From: Hannes Reinecke Date: Thu, 23 Mar 2023 13:46:13 +0000 (+0100) Subject: linux: add key helper functions X-Git-Tag: v1.4~10 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=2cb1ed6b2d385621162ef19c8d260a4c449d27d4;p=users%2Fsagi%2Flibnvme.git linux: add key helper functions Add helper functions for key handling. Signed-off-by: Hannes Reinecke [dwagner: - set errno on failure and updated documentation accordingly - fix return check of nvme_lookup_key in nvme_insert_tls_key] Signed-off-by: Daniel Wagner --- diff --git a/src/libnvme.map b/src/libnvme.map index 0979c4ea..a1294f4a 100644 --- a/src/libnvme.map +++ b/src/libnvme.map @@ -3,6 +3,9 @@ LIBNVME_1_4 { global: nvme_lookup_keyring; + nvme_describe_key_serial; + nvme_lookup_key; + nvme_set_keyring; nvme_insert_tls_key; }; diff --git a/src/nvme/linux.c b/src/nvme/linux.c index 722d0143..c6eedc2a 100644 --- a/src/nvme/linux.c +++ b/src/nvme/linux.c @@ -791,6 +791,35 @@ long nvme_lookup_keyring(const char *keyring) return keyring_id; } +char *nvme_describe_key_serial(long key_id) +{ + char *desc; + + if (keyctl_describe_alloc(key_id, &desc) < 0) + desc = NULL; + return desc; +} + +long nvme_lookup_key(const char *type, const char *identity) +{ + key_serial_t key; + + key = keyctl_search(KEY_SPEC_SESSION_KEYRING, type, identity, 0); + if (key < 0) + return 0; + return key; +} + +int nvme_set_keyring(long key_id) +{ + long err; + + err = keyctl_link(key_id, KEY_SPEC_SESSION_KEYRING); + if (err < 0) + return -1; + return 0; +} + long nvme_insert_tls_key(const char *keyring, const char *key_type, const char *hostnqn, const char *subsysnqn, int hmac, unsigned char *configured_key, int key_len) @@ -801,7 +830,7 @@ long nvme_insert_tls_key(const char *keyring, const char *key_type, int ret = -1; keyring_id = nvme_lookup_keyring(keyring); - if (keyring_id < 0) + if (keyring_id == 0) return -1; identity = malloc(strlen(hostnqn) + strlen(subsysnqn) + 12); @@ -849,6 +878,30 @@ long nvme_lookup_keyring(const char *keyring) return 0; } +char *nvme_describe_key_serial(long key_id) +{ + nvme_msg(NULL, LOG_ERR, "key operations not supported; "\ + "recompile with keyutils support.\n"); + errno = ENOTSUP; + return NULL; +} + +long nvme_lookup_key(const char *type, const char *identity) +{ + nvme_msg(NULL, LOG_ERR, "key operations not supported; "\ + "recompile with keyutils support.\n"); + errno = ENOTSUP; + return 0; +} + +int nvme_set_keyring(long key_id) +{ + nvme_msg(NULL, LOG_ERR, "key operations not supported; "\ + "recompile with keyutils support.\n"); + errno = ENOTSUP; + return -1; +} + long nvme_insert_tls_key(const char *keyring, const char *key_type, const char *hostnqn, const char *subsysnqn, int hmac, unsigned char *configured_key, int key_len) diff --git a/src/nvme/linux.h b/src/nvme/linux.h index 6a5c090f..37ba9d4c 100644 --- a/src/nvme/linux.h +++ b/src/nvme/linux.h @@ -205,6 +205,43 @@ int nvme_gen_dhchap_key(char *hostnqn, enum nvme_hmac_alg hmac, */ long nvme_lookup_keyring(const char *keyring); +/** + * nvme_describe_key_serial() - Return key description + * @key_id: Key serial number + * + * Fetches the description of the key or keyring identified + * by the serial number @key_id. + * + * Return: The description of @key_id or NULL on failure. + * The returned string needs to be freed by the caller. + */ +char *nvme_describe_key_serial(long key_id); + +/** + * nvme_lookup_key() - Lookup key serial number + * @type: Key type + * @identity: Key description + * + * Looks up the serial number of the key @identity + * with type %type in the current session keyring. + * + * Return: The key serial number of the key + * or 0 with errno set otherwise. + */ +long nvme_lookup_key(const char *type, const char *identity); + +/** + * nvme_set_keyring() - Link keyring for lookup + * @keyring_id: Keyring id + * + * Links @keyring_id into the session keyring such that + * its keys are available for further key lookups. + * + * Return: 0 on success, a negative number on error + * with errno set. + */ +int nvme_set_keyring(long keyring_id); + /** * nvme_insert_tls_key() - Derive and insert TLS key * @keyring: Keyring to use