Commit 6212597b authored by Boris Glimcher's avatar Boris Glimcher Committed by Jim Harris
Browse files

sock/ssl: Add psk_key and psk_identity options to spdk_sock_impl_opts 



Note, this change only sets defaults for the ID/KEY,
more specific use cases like NVMe/TCP may set the ID and KEY on a per connection basis.

Also simplify PSK identity string, that isn't NVMe focused.
NVMe libraries using this will need to construct more complicated
identity strings and pass them to the sock layer.

Example:
  rpc.py sock_impl_set_options -i ssl --psk-key 4321DEADBEEF1234
  rpc.py sock_impl_set_options -i ssl --psk-identity psk.spdk.io

  ./build/examples/perf --psk-key 4321DEADBEEF1234 --psk-identity psk.spdk.io

  ./build/examples/hello_sock --psk-key 4321DEADBEEF1234 --psk-identity psk.spdk.io

Change-Id: I1cb5b0b706bdeafbccbc71f8320bc8e2961cbb55
Signed-off-by: default avatarBoris Glimcher <Boris.Glimcher@emc.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/13759


Reviewed-by: default avatarJim Harris <james.r.harris@intel.com>
Reviewed-by: default avatarBen Walker <benjamin.walker@intel.com>
Reviewed-by: default avatarPaul Luse <paul.e.luse@intel.com>
Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
Community-CI: Mellanox Build Bot
parent 21d9b32f

CHANGELOG.md

+1 −0
Original line number Diff line number Diff line
@@ -24,6 +24,7 @@ Calculate num_md_pages from num_md_pages_per_cluster_ratio, and pass it to spdk_ 
### rpc



New options `enable_ktls` and `tls_version` were added to the `sock_impl_set_options` structure.

New options `psk_key` and `psk_identity` were added to the `sock_impl_set_options` structure.



Added warning message for `bdev_rbd_create`, if it is used without -c.

`bdev_rbd_create()` API without specifying -c is deprecated and will be removed in future release.

doc/jsonrpc.md

+8 −2
Original line number Diff line number Diff line
@@ -9743,7 +9743,9 @@ Example response: 
    "enable_zerocopy_send_client": false,

    "zerocopy_threshold": 0,

    "tls_version": 13,

    "enable_ktls": false

    "enable_ktls": false,

    "psk_key": "1234567890ABCDEF",

    "psk_identity": "psk.spdk.io"

  }

}

~~~
@@ -9768,6 +9770,8 @@ zerocopy_threshold | Optional | number | Set zerocopy_threshold in 
--                          | --       | --          | that fall below this threshold may be sent without zerocopy flag set

tls_version                 | Optional | number      | TLS protocol version, e.g. 13 for v1.3 (only applies when impl_name == ssl)

enable_ktls                 | Optional | boolean     | Enable or disable Kernel TLS (only applies when impl_name == ssl)

psk_key                     | Optional | string      | Default PSK KEY in hexadecimal digits, e.g. 1234567890ABCDEF (only applies when impl_name == ssl)

psk_identity                | Optional | string      | Default PSK ID, e.g. psk.spdk.io (only applies when impl_name == ssl)



#### Response
@@ -9793,7 +9797,9 @@ Example request: 
    "enable_zerocopy_send_client": false,

    "zerocopy_threshold": 10240,

    "tls_version": 13,

    "enable_ktls": false

    "enable_ktls": false,

    "psk_key": "1234567890ABCDEF",

    "psk_identity": "psk.spdk.io"

  }

}

~~~

examples/nvme/perf/perf.c

+53 −6
Original line number Diff line number Diff line
@@ -291,7 +291,7 @@ static int g_file_optind; /* Index of first filename in argv */ 
static inline void task_complete(struct perf_task *task);



static void

perf_set_sock_opts(const char *impl_name, const char *field, uint32_t val)

perf_set_sock_opts(const char *impl_name, const char *field, uint32_t val, const char *valstr)

{

	struct spdk_sock_impl_opts sock_opts = {};

	size_t opts_size = sizeof(sock_opts);
@@ -323,6 +323,26 @@ perf_set_sock_opts(const char *impl_name, const char *field, uint32_t val) 
		sock_opts.tls_version = val;

	} else if (strcmp(field, "ktls") == 0) {

		sock_opts.enable_ktls = val;

	} else if (strcmp(field, "psk_key") == 0) {

		if (!valstr) {

			fprintf(stderr, "No socket opts value specified\n");

			return;

		}

		sock_opts.psk_key = strdup(valstr);

		if (sock_opts.psk_key == NULL) {

			fprintf(stderr, "Failed to allocate psk_key in sock_impl\n");

			return;

