mirror of
https://github.com/torvalds/linux.git
synced 2026-05-29 17:43:52 +02:00
2dfca61119
Introduce a new xflag PKEY_XFLAG_NOCLEARKEY which when given refuses the conversion of "clear key tokens" to protected key material. Some algorithms (PAES, PHMAC) have the need to construct "clear key tokens" to be used during selftest. But in general these algorithms should only support clear key material for testing purpose. So now the algorithm implementation can signal via xflag PKEY_XFLAG_NOCLEARKEY that a conversion of clear key material to protected key is not acceptable and thus the pkey layer (usually one of the handler modules) refuses clear key material with -EINVAL. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Reviewed-by: Holger Dengler <dengler@linux.ibm.com> Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
48 lines
1.5 KiB
C
48 lines
1.5 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Kernelspace interface to the pkey device driver
|
|
*
|
|
* Copyright IBM Corp. 2016, 2023
|
|
*
|
|
* Author: Harald Freudenberger <freude@de.ibm.com>
|
|
*
|
|
*/
|
|
|
|
#ifndef _KAPI_PKEY_H
|
|
#define _KAPI_PKEY_H
|
|
|
|
#include <linux/ioctl.h>
|
|
#include <linux/types.h>
|
|
#include <uapi/asm/pkey.h>
|
|
|
|
/*
|
|
* In-kernel API: Transform an key blob (of any type) into a protected key.
|
|
* @param key pointer to a buffer containing the key blob
|
|
* @param keylen size of the key blob in bytes
|
|
* @param protkey pointer to buffer receiving the protected key
|
|
* @param xflags additional execution flags (see PKEY_XFLAG_* definitions below)
|
|
* As of now the only supported flags are PKEY_XFLAG_NOMEMALLOC
|
|
* and PKEY_XFLAG_NOCLEARKEY.
|
|
* @return 0 on success, negative errno value on failure
|
|
*/
|
|
int pkey_key2protkey(const u8 *key, u32 keylen,
|
|
u8 *protkey, u32 *protkeylen, u32 *protkeytype,
|
|
u32 xflags);
|
|
|
|
/*
|
|
* If this flag is given in the xflags parameter, the pkey implementation
|
|
* is not allowed to allocate memory but instead should fall back to use
|
|
* preallocated memory or simple fail with -ENOMEM.
|
|
* This flag is for protected key derive within a cipher or similar
|
|
* which must not allocate memory which would cause io operations - see
|
|
* also the CRYPTO_ALG_ALLOCATES_MEMORY flag in crypto.h.
|
|
*/
|
|
#define PKEY_XFLAG_NOMEMALLOC 0x0001
|
|
|
|
/*
|
|
* Do not accept a clear key token as source for a protected key.
|
|
*/
|
|
#define PKEY_XFLAG_NOCLEARKEY 0x0002
|
|
|
|
#endif /* _KAPI_PKEY_H */
|