Merging upstream version 1.9.

Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-02-16 10:50:33 +01:00 · 2025-02-16 10:50:33 +01:00 · ff5afdb431
commit ff5afdb431
parent 432344d511
928 changed files with 6732 additions and 1442 deletions
--- a/doc/rst/linux.rst
+++ b/doc/rst/linux.rst
@ -463,6 +463,127 @@ its keys are available for further key lookups.
 with errno set.


+.. c:function:: unsigned char * nvme_read_key (long keyring_id, long key_id, int *len)
+
+   Read key raw data
+
+**Parameters**
+
+``long keyring_id``
+  Id of the keyring holding ``key_id``
+
+``long key_id``
+  Key id
+
+``int *len``
+  Length of the returned data
+
+**Description**
+
+Links the keyring specified by **keyring_id** into the session
+keyring and reads the payload of the key specified by **key_id**.
+**len** holds the size of the returned buffer.
+If **keyring** is 0 the default keyring '.nvme' is used.
+
+**Return**
+
+Pointer to the payload on success,
+or NULL with errno set otherwise.
+
+
+.. c:function:: long nvme_update_key (long keyring_id, const char *key_type, const char *identity, unsigned char *key_data, int key_len)
+
+   Update key raw data
+
+**Parameters**
+
+``long keyring_id``
+  Id of the keyring holding ``key_id``
+
+``const char *key_type``
+  Type of the key to insert
+
+``const char *identity``
+  Key identity string
+
+``unsigned char *key_data``
+  Raw data of the key
+
+``int key_len``
+  Length of **key_data**
+
+**Description**
+
+Links the keyring specified by **keyring_id** into the session
+keyring and updates the key reference by **identity** with **key_data**.
+The old key with identity **identity** will be revoked to make it
+inaccessible.
+
+**Return**
+
+Key id of the new key or 0 with errno set otherwise.
+
+
+.. c:macro:: nvme_scan_tls_keys_cb_t
+
+   **Typedef**: Callback for iterating TLS keys
+
+
+**Syntax**
+
+  ``void nvme_scan_tls_keys_cb_t (long keyring, long key, char *desc, int desc_len, void *data)``
+
+**Parameters**
+
+``long keyring``
+  Keyring which has been iterated
+
+``long key``
+  Key for which the callback has been invoked
+
+``char *desc``
+  Description of the key
+
+``int desc_len``
+  Length of **desc**
+
+``void *data``
+  Pointer for caller data
+
+**Description**
+
+Called for each TLS PSK in the keyring.
+
+
+.. c:function:: int nvme_scan_tls_keys (const char *keyring, nvme_scan_tls_keys_cb_t cb, void *data)
+
+   Iterate over TLS keys in a keyring
+
+**Parameters**
+
+``const char *keyring``
+  Keyring holding TLS keys
+
+``nvme_scan_tls_keys_cb_t cb``
+  Callback function
+
+``void *data``
+  Pointer for data to be passed to **cb**
+
+**Description**
+
+Iterates **keyring** and call **cb** for each TLS key. When **keyring** is NULL
+the default '.nvme' keyring is used.
+A TLS key must be of type 'psk' and the description must be of the
+form 'NVMe<0|1><R|G>0<1|2> <identity>', otherwise it will be skipped
+during iteration.
+
+**Return**
+
+Number of keys for which **cb** was called, or -1 with errno set
+on error.
+
+
 .. c:function:: long nvme_insert_tls_key (const char *keyring, const char *key_type, const char *hostnqn, const char *subsysnqn, int hmac, unsigned char *configured_key, int key_len)

   Derive and insert TLS key
@ -578,3 +699,111 @@ The string containing the TLS identity. It is the responsibility
 of the caller to free the returned string.


+.. c:function:: char * nvme_export_tls_key (const unsigned char *key_data, int key_len)
+
+   Export a TLS key
+
+**Parameters**
+
+``const unsigned char *key_data``
+  Raw data of the key
+
+``int key_len``
+  Length of **key_data**
+
+**Description**
+
+Returns **key_data** in the PSK Interchange format as defined in section
+3.6.1.5 of the NVMe TCP Transport specification.
+
+**Return**
+
+The string containing the TLS identity or NULL with errno set
+on error. It is the responsibility of the caller to free the returned
+string.
+
+
+.. c:function:: unsigned char * nvme_import_tls_key (const char *encoded_key, int *key_len, unsigned int *hmac)
+
+   Import a TLS key
+
+**Parameters**
+
+``const char *encoded_key``
+  TLS key in PSK interchange format
+
+``int *key_len``
+  Length of the resulting key data
+
+``unsigned int *hmac``
+  HMAC algorithm
+
+**Description**
+
+Imports **key_data** in the PSK Interchange format as defined in section
+3.6.1.5 of the NVMe TCP Transport specification.
+
+**Return**
+
+The raw data of the PSK or NULL with errno set on error. It is
+the responsibility of the caller to free the returned string.
+
+
+.. c:function:: int nvme_submit_passthru (int fd, unsigned long ioctl_cmd, struct nvme_passthru_cmd *cmd, __u32 *result)
+
+   Low level ioctl wrapper for passthru commands
+
+**Parameters**
+
+``int fd``
+  File descriptor of the nvme device
+
+``unsigned long ioctl_cmd``
+  IOCTL command id
+
+``struct nvme_passthru_cmd *cmd``
+  Passhtru command
+
+``__u32 *result``
+  Optional field to return the result
+
+**Description**
+
+This is a low level library function which should not be used directly. It is
+exposed as weak symbol so that the user application is able to provide their own
+implementation of this function with additional debugging or logging code.
+
+**Return**
+
+The value from the ioctl system call (see ioctl documentation)
+
+
+.. c:function:: int nvme_submit_passthru64 (int fd, unsigned long ioctl_cmd, struct nvme_passthru_cmd64 *cmd, __u64 *result)
+
+   Low level ioctl wrapper for passthru commands
+
+**Parameters**
+
+``int fd``
+  File descriptor of the nvme device
+
+``unsigned long ioctl_cmd``
+  IOCTL command id
+
+``struct nvme_passthru_cmd64 *cmd``
+  Passhtru command
+
+``__u64 *result``
+  Optional field to return the result
+
+**Description**
+
+This is a low level library function which should not be used directly. It is
+exposed as weak symbol so that the user application is able to provide their own
+implementation of this function with additional debugging or logging code.
+
+**Return**
+
+The value from the ioctl system call (see ioctl documentation)
+
+