Commit 3e4c5347 authored by Konrad Sztyber's avatar Konrad Sztyber Committed by Tomasz Zawadzki
Browse files

bdev/nvme: pass DH-HMAC-CHAP controller key 



Additionally, adjust the authentication tests to cover cases with
bidirectional authentication.

Signed-off-by: default avatarKonrad Sztyber <konrad.sztyber@intel.com>
Change-Id: I251260ac7e53ae0cf39da08941c669ee3ac2c58a
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/22129


Reviewed-by: default avatarJim Harris <jim.harris@samsung.com>
Reviewed-by: default avatarBen Walker <ben@nvidia.com>
Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
Community-CI: Mellanox Build Bot
parent dbaa0488

doc/jsonrpc.md

+1 −0
Original line number Diff line number Diff line
@@ -4051,6 +4051,7 @@ fast_io_fail_timeout_sec | Optional | number | Time to wait until ctrlr i 
psk                        | Optional | string      | Name of the pre-shared key to be used for TLS (Enables SSL socket implementation for TCP)

max_bdevs                  | Optional | number      | The size of the name array for newly created bdevs. Default is 128.

dhchap_key                 | Optional | string      | DH-HMAC-CHAP key name.

dhchap_ctrlr_key           | Optional | string      | DH-HMAC-CHAP controller key name.



#### Example

module/bdev/nvme/bdev_nvme.c

+24 −0
Original line number Diff line number Diff line
@@ -480,6 +480,7 @@ _nvme_ctrlr_delete(struct nvme_ctrlr *nvme_ctrlr) 
	pthread_mutex_destroy(&nvme_ctrlr->mutex);

	spdk_keyring_put_key(nvme_ctrlr->psk);

	spdk_keyring_put_key(nvme_ctrlr->dhchap_key);

	spdk_keyring_put_key(nvme_ctrlr->dhchap_ctrlr_key);

	free(nvme_ctrlr);



	pthread_mutex_lock(&g_bdev_nvme_mutex);
@@ -5223,6 +5224,7 @@ free_nvme_async_probe_ctx(struct nvme_async_probe_ctx *ctx) 
{

	spdk_keyring_put_key(ctx->drv_opts.tls_psk);

	spdk_keyring_put_key(ctx->drv_opts.dhchap_key);

	spdk_keyring_put_key(ctx->drv_opts.dhchap_ctrlr_key);

	free(ctx);

}
@@ -5454,6 +5456,18 @@ nvme_ctrlr_create(struct spdk_nvme_ctrlr *ctrlr, 
				goto err;

			}

		}



		if (ctx->drv_opts.dhchap_ctrlr_key != NULL) {

			nvme_ctrlr->dhchap_ctrlr_key =

				spdk_keyring_get_key(

					spdk_key_get_name(ctx->drv_opts.dhchap_ctrlr_key));

			if (nvme_ctrlr->dhchap_ctrlr_key == NULL) {

				SPDK_ERRLOG("Couldn't get a reference to the key '%s'\n",

					    spdk_key_get_name(ctx->drv_opts.tls_psk));

				rc = -ENOKEY;

				goto err;

			}

		}

	}



	path_id = calloc(1, sizeof(*path_id));
@@ -6216,6 +6230,16 @@ bdev_nvme_create(struct spdk_nvme_transport_id *trid, 
		ctx->drv_opts.dhchap_digests = g_opts.dhchap_digests;

		ctx->drv_opts.dhchap_dhgroups = g_opts.dhchap_dhgroups;

	}

	if (ctx->bdev_opts.dhchap_ctrlr_key != NULL) {

		ctx->drv_opts.dhchap_ctrlr_key =

			spdk_keyring_get_key(ctx->bdev_opts.dhchap_ctrlr_key);

		if (ctx->drv_opts.dhchap_ctrlr_key == NULL) {

			SPDK_ERRLOG("Could not load DH-HMAC-CHAP controller key: %s\n",

				    ctx->bdev_opts.dhchap_ctrlr_key);

			free_nvme_async_probe_ctx(ctx);

			return -ENOKEY;

		}

	}



	if (nvme_bdev_ctrlr_get_by_name(base_name) == NULL || multipath) {

		attach_cb = connect_attach_cb;

module/bdev/nvme/bdev_nvme.h

+2 −0
Original line number Diff line number Diff line
@@ -46,6 +46,7 @@ struct nvme_ctrlr_opts { 
	/* Name of the PSK or path to the file containing PSK. */

	char psk[PATH_MAX];

	const char *dhchap_key;

	const char *dhchap_ctrlr_key;

