s390-tools/s390-tools-sles15sp2-29-zkey-Add-helper-function-to-query-the-CCA-firmware-v.patch

Subject: zkey: Add helper function to query the CCA firmware version
From: Ingo Franzki <ifranzki@linux.ibm.com>

Summary:     zkey: Add support for CCA AES CIPHER keys
Description: With CCA 5 there is a new secure key type, the so called 
             variable length symmetric cipher key token. This token format
             can hold AES keys with size 128, 192 and 256 bits together
             with additional attributes cryptographic bound to the key
             token. The attributes may limit the usage of the key, for
             example restrict export or usability scope. So this key type
             is considered to be even more secure than the traditional 
             secure key token. This key token type is also called "CCA
             AES CIPHER key", where the formerly used key token is called
             "CCA AES DATA key".
             The zkey as well as the zkey-cryptsetup tools are enhanced
             to support AES CIPHER keys. That is, zkey can manage AES DATA 
             keys, as well as AES CIPHER keys. The key type must be specified
             at key generation time, the default is to generate AED DATA
             keys.
Upstream-ID: b0cc0e47378de9cd82b0cd14228b26be4d615ffc
Problem-ID:  SEC1717

Upstream-Description:

             zkey: Add helper function to query the CCA firmware version

             Some future functions are dependent on the firmware version of the
             CCA crypto adapter. This helper function allows to query the version
             of the currently selected CCA adapter.

             Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
             Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
             Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>


Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
 zkey/cca.c |   52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

--- a/zkey/cca.c
+++ b/zkey/cca.c
@@ -474,6 +474,58 @@ static int get_cca_adapter_serialnr(stru
 }
 
 /**
+ * Queries the firmware version of the current CCA adapter
+ *
+ * @param[in] cca              the CCA library structure
+ * @param[out] version         the struct where the version is returned
+ * @param[in] verbose          if true, verbose messages are printed
+ *
+ * @returns 0 on success, a negative errno in case of an error.
+ */
+static int get_cca_adapter_version(struct cca_lib *cca,
+				   struct cca_version *version,
+				   bool verbose)
+{
+	long exit_data_len = 0, rule_array_count, verb_data_length = 0;
+	unsigned char rule_array[6 * 8] = { 0, };
+	unsigned char exit_data[4] = { 0, };
+	long return_code, reason_code;
+	char version_data[9];
+
+	util_assert(cca != NULL, "Internal error: cca is NULL");
+
+	memset(rule_array, 0, sizeof(rule_array));
+	memcpy(rule_array, "STATCCA ", 8);
+	rule_array_count = 1;
+
+	cca->dll_CSUACFQ(&return_code, &reason_code,
+			 &exit_data_len, exit_data,
+			 &rule_array_count, rule_array,
+			 &verb_data_length, NULL);
+
+	pr_verbose(verbose, "CSUACFQ (Cryptographic Facility Query) returned: "
+		   "return_code: %ld, reason_code: %ld", return_code,
+		   reason_code);
+	if (return_code != 0) {
+		print_CCA_error(return_code, reason_code);
+		return -EIO;
+	}
+
+	memcpy(version_data, rule_array+3*8, 8);
+	version_data[8] = '\0';
+
+	pr_verbose(verbose, "CCA firmware version string: %s", version_data);
+
+	if (sscanf((char *)version_data, "%u.%u.%uz", &version->ver,
+		   &version->rel, &version->mod) != 3) {
+		warnx("CCA formware version is invalid: %s", version_data);
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+/**
  * Selects the specified APQN to be used for the CCA host library.
  *
  * @param[in] cca              the CCA library structure