Skip to content

Commit 9264569

Browse files
dwsuseigaw
dwsuse
authored and
igaw
committed
linux: add nvme_revoke_tls_key
Add a function to revoke a TLS key from a keyring. Signed-off-by: Daniel Wagner <[email protected]>
1 parent 5bb5c8f commit 9264569

3 files changed

Lines changed: 39 additions & 0 deletions

File tree

src/libnvme.map

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ LIBNVME_1.10 {
66
nvme_get_ana_log_len_from_id_ctrl;
77
nvme_init_default_logging;
88
nvme_parse_uri;
9+
nvme_revoke_tls_key;
910
nvme_root_skip_namespaces;
1011
nvmf_hostid_generate;
1112
nvmf_hostnqn_generate_from_hostid;

src/nvme/linux.c

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1363,6 +1363,24 @@ long nvme_insert_tls_key_versioned(const char *keyring, const char *key_type,
13631363
return key;
13641364
}
13651365

1366+
long nvme_revoke_tls_key(const char *keyring, const char *key_type,
1367+
const char *identity)
1368+
{
1369+
key_serial_t keyring_id;
1370+
long key;
1371+
1372+
keyring_id = nvme_lookup_keyring(keyring);
1373+
if (keyring_id == 0) {
1374+
errno = ENOKEY;
1375+
return 0;
1376+
}
1377+
1378+
key = keyctl_search(keyring_id, key_type, identity, 0);
1379+
if (key < 0)
1380+
return -1;
1381+
1382+
return keyctl_revoke(key);
1383+
}
13661384
#else
13671385
long nvme_lookup_keyring(const char *keyring)
13681386
{
@@ -1427,6 +1445,15 @@ long nvme_insert_tls_key_versioned(const char *keyring, const char *key_type,
14271445
errno = ENOTSUP;
14281446
return -1;
14291447
}
1448+
1449+
long nvme_revoke_tls_key(const char *keyring, const char *key_type,
1450+
const char *identity)
1451+
{
1452+
nvme_msg(NULL, LOG_ERR, "key operations not supported; "
1453+
"recompile with keyutils support.\n");
1454+
errno = ENOTSUP;
1455+
return -1;
1456+
}
14301457
#endif
14311458

14321459
long nvme_insert_tls_key(const char *keyring, const char *key_type,

src/nvme/linux.h

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -411,6 +411,17 @@ char *nvme_generate_tls_key_identity(const char *hostnqn, const char *subsysnqn,
411411
int version, int hmac,
412412
unsigned char *configured_key, int key_len);
413413

414+
/**
415+
* nvme_revoke_tls_key() - Revoke TLS key from keyring
416+
* @keyring: Keyring to use
417+
* @key_type: Type of the key to revoke
418+
* @identity: Key identity string
419+
*
420+
* Return: 0 on success or on failure -1 with errno set.
421+
*/
422+
long nvme_revoke_tls_key(const char *keyring, const char *key_type,
423+
const char *identity);
424+
414425
/**
415426
* nvme_export_tls_key() - Export a TLS key
416427
* @key_data: Raw data of the key

0 commit comments

Comments
 (0)