nvme-keyring: add nvme_tls_psk_refresh()

#include <linux/module.h>

#include <linux/seq_file.h>

#include <linux/key.h>

#include <linux/key-type.h>

#include <keys/user-type.h>

#include <linux/nvme.h>

	return key_ref_to_ptr(keyref);

}

/**

 * nvme_tls_psk_refresh - Refresh TLS PSK

 * @keyring: Keyring holding the TLS PSK

 * @hostnqn: Host NQN to use

 * @subnqn: Subsystem NQN to use

 * @hmac_id: Hash function identifier

 * @data: TLS PSK key material

 * @data_len: Length of @data

 * @digest: TLS PSK digest

 *

 * Refresh a generated version 1 TLS PSK with the identity generated

 * from @hmac_id, @hostnqn, @subnqn, and @digest in the keyring given

 * by @keyring.

 *

 * Returns the updated key success or an error pointer otherwise.

 */

struct key *nvme_tls_psk_refresh(struct key *keyring,

		const char *hostnqn, const char *subnqn, u8 hmac_id,

		u8 *data, size_t data_len, const char *digest)

{

	key_perm_t keyperm =

		KEY_POS_SEARCH | KEY_POS_VIEW | KEY_POS_READ |

		KEY_POS_WRITE | KEY_POS_LINK | KEY_POS_SETATTR |

		KEY_USR_SEARCH | KEY_USR_VIEW | KEY_USR_READ;

	char *identity;

	key_ref_t keyref;

	key_serial_t keyring_id;

	struct key *key;

	if (!hostnqn || !subnqn || !data || !data_len)

		return ERR_PTR(-EINVAL);

	identity = kasprintf(GFP_KERNEL, "NVMe1G%02d %s %s %s",

		 hmac_id, hostnqn, subnqn, digest);

	if (!identity)

		return ERR_PTR(-ENOMEM);

	if (!keyring)

		keyring = nvme_keyring;

	keyring_id = key_serial(keyring);

	pr_debug("keyring %x refresh tls psk '%s'\n",

		 keyring_id, identity);

	keyref = key_create_or_update(make_key_ref(keyring, true),

				"psk", identity, data, data_len,

				keyperm, KEY_ALLOC_NOT_IN_QUOTA |

				      KEY_ALLOC_BUILT_IN |

				      KEY_ALLOC_BYPASS_RESTRICTION);

	if (IS_ERR(keyref)) {

		pr_debug("refresh tls psk '%s' failed, error %ld\n",

			 identity, PTR_ERR(keyref));

		kfree(identity);

		return ERR_PTR(-ENOKEY);

	}

	kfree(identity);

	/*

	 * Set the default timeout to 1 hour

	 * as suggested in TP8018.

	 */

	key = key_ref_to_ptr(keyref);

	key_set_timeout(key, 3600);

	return key;

}

EXPORT_SYMBOL_GPL(nvme_tls_psk_refresh);

/*

 * NVMe PSK priority list

 *

#include <linux/init.h>

#include <linux/slab.h>

#include <linux/err.h>

#include <linux/key.h>

#include <linux/nvme-tcp.h>

#include <linux/nvme-keyring.h>

#include <net/sock.h>

#include <linux/init.h>

#include <linux/slab.h>

#include <linux/err.h>

#include <linux/key.h>

#include <linux/nvme-tcp.h>

#include <linux/nvme-keyring.h>

#include <net/sock.h>

#ifndef _NVME_KEYRING_H

#define _NVME_KEYRING_H

#include <linux/key.h>

#if IS_ENABLED(CONFIG_NVME_KEYRING)

struct key *nvme_tls_psk_refresh(struct key *keyring,

		const char *hostnqn, const char *subnqn, u8 hmac_id,

		u8 *data, size_t data_len, const char *digest);

key_serial_t nvme_tls_psk_default(struct key *keyring,

		const char *hostnqn, const char *subnqn);

key_serial_t nvme_keyring_id(void);

struct key *nvme_tls_key_lookup(key_serial_t key_id);

#else

static inline struct key *nvme_tls_psk_refresh(struct key *keyring,

		const char *hostnqn, char *subnqn, u8 hmac_id,

		u8 *data, size_t data_len, const char *digest)

{

	return ERR_PTR(-ENOTSUPP);

}

static inline key_serial_t nvme_tls_psk_default(struct key *keyring,

		const char *hostnqn, const char *subnqn)

{