tree: add getter/setters for TLS PSK

Extend the ctrl API to allow the users to set TLS key on the ctrl object
directly.

Signed-off-by: Daniel Wagner <[email protected]>

Author: dwsuse

doc/config-schema.json.in

@@ -102,8 +102,12 @@
 		    "description": "Keyring for TLS key lookup",
 		    "type": "string"
 		},
+		"tls_key_identity": {
+		    "description": "PSK identity for the TLS PSK (tls_key)",
+		    "type": "string"
+		},
 		"tls_key": {
-		    "description": "TLS key for the connection",
+		    "description": "TLS PSK in PSK interchange format",
 		    "type": "string"
 		},
 		"nr_io_queues": {

src/libnvme.map

@@ -1,6 +1,12 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 LIBNVME_1.11 {
 	global:
+		nvme_ctrl_get_keyring;
+		nvme_ctrl_get_tls_key;
+		nvme_ctrl_get_tls_key_identity;
+		nvme_ctrl_set_keyring;
+		nvme_ctrl_set_tls_key;
+		nvme_ctrl_set_tls_key_identity;
 		nvme_export_tls_key_versioned;
 		nvme_import_tls_key_versioned;
 };

src/nvme/fabrics.c

@@ -864,6 +864,15 @@ int nvmf_add_ctrl(nvme_host_t h, nvme_ctrl_t c,
 			key = nvme_ctrl_get_dhchap_key(fc);
 			if (key)
 				nvme_ctrl_set_dhchap_key(c, key);
+			key = nvme_ctrl_get_keyring(fc);
+			if (key)
+				nvme_ctrl_set_keyring(c, key);
+			key = nvme_ctrl_get_tls_key_identity(fc);
+			if (key)
+				nvme_ctrl_set_tls_key_identity(c, key);
+			key = nvme_ctrl_get_tls_key(fc);
+			if (key)
+				nvme_ctrl_set_tls_key(c, key);
 		}
 
 	}

src/nvme/fabrics.h

@@ -37,6 +37,7 @@
  * @tos:		Type of service
  * @keyring:		Keyring to store and lookup keys
  * @tls_key:		TLS PSK for the connection
+ * @tls_configured_key: TLS PSK for connect command for the connection
  * @duplicate_connect:	Allow multiple connections to the same target
  * @disable_sqflow:	Disable controller sq flow control
  * @hdr_digest:		Generate/verify header digest (TCP)
@@ -58,6 +59,7 @@ struct nvme_fabrics_config {
 	int tos;
 	long keyring;
 	long tls_key;
+	long tls_configured_key;
 
 	bool duplicate_connect;
 	bool disable_sqflow;

src/nvme/private.h

@@ -85,6 +85,9 @@ struct nvme_ctrl {
 	char *trsvcid;
 	char *dhchap_key;
 	char *dhchap_ctrl_key;
+	char *keyring;
+	char *tls_key_identity;
+	char *tls_key;
 	char *cntrltype;
 	char *cntlid;
 	char *dctype;

src/nvme/tree.c

@@ -1151,6 +1151,51 @@ void nvme_ctrl_set_dhchap_key(nvme_ctrl_t c, const char *key)
 		c->dhchap_ctrl_key = strdup(key);
 }
 
+const char *nvme_ctrl_get_keyring(nvme_ctrl_t c)
+{
+	return c->keyring;
+}
+
+void nvme_ctrl_set_keyring(nvme_ctrl_t c, const char *keyring)
+{
+	if (c->keyring) {
+		free(c->keyring);
+		c->keyring = NULL;
+	}
+	if (keyring)
+		c->keyring = strdup(keyring);
+}
+
+const char *nvme_ctrl_get_tls_key_identity(nvme_ctrl_t c)
+{
+	return c->tls_key_identity;
+}
+
+void nvme_ctrl_set_tls_key_identity(nvme_ctrl_t c, const char *identity)
+{
+	if (c->tls_key_identity) {
+		free(c->tls_key_identity);
+		c->tls_key_identity = NULL;
+	}
+	if (identity)
+		c->tls_key_identity = strdup(identity);
+}
+
+const char *nvme_ctrl_get_tls_key(nvme_ctrl_t c)
+{
+	return c->tls_key;
+}
+
+void nvme_ctrl_set_tls_key(nvme_ctrl_t c, const char *key)
+{
+	if (c->tls_key) {
+		free(c->tls_key);
+		c->tls_key = NULL;
+	}
+	if (key)
+		c->tls_key = strdup(key);
+}
+
 void nvme_ctrl_set_discovered(nvme_ctrl_t c, bool discovered)
 {
 	c->discovered = discovered;
@@ -1232,6 +1277,9 @@ void nvme_deconfigure_ctrl(nvme_ctrl_t c)
 	FREE_CTRL_ATTR(c->sqsize);
 	FREE_CTRL_ATTR(c->dhchap_key);
 	FREE_CTRL_ATTR(c->dhchap_ctrl_key);
+	FREE_CTRL_ATTR(c->keyring);
+	FREE_CTRL_ATTR(c->tls_key_identity);
+	FREE_CTRL_ATTR(c->tls_key);
 	FREE_CTRL_ATTR(c->address);
 	FREE_CTRL_ATTR(c->dctype);
 	FREE_CTRL_ATTR(c->cntrltype);

src/nvme/tree.h

@@ -1098,6 +1098,51 @@ const char *nvme_ctrl_get_dhchap_key(nvme_ctrl_t c);
  */
 void nvme_ctrl_set_dhchap_key(nvme_ctrl_t c, const char *key);
 
+/**
+ * nvme_ctrl_get_keyring() - Return keyring
+ * @c:	Controller to be used for the lookup
+ *
+ * Return: Keyring or NULL if not set
+ */
+const char *nvme_ctrl_get_keyring(nvme_ctrl_t c);
+
+/**
+ * nvme_ctrl_set_keyring() - Set keyring
+ * @c:		Controller for which the keyring should be set
+ * @keyring:	Keyring name
+ */
+void nvme_ctrl_set_keyring(nvme_ctrl_t c, const char *keyring);
+
+/**
+ * nvme_ctrl_get_tls_key_identity() - Return Derive TLS Identity
+ * @c:		Controller to be used for the lookup
+ *
+ * Return: Derive TLS Identity or NULL if not set
+ */
+const char *nvme_ctrl_get_tls_key_identity(nvme_ctrl_t c);
+
+/**
+ * nvme_ctrl_set_tls_key_identity() - Set Derive TLS Identity
+ * @c:		Controller for which the key should be set
+ * @identity:	Derive TLS identity or NULL to clear existing key
+ */
+void nvme_ctrl_set_tls_key_identity(nvme_ctrl_t c, const char *identity);
+
+/**
+ * nvme_ctrl_get_tls_key() - Return Derive TLS PSK
+ * @c:		Controller to be used for the lookup
+ *
+ * Return: Key in PSK interchange format or NULL if not set
+ */
+const char *nvme_ctrl_get_tls_key(nvme_ctrl_t c);
+
+/**
+ * nvme_ctrl_set_tls_key() - Set Derive TLS PSK
+ * @c:		Controller for which the key should be set
+ * @key:	Key in interchange format or NULL to clear existing key
+ */
+void nvme_ctrl_set_tls_key(nvme_ctrl_t c, const char *key);
+
 /**
  * nvme_ctrl_get_config() - Fabrics configuration of a controller
  * @c:	Controller instance