forked from pool/s390-tools
125 lines
3.6 KiB
Diff
125 lines
3.6 KiB
Diff
|
Subject: lszcrypt: CEX6S exploitation
|
||
|
From: Harald Freudenberger <freude@linux.vnet.ibm.com>
|
||
|
|
||
|
Summary: s390-tools: Exploitation Support for CEX6S
|
||
|
Description: Exploitation Support for CEX6S
|
||
|
Upstream-ID: 31866fbfa4bd89606af2a313427ca06d230e20dc
|
||
|
Problem-ID: SEC1519
|
||
|
|
||
|
Upstream-Description:
|
||
|
|
||
|
lszcrypt: CEX6S exploitation
|
||
|
|
||
|
With z14 there comes a new crypto card 'CEX6S'.
|
||
|
|
||
|
This patch introduces the s390-tools changes needed
|
||
|
to list the new card and show the capabilities correctly.
|
||
|
|
||
|
Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
|
||
|
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
|
||
|
|
||
|
|
||
|
Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
|
||
|
---
|
||
|
zconf/zcrypt/lszcrypt.8 | 6 ++++++
|
||
|
zconf/zcrypt/lszcrypt.c | 37 ++++++++++++++++++++++++++++---------
|
||
|
2 files changed, 34 insertions(+), 9 deletions(-)
|
||
|
|
||
|
--- a/zconf/zcrypt/lszcrypt.8
|
||
|
+++ b/zconf/zcrypt/lszcrypt.8
|
||
|
@@ -85,6 +85,12 @@ EP11 Secure Key
|
||
|
.IP "o"
|
||
|
Long RNG
|
||
|
.RE
|
||
|
+
|
||
|
+.RS 8
|
||
|
+The CCA Secure Key capability may be limited by a hypervisor
|
||
|
+layer. The remarks 'full function set' or 'restricted function set' may
|
||
|
+reflect this. For details about these limitations please check the
|
||
|
+hypervisor documentation.
|
||
|
.TP 8
|
||
|
.B -d, --domains
|
||
|
Shows the usage and control domains of the cryptographic devices.
|
||
|
--- a/zconf/zcrypt/lszcrypt.c
|
||
|
+++ b/zconf/zcrypt/lszcrypt.c
|
||
|
@@ -42,11 +42,19 @@ struct lszcrypt_l *lszcrypt_l = &l;
|
||
|
/*
|
||
|
* Card types
|
||
|
*/
|
||
|
-#define MASK_APSC 0x80000000
|
||
|
-#define MASK_RSA4K 0x60000000
|
||
|
-#define MASK_COPRO 0x10000000
|
||
|
-#define MASK_ACCEL 0x08000000
|
||
|
-#define MASK_EP11 0x04000000
|
||
|
+#define MASK_APSC 0x80000000
|
||
|
+#define MASK_RSA4K 0x60000000
|
||
|
+#define MASK_COPRO 0x10000000
|
||
|
+#define MASK_ACCEL 0x08000000
|
||
|
+#define MASK_EP11 0x04000000
|
||
|
+
|
||
|
+/*
|
||
|
+ * Classification
|
||
|
+ */
|
||
|
+#define MASK_CLASS_FULL 0x00800000
|
||
|
+#define CLASS_FULL "full function set"
|
||
|
+#define MASK_CLASS_STATELESS 0x00400000
|
||
|
+#define CLASS_STATELESS "restricted function set"
|
||
|
|
||
|
/*
|
||
|
* Program configuration
|
||
|
@@ -226,7 +234,7 @@ static void show_capability(const char *
|
||
|
{
|
||
|
unsigned long func_val;
|
||
|
long hwtype, id;
|
||
|
- char *p, *ap, *dev, card[16];
|
||
|
+ char *p, *ap, *dev, card[16], cbuf[256];
|
||
|
|
||
|
/* check if ap driver is available */
|
||
|
ap = util_path_sysfs("bus/ap");
|
||
|
@@ -250,6 +258,11 @@ static void show_capability(const char *
|
||
|
printf("Detailed capability information for %s (hardware type %ld) is not available.\n", card, hwtype);
|
||
|
return;
|
||
|
}
|
||
|
+ cbuf[0] = '\0';
|
||
|
+ if (func_val & MASK_CLASS_FULL)
|
||
|
+ snprintf(cbuf, sizeof(cbuf), "%s", CLASS_FULL);
|
||
|
+ else if (func_val & MASK_CLASS_STATELESS)
|
||
|
+ snprintf(cbuf, sizeof(cbuf), "%s", CLASS_STATELESS);
|
||
|
printf("%s provides capability for:\n", card);
|
||
|
switch (hwtype) {
|
||
|
case 6:
|
||
|
@@ -262,11 +275,15 @@ static void show_capability(const char *
|
||
|
case 7:
|
||
|
case 9:
|
||
|
printf("%s\n", CAP_RSA4K);
|
||
|
- printf("%s\n", CAP_CCA);
|
||
|
+ if (cbuf[0])
|
||
|
+ printf("%s (%s)\n", CAP_CCA, cbuf);
|
||
|
+ else
|
||
|
+ printf("%s\n", CAP_CCA);
|
||
|
printf("%s", CAP_RNG);
|
||
|
break;
|
||
|
case 10:
|
||
|
case 11:
|
||
|
+ case 12:
|
||
|
if (func_val & MASK_ACCEL) {
|
||
|
if (func_val & MASK_RSA4K)
|
||
|
printf("%s", CAP_RSA4K);
|
||
|
@@ -274,12 +291,14 @@ static void show_capability(const char *
|
||
|
printf("%s", CAP_RSA2K);
|
||
|
} else if (func_val & MASK_COPRO) {
|
||
|
printf("%s\n", CAP_RSA4K);
|
||
|
- printf("%s\n", CAP_CCA);
|
||
|
+ if (cbuf[0])
|
||
|
+ printf("%s (%s)\n", CAP_CCA, cbuf);
|
||
|
+ else
|
||
|
+ printf("%s\n", CAP_CCA);
|
||
|
printf("%s", CAP_RNG);
|
||
|
} else if (func_val & MASK_EP11) {
|
||
|
printf("%s", CAP_EP11);
|
||
|
} else {
|
||
|
-
|
||
|
printf("Detailed capability information for %s (hardware type %ld) is not available.", card, hwtype);
|
||
|
}
|
||
|
break;
|