-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS keys handling #894
base: master
Are you sure you want to change the base?
TLS keys handling #894
Commits on Oct 10, 2024
-
test: add test case for importing/exporting PSKs
Test the pre-shared key interchange format import/export function. Signed-off-by: Daniel Wagner <dwagner@suse.de>
Configuration menu - View commit details
-
Copy full SHA for 4e1fed1 - Browse repository at this point
Copy the full SHA 4e1fed1View commit details -
linux: add import/export function for TLS pre-shared keys
The existing import/export function do not handle different version of the interchange format nor do the handle the HMAC independent of the version. Thus allow the caller to select version and HMAC independently when exporting resp. importing. This makes this interface also future proof when new HMAC or key lengths are added to the spec. Signed-off-by: Daniel Wagner <dwagner@suse.de>
Configuration menu - View commit details
-
Copy full SHA for 2a8629e - Browse repository at this point
Copy the full SHA 2a8629eView commit details -
test: extend psk to test new 'versioned' API
Also test for nvme_{import|export}_tls_key_versioned API. Signed-off-by: Daniel Wagner <dwagner@suse.de>
Configuration menu - View commit details
-
Copy full SHA for 95ab7ae - Browse repository at this point
Copy the full SHA 95ab7aeView commit details -
linux: support PSK interchange format HMAC none
The pre-shared key interchange format also has 'no transform' option when the configured key should be used as retained key. Update the export/imports to support this case. Signed-off-by: Daniel Wagner <dwagner@suse.de>
Configuration menu - View commit details
-
Copy full SHA for 6a7fefc - Browse repository at this point
Copy the full SHA 6a7fefcView commit details -
test/psk: test all available HMACs
Extend the test case also to check for the NONE and SHA2-384 algorithm Signed-off-by: Daniel Wagner <dwagner@suse.de>
Configuration menu - View commit details
-
Copy full SHA for 545f19d - Browse repository at this point
Copy the full SHA 545f19dView commit details -
test: make config-diff more flexible to use
The config-diff script is expecting a sysfs tar file besides an input and a output file. Let's make the sysfs tar file optional so we can use this config diff script more flexible. Signed-off-by: Daniel Wagner <dwagner@suse.de>
Configuration menu - View commit details
-
Copy full SHA for 581bc62 - Browse repository at this point
Copy the full SHA 581bc62View commit details -
linux: reorder variable declarations
Use the inverse x-mas tree pattern for variable declarations. Signed-off-by: Daniel Wagner <dwagner@suse.de>
Configuration menu - View commit details
-
Copy full SHA for 558965c - Browse repository at this point
Copy the full SHA 558965cView commit details -
tree: add getter/setters for tls_key and keyring
Extend the ctrl API to allow the users to set the tls_key/keyring on the ctrl object directly. Signed-off-by: Daniel Wagner <dwagner@suse.de>
Configuration menu - View commit details
-
Copy full SHA for 2d12b96 - Browse repository at this point
Copy the full SHA 2d12b96View commit details -
fabrics: move key store operation to connect
When the JSON parser detects a TLS key it inserts it into the keystore. Keystore operations on the default '.nvme' keyring are privileged operations (root) thus the parser will fail. This will fail nvme-cli commands which are run as normal user. Let's move the key store operations to the connect call path where we need the right permission. A nice side benefit is that we also are able to pass in a configured key. Signed-off-by: Daniel Wagner <dwagner@suse.de>
Configuration menu - View commit details
-
Copy full SHA for b28fb19 - Browse repository at this point
Copy the full SHA b28fb19View commit details -
test: add pre-shared key json tests
Add a test case for the PSK API to ensure that the generated JSON is correct. Signed-off-by: Daniel Wagner <dwagner@suse.de>
Configuration menu - View commit details
-
Copy full SHA for b9e1add - Browse repository at this point
Copy the full SHA b9e1addView commit details