Skip to content

Commit 342b186

Browse files
hreineckeigaw
hreinecke
authored and
igaw
committed
fabrics: add configuration option 'tls_key'
Add a fabrics configuration option to specify the TLS PSK for a connection. The PSK is referenced by its serial number, but stored with its description in the JSON configuration file. Signed-off-by: Hannes Reinecke <[email protected]>
1 parent 92479af commit 342b186

5 files changed

Lines changed: 31 additions & 0 deletions

File tree

doc/config-schema.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,10 @@
9898
"description": "Keyring to store and lookup keys",
9999
"type": "string",
100100
},
101+
"tls_key": {
102+
"description": "TLS PSK for the connection",
103+
"type": "string",
104+
},
101105
"nr_io_queues": {
102106
"description": "Number of I/O queues",
103107
"type": "integer"

doc/rst/fabrics.rst

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ Fabrics-specific definitions.
2828
int nr_poll_queues;
2929
int tos;
3030
int keyring;
31+
int tls_key;
3132
bool duplicate_connect;
3233
bool disable_sqflow;
3334
bool hdr_digest;
@@ -73,6 +74,9 @@ Fabrics-specific definitions.
7374
``keyring``
7475
Serial number of the keyring to store and lookup keys
7576

77+
``tls_key``
78+
Serial number of the TLS PSK for the connection
79+
7680
``duplicate_connect``
7781
Allow multiple connections to the same target
7882

src/nvme/fabrics.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -217,6 +217,7 @@ static struct nvme_fabrics_config *merge_config(nvme_ctrl_t c,
217217
MERGE_CFG_OPTION(ctrl_cfg, cfg, fast_io_fail_tmo, 0);
218218
MERGE_CFG_OPTION(ctrl_cfg, cfg, tos, -1);
219219
MERGE_CFG_OPTION(ctrl_cfg, cfg, keyring, 0);
220+
MERGE_CFG_OPTION(ctrl_cfg, cfg, tls_key, 0);
220221
MERGE_CFG_OPTION(ctrl_cfg, cfg, duplicate_connect, false);
221222
MERGE_CFG_OPTION(ctrl_cfg, cfg, disable_sqflow, false);
222223
MERGE_CFG_OPTION(ctrl_cfg, cfg, hdr_digest, false);
@@ -245,6 +246,7 @@ void nvmf_update_config(nvme_ctrl_t c, const struct nvme_fabrics_config *cfg)
245246
UPDATE_CFG_OPTION(ctrl_cfg, cfg, fast_io_fail_tmo, 0);
246247
UPDATE_CFG_OPTION(ctrl_cfg, cfg, tos, -1);
247248
UPDATE_CFG_OPTION(ctrl_cfg, cfg, keyring, 0);
249+
UPDATE_CFG_OPTION(ctrl_cfg, cfg, tls_key, 0);
248250
UPDATE_CFG_OPTION(ctrl_cfg, cfg, duplicate_connect, false);
249251
UPDATE_CFG_OPTION(ctrl_cfg, cfg, disable_sqflow, false);
250252
UPDATE_CFG_OPTION(ctrl_cfg, cfg, hdr_digest, false);
@@ -520,6 +522,8 @@ static int build_options(nvme_host_t h, nvme_ctrl_t c, char **argstr)
520522
(strcmp(transport, "loop") &&
521523
add_int_argument(argstr, "tos", cfg->tos, true)) ||
522524
add_int_argument(argstr, "keyring", cfg->keyring, false) ||
525+
(!strcmp(transport, "tcp") &&
526+
add_int_argument(argstr, "tls_key", cfg->tls_key, false)) ||
523527
add_bool_argument(argstr, "duplicate_connect",
524528
cfg->duplicate_connect) ||
525529
add_bool_argument(argstr, "disable_sqflow",

src/nvme/fabrics.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@
3636
* @nr_poll_queues: Number of queues to reserve for polling completions
3737
* @tos: Type of service
3838
* @keyring: Keyring to store and lookup keys
39+
* @tls_key: TLS PSK for the connection
3940
* @duplicate_connect: Allow multiple connections to the same target
4041
* @disable_sqflow: Disable controller sq flow control
4142
* @hdr_digest: Generate/verify header digest (TCP)
@@ -55,6 +56,7 @@ struct nvme_fabrics_config {
5556
int nr_poll_queues;
5657
int tos;
5758
int keyring;
59+
int tls_key;
5860

5961
bool duplicate_connect;
6062
bool disable_sqflow;

src/nvme/json.c

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,14 @@ static void json_update_attributes(nvme_ctrl_t c,
7878
nvme_set_keyring(cfg->keyring);
7979
}
8080
}
81+
if (!strcmp("tls_key", key_str) && cfg->tls_key == 0) {
82+
long key;
83+
84+
key = nvme_lookup_key("psk",
85+
json_object_get_string(val_obj));
86+
if (key)
87+
cfg->tls_key = key;
88+
}
8189
}
8290
}
8391

@@ -325,6 +333,15 @@ static void json_update_port(struct json_object *ctrl_array, nvme_ctrl_t c)
325333
free(desc);
326334
}
327335
}
336+
if (cfg->tls_key) {
337+
char *desc = nvme_describe_key_serial(cfg->tls_key);
338+
339+
if (desc) {
340+
json_object_object_add(port_obj, "tls_key",
341+
json_object_new_string(desc));
342+
free(desc);
343+
}
344+
}
328345

329346
json_object_array_add(ctrl_array, port_obj);
330347
}

0 commit comments

Comments
 (0)