nvmf/auth: set allowed digests/dhgroups (00a557f2) · Commits · Public Repositories / spdk

doc/jsonrpc.md

+2 −0

Original line number	Diff line number	Diff line
		@@ -9034,6 +9034,8 @@ acceptor_poll_rate \| Optional \| number \| Polling interval of the accep
		admin_cmd_passthru \| Optional \| object \| Admin command passthru configuration
		poll_groups_mask \| Optional \| string \| Set cpumask for NVMf poll groups
		discovery_filter \| Optional \| string \| Set discovery filter, possible values are: `match_any` (default) or comma separated values: `transport`, `address`, `svcid`
		dhchap_digests \| Optional \| list \| List of allowed DH-HMAC-CHAP digests.
		dhchap_dhgroups \| Optional \| list \| List of allowed DH-HMAC-CHAP DH groups.

		#### admin_cmd_passthru {#spdk_nvmf_admin_passthru_conf}

+2 −0

Original line number	Diff line number	Diff line
		@@ -61,6 +61,8 @@ struct spdk_nvmf_target_opts {
		uint32_t max_subsystems;
		uint16_t crdt[3];
		uint32_t discovery_filter;
		uint32_t dhchap_digests;
		uint32_t dhchap_dhgroups;
		};

		struct spdk_nvmf_transport_opts {

+22 −0

Original line number	Diff line number	Diff line
		@@ -123,6 +123,22 @@ nvmf_auth_request_fail1(struct spdk_nvmf_request *req, int reason)
		nvmf_auth_request_complete(req, SPDK_NVME_SCT_GENERIC, SPDK_NVME_SC_SUCCESS, 0);
		}

		static bool
		nvmf_auth_digest_allowed(struct spdk_nvmf_qpair *qpair, uint8_t digest)
		{
		struct spdk_nvmf_tgt *tgt = qpair->group->tgt;

		return tgt->dhchap_digests & SPDK_BIT(digest);
		}

		static bool
		nvmf_auth_dhgroup_allowed(struct spdk_nvmf_qpair *qpair, uint8_t dhgroup)
		{
		struct spdk_nvmf_tgt *tgt = qpair->group->tgt;

		return tgt->dhchap_dhgroups & SPDK_BIT(dhgroup);
		}

		static int
		nvmf_auth_timeout_poller(void *ctx)
		{
		@@ -259,6 +275,9 @@ nvmf_auth_negotiate_exec(struct spdk_nvmf_request *req, struct spdk_nvmf_auth_ne
		}

		for (i = 0; i < SPDK_COUNTOF(digests); ++i) {
		if (!nvmf_auth_digest_allowed(qpair, digests[i])) {
		continue;
		}
		for (j = 0; j < desc->halen; ++j) {
		if (digests[i] == desc->hash_id_list[j]) {
		AUTH_DEBUGLOG(qpair, "selected digest: %s\n",
		@@ -278,6 +297,9 @@ nvmf_auth_negotiate_exec(struct spdk_nvmf_request *req, struct spdk_nvmf_auth_ne
		}

		for (i = 0; i < SPDK_COUNTOF(dhgroups); ++i) {
		if (!nvmf_auth_dhgroup_allowed(qpair, dhgroups[i])) {
		continue;
		}
		for (j = 0; j < desc->dhlen; ++j) {
		if (dhgroups[i] == desc->dhg_id_list[j]) {
		AUTH_DEBUGLOG(qpair, "selected dhgroup: %s\n",

+2 −0

Original line number	Diff line number	Diff line
		@@ -393,6 +393,8 @@ spdk_nvmf_tgt_create(struct spdk_nvmf_target_opts *_opts)
		tgt->crdt[2] = opts.crdt[2];
		tgt->discovery_filter = opts.discovery_filter;
		tgt->discovery_genctr = 0;
		tgt->dhchap_digests = opts.dhchap_digests;
		tgt->dhchap_dhgroups = opts.dhchap_dhgroups;
		TAILQ_INIT(&tgt->transports);
		TAILQ_INIT(&tgt->poll_groups);
		TAILQ_INIT(&tgt->referrals);

+4 −0

Original line number	Diff line number	Diff line
		@@ -78,6 +78,10 @@ struct spdk_nvmf_tgt {
		uint16_t crdt[3];
		uint16_t num_poll_groups;

		/* Allowed DH-HMAC-CHAP digests/dhgroups */
		uint32_t dhchap_digests;
		uint32_t dhchap_dhgroups;

		TAILQ_ENTRY(spdk_nvmf_tgt) link;
		};

Original line number	Diff line number	Diff line
		@@ -9034,6 +9034,8 @@ acceptor_poll_rate \| Optional \| number \| Polling interval of the accep
		admin_cmd_passthru \| Optional \| object \| Admin command passthru configuration
		poll_groups_mask \| Optional \| string \| Set cpumask for NVMf poll groups
		discovery_filter \| Optional \| string \| Set discovery filter, possible values are: `match_any` (default) or comma separated values: `transport`, `address`, `svcid`
		dhchap_digests \| Optional \| list \| List of allowed DH-HMAC-CHAP digests.
		dhchap_dhgroups \| Optional \| list \| List of allowed DH-HMAC-CHAP DH groups.

		#### admin_cmd_passthru {#spdk_nvmf_admin_passthru_conf}