Lines Matching full:key
23 #define SECKEYBLOBSIZE 64 /* secure key blob size is always 64 bytes */
24 #define PROTKEYBLOBSIZE 80 /* protected key blob size is always 80 bytes */
25 #define MAXPROTKEYSIZE 64 /* a protected key blob may be up to 64 bytes */
26 #define MAXCLRKEYSIZE 32 /* a clear key value may be up to 32 bytes */
28 #define MINEP11AESKEYBLOBSIZE 256 /* min EP11 AES key blob size */
29 #define MAXEP11AESKEYBLOBSIZE 320 /* max EP11 AES key blob size */
31 /* Minimum size of a key blob */
50 /* the newer ioctls use a pkey_key_size enum for key size information */
78 /* Struct to hold a CCA AES secure key blob */
80 __u8 seckey[SECKEYBLOBSIZE]; /* the secure key blob */
83 /* Struct to hold protected key and length info */
85 __u32 type; /* key type, one of the PKEY_KEYTYPE_AES values */
87 __u8 protkey[MAXPROTKEYSIZE]; /* the protected key blob */
90 /* Struct to hold an AES clear key value */
92 __u8 clrkey[MAXCLRKEYSIZE]; /* 16, 24, or 32 byte clear key value */
96 * EP11 key blobs of type PKEY_TYPE_EP11_AES and PKEY_TYPE_EP11_ECC
105 __u16 bitlen; /* clear key bit len, 0 for unknown */
110 * Generate CCA AES secure key.
115 __u32 keytype; /* in: key type to generate */
116 struct pkey_seckey seckey; /* out: the secure key blob */
121 * Construct CCA AES secure key from clear key value
126 __u32 keytype; /* in: key type to generate */
127 struct pkey_clrkey clrkey; /* in: the clear key value */
128 struct pkey_seckey seckey; /* out: the secure key blob */
133 * Fabricate AES protected key from a CCA AES secure key
138 struct pkey_seckey seckey; /* in: the secure key blob */
139 struct pkey_protkey protkey; /* out: the protected key */
144 * Fabricate AES protected key from clear key value
147 __u32 keytype; /* in: key type to generate */
148 struct pkey_clrkey clrkey; /* in: the clear key value */
149 struct pkey_protkey protkey; /* out: the protected key */
154 * Search for matching crypto card based on the Master Key
155 * Verification Pattern provided inside a CCA AES secure key.
158 struct pkey_seckey seckey; /* in: the secure key blob */
168 struct pkey_seckey seckey; /* in: the secure key blob */
169 struct pkey_protkey protkey; /* out: the protected key */
174 * Verify the given CCA AES secure key for being able to be usable with
175 * the pkey module. Check for correct key type and check for having at
176 * least one crypto card being able to handle this key (master key
177 * or old master key verification pattern matches).
178 * Return some info about the key: keysize in bits, keytype (currently
179 * only AES), flag if key is wrapped with an old MKVP.
182 struct pkey_seckey seckey; /* in: the secure key blob */
185 __u16 keysize; /* out: key size in bits */
189 #define PKEY_VERIFY_ATTR_AES 0x00000001 /* key is an AES key */
190 #define PKEY_VERIFY_ATTR_OLD_MKVP 0x00000100 /* key has old MKVP value */
193 * Generate AES random protected key.
196 __u32 keytype; /* in: key type to generate */
197 struct pkey_protkey protkey; /* out: the protected key */
203 * Verify an AES protected key.
206 struct pkey_protkey protkey; /* in: the protected key to verify */
212 * Transform an key blob (of any type) into a protected key
215 __u8 __user *key; /* in: the key blob */ member
216 __u32 keylen; /* in: the key blob length */
217 struct pkey_protkey protkey; /* out: the protected key */
222 * Generate secure key, version 2.
223 * Generate CCA AES secure key, CCA AES cipher key or EP11 AES secure key.
231 * generate a list of apqns based on the key type to generate.
