Lines Matching +full:- +full:key

1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
23 #define SECKEYBLOBSIZE 64 /* secure key blob size is always 64 bytes */
24 #define PROTKEYBLOBSIZE 80 /* protected key blob size is always 80 bytes */
25 #define MAXPROTKEYSIZE 64 /* a protected key blob may be up to 64 bytes */
26 #define MAXCLRKEYSIZE 32 /* a clear key value may be up to 32 bytes */
28 #define MINEP11AESKEYBLOBSIZE 256 /* min EP11 AES key blob size */
29 #define MAXEP11AESKEYBLOBSIZE 336 /* max EP11 AES key blob size */
31 /* Minimum size of a key blob */
55 /* the newer ioctls use a pkey_key_size enum for key size information */
83 /* Struct to hold a CCA AES secure key blob */
85 __u8 seckey[SECKEYBLOBSIZE]; /* the secure key blob */
88 /* Struct to hold protected key and length info */
90 __u32 type; /* key type, one of the PKEY_KEYTYPE_AES values */
92 __u8 protkey[MAXPROTKEYSIZE]; /* the protected key blob */
95 /* Struct to hold an AES clear key value */
97 __u8 clrkey[MAXCLRKEYSIZE]; /* 16, 24, or 32 byte clear key value */
101 * EP11 key blobs of type PKEY_TYPE_EP11_AES and PKEY_TYPE_EP11_ECC
110 __u16 bitlen; /* clear key bit len, 0 for unknown */
115 * Generate CCA AES secure key.
120 __u32 keytype; /* in: key type to generate */
121 struct pkey_seckey seckey; /* out: the secure key blob */
126 * Construct CCA AES secure key from clear key value
131 __u32 keytype; /* in: key type to generate */
132 struct pkey_clrkey clrkey; /* in: the clear key value */
133 struct pkey_seckey seckey; /* out: the secure key blob */
138 * Fabricate AES protected key from a CCA AES secure key
143 struct pkey_seckey seckey; /* in: the secure key blob */
144 struct pkey_protkey protkey; /* out: the protected key */
149 * Fabricate AES protected key from clear key value
152 __u32 keytype; /* in: key type to generate */
153 struct pkey_clrkey clrkey; /* in: the clear key value */
154 struct pkey_protkey protkey; /* out: the protected key */
159 * Search for matching crypto card based on the Master Key
160 * Verification Pattern provided inside a CCA AES secure key.
163 struct pkey_seckey seckey; /* in: the secure key blob */
173 struct pkey_seckey seckey; /* in: the secure key blob */
174 struct pkey_protkey protkey; /* out: the protected key */
179 * Verify the given CCA AES secure key for being able to be usable with
180 * the pkey module. Check for correct key type and check for having at
181 * least one crypto card being able to handle this key (master key
182 * or old master key verification pattern matches).
183 * Return some info about the key: keysize in bits, keytype (currently
184 * only AES), flag if key is wrapped with an old MKVP.
187 struct pkey_seckey seckey; /* in: the secure key blob */
190 __u16 keysize; /* out: key size in bits */
194 #define PKEY_VERIFY_ATTR_AES 0x00000001 /* key is an AES key */
195 #define PKEY_VERIFY_ATTR_OLD_MKVP 0x00000100 /* key has old MKVP value */
198 * Generate AES random protected key.
201 __u32 keytype; /* in: key type to generate */
202 struct pkey_protkey protkey; /* out: the protected key */
208 * Verify an AES protected key.
211 struct pkey_protkey protkey; /* in: the protected key to verify */
217 * Transform an key blob (of any type) into a protected key
220 __u8 __user *key; /* in: the key blob */ member
221 __u32 keylen; /* in: the key blob length */
222 struct pkey_protkey protkey; /* out: the protected key */
227 * Generate secure key, version 2.
228 * Generate CCA AES secure key, CCA AES cipher key or EP11 AES secure key.
235 * (return -1 with errno ENODEV). You may use the PKEY_APQNS4KT ioctl to
236 * generate a list of apqns based on the key type to generate.
