asedeno.scripts.mit.edu Git - linux.git/commit

author	Ingo Franzki <ifranzki@linux.ibm.com>
	Tue, 20 Aug 2019 12:57:20 +0000 (14:57 +0200)
committer	Vasily Gorbik <gor@linux.ibm.com>
	Thu, 19 Sep 2019 10:56:06 +0000 (12:56 +0200)
commit	f71fee2711a788b94ff0acb02fbd2bfe2de7e0a3
tree	e60a6bef9ee18984eb610647ae51823563bf2a27	tree \| snapshot
parent	d590284419b1d7cc2dc646e9bdde4da19061cf0f	commit \| diff

s390/pkey: Add sysfs attributes to emit AES CIPHER key blobs

Now that the pkey kernel module also supports CCA AES CIPHER keys:
Add binary read-only sysfs attributes for the pkey module
that can be used to read random CCA AES CIPHER secure keys from,
similar to the already existing sysfs attributes for AES DATA and
random protected keys. Keys are read from these attributes using
a cat-like interface.

A typical use case for those keys is to encrypt a swap device
using the paes cipher. During processing of /etc/crypttab, the
CCA random AES CIPHER secure key to encrypt the swap device is
read from one of the attributes.

The following attributes are added:
  ccacipher/ccacipher_aes_128
  ccacipher/ccacipher_aes_192
  ccacipher/ccacipher_aes_256
  ccacipher/ccacipher_aes_128_xts
  ccacipher/ccacipher_aes_256_xts
Each attribute emits a secure key blob for the corresponding
key size and cipher mode.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>