Back to home page

OSCL-LXR
 
 

     

0001 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
0002 /*
0003  * Userspace interface to the pkey device driver
0004  *
0005  * Copyright IBM Corp. 2017, 2019
0006  *
0007  * Author: Harald Freudenberger <freude@de.ibm.com>
0008  *
0009  */
0010 
0011 #ifndef _UAPI_PKEY_H
0012 #define _UAPI_PKEY_H
0013 
0014 #include <linux/ioctl.h>
0015 #include <linux/types.h>
0016 
0017 /*
0018  * Ioctl calls supported by the pkey device driver
0019  */
0020 
0021 #define PKEY_IOCTL_MAGIC 'p'
0022 
0023 #define SECKEYBLOBSIZE  64     /* secure key blob size is always 64 bytes */
0024 #define PROTKEYBLOBSIZE 80  /* protected key blob size is always 80 bytes */
0025 #define MAXPROTKEYSIZE  64  /* a protected key blob may be up to 64 bytes */
0026 #define MAXCLRKEYSIZE   32     /* a clear key value may be up to 32 bytes */
0027 #define MAXAESCIPHERKEYSIZE 136  /* our aes cipher keys have always 136 bytes */
0028 #define MINEP11AESKEYBLOBSIZE 256  /* min EP11 AES key blob size  */
0029 #define MAXEP11AESKEYBLOBSIZE 320  /* max EP11 AES key blob size */
0030 
0031 /* Minimum size of a key blob */
0032 #define MINKEYBLOBSIZE  SECKEYBLOBSIZE
0033 
0034 /* defines for the type field within the pkey_protkey struct */
0035 #define PKEY_KEYTYPE_AES_128              1
0036 #define PKEY_KEYTYPE_AES_192              2
0037 #define PKEY_KEYTYPE_AES_256              3
0038 #define PKEY_KEYTYPE_ECC              4
0039 
0040 /* the newer ioctls use a pkey_key_type enum for type information */
0041 enum pkey_key_type {
0042     PKEY_TYPE_CCA_DATA   = (__u32) 1,
0043     PKEY_TYPE_CCA_CIPHER = (__u32) 2,
0044     PKEY_TYPE_EP11       = (__u32) 3,
0045     PKEY_TYPE_CCA_ECC    = (__u32) 0x1f,
0046     PKEY_TYPE_EP11_AES   = (__u32) 6,
0047     PKEY_TYPE_EP11_ECC   = (__u32) 7,
0048 };
0049 
0050 /* the newer ioctls use a pkey_key_size enum for key size information */
0051 enum pkey_key_size {
0052     PKEY_SIZE_AES_128 = (__u32) 128,
0053     PKEY_SIZE_AES_192 = (__u32) 192,
0054     PKEY_SIZE_AES_256 = (__u32) 256,
0055     PKEY_SIZE_UNKNOWN = (__u32) 0xFFFFFFFF,
0056 };
0057 
0058 /* some of the newer ioctls use these flags */
0059 #define PKEY_FLAGS_MATCH_CUR_MKVP  0x00000002
0060 #define PKEY_FLAGS_MATCH_ALT_MKVP  0x00000004
0061 
0062 /* keygenflags defines for CCA AES cipher keys */
0063 #define PKEY_KEYGEN_XPRT_SYM  0x00008000
0064 #define PKEY_KEYGEN_XPRT_UASY 0x00004000
0065 #define PKEY_KEYGEN_XPRT_AASY 0x00002000
0066 #define PKEY_KEYGEN_XPRT_RAW  0x00001000
0067 #define PKEY_KEYGEN_XPRT_CPAC 0x00000800
0068 #define PKEY_KEYGEN_XPRT_DES  0x00000080
0069 #define PKEY_KEYGEN_XPRT_AES  0x00000040
0070 #define PKEY_KEYGEN_XPRT_RSA  0x00000008
0071 
0072 /* Struct to hold apqn target info (card/domain pair) */
0073 struct pkey_apqn {
0074     __u16 card;
0075     __u16 domain;
0076 };
0077 
0078 /* Struct to hold a CCA AES secure key blob */
0079 struct pkey_seckey {
0080     __u8  seckey[SECKEYBLOBSIZE];         /* the secure key blob */
0081 };
0082 
0083 /* Struct to hold protected key and length info */
0084 struct pkey_protkey {
0085     __u32 type;  /* key type, one of the PKEY_KEYTYPE_AES values */
0086     __u32 len;      /* bytes actually stored in protkey[]    */
0087     __u8  protkey[MAXPROTKEYSIZE];         /* the protected key blob */
0088 };
0089 
0090 /* Struct to hold an AES clear key value */
0091 struct pkey_clrkey {
0092     __u8  clrkey[MAXCLRKEYSIZE]; /* 16, 24, or 32 byte clear key value */
0093 };
0094 
0095 /*
0096  * EP11 key blobs of type PKEY_TYPE_EP11_AES and PKEY_TYPE_EP11_ECC
0097  * are ep11 blobs prepended by this header:
0098  */
0099 struct ep11kblob_header {
0100     __u8  type; /* always 0x00 */
0101     __u8  hver; /* header version,  currently needs to be 0x00 */
0102     __u16 len;  /* total length in bytes (including this header) */
0103     __u8  version;  /* PKEY_TYPE_EP11_AES or PKEY_TYPE_EP11_ECC */
0104     __u8  res0; /* unused */
0105     __u16 bitlen;   /* clear key bit len, 0 for unknown */
0106     __u8  res1[8];  /* unused */
0107 } __packed;
0108 
0109 /*
0110  * Generate CCA AES secure key.
