Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
s390-tools.17667
s390-tools-sles15sp2-06-zkey-Add-function-to-pr...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File s390-tools-sles15sp2-06-zkey-Add-function-to-print-the-MKVPs-of-APQNs.patch of Package s390-tools.17667
Subject: zkey: Add function to print the MKVPs of APQNs From: Ingo Franzki <ifranzki@linux.ibm.com> Summary: zkey: check master key consistency Description: Enhances the zkey tool to perform a cross check whether the APQNs associated with a secure key have the same master key. Display the master key verification pattern of a secure key during the zkey validate command. This helps to better identify which master key is the correct one, in case of master key inconsistencies. Select an appropriate APQN when re-enciphering a secure key. Re-enciphering is done using the CCA host library. Special handling is required to select an appropriate APQN for use with the CCA host library. Upstream-ID: bfc3dd018c4f0cc17f8463d8bd6be16aab8de4a4 Problem-ID: SEC1916 Upstream-Description: zkey: Add function to print the MKVPs of APQNs Add a utility function to print the master key verification patterns of a set of APQNs. This allows the user to visually check which master keys are set on which APQNs. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com> Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> --- zkey/utils.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ zkey/utils.h | 2 + 2 files changed, 82 insertions(+) --- a/zkey/utils.c +++ b/zkey/utils.c @@ -426,3 +426,83 @@ int handle_apqns(const char *apqns, apqn return rc; } + +struct print_apqn_info { + struct util_rec *rec; + bool verbose; +}; + +static int print_apqn_mk_info(int card, int domain, void *handler_data) +{ + struct print_apqn_info *info = (struct print_apqn_info *)handler_data; + struct mk_info mk_info; + int rc; + + rc = sysfs_get_mkvps(card, domain, &mk_info, info->verbose); + if (rc == -ENOTSUP) + return rc; + + util_rec_set(info->rec, "APQN", "%02x.%04x", card, domain); + + if (rc == 0) { + if (mk_info.new_mk.mk_state == MK_STATE_FULL) + util_rec_set(info->rec, "NEW", "%016llx", + mk_info.new_mk.mkvp); + else if (mk_info.new_mk.mk_state == MK_STATE_PARTIAL) + util_rec_set(info->rec, "NEW", "partially loaded"); + else + util_rec_set(info->rec, "NEW", "-"); + + if (mk_info.cur_mk.mk_state == MK_STATE_VALID) + util_rec_set(info->rec, "CUR", "%016llx", + mk_info.cur_mk.mkvp); + else + util_rec_set(info->rec, "CUR", "-"); + + if (mk_info.old_mk.mk_state == MK_STATE_VALID) + util_rec_set(info->rec, "OLD", "%016llx", + mk_info.old_mk.mkvp); + else + util_rec_set(info->rec, "OLD", "-"); + } else { + util_rec_set(info->rec, "NEW", "?"); + util_rec_set(info->rec, "CUR", "?"); + util_rec_set(info->rec, "OLD", "?"); + } + + util_rec_print(info->rec); + + return 0; +} + +/** + * Prints master key information for all specified APQNs + * + * @param[in] apqns a comma separated list of APQNs. If NULL is specified, + * or an empty string, then all online CCA APQNs are + * printed. + * @param[in] verbose if true, verbose messages are printed + * + * @returns 0 for success or a negative errno in case of an error. -ENOTSUP is + * returned when the mkvps sysfs attribute is not available, because + * the zcrypt kernel module is on an older level. + */ +int print_mk_info(const char *apqns, bool verbose) +{ + struct print_apqn_info info; + int rc; + + info.verbose = verbose; + info.rec = util_rec_new_wide("-"); + + util_rec_def(info.rec, "APQN", UTIL_REC_ALIGN_LEFT, 11, "CARD.DOMAIN"); + util_rec_def(info.rec, "NEW", UTIL_REC_ALIGN_LEFT, 16, "NEW MK"); + util_rec_def(info.rec, "CUR", UTIL_REC_ALIGN_LEFT, 16, "CURRENT MK"); + util_rec_def(info.rec, "OLD", UTIL_REC_ALIGN_LEFT, 16, "OLD MK"); + util_rec_print_hdr(info.rec); + + rc = handle_apqns(apqns, print_apqn_mk_info, &info, verbose); + + util_rec_free(info.rec); + return rc; +} --- a/zkey/utils.h +++ b/zkey/utils.h @@ -46,4 +46,6 @@ typedef int(*apqn_handler_t) (int card, int handle_apqns(const char *apqns, apqn_handler_t handler, void *handler_data, bool verbose); +int print_mk_info(const char *apqns, bool verbose); + #endif
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor