s390/pkey: Forward keygenflags to ep11_unwrapkey

The pkey ioctl PKEY_CLR2SECK2 describes in the pkey.h header file
the parameter 'keygenflags' which is forwarded to the handler
functions which actually deal with the clear key to secure key
operation. The ep11 handler module function ep11_clr2keyblob()
function receives this parameter but does not forward it to the
underlying function ep11_unwrapkey() on invocation. So in the end
the user of this ioctl could not forward additional key generation
flags to the ep11 implementation and thus was unable to modify the
key generation process in any way. So now call ep11_unwrapkey()
with the real keygenflags instead of 0 and thus the user of this
ioctl can for example via keygenflags provide valid combinations
of XCP_BLOB_* flags.

Suggested-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>

diff --git a/drivers/s390/crypto/zcrypt_ep11misc.c b/drivers/s390/crypto/zcrypt_ep11misc.c
index 3bf09a89a0894026ade3ebafb7a9cd9a7e318862..e92e2fd8ce5da06fb3fd241177534f5823c90df7 100644 (file)
--- a/drivers/s390/crypto/zcrypt_ep11misc.c
+++ b/drivers/s390/crypto/zcrypt_ep11misc.c
@@ -1405,7 +1405,9 @@ int ep11_clr2keyblob(u16 card, u16 domain, u32 keybitsize, u32 keygenflags,
        /* Step 3: import the encrypted key value as a new key */
        rc = ep11_unwrapkey(card, domain, kek, keklen,
                            encbuf, encbuflen, 0, def_iv,
-                           keybitsize, 0, keybuf, keybufsize, keytype, xflags);
+                           keybitsize, keygenflags,
+                           keybuf, keybufsize,
+                           keytype, xflags);
        if (rc) {
                ZCRYPT_DBF_ERR("%s importing key value as new key failed, rc=%d\n",
                               __func__, rc);