0111  */
0112 struct pkey_genseck {
0113     __u16 cardnr;           /* in: card to use or FFFF for any   */
0114     __u16 domain;           /* in: domain or FFFF for any    */
0115     __u32 keytype;          /* in: key type to generate      */
0116     struct pkey_seckey seckey;  /* out: the secure key blob      */
0117 };
0118 #define PKEY_GENSECK _IOWR(PKEY_IOCTL_MAGIC, 0x01, struct pkey_genseck)
0119 
0120 /*
0121  * Construct CCA AES secure key from clear key value
0122  */
0123 struct pkey_clr2seck {
0124     __u16 cardnr;           /* in: card to use or FFFF for any   */
0125     __u16 domain;           /* in: domain or FFFF for any    */
0126     __u32 keytype;          /* in: key type to generate      */
0127     struct pkey_clrkey clrkey;  /* in: the clear key value       */
0128     struct pkey_seckey seckey;  /* out: the secure key blob      */
0129 };
0130 #define PKEY_CLR2SECK _IOWR(PKEY_IOCTL_MAGIC, 0x02, struct pkey_clr2seck)
0131 
0132 /*
0133  * Fabricate AES protected key from a CCA AES secure key
0134  */
0135 struct pkey_sec2protk {
0136     __u16 cardnr;            /* in: card to use or FFFF for any   */
0137     __u16 domain;            /* in: domain or FFFF for any    */
0138     struct pkey_seckey seckey;   /* in: the secure key blob       */
0139     struct pkey_protkey protkey; /* out: the protected key        */
0140 };
0141 #define PKEY_SEC2PROTK _IOWR(PKEY_IOCTL_MAGIC, 0x03, struct pkey_sec2protk)
0142 
0143 /*
0144  * Fabricate AES protected key from clear key value
0145  */
0146 struct pkey_clr2protk {
0147     __u32 keytype;           /* in: key type to generate      */
0148     struct pkey_clrkey clrkey;   /* in: the clear key value       */
0149     struct pkey_protkey protkey; /* out: the protected key        */
0150 };
0151 #define PKEY_CLR2PROTK _IOWR(PKEY_IOCTL_MAGIC, 0x04, struct pkey_clr2protk)
0152 
0153 /*
0154  * Search for matching crypto card based on the Master Key
0155  * Verification Pattern provided inside a CCA AES secure key.
0156  */
0157 struct pkey_findcard {
0158     struct pkey_seckey seckey;         /* in: the secure key blob */
0159     __u16  cardnr;                 /* out: card number    */
0160     __u16  domain;                 /* out: domain number      */
0161 };
0162 #define PKEY_FINDCARD _IOWR(PKEY_IOCTL_MAGIC, 0x05, struct pkey_findcard)
0163 
0164 /*
0165  * Combined together: findcard + sec2prot
0166  */
0167 struct pkey_skey2pkey {
0168     struct pkey_seckey seckey;   /* in: the secure key blob       */
0169     struct pkey_protkey protkey; /* out: the protected key        */
0170 };
0171 #define PKEY_SKEY2PKEY _IOWR(PKEY_IOCTL_MAGIC, 0x06, struct pkey_skey2pkey)
0172 
0173 /*
0174  * Verify the given CCA AES secure key for being able to be usable with
0175  * the pkey module. Check for correct key type and check for having at
0176  * least one crypto card being able to handle this key (master key
0177  * or old master key verification pattern matches).
