From: Hannes Reinecke <hare@suse.de>
To: Sagi Grimberg <sagi@grimberg.me>
Cc: Keith Busch <keith.busch@wdc.com>, Christoph Hellwig <hch@lst.de>,
linux-nvme@lists.infradead.org, Hannes Reinecke <hare@suse.de>
Subject: [PATCH nvme-cli 3/3] nvme-connect: Add 'dhchap-secret' and 'dhchap-ctrl-secret' arguments
Date: Fri, 12 Nov 2021 14:11:11 +0100 [thread overview]
Message-ID: <20211112131111.97599-4-hare@suse.de> (raw)
In-Reply-To: <20211112131111.97599-1-hare@suse.de>
Add 'dhchap-secret' and 'dhchap-ctrl-secret' arguments for nvme-connect
to enable NVMe In-Band authentication.
Signed-off-by: Hannes Reinecke <hare@suse.de>
---
Documentation/nvme-connect.txt | 17 +++++++++++++++++
fabrics.c | 17 ++++++++++++++---
2 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/Documentation/nvme-connect.txt b/Documentation/nvme-connect.txt
index 45b517a..4d24e2f 100644
--- a/Documentation/nvme-connect.txt
+++ b/Documentation/nvme-connect.txt
@@ -17,6 +17,8 @@ SYNOPSIS
[--host-iface=<iface> | -f <iface>]
[--hostnqn=<hostnqn> | -q <hostnqn>]
[--hostid=<hostid> | -I <hostid>]
+ [--dhchap-secret=<secret> | -S <secret>]
+ [--dhchap-ctrl-secret=<secret> | -C <secret>]
[--nr-io-queues=<#> | -i <#>]
[--nr-write-queues=<#> | -W <#>]
[--nr-poll-queues=<#> | -P <#>]
@@ -92,6 +94,21 @@ OPTIONS
UUID(Universally Unique Identifier) to be discovered which should be
formatted.
+-S <secret>::
+--dhchap-secret=<secret>::
+ NVMe In-band authentication secret; needs to be in ASCII format as
+ specified in NVMe 2.0 section 8.13.5.8 'Secret representation'.
+ If this option is not specified, the default is read from
+ /etc/nvme/hostkey. If that does not exist no in-band authentication
+ is attempted.
+
+-C <secret>::
+--dhchap-ctrl-secret=<secret>::
+ NVMe In-band authentication controller secret for bi-directional
+ authentication; needs to be in ASCII format as
+ specified in NVMe 2.0 section 8.13.5.8 'Secret representation'.
+ If not present bi-directional authentication is not attempted.
+
-i <#>::
--nr-io-queues=<#>::
Overrides the default number of I/O queues create by the driver.
diff --git a/fabrics.c b/fabrics.c
index 012bcb8..8ed618e 100644
--- a/fabrics.c
+++ b/fabrