Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
zkey: Support EP11 AES keys with prepended header to retain EP11 session
The pkey kernel module supports two key blob formats for EP11 AES keys. The first one (PKEY_TYPE_EP11) contains a 16 bytes header that overlays the first 32 bytes of the key blob which usually contain the ID of the EP11 session to which the key is bound. For zkey/dm-crypt that session ID used to be all zeros. The second blob format (PKEY_TYPE_EP11_AES) prepends the 16 bytes header to the blob, an thus does not overlay the blob. This format can be used for key blobs that are session-bound, i.e. have a non-zero session ID in the first 32 bytes. Change zkey to generate EP11 keys using the new format (i.e. pkey type PKEY_TYPE_EP11_AES), but existing key blobs using the old format can still be used. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Joerg Schmidbauer <jschmidb@de.ibm.com> Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
- Loading branch information
1 parent
f46f6d3
commit 1b044b8
Showing
8 changed files
with
295 additions
and
51 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.