]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: bbecb51) | patch
s390/pkey: Rework pkey verify for protected keys
authorHarald Freudenberger <freude@linux.ibm.com>
Fri, 25 Oct 2024 10:34:29 +0000 (12:34 +0200)
committerHeiko Carstens <hca@linux.ibm.com>
Tue, 29 Oct 2024 10:17:17 +0000 (11:17 +0100)
commitb2402a67246f83cdd1f807c8a54b341936b8ce0b
tree52520dc31e5d0d0cec9f136ad08756c14bb248bftree
parentbbecb519004c928629f2fd150b929b54f9740bf6commit | diff
s390/pkey: Rework pkey verify for protected keys

Rework the verification of protected keys by simple check
for the correct AES wrapping key verification pattern.

A protected key always carries the AES wrapping key
verification pattern within the blob. The old code really
used the protected key for an en/decrypt operation and by
doing so, verified the AES WK VP. But a much simpler and
more generic way is to extract the AES WK VP value from the
key and compare it with AES WK VP from a freshly created
dummy protected key. This also eliminates the limitation to
only be able to verify AES protected keys. With this change
any kind of known protected key can be verified.

Suggested-by: Holger Dengler <dengler@linux.ibm.com>
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
drivers/s390/crypto/pkey_pckmo.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.