diff options
author | Harald Freudenberger <freude@linux.ibm.com> | 2019-12-06 14:21:38 +0100 |
---|---|---|
committer | Vasily Gorbik <gor@linux.ibm.com> | 2020-01-30 13:07:56 +0100 |
commit | 55d0a513a0e202c68af2c8f4b1e923a345227bbb (patch) | |
tree | 83e6225c32d3aa06a8c3f55d9997fb7b487d397f /arch/s390/crypto | |
parent | a17becc112535b912f2165f80a98c21b59655119 (diff) |
s390/pkey/zcrypt: Support EP11 AES secure keys
Extend the low level ep11 misc functions implementation by
several functions to support EP11 key objects for paes and pkey:
- EP11 AES secure key generation
- EP11 AES secure key generation from given clear key value
- EP11 AES secure key blob check
- findcard function returns list of apqns based on given criterias
- EP11 AES secure key derive to CPACF protected key
Extend the pkey module to be able to generate and handle EP11
secure keys and also use them as base for deriving protected
keys for CPACF usage. These ioctls are extended to support
EP11 keys: PKEY_GENSECK2, PKEY_CLR2SECK2, PKEY_VERIFYKEY2,
PKEY_APQNS4K, PKEY_APQNS4KT, PKEY_KBLOB2PROTK2.
Additionally the 'clear key' token to protected key now uses
an EP11 card if the other ways (via PCKMO, via CCA) fail.
The PAES cipher implementation needed a new upper limit for
the max key size, but is now also working with EP11 keys.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Diffstat (limited to 'arch/s390/crypto')
-rw-r--r-- | arch/s390/crypto/paes_s390.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c index bb9aa86ad4bd..f3caeb17c85b 100644 --- a/arch/s390/crypto/paes_s390.c +++ b/arch/s390/crypto/paes_s390.c @@ -34,7 +34,7 @@ * and padding is also possible, the limits need to be generous. */ #define PAES_MIN_KEYSIZE 16 -#define PAES_MAX_KEYSIZE 256 +#define PAES_MAX_KEYSIZE 320 static u8 *ctrblk; static DEFINE_MUTEX(ctrblk_lock); |