0178  * Return some info about the key: keysize in bits, keytype (currently
0179  * only AES), flag if key is wrapped with an old MKVP.
0180  */
0181 struct pkey_verifykey {
0182     struct pkey_seckey seckey;         /* in: the secure key blob */
0183     __u16  cardnr;                 /* out: card number    */
0184     __u16  domain;                 /* out: domain number      */
0185     __u16  keysize;                /* out: key size in bits   */
0186     __u32  attributes;             /* out: attribute bits     */
0187 };
0188 #define PKEY_VERIFYKEY _IOWR(PKEY_IOCTL_MAGIC, 0x07, struct pkey_verifykey)
0189 #define PKEY_VERIFY_ATTR_AES       0x00000001  /* key is an AES key */
0190 #define PKEY_VERIFY_ATTR_OLD_MKVP  0x00000100  /* key has old MKVP value */
0191 
0192 /*
0193  * Generate AES random protected key.
0194  */
0195 struct pkey_genprotk {
0196     __u32 keytype;                 /* in: key type to generate */
0197     struct pkey_protkey protkey;           /* out: the protected key   */
0198 };
0199 
0200 #define PKEY_GENPROTK _IOWR(PKEY_IOCTL_MAGIC, 0x08, struct pkey_genprotk)
0201 
0202 /*
0203  * Verify an AES protected key.
0204  */
0205 struct pkey_verifyprotk {
0206     struct pkey_protkey protkey;    /* in: the protected key to verify */
0207 };
0208 
0209 #define PKEY_VERIFYPROTK _IOW(PKEY_IOCTL_MAGIC, 0x09, struct pkey_verifyprotk)
0210 
0211 /*
0212  * Transform an key blob (of any type) into a protected key
0213  */
0214 struct pkey_kblob2pkey {
0215     __u8 __user *key;       /* in: the key blob    */
0216     __u32 keylen;           /* in: the key blob length */
0217     struct pkey_protkey protkey;    /* out: the protected key  */
0218 };
0219 #define PKEY_KBLOB2PROTK _IOWR(PKEY_IOCTL_MAGIC, 0x0A, struct pkey_kblob2pkey)
0220 
0221 /*
0222  * Generate secure key, version 2.
0223  * Generate CCA AES secure key, CCA AES cipher key or EP11 AES secure key.
0224  * There needs to be a list of apqns given with at least one entry in there.
0225  * All apqns in the list need to be exact apqns, 0xFFFF as ANY card or domain
0226  * is not supported. The implementation walks through the list of apqns and
0227  * tries to send the request to each apqn without any further checking (like
0228  * card type or online state). If the apqn fails, simple the next one in the
0229  * list is tried until success (return 0) or the end of the list is reached
0230  * (return -1 with errno ENODEV). You may use the PKEY_APQNS4KT ioctl to
0231  * generate a list of apqns based on the key type to generate.
0232  * The keygenflags argument is passed to the low level generation functions
0233  * individual for the key type and has a key type specific meaning. When
0234  * generating CCA cipher keys you can use one or more of the PKEY_KEYGEN_*
0235  * flags to widen the export possibilities. By default a cipher key is
0236  * only exportable for CPACF (PKEY_KEYGEN_XPRT_CPAC).
0237  * The keygenflag argument for generating an EP11 AES key should either be 0
0238  * to use the defaults which are XCP_BLOB_ENCRYPT, XCP_BLOB_DECRYPT and
0239  * XCP_BLOB_PROTKEY_EXTRACTABLE or a valid combination of XCP_BLOB_* flags.
0240  */
0241 struct pkey_genseck2 {
0242     struct pkey_apqn __user *apqns; /* in: ptr to list of apqn targets*/
0243     __u32 apqn_entries;     /* in: # of apqn target list entries  */
0244     enum pkey_key_type type;    /* in: key type to generate       */
0245     enum pkey_key_size size;    /* in: key size to generate       */
0246     __u32 keygenflags;      /* in: key generation flags       */
0247     __u8 __user *key;       /* in: pointer to key blob buffer     */
0248     __u32 keylen;           /* in: available key blob buffer size */
0249                     /* out: actual key blob size      */
0250 };
0251 #define PKEY_GENSECK2 _IOWR(PKEY_IOCTL_MAGIC, 0x11, struct pkey_genseck2)
0252 
0253 /*
0254  * Generate secure key from clear key value, version 2.
