s390-tools/s390-tools-sles15sp2-02-zkey-Move-utility-functions-into-separate-source-fil.patch

Subject: zkey: Move utility functions into separate source file
From: Ingo Franzki <ifranzki@linux.ibm.com>

Summary:     zkey: check master key consistency
Description: Enhances the zkey tool to perform a cross check whether the
             APQNs associated with a secure key have the same master key.
             Display the master key verification pattern of a secure key
             during the zkey validate command. This helps to better identify
             which master key is the correct one, in case of master key 
             inconsistencies.
             Select an appropriate APQN when re-enciphering a secure key.
             Re-enciphering is done using the CCA host library. Special
             handling is required to select an appropriate APQN for use with
             the CCA host library.
Upstream-ID: 696e8458f0c117e3a084e1a083de89ec19baaff9
Problem-ID:  SEC1916

Upstream-Description:

             zkey: Move utility functions into separate source file

             As preparation for future changes, move a sysfs specific functions
             into a separate source file (utils.c).

             Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
             Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
             Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>


Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
 zkey/Makefile   |    5 +-
 zkey/keystore.c |   69 +----------------------------------
 zkey/utils.c    |  109 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 zkey/utils.h    |   21 ++++++++++
 4 files changed, 136 insertions(+), 68 deletions(-)

--- a/zkey/Makefile
+++ b/zkey/Makefile
@@ -67,12 +67,13 @@ all: $(BUILD_TARGETS)
 zkey.o: zkey.c pkey.h cca.h misc.h
 pkey.o: pkey.c pkey.h
 cca.o: cca.c cca.h pkey.h
+utils.o: utils.h
 properties.o: check-dep-zkey properties.c properties.h
-keystore.o: keystore.c keystore.h properties.h pkey.h cca.h
+keystore.o: keystore.c keystore.h properties.h pkey.h cca.h utils.h
 zkey-cryptsetup.o: check-dep-zkey-cryptsetup zkey-cryptsetup.c pkey.h cca.h misc.h
 
 zkey: LDLIBS = -ldl -lcrypto
-zkey: zkey.o pkey.o cca.o properties.o keystore.o $(libs)
+zkey: zkey.o pkey.o cca.o properties.o keystore.o utils.o $(libs)
 	$(LINK) $(ALL_LDFLAGS) $^ $(LDLIBS) -o $@
 
 zkey-cryptsetup: LDLIBS = -ldl -lcryptsetup -ljson-c
--- a/zkey/keystore.c
+++ b/zkey/keystore.c
@@ -25,7 +25,6 @@
 #include <sys/types.h>
 
 #include "lib/util_base.h"
-#include "lib/util_file.h"
 #include "lib/util_libc.h"
 #include "lib/util_panic.h"
 #include "lib/util_path.h"
@@ -35,6 +34,7 @@
 #include "pkey.h"
 #include "cca.h"
 #include "properties.h"
+#include "utils.h"
 
 struct key_filenames {
 	char *skey_filename;
@@ -1010,69 +1010,6 @@ free:
 	return rc;
 }
 
-/**
- * Checks if the specified APQN is of type CCA and is online
- *
- * @param[in] card      card number
- * @param[in] domain    the domain
- *
- * @returns 1 if its a CCA card and is online, 0 if offline and -1 if its
- *          not a CCA card.
- */
-static int _keystore_is_apqn_online(int card, int domain)
-{
-	long int online;
-	char *dev_path;
-	char type[20];
-	int rc = 1;
-
-	dev_path = util_path_sysfs("bus/ap/devices/card%02x", card);
-	if (!util_path_is_dir(dev_path)) {
-		rc = 0;
-		goto out;
-	}
-	if (util_file_read_l(&online, 10, "%s/online", dev_path) != 0) {
-		rc = 0;
-		goto out;
-	}
-	if (online == 0) {
-		rc = 0;
-		goto out;
-	}
-	if (util_file_read_line(type, sizeof(type), "%s/type", dev_path) != 0) {
-		rc = 0;
-		goto out;
-	}
-	if (strncmp(type, "CEX", 3) != 0 || strlen(type) < 5) {
-		rc = 0;
-		goto out;
-	}
-	if (type[4] != 'C') {
-		rc = -1;
-		goto out;
-	}
-	free(dev_path);
-
-	dev_path = util_path_sysfs("bus/ap/devices/card%02x/%02x.%04x", card,
-				   card, domain);
-	if (!util_path_is_dir(dev_path)) {
-		rc = 0;
-		goto out;
-	}
-	if (util_file_read_l(&online, 10, "%s/online", dev_path) != 0) {
-		rc = 0;
-		goto out;
-	}
-	if (online == 0) {
-		rc = 0;
-		goto out;
-	}
-
-out:
-	free(dev_path);
-	return rc;
-}
-
 struct apqn_check {
 	bool noonlinecheck;
 	bool nomsg;
@@ -1124,7 +1061,7 @@ static int _keystore_apqn_check(const ch
 		goto out;
 	}
 
