s390/zcrypt: Support for CCA protected key block version 2

BugLink: https://bugs.launchpad.net/bugs/1939618
There will come a new CCA keyblock version 2 for protected keys
delivered back to the OS. The difference is only the amount of
available buffer space to be up to 256 bytes for version 2.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
(cherry picked from commit c4f762ff6b7766e0053e39d1d87d599384288048)
Signed-off-by: Frank Heimes <frank.heimes@canonical.com>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

diff --git a/drivers/s390/crypto/zcrypt_ccamisc.c b/drivers/s390/crypto/zcrypt_ccamisc.c
index 03999b06affd497a28c2365c7c49a59259cc14cb..2d7077935792a337f1c449af5b09ba02b2d6ed23 100644 (file)
--- a/drivers/s390/crypto/zcrypt_ccamisc.c
+++ b/drivers/s390/crypto/zcrypt_ccamisc.c
@@ -592,7 +592,7 @@ int cca_sec2protkey(u16 cardnr, u16 domain,
                                u8  pad2[1];
                                u8  vptype;
                                u8  vp[32];  /* verification pattern */
-                       } keyblock;
+                       } ckb;
                } lv3;
        } __packed * prepparm;
 
@@ -650,15 +650,16 @@ int cca_sec2protkey(u16 cardnr, u16 domain,
        prepparm = (struct uskrepparm *) prepcblk->rpl_parmb;
 
        /* check the returned keyblock */
-       if (prepparm->lv3.keyblock.version != 0x01) {
-               DEBUG_ERR("%s reply param keyblock version mismatch 0x%02x != 0x01\n",
-                         __func__, (int) prepparm->lv3.keyblock.version);
+       if (prepparm->lv3.ckb.version != 0x01 &&
+           prepparm->lv3.ckb.version != 0x02) {
+               DEBUG_ERR("%s reply param keyblock version mismatch 0x%02x\n",
+                         __func__, (int) prepparm->lv3.ckb.version);
                rc = -EIO;
                goto out;
        }
 
        /* copy the tanslated protected key */
-       switch (prepparm->lv3.keyblock.len) {
+       switch (prepparm->lv3.ckb.len) {
        case 16+32:
                /* AES 128 protected key */
                if (protkeytype)
@@ -676,13 +677,13 @@ int cca_sec2protkey(u16 cardnr, u16 domain,
                break;
        default:
                DEBUG_ERR("%s unknown/unsupported keylen %d\n",
-                         __func__, prepparm->lv3.keyblock.len);
+                         __func__, prepparm->lv3.ckb.len);
                rc = -EIO;
                goto out;
        }
-       memcpy(protkey, prepparm->lv3.keyblock.key, prepparm->lv3.keyblock.len);
+       memcpy(protkey, prepparm->lv3.ckb.key, prepparm->lv3.ckb.len);
        if (protkeylen)
-               *protkeylen = prepparm->lv3.keyblock.len;
+               *protkeylen = prepparm->lv3.ckb.len;
 
 out:
        free_cprbmem(mem, PARMBSIZE, 0);
@@ -1260,10 +1261,10 @@ int cca_cipher2protkey(u16 cardnr, u16 domain, const u8 *ckey,
        prepparm = (struct aurepparm *) prepcblk->rpl_parmb;
 
        /* check the returned keyblock */
-       if (prepparm->vud.ckb.version != 0x01) {
-               DEBUG_ERR(
-                       "%s reply param keyblock version mismatch 0x%02x != 0x01\n",
-                       __func__, (int) prepparm->vud.ckb.version);
+       if (prepparm->vud.ckb.version != 0x01 &&
+           prepparm->vud.ckb.version != 0x02) {
+               DEBUG_ERR("%s reply param keyblock version mismatch 0x%02x\n",
+                         __func__, (int) prepparm->vud.ckb.version);
                rc = -EIO;
                goto out;
        }