Commit aa13730d authored by Konrad Sztyber's avatar Konrad Sztyber Committed by Jim Harris
Browse files

nvmf: set controller's DH-HMAC-CHAP key 



Similarly to the host key, this key is also set when adding a host.
Although a single key might be distributed to multiple hosts to
authenticate a controller, this makes it possible to use different keys
for each host.

Signed-off-by: default avatarKonrad Sztyber <konrad.sztyber@intel.com>
Change-Id: I6aea51d0884ebbe3a39d9164fb79eee98bb637c3
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/22808


Reviewed-by: default avatarBen Walker <ben@nvidia.com>
Reviewed-by: default avatarSeung yeon Shin <syeon.shin@samsung.com>
Reviewed-by: default avatarJim Harris <jim.harris@samsung.com>
Community-CI: Mellanox Build Bot
Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
parent 012e50f8

doc/jsonrpc.md

+1 −0
Original line number Diff line number Diff line
@@ -8527,6 +8527,7 @@ host | Required | string | Host NQN to add to the list o 
tgt_name                | Optional | string      | Parent NVMe-oF target name.

psk                     | Optional | string      | Path to a file containing PSK for TLS connection

dhchap_key              | Optional | string      | DH-HMAC-CHAP key name.

dhchap_ctrlr_key        | Optional | string      | DH-HMAC-CHAP controller key name.



#### Example

include/spdk/nvmf.h

+2 −0
Original line number Diff line number Diff line
@@ -617,6 +617,8 @@ struct spdk_nvmf_host_opts { 
	const struct spdk_json_val	*params;

	/** DH-HMAC-CHAP key */

	struct spdk_key			*dhchap_key;

	/** DH-HMAC-CHAP controller key */

	struct spdk_key			*dhchap_ctrlr_key;

};



/**

lib/nvmf/nvmf.c

+4 −0
Original line number Diff line number Diff line
@@ -603,6 +603,10 @@ nvmf_write_nvme_subsystem_config(struct spdk_json_write_ctx *w, 
			spdk_json_write_named_string(w, "dhchap_key",

						     spdk_key_get_name(host->dhchap_key));

		}

		if (host->dhchap_ctrlr_key != NULL) {

			spdk_json_write_named_string(w, "dhchap_ctrlr_key",

						     spdk_key_get_name(host->dhchap_ctrlr_key));

		}

		TAILQ_FOREACH(transport, &subsystem->tgt->transports, link) {

			if (transport->ops->subsystem_dump_host != NULL) {

				transport->ops->subsystem_dump_host(transport, subsystem, host->nqn, w);

lib/nvmf/nvmf_internal.h

+1 −0
Original line number Diff line number Diff line
@@ -84,6 +84,7 @@ struct spdk_nvmf_tgt { 
struct spdk_nvmf_host {

	char				nqn[SPDK_NVMF_NQN_MAX_LEN + 1];

	struct spdk_key			*dhchap_key;

	struct spdk_key			*dhchap_ctrlr_key;

	TAILQ_ENTRY(spdk_nvmf_host)	link;

};

lib/nvmf/nvmf_rpc.c

+22 −2
Original line number Diff line number Diff line
@@ -199,6 +199,10 @@ dump_nvmf_subsystem(struct spdk_json_write_ctx *w, struct spdk_nvmf_subsystem *s 
			spdk_json_write_named_string(w, "dhchap_key",

						     spdk_key_get_name(host->dhchap_key));

		}

		if (host->dhchap_ctrlr_key != NULL) {

			spdk_json_write_named_string(w, "dhchap_ctrlr_key",

						     spdk_key_get_name(host->dhchap_ctrlr_key));

		}

		spdk_json_write_object_end(w);

	}

	spdk_json_write_array_end(w);
@@ -1865,6 +1869,7 @@ struct nvmf_rpc_host_ctx { 
	char *host;

	char *tgt_name;

	char *dhchap_key;

	char *dhchap_ctrlr_key;

	bool allow_any_host;

};
@@ -1873,6 +1878,7 @@ static const struct spdk_json_object_decoder nvmf_rpc_subsystem_host_decoder[] = 
	{"host", offsetof(struct nvmf_rpc_host_ctx, host), spdk_json_decode_string},

	{"tgt_name", offsetof(struct nvmf_rpc_host_ctx, tgt_name), spdk_json_decode_string, true},

	{"dhchap_key", offsetof(struct nvmf_rpc_host_ctx, dhchap_key), spdk_json_decode_string, true},

	{"dhchap_ctrlr_key", offsetof(struct nvmf_rpc_host_ctx, dhchap_ctrlr_key), spdk_json_decode_string, true},

};



static void
@@ -1882,6 +1888,7 @@ nvmf_rpc_host_ctx_free(struct nvmf_rpc_host_ctx *ctx) 
	free(ctx->host);

	free(ctx->tgt_name);

	free(ctx->dhchap_key);

	free(ctx->dhchap_ctrlr_key);

}



static void
@@ -1892,7 +1899,7 @@ rpc_nvmf_subsystem_add_host(struct spdk_jsonrpc_request *request, 
	struct spdk_nvmf_subsystem *subsystem;

	struct spdk_nvmf_host_opts opts = {};

	struct spdk_nvmf_tgt *tgt;

	struct spdk_key *key = NULL;

	struct spdk_key *key = NULL, *ckey = NULL;

	int rc;



	if (spdk_json_decode_object_relaxed(params, nvmf_rpc_subsystem_host_decoder,
@@ -1928,9 +1935,21 @@ rpc_nvmf_subsystem_add_host(struct spdk_jsonrpc_request *request, 
		}

	}



	opts.size = SPDK_SIZEOF(&opts, dhchap_key);

	if (ctx.dhchap_ctrlr_key != NULL) {

		ckey = spdk_keyring_get_key(ctx.dhchap_ctrlr_key);

		if (ckey == NULL) {

			SPDK_ERRLOG("Unable to find DH-HMAC-CHAP ctrlr key: %s\n",

				    ctx.dhchap_ctrlr_key);

			spdk_jsonrpc_send_error_response(request, SPDK_JSONRPC_ERROR_INVALID_PARAMS,

							 "Invalid parameters");

			goto out;

		}

	}



	opts.size = SPDK_SIZEOF(&opts, dhchap_ctrlr_key);

	opts.params = params;

	opts.dhchap_key = key;

	opts.dhchap_ctrlr_key = ckey;

	rc = spdk_nvmf_subsystem_add_host_ext(subsystem, ctx.host, &opts);

	if (rc != 0) {

		spdk_jsonrpc_send_error_response(request, SPDK_JSONRPC_ERROR_INTERNAL_ERROR, "Internal error");
@@ -1939,6 +1958,7 @@ rpc_nvmf_subsystem_add_host(struct spdk_jsonrpc_request *request, 


	spdk_jsonrpc_send_bool_response(request, true);

out:

	spdk_keyring_put_key(ckey);

	spdk_keyring_put_key(key);

	nvmf_rpc_host_ctx_free(&ctx);

}