Add a new parameter xflags to the in-kernel API function
pkey_key2protkey(). Currently there is only one flag supported:
* PKEY_XFLAG_NOMEMALLOC - If this flag is given in the xflags
parameter, the pkey implementation is not allowed to allocate
memory but instead should fail with -ENOMEM. This flag is for
protected key derive within a cipher or similar which must not
allocate memory - see also the CRYPTO_ALG_ALLOCATES_MEMORY
flag in crypto.h.
The one and only user of this in-kernel API - the skcipher
implementations PAES in paes_s390.c set this flag upon request
to derive a protected key from the given raw key material.
Signed-off-by: Harald Freudenberger <freude@xxxxxxxxxxxxx>
---
arch/s390/crypto/paes_s390.c | 2 +-
arch/s390/include/asm/pkey.h | 13 ++++++++++++-
drivers/s390/crypto/pkey_api.c | 3 +--
drivers/s390/crypto/zcrypt_api.h | 10 +++++++---
4 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c
index 511093713a6f..646cbbf0678d 100644
--- a/arch/s390/crypto/paes_s390.c
+++ b/arch/s390/crypto/paes_s390.c
@@ -189,7 +189,7 @@ static inline int __paes_keyblob2pkey(const u8 *key, unsigned int keylen,
return -EINTR;
}
rc = pkey_key2protkey(key, keylen, pk->protkey, &pk->len,
- &pk->type);
+ &pk->type, PKEY_XFLAG_NOMEMALLOC);
}
return rc;
diff --git a/arch/s390/include/asm/pkey.h b/arch/s390/include/asm/pkey.h
index 5dca1a46a9f6..2bd344cbc2ec 100644
--- a/arch/s390/include/asm/pkey.h
+++ b/arch/s390/include/asm/pkey.h
@@ -20,9 +20,20 @@
* @param key pointer to a buffer containing the key blob
* @param keylen size of the key blob in bytes
* @param protkey pointer to buffer receiving the protected key
+ * @param xflags additional execution flags (see PKEY_XFLAG_* definitions below)
* @return 0 on success, negative errno value on failure
*/
int pkey_key2protkey(const u8 *key, u32 keylen,
- u8 *protkey, u32 *protkeylen, u32 *protkeytype);
+ u8 *protkey, u32 *protkeylen, u32 *protkeytype,
+ u32 xflags);
+
+/*
+ * If this flag is given in the xflags parameter, the pkey implementation
+ * is not allowed to allocate memory but instead should fail with -ENOMEM.
+ * This flag is for protected key derive within a cipher or similar
+ * which must not allocate memory - see also the CRYPTO_ALG_ALLOCATES_MEMORY
+ * flag in crypto.h.
+ */
+#define PKEY_XFLAG_NOMEMALLOC 0x0001
#endif /* _KAPI_PKEY_H */
diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
index 55a4e70b866b..cef60770f68b 100644
--- a/drivers/s390/crypto/pkey_api.c
+++ b/drivers/s390/crypto/pkey_api.c
@@ -53,10 +53,9 @@ static int key2protkey(const struct pkey_apqn *apqns, size_t nr_apqns,
* In-Kernel function: Transform a key blob (of any type) into a protected key
*/
int pkey_key2protkey(const u8 *key, u32 keylen,
- u8 *protkey, u32 *protkeylen, u32 *protkeytype)
+ u8 *protkey, u32 *protkeylen, u32 *protkeytype, u32 xflags)
{
int rc;
- const u32 xflags = 0;
rc = key2protkey(NULL, 0, key, keylen,
protkey, protkeylen, protkeytype, xflags);
diff --git a/drivers/s390/crypto/zcrypt_api.h b/drivers/s390/crypto/zcrypt_api.h
index 92027304f0d8..f6d84751631f 100644
--- a/drivers/s390/crypto/zcrypt_api.h
+++ b/drivers/s390/crypto/zcrypt_api.h
@@ -16,6 +16,7 @@
#include <linux/atomic.h>
#include <asm/debug.h>
+#include <asm/pkey.h>
#include <asm/zcrypt.h>
#include "ap_bus.h"
@@ -79,10 +80,13 @@ struct zcrypt_track {
/*
* Do not allocate memory xflag. To be used with
* zcrypt_send_cprb() and zcrypt_send_ep11_cprb().
- * Currently only available and used for the in-kernel
- * zcrpyt api.
+ * But also used within the cca and ep11 misc functions
+ * and the pkey layer exposes this as a PKEY_XFLAG_
+ * via the in-kernel-api for protected key support.
+ * ZCRYPT_XFLAG_NOMEMALLOC and PKEY_XFLAG_NOMEMALLOC
+ * should have same value to avoid unnecessary conversions.
*/
-#define ZCRYPT_XFLAG_NOMEMALLOC 0x0001
+#define ZCRYPT_XFLAG_NOMEMALLOC PKEY_XFLAG_NOMEMALLOC
struct zcrypt_ops {
long (*rsa_modexpo)(struct zcrypt_queue *, struct ica_rsa_modexpo *,
--
2.43.0
