🚀GitLab Update today at 7:30 am 🚀
🕑Scheduled Maintenance approx. 15 minutes
🚫Expected Downtime approx. 5 minutes
📧simon.buttgereit@tu-ilmenau.de

Commit d341bee7 authored Sep 05, 2024 by Konrad Sztyber Committed by Jim Harris Sep 17, 2024

nvme: require TLS PSKs to be specified via keyring



It's no longer possible to pass the key directly in spdk_nvme_ctrl_opts.
This method was deprecated and was supposed to be removed in the
upcoming release.

Signed-off-by: Konrad Sztyber <konrad.sztyber@intel.com>
Change-Id: If06e087abb83da6b2f22c4a9f7129720f26e6f0d
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/24810


Reviewed-by: Jim Harris <jim.harris@samsung.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Community-CI: Mellanox Build Bot
Reviewed-by: Aleksey Marchuk <alexeymar@nvidia.com>

parent 698b2423

deprecation.md

+0 −8

Original line number	Diff line number	Diff line
		@@ -19,14 +19,6 @@ The tags can be matched with the level 4 headers below.

		## Deprecation Notices

		### nvme

		#### `spdk_nvme_ctrlr_opts.psk`

		Passing NVMe/TLS pre-shared keys via `spdk_nvme_ctrlr_opts.psk` is deprecated and this field will be
		removed in the v24.09 release. Instead, a key obtained from the keyring library should be passed
		in `spdk_nvme_ctrlr_opts.tls_psk`.

		### gpt

		#### `old_gpt_guid`

include/spdk/module/bdev/nvme.h

+1 −2

Original line number	Diff line number	Diff line
		@@ -34,8 +34,7 @@ struct spdk_bdev_nvme_ctrlr_opts {
		uint32_t reconnect_delay_sec;
		uint32_t fast_io_fail_timeout_sec;
		bool from_discovery_service;
		/* Name of the PSK or path to the file containing PSK. */
		char psk[PATH_MAX];
		const char *psk;
		const char *dhchap_key;
		const char *dhchap_ctrlr_key;

include/spdk/nvme.h

+2 −8

Original line number	Diff line number	Diff line
		@@ -270,14 +270,8 @@ struct spdk_nvme_ctrlr_opts {
		*/
		uint8_t disable_read_changed_ns_list_log_page;

		/**
		* Set PSK and enable SSL socket implementation for NVMe/TCP only.
		*
		* If empty, a default socket implementation will be used.
		* The TLS PSK interchange format is: NVMeTLSkey-1:xx:[Base64 encoded string]:
		* 12B (header) + 2B (hash) + 176B (base64 for 1024b + crc32) + 3B (colons) + 1B (NULL) + 6B (extra space for future)
		*/
		char psk[200];
		/* Hole at bytes 617-816. */
		uint8_t reserved617[200];

		/**
		* It is used for RDMA transport.

lib/nvme/nvme.c

+0 −1

Original line number	Diff line number	Diff line
		@@ -1009,7 +1009,6 @@ nvme_ctrlr_opts_init(struct spdk_nvme_ctrlr_opts *opts,
		SET_FIELD(fabrics_connect_timeout_us);
		SET_FIELD(disable_read_ana_log_page);
		SET_FIELD(disable_read_changed_ns_list_log_page);
		SET_FIELD_ARRAY(psk);
		SET_FIELD(tls_psk);
		SET_FIELD(dhchap_key);
		SET_FIELD(dhchap_ctrlr_key);

lib/nvme/nvme_ctrlr.c

+0 −5

Original line number	Diff line number	Diff line
		@@ -242,11 +242,6 @@ spdk_nvme_ctrlr_get_default_ctrlr_opts(struct spdk_nvme_ctrlr_opts *opts, size_t
		SPDK_BIT(SPDK_NVMF_DHCHAP_DHGROUP_4096) \|
		SPDK_BIT(SPDK_NVMF_DHCHAP_DHGROUP_6144) \|
		SPDK_BIT(SPDK_NVMF_DHCHAP_DHGROUP_8192));

		if (FIELD_OK(psk)) {
		memset(opts->psk, 0, sizeof(opts->psk));
		}

		#undef FIELD_OK
		#undef SET_FIELD
		}