0255  * Construct an CCA AES secure key, CCA AES cipher key or EP11 AES secure
0256  * key from a given clear key value.
0257  * There needs to be a list of apqns given with at least one entry in there.
0258  * All apqns in the list need to be exact apqns, 0xFFFF as ANY card or domain
0259  * is not supported. The implementation walks through the list of apqns and
0260  * tries to send the request to each apqn without any further checking (like
0261  * card type or online state). If the apqn fails, simple the next one in the
0262  * list is tried until success (return 0) or the end of the list is reached
0263  * (return -1 with errno ENODEV). You may use the PKEY_APQNS4KT ioctl to
0264  * generate a list of apqns based on the key type to generate.
0265  * The keygenflags argument is passed to the low level generation functions
0266  * individual for the key type and has a key type specific meaning. When
0267  * generating CCA cipher keys you can use one or more of the PKEY_KEYGEN_*
0268  * flags to widen the export possibilities. By default a cipher key is
0269  * only exportable for CPACF (PKEY_KEYGEN_XPRT_CPAC).
0270  * The keygenflag argument for generating an EP11 AES key should either be 0
0271  * to use the defaults which are XCP_BLOB_ENCRYPT, XCP_BLOB_DECRYPT and
0272  * XCP_BLOB_PROTKEY_EXTRACTABLE or a valid combination of XCP_BLOB_* flags.
0273  */
0274 struct pkey_clr2seck2 {
0275     struct pkey_apqn __user *apqns; /* in: ptr to list of apqn targets */
0276     __u32 apqn_entries;     /* in: # of apqn target list entries   */
0277     enum pkey_key_type type;    /* in: key type to generate        */
0278     enum pkey_key_size size;    /* in: key size to generate        */
0279     __u32 keygenflags;      /* in: key generation flags        */
0280     struct pkey_clrkey clrkey;  /* in: the clear key value         */
0281     __u8 __user *key;       /* in: pointer to key blob buffer      */
0282     __u32 keylen;           /* in: available key blob buffer size  */
0283                     /* out: actual key blob size       */
0284 };
0285 #define PKEY_CLR2SECK2 _IOWR(PKEY_IOCTL_MAGIC, 0x12, struct pkey_clr2seck2)
0286 
0287 /*
0288  * Verify the given secure key, version 2.
0289  * Check for correct key type. If cardnr and domain are given (are not
0290  * 0xFFFF) also check if this apqn is able to handle this type of key.
0291  * If cardnr and/or domain is 0xFFFF, on return these values are filled
0292  * with one apqn able to handle this key.
0293  * The function also checks for the master key verification patterns
0294  * of the key matching to the current or alternate mkvp of the apqn.
0295  * For CCA AES secure keys and CCA AES cipher keys this means to check
0296  * the key's mkvp against the current or old mkvp of the apqns. The flags
0297  * field is updated with some additional info about the apqn mkvp
0298  * match: If the current mkvp matches to the key's mkvp then the
0299  * PKEY_FLAGS_MATCH_CUR_MKVP bit is set, if the alternate mkvp matches to
0300  * the key's mkvp the PKEY_FLAGS_MATCH_ALT_MKVP is set. For CCA keys the
0301  * alternate mkvp is the old master key verification pattern.
0302  * CCA AES secure keys are also checked to have the CPACF export allowed
0303  * bit enabled (XPRTCPAC) in the kmf1 field.
0304  * EP11 keys are also supported and the wkvp of the key is checked against
0305  * the current wkvp of the apqns. There is no alternate for this type of
0306  * key and so on a match the flag PKEY_FLAGS_MATCH_CUR_MKVP always is set.
0307  * EP11 keys are also checked to have XCP_BLOB_PROTKEY_EXTRACTABLE set.
0308  * The ioctl returns 0 as long as the given or found apqn matches to
0309  * matches with the current or alternate mkvp to the key's mkvp. If the given
0310  * apqn does not match or there is no such apqn found, -1 with errno
0311  * ENODEV is returned.
