xref: /linux/arch/s390/include/uapi/asm/pkey.h (revision 2b64b2ed277ff23e785fbdb65098ee7e1252d64f)
1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
2 /*
3  * Userspace interface to the pkey device driver
4  *
5  * Copyright IBM Corp. 2017
6  *
7  * Author: Harald Freudenberger <freude@de.ibm.com>
8  *
9  */
10 
11 #ifndef _UAPI_PKEY_H
12 #define _UAPI_PKEY_H
13 
14 #include <linux/ioctl.h>
15 #include <linux/types.h>
16 
17 /*
18  * Ioctl calls supported by the pkey device driver
19  */
20 
21 #define PKEY_IOCTL_MAGIC 'p'
22 
23 #define SECKEYBLOBSIZE	64     /* secure key blob size is always 64 bytes */
24 #define PROTKEYBLOBSIZE 80  /* protected key blob size is always 80 bytes */
25 #define MAXPROTKEYSIZE	64  /* a protected key blob may be up to 64 bytes */
26 #define MAXCLRKEYSIZE	32     /* a clear key value may be up to 32 bytes */
27 
28 #define MINKEYBLOBSIZE	SECKEYBLOBSIZE	    /* Minimum size of a key blob */
29 #define MAXKEYBLOBSIZE	PROTKEYBLOBSIZE     /* Maximum size of a key blob */
30 
31 /* defines for the type field within the pkey_protkey struct */
32 #define PKEY_KEYTYPE_AES_128  1
33 #define PKEY_KEYTYPE_AES_192  2
34 #define PKEY_KEYTYPE_AES_256  3
35 
36 /* Struct to hold a secure key blob */
37 struct pkey_seckey {
38 	__u8  seckey[SECKEYBLOBSIZE];		  /* the secure key blob */
39 };
40 
41 /* Struct to hold protected key and length info */
42 struct pkey_protkey {
43 	__u32 type;	     /* key type, one of the PKEY_KEYTYPE values */
44 	__u32 len;		/* bytes actually stored in protkey[]	 */
45 	__u8  protkey[MAXPROTKEYSIZE];	       /* the protected key blob */
46 };
47 
48 /* Struct to hold a clear key value */
49 struct pkey_clrkey {
50 	__u8  clrkey[MAXCLRKEYSIZE]; /* 16, 24, or 32 byte clear key value */
51 };
52 
53 /*
54  * Generate secure key
55  */
56 struct pkey_genseck {
57 	__u16 cardnr;		    /* in: card to use or FFFF for any	 */
58 	__u16 domain;		    /* in: domain or FFFF for any	 */
59 	__u32 keytype;		    /* in: key type to generate		 */
60 	struct pkey_seckey seckey;  /* out: the secure key blob		 */
61 };
62 #define PKEY_GENSECK _IOWR(PKEY_IOCTL_MAGIC, 0x01, struct pkey_genseck)
63 
64 /*
65  * Construct secure key from clear key value
66  */
67 struct pkey_clr2seck {
68 	__u16 cardnr;		    /* in: card to use or FFFF for any	 */
69 	__u16 domain;		    /* in: domain or FFFF for any	 */
70 	__u32 keytype;		    /* in: key type to generate		 */
71 	struct pkey_clrkey clrkey;  /* in: the clear key value		 */
72 	struct pkey_seckey seckey;  /* out: the secure key blob		 */
73 };
74 #define PKEY_CLR2SECK _IOWR(PKEY_IOCTL_MAGIC, 0x02, struct pkey_clr2seck)
75 
76 /*
77  * Fabricate protected key from a secure key
78  */
79 struct pkey_sec2protk {
80 	__u16 cardnr;		     /* in: card to use or FFFF for any   */
81 	__u16 domain;		     /* in: domain or FFFF for any	  */
82 	struct pkey_seckey seckey;   /* in: the secure key blob		  */
83 	struct pkey_protkey protkey; /* out: the protected key		  */
84 };
85 #define PKEY_SEC2PROTK _IOWR(PKEY_IOCTL_MAGIC, 0x03, struct pkey_sec2protk)
86 
87 /*
88  * Fabricate protected key from an clear key value
89  */
90 struct pkey_clr2protk {
91 	__u32 keytype;		     /* in: key type to generate	  */
92 	struct pkey_clrkey clrkey;   /* in: the clear key value		  */
93 	struct pkey_protkey protkey; /* out: the protected key		  */
94 };
95 #define PKEY_CLR2PROTK _IOWR(PKEY_IOCTL_MAGIC, 0x04, struct pkey_clr2protk)
96 
97 /*
98  * Search for matching crypto card based on the Master Key
99  * Verification Pattern provided inside a secure key.
