File s390-tools-sles11sp3-lszcrypt-cex4-support.patch of Package s390-tools

Overview Repositories Revisions Requests Users Attributes Meta

File s390-tools-sles11sp3-lszcrypt-cex4-support.patch of Package s390-tools

Subject: [PATCH] [FEAT SEC1101] lszcrypt: Add support for CEX4 crypto cards
From: Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com>

Summary:     lszcrypt: Add support for CEX4 crypto cards
Description: CEX4 crypto cards are now supported by lszcrypt and chzcrypt.
             Card capabilities and pending request counters are displayed
             in verbose level 3.
Upstream-ID: - 
Problem-ID:  SEC1101

Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@de.ibm.com>
---
 zconf/chzcrypt   |    3 +
 zconf/lszcrypt   |  131 +++++++++++++++++++++++++++++++++++++++++++++++--------
 zconf/lszcrypt.8 |   89 ++++++++++++++++++++++++++++---------
 3 files changed, 183 insertions(+), 40 deletions(-)

--- a/zconf/chzcrypt
+++ b/zconf/chzcrypt
@@ -246,6 +246,9 @@ for DEV in $DEV_LIST ; do
 	echo "$CMD: error - cryptographic adapter $CARD does not exist!" >&2
 	exit 1
     fi
+    if [ ! -w $DEV/online ] ; then
+	continue
+    fi
     verbose "Setting cryptographic adapter $CARD $ONLINE_TEXT."
     echo $ONLINE > "$DEV/online" 2> /dev/null
     if [ "$( cat $DEV/online )" != "$ONLINE" ] ; then
--- a/zconf/lszcrypt
+++ b/zconf/lszcrypt
@@ -1,6 +1,6 @@
 #!/bin/bash
 #==============================================================================
-# Copyright IBM Corp. 2008.
+# Copyright IBM Corp. 2012.
 #
 # lszcrypt
 #
@@ -8,6 +8,7 @@
 #
 # Author(s): Ralph Wuerthner <rwuerthn@de.ibm.com>
 #	     Felix Beck <felix.beck@de.ibm.com>
+#	     Holger Dengler <hd@linux.vnet.ibm.com>
 #
 # This file is part of s390-tools
 #
@@ -28,17 +29,29 @@
 
 CMD="$( basename $0 )"
 
+CAP_RSA2K="RSA 2K Clear Key"
+CAP_RSA4K="RSA 4K Clear Key"
+CAP_CCA="CCA Secure Key"
+CAP_RNG="Long RNG"
+
+let MASK_RSA4K=0x60000000
+let MASK_COPRO=0x10000000
+let MASK_ACCEL=0x08000000
+
 function print_usage() {
 	cat <<-EOF
 	Usage: $CMD [<options>] [<cryptographic adapter ids>]
+	       $CMD -c|--capability <cryptographic adapter id>
 	Display zcrypt device and configuration information.
 
 	<options>
 	-b|--bus
 	        Show AP bus attributes and exit.
+	-c|--capability <cryptographic adapter id>
+	        Shows the capabilities of a cryptographic adapter.
 	-V|--verbose
 	        Increase verbose level for cryptographic adapter information. Maximum
-	        verbose level is two.
+	        verbose level is three.
 	-v|--version
 	        Show version information and exit.
 	-h|--help
@@ -46,14 +59,14 @@ function print_usage() {
 
 	<cryptographic adapter ids>
 	List of cryptographic adapter ids separated by blanks which will be displayed.
-	If not ids are given all available adapters are displayed.
+	If no ids are given all available adapters are displayed.
 	EOF
 }
 
 function print_version() {
     cat <<-EOF
 	$CMD: version %S390_TOOLS_VERSION%
-	Copyright IBM Corp. 2007
+	Copyright IBM Corp. 2012
 	EOF
 }
 
