz
lwn-e61a6134e7a547939a0b7056bcf6b12d75b6d355.zip
s390/pkey: Introduce new API for secure key verification
User space needs some information about the secure key(s) before actually invoking the pkey and/or paes funcionality. This patch introduces a new ioctl API and in kernel API to verify the the secure key blob and give back some information about the key (type, bitsize, old MKVP). Both APIs are described in detail in the header files arch/s390/include/asm/pkey.h and arch/s390/include/uapi/asm/pkey.h. Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'arch/s390/include/uapi')
-rw-r--r--arch/s390/include/uapi/asm/pkey.h19
1 files changed, 19 insertions, 0 deletions
diff --git a/arch/s390/include/uapi/asm/pkey.h b/arch/s390/include/uapi/asm/pkey.h
index ed7f19c27ce5..e6c04faf8a6c 100644
--- a/arch/s390/include/uapi/asm/pkey.h
+++ b/arch/s390/include/uapi/asm/pkey.h
@@ -109,4 +109,23 @@ struct pkey_skey2pkey {
};
#define PKEY_SKEY2PKEY _IOWR(PKEY_IOCTL_MAGIC, 0x06, struct pkey_skey2pkey)
+/*
+ * Verify the given secure key for being able to be useable with
+ * the pkey module. Check for correct key type and check for having at
+ * least one crypto card being able to handle this key (master key
+ * or old master key verification pattern matches).
+ * Return some info about the key: keysize in bits, keytype (currently
+ * only AES), flag if key is wrapped with an old MKVP.
+ */
+struct pkey_verifykey {
+ struct pkey_seckey seckey; /* in: the secure key blob */
+ __u16 cardnr; /* out: card number */
+ __u16 domain; /* out: domain number */
+ __u16 keysize; /* out: key size in bits */
+ __u32 attributes; /* out: attribute bits */
+};
+#define PKEY_VERIFYKEY _IOWR(PKEY_IOCTL_MAGIC, 0x07, struct pkey_verifykey)
+#define PKEY_VERIFY_ATTR_AES 0x00000001 /* key is an AES key */
+#define PKEY_VERIFY_ATTR_OLD_MKVP 0x00000100 /* key has old MKVP value */
+
#endif /* _UAPI_PKEY_H */