238 * individual for the key type and has a key type specific meaning. When
240 * flags to widen the export possibilities. By default a cipher key is
242 * The keygenflag argument for generating an EP11 AES key should either be 0
249 enum pkey_key_type type; /* in: key type to generate */
250 enum pkey_key_size size; /* in: key size to generate */
251 __u32 keygenflags; /* in: key generation flags */
252 __u8 __user *key; /* in: pointer to key blob buffer */ member
253 __u32 keylen; /* in: available key blob buffer size */
254 /* out: actual key blob size */
259 * Generate secure key from clear key value, version 2.
260 * Construct an CCA AES secure key, CCA AES cipher key or EP11 AES secure
261 * key from a given clear key value.
268 * (return -1 with errno ENODEV). You may use the PKEY_APQNS4KT ioctl to
269 * generate a list of apqns based on the key type to generate.
271 * individual for the key type and has a key type specific meaning. When
273 * flags to widen the export possibilities. By default a cipher key is
275 * The keygenflag argument for generating an EP11 AES key should either be 0
282 enum pkey_key_type type; /* in: key type to generate */
283 enum pkey_key_size size; /* in: key size to generate */
284 __u32 keygenflags; /* in: key generation flags */
285 struct pkey_clrkey clrkey; /* in: the clear key value */
286 __u8 __user *key; /* in: pointer to key blob buffer */ member
287 __u32 keylen; /* in: available key blob buffer size */
288 /* out: actual key blob size */
293 * Verify the given secure key, version 2.
294 * Check for correct key type. If cardnr and domain are given (are not
295 * 0xFFFF) also check if this apqn is able to handle this type of key.
297 * with one apqn able to handle this key.
298 * The function also checks for the master key verification patterns
299 * of the key matching to the current or alternate mkvp of the apqn.
301 * the key's mkvp against the current or old mkvp of the apqns. The flags
303 * match: If the current mkvp matches to the key's mkvp then the
305 * the key's mkvp the PKEY_FLAGS_MATCH_ALT_MKVP is set. For CCA keys the
306 * alternate mkvp is the old master key verification pattern.
309 * EP11 keys are also supported and the wkvp of the key is checked against
311 * key and so on a match the flag PKEY_FLAGS_MATCH_CUR_MKVP always is set.
314 * matches with the current or alternate mkvp to the key's mkvp. If the given
315 * apqn does not match or there is no such apqn found, -1 with errno
319 __u8 __user *key; /* in: pointer to key blob */ member
320 __u32 keylen; /* in: key blob size */
323 enum pkey_key_type type; /* out: the key type */
324 enum pkey_key_size size; /* out: the key size */
325 __u32 flags; /* out: additional key info flags */
330 * Transform a key blob into a protected key, version 2.
337 * (return -1 with errno ENODEV). You may use the PKEY_APQNS4K ioctl to
338 * generate a list of apqns based on the key.
343 __u8 __user *key; /* in: pointer to key blob */ member
344 __u32 keylen; /* in: key blob size */
347 struct pkey_protkey protkey; /* out: the protected key */
352 * Build a list of APQNs based on a key blob given.
353 * Is able to find out which type of secure key is given (CCA AES secure
354 * key, CCA AES cipher key, CCA ECC private key, EP11 AES key, EP11 ECC private
355 * key) and tries to find all matching crypto cards based on the MKVP and maybe
358 * APQNs is further filtered by the key's mkvp which needs to match to either
367 * the wkvp from the key to match against the apqn's wkvp.
378 __u8 __user *key; /* in: pointer to key blob */ member
379 __u32 keylen; /* in: key blob size */
388 * Build a list of APQNs based on a key type given.
389 * Build a list of APQNs based on a given key type and maybe further
390 * restrict the list by given master key verification patterns.
391 * For different key types there may be different ways to match the
392 * master key verification patterns. For CCA keys (CCA data key and CCA
393 * cipher key) the first 8 bytes of cur_mkvp refer to the current AES mkvp value
416 enum pkey_key_type type; /* in: key type */
427 * Transform a key blob into a protected key, version 3.
428 * The difference to version 2 of this ioctl is that the protected key
438 * (return -1 with errno ENODEV). You may use the PKEY_APQNS4K ioctl to
439 * generate a list of apqns based on the key.
442 __u8 __user *key; /* in: pointer to key blob */ member
443 __u32 keylen; /* in: key blob size */
446 __u32 pkeytype; /* out: prot key type (enum pkey_key_type) */