git.baikalelectronics.ru Git - kernel.git/commit

author	Harald Freudenberger <freude@linux.ibm.com>
	Fri, 6 Dec 2019 13:21:38 +0000 (14:21 +0100)
committer	Vasily Gorbik <gor@linux.ibm.com>
	Thu, 30 Jan 2020 12:07:56 +0000 (13:07 +0100)
commit	fad9f822247085b539843bc9bdd18053a68fe572
tree	83e6225c32d3aa06a8c3f55d9997fb7b487d397f	tree \| snapshot
parent	8b3cb59e977d9d3d41b38ddfa2b4d4ad440aa0f1	commit \| diff

s390/pkey/zcrypt: Support EP11 AES secure keys

Extend the low level ep11 misc functions implementation by
several functions to support EP11 key objects for paes and pkey:
- EP11 AES secure key generation
- EP11 AES secure key generation from given clear key value
- EP11 AES secure key blob check
- findcard function returns list of apqns based on given criterias
- EP11 AES secure key derive to CPACF protected key

Extend the pkey module to be able to generate and handle EP11
secure keys and also use them as base for deriving protected
keys for CPACF usage. These ioctls are extended to support
EP11 keys: PKEY_GENSECK2, PKEY_CLR2SECK2, PKEY_VERIFYKEY2,
PKEY_APQNS4K, PKEY_APQNS4KT, PKEY_KBLOB2PROTK2.

Additionally the 'clear key' token to protected key now uses
an EP11 card if the other ways (via PCKMO, via CCA) fail.

The PAES cipher implementation needed a new upper limit for
the max key size, but is now also working with EP11 keys.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>

arch/s390/crypto/paes_s390.c		diff \| blob \| history
arch/s390/include/uapi/asm/pkey.h		diff \| blob \| history
drivers/s390/crypto/pkey_api.c		diff \| blob \| history
drivers/s390/crypto/zcrypt_ep11misc.c		diff \| blob \| history
drivers/s390/crypto/zcrypt_ep11misc.h		diff \| blob \| history