Skip to content

Commit

Permalink
s390/pkey: fix PKEY_TYPE_EP11_AES handling in PKEY_VERIFYKEY2 IOCTL
Browse files Browse the repository at this point in the history
Commit 'fa6999e326fe ("s390/pkey: support CCA and EP11 secure ECC
private keys")' introduced a new PKEY_TYPE_EP11_AES type for the
PKEY_VERIFYKEY2 IOCTL to verify keyblobs of this type. Unfortunately,
all PKEY_VERIFYKEY2 IOCTL requests with keyblobs of this type return
with an error (-EINVAL). Fix PKEY_TYPE_EP11_AES handling in
PKEY_VERIFYKEY2 IOCTL, so that userspace can verify keyblobs of this
type.

Fixes: fa6999e ("s390/pkey: support CCA and EP11 secure ECC private keys")
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
  • Loading branch information
Holger Dengler authored and Heiko Carstens committed Aug 17, 2023
1 parent d1fdfb0 commit 745742d
Showing 1 changed file with 26 additions and 1 deletion.
27 changes: 26 additions & 1 deletion drivers/s390/crypto/pkey_api.c
Original file line number Diff line number Diff line change
Expand Up @@ -912,7 +912,8 @@ static int pkey_verifykey2(const u8 *key, size_t keylen,
*ksize = kb->head.bitlen;

rc = ep11_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain,
ZCRYPT_CEX7, EP11_API_V, kb->wkvp);
ZCRYPT_CEX7, EP11_API_V,
ep11_kb_wkvp(key, keylen));
if (rc)
goto out;

Expand All @@ -922,6 +923,30 @@ static int pkey_verifykey2(const u8 *key, size_t keylen,
*cardnr = ((struct pkey_apqn *)_apqns)->card;
*domain = ((struct pkey_apqn *)_apqns)->domain;

} else if (hdr->type == TOKTYPE_NON_CCA &&
hdr->version == TOKVER_EP11_AES_WITH_HEADER) {
struct ep11kblob_header *kh = (struct ep11kblob_header *)key;

rc = ep11_check_aes_key_with_hdr(debug_info, 3,
key, keylen, 1);
if (rc)
goto out;
if (ktype)
*ktype = PKEY_TYPE_EP11_AES;
if (ksize)
*ksize = kh->bitlen;

rc = ep11_findcard2(&_apqns, &_nr_apqns, *cardnr, *domain,
ZCRYPT_CEX7, EP11_API_V,
ep11_kb_wkvp(key, keylen));
if (rc)
goto out;

if (flags)
*flags = PKEY_FLAGS_MATCH_CUR_MKVP;

*cardnr = ((struct pkey_apqn *)_apqns)->card;
*domain = ((struct pkey_apqn *)_apqns)->domain;
} else {
rc = -EINVAL;
}
Expand Down

0 comments on commit 745742d

Please sign in to comment.