233 * individual for the key type and has a key type specific meaning. When
235 * flags to widen the export possibilities. By default a cipher key is
237 * The keygenflag argument for generating an EP11 AES key should either be 0
244 enum pkey_key_type type; /* in: key type to generate */
245 enum pkey_key_size size; /* in: key size to generate */
246 __u32 keygenflags; /* in: key generation flags */
247 __u8 __user *key; /* in: pointer to key blob buffer */ member
248 __u32 keylen; /* in: available key blob buffer size */
249 /* out: actual key blob size */
254 * Generate secure key from clear key value, version 2.
255 * Construct an CCA AES secure key, CCA AES cipher key or EP11 AES secure
256 * key from a given clear key value.
264 * generate a list of apqns based on the key type to generate.
266 * individual for the key type and has a key type specific meaning. When
268 * flags to widen the export possibilities. By default a cipher key is
270 * The keygenflag argument for generating an EP11 AES key should either be 0
277 enum pkey_key_type type; /* in: key type to generate */
278 enum pkey_key_size size; /* in: key size to generate */
279 __u32 keygenflags; /* in: key generation flags */
280 struct pkey_clrkey clrkey; /* in: the clear key value */
281 __u8 __user *key; /* in: pointer to key blob buffer */ member
282 __u32 keylen; /* in: available key blob buffer size */
283 /* out: actual key blob size */
288 * Verify the given secure key, version 2.
289 * Check for correct key type. If cardnr and domain are given (are not
290 * 0xFFFF) also check if this apqn is able to handle this type of key.
292 * with one apqn able to handle this key.
293 * The function also checks for the master key verification patterns
294 * of the key matching to the current or alternate mkvp of the apqn.
296 * the key's mkvp against the current or old mkvp of the apqns. The flags
298 * match: If the current mkvp matches to the key's mkvp then the
300 * the key's mkvp the PKEY_FLAGS_MATCH_ALT_MKVP is set. For CCA keys the
301 * alternate mkvp is the old master key verification pattern.
304 * EP11 keys are also supported and the wkvp of the key is checked against
306 * key and so on a match the flag PKEY_FLAGS_MATCH_CUR_MKVP always is set.
309 * matches with the current or alternate mkvp to the key's mkvp. If the given
314 __u8 __user *key; /* in: pointer to key blob */ member
315 __u32 keylen; /* in: key blob size */
318 enum pkey_key_type type; /* out: the key type */
319 enum pkey_key_size size; /* out: the key size */
320 __u32 flags; /* out: additional key info flags */
325 * Transform a key blob into a protected key, version 2.
333 * generate a list of apqns based on the key.
338 __u8 __user *key; /* in: pointer to key blob */ member
339 __u32 keylen; /* in: key blob size */
342 struct pkey_protkey protkey; /* out: the protected key */
347 * Build a list of APQNs based on a key blob given.
348 * Is able to find out which type of secure key is given (CCA AES secure
349 * key, CCA AES cipher key, CCA ECC private key, EP11 AES key, EP11 ECC private
350 * key) and tries to find all matching crypto cards based on the MKVP and maybe
353 * APQNs is further filtered by the key's mkvp which needs to match to either
362 * the wkvp from the key to match against the apqn's wkvp.
373 __u8 __user *key; /* in: pointer to key blob */ member
374 __u32 keylen; /* in: key blob size */
383 * Build a list of APQNs based on a key type given.
384 * Build a list of APQNs based on a given key type and maybe further
385 * restrict the list by given master key verification patterns.
386 * For different key types there may be different ways to match the
387 * master key verification patterns. For CCA keys (CCA data key and CCA
388 * cipher key) the first 8 bytes of cur_mkvp refer to the current AES mkvp value
411 enum pkey_key_type type; /* in: key type */
422 * Transform a key blob into a protected key, version 3.
423 * The difference to version 2 of this ioctl is that the protected key
434 * generate a list of apqns based on the key.
437 __u8 __user *key; /* in: pointer to key blob */ member
438 __u32 keylen; /* in: key blob size */
441 __u32 pkeytype; /* out: prot key type (enum pkey_key_type) */