@@ -89,6 +102,65 @@ show_bus() {
     fi
 }
 
+show_capability() {
+    CARD="$( printf "card%02x" "$1" 2> /dev/null )"
+    DEV=$SYSFS/devices/ap/$CARD
+    if [ ! -d $DEV ] ; then
+	echo "$CMD: error - cryptographic adapter $CARD does not exist!" >&2
+	exit 1
+    fi
+    HWTYPE="$( cat $DEV/hwtype 2> /dev/null )"
+    FUNCS="$( cat $DEV/ap_functions 2> /dev/null )"
+    # If sysfs attribute is missing, set functions to 0
+    if [ "x"$FUNCS == "x" ] ; then
+	FUNCS="0x00000000"
+    fi
+    # skip devices, which are not supported by zcrypt layer
+    if [ ! -r $DEV/type -a ! -r $DEV/online ] ; then
+	CAPS="Detailed capability information for $CARD"
+	CAPS+=" (hardware type $HWTYPE) is not available."
+	echo -e $CAPS
+	return;
+    fi
+    let FUNC_VAL=$FUNCS
+    CAPS="$CARD provides capability for:\n"
+    case $HWTYPE in
+	6|8)
+		if (( FUNC_VAL&$MASK_RSA4K )) ; then
+			CAPS+="$CAP_RSA4K"
+		else
+			CAPS+="$CAP_RSA2K"
+		fi
+		;;
+	7|9)
+		CAPS+="$CAP_RSA4K\n"
+		CAPS+="$CAP_CCA\n"
+		CAPS+="$CAP_RNG"
+		;;
+	10)
+		if (( FUNC_VAL&$MASK_ACCEL )) ; then
+			if (( FUNC_VAL&$MASK_RSA4K )) ; then
+				CAPS+="$CAP_RSA4K"
+			else
+				CAPS+="$CAP_RSA2K"
+			fi
+		elif (( FUNC_VAL&$MASK_COPRO )) ; then
+			CAPS+="$CAP_RSA4K\n"
+			CAPS+="$CAP_CCA\n"
+			CAPS+="$CAP_RNG"
+		else
+			CAPS="Detailed capability information for $CARD"
+			CAPS+=" (hardware type $HWTYPE) is not available."
+		fi
+		;;
+	*)
+		CAPS="Detailed capability information for $CARD"
+		CAPS+=" (hardware type $HWTYPE) is not available."
+		;;
+     esac
+     echo -e $CAPS
+}
+
 show_device() {
     CARD="$1"
     DEV="$SYSFS/bus/ap/devices/$CARD"
@@ -96,37 +168,48 @@ show_device() {
 	echo "$CMD: error - cryptographic adapter $CARD does not exist!" >&2
 	exit 1
     fi
-    if [ -r $DEV/type ] ; then
-	TYPE="$( cat $DEV/type 2> /dev/null )"
-    else
-	TYPE=unknown
+    if [ ! -r $DEV/type -a ! -r $DEV/online ] ; then
+	# skip devices, which are not supported by zcrypt layer
+	return;
     fi
-    if [ -r $DEV/online ] ; then
-	if [ "$( cat $DEV/online 2> /dev/null )" -eq 0 ] ; then
-	    ONLINE=offline
-	else
-	    ONLINE=online
-	fi
+    TYPE="$( cat $DEV/type 2> /dev/null )"
+    if [ "$( cat $DEV/online 2> /dev/null )" -eq 0 ] ; then
+	ONLINE=offline
     else
-	ONLINE=unknown
+	ONLINE=online
     fi
     case $VERBOSE in
 	0) echo "$CARD: $TYPE"
 	    ;;
 	1) printf "%s: %-11s %-7s\n" $CARD $TYPE $ONLINE
 	    ;;
-	*)
+	2)
 	    HWTYPE="$( cat $DEV/hwtype 2> /dev/null )"
 	    DEPTH="$( cat $DEV/depth 2> /dev/null )"
 	    REQ_CNT="$( cat $DEV/request_count 2> /dev/null )"
 	    printf "%s: %-11s %-7s hwtype=%-2d depth=%d request_count=%-10d\n" \
 	    $CARD $TYPE $ONLINE $HWTYPE $DEPTH $REQ_CNT
+	    ;;
+	*)
+	    HWTYPE="$( cat $DEV/hwtype 2> /dev/null )"
+	    DEPTH="$( cat $DEV/depth 2> /dev/null )"
+	    REQ_CNT="$( cat $DEV/request_count 2> /dev/null )"
+	    REQQ_CNT="$( cat $DEV/requestq_count 2> /dev/null )"
+	    PENQ_CNT="$( cat $DEV/pendingq_count 2> /dev/null )"
+	    FUNCS="$( cat $DEV/ap_functions 2> /dev/null )"
+	    FMT="%s: %-11s %-7s hwtype=%-2d depth=%d"
+	    FMT+=" request_count=%d pendingq_count=%d requestq_count=%d"
+	    FMT+=" functions=%-10s\n"
+	    printf "$FMT" \
+	           $CARD $TYPE $ONLINE $HWTYPE $DEPTH \
+		   $REQ_CNT $PENQ_CNT $REQQ_CNT \
+		   $FUNCS
     esac
 }
 
 # Parse command line
-TEMP=`getopt -o bhvV \
-      --long bus,help,version,verbose \
+TEMP=`getopt -o bchvV \
+      --long bus,capability,help,version,verbose \
      -n "$CMD" -- "$@"`
 if [ $? != 0 ] ; then
     exit 1
@@ -139,6 +222,8 @@ while true ; do
     case "$1" in
 	-b|--bus) SHOW_BUS=1
 	    shift;;
+	-c|--capability) SHOW_CAPABILITY=1
+	    shift;;
 	-h|--help) print_usage
 	    exit 0;;
 	-v|--version) print_version
@@ -168,7 +253,15 @@ fi
 if [ -n "$SHOW_BUS" ] ; then
     show_bus
     exit 0
-fi    
+fi
+
+if [ -n "$SHOW_CAPABILITY" ] ; then
+    if [ $# -ne 1 ] ; then
+       invalid_cmdline "capability option requires a single cryptographic device id"
+    fi
+    show_capability $@
+    exit 0
+fi
 
