return key;
}
+struct __scan_keys_data {
+ nvme_scan_tls_keys_cb_t cb;
+ key_serial_t keyring;
+ void *data;
+};
+
+int __scan_keys_cb(key_serial_t parent, key_serial_t key,
+ char *desc, int desc_len, void *data)
+{
+ struct __scan_keys_data *d = data;
+ int ver, hmac, uid, gid, perm;
+ char type, *ptr;
+
+ if (desc_len < 6)
+ return 0;
+ if (sscanf(desc, "psk;%d;%d;%08x;NVMe%01d%c%02d %*s",
+ &uid, &gid, &perm, &ver, &type, &hmac) != 6)
+ return 0;
+ /* skip key type */
+ ptr = strchr(desc, ';');
+ if (!ptr)
+ return 0;
+ /* skip key uid */
+ ptr = strchr(ptr + 1, ';');
+ if (!ptr)
+ return 0;
+ /* skip key gid */
+ ptr = strchr(ptr + 1, ';');
+ if (!ptr)
+ return 0;
+ /* skip key permissions */
+ ptr = strchr(ptr + 1, ';');
+ if (!ptr)
+ return 0;
+ /* Only use the key description for the callback */
+ (d->cb)(d->keyring, key, ptr + 1, strlen(ptr) - 1, d->data);
+ return 1;
+}
+
+int nvme_scan_tls_keys(const char *keyring, nvme_scan_tls_keys_cb_t cb,
+ void *data)
+{
+ struct __scan_keys_data d;
+ key_serial_t keyring_id = nvme_lookup_keyring(keyring);
+ int ret;
+
+ if (!keyring_id) {
+ errno = EINVAL;
+ return -1;
+ }
+ ret = nvme_set_keyring(keyring_id);
+ if (ret < 0)
+ return ret;
+
+ d.keyring = keyring_id;
+ d.cb = cb;
+ d.data = data;
+ ret = recursive_key_scan(keyring_id, __scan_keys_cb, &d);
+ return ret;
+}
+
long nvme_insert_tls_key_versioned(const char *keyring, const char *key_type,
const char *hostnqn, const char *subsysnqn,
int version, int hmac,
return 0;
}
+int nvme_scan_tls_keys(const char *keyring, nvme_scan_tls_keys_cb_t cb,
+ void *data)
+{
+ errno = ENOTSUP;
+ return -1;
+}
+
long nvme_insert_tls_key_versioned(const char *keyring, const char *key_type,
const char *hostnqn, const char *subsysnqn,
int version, int hmac,
const char *identity, unsigned char *key_data,
int key_len);
+/**
+ * typedef nvme_scan_tls_keys_cb_t - Callback for iterating TLS keys
+ * @keyring: Keyring which has been iterated
+ * @key: Key for which the callback has been invoked
+ * @desc: Description of the key
+ * @desc_len: Length of @desc
+ * @data: Pointer for caller data
+ *
+ * Called for each TLS PSK in the keyring.
+ */
+typedef void (*nvme_scan_tls_keys_cb_t)(long keyring, long key,
+ char *desc, int desc_len, void *data);
+
+/**
+ * nvme_scan_tls_keys() - Iterate over TLS keys in a keyring
+ * @keyring: Keyring holding TLS keys
+ * @cb: Callback function
+ * @data: Pointer for data to be passed to @cb
+ *
+ * Iterates @keyring and call @cb for each TLS key. When @keyring is NULL
+ * the default '.nvme' keyring is used.
+ * A TLS key must be of type 'psk' and the description must be of the
+ * form 'NVMe<0|1><R|G>0<1|2> <identity>', otherwise it will be skipped
+ * during iteration.
+ *
+ * Return: Number of keys for which @cb was called, or -1 with errno set
+ * on error.
+ */
+int nvme_scan_tls_keys(const char *keyring, nvme_scan_tls_keys_cb_t cb,
+ void *data);
+
/**
* nvme_insert_tls_key() - Derive and insert TLS key
* @keyring: Keyring to use
projects / users / sagi / libnvme.git / commitdiff