linux: add key helper functions

Add helper functions for key handling.

Signed-off-by: Hannes Reinecke <[email protected]>
[dwagner:
  - set errno on failure and updated documentation accordingly
  - fix return check of nvme_lookup_key in nvme_insert_tls_key]
Signed-off-by: Daniel Wagner <[email protected]>

Author: hreinecke

src/libnvme.map

@@ -3,6 +3,9 @@
 LIBNVME_1_4 {
 	global:
 		nvme_lookup_keyring;
+		nvme_describe_key_serial;
+		nvme_lookup_key;
+		nvme_set_keyring;
 		nvme_insert_tls_key;
 };
 

src/nvme/linux.c

@@ -791,6 +791,35 @@ long nvme_lookup_keyring(const char *keyring)
 	return keyring_id;
 }
 
+char *nvme_describe_key_serial(long key_id)
+{
+	char *desc;
+
+	if (keyctl_describe_alloc(key_id, &desc) < 0)
+		desc = NULL;
+	return desc;
+}
+
+long nvme_lookup_key(const char *type, const char *identity)
+{
+	key_serial_t key;
+
+	key = keyctl_search(KEY_SPEC_SESSION_KEYRING, type, identity, 0);
+	if (key < 0)
+		return 0;
+	return key;
+}
+
+int nvme_set_keyring(long key_id)
+{
+	long err;
+
+	err = keyctl_link(key_id, KEY_SPEC_SESSION_KEYRING);
+	if (err < 0)
+		return -1;
+	return 0;
+}
+
 long nvme_insert_tls_key(const char *keyring, const char *key_type,
 			 const char *hostnqn, const char *subsysnqn, int hmac,
 			 unsigned char *configured_key, int key_len)
@@ -801,7 +830,7 @@ long nvme_insert_tls_key(const char *keyring, const char *key_type,
 	int ret = -1;
 
 	keyring_id = nvme_lookup_keyring(keyring);
-	if (keyring_id < 0)
+	if (keyring_id == 0)
 		return -1;
 
 	identity = malloc(strlen(hostnqn) + strlen(subsysnqn) + 12);
@@ -849,6 +878,30 @@ long nvme_lookup_keyring(const char *keyring)
 	return 0;
 }
 
+char *nvme_describe_key_serial(long key_id)
+{
+	nvme_msg(NULL, LOG_ERR, "key operations not supported; "\
+		 "recompile with keyutils support.\n");
+	errno = ENOTSUP;
+	return NULL;
+}
+
+long nvme_lookup_key(const char *type, const char *identity)
+{
+	nvme_msg(NULL, LOG_ERR, "key operations not supported; "\
+		 "recompile with keyutils support.\n");
+	errno = ENOTSUP;
+	return 0;
+}
+
+int nvme_set_keyring(long key_id)
+{
+	nvme_msg(NULL, LOG_ERR, "key operations not supported; "\
+		 "recompile with keyutils support.\n");
+	errno = ENOTSUP;
+	return -1;
+}
+
 long nvme_insert_tls_key(const char *keyring, const char *key_type,
 			 const char *hostnqn, const char *subsysnqn, int hmac,
 			 unsigned char *configured_key, int key_len)

src/nvme/linux.h

@@ -205,6 +205,43 @@ int nvme_gen_dhchap_key(char *hostnqn, enum nvme_hmac_alg hmac,
  */
 long nvme_lookup_keyring(const char *keyring);
 
+/**
+ * nvme_describe_key_serial() - Return key description
+ * @key_id:    Key serial number
+ *
+ * Fetches the description of the key or keyring identified
+ * by the serial number @key_id.
+ *
+ * Return: The description of @key_id or NULL on failure.
+ * The returned string needs to be freed by the caller.
+ */
+char *nvme_describe_key_serial(long key_id);
+
+/**
+ * nvme_lookup_key() - Lookup key serial number
+ * @type:        Key type
+ * @identity:    Key description
+ *
+ * Looks up the serial number of the key @identity
+ * with type %type in the current session keyring.
+ *
+ * Return: The key serial number of the key
+ * or 0 with errno set otherwise.
+ */
+long nvme_lookup_key(const char *type, const char *identity);
+
+/**
+ * nvme_set_keyring() - Link keyring for lookup
+ * @keyring_id:    Keyring id
+ *
+ * Links @keyring_id into the session keyring such that
+ * its keys are available for further key lookups.
+ *
+ * Return: 0 on success, a negative number on error
+ * with errno set.
+ */
+int nvme_set_keyring(long keyring_id);
+
 /**
  * nvme_insert_tls_key() - Derive and insert TLS key
  * @keyring:    Keyring to use