git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Harald Freudenberger <freude@linux.ibm.com>
	Thu, 15 Jan 2026 12:00:24 +0000 (13:00 +0100)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Sat, 31 Jan 2026 02:52:30 +0000 (10:52 +0800)
commit	2dfca611197e4ac0fcca03dc82594bab38464964
tree	9977f10a75aa48002a827f061d68f1afdb23c826	tree
parent	cf0840cc7f578c21e64810ef85e838d44d275d9c	commit \| diff

s390/pkey: Support new xflag PKEY_XFLAG_NOCLEARKEY

Introduce a new xflag PKEY_XFLAG_NOCLEARKEY which when given refuses
the conversion of "clear key tokens" to protected key material.

Some algorithms (PAES, PHMAC) have the need to construct "clear key
tokens" to be used during selftest. But in general these algorithms
should only support clear key material for testing purpose. So now the
algorithm implementation can signal via xflag PKEY_XFLAG_NOCLEARKEY
that a conversion of clear key material to protected key is not
acceptable and thus the pkey layer (usually one of the handler
modules) refuses clear key material with -EINVAL.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

arch/s390/include/asm/pkey.h		diff \| blob \| blame \| history
drivers/s390/crypto/pkey_cca.c		diff \| blob \| blame \| history
drivers/s390/crypto/pkey_ep11.c		diff \| blob \| blame \| history
drivers/s390/crypto/pkey_pckmo.c		diff \| blob \| blame \| history