linux: add nvme_read_key()

Add a function to return the payload of a key.

Signed-off-by: Hannes Reinecke <hare@suse.de>

diff --git a/src/libnvme.map b/src/libnvme.map
index 254e8b06330a9196622cade886fa5a9e6eb3bb8c..6d3439227dd156fbe70074eb5aaae0106a2b96a0 100644 (file)
--- a/src/libnvme.map
+++ b/src/libnvme.map
@@ -2,6 +2,7 @@
 LIBNVME_1.9 {
        global:
                nvme_get_logging_level;
+               nvme_read_key;
                nvme_submit_passthru;
                nvme_submit_passthru64;
 };

diff --git a/src/nvme/linux.c b/src/nvme/linux.c
index 1127fc843d07509c1b6619bb8a7ac269ba92e391..d8b17739af1f207ab0c6e1c496945b110c6a8b77 100644 (file)
--- a/src/nvme/linux.c
+++ b/src/nvme/linux.c
@@ -1191,12 +1191,40 @@ int nvme_set_keyring(long key_id)
 {
        long err;
 
+       if (key_id == 0) {
+               key_id = nvme_lookup_keyring(NULL);
+               if (key_id == 0) {
+                       errno = ENOKEY;
+                       return -1;
+               }
+       }
+
        err = keyctl_link(key_id, KEY_SPEC_SESSION_KEYRING);
        if (err < 0)
                return -1;
        return 0;
 }
 
+unsigned char *nvme_read_key(long keyring_id, long key_id, int *len)
+{
+       void *buffer;
+       int ret;
+
+       ret = nvme_set_keyring(keyring_id);
+       if (ret < 0) {
+               errno = -ret;
+               return NULL;
+       }
+       ret = keyctl_read_alloc(key_id, &buffer);
+       if (ret < 0) {
+               errno = -ret;
+               buffer = NULL;
+       } else
+               *len = ret;
+
+       return buffer;
+}
+
 long nvme_insert_tls_key_versioned(const char *keyring, const char *key_type,
                                   const char *hostnqn, const char *subsysnqn,
                                   int version, int hmac,
@@ -1279,6 +1307,12 @@ int nvme_set_keyring(long key_id)
        return -1;
 }
 
+unsigned char *nvme_read_key(long keyring_id, long key_id, int *len)
+{
+       errno = ENOTSUP;
+       return NULL;
+}
+
 long nvme_insert_tls_key_versioned(const char *keyring, const char *key_type,
                                   const char *hostnqn, const char *subsysnqn,
                                   int version, int hmac,

diff --git a/src/nvme/linux.h b/src/nvme/linux.h
index f38b6a6071f969d99576d03130ca1b8502ee3365..75f58bd6b18685b587f7c137f00ca3c877469829 100644 (file)
--- a/src/nvme/linux.h
+++ b/src/nvme/linux.h
@@ -273,6 +273,22 @@ long nvme_lookup_key(const char *type, const char *identity);
  */
 int nvme_set_keyring(long keyring_id);
 
+/**
+ * nvme_read_key() - Read key raw data
+ * @keyring_id:     Id of the keyring holding %key_id
+ * @key_id:      Key id
+ * @len:         Length of the returned data
+ *
+ * Links the keyring specified by @keyring_id into the session
+ * keyring and reads the payload of the key specified by @key_id.
+ * @len holds the size of the returned buffer.
+ * If @keyring is 0 the default keyring '.nvme' is used.
+ *
+ * Return: Pointer to the payload on success,
+ * or NULL with errno set otherwise.
+ */
+unsigned char *nvme_read_key(long keyring_id, long key_id, int *len);
+
 /**
  * nvme_insert_tls_key() - Derive and insert TLS key
  * @keyring:    Keyring to use