		}

	} else if (strcmp(field, "psk_identity") == 0) {

		if (!valstr) {

			fprintf(stderr, "No socket opts value specified\n");

			return;

		}

		sock_opts.psk_identity = strdup(valstr);

		if (sock_opts.psk_identity == NULL) {

			fprintf(stderr, "Failed to allocate psk_identity in sock_impl\n");

			return;

		}

	} else {

		fprintf(stderr, "Warning: invalid or unprocessed socket opts field: %s\n", field);

		return;
@@ -1790,6 +1810,8 @@ usage(char *program_name) 
	printf("\t[--disable-ktls disable Kernel TLS. Only valid for ssl impl. Default for ssl impl]\n");

	printf("\t[--enable-ktls enable Kernel TLS. Only valid for ssl impl]\n");

	printf("\t[--tls-version <val> TLS version to use. Only valid for ssl impl. Default: 0 (auto-negotiation)]\n");

	printf("\t[--psk-key <val> Default PSK KEY in hexadecimal digits, e.g. 1234567890ABCDEF (only applies when sock_impl == ssl)]\n");

	printf("\t[--psk-identity <val> Default PSK ID, e.g. psk.spdk.io (only applies when sock_impl == ssl)]\n");

}



static void
@@ -2288,6 +2310,10 @@ static const struct option g_perf_cmdline_opts[] = { 
	{"enable-ktls", no_argument, NULL, PERF_ENABLE_KTLS},

#define PERF_TLS_VERSION	262

	{"tls-version", required_argument, NULL, PERF_TLS_VERSION},

#define PERF_PSK_KEY		263

	{"psk-key", required_argument, NULL, PERF_PSK_KEY},

#define PERF_PSK_IDENTITY	264

	{"psk-identity ", required_argument, NULL, PERF_PSK_IDENTITY},

	/* Should be the last element */

	{0, 0, 0, 0}

};
@@ -2299,6 +2325,8 @@ parse_args(int argc, char **argv, struct spdk_env_opts *env_opts) 
	long int val;

	int rc;

	char *endptr;

	bool ssl_used = false;

	char *sock_impl = "posix";



	while ((op = getopt_long(argc, argv, PERF_GETOPT_SHORT, g_perf_cmdline_opts, &long_idx)) != -1) {

		switch (op) {
@@ -2469,26 +2497,38 @@ parse_args(int argc, char **argv, struct spdk_env_opts *env_opts) 
			g_vmd = true;

			break;

		case PERF_DISABLE_KTLS:

			perf_set_sock_opts(optarg, "ktls", 0);

			ssl_used = true;

			perf_set_sock_opts("ssl", "ktls", 0, NULL);

			break;

		case PERF_ENABLE_KTLS:

			perf_set_sock_opts(optarg, "ktls", 1);

			ssl_used = true;

			perf_set_sock_opts("ssl", "ktls", 1, NULL);

			break;

		case PERF_TLS_VERSION:

			ssl_used = true;

			val = spdk_strtol(optarg, 10);

			if (val < 0) {

				fprintf(stderr, "Illegal tls version value %s\n", optarg);

				return val;

			}

			perf_set_sock_opts(optarg, "tls_version", val);

			perf_set_sock_opts("ssl", "tls_version", val, NULL);

			break;

		case PERF_PSK_KEY:

			ssl_used = true;

			perf_set_sock_opts("ssl", "psk_key", 0, optarg);

			break;

		case PERF_PSK_IDENTITY:

			ssl_used = true;

			perf_set_sock_opts("ssl", "psk_identity", 0, optarg);

			break;

		case PERF_DISABLE_ZCOPY:

			perf_set_sock_opts(optarg, "enable_zerocopy_send_client", 0);

			perf_set_sock_opts(optarg, "enable_zerocopy_send_client", 0, NULL);

			break;

		case PERF_ENABLE_ZCOPY:

			perf_set_sock_opts(optarg, "enable_zerocopy_send_client", 1);

			perf_set_sock_opts(optarg, "enable_zerocopy_send_client", 1, NULL);

			break;

		case PERF_DEFAULT_SOCK_IMPL:

			sock_impl = optarg;

			rc = spdk_sock_set_default_impl(optarg);

			if (rc) {

				fprintf(stderr, "Failed to set sock impl %s, err %d (%s)\n", optarg, errno, strerror(errno));
@@ -2547,6 +2587,13 @@ parse_args(int argc, char **argv, struct spdk_env_opts *env_opts) 
		g_workload_type = &g_workload_type[4];

