Lines Matching full:key
23 #define SECKEYBLOBSIZE 64 /* secure key blob size is always 64 bytes */
24 #define PROTKEYBLOBSIZE 80 /* protected key blob size is always 80 bytes */
25 #define MAXPROTKEYSIZE 64 /* a protected key blob may be up to 64 bytes */
26 #define MAXCLRKEYSIZE 32 /* a clear key value may be up to 32 bytes */
28 #define MINEP11AESKEYBLOBSIZE 256 /* min EP11 AES key blob size */
29 #define MAXEP11AESKEYBLOBSIZE 336 /* max EP11 AES key blob size */
31 /* Minimum size of a key blob */
61 /* the newer ioctls use a pkey_key_size enum for key size information */
89 /* Struct to hold a CCA AES secure key blob */
91 __u8 seckey[SECKEYBLOBSIZE]; /* the secure key blob */
94 /* Struct to hold protected key and length info */
96 __u32 type; /* key type, one of the PKEY_KEYTYPE_AES values */
98 __u8 protkey[MAXPROTKEYSIZE]; /* the protected key blob */
101 /* Struct to hold an AES clear key value */
103 __u8 clrkey[MAXCLRKEYSIZE]; /* 16, 24, or 32 byte clear key value */
107 * EP11 key blobs of type PKEY_TYPE_EP11_AES and PKEY_TYPE_EP11_ECC
116 __u16 bitlen; /* clear key bit len, 0 for unknown */
121 * Generate CCA AES secure key.
126 __u32 keytype; /* in: key type to generate */
127 struct pkey_seckey seckey; /* out: the secure key blob */
133 * Construct CCA AES secure key from clear key value
138 __u32 keytype; /* in: key type to generate */
139 struct pkey_clrkey clrkey; /* in: the clear key value */
140 struct pkey_seckey seckey; /* out: the secure key blob */
146 * Fabricate AES protected key from a CCA AES secure key
151 struct pkey_seckey seckey; /* in: the secure key blob */
152 struct pkey_protkey protkey; /* out: the protected key */
158 * Fabricate AES protected key from clear key value
161 __u32 keytype; /* in: key type to generate */
162 struct pkey_clrkey clrkey; /* in: the clear key value */
163 struct pkey_protkey protkey; /* out: the protected key */
169 * Search for matching crypto card based on the Master Key
170 * Verification Pattern provided inside a CCA AES secure key.
173 struct pkey_seckey seckey; /* in: the secure key blob */
184 struct pkey_seckey seckey; /* in: the secure key blob */
185 struct pkey_protkey protkey; /* out: the protected key */
191 * Verify the given CCA AES secure key for being able to be usable with
192 * the pkey module. Check for correct key type and check for having at
193 * least one crypto card being able to handle this key (master key
194 * or old master key verification pattern matches).
195 * Return some info about the key: keysize in bits, keytype (currently
196 * only AES), flag if key is wrapped with an old MKVP.
199 struct pkey_seckey seckey; /* in: the secure key blob */
202 __u16 keysize; /* out: key size in bits */
207 #define PKEY_VERIFY_ATTR_AES 0x00000001 /* key is an AES key */
208 #define PKEY_VERIFY_ATTR_OLD_MKVP 0x00000100 /* key has old MKVP value */
211 * Generate AES random protected key.
214 __u32 keytype; /* in: key type to generate */
215 struct pkey_protkey protkey; /* out: the protected key */
221 * Verify an AES protected key.
224 struct pkey_protkey protkey; /* in: the protected key to verify */
230 * Transform an key blob (of any type) into a protected key
233 __u8 __user *key; /* in: the key blob */ member
234 __u32 keylen; /* in: the key blob length */
235 struct pkey_protkey protkey; /* out: the protected key */
241 * Generate secure key, version 2.
242 * Generate CCA AES secure key, CCA AES cipher key or EP11 AES secure key.
250 * generate a list of apqns based on the key type to generate.
