Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nvme: add support to revoke TLS key #2387

Merged
merged 14 commits into from
Jul 9, 2024
Merged

nvme: add support to revoke TLS key #2387

merged 14 commits into from
Jul 9, 2024

Conversation

igaw
Copy link
Collaborator

@igaw igaw commented Jul 1, 2024
edited
Loading

Add support to nvme-cli to remove TLS keys from a keyring.

I've decided to add the remove option to the tls-key command because adding it to gen-tls-key
or check-tls-key seems wrong. tls-key support import/export operation while the other two command name indicate for what they are should be used. The import option for check-tls-key is already wrong IMO. But let's keep it for backwards compatibility.

Fixes: #2365

Depends: linux-nvme/libnvme#856

ikegami-t
ikegami-t reviewed Jul 2, 2024
View reviewed changes
Copy link
Contributor

@ikegami-t ikegami-t left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

completions not added.

Documentation/nvme-tls-key.txt Outdated Show resolved Hide resolved
Documentation/nvme-tls-key.txt Show resolved Hide resolved
nvme.c Outdated Show resolved Hide resolved
Documentation/nvme-tls-key.txt Outdated Show resolved Hide resolved
ikegami-t
ikegami-t reviewed Jul 3, 2024
View reviewed changes
Documentation/nvme-tls-key.txt Outdated Show resolved Hide resolved
Documentation/nvme-tls-key.txt Outdated Show resolved Hide resolved
@igaw igaw changed the title nvme: add support to remove TLS key nvme: add support to revoke TLS key Jul 4, 2024
igaw
igaw commented Jul 5, 2024
View reviewed changes
util/cleanup.h Outdated Show resolved Hide resolved
igaw added 8 commits July 5, 2024 10:17
@igaw
build: bump libnvme wrap
0ad8a1a 
Fetch nvme_revoke_tls_key.

Signed-off-by: Daniel Wagner <dwagner@suse.de>
@igaw
nvme: use stdout for exporting TLS keys
f0ce6a0 
The export command should use stdout as default output as documentation
claims. Furthermore, it should open the keyfile to write in write mode.

Signed-off-by: Daniel Wagner <dwagner@suse.de>
@igaw
nvme: strip newline when parsing TLS key files
a5673bb 
When exporting a TLS keys from the kernel keyring a line might have a
newline. Strip the newline away as the nvme_import_tls_key is not
expecting it and thus fails to load an exported keyfile.

Signed-off-by: Daniel Wagner <dwagner@suse.de>
@igaw
nvme: use cleanup helper for STREAM objects
a5fbeda 
The tls_key function is using a STREAM object and closes it when leaving
the context. Update it to use the helper.

Signed-off-by: Daniel Wagner <dwagner@suse.de>
@igaw
fabrics: use cleanup helper for STREAM objects
efca565 
discover_from_conf_file uses a STREAM. Let's use the cleanup helper to
close it.

Signed-off-by: Daniel Wagner <dwagner@suse.de>
@igaw
nvme-rpmb: use cleanup helper for STREAM objects
a4b1764 
write_file uses a STREAM. Let's use the cleanup helper to close it.

Signed-off-by: Daniel Wagner <dwagner@suse.de>
@igaw
nvme: use cleanup helper to close file descriptor
32308ce 
io_mgmt_send uses a file descriptor. Let's use the cleanup helper to
close it.

Signed-off-by: Daniel Wagner <dwagner@suse.de>
@igaw
nvme: factor out import key function
015ad41 
Split the command line option handling code from the operation.

Signed-off-by: Daniel Wagner <dwagner@suse.de>
ikegami-t
ikegami-t reviewed Jul 5, 2024
View reviewed changes
Documentation/nvme-tls-key.txt Outdated Show resolved Hide resolved
completions/_nvme Outdated Show resolved Hide resolved
completions/bash-nvme-completion.sh Outdated Show resolved Hide resolved
completions/bash-nvme-completion.sh Outdated Show resolved Hide resolved
nvme.c Show resolved Hide resolved
nvme.c Show resolved Hide resolved
igaw added 6 commits July 9, 2024 11:25
@igaw
nvme: return error code/message for TLS commands
6b01d08 
Propagate error codes for TLS commands. Also print an error message when
scanning TLS keys.

Signed-off-by: Daniel Wagner <dwagner@suse.de>
@igaw
nvme: add support to revoke TLS key
fcdd203 
Add support to nvme-cli to revoke TLS keys from a keyring.

Signed-off-by: Daniel Wagner <dwagner@suse.de>
@igaw
build: sort documentation files entries
93c5d13 
Sort the file names alphabetically.

Signed-off-by: Daniel Wagner <dwagner@suse.de>
@igaw
doc: fix tls-key --keyfile shorthand
bdc7792 
The shorthand for --keyfile is -f and not -k.

Signed-off-by: Daniel Wagner <dwagner@suse.de>
@igaw
doc: add tls-key --revoke documentation
98f7952 
Add the --revoke option to the tls-key documentation.

While at it, add examples how to use it.

Signed-off-by: Daniel Wagner <dwagner@suse.de>
@igaw
completion: add support for tls-key
01857f5 
The tls-key command is missing support for the zsh and bash completion.

Signed-off-by: Daniel Wagner <dwagner@suse.de>
@igaw igaw merged commit 5249914 into linux-nvme:master Jul 9, 2024
16 of 17 checks passed
@igaw igaw deleted the remove-tls-key branch July 9, 2024 09:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ikegami-t ikegami-t ikegami-t left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Provide option to remove a TLS retained key from the kernel keyring
2 participants
@igaw @ikegami-t