git.kernel.dk Git - linux-2.6-block.git/commit

author	Holger Dengler <dengler@linux.ibm.com>
	Tue, 25 Jul 2023 07:49:55 +0000 (09:49 +0200)
committer	Heiko Carstens <hca@linux.ibm.com>
	Thu, 17 Aug 2023 13:18:53 +0000 (15:18 +0200)
commit	fb249ce7f7bfd8621a38e4ad401ba74b680786d4
tree	b4562a33c079a65c74c7de706eb793d53edce96f	tree \| snapshot
parent	37a08f010b7c423b5e4c9ed3b187d21166553007	commit \| diff

s390/pkey: fix PKEY_TYPE_EP11_AES handling in PKEY_GENSECK2 IOCTL

Commit 'fa6999e326fe ("s390/pkey: support CCA and EP11 secure ECC
private keys")' introduced PKEY_TYPE_EP11_AES for the PKEY_GENSECK2
IOCTL, to enable userspace to generate securekey blobs of this
type. Unfortunately, all PKEY_GENSECK2 IOCTL requests for
PKEY_TYPE_EP11_AES return with an error (-EINVAL). Fix the handling
for PKEY_TYPE_EP11_AES in PKEY_GENSECK2 IOCTL, so that userspace can
generate securekey blobs of this type.

The start of the header and the keyblob, as well as the length need
special handling, depending on the internal keyversion. Add a helper
function that splits an uninitialized buffer into start and size of
the header as well as start and size of the payload, depending on the
requested keyversion.

Do the header-related calculations and the raw genkey request handling
in separate functions. Use the raw genkey request function for
internal purposes.

Fixes: fa6999e326fe ("s390/pkey: support CCA and EP11 secure ECC private keys")
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>

drivers/s390/crypto/pkey_api.c		diff \| blob \| blame \| history
drivers/s390/crypto/zcrypt_ep11misc.c		diff \| blob \| blame \| history
drivers/s390/crypto/zcrypt_ep11misc.h		diff \| blob \| blame \| history