-	rc = _keystore_is_apqn_online(card, domain);
+	rc = sysfs_is_apqn_online(card, domain);
 	if (rc != 1) {
 		if (info->nomsg == 0)
 			warnx("The APQN %02x.%04x is %s", card, domain,
@@ -2329,7 +2266,7 @@ static int _keystore_display_apqn_status
 		if (sscanf(apqn_list[i], "%x.%x", &card, &domain) != 2)
 			continue;
 
-		rc = _keystore_is_apqn_online(card, domain);
+		rc = sysfs_is_apqn_online(card, domain);
 		if (rc != 1) {
 			printf("WARNING: The APQN %02x.%04x associated with "
 			       "key '%s' is %s\n", card, domain, name,
--- /dev/null
+++ b/zkey/utils.c
@@ -0,0 +1,109 @@
+/*
+ * zkey - Generate, re-encipher, and validate secure keys
+ *
+ * Copyright IBM Corp. 2019
+ *
+ * s390-tools is free software; you can redistribute it and/or modify
+ * it under the terms of the MIT license. See LICENSE for details.
+ */
+
+#include <err.h>
+#include <errno.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "lib/util_path.h"
+#include "lib/util_file.h"
+
+#include "utils.h"
+
+/**
+ * Checks if the specified card is of type CCA and is online
+ *
+ * @param[in] card      card number
+ *
+ * @returns 1 if its a CCA card and is online, 0 if offline and -1 if its
+ *          not a CCA card.
+ */
+int sysfs_is_card_online(int card)
+{
+	long int online;
+	char *dev_path;
+	char type[20];
+	int rc = 1;
+
+	dev_path = util_path_sysfs("bus/ap/devices/card%02x", card);
+	if (!util_path_is_dir(dev_path)) {
+		rc = 0;
+		goto out;
+	}
+	if (util_file_read_l(&online, 10, "%s/online", dev_path) != 0) {
+		rc = 0;
+		goto out;
+	}
+	if (online == 0) {
+		rc = 0;
+		goto out;
+	}
+	if (util_file_read_line(type, sizeof(type), "%s/type", dev_path) != 0) {
+		rc = 0;
+		goto out;
+	}
+	if (strncmp(type, "CEX", 3) != 0 || strlen(type) < 5) {
+		rc = 0;
+		goto out;
+	}
+	if (type[4] != 'C') {
+		rc = -1;
+		goto out;
+	}
+
+out:
+	free(dev_path);
+	return rc;
+}
+
+/**
+ * Checks if the specified APQN is of type CCA and is online
+ *
+ * @param[in] card      card number
+ * @param[in] domain    the domain
+ *
+ * @returns 1 if its a CCA card and is online, 0 if offline and -1 if its
+ *          not a CCA card.
+ */
+int sysfs_is_apqn_online(int card, int domain)
+{
+	long int online;
+	char *dev_path;
+	int rc = 1;
+
+	rc = sysfs_is_card_online(card);
+	if (rc != 1)
+		return rc;
+
+	dev_path = util_path_sysfs("bus/ap/devices/card%02x/%02x.%04x", card,
+				   card, domain);
+	if (!util_path_is_dir(dev_path)) {
+		rc = 0;
+		goto out;
+	}
+	if (util_file_read_l(&online, 10, "%s/online", dev_path) != 0) {
+		rc = 0;
+		goto out;
+	}
+	if (online == 0) {
+		rc = 0;
+		goto out;
+	}
+
+out:
+	free(dev_path);
+	return rc;
+}
+
--- /dev/null
+++ b/zkey/utils.h
@@ -0,0 +1,21 @@
+/*
+ * zkey - Generate, re-encipher, and validate secure keys
+ *
+ * This header file defines the interface to the CCA host library.
+ *
+ * Copyright IBM Corp. 2019
+ *
+ * s390-tools is free software; you can redistribute it and/or modify
+ * it under the terms of the MIT license. See LICENSE for details.
+ */
+
+#ifndef UTILS_H
+#define UTILS_H
+
+#include "lib/zt_common.h"
+
+int sysfs_is_card_online(int card);
+
+int sysfs_is_apqn_online(int card, int domain);
+
+#endif