s390/zcrypt: fix wrong handling of cca cipher keygenflags

Tests showed that the keygenflags parameter is not handled
correctly within the zcrypt ccamisc generate cca cipher key
code. A similar code is used with cca cipher key value import
and there the flags are handled correctly. For unknown reason
these lines have not been updated for the generate function
and so this patch now introduces these two lines of code.

This affects only pkey with the use of CCA cipher keys and
the use of additional key generate flags.

Fixes: 4bc123b18ce6 ("s390/zcrypt: Add low level functions for CCA AES cipher keys")
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>

diff --git a/drivers/s390/crypto/zcrypt_ccamisc.c b/drivers/s390/crypto/zcrypt_ccamisc.c
index 3b2d370..c1db64a 100644 (file)
--- a/drivers/s390/crypto/zcrypt_ccamisc.c
+++ b/drivers/s390/crypto/zcrypt_ccamisc.c
@@ -838,7 +838,8 @@ int cca_gencipherkey(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags,
        /* patch the skeleton key token export flags inside the kb block */
        if (keygenflags) {
                t = (struct cipherkeytoken *) preqparm->kb.tlv3.gen_key_id_1;
-               t->kmf1 |= (u16) (keygenflags & 0x0000FFFF);
+               t->kmf1 |= (u16) (keygenflags & 0x0000FF00);
+               t->kmf1 &= (u16) ~(keygenflags & 0x000000FF);
        }
 
        /* prepare xcrb struct */