Lines Matching +full:key +full:- +full:2
1 /* SPDX-License-Identifier: GPL-2.0+ */
17 /* Key token types */
18 #define TOKTYPE_NON_CCA 0x00 /* Non-CCA key token */
19 #define TOKTYPE_CCA_INTERNAL 0x01 /* CCA internal sym key token */
20 #define TOKTYPE_CCA_INTERNAL_PKA 0x1f /* CCA internal asym key token */
23 #define TOKVER_PROTECTED_KEY 0x01 /* Protected key token */
24 #define TOKVER_CLEAR_KEY 0x02 /* Clear key token */
27 #define TOKVER_CCA_AES 0x04 /* CCA AES key token */
28 #define TOKVER_CCA_VLSC 0x05 /* var length sym cipher key token */
30 /* Max size of a cca variable length cipher key token */
33 /* header part of a CCA key token */
42 /* inside view of a CCA secure key token (only type 0x01 version 0x04) */
44 u8 type; /* 0x01 for internal key token */
48 u8 flag; /* key flags */
50 u64 mkvp; /* master key verification pattern */
51 u8 key[32]; /* key value (encrypted) */ member
53 u16 bitsize; /* key bit size */
54 u16 keysize; /* key byte size */
58 /* inside view of a variable length symmetric cipher AES key token */
60 u8 type; /* 0x01 for internal key token */
62 u16 len; /* total key token length in bytes */
65 u8 kms; /* key material state, 0x03 means wrapped with MK */
66 u8 kvpt; /* key verification pattern type, should be 0x01 */
67 u64 mkvp0; /* master key verification pattern, lo part */
68 u64 mkvp1; /* master key verification pattern, hi part (unused) */
69 u8 eskwm; /* encrypted section key wrapping method */
70 u8 hashalg; /* hash algorithmus used for wrapping key */
76 u8 kllen; /* optional key label length */
82 /* AES-128 512 640 */
83 /* AES-192 576 640 */
84 /* AES-256 640 640 */
88 u8 kufc; /* key usage field count */
89 u16 kuf1; /* key usage field 1 */
90 u16 kuf2; /* key usage field 2 */
91 u8 kmfc; /* key management field count */
92 u16 kmf1; /* key management field 1 */
93 u16 kmf2; /* key management field 2 */
94 u16 kmf3; /* key management field 3 */
98 /* inside view of an CCA secure ECC private key */
100 u8 type; /* 0x1f for internal asym key token */
102 u16 len; /* total key token length in bytes */
104 u8 secid; /* 0x20 for ECC priv key section marker */
108 u8 htype; /* hash method, 0x02 for SHA-256 */
109 u8 res2[2];
110 u8 kutc; /* key usage and translation control */
112 u8 kfs; /* key format and security */
113 u8 ksrc; /* key source */
116 u64 mkvp; /* master key verification pattern */
117 u8 opk[48]; /* encrypted object protection key data */
134 * Simple check if the token is a valid CCA secure AES data key
135 * token. If keybitsize is given, the bitsize of the key is
142 * Simple check if the token is a valid CCA secure AES cipher key
143 * token. If keybitsize is given, the bitsize of the key is
144 * also checked. If checkcpacfexport is enabled, the key is also
154 * key token. Returns 0 on success or errno value on failure.
161 * Generate (random) CCA AES DATA secure key.
166 * Generate CCA AES DATA secure key with given clear key value.
172 * Derive proteced key from an CCA AES DATA secure key.
179 * Generate (random) CCA AES CIPHER secure key.
185 * Derive proteced key from CCA AES cipher secure key.
191 * Build CCA AES CIPHER secure key with a given clear key value.
197 * Derive proteced key from CCA ECC secure private key.
199 int cca_ecc2protkey(u16 cardnr, u16 domain, const u8 *key,
211 * Search for a matching crypto card based on the Master Key
212 * Verification Pattern provided inside a secure key.
217 int cca_findcard(const u8 *key, u16 *pcardnr, u16 *pdomain, int verify);
221 * - apqn is online and is in fact a CCA apqn
222 * - if cardnr is not FFFF only apqns with this cardnr
223 * - if domain is not FFFF only apqns with this domainnr
224 * - if minhwtype > 0 only apqns with hwtype >= minhwtype
225 * - if cur_mkvp != 0 only apqns where cur_mkvp == mkvp
226 * - if old_mkvp != 0 only apqns where old_mkvp == mkvp
227 * - if verify is enabled and a cur_mkvp and/or old_mkvp
231 * 0 = AES_MK_SET - AES MK set, 1 = APKA MK_SET - APKA MK set
237 * -ENODEV is returned.
249 char new_aes_mk_state; /* '1' empty, '2' partially full, '3' full */
250 char cur_aes_mk_state; /* '1' invalid, '2' valid */
251 char old_aes_mk_state; /* '1' invalid, '2' valid */
252 char new_apka_mk_state; /* '1' empty, '2' partially full, '3' full */
253 char cur_apka_mk_state; /* '1' invalid, '2' valid */
254 char old_apka_mk_state; /* '1' invalid, '2' valid */
255 char new_asym_mk_state; /* '1' empty, '2' partially full, '3' full */
256 char cur_asym_mk_state; /* '1' invalid, '2' valid */
257 char old_asym_mk_state; /* '1' invalid, '2' valid */
258 u64 new_aes_mkvp; /* truncated sha256 of new aes master key */
259 u64 cur_aes_mkvp; /* truncated sha256 of current aes master key */
260 u64 old_aes_mkvp; /* truncated sha256 of old aes master key */
261 u64 new_apka_mkvp; /* truncated sha256 of new apka master key */
264 u8 new_asym_mkvp[16]; /* verify pattern of new asym master key */
265 u8 cur_asym_mkvp[16]; /* verify pattern of current asym master key */
266 u8 old_asym_mkvp[16]; /* verify pattern of old asym master key */