Subject: zkey: Move utility functions into separate source file From: Ingo Franzki Summary: zkey: check master key consistency Description: Enhances the zkey tool to perform a cross check whether the APQNs associated with a secure key have the same master key. Display the master key verification pattern of a secure key during the zkey validate command. This helps to better identify which master key is the correct one, in case of master key inconsistencies. Select an appropriate APQN when re-enciphering a secure key. Re-enciphering is done using the CCA host library. Special handling is required to select an appropriate APQN for use with the CCA host library. Upstream-ID: 696e8458f0c117e3a084e1a083de89ec19baaff9 Problem-ID: SEC1916 Upstream-Description: zkey: Move utility functions into separate source file As preparation for future changes, move a sysfs specific functions into a separate source file (utils.c). Signed-off-by: Ingo Franzki Reviewed-by: Harald Freudenberger Signed-off-by: Jan Hoeppner Signed-off-by: Ingo Franzki --- zkey/Makefile | 5 +- zkey/keystore.c | 69 +---------------------------------- zkey/utils.c | 109 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ zkey/utils.h | 21 ++++++++++ 4 files changed, 136 insertions(+), 68 deletions(-) --- a/zkey/Makefile +++ b/zkey/Makefile @@ -67,12 +67,13 @@ all: $(BUILD_TARGETS) zkey.o: zkey.c pkey.h cca.h misc.h pkey.o: pkey.c pkey.h cca.o: cca.c cca.h pkey.h +utils.o: utils.h properties.o: check-dep-zkey properties.c properties.h -keystore.o: keystore.c keystore.h properties.h pkey.h cca.h +keystore.o: keystore.c keystore.h properties.h pkey.h cca.h utils.h zkey-cryptsetup.o: check-dep-zkey-cryptsetup zkey-cryptsetup.c pkey.h cca.h misc.h zkey: LDLIBS = -ldl -lcrypto -zkey: zkey.o pkey.o cca.o properties.o keystore.o $(libs) +zkey: zkey.o pkey.o cca.o properties.o keystore.o utils.o $(libs) $(LINK) $(ALL_LDFLAGS) $^ $(LDLIBS) -o $@ zkey-cryptsetup: LDLIBS = -ldl -lcryptsetup -ljson-c --- a/zkey/keystore.c +++ b/zkey/keystore.c @@ -25,7 +25,6 @@ #include #include "lib/util_base.h" -#include "lib/util_file.h" #include "lib/util_libc.h" #include "lib/util_panic.h" #include "lib/util_path.h" @@ -35,6 +34,7 @@ #include "pkey.h" #include "cca.h" #include "properties.h" +#include "utils.h" struct key_filenames { char *skey_filename; @@ -1010,69 +1010,6 @@ free: return rc; } -/** - * Checks if the specified APQN is of type CCA and is online - * - * @param[in] card card number - * @param[in] domain the domain - * - * @returns 1 if its a CCA card and is online, 0 if offline and -1 if its - * not a CCA card. - */ -static int _keystore_is_apqn_online(int card, int domain) -{ - long int online; - char *dev_path; - char type[20]; - int rc = 1; - - dev_path = util_path_sysfs("bus/ap/devices/card%02x", card); - if (!util_path_is_dir(dev_path)) { - rc = 0; - goto out; - } - if (util_file_read_l(&online, 10, "%s/online", dev_path) != 0) { - rc = 0; - goto out; - } - if (online == 0) { - rc = 0; - goto out; - } - if (util_file_read_line(type, sizeof(type), "%s/type", dev_path) != 0) { - rc = 0; - goto out; - } - if (strncmp(type, "CEX", 3) != 0 || strlen(type) < 5) { - rc = 0; - goto out; - } - if (type[4] != 'C') { - rc = -1; - goto out; - } - free(dev_path); - - dev_path = util_path_sysfs("bus/ap/devices/card%02x/%02x.