Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
s390-tools.15932
s390-tools-sles15sp2-02-zkey-Move-utility-funct...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File s390-tools-sles15sp2-02-zkey-Move-utility-functions-into-separate-source-fil.patch of Package s390-tools.15932
Subject: zkey: Move utility functions into separate source file From: Ingo Franzki <ifranzki@linux.ibm.com> Summary: zkey: check master key consistency Description: Enhances the zkey tool to perform a cross check whether the APQNs associated with a secure key have the same master key. Display the master key verification pattern of a secure key during the zkey validate command. This helps to better identify which master key is the correct one, in case of master key inconsistencies. Select an appropriate APQN when re-enciphering a secure key. Re-enciphering is done using the CCA host library. Special handling is required to select an appropriate APQN for use with the CCA host library. Upstream-ID: 696e8458f0c117e3a084e1a083de89ec19baaff9 Problem-ID: SEC1916 Upstream-Description: zkey: Move utility functions into separate source file As preparation for future changes, move a sysfs specific functions into a separate source file (utils.c). Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com> Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> --- zkey/Makefile | 5 +- zkey/keystore.c | 69 +---------------------------------- zkey/utils.c | 109 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ zkey/utils.h | 21 ++++++++++ 4 files changed, 136 insertions(+), 68 deletions(-) --- a/zkey/Makefile +++ b/zkey/Makefile @@ -67,12 +67,13 @@ all: $(BUILD_TARGETS) zkey.o: zkey.c pkey.h cca.h misc.h pkey.o: pkey.c pkey.h cca.o: cca.c cca.h pkey.h +utils.o: utils.h properties.o: check-dep-zkey properties.c properties.h -keystore.o: keystore.c keystore.h properties.h pkey.h cca.h +keystore.o: keystore.c keystore.h properties.h pkey.h cca.h utils.h zkey-cryptsetup.o: check-dep-zkey-cryptsetup zkey-cryptsetup.c pkey.h cca.h misc.h zkey: LDLIBS = -ldl -lcrypto -zkey: zkey.o pkey.o cca.o properties.o keystore.o $(libs) +zkey: zkey.o pkey.o cca.o properties.o keystore.o utils.o $(libs) $(LINK) $(ALL_LDFLAGS) $^ $(LDLIBS) -o $@ zkey-cryptsetup: LDLIBS = -ldl -lcryptsetup -ljson-c --- a/zkey/keystore.c +++ b/zkey/keystore.c @@ -25,7 +25,6 @@ #include <sys/types.h> #include "lib/util_base.h" -#include "lib/util_file.h" #include "lib/util_libc.h" #include "lib/util_panic.h" #include "lib/util_path.h" @@ -35,6 +34,7 @@ #include "pkey.h" #include "cca.h" #include "properties.h" +#include "utils.h" struct key_filenames { char *skey_filename; @@ -1010,69 +1010,6 @@ free: return rc; } -/** - * Checks if the specified APQN is of type CCA and is online - * - * @param[in] card card number - * @param[in] domain the domain - * - * @returns 1 if its a CCA card and is online, 0 if offline and -1 if its - * not a CCA card. - */ -static int _keystore_is_apqn_online(int card, int domain) -{ - long int online; - char *dev_path; - char type[20]; - int rc = 1; - - dev_path = util_path_sysfs("bus/ap/devices/card%02x", card); - if (!util_path_is_dir(dev_path)) { - rc = 0; - goto out; - } - if (util_file_read_l(&online, 10, "%s/online", dev_path) != 0) { - rc = 0; - goto out; - } - if (online == 0) { - rc = 0; - goto out; - } - if (util_file_read_line(type, sizeof(type), "%s/type", dev_path) != 0) { - rc = 0; - goto out; - } - if (strncmp(type, "CEX", 3) != 0 || strlen(type) < 5) { - rc = 0; - goto out; - } - if (type[4] != 'C') { - rc = -1; - goto out; - } - free(dev_path); - - dev_path = util_path_sysfs("bus/ap/devices/card%02x/%02x.