forked from pool/s390-tools
27cc4620be
* s390-tools-08-rust-pvimg-Fix-flag-parsing-for-allowing-dump.patch * s390-tools-09-rust-pvimg-Document-the-change-from--comm-key-to--cck.patch OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=247
138 lines
4.5 KiB
Diff
138 lines
4.5 KiB
Diff
From 5276d408fd10669b3d8e623455778a675e8dc149 Mon Sep 17 00:00:00 2001
|
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
Date: Mon, 19 Feb 2024 10:21:06 +0100
|
|
Subject: [PATCH] zkey: Reject key generation and APQN association for
|
|
PVSECRET-AES keys
|
|
|
|
Keys of type PVSECRET-AES can not be generated using 'zkey generate'.
|
|
Furthermore, APQNs can not be associated with keys of type PVSECRET-AES
|
|
via 'zkey change'. Reject that with a proper error message.
|
|
|
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
Reviewed-by: Jorg Schmidbauer <jschmidb@de.ibm.com>
|
|
Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
|
|
---
|
|
zkey/keystore.c | 32 +++++++++++++++++++++++---------
|
|
zkey/zkey.1 | 7 +++++++
|
|
zkey/zkey.c | 5 +++++
|
|
3 files changed, 35 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/zkey/keystore.c b/zkey/keystore.c
|
|
index cde0caf5..db62e0a6 100644
|
|
--- a/zkey/keystore.c
|
|
+++ b/zkey/keystore.c
|
|
@@ -2009,6 +2009,12 @@ int keystore_generate_key(struct keystore *keystore, const char *name,
|
|
return -EINVAL;
|
|
}
|
|
|
|
+ if (!is_secure_key_type(key_type)) {
|
|
+ warnx("Keys of type %s can not be generated. Use 'zkey "
|
|
+ "pvsecret import' instead", key_type);
|
|
+ return -EINVAL;
|
|
+ }
|
|
+
|
|
rc = _keystore_get_key_filenames(keystore, name, &file_names);
|
|
if (rc != 0)
|
|
goto out_free_key_filenames;
|
|
@@ -2535,9 +2541,9 @@ int keystore_change_key(struct keystore *keystore, const char *name,
|
|
const char *null_ptr = NULL;
|
|
char *upd_volumes = NULL;
|
|
size_t secure_key_size;
|
|
+ u8 *secure_key = NULL;
|
|
u8 mkvp[MKVP_LENGTH];
|
|
char sect_size[30];
|
|
- u8 *secure_key;
|
|
bool kms_bound;
|
|
int rc;
|
|
|
|
@@ -2589,13 +2595,6 @@ int keystore_change_key(struct keystore *keystore, const char *name,
|
|
goto out;
|
|
}
|
|
|
|
- rc = _keystore_change_association(key_props, PROP_NAME_APQNS,
|
|
- apqns, "APQN",
|
|
- _keystore_apqn_check,
|
|
- &apqn_check);
|
|
- if (rc != 0)
|
|
- goto out;
|
|
-
|
|
secure_key = read_secure_key(file_names.skey_filename,
|
|
&secure_key_size,
|
|
keystore->verbose);
|
|
@@ -2604,11 +2603,24 @@ int keystore_change_key(struct keystore *keystore, const char *name,
|
|
goto out;
|
|
}
|
|
|
|
+ if (!is_secure_key(secure_key, secure_key_size)) {
|
|
+ warnx("No APQNs can be associated with keys of type %s",
|
|
+ get_key_type(secure_key, secure_key_size));
|
|
+ rc = -EINVAL;
|
|
+ goto out;
|
|
+ }
|
|
+
|
|
+ rc = _keystore_change_association(key_props, PROP_NAME_APQNS,
|
|
+ apqns, "APQN",
|
|
+ _keystore_apqn_check,
|
|
+ &apqn_check);
|
|
+ if (rc != 0)
|
|
+ goto out;
|
|
+
|
|
rc = get_master_key_verification_pattern(secure_key,
|
|
secure_key_size,
|
|
mkvp,
|
|
keystore->verbose);
|
|
- free(secure_key);
|
|
if (rc)
|
|
goto out;
|
|
|
|
@@ -2742,6 +2754,8 @@ int keystore_change_key(struct keystore *keystore, const char *name,
|
|
free(upd_volumes);
|
|
if (upd_volume_type != NULL)
|
|
free(upd_volume_type);
|
|
+ if (secure_key != NULL)
|
|
+ free(secure_key);
|
|
|
|
if (rc != 0)
|
|
pr_verbose(keystore, "Failed to change key '%s': %s",
|
|
diff --git a/zkey/zkey.1 b/zkey/zkey.1
|
|
index ba71a839..baaf8478 100644
|
|
--- a/zkey/zkey.1
|
|
+++ b/zkey/zkey.1
|
|
@@ -402,6 +402,9 @@ additional information can be associated with a secure key using the
|
|
.B \-\-sector\-size
|
|
options.
|
|
.PP
|
|
+Keys of type \fBPVSECRET\-AES\fP do not use a cryptographic adapter, thus APQNs
|
|
+can not be associated with them.
|
|
+.PP
|
|
.B Note:
|
|
The \fBimport\fP command requires the CCA host library (libcsulcca.so)
|
|
to be installed when secure keys of type \fBCCA\-AESCIPHER\fP are imported.
|
|
@@ -564,6 +567,10 @@ APQNs that are associated with the key management system plugin.
|
|
Other associated information is also changed in the key management system when
|
|
changed using the change command.
|
|
.PP
|
|
+For keys of type \fBPVSECRET\-AES\fP you can not change or set the APQN
|
|
+association. These keys do not use a cryptographic adapter, thus APQNs can not
|
|
+be associated with them.
|
|
+.PP
|
|
.B Note:
|
|
The secure key itself cannot be changed, only information about the secure
|
|
key is changed. To rename a secure key, use the \fBrename\fP command.
|
|
diff --git a/zkey/zkey.c b/zkey/zkey.c
|
|
index 6e9b32af..36bdbcc0 100644
|
|
--- a/zkey/zkey.c
|
|
+++ b/zkey/zkey.c
|
|
@@ -2001,6 +2001,11 @@ static int command_generate(void)
|
|
return command_generate_repository();
|
|
if (g.key_type == NULL)
|
|
g.key_type = KEY_TYPE_CCA_AESDATA;
|
|
+ if (!is_secure_key_type(g.key_type)) {
|
|
+ warnx("Keys of type '%s' can not be generated. Use 'zkey "
|
|
+ "pvsecret import' instead", g.key_type);
|
|
+ return -EXIT_FAILURE;
|
|
+ }
|
|
if (g.pos_arg != NULL) {
|
|
if (g.volumes != NULL) {
|
|
warnx("Option '--volumes|-l' is not valid for "
|