From cf825cc1a50eb9ce1c64e42a10ad2ffd4ff7e43c Mon Sep 17 00:00:00 2001 From: Daniel Wagner Date: Thu, 10 Oct 2024 09:02:16 +0200 Subject: [PATCH 1/2] nvme: use unsigned char for hmac and identity The spec is limiting the size of both variables to one byte, thus there is no need to use wider types. Signed-off-by: Daniel Wagner --- nvme.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/nvme.c b/nvme.c index a1e65fb34..a0c9f41d2 100644 --- a/nvme.c +++ b/nvme.c @@ -9181,8 +9181,8 @@ static int gen_tls_key(int argc, char **argv, struct command *command, struct pl char *hostnqn; char *subsysnqn; char *secret; - unsigned int hmac; - unsigned int identity; + unsigned char hmac; + unsigned char identity; bool insert; }; @@ -9203,8 +9203,8 @@ static int gen_tls_key(int argc, char **argv, struct command *command, struct pl OPT_STR("hostnqn", 'n', &cfg.hostnqn, hostnqn), OPT_STR("subsysnqn", 'c', &cfg.subsysnqn, subsysnqn), OPT_STR("secret", 's', &cfg.secret, secret), - OPT_UINT("hmac", 'm', &cfg.hmac, hmac), - OPT_UINT("identity", 'I', &cfg.identity, identity), + OPT_BYTE("hmac", 'm', &cfg.hmac, hmac), + OPT_BYTE("identity", 'I', &cfg.identity, identity), OPT_FLAG("insert", 'i', &cfg.insert, insert)); err = parse_args(argc, argv, desc, opts); @@ -9302,7 +9302,7 @@ static int check_tls_key(int argc, char **argv, struct command *command, struct char *hostnqn; char *subsysnqn; char *keydata; - unsigned int identity; + unsigned char identity; bool insert; }; @@ -9322,7 +9322,7 @@ static int check_tls_key(int argc, char **argv, struct command *command, struct OPT_STR("hostnqn", 'n', &cfg.hostnqn, hostnqn), OPT_STR("subsysnqn", 'c', &cfg.subsysnqn, subsysnqn), OPT_STR("keydata", 'd', &cfg.keydata, keydata), - OPT_UINT("identity", 'I', &cfg.identity, identity), + OPT_BYTE("identity", 'I', &cfg.identity, identity), OPT_FLAG("insert", 'i', &cfg.insert, insert)); err = parse_args(argc, argv, desc, opts); From ccc6ac9c6099de43c1618f1cc1c97af69c96fee1 Mon Sep 17 00:00:00 2001 From: Daniel Wagner Date: Thu, 10 Oct 2024 09:04:51 +0200 Subject: [PATCH 2/2] fabrics: add support to connect to accept a PSK It's possible to specify which PSK stored in the kernel keystore to use. This means the user has first to insert the key into the store and then figure out which ID to pass to the connect command because currently there is no automatic key lookup. This is not simple to make it work 'correctly' as there potentially a more than one key which matches the connection description. So this would need some match logic. Let's not go there for the moment. Instead, we allow the user to pass the configured key directly from the connect command. Signed-off-by: Daniel Wagner --- fabrics.c | 34 +++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/fabrics.c b/fabrics.c index fd7ee35d0..2adec9832 100644 --- a/fabrics.c +++ b/fabrics.c @@ -94,6 +94,7 @@ static const char *nvmf_context = "execution context identification string"; #define NVMF_ARGS(n, c, ...) \ struct argconfig_commandline_options n[] = { \ + __VA_ARGS__, \ OPT_STRING("transport", 't', "STR", &transport, nvmf_tport), \ OPT_STRING("nqn", 'n', "STR", &subsysnqn, nvmf_nqn), \ OPT_STRING("traddr", 'a', "STR", &traddr, nvmf_traddr), \ @@ -120,7 +121,6 @@ static const char *nvmf_context = "execution context identification string"; OPT_FLAG("data-digest", 'G', &c.data_digest, nvmf_data_digest), \ OPT_FLAG("tls", 0, &c.tls, nvmf_tls), \ OPT_FLAG("concat", 0, &c.concat, nvmf_concat), \ - __VA_ARGS__, \ OPT_END() \ } @@ -904,15 +904,18 @@ int nvmf_connect(const char *desc, int argc, char **argv) nvme_print_flags_t flags; struct nvme_fabrics_config cfg = { 0 }; char *format = "normal"; - + char *keyring = NULL; + char *tls_key = NULL; NVMF_ARGS(opts, cfg, OPT_STRING("dhchap-ctrl-secret", 'C', "STR", &ctrlkey, nvmf_ctrlkey), OPT_STRING("config", 'J', "FILE", &config_file, nvmf_config_file), OPT_INCR("verbose", 'v', &verbose, "Increase logging verbosity"), - OPT_FLAG("dump-config", 'O', &dump_config, "Dump JSON configuration to stdout"), - OPT_FMT("output-format", 'o', &format, "Output format: normal|json"), - OPT_STRING("context", 0, "STR", &context, nvmf_context)); + OPT_FLAG("dump-config", 'O', &dump_config, "Dump JSON configuration to stdout"), + OPT_FMT("output-format", 'o', &format, "Output format: normal|json"), + OPT_STRING("context", 0, "STR", &context, nvmf_context), + OPT_STR("keyring", 0, &keyring, "Keyring to store the TLS key, name or keyring id"), + OPT_STR("tls_key", 0, &tls_key, "TLS key in PSK Interchagne format or key store id")); nvmf_default_config(&cfg); @@ -1008,9 +1011,30 @@ int nvmf_connect(const char *desc, int argc, char **argv) errno = ENOMEM; goto out_free; } + if (ctrlkey) nvme_ctrl_set_dhchap_key(c, ctrlkey); + if (keyring) { + char *endptr; + long id = strtol(keyring, &endptr, 0); + + if (endptr != keyring) + cfg.keyring = id; + else + nvme_ctrl_set_keyring(c, keyring); + } + + if (tls_key) { + char *endptr; + long id = strtol(tls_key, &endptr, 0); + + if (endptr != tls_key) + cfg.tls_key = id; + else + nvme_ctrl_set_tls_key(c, tls_key); + } + errno = 0; ret = nvmf_add_ctrl(h, c, &cfg); if (ret)