%04x", card, - card, domain); - if (!util_path_is_dir(dev_path)) { - rc = 0; - goto out; - } - if (util_file_read_l(&online, 10, "%s/online", dev_path) != 0) { - rc = 0; - goto out; - } - if (online == 0) { - rc = 0; - goto out; - } - -out: - free(dev_path); - return rc; -} - struct apqn_check { bool noonlinecheck; bool nomsg; @@ -1124,7 +1061,7 @@ static int _keystore_apqn_check(const ch goto out; } - rc = _keystore_is_apqn_online(card, domain); + rc = sysfs_is_apqn_online(card, domain); if (rc != 1) { if (info->nomsg == 0) warnx("The APQN %02x.%04x is %s", card, domain, @@ -2329,7 +2266,7 @@ static int _keystore_display_apqn_status if (sscanf(apqn_list[i], "%x.%x", &card, &domain) != 2) continue; - rc = _keystore_is_apqn_online(card, domain); + rc = sysfs_is_apqn_online(card, domain); if (rc != 1) { printf("WARNING: The APQN %02x.%04x associated with " "key '%s' is %s\n", card, domain, name, --- /dev/null +++ b/zkey/utils.c @@ -0,0 +1,109 @@ +/* + * zkey - Generate, re-encipher, and validate secure keys + * + * Copyright IBM Corp. 2019 + * + * s390-tools is free software; you can redistribute it and/or modify + * it under the terms of the MIT license. See LICENSE for details. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "lib/util_path.h" +#include "lib/util_file.h" + +#include "utils.h" + +/** + * Checks if the specified card is of type CCA and is online + * + * @param[in] card card number + * + * @returns 1 if its a CCA card and is online, 0 if offline and -1 if its + * not a CCA card. + */ +int sysfs_is_card_online(int card) +{ + long int online; + char *dev_path; + char type[20]; + int rc = 1; + + dev_path = util_path_sysfs("bus/ap/devices/card%02x", card); + if (!util_path_is_dir(dev_path)) { + rc = 0; + goto out; + } + if (util_file_read_l(&online, 10, "%s/online", dev_path) != 0) { + rc = 0; + goto out; + } + if (online == 0) { + rc = 0; + goto out; + } + if (util_file_read_line(type, sizeof(type), "%s/type", dev_path) != 0) { + rc = 0; + goto out; + } + if (strncmp(type, "CEX", 3) != 0 || strlen(type) < 5) { + rc = 0; + goto out; + } + if (type[4] != 'C') { + rc = -1; + goto out; + } + +out: + free(dev_path); + return rc; +} + +/** + * Checks if the specified APQN is of type CCA and is online + * + * @param[in] card card number + * @param[in] domain the domain + * + * @returns 1 if its a CCA card and is online, 0 if offline and -1 if its + * not a CCA card. + */ +int sysfs_is_apqn_online(int card, int domain) +{ + long int online; + char *dev_path; + int rc = 1; + + rc = sysfs_is_card_online(card); + if (rc != 1) + return rc; + + dev_path = util_path_sysfs("bus/ap/devices/card%02x/%02x.%04x", card, + card, domain); + if (!util_path_is_dir(dev_path)) { + rc = 0; + goto out; + } + if (util_file_read_l(&online, 10, "%s/online", dev_path) != 0) { + rc = 0; + goto out; + } + if (online == 0) { + rc = 0; + goto out; + } + +out: + free(dev_path); + return rc; +} + --- /dev/null +++ b/zkey/utils.h @@ -0,0 +1,21 @@ +/* + * zkey - Generate, re-encipher, and validate secure keys + * + * This header file defines the interface to the CCA host library. + * + * Copyright IBM Corp. 2019 + * + * s390-tools is free software; you can redistribute it and/or modify + * it under the terms of the MIT license. See LICENSE for details. + */ + +#ifndef UTILS_H +#define UTILS_H + +#include "lib/zt_common.h" + +int sysfs_is_card_online(int card); + +int sysfs_is_apqn_online(int card, int domain); + +#endif