linux: add nvme_lookup_keyring()

Add a function to lookup a keyring by its description.

Signed-off-by: Hannes Reinecke <[email protected]>
[dwagner:
  - pass in command line option to dependency requirement argument
  - drop log message, find_key_by_type_and_desc sets errno]
Signed-off-by: Daniel Wagner <[email protected]>

Author: hreinecke

meson.build

@@ -98,6 +98,15 @@ endif
 conf.set('CONFIG_OPENSSL', openssl_dep.found(),
          description: 'Is OpenSSL/LibreSSL available?')
 
+if get_option('keyutils').disabled()
+    keyutils_dep = dependency('', required: false)
+else
+    keyutils_dep = dependency('libkeyutils',
+                              required : get_option('keyutils'))
+endif
+conf.set('CONFIG_KEYUTILS', keyutils_dep.found(),
+         description: 'Is libkeyutils available?')
+
 if get_option('libdbus').disabled()
     libdbus_dep = dependency('', required: false)
 else

meson_options.txt

@@ -11,3 +11,4 @@ option('python', type : 'feature', value: 'auto', description : 'Generate libnvm
 option('openssl', type : 'feature', value: 'auto', description : 'OpenSSL support')
 option('libdbus', type : 'feature', value: 'disabled', description : 'libdbus support')
 option('json-c', type : 'feature', value: 'auto', description : 'JSON support')
+option('keyutils', type: 'feature', value: 'auto', description: 'keyutils support')

src/libnvme.map

@@ -1,5 +1,10 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
+LIBNVME_1_4 {
+	global:
+		nvme_lookup_keyring;
+};
+
 LIBNVME_1_3 {
 	global:
 		nvme_ctrl_is_unique_discovery_ctrl;

src/meson.build

@@ -32,6 +32,7 @@ endif
 deps = [
     json_c_dep,
     openssl_dep,
+    keyutils_dep,
 ]
 
 mi_deps = [

src/nvme/linux.c

@@ -28,6 +28,10 @@
 #endif
 #endif
 
+#ifdef CONFIG_KEYUTILS
+#include <keyutils.h>
+#endif
+
 #include <ccan/endian/endian.h>
 
 #include "linux.h"
@@ -638,3 +642,23 @@ int nvme_gen_dhchap_key(char *hostnqn, enum nvme_hmac_alg hmac,
 	return err;
 }
 #endif /* !CONFIG_OPENSSL_3 */
+
+#ifdef CONFIG_KEYUTILS
+long nvme_lookup_keyring(const char *keyring)
+{
+	key_serial_t keyring_id;
+
+	keyring_id = find_key_by_type_and_desc("keyring", keyring, 0);
+	if (keyring_id < 0)
+		return 0;
+	return keyring_id;
+}
+#else
+long nvme_lookup_keyring(const char *keyring)
+{
+	nvme_msg(NULL, LOG_ERR, "key operations not supported; "\
+		 "recompile with keyutils support.\n");
+	errno = ENOTSUP;
+	return 0;
+}
+#endif

src/nvme/linux.h

@@ -194,4 +194,15 @@ int nvme_gen_dhchap_key(char *hostnqn, enum nvme_hmac_alg hmac,
 			unsigned int key_len, unsigned char *secret,
 			unsigned char *key);
 
+/**
+ * nvme_lookup_keyring() - Lookup keyring serial number
+ * @keyring:    Keyring name
+ *
+ * Looks up the serial number of the keyring @keyring.
+ *
+ * Return: The key serial number of the keyring
+ * or 0 with errno set otherwise.
+ */
+long nvme_lookup_keyring(const char *keyring);
+
 #endif /* _LIBNVME_LINUX_H */