module/keyring: add linux keyring module

This module uses the keyutils library to fetch keys managed by the Linux
kernel keyring. The keys are created implicitly in the probe_key()
callback. For n

module/keyring: add linux keyring module

This module uses the keyutils library to fetch keys managed by the Linux
kernel keyring. The keys are created implicitly in the probe_key()
callback. For now, they need to be attached to the kernel's keyring
before requesting them. The following patches will add the ability to
specify callout information which will allow the kernel to instantiate
the keys if they're unavailable.

Change-Id: I0aedd19247c6c35f22bcb61f4b387d5d85b42cdf
Signed-off-by: Konrad Sztyber <konrad.sztyber@intel.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/21760
Reviewed-by: Aleksey Marchuk <alexeymar@nvidia.com>
Reviewed-by: Jim Harris <jim.harris@samsung.com>
Community-CI: Mellanox Build Bot
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>

show more ...

module/keyring: add keyring_file module

This module allows for using keys stored in files. Each such file
should only contain a single key and the module copies it without any
modifications. Addit

module/keyring: add keyring_file module

This module allows for using keys stored in files. Each such file
should only contain a single key and the module copies it without any
modifications. Additionally, it checks the permissions of the file to
ensure that only the owner of the file is allowed to access it.

This mechanism is very similar to the method employed by the NVMe driver
and the NVMe-oF target to supply NVMe/TLS pre-shared keys.

Signed-off-by: Konrad Sztyber <konrad.sztyber@intel.com>
Change-Id: I6eb15549073e8388b3f806f2888df3b1e3676ad5
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/21737
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Seung yeon Shin <syeon.shin@samsung.com>
Reviewed-by: Jim Harris <jim.harris@samsung.com>
Reviewed-by: Aleksey Marchuk <alexeymar@nvidia.com>

show more ...