0312  */
0313 struct pkey_verifykey2 {
0314     __u8 __user *key;       /* in: pointer to key blob       */
0315     __u32 keylen;           /* in: key blob size         */
0316     __u16 cardnr;           /* in/out: card number       */
0317     __u16 domain;           /* in/out: domain number         */
0318     enum pkey_key_type type;    /* out: the key type         */
0319     enum pkey_key_size size;    /* out: the key size         */
0320     __u32 flags;            /* out: additional key info flags    */
0321 };
0322 #define PKEY_VERIFYKEY2 _IOWR(PKEY_IOCTL_MAGIC, 0x17, struct pkey_verifykey2)
0323 
0324 /*
0325  * Transform a key blob into a protected key, version 2.
0326  * There needs to be a list of apqns given with at least one entry in there.
0327  * All apqns in the list need to be exact apqns, 0xFFFF as ANY card or domain
0328  * is not supported. The implementation walks through the list of apqns and
0329  * tries to send the request to each apqn without any further checking (like
0330  * card type or online state). If the apqn fails, simple the next one in the
0331  * list is tried until success (return 0) or the end of the list is reached
0332  * (return -1 with errno ENODEV). You may use the PKEY_APQNS4K ioctl to
0333  * generate a list of apqns based on the key.
0334  * Deriving ECC protected keys from ECC secure keys is not supported with
0335  * this ioctl, use PKEY_KBLOB2PROTK3 for this purpose.
0336  */
0337 struct pkey_kblob2pkey2 {
0338     __u8 __user *key;        /* in: pointer to key blob        */
0339     __u32 keylen;            /* in: key blob size          */
0340     struct pkey_apqn __user *apqns; /* in: ptr to list of apqn targets */
0341     __u32 apqn_entries;      /* in: # of apqn target list entries  */
0342     struct pkey_protkey protkey; /* out: the protected key         */
0343 };
0344 #define PKEY_KBLOB2PROTK2 _IOWR(PKEY_IOCTL_MAGIC, 0x1A, struct pkey_kblob2pkey2)
0345 
0346 /*
0347  * Build a list of APQNs based on a key blob given.
0348  * Is able to find out which type of secure key is given (CCA AES secure
0349  * key, CCA AES cipher key, CCA ECC private key, EP11 AES key, EP11 ECC private
0350  * key) and tries to find all matching crypto cards based on the MKVP and maybe
0351  * other criterias (like CCA AES cipher keys need a CEX5C or higher, EP11 keys
0352  * with BLOB_PKEY_EXTRACTABLE need a CEX7 and EP11 api version 4). The list of
0353  * APQNs is further filtered by the key's mkvp which needs to match to either
0354  * the current mkvp (CCA and EP11) or the alternate mkvp (old mkvp, CCA adapters
0355  * only) of the apqns. The flags argument may be used to limit the matching
0356  * apqns. If the PKEY_FLAGS_MATCH_CUR_MKVP is given, only the current mkvp of
0357  * each apqn is compared. Likewise with the PKEY_FLAGS_MATCH_ALT_MKVP. If both
0358  * are given, it is assumed to return apqns where either the current or the
0359  * alternate mkvp matches. At least one of the matching flags needs to be given.
0360  * The flags argument for EP11 keys has no further action and is currently
0361  * ignored (but needs to be given as PKEY_FLAGS_MATCH_CUR_MKVP) as there is only
0362  * the wkvp from the key to match against the apqn's wkvp.
0363  * The list of matching apqns is stored into the space given by the apqns
0364  * argument and the number of stored entries goes into apqn_entries. If the list
0365  * is empty (apqn_entries is 0) the apqn_entries field is updated to the number
0366  * of apqn targets found and the ioctl returns with 0. If apqn_entries is > 0
0367  * but the number of apqn targets does not fit into the list, the apqn_targets
0368  * field is updatedd with the number of reqired entries but there are no apqn
0369  * values stored in the list and the ioctl returns with ENOSPC. If no matching
0370  * APQN is found, the ioctl returns with 0 but the apqn_entries value is 0.
0371  */
0372 struct pkey_apqns4key {
0373     __u8 __user *key;      /* in: pointer to key blob             */
0374     __u32 keylen;          /* in: key blob size               */
0375     __u32 flags;           /* in: match controlling flags         */
0376     struct pkey_apqn __user *apqns; /* in/out: ptr to list of apqn targets*/
0377     __u32 apqn_entries;    /* in: max # of apqn entries in the list   */
0378                    /* out: # apqns stored into the list       */
0379 };
0380 #define PKEY_APQNS4K _IOWR(PKEY_IOCTL_MAGIC, 0x1B, struct pkey_apqns4key)
0381 
0382 /*
0383  * Build a list of APQNs based on a key type given.