%04x", card, - card, domain); - if (!util_path_is_dir(dev_path)) { - rc = 0; - goto out; - } - if (util_file_read_l(&online, 10, "%s/online", dev_path) != 0) { - rc = 0; - goto out; - } - if (online == 0) { - rc = 0; - goto out; - } - -out: - free(dev_path); - return rc; -} - struct apqn_check { bool noonlinecheck; bool nomsg; @@ -1124,7 +1061,7 @@ static int _keystore_apqn_check(const ch goto out; } - rc = _keystore_is_apqn_online(card, domain); + rc = sysfs_is_apqn_online(card, domain); if (rc != 1) { if (info->nomsg == 0) warnx("The APQN %02x.%04x is %s", card, domain, @@ -2329,7 +2266,7 @@ static int _keystore_display_apqn_status if (sscanf(apqn_list[i], "%x.%x", &card, &domain) != 2) continue; - rc = _keystore_is_apqn_online(card, domain); + rc = sysfs_is_apqn_online(card, domain); if (rc != 1) { printf("WARNING: The APQN %02x.%04x associated with " "key '%s' is %s\n", card, domain, name, --- /dev/null +++ b/zkey/utils.c @@ -0,0 +1,109 @@ +/* + * zkey - Generate, re-encipher, and validate secure keys + * + * Copyright IBM Corp. 2019 + * + * s390-tools is free software; you can redistribute it and/or modify + * it under the terms of the MIT license. See LICENSE for details. + */ + +#include <err.h> +#include <errno.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <stdint.h> +#include <sys/types.h> +#include <unistd.h> + +#include "lib/util_path.h" +#include "lib/util_file.h" + +#include "utils.h" + +/** + * Checks if the specified card is of type CCA and is online + * + * @param[in] card card number + * + * @returns 1 if its a CCA card and is online, 0 if offline and -1 if its + * not a CCA card. + */ +int sysfs_is_card_online(int card) +{ + long int online; + char *dev_path; + char type[20]; + int rc = 1; + + dev_path = util_path_sysfs("bus/ap/devices/card%02x", card); + if (!util_path_is_dir(dev_path)) { + rc = 0; + goto out; + } + if (util_file_read_l(&online, 10, "%s/online", dev_path) != 0) { + rc = 0; + goto out; + } + if (online == 0) { + rc = 0; + goto out; + } + if (util_file_read_line(type, sizeof(type), "%s/type", dev_path) != 0) { + rc = 0; + goto out; + } + if (strncmp(type, "CEX", 3) != 0 || strlen(type) < 5) { + rc = 0; + goto out; + } + if (type[4] != 'C') { + rc = -1; + goto out; + } + +out: + free(dev_path); + return rc; +} + +/** + * Checks if the specified APQN is of type CCA and is online + * + * @param[in] card card number + * @param[in] domain the domain + * + * @returns 1 if its a CCA card and is online, 0 if offline and -1 if its + * not a CCA card. + */ +int sysfs_is_apqn_online(int card, int domain) +{ + long int online; + char *dev_path; + int rc = 1; + + rc = sysfs_is_card_online(card); + if (rc != 1) + return rc; + + dev_path = util_path_sysfs("bus/ap/devices/card%02x/%02x.%04x", card, + card, domain); + if (!util_path_is_dir(dev_path)) { + rc = 0; + goto out; + } + if (util_file_read_l(&online, 10, "%s/online", dev_path) != 0) { + rc = 0; + goto out; + } + if (online == 0) { + rc = 0; + goto out; + } + +out: + free(dev_path); + return rc; +} + --- /dev/null +++ b/zkey/utils.h @@ -0,0 +1,21 @@ +/* + * zkey - Generate, re-encipher, and validate secure keys + * + * This header file defines the interface to the CCA host library. + * + * Copyright IBM Corp. 2019 + * + * s390-tools is free software; you can redistribute it and/or modify + * it under the terms of the MIT license. See LICENSE for details. + */ + +#ifndef UTILS_H +#define UTILS_H + +#include "lib/zt_common.h" + +int sysfs_is_card_online(int card); + +int sysfs_is_apqn_online(int card, int domain); + +#endif
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor