linux: add nvme_update_key()

Add function to update a key by identity string.

Signed-off-by: Hannes Reinecke <hare@suse.de>

diff --git a/src/libnvme.map b/src/libnvme.map
index 6d3439227dd156fbe70074eb5aaae0106a2b96a0..2576425ab5b2048577e8fd102b09e98495842ee2 100644 (file)
--- a/src/libnvme.map
+++ b/src/libnvme.map
@@ -5,6 +5,7 @@ LIBNVME_1.9 {
                nvme_read_key;
                nvme_submit_passthru;
                nvme_submit_passthru64;
+               nvme_update_key;
 };
 
 LIBNVME_1_8 {

diff --git a/src/nvme/linux.c b/src/nvme/linux.c
index d8b17739af1f207ab0c6e1c496945b110c6a8b77..6155cc2676a2a8725aae1e939af093eb3d16e73e 100644 (file)
--- a/src/nvme/linux.c
+++ b/src/nvme/linux.c
@@ -1225,6 +1225,24 @@ unsigned char *nvme_read_key(long keyring_id, long key_id, int *len)
        return buffer;
 }
 
+long nvme_update_key(long keyring_id, const char *key_type,
+                    const char *identity, unsigned char *key_data,
+                    int key_len)
+{
+       long key;
+
+       key = keyctl_search(keyring_id, key_type, identity, 0);
+       if (key > 0) {
+               if (keyctl_revoke(key) < 0)
+                       return 0;
+       }
+       key = add_key(key_type, identity,
+                     key_data, key_len, keyring_id);
+       if (key < 0)
+               key = 0;
+       return key;
+}
+
 long nvme_insert_tls_key_versioned(const char *keyring, const char *key_type,
                                   const char *hostnqn, const char *subsysnqn,
                                   int version, int hmac,
@@ -1261,16 +1279,8 @@ long nvme_insert_tls_key_versioned(const char *keyring, const char *key_type,
        if (ret != key_len)
                return 0;
 
-       key = keyctl_search(keyring_id, key_type, identity, 0);
-       if (key > 0) {
-               if (keyctl_update(key, psk, key_len) < 0)
-                       key = 0;
-       } else {
-               key = add_key(key_type, identity,
-                             psk, key_len, keyring_id);
-               if (key < 0)
-                       key = 0;
-       }
+       key = nvme_update_key(keyring_id, key_type, identity,
+                             psk, key_len);
        return key;
 }
 
@@ -1313,6 +1323,14 @@ unsigned char *nvme_read_key(long keyring_id, long key_id, int *len)
        return NULL;
 }
 
+long nvme_update_key(long keyring_id, const char *key_type,
+                    const char *identity, unsigned char *key_data,
+                    int key_len)
+{
+       errno = ENOTSUP;
+       return 0;
+}
+
 long nvme_insert_tls_key_versioned(const char *keyring, const char *key_type,
                                   const char *hostnqn, const char *subsysnqn,
                                   int version, int hmac,

diff --git a/src/nvme/linux.h b/src/nvme/linux.h
index 75f58bd6b18685b587f7c137f00ca3c877469829..454ae0daac479751acd46b78d34321f78d5f13e1 100644 (file)
--- a/src/nvme/linux.h
+++ b/src/nvme/linux.h
@@ -289,6 +289,25 @@ int nvme_set_keyring(long keyring_id);
  */
 unsigned char *nvme_read_key(long keyring_id, long key_id, int *len);
 
+/**
+ * nvme_update_key() - Update key raw data
+ * @keyring_id:  Id of the keyring holding %key_id
+ * @key_type:    Type of the key to insert
+ * @identity:    Key identity string
+ * @key_data:    Raw data of the key
+ * @key_len:     Length of @key_data
+ *
+ * Links the keyring specified by @keyring_id into the session
+ * keyring and updates the key reference by @identity with @key_data.
+ * The old key with identity @identity will be revoked to make it
+ * inaccessible.
+ *
+ * Return: Key id of the new key or 0 with errno set otherwise.
+ */
+long nvme_update_key(long keyring_id, const char *key_type,
+                    const char *identity, unsigned char *key_data,
+                    int key_len);
+
 /**
  * nvme_insert_tls_key() - Derive and insert TLS key
  * @keyring:    Keyring to use