0384  * Build a list of APQNs based on a given key type and maybe further
0385  * restrict the list by given master key verification patterns.
0386  * For different key types there may be different ways to match the
0387  * master key verification patterns. For CCA keys (CCA data key and CCA
0388  * cipher key) the first 8 bytes of cur_mkvp refer to the current AES mkvp value
0389  * of the apqn and the first 8 bytes of the alt_mkvp refer to the old AES mkvp.
0390  * For CCA ECC keys it is similar but the match is against the APKA current/old
0391  * mkvp. The flags argument controls if the apqns current and/or alternate mkvp
0392  * should match. If the PKEY_FLAGS_MATCH_CUR_MKVP is given, only the current
0393  * mkvp of each apqn is compared. Likewise with the PKEY_FLAGS_MATCH_ALT_MKVP.
0394  * If both are given, it is assumed to return apqns where either the
0395  * current or the alternate mkvp matches. If no match flag is given
0396  * (flags is 0) the mkvp values are ignored for the match process.
0397  * For EP11 keys there is only the current wkvp. So if the apqns should also
0398  * match to a given wkvp, then the PKEY_FLAGS_MATCH_CUR_MKVP flag should be
0399  * set. The wkvp value is 32 bytes but only the leftmost 16 bytes are compared
0400  * against the leftmost 16 byte of the wkvp of the apqn.
0401  * The list of matching apqns is stored into the space given by the apqns
0402  * argument and the number of stored entries goes into apqn_entries. If the list
0403  * is empty (apqn_entries is 0) the apqn_entries field is updated to the number
0404  * of apqn targets found and the ioctl returns with 0. If apqn_entries is > 0
0405  * but the number of apqn targets does not fit into the list, the apqn_targets
0406  * field is updatedd with the number of reqired entries but there are no apqn
0407  * values stored in the list and the ioctl returns with ENOSPC. If no matching
0408  * APQN is found, the ioctl returns with 0 but the apqn_entries value is 0.
0409  */
0410 struct pkey_apqns4keytype {
0411     enum pkey_key_type type;   /* in: key type                */
0412     __u8  cur_mkvp[32];    /* in: current mkvp                */
0413     __u8  alt_mkvp[32];    /* in: alternate mkvp              */
0414     __u32 flags;           /* in: match controlling flags         */
0415     struct pkey_apqn __user *apqns; /* in/out: ptr to list of apqn targets*/
0416     __u32 apqn_entries;    /* in: max # of apqn entries in the list   */
0417                    /* out: # apqns stored into the list       */
0418 };
0419 #define PKEY_APQNS4KT _IOWR(PKEY_IOCTL_MAGIC, 0x1C, struct pkey_apqns4keytype)
0420 
0421 /*
0422  * Transform a key blob into a protected key, version 3.
0423  * The difference to version 2 of this ioctl is that the protected key
0424  * buffer is now explicitly and not within a struct pkey_protkey any more.
0425  * So this ioctl is also able to handle EP11 and CCA ECC secure keys and
0426  * provide ECC protected keys.
0427  * There needs to be a list of apqns given with at least one entry in there.
0428  * All apqns in the list need to be exact apqns, 0xFFFF as ANY card or domain
0429  * is not supported. The implementation walks through the list of apqns and
0430  * tries to send the request to each apqn without any further checking (like
0431  * card type or online state). If the apqn fails, simple the next one in the
0432  * list is tried until success (return 0) or the end of the list is reached
0433  * (return -1 with errno ENODEV). You may use the PKEY_APQNS4K ioctl to
0434  * generate a list of apqns based on the key.
0435  */
0436 struct pkey_kblob2pkey3 {
0437     __u8 __user *key;        /* in: pointer to key blob        */
0438     __u32 keylen;            /* in: key blob size          */
0439     struct pkey_apqn __user *apqns; /* in: ptr to list of apqn targets */
0440     __u32 apqn_entries;      /* in: # of apqn target list entries  */
0441     __u32 pkeytype;     /* out: prot key type (enum pkey_key_type) */
0442     __u32 pkeylen;   /* in/out: size of pkey buffer/actual len of pkey */
0443     __u8 __user *pkey;       /* in: pkey blob buffer space ptr */
0444 };
0445 #define PKEY_KBLOB2PROTK3 _IOWR(PKEY_IOCTL_MAGIC, 0x1D, struct pkey_kblob2pkey3)
0446 
0447 #endif /* _UAPI_PKEY_H */
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!