首頁 探索 說明
登入
Rydia
/
linux-phytium
關註 1
讚好 0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
目錄樹: 6793c0e942
分支列表 標籤列表
linux-phytium
/
arch
/
s390
/
include
/
uapi
/
asm
/
pkey.h

pkey.h 4.3 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133 
  1. /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
    2. 

  2. /*
    3. 

  3.  * Userspace interface to the pkey device driver
    4. 

  4.  *
    5. 

  5.  * Copyright IBM Corp. 2017
    6. 

  6.  *
    7. 

  7.  * Author: Harald Freudenberger <freude@de.ibm.com>
    8. 

  8.  *
    9. 

  9.  */
    10. 

  10. 

  11. #ifndef _UAPI_PKEY_H
    12. 

  12. #define _UAPI_PKEY_H
    13. 

  13. 

  14. #include <linux/ioctl.h>
    15. 

  15. #include <linux/types.h>
    16. 

  16. 

  17. /*
    18. 

  18.  * Ioctl calls supported by the pkey device driver
    19. 

  19.  */
    20. 

  20. 

  21. #define PKEY_IOCTL_MAGIC 'p'
    22. 

  22. 

  23. #define SECKEYBLOBSIZE	64     /* secure key blob size is always 64 bytes */
    24. 

  24. #define MAXPROTKEYSIZE	64  /* a protected key blob may be up to 64 bytes */
    25. 

  25. #define MAXCLRKEYSIZE	32     /* a clear key value may be up to 32 bytes */
    26. 

  26. 

  27. /* defines for the type field within the pkey_protkey struct */
    28. 

  28. #define PKEY_KEYTYPE_AES_128  1
    29. 

  29. #define PKEY_KEYTYPE_AES_192  2
    30. 

  30. #define PKEY_KEYTYPE_AES_256  3
    31. 

  31. 

  32. /* Struct to hold a secure key blob */
    33. 

  33. struct pkey_seckey {
    34. 

  34. 	__u8  seckey[SECKEYBLOBSIZE];		  /* the secure key blob */
    35. 

  35. };
    36. 

  36. 

  37. /* Struct to hold protected key and length info */
    38. 

  38. struct pkey_protkey {
    39. 

  39. 	__u32 type;	     /* key type, one of the PKEY_KEYTYPE values */
    40. 

  40. 	__u32 len;		/* bytes actually stored in protkey[]	 */
    41. 

  41. 	__u8  protkey[MAXPROTKEYSIZE];	       /* the protected key blob */
    42. 

  42. };
    43. 

  43. 

  44. /* Struct to hold a clear key value */
    45. 

  45. struct pkey_clrkey {
    46. 

  46. 	__u8  clrkey[MAXCLRKEYSIZE]; /* 16, 24, or 32 byte clear key value */
    47. 

  47. };
    48. 

  48. 

  49. /*
    50. 

  50.  * Generate secure key
    51. 

  51.  */
    52. 

  52. struct pkey_genseck {
    53. 

  53. 	__u16 cardnr;		    /* in: card to use or FFFF for any	 */
    54. 

  54. 	__u16 domain;		    /* in: domain or FFFF for any	 */
    55. 

  55. 	__u32 keytype;		    /* in: key type to generate		 */
    56. 

  56. 	struct pkey_seckey seckey;  /* out: the secure key blob		 */
    57. 

  57. };
    58. 

  58. #define PKEY_GENSECK _IOWR(PKEY_IOCTL_MAGIC, 0x01, struct pkey_genseck)
    59. 

  59. 

  60. /*
    61. 

  61.  * Construct secure key from clear key value
    62. 

  62.  */
    63. 

  63. struct pkey_clr2seck {
    64. 

  64. 	__u16 cardnr;		    /* in: card to use or FFFF for any	 */
    65. 

  65. 	__u16 domain;		    /* in: domain or FFFF for any	 */
    66. 

  66. 	__u32 keytype;		    /* in: key type to generate		 */
    67. 

  67. 	struct pkey_clrkey clrkey;  /* in: the clear key value		 */
    68. 

  68. 	struct pkey_seckey seckey;  /* out: the secure key blob		 */
    69. 

  69. };
    70. 

