* [PATCH libnvme] Implement 'hostkey' and 'dhchap_bidi' attributes
@ 2021-09-13 9:41 Hannes Reinecke
0 siblings, 0 replies; only message in thread
From: Hannes Reinecke @ 2021-09-13 9:41 UTC (permalink / raw)
To: Christoph Hellwig; +Cc: Sagi Grimberg, Keith Busch, linux-nvme, Hannes Reinecke
Implement a 'hostkey' attribute for the nvme_host structure to
support the 'dhchap_secret' connection argument, and a
'dhchap_bidi' fabrics configuration setting to enable
bidirectional authentication.
This is the libnvme patch to support NVMe In-band authentication as posted
on the linux-nvme mailinglist.
Signed-off-by: Hannes Reinecke <hare@suse.de>
---
pynvme/nvme.i | 1 +
src/nvme/fabrics.c | 16 ++++++++++++++--
src/nvme/fabrics.h | 10 ++++++++++
src/nvme/json.c | 12 +++++++++++-
src/nvme/private.h | 1 +
src/nvme/tree.c | 17 +++++++++++++++++
src/nvme/tree.h | 15 +++++++++++++++
7 files changed, 69 insertions(+), 3 deletions(-)
diff --git a/pynvme/nvme.i b/pynvme/nvme.i
index 9193617..a2ade7f 100644
--- a/pynvme/nvme.i
+++ b/pynvme/nvme.i
@@ -271,6 +271,7 @@ struct nvme_host {
%immutable hostid;
char *hostnqn;
char *hostid;
+ char *hostkey;
};
struct nvme_subsystem {
diff --git a/src/nvme/fabrics.c b/src/nvme/fabrics.c
index bdbcb83..1ff06ac 100644
--- a/src/nvme/fabrics.c
+++ b/src/nvme/fabrics.c
@@ -37,10 +37,12 @@
#include "private.h"
#define NVMF_HOSTID_SIZE 37
+#define NVMF_HOSTKEY_SIZE 65
const char *nvmf_dev = "/dev/nvme-fabrics";
const char *nvmf_hostnqn_file = "/etc/nvme/hostnqn";
const char *nvmf_hostid_file = "/etc/nvme/hostid";
+const char *nvmf_hostkey_file = "/etc/nvme/hostkey";
const char *arg_str(const char * const *strings,
size_t array_size, size_t idx)
@@ -217,7 +219,7 @@ static int build_options(nvme_host_t h, nvme_ctrl_t c, char **argstr)
{
struct nvme_fabrics_config *cfg = nvme_ctrl_get_config(c);
const char *transport = nvme_ctrl_get_transport(c);
- const char *hostnqn, *hostid;
+ const char *hostnqn, *hostid, *hostkey;
bool discover = false;
if (!transport) {
@@ -247,6 +249,7 @@ static int build_options(nvme_host_t h, nvme_ctrl_t c, char **argstr)
discover = true;
hostnqn = nvme_host_get_hostnqn(h);
hostid = nvme_host_get_hostid(h);
+ hostkey = nvme_host_get_hostkey(h);
if (add_argument(argstr, "transport", transport) ||
add_argument(argstr, "traddr",
nvme_ctrl_get_traddr(c)) ||
@@ -258,6 +261,8 @@ static int build_options(nvme_host_t h, nvme_ctrl_t c, char **argstr)
nvme_ctrl_get_trsvcid(c)) ||
(hostnqn && add_argument(argstr, "hostnqn", hostnqn)) ||
(hostid && add_argument(argstr, "hostid", hostid)) ||
+ (!discover && hostkey &&
+ add_argument(argstr, "dhchap_secret", hostkey)) ||
(!discover &&
add_int_argument(argstr, "nr_io_queues",
cfg->nr_io_queues, false)) ||
@@ -289,7 +294,9 @@ static int build_options(nvme_host_t h, nvme_ctrl_t c, char **argstr)
(!strcmp(transport, "tcp") &&
add_bool_argument(argstr, "hdr_digest", cfg->hdr_digest)) ||
(!strcmp(transport, "tcp") &&
- add_bool_argument(argstr, "data_digest", cfg->data_digest))) {
+ add_bool_argument(argstr, "data_digest", cfg->data_digest)) ||
+ (!strcmp(transport, "tcp") &&
+ add_bool_argument(argstr, "dhchap_bidi", cfg->dhchap_bidi))) {
free(*argstr);
return -1;
}
@@ -722,3 +729,8 @@ char *nvmf_hostid_from_file()
{
return nvmf_read_file(nvmf_hostid_file, NVMF_HOSTID_SIZE);
}
+
+char *nvmf_hostkey_from_file()
+{
+ return nvmf_read_file(nvmf_hostkey_file, NVMF_HOSTKEY_SIZE);
+}
diff --git a/src/nvme/fabrics.h b/src/nvme/fabrics.h
index 10ac2e2..d9a1210 100644
--- a/src/nvme/fabrics.h
+++ b/src/nvme/fabrics.h
@@ -31,6 +31,7 @@
* @disable_sqflow: Disable controller sq flow control
* @hdr_digest: Generate/verify header digest (TCP)
* @data_digest: Generate/verify data digest (TCP)
+ * @dhchap_bidi: Enable bidirectional authentication (TCP)
*/
struct nvme_fabrics_config {
int queue_size;
@@ -47,6 +48,7 @@ struct nvme_fabrics_config {
bool disable_sqflow;
bool hdr_digest;
bool data_digest;
+ bool dhchap_bidi;
};
/**
@@ -169,6 +171,14 @@ char *nvmf_hostnqn_from_file();
*/
char *nvmf_hostid_from_file();
+/**
+ * nvmf_hostkey_from_file() - Reads the host dhchap secret from the config
+ * default location in /etc/nvme/.
