forked from pool/s390-tools
102 lines
3.7 KiB
Diff
102 lines
3.7 KiB
Diff
|
Subject: zkey: Add helper function to query the CCA firmware version
|
||
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||
|
|
||
|
Summary: zkey: Add support for CCA AES CIPHER keys
|
||
|
Description: With CCA 5 there is a new secure key type, the so called
|
||
|
variable length symmetric cipher key token. This token format
|
||
|
can hold AES keys with size 128, 192 and 256 bits together
|
||
|
with additional attributes cryptographic bound to the key
|
||
|
token. The attributes may limit the usage of the key, for
|
||
|
example restrict export or usability scope. So this key type
|
||
|
is considered to be even more secure than the traditional
|
||
|
secure key token. This key token type is also called "CCA
|
||
|
AES CIPHER key", where the formerly used key token is called
|
||
|
"CCA AES DATA key".
|
||
|
The zkey as well as the zkey-cryptsetup tools are enhanced
|
||
|
to support AES CIPHER keys. That is, zkey can manage AES DATA
|
||
|
keys, as well as AES CIPHER keys. The key type must be specified
|
||
|
at key generation time, the default is to generate AED DATA
|
||
|
keys.
|
||
|
Upstream-ID: b0cc0e47378de9cd82b0cd14228b26be4d615ffc
|
||
|
Problem-ID: SEC1717
|
||
|
|
||
|
Upstream-Description:
|
||
|
|
||
|
zkey: Add helper function to query the CCA firmware version
|
||
|
|
||
|
Some future functions are dependent on the firmware version of the
|
||
|
CCA crypto adapter. This helper function allows to query the version
|
||
|
of the currently selected CCA adapter.
|
||
|
|
||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||
|
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
|
||
|
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
|
||
|
|
||
|
|
||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||
|
---
|
||
|
zkey/cca.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||
|
1 file changed, 52 insertions(+)
|
||
|
|
||
|
--- a/zkey/cca.c
|
||
|
+++ b/zkey/cca.c
|
||
|
@@ -474,6 +474,58 @@ static int get_cca_adapter_serialnr(stru
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
+ * Queries the firmware version of the current CCA adapter
|
||
|
+ *
|
||
|
+ * @param[in] cca the CCA library structure
|
||
|
+ * @param[out] version the struct where the version is returned
|
||
|
+ * @param[in] verbose if true, verbose messages are printed
|
||
|
+ *
|
||
|
+ * @returns 0 on success, a negative errno in case of an error.
|
||
|
+ */
|
||
|
+static int get_cca_adapter_version(struct cca_lib *cca,
|
||
|
+ struct cca_version *version,
|
||
|
+ bool verbose)
|
||
|
+{
|
||
|
+ long exit_data_len = 0, rule_array_count, verb_data_length = 0;
|
||
|
+ unsigned char rule_array[6 * 8] = { 0, };
|
||
|
+ unsigned char exit_data[4] = { 0, };
|
||
|
+ long return_code, reason_code;
|
||
|
+ char version_data[9];
|
||
|
+
|
||
|
+ util_assert(cca != NULL, "Internal error: cca is NULL");
|
||
|
+
|
||
|
+ memset(rule_array, 0, sizeof(rule_array));
|
||
|
+ memcpy(rule_array, "STATCCA ", 8);
|
||
|
+ rule_array_count = 1;
|
||
|
+
|
||
|
+ cca->dll_CSUACFQ(&return_code, &reason_code,
|
||
|
+ &exit_data_len, exit_data,
|
||
|
+ &rule_array_count, rule_array,
|
||
|
+ &verb_data_length, NULL);
|
||
|
+
|
||
|
+ pr_verbose(verbose, "CSUACFQ (Cryptographic Facility Query) returned: "
|
||
|
+ "return_code: %ld, reason_code: %ld", return_code,
|
||
|
+ reason_code);
|
||
|
+ if (return_code != 0) {
|
||
|
+ print_CCA_error(return_code, reason_code);
|
||
|
+ return -EIO;
|
||
|
+ }
|
||
|
+
|
||
|
+ memcpy(version_data, rule_array+3*8, 8);
|
||
|
+ version_data[8] = '\0';
|
||
|
+
|
||
|
+ pr_verbose(verbose, "CCA firmware version string: %s", version_data);
|
||
|
+
|
||
|
+ if (sscanf((char *)version_data, "%u.%u.%uz", &version->ver,
|
||
|
+ &version->rel, &version->mod) != 3) {
|
||
|
+ warnx("CCA formware version is invalid: %s", version_data);
|
||
|
+ return -EINVAL;
|
||
|
+ }
|
||
|
+
|
||
|
+ return 0;
|
||
|
+}
|
||
|
+
|
||
|
+/**
|
||
|
* Selects the specified APQN to be used for the CCA host library.
|
||
|
*
|
||
|
* @param[in] cca the CCA library structure
|