Zhuoying Cai <[email protected]> writes:
> DIAG 320 subcode 2 provides verification-certificates (VCs) that are in the
> certificate store. Only X509 certificates in DER format and SHA-256 hash
> type are recognized.
>
> The subcode value is denoted by setting the second-left-most bit
> of an 8-byte field.
>
> The Verification Certificate Block (VCB) contains the output data
> when the operation completes successfully. It includes a common
> header followed by zero or more Verification Certificate Entries (VCEs),
> depending on the VCB input length and the VC range (from the first VC
> index to the last VC index) in the certificate store.
>
> Each VCE contains information about a certificate retrieved from
> the S390IPLCertificateStore, such as the certificate name, key type,
> key ID length, hash length, and the raw certificate data.
> The key ID and hash are extracted from the raw certificate by the crypto API.
>
> Note: SHA2-256 VC hash type is required for retrieving the hash
> (fingerprint) of the certificate.
>
> Signed-off-by: Zhuoying Cai <[email protected]>
[...]
> @@ -235,8 +237,324 @@ static int handle_diag320_query_vcsi(S390CPU *cpu,
> uint64_t addr, uint64_t r1,
> return DIAG_320_RC_OK;
> }
>
> +static bool is_cert_valid(const S390IPLCertificate *cert)
> +{
> + int rc;
> + Error *err = NULL;
> +
> + rc = qcrypto_x509_check_cert_times(cert->raw, cert->size, &err);
> + if (rc != 0) {
> + error_report_err(err);
Does not build for me:
../target/s390x/diag.c: In function ‘is_cert_valid’:
../target/s390x/diag.c:249:9: error: implicit declaration of function
‘error_report_err’; did you mean ‘error_report’?
[-Wimplicit-function-declaration]
249 | error_report_err(err);
| ^~~~~~~~~~~~~~~~
| error_report
> + return false;
> + }
> +
> + return true;
> +}
[...]