};



struct nvme_async_probe_ctx {
@@ -157,6 +158,7 @@ struct nvme_ctrlr { 
	struct nvme_async_probe_ctx		*probe_ctx;

	struct spdk_key				*psk;

	struct spdk_key				*dhchap_key;

	struct spdk_key				*dhchap_ctrlr_key;



	pthread_mutex_t				mutex;

};

module/bdev/nvme/bdev_nvme_rpc.c

+4 −0
Original line number Diff line number Diff line
@@ -236,6 +236,7 @@ struct rpc_bdev_nvme_attach_controller { 
	char *hostsvcid;

	char *psk;

	char *dhchap_key;

	char *dhchap_ctrlr_key;

	enum bdev_nvme_multipath_mode multipath;

	struct nvme_ctrlr_opts bdev_opts;

	struct spdk_nvme_ctrlr_opts drv_opts;
@@ -257,6 +258,7 @@ free_rpc_bdev_nvme_attach_controller(struct rpc_bdev_nvme_attach_controller *req 
	free(req->hostsvcid);

	free(req->psk);

	free(req->dhchap_key);

	free(req->dhchap_ctrlr_key);

	spdk_memset_s(req->drv_opts.psk, sizeof(req->drv_opts.psk), 0, sizeof(req->drv_opts.psk));

}
@@ -336,6 +338,7 @@ static const struct spdk_json_object_decoder rpc_bdev_nvme_attach_controller_dec 
	{"psk", offsetof(struct rpc_bdev_nvme_attach_controller, psk), spdk_json_decode_string, true},

	{"max_bdevs", offsetof(struct rpc_bdev_nvme_attach_controller, max_bdevs), spdk_json_decode_uint32, true},

	{"dhchap_key", offsetof(struct rpc_bdev_nvme_attach_controller, dhchap_key), spdk_json_decode_string, true},

	{"dhchap_ctrlr_key", offsetof(struct rpc_bdev_nvme_attach_controller, dhchap_ctrlr_key), spdk_json_decode_string, true},

};



#define DEFAULT_MAX_BDEVS_PER_RPC 128
@@ -619,6 +622,7 @@ rpc_bdev_nvme_attach_controller(struct spdk_jsonrpc_request *request, 
	/* Should already be zero due to the calloc(), but set explicitly for clarity. */

	ctx->req.bdev_opts.from_discovery_service = false;

	ctx->req.bdev_opts.dhchap_key = ctx->req.dhchap_key;

	ctx->req.bdev_opts.dhchap_ctrlr_key = ctx->req.dhchap_ctrlr_key;

	rc = bdev_nvme_create(&trid, ctx->req.name, ctx->names, ctx->req.max_bdevs,

			      rpc_bdev_nvme_attach_controller_done, ctx, &ctx->req.drv_opts,

			      &ctx->req.bdev_opts, multipath);

python/spdk/rpc/bdev.py

+5 −1
Original line number Diff line number Diff line
@@ -791,7 +791,7 @@ def bdev_nvme_attach_controller(client, name, trtype, traddr, adrfam=None, trsvc 
                                hdgst=None, ddgst=None, fabrics_timeout=None, multipath=None, num_io_queues=None,

                                ctrlr_loss_timeout_sec=None, reconnect_delay_sec=None,

                                fast_io_fail_timeout_sec=None, psk=None, max_bdevs=None,

                                dhchap_key=None):

                                dhchap_key=None, dhchap_ctrlr_key=None):

    """Construct block device for each NVMe namespace in the attached controller.



    Args:
@@ -829,6 +829,7 @@ def bdev_nvme_attach_controller(client, name, trtype, traddr, adrfam=None, trsvc 
        psk: Set PSK file path and enable TCP SSL socket implementation (optional)

        max_bdevs: Size of the name array for newly created bdevs. Default is 128. (optional)

        dhchap_key: DH-HMAC-CHAP key name.

        dhchap_ctrlr_key: DH-HMAC-CHAP controller key name.



    Returns:

        Names of created block devices.
@@ -897,6 +898,9 @@ def bdev_nvme_attach_controller(client, name, trtype, traddr, adrfam=None, trsvc 
    if dhchap_key is not None:

        params['dhchap_key'] = dhchap_key



    if dhchap_ctrlr_key is not None:

        params['dhchap_ctrlr_key'] = dhchap_ctrlr_key



    return client.call('bdev_nvme_attach_controller', params)