	}



	if (ssl_used && strncmp(sock_impl, "ssl", 3) != 0) {

		fprintf(stderr, "sock impl is not SSL but tried to use one of the SSL only options\n");

		usage(argv[0]);

		return 1;

	}





	if (strcmp(g_workload_type, "read") == 0 || strcmp(g_workload_type, "write") == 0) {

		g_rw_percentage = strcmp(g_workload_type, "read") == 0 ? 100 : 0;

		if (g_mix_specified) {

examples/sock/hello_world/hello_sock.c

+19 −1
Original line number Diff line number Diff line
@@ -27,6 +27,8 @@ static int g_zcopy; 
static int g_ktls;

static int g_tls_version;

static bool g_verbose;

static char *g_psk_key;

static char *g_psk_identity;



/*

 * We'll use this struct to gather housekeeping hello_context to pass between
@@ -40,6 +42,8 @@ struct hello_context_t { 
	int zcopy;

	int ktls;

	int tls_version;

	char *psk_key;

	char *psk_identity;



	bool verbose;

	int bytes_in;
@@ -61,7 +65,9 @@ struct hello_context_t { 
static void

hello_sock_usage(void)

{

	printf(" -E psk_key    Default PSK KEY in hexadecimal digits, e.g. 1234567890ABCDEF (only applies when sock_impl == ssl)\n");

	printf(" -H host_addr  host address\n");

	printf(" -I psk_id     Default PSK ID, e.g. psk.spdk.io (only applies when sock_impl == ssl)\n");

	printf(" -P port       port number\n");

	printf(" -N sock_impl  socket implementation, e.g., -N posix or -N uring\n");

	printf(" -S            start in server mode\n");
@@ -80,9 +86,15 @@ static int 
hello_sock_parse_arg(int ch, char *arg)

{

	switch (ch) {

	case 'E':

		g_psk_key = arg;

		break;

	case 'H':

		g_host = arg;

		break;

	case 'I':

		g_psk_identity = arg;

		break;

	case 'N':

		g_sock_impl_name = arg;

		break;
@@ -225,6 +237,8 @@ hello_sock_connect(struct hello_context_t *ctx) 
	spdk_sock_impl_get_opts(ctx->sock_impl_name, &impl_opts, &impl_opts_size);

	impl_opts.enable_ktls = ctx->ktls;

	impl_opts.tls_version = ctx->tls_version;

	impl_opts.psk_key = ctx->psk_key;

	impl_opts.psk_identity = ctx->psk_identity;



	opts.opts_size = sizeof(opts);

	spdk_sock_get_default_opts(&opts);
@@ -369,6 +383,8 @@ hello_sock_listen(struct hello_context_t *ctx) 
	spdk_sock_impl_get_opts(ctx->sock_impl_name, &impl_opts, &impl_opts_size);

	impl_opts.enable_ktls = ctx->ktls;

	impl_opts.tls_version = ctx->tls_version;

	impl_opts.psk_key = ctx->psk_key;

	impl_opts.psk_identity = ctx->psk_identity;



	opts.opts_size = sizeof(opts);

	spdk_sock_get_default_opts(&opts);
@@ -443,7 +459,7 @@ main(int argc, char **argv) 
	opts.name = "hello_sock";

	opts.shutdown_cb = hello_sock_shutdown_cb;



	if ((rc = spdk_app_parse_args(argc, argv, &opts, "H:kKN:P:ST:VzZ", NULL, hello_sock_parse_arg,

	if ((rc = spdk_app_parse_args(argc, argv, &opts, "E:H:I:kKN:P:ST:VzZ", NULL, hello_sock_parse_arg,

				      hello_sock_usage)) != SPDK_APP_PARSE_ARGS_SUCCESS) {

		exit(rc);

	}
@@ -454,6 +470,8 @@ main(int argc, char **argv) 
	hello_context.zcopy = g_zcopy;

	hello_context.ktls = g_ktls;

	hello_context.tls_version = g_tls_version;

	hello_context.psk_key = g_psk_key;

	hello_context.psk_identity = g_psk_identity;

	hello_context.verbose = g_verbose;



	rc = spdk_app_start(&opts, hello_start, &hello_context);

include/spdk/sock.h

+10 −0
Original line number Diff line number Diff line
@@ -138,6 +138,16 @@ struct spdk_sock_impl_opts { 
	 * Enable or disable kernel TLS. Used by ssl socket modules.

	 */

	bool enable_ktls;



	/**

	 * Set default PSK key. Used by ssl socket module.

	 */

	char *psk_key;



	/**

	 * Set default PSK identity. Used by ssl socket module.

	 */

	char *psk_identity;

};



/**