  70. #define PKEY_CLR2SECK _IOWR(PKEY_IOCTL_MAGIC, 0x02, struct pkey_clr2seck)
    71. 

  71. 

  72. /*
    73. 

  73.  * Fabricate protected key from a secure key
    74. 

  74.  */
    75. 

  75. struct pkey_sec2protk {
    76. 

  76. 	__u16 cardnr;		     /* in: card to use or FFFF for any   */
    77. 

  77. 	__u16 domain;		     /* in: domain or FFFF for any	  */
    78. 

  78. 	struct pkey_seckey seckey;   /* in: the secure key blob		  */
    79. 

  79. 	struct pkey_protkey protkey; /* out: the protected key		  */
    80. 

  80. };
    81. 

  81. #define PKEY_SEC2PROTK _IOWR(PKEY_IOCTL_MAGIC, 0x03, struct pkey_sec2protk)
    82. 

  82. 

  83. /*
    84. 

  84.  * Fabricate protected key from an clear key value
    85. 

  85.  */
    86. 

  86. struct pkey_clr2protk {
    87. 

  87. 	__u32 keytype;		     /* in: key type to generate	  */
    88. 

  88. 	struct pkey_clrkey clrkey;   /* in: the clear key value		  */
    89. 

  89. 	struct pkey_protkey protkey; /* out: the protected key		  */
    90. 

  90. };
    91. 

  91. #define PKEY_CLR2PROTK _IOWR(PKEY_IOCTL_MAGIC, 0x04, struct pkey_clr2protk)
    92. 

  92. 

  93. /*
    94. 

  94.  * Search for matching crypto card based on the Master Key
    95. 

  95.  * Verification Pattern provided inside a secure key.
    96. 

  96.  */
    97. 

  97. struct pkey_findcard {
    98. 

  98. 	struct pkey_seckey seckey;	       /* in: the secure key blob */
    99. 

  99. 	__u16  cardnr;			       /* out: card number	  */
    100. 

  100. 	__u16  domain;			       /* out: domain number	  */
    101. 

  101. };
    102. 

  102. #define PKEY_FINDCARD _IOWR(PKEY_IOCTL_MAGIC, 0x05, struct pkey_findcard)
    103. 

  103. 

  104. /*
    105. 

  105.  * Combined together: findcard + sec2prot
    106. 

  106.  */
    107. 

  107. struct pkey_skey2pkey {
    108. 

  108. 	struct pkey_seckey seckey;   /* in: the secure key blob		  */
    109. 

  109. 	struct pkey_protkey protkey; /* out: the protected key		  */
    110. 

  110. };
    111. 

  111. #define PKEY_SKEY2PKEY _IOWR(PKEY_IOCTL_MAGIC, 0x06, struct pkey_skey2pkey)
    112. 

  112. 

  113. /*
    114. 

  114.  * Verify the given secure key for being able to be useable with
    115. 

  115.  * the pkey module. Check for correct key type and check for having at
    116. 

  116.  * least one crypto card being able to handle this key (master key
    117. 

  117.  * or old master key verification pattern matches).
    118. 

  118.  * Return some info about the key: keysize in bits, keytype (currently
    119. 

  119.  * only AES), flag if key is wrapped with an old MKVP.
    120. 

  120.  */
    121. 

  121. struct pkey_verifykey {
    122. 

  122. 	struct pkey_seckey seckey;	       /* in: the secure key blob */
    123. 

  123. 	__u16  cardnr;			       /* out: card number	  */
    124. 

  124. 	__u16  domain;			       /* out: domain number	  */
    125. 

  125. 	__u16  keysize;			       /* out: key size in bits   */
    126. 

  126. 	__u32  attributes;		       /* out: attribute bits	  */
    127. 

  127. };
    128. 

  128. #define PKEY_VERIFYKEY _IOWR(PKEY_IOCTL_MAGIC, 0x07, struct pkey_verifykey)
    129. 

  129. #define PKEY_VERIFY_ATTR_AES	   0x00000001  /* key is an AES key */
    130. 

  130. #define PKEY_VERIFY_ATTR_OLD_MKVP  0x00000100  /* key has old MKVP value */
    131. 

  131. 

  132. #endif /* _UAPI_PKEY_H */
    133. 

  133.