100  */
101 struct pkey_findcard {
102 	struct pkey_seckey seckey;	       /* in: the secure key blob */
103 	__u16  cardnr;			       /* out: card number	  */
104 	__u16  domain;			       /* out: domain number	  */
105 };
106 #define PKEY_FINDCARD _IOWR(PKEY_IOCTL_MAGIC, 0x05, struct pkey_findcard)
107 
108 /*
109  * Combined together: findcard + sec2prot
110  */
111 struct pkey_skey2pkey {
112 	struct pkey_seckey seckey;   /* in: the secure key blob		  */
113 	struct pkey_protkey protkey; /* out: the protected key		  */
114 };
115 #define PKEY_SKEY2PKEY _IOWR(PKEY_IOCTL_MAGIC, 0x06, struct pkey_skey2pkey)
116 
117 /*
118  * Verify the given secure key for being able to be useable with
119  * the pkey module. Check for correct key type and check for having at
120  * least one crypto card being able to handle this key (master key
121  * or old master key verification pattern matches).
122  * Return some info about the key: keysize in bits, keytype (currently
123  * only AES), flag if key is wrapped with an old MKVP.
124  */
125 struct pkey_verifykey {
126 	struct pkey_seckey seckey;	       /* in: the secure key blob */
127 	__u16  cardnr;			       /* out: card number	  */
128 	__u16  domain;			       /* out: domain number	  */
129 	__u16  keysize;			       /* out: key size in bits   */
130 	__u32  attributes;		       /* out: attribute bits	  */
131 };
132 #define PKEY_VERIFYKEY _IOWR(PKEY_IOCTL_MAGIC, 0x07, struct pkey_verifykey)
133 #define PKEY_VERIFY_ATTR_AES	   0x00000001  /* key is an AES key */
134 #define PKEY_VERIFY_ATTR_OLD_MKVP  0x00000100  /* key has old MKVP value */
135 
136 /*
137  * Generate (AES) random protected key.
138  */
139 struct pkey_genprotk {
140 	__u32 keytype;			       /* in: key type to generate */
141 	struct pkey_protkey protkey;	       /* out: the protected key   */
142 };
143 
144 #define PKEY_GENPROTK _IOWR(PKEY_IOCTL_MAGIC, 0x08, struct pkey_genprotk)
145 
146 /*
147  * Verify an (AES) protected key.
148  */
149 struct pkey_verifyprotk {
150 	struct pkey_protkey protkey;	/* in: the protected key to verify */
151 };
152 
153 #define PKEY_VERIFYPROTK _IOW(PKEY_IOCTL_MAGIC, 0x09, struct pkey_verifyprotk)
154 
155 /*
156  * Transform an key blob (of any type) into a protected key
157  */
158 struct pkey_kblob2pkey {
159 	__u8 __user *key;		/* in: the key blob	   */
160 	__u32 keylen;			/* in: the key blob length */
161 	struct pkey_protkey protkey;	/* out: the protected key  */
162 };
163 
164 #define PKEY_KBLOB2PROTK _IOWR(PKEY_IOCTL_MAGIC, 0x0A, struct pkey_kblob2pkey)
165 
166 #endif /* _UAPI_PKEY_H */
167