]> www.infradead.org Git - users/sagi/libnvme.git/commitdiff
projects / users / sagi / libnvme.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dc6fc7b)
libnvme: Implement 'nvme_generate_tls_key_identity()'
authorHannes Reinecke <hare@suse.de>
Thu, 16 Nov 2023 08:03:28 +0000 (09:03 +0100)
committerHannes Reinecke <hare@suse.de>
Fri, 17 Nov 2023 07:48:32 +0000 (08:48 +0100)
Implement a function to generate the TLS key identity.

Signed-off-by: Hannes Reinecke <hare@suse.de>
src/libnvme.map patch | blob | history
src/nvme/linux.c patch | blob | history
src/nvme/linux.h patch | blob | history

diff --git a/src/libnvme.map b/src/libnvme.map
index 29efc5d6ef139472576090a328dd1b9d0896a53b..742f6356e1bc6cf941a97cba2ed35388167c254b 100644 (file)
--- a/src/libnvme.map
+++ b/src/libnvme.map
@@ -4,6 +4,7 @@ LIBNVME_1_7 {
                nvme_init_copy_range_f2;
                nvme_init_copy_range_f3;
                nvme_insert_tls_key_versioned;
+               nvme_generate_tls_key_identity;
 };
 
 LIBNVME_1_6 {
diff --git a/src/nvme/linux.c b/src/nvme/linux.c
index 1e485ddbc48ad32828fd06cf2e2839e66654c5dc..19b1877d84090bdfb863bfddfc534092996cd8bb 100644 (file)
--- a/src/nvme/linux.c
+++ b/src/nvme/linux.c
@@ -1233,6 +1233,38 @@ out_free_identity:
        return key;
 }
 
+char *nvme_generate_tls_key_identity(const char *hostnqn, const char *subsysnqn,
+                                    int version, int hmac,
+                                    unsigned char *configured_key, int key_len)
+{
+       char *identity;
+       size_t identity_len;
+       unsigned char *psk;
+       int ret = -1;
+
+       identity_len = nvme_identity_len(hmac, version, hostnqn, subsysnqn);
+       if (identity_len < 0)
+               return NULL;
+
+       identity = malloc(identity_len);
+       if (!identity)
+               return NULL;
+
+       psk = malloc(key_len);
+       if (!psk)
+               goto out_free_identity;
+
+       memset(psk, 0, key_len);
+       ret = derive_nvme_keys(hostnqn, subsysnqn, identity, version, hmac,
+                              configured_key, psk, key_len);
+       free(psk);
+out_free_identity:
+       if (ret < 0) {
+               free(identity);
+               identity = NULL;
+       }
+       return identity;
+}
 #else
 long nvme_lookup_keyring(const char *keyring)
 {
@@ -1276,6 +1308,16 @@ long nvme_insert_tls_key_versioned(const char *keyring, const char *key_type,
        errno = ENOTSUP;
        return -1;
 }
+
+char *nvme_generate_tls_key_identity(const char *hostnqn, const char *subsysnqn,
+                                    int version, int hmac,
+                                    unsigned char *configured_key, int key_len)
+{
+       nvme_msg(NULL, LOG_ERR, "key operations not supported; "
+                "recompile with keyutils support.\n");
+       errno = ENOTSUP;
+       return -1;
+}
 #endif
 
 long nvme_insert_tls_key(const char *keyring, const char *key_type,
diff --git a/src/nvme/linux.h b/src/nvme/linux.h
index c593c9dea37c6559504a66eb82cb8f7202c6b3a4..11ee76e23d37f992c976025b45d7a286255a6ada 100644 (file)
--- a/src/nvme/linux.h
+++ b/src/nvme/linux.h
@@ -316,4 +316,23 @@ long nvme_insert_tls_key_versioned(const char *keyring, const char *key_type,
                                   int version, int hmac,
                                   unsigned char *configured_key, int key_len);
 
+/**
+ * nvme_generate_tls_key_identity() - Generate the TLS key identity
+ * @hostnqn:   Host NVMe Qualified Name
+ * @subsysnqn: Subsystem NVMe Qualified Name
+ * @version:   Key version to use
+ * @hmac:      HMAC algorithm
+ * @configured_key:    Configured key data to derive the key from
+ * @key_len:   Length of @configured_key
+ *
+ * Derives a 'retained' TLS key as specified in NVMe TCP and
+ * generate the corresponding TLs identity.
+ *
+ * Return: The string containing the TLS identity. It is the responsibility
+ * of the caller to free the returned string.
+ */
+char *nvme_generate_tls_key_identity(const char *hostnqn, const char *subsysnqn,
+                                    int version, int hmac,
+                                    unsigned char *configured_key, int key_len);
+
 #endif /* _LIBNVME_LINUX_H */
Unnamed repository; edit this file 'description' to name the repository.