 if [ $# -eq 0 ] ; then
     DEVLIST="$( find $SYSFS/bus/ap/devices -name 'card*' -printf '%f\n' | sort )"
--- a/zconf/lszcrypt.8
+++ b/zconf/lszcrypt.8
@@ -4,11 +4,15 @@ lszcrypt \- display zcrypt device and co
 .SH SYNOPSIS
 .TP 9
 .B lszcrypt
-.RB "[ " -V " | " -VV " ] "
+.RB "[ " -V " | " -VV " | " -VVV " ] "
 [
 .I <device id>
 [...]]
 .TP
+.B lszcrypt
+.B -c
+<device id>
+.TP
 .B lszcrypt -b
 .TP
 .B lszcrypt -h
@@ -18,50 +22,93 @@ lszcrypt \- display zcrypt device and co
 The
 .B lszcrypt
 command is used to display information about cryptographic adapters managed by
-zcrypt and zcrypt's AP bus attributes. Displayed information depends on the
+zcrypt and the AP bus attributes of zcrypt. Displayed information depends on the
 kernel version.
 .B lszcrypt
-requires that the sysfs filesystem is mounted.
+requires that sysfs is mounted.
 .P
-The following information can be displayed for each cryptographic adapter: card
-type, online status, hardware card type, hardware queue depth, and request
-count. The following AP bus attributes can be displayed: AP domain,
-configuration timer, poll thread status, poll timeout, and AP interrupt status.
+The following information can be displayed for each cryptographic
+adapter: card type (symbolic), online status, hardware card
+type (numeric), installed function facilities, card capability, hardware
+queue depth, request count, number of requests in hardware queue, and
+the number of outstanding requests.
+The following AP bus attributes can be displayed: AP domain,
+configuration timer, poll thread status, poll timeout, and AP interrupt
+status.
 .SH OPTIONS
 .TP 8
 .B -V, --verbose
-Increase verbose level for cryptographic adapter information. Maximum verbose
-level is two. At verbose level one card type and online status are displayed.
-At verbose level two card type, online status, hardware card type, hardware
-queue depth, and request count are displayed.
+Increases the verbose level for cryptographic adapter information.
+The maximum verbose level is three. At verbose level one card type
+and online status are displayed. At verbose level two card type,
+online status, hardware card type, hardware queue depth, and
+request count are displayed. At verbose level three card type,
+online status, hardware card type, hardware queue depth,
+request count, pending request queue count, outstanding
+request queue count, and installed function facilities are displayed.
 .TP 8
 .B <device id>
-Specifies a cryptographic adapter which will be displayed. A cryptographic
+Specifies a cryptographic adapter to display. A cryptographic
 adapter can be specified either in decimal or hexadecimal notation using
 a '0x' prefix. If no adapters are specified information about all available
-adapters will be displayed.
+adapters is displayed.
 .TP 8
 .B -b, --bus
-Show AP bus attributes and exit.
+Displays the AP bus attributes and exits.
+.TP 8
+.B -c, --capability <device id>
+Shows the capabilities of a cryptographic adapter of hardware type 6 or
+higher. The capabilities of a cryptographic adapter depend on the card
+type and the installed function facilities. A cryptographic adapter can
+provide one or more of the following capabilities:
+.RS
+.IP "o" 3
+RSA 2K Clear Key
+.IP "o"
+RSA 4K Clear Key
+.IP "o"
+CCA Secure Key
+.IP "o"
+Long RNG
+.RE
 .TP 8
 .B -h, --help
-Print help text and exit.
+Displays help text and exits.
 .TP 8
 .B -v, --version
-Print version information and exit.
+Displays version information and exits.
 .SH EXAMPLES
 .TP
 .B lszcrypt -V
-Will display card type and online status of all available cryptographic
+Displays card type and online status of all available cryptographic
 adapters.
 .TP
 .B lszcrypt -VV 0 1 10 12
-Will display card type, online status, hardware card type, hardware queue
-depth, and request count for cryptographic adapters in decimal notation 0, 1,
-10, and 12.
+Displays the card type in hexadecimal notation, online status,
+hardware card type, hardware queue depth, and request count for
+cryptographic adapters 0, 1, 10, and 12 in decimal notation.
+.TP
+.B lszcrypt -VVV 3 7 11
+Displays the card ID and the installed function facility in
+hexadecimal notation, as well as card type, online status, hardware
+card type, hardware queue depth, request count, pending request
+queue count, and outstanding request queue count for cryptographic
+adapters 3, 7, and 11 in decimal notation.
 .TP
 .B lszcrypt -b
-Will display AP bus information.
+Displays AP bus information.
+.TP
+.B lszcrypt -c 7
+.RS
+.br
+Coprocessor card07 provides capability for:
+.br
+CCA Secure Key
+.br
+RSA 4K Clear Key
+.br
+Long RNG
+.RE
 .SH SEE ALSO
 \fBchzcrypt\fR(8)
 .SH AUTHOR

Places

File s390-tools-sles11sp3-lszcrypt-cex4-support.patch of Package s390-tools

Places