From: Harald Freudenberger <freude@linux.ibm.com>
Date: Thu, 29 Aug 2019 15:16:35 +0200
Subject: s390/zcrypt: fix wrong handling of cca cipher keygenflags
Git-commit: deffa48fb014f06f7cf8c4b3ea3c96160be3c854
Patch-mainline: v5.4-rc1
References: jsc#SLE-7533 LTC#178844

Tests showed that the keygenflags parameter is not handled
correctly within the zcrypt ccamisc generate cca cipher key
code. A similar code is used with cca cipher key value import
and there the flags are handled correctly. For unknown reason
these lines have not been updated for the generate function
and so this patch now introduces these two lines of code.

This affects only pkey with the use of CCA cipher keys and
the use of additional key generate flags.

Fixes: 4bc123b18ce6 ("s390/zcrypt: Add low level functions for CCA AES cipher keys")
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Acked-by: Petr Tesarik <ptesarik@suse.com>
---
 drivers/s390/crypto/zcrypt_ccamisc.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/s390/crypto/zcrypt_ccamisc.c
+++ b/drivers/s390/crypto/zcrypt_ccamisc.c
@@ -838,7 +838,8 @@ int cca_gencipherkey(u16 cardnr, u16 dom
 	/* patch the skeleton key token export flags inside the kb block */
 	if (keygenflags) {
 		t = (struct cipherkeytoken *) preqparm->kb.tlv3.gen_key_id_1;
-		t->kmf1 |= (u16) (keygenflags & 0x0000FFFF);
+		t->kmf1 |= (u16) (keygenflags & 0x0000FF00);
+		t->kmf1 &= (u16) ~(keygenflags & 0x000000FF);
 	}
 
 	/* prepare xcrb struct */