+ * Return: The host dhchap secret, or NULL if unsuccessful. If found, the
+ * caller is responsible to free the string.
+ */
+char *nvmf_hostkey_from_file();
+
/**
* nvmf_connect_disc_entry() -
* @h:
diff --git a/src/nvme/json.c b/src/nvme/json.c
index faadf2d..dcafcbb 100644
--- a/src/nvme/json.c
+++ b/src/nvme/json.c
@@ -62,6 +62,8 @@ static void json_update_attributes(nvme_ctrl_t c,
hdr_digest, val_obj);
JSON_UPDATE_BOOL_OPTION(cfg, key_str,
data_digest, val_obj);
+ JSON_UPDATE_BOOL_OPTION(cfg, key_str,
+ dhchap_bidi, val_obj);
if (!strcmp("persistent", key_str) &&
!nvme_ctrl_is_persistent(c))
nvme_ctrl_set_persistent(c, true);
@@ -136,6 +138,9 @@ static void json_parse_host(nvme_root_t r, struct json_object *host_obj)
if (attr_obj)
hostid = json_object_get_string(attr_obj);
h = nvme_lookup_host(r, hostnqn, hostid);
+ attr_obj = json_object_object_get(host_obj, "hostkey");
+ if (attr_obj)
+ nvme_host_set_hostkey(h, json_object_get_string(attr_obj));
subsys_array = json_object_object_get(host_obj, "subsystems");
if (!subsys_array)
return;
@@ -207,6 +212,7 @@ static void json_update_port(struct json_object *ctrl_array, nvme_ctrl_t c)
JSON_BOOL_OPTION(cfg, port_obj, disable_sqflow);
JSON_BOOL_OPTION(cfg, port_obj, hdr_digest);
JSON_BOOL_OPTION(cfg, port_obj, data_digest);
+ JSON_BOOL_OPTION(cfg, port_obj, dhchap_bidi);
if (nvme_ctrl_is_persistent(c))
json_object_add_value_bool(port_obj, "persistent", true);
json_object_array_add(ctrl_array, port_obj);
@@ -247,7 +253,7 @@ int json_update_config(nvme_root_t r, const char *config_file)
json_root = json_object_new_array();
nvme_for_each_host(r, h) {
nvme_subsystem_t s;
- const char *hostid;
+ const char *hostid, *hostkey;
host_obj = json_object_new_object();
json_object_add_value_string(host_obj, "hostnqn",
@@ -256,6 +262,10 @@ int json_update_config(nvme_root_t r, const char *config_file)
if (hostid)
json_object_add_value_string(host_obj, "hostid",
hostid);
+ hostkey = nvme_host_get_hostkey(h);
+ if (hostkey)
+ json_object_add_value_string(host_obj, "hostkey",
+ hostkey);
subsys_array = json_object_new_array();
nvme_for_each_subsystem(h, s) {
json_update_subsys(subsys_array, s);
diff --git a/src/nvme/private.h b/src/nvme/private.h
index 2a151bf..fc61ef1 100644
--- a/src/nvme/private.h
+++ b/src/nvme/private.h
@@ -103,6 +103,7 @@ struct nvme_host {
char *hostnqn;
char *hostid;
+ char *hostkey;
};
struct nvme_root {
diff --git a/src/nvme/tree.c b/src/nvme/tree.c
index 6c46ef1..502f4ae 100644
--- a/src/nvme/tree.c
+++ b/src/nvme/tree.c
@@ -64,6 +64,8 @@ nvme_host_t nvme_default_host(nvme_root_t r)
free(hostnqn);
if (hostid)
free(hostid);
+ if (h)
+ h->hostkey = nvmf_hostkey_from_file();
return h;
}
@@ -147,6 +149,21 @@ const char *nvme_host_get_hostid(nvme_host_t h)
return h->hostid;
}
+const char *nvme_host_get_hostkey(nvme_host_t h)
+{
+ return h->hostkey;
+}
+
+void nvme_host_set_hostkey(nvme_host_t h, const char *hostkey)
+{
+ if (h->hostkey) {
+ free(h->hostkey);
+ h->hostkey = NULL;
+ }
+ if (hostkey)
+ h->hostkey = strdup(hostkey);
+}
+
nvme_subsystem_t nvme_first_subsystem(nvme_host_t h)
{
return list_top(&h->subsystems, struct nvme_subsystem, entry);
diff --git a/src/nvme/tree.h b/src/nvme/tree.h
index 68f5cbf..e5a350d 100644
--- a/src/nvme/tree.h
+++ b/src/nvme/tree.h
@@ -105,6 +105,21 @@ const char *nvme_host_get_hostnqn(nvme_host_t h);
*/
const char *nvme_host_get_hostid(nvme_host_t h);
+/**
+ * nvme_host_get_hostkey() -
+ * @h:
+ *
+ * Return:
+ */
+const char *nvme_host_get_hostkey(nvme_host_t h);
+
+/**
+ * nvme_host_set_hostkey() -
+ * @h:
+ * @k:
+ */
+void nvme_host_set_hostkey(nvme_host_t h, const char *k);
+
/**
* nvme_default_host() -
* @r:
--
2.29.2
_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-09-13 9:47 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-13 9:41 [PATCH libnvme] Implement 'hostkey' and 'dhchap_bidi' attributes Hannes Reinecke
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).