xref: /linux/arch/s390/include/uapi/asm/pkey.h (revision e5c86679d5e864947a52fb31e45a425dea3e7fa9) 
1 /*
2  * Userspace interface to the pkey device driver
3  *
4  * Copyright IBM Corp. 2017
5  *
6  * Author: Harald Freudenberger <freude@de.ibm.com>
7  *
8  */
9 
10 #ifndef _UAPI_PKEY_H
11 #define _UAPI_PKEY_H
12 
13 #include <linux/ioctl.h>
14 #include <linux/types.h>
15 
16 /*
17  * Ioctl calls supported by the pkey device driver
18  */
19 
20 #define PKEY_IOCTL_MAGIC 'p'
21 
22 #define SECKEYBLOBSIZE	64     /* secure key blob size is always 64 bytes */
23 #define MAXPROTKEYSIZE	64  /* a protected key blob may be up to 64 bytes */
24 #define MAXCLRKEYSIZE	32     /* a clear key value may be up to 32 bytes */
25 
26 /* defines for the type field within the pkey_protkey struct */
27 #define PKEY_KEYTYPE_AES_128  1
28 #define PKEY_KEYTYPE_AES_192  2
29 #define PKEY_KEYTYPE_AES_256  3
30 
31 /* Struct to hold a secure key blob */
32 struct pkey_seckey {
33 	__u8  seckey[SECKEYBLOBSIZE];		  /* the secure key blob */
34 };
35 
36 /* Struct to hold protected key and length info */
37 struct pkey_protkey {
38 	__u32 type;	     /* key type, one of the PKEY_KEYTYPE values */
39 	__u32 len;		/* bytes actually stored in protkey[]	 */
40 	__u8  protkey[MAXPROTKEYSIZE];	       /* the protected key blob */
41 };
42 
43 /* Struct to hold a clear key value */
44 struct pkey_clrkey {
45 	__u8  clrkey[MAXCLRKEYSIZE]; /* 16, 24, or 32 byte clear key value */
46 };
47 
48 /*
49  * Generate secure key
50  */
51 struct pkey_genseck {
52 	__u16 cardnr;		    /* in: card to use or FFFF for any	 */
53 	__u16 domain;		    /* in: domain or FFFF for any	 */
54 	__u32 keytype;		    /* in: key type to generate		 */
55 	struct pkey_seckey seckey;  /* out: the secure key blob		 */
56 };
57 #define PKEY_GENSECK _IOWR(PKEY_IOCTL_MAGIC, 0x01, struct pkey_genseck)
58 
59 /*
60  * Construct secure key from clear key value
61  */
62 struct pkey_clr2seck {
63 	__u16 cardnr;		    /* in: card to use or FFFF for any	 */
64 	__u16 domain;		    /* in: domain or FFFF for any	 */
65 	__u32 keytype;		    /* in: key type to generate		 */
66 	struct pkey_clrkey clrkey;  /* in: the clear key value		 */
67 	struct pkey_seckey seckey;  /* out: the secure key blob		 */
68 };
69 #define PKEY_CLR2SECK _IOWR(PKEY_IOCTL_MAGIC, 0x02, struct pkey_clr2seck)
70 
71 /*
72  * Fabricate protected key from a secure key
73  */
74 struct pkey_sec2protk {
75 	__u16 cardnr;		     /* in: card to use or FFFF for any   */
76 	__u16 domain;		     /* in: domain or FFFF for any	  */
77 	struct pkey_seckey seckey;   /* in: the secure key blob		  */
78 	struct pkey_protkey protkey; /* out: the protected key		  */
79 };
80 #define PKEY_SEC2PROTK _IOWR(PKEY_IOCTL_MAGIC, 0x03, struct pkey_sec2protk)
81 
82 /*
83  * Fabricate protected key from an clear key value
84  */
85 struct pkey_clr2protk {
86 	__u32 keytype;		     /* in: key type to generate	  */
87 	struct pkey_clrkey clrkey;   /* in: the clear key value		  */
88 	struct pkey_protkey protkey; /* out: the protected key		  */
89 };
90 #define PKEY_CLR2PROTK _IOWR(PKEY_IOCTL_MAGIC, 0x04, struct pkey_clr2protk)
91 
92 /*
93  * Search for matching crypto card based on the Master Key
94  * Verification Pattern provided inside a secure key.
95  */
96 struct pkey_findcard {
97 	struct pkey_seckey seckey;	       /* in: the secure key blob */
98 	__u16  cardnr;			       /* out: card number	  */
99 	__u16  domain;			       /* out: domain number	  */
100 };
101 #define PKEY_FINDCARD _IOWR(PKEY_IOCTL_MAGIC, 0x05, struct pkey_findcard)
102 
103 /*
104  * Combined together: findcard + sec2prot
105  */
106 struct pkey_skey2pkey {
107 	struct pkey_seckey seckey;   /* in: the secure key blob		  */
108 	struct pkey_protkey protkey; /* out: the protected key		  */
109 };
110 #define PKEY_SKEY2PKEY _IOWR(PKEY_IOCTL_MAGIC, 0x06, struct pkey_skey2pkey)
111 
112 #endif /* _UAPI_PKEY_H */
113