Commit 4a62ec38 authored by Konrad Sztyber's avatar Konrad Sztyber Committed by Jim Harris
Browse files

nvme: add spdk_nvme_ctrlr_set_keys() 



This function, in conjunction with spdk_nvme_ctrlr_authenticate() and
spdk_nvme_qpair_authenticate(), can be used to force reauthentication
using new keys, without breaking existing connections.

Signed-off-by: default avatarKonrad Sztyber <konrad.sztyber@intel.com>
Change-Id: I0063a910ae37f0c2e47186d3726e243e210ef43d
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/24235


Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
Community-CI: Mellanox Build Bot
Reviewed-by: default avatarKrzysztof Karas <krzysztof.karas@intel.com>
Reviewed-by: default avatarJim Harris <jim.harris@samsung.com>
Reviewed-by: default avatarBen Walker <ben@nvidia.com>
parent b9ae8c80

include/spdk/nvme.h

+25 −0
Original line number Diff line number Diff line
@@ -1218,6 +1218,31 @@ int spdk_nvme_ctrlr_set_trid(struct spdk_nvme_ctrlr *ctrlr, struct spdk_nvme_tra 
void spdk_nvme_ctrlr_set_remove_cb(struct spdk_nvme_ctrlr *ctrlr,

				   spdk_nvme_remove_cb remove_cb, void *remove_ctx);



struct spdk_nvme_ctrlr_key_opts {

	/** Size of this structure */

	size_t size;

	/** DH-HMAC-CHAP host key */

	struct spdk_key *dhchap_key;

	/** DH-HMAC-CHAP controller key */

	struct spdk_key *dhchap_ctrlr_key;

};



/**

 * Set keys for a given NVMe controller.  These keys will override the keys specified in

 * `spdk_nvme_ctrlr_opts` when attaching the controller and will be used from now on to authenticate

 * all qpairs associated with this controller.

 *

 * This function only sets the keys, it doesn't force existing qpairs to use them.  To do that,

 * users need to call `spdk_nvme_ctrlr_authenticate()` to authenticate the admin queue and

 * `spdk_nvme_qpair_authenticate()` to authenticate IO queues.

 *

 * \param ctrlr NVMe controller.

 * \param opts Key options.

 *

 * \return 0 on success, negative errno on failure.

 */

int spdk_nvme_ctrlr_set_keys(struct spdk_nvme_ctrlr *ctrlr, struct spdk_nvme_ctrlr_key_opts *opts);



/**

 * Perform a full hardware reset of the NVMe controller.

 *

lib/nvme/nvme_ctrlr.c

+20 −0
Original line number Diff line number Diff line
@@ -2038,6 +2038,26 @@ spdk_nvme_ctrlr_set_remove_cb(struct spdk_nvme_ctrlr *ctrlr, 
	nvme_ctrlr_unlock(ctrlr);

}



int

spdk_nvme_ctrlr_set_keys(struct spdk_nvme_ctrlr *ctrlr, struct spdk_nvme_ctrlr_key_opts *opts)

{

	nvme_ctrlr_lock(ctrlr);

	if (SPDK_GET_FIELD(opts, dhchap_key, ctrlr->opts.dhchap_key) == NULL &&

	    SPDK_GET_FIELD(opts, dhchap_ctrlr_key, ctrlr->opts.dhchap_ctrlr_key) != NULL) {

		NVME_CTRLR_ERRLOG(ctrlr, "DH-HMAC-CHAP controller key requires host key to be set\n");

		nvme_ctrlr_unlock(ctrlr);

		return -EINVAL;

	}



	ctrlr->opts.dhchap_key =

		SPDK_GET_FIELD(opts, dhchap_key, ctrlr->opts.dhchap_key);

	ctrlr->opts.dhchap_ctrlr_key =

		SPDK_GET_FIELD(opts, dhchap_ctrlr_key, ctrlr->opts.dhchap_ctrlr_key);

	nvme_ctrlr_unlock(ctrlr);



	return 0;

}



static void

nvme_ctrlr_identify_done(void *arg, const struct spdk_nvme_cpl *cpl)

{

lib/nvme/spdk_nvme.map

+1 −0
Original line number Diff line number Diff line
@@ -118,6 +118,7 @@ 
	spdk_nvme_ctrlr_alloc_qid;

	spdk_nvme_ctrlr_free_qid;

	spdk_nvme_ctrlr_set_remove_cb;

	spdk_nvme_ctrlr_set_keys;

	spdk_nvme_ctrlr_get_memory_domains;

	spdk_nvme_ctrlr_get_discovery_log_page;

	spdk_nvme_ctrlr_get_registers;