252 * individual for the key type and has a key type specific meaning. When
254 * flags to widen the export possibilities. By default a cipher key is
256 * The keygenflag argument for generating an EP11 AES key should either be 0
263 enum pkey_key_type type; /* in: key type to generate */
264 enum pkey_key_size size; /* in: key size to generate */
265 __u32 keygenflags; /* in: key generation flags */
266 __u8 __user *key; /* in: pointer to key blob buffer */ member
267 __u32 keylen; /* in: available key blob buffer size */
268 /* out: actual key blob size */
274 * Generate secure key from clear key value, version 2.
275 * Construct an CCA AES secure key, CCA AES cipher key or EP11 AES secure
276 * key from a given clear key value.
284 * generate a list of apqns based on the key type to generate.
286 * individual for the key type and has a key type specific meaning. When
288 * flags to widen the export possibilities. By default a cipher key is
290 * The keygenflag argument for generating an EP11 AES key should either be 0
297 enum pkey_key_type type; /* in: key type to generate */
298 enum pkey_key_size size; /* in: key size to generate */
299 __u32 keygenflags; /* in: key generation flags */
300 struct pkey_clrkey clrkey; /* in: the clear key value */
301 __u8 __user *key; /* in: pointer to key blob buffer */ member
302 __u32 keylen; /* in: available key blob buffer size */
303 /* out: actual key blob size */
309 * Verify the given secure key, version 2.
310 * Check for correct key type. If cardnr and domain are given (are not
311 * 0xFFFF) also check if this apqn is able to handle this type of key.
313 * with one apqn able to handle this key.
314 * The function also checks for the master key verification patterns
315 * of the key matching to the current or alternate mkvp of the apqn.
317 * the key's mkvp against the current or old mkvp of the apqns. The flags
319 * match: If the current mkvp matches to the key's mkvp then the
321 * the key's mkvp the PKEY_FLAGS_MATCH_ALT_MKVP is set. For CCA keys the
322 * alternate mkvp is the old master key verification pattern.
325 * EP11 keys are also supported and the wkvp of the key is checked against
327 * key and so on a match the flag PKEY_FLAGS_MATCH_CUR_MKVP always is set.
330 * matches with the current or alternate mkvp to the key's mkvp. If the given
335 __u8 __user *key; /* in: pointer to key blob */ member
336 __u32 keylen; /* in: key blob size */
339 enum pkey_key_type type; /* out: the key type */
340 enum pkey_key_size size; /* out: the key size */
341 __u32 flags; /* out: additional key info flags */
347 * Transform a key blob into a protected key, version 2.
355 * generate a list of apqns based on the key.
360 __u8 __user *key; /* in: pointer to key blob */ member
361 __u32 keylen; /* in: key blob size */
364 struct pkey_protkey protkey; /* out: the protected key */
370 * Build a list of APQNs based on a key blob given.
371 * Is able to find out which type of secure key is given (CCA AES secure
372 * key, CCA AES cipher key, CCA ECC private key, EP11 AES key, EP11 ECC private
373 * key) and tries to find all matching crypto cards based on the MKVP and maybe
376 * APQNs is further filtered by the key's mkvp which needs to match to either
385 * the wkvp from the key to match against the apqn's wkvp.
396 __u8 __user *key; /* in: pointer to key blob */ member
397 __u32 keylen; /* in: key blob size */
407 * Build a list of APQNs based on a key type given.
408 * Build a list of APQNs based on a given key type and maybe further
409 * restrict the list by given master key verification patterns.
410 * For different key types there may be different ways to match the
411 * master key verification patterns. For CCA keys (CCA data key and CCA
412 * cipher key) the first 8 bytes of cur_mkvp refer to the current AES mkvp value
435 enum pkey_key_type type; /* in: key type */
447 * Transform a key blob into a protected key, version 3.
448 * The difference to version 2 of this ioctl is that the protected key
459 * generate a list of apqns based on the key.
462 __u8 __user *key; /* in: pointer to key blob */ member
463 __u32 keylen; /* in: key blob size */
466 __u32 pkeytype; /* out: prot key type (enum pkey_key_type) */