s390/zcrypt: fix wrong handling of cca cipher keygenflags

Tests showed that the keygenflags parameter is not handled correctly within the zcrypt ccamisc generate cca cipher key code. A similar code is used with cca cipher key value import and there the flags are handled correctly. For unknown reason these lines have not been updated for the generate function and so this patch now introduces these two lines of code. This affects only pkey with the use of CCA cipher keys and the use of additional key generate flags. Fixes: 4bc123b ("s390/zcrypt: Add low level functions for CCA AES cipher keys") Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
mariux64 · Aug 29, 2019 · deffa48 · deffa48
1 parent 58879d4
commit deffa48
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/drivers/s390/crypto/zcrypt_ccamisc.c b/drivers/s390/crypto/zcrypt_ccamisc.c
@@ -838,7 +838,8 @@ int cca_gencipherkey(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags,
 	/* patch the skeleton key token export flags inside the kb block */
 	if (keygenflags) {
 		t = (struct cipherkeytoken *) preqparm->kb.tlv3.gen_key_id_1;
-		t->kmf1 |= (u16) (keygenflags & 0x0000FFFF);
+		t->kmf1 |= (u16) (keygenflags & 0x0000FF00);
+		t->kmf1 &= (u16) ~(keygenflags & 0x000000FF);
 	}
 
 	/* prepare xcrb struct */