s390/zcrypt: Support for CCA protected key block version 2
authorHarald Freudenberger <freude@linux.ibm.com>
Fri, 7 Feb 2020 08:05:56 +0000 (09:05 +0100)
committerVasily Gorbik <gor@linux.ibm.com>
Mon, 17 Feb 2020 17:04:15 +0000 (18:04 +0100)
There will come a new CCA keyblock version 2 for protected keys
delivered back to the OS. The difference is only the amount of
available buffer space to be up to 256 bytes for version 2.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
drivers/s390/crypto/zcrypt_ccamisc.c

index 110fe9d0cb91090b4879021a81c24e86f4a8fa59..e6899107c586bd9c9a13cc53c2094f360020a7db 100644 (file)
@@ -592,7 +592,7 @@ int cca_sec2protkey(u16 cardnr, u16 domain,
                                u8  pad2[1];
                                u8  vptype;
                                u8  vp[32];  /* verification pattern */
-                       } keyblock;
+                       } ckb;
                } lv3;
        } __packed * prepparm;
 
@@ -650,15 +650,16 @@ int cca_sec2protkey(u16 cardnr, u16 domain,
        prepparm = (struct uskrepparm *) prepcblk->rpl_parmb;
 
        /* check the returned keyblock */
-       if (prepparm->lv3.keyblock.version != 0x01) {
-               DEBUG_ERR("%s reply param keyblock version mismatch 0x%02x != 0x01\n",
-                         __func__, (int) prepparm->lv3.keyblock.version);
+       if (prepparm->lv3.ckb.version != 0x01 &&
+           prepparm->lv3.ckb.version != 0x02) {
+               DEBUG_ERR("%s reply param keyblock version mismatch 0x%02x\n",
+                         __func__, (int) prepparm->lv3.ckb.version);
                rc = -EIO;
                goto out;
        }
 
        /* copy the tanslated protected key */
-       switch (prepparm->lv3.keyblock.len) {
+       switch (prepparm->lv3.ckb.len) {
        case 16+32:
                /* AES 128 protected key */
                if (protkeytype)
@@ -676,13 +677,13 @@ int cca_sec2protkey(u16 cardnr, u16 domain,
                break;
        default:
                DEBUG_ERR("%s unknown/unsupported keylen %d\n",
-                         __func__, prepparm->lv3.keyblock.len);
+                         __func__, prepparm->lv3.ckb.len);
                rc = -EIO;
                goto out;
        }
-       memcpy(protkey, prepparm->lv3.keyblock.key, prepparm->lv3.keyblock.len);
+       memcpy(protkey, prepparm->lv3.ckb.key, prepparm->lv3.ckb.len);
        if (protkeylen)
-               *protkeylen = prepparm->lv3.keyblock.len;
+               *protkeylen = prepparm->lv3.ckb.len;
 
 out:
        free_cprbmem(mem, PARMBSIZE, 0);
@@ -1260,10 +1261,10 @@ int cca_cipher2protkey(u16 cardnr, u16 domain, const u8 *ckey,
        prepparm = (struct aurepparm *) prepcblk->rpl_parmb;
 
        /* check the returned keyblock */
-       if (prepparm->vud.ckb.version != 0x01) {
-               DEBUG_ERR(
-                       "%s reply param keyblock version mismatch 0x%02x != 0x01\n",
-                       __func__, (int) prepparm->vud.ckb.version);
+       if (prepparm->vud.ckb.version != 0x01 &&
+           prepparm->vud.ckb.version != 0x02) {
+               DEBUG_ERR("%s reply param keyblock version mismatch 0x%02x\n",
+                         __func__, (int) prepparm->vud.ckb.version);
                rc = -EIO;
                goto out;
        }