From f76430f18750797b5e18c99c38af9a1b8350365f Mon Sep 17 00:00:00 2001 From: Daniel Wagner Date: Mon, 1 Jul 2024 11:13:11 +0200 Subject: [PATCH] nvme: add support to revoke TLS key Add support to nvme-cli to revoke TLS keys from a keyring. Signed-off-by: Daniel Wagner --- nvme.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/nvme.c b/nvme.c index bd6dbeb4..f3288cf0 100644 --- a/nvme.c +++ b/nvme.c @@ -9484,9 +9484,10 @@ static int tls_key(int argc, char **argv, struct command *command, struct plugin const char *keyfile = "File for list of keys."; const char *import = "Import all keys into the keyring."; const char *export = "Export all keys from the keyring."; + const char *revoke = "Revoke key from the keyring."; _cleanup_file_ FILE *fd = NULL; - int err = 0; + int cnt, err = 0; struct config { char *keyring; @@ -9494,6 +9495,7 @@ static int tls_key(int argc, char **argv, struct command *command, struct plugin char *keyfile; bool import; bool export; + char *revoke; }; struct config cfg = { @@ -9502,6 +9504,7 @@ static int tls_key(int argc, char **argv, struct command *command, struct plugin .keyfile = NULL, .import = false, .export = false, + .revoke = NULL, }; NVME_ARGS(opts, @@ -9509,7 +9512,8 @@ static int tls_key(int argc, char **argv, struct command *command, struct plugin OPT_STR("keytype", 't', &cfg.keytype, keytype), OPT_STR("keyfile", 'f', &cfg.keyfile, keyfile), OPT_FLAG("import", 'i', &cfg.import, import), - OPT_FLAG("export", 'e', &cfg.export, export)); + OPT_FLAG("export", 'e', &cfg.export, export), + OPT_STR("revoke", 'r', &cfg.revoke, revoke)); err = argconfig_parse(argc, argv, desc, opts); if (err) @@ -9536,8 +9540,13 @@ static int tls_key(int argc, char **argv, struct command *command, struct plugin fd = freopen(NULL, "w", stdout); } - if (cfg.export && cfg.import) { - nvme_show_error("Cannot specify both --import and --export"); + cnt = 0; + if (cfg.export) cnt++; + if (cfg.import) cnt++; + if (cfg.revoke) cnt++; + + if (cnt != 1) { + nvme_show_error("Must specify either --import, --export or --revoke"); return -EINVAL; } else if (cfg.export) { err = nvme_scan_tls_keys(cfg.keyring, __scan_tls_key, fd); @@ -9547,8 +9556,10 @@ static int tls_key(int argc, char **argv, struct command *command, struct plugin } else if (cfg.import) { err = import_key(cfg.keyring, fd); } else { - nvme_show_error("Must specify either --import or --export"); - err = -EINVAL; + err = nvme_revoke_tls_key(cfg.keyring, cfg.keytype, cfg.revoke); + if (err) + nvme_show_error("Failed to revoke key '%s'", + nvme_strerror(errno)); } return err; -- 2.50.1