diff options
| author | Alexander Gordeev | 2023-06-06 13:00:11 +0200 |
|---|---|---|
| committer | Alexander Gordeev | 2023-06-06 13:00:11 +0200 |
| commit | e23b4fdb5cd0bab2ba770bc481dfb36c875a1d09 (patch) | |
| tree | f69a70a1a0f50ed40e4abcdee53b2dbe398e8eb8 /Documentation/RCU | |
| parent | 9f70bc890ae299a6fdf83bfc99832509fd2f7494 (diff) | |
| parent | 9e436c195e2d6d3a0db6921e14ef2c85e559ae5b (diff) | |
Merge branch 'protected-key' into features
Harald Freudenberger says:
===================
This patches do some cleanup and reorg of the pkey module code and
extend the existing ioctl with supporting derivation of protected
key material from clear key material for some ECC curves with the
help of the PCKMO instruction.
Please note that 'protected key' is a special type of key only
available on s390. It is similar to an secure key which is encrypted
by a master key sitting inside an HSM. In contrast to secure keys
a protected key is encrypted by a random key located in a hidden
firmware memory accessible by the CPU and thus much faster but
less secure.
===================
The merged updates are:
- Fix the style of protected key API driver source: use
x-mas tree for all local variable declarations.
- Rework protected key API driver to not use the struct
pkey_protkey and pkey_clrkey anymore. Both structures
have a fixed size buffer, but with the support of ECC
protected key these buffers are not big enough. Use
dynamic buffers internally and transparently for
userspace.
- Add support for a new 'non CCA clear key token' with
ECC clear keys supported: ECC P256, ECC P384, ECC P521,
ECC ED25519 and ECC ED448. This makes it possible to
derive a protected key from the ECC clear key input via
PKEY_KBLOB2PROTK3 ioctl, while currently the only way
to derive is via PCKMO instruction.
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Diffstat (limited to 'Documentation/RCU')
0 files changed, 0 insertions, 0 deletions