diff options
author | Ingo Franzki <ifranzki@linux.ibm.com> | 2018-08-23 17:49:38 +0200 |
---|---|---|
committer | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2018-10-10 07:37:18 +0200 |
commit | cb26b9ff7187ea79698f5e872d713f30affcc0a3 (patch) | |
tree | 8efa20448fa9ac8480880510a35d75795cc9186e /arch/s390/include/asm/pkey.h | |
parent | s390/pkey: Add sysfs attributes to emit secure key blobs (diff) | |
download | linux-cb26b9ff7187ea79698f5e872d713f30affcc0a3.tar.xz linux-cb26b9ff7187ea79698f5e872d713f30affcc0a3.zip |
s390/pkey: Introduce new API for random protected key verification
Introduce a new ioctl API and in-kernel API to verify if a
random protected key is still valid. A protected key is
invalid when its wrapping key verification pattern does not
match the verification pattern of the LPAR. Each time an LPAR
is activated, a new LPAR wrapping key is generated and the
wrapping key verification pattern is updated.
Both APIs are described in detail in the header files
arch/s390/include/asm/pkey.h and arch/s390/include/uapi/asm/pkey.h.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'arch/s390/include/asm/pkey.h')
-rw-r--r-- | arch/s390/include/asm/pkey.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/arch/s390/include/asm/pkey.h b/arch/s390/include/asm/pkey.h index c931818b9921..2833d6324979 100644 --- a/arch/s390/include/asm/pkey.h +++ b/arch/s390/include/asm/pkey.h @@ -117,4 +117,12 @@ int pkey_verifykey(const struct pkey_seckey *seckey, */ int pkey_genprotkey(__u32 keytype, struct pkey_protkey *protkey); +/* + * In-kernel API: Verify an (AES) protected key. + * @param protkey pointer to buffer containing the protected key to verify + * @return 0 on success, negative errno value on failure. In case the protected + * key is not valid -EKEYREJECTED is returned + */ +int pkey_verifyprotkey(const struct pkey_protkey *protkey); + #endif /* _KAPI_PKEY_H */ |