From 225a6ed95f42bfd3686312db528c43efa318cc32 Mon Sep 17 00:00:00 2001 From: Hannes Reinecke Date: Thu, 16 Nov 2023 09:03:28 +0100 Subject: [PATCH] libnvme: Implement 'nvme_generate_tls_key_identity()' Implement a function to generate the TLS key identity. Signed-off-by: Hannes Reinecke --- src/libnvme.map | 1 + src/nvme/linux.c | 42 ++++++++++++++++++++++++++++++++++++++++++ src/nvme/linux.h | 19 +++++++++++++++++++ 3 files changed, 62 insertions(+) diff --git a/src/libnvme.map b/src/libnvme.map index 29efc5d6..742f6356 100644 --- a/src/libnvme.map +++ b/src/libnvme.map @@ -4,6 +4,7 @@ LIBNVME_1_7 { nvme_init_copy_range_f2; nvme_init_copy_range_f3; nvme_insert_tls_key_versioned; + nvme_generate_tls_key_identity; }; LIBNVME_1_6 { diff --git a/src/nvme/linux.c b/src/nvme/linux.c index 1e485ddb..19b1877d 100644 --- a/src/nvme/linux.c +++ b/src/nvme/linux.c @@ -1233,6 +1233,38 @@ long nvme_insert_tls_key_versioned(const char *keyring, const char *key_type, return key; } +char *nvme_generate_tls_key_identity(const char *hostnqn, const char *subsysnqn, + int version, int hmac, + unsigned char *configured_key, int key_len) +{ + char *identity; + size_t identity_len; + unsigned char *psk; + int ret = -1; + + identity_len = nvme_identity_len(hmac, version, hostnqn, subsysnqn); + if (identity_len < 0) + return NULL; + + identity = malloc(identity_len); + if (!identity) + return NULL; + + psk = malloc(key_len); + if (!psk) + goto out_free_identity; + + memset(psk, 0, key_len); + ret = derive_nvme_keys(hostnqn, subsysnqn, identity, version, hmac, + configured_key, psk, key_len); + free(psk); +out_free_identity: + if (ret < 0) { + free(identity); + identity = NULL; + } + return identity; +} #else long nvme_lookup_keyring(const char *keyring) { @@ -1276,6 +1308,16 @@ long nvme_insert_tls_key_versioned(const char *keyring, const char *key_type, errno = ENOTSUP; return -1; } + +char *nvme_generate_tls_key_identity(const char *hostnqn, const char *subsysnqn, + int version, int hmac, + unsigned char *configured_key, int key_len) +{ + nvme_msg(NULL, LOG_ERR, "key operations not supported; " + "recompile with keyutils support.\n"); + errno = ENOTSUP; + return -1; +} #endif long nvme_insert_tls_key(const char *keyring, const char *key_type, diff --git a/src/nvme/linux.h b/src/nvme/linux.h index c593c9de..11ee76e2 100644 --- a/src/nvme/linux.h +++ b/src/nvme/linux.h @@ -316,4 +316,23 @@ long nvme_insert_tls_key_versioned(const char *keyring, const char *key_type, int version, int hmac, unsigned char *configured_key, int key_len); +/** + * nvme_generate_tls_key_identity() - Generate the TLS key identity + * @hostnqn: Host NVMe Qualified Name + * @subsysnqn: Subsystem NVMe Qualified Name + * @version: Key version to use + * @hmac: HMAC algorithm + * @configured_key: Configured key data to derive the key from + * @key_len: Length of @configured_key + * + * Derives a 'retained' TLS key as specified in NVMe TCP and + * generate the corresponding TLs identity. + * + * Return: The string containing the TLS identity. It is the responsibility + * of the caller to free the returned string. + */ +char *nvme_generate_tls_key_identity(const char *hostnqn, const char *subsysnqn, + int version, int hmac, + unsigned char *configured_key, int key_len); + #endif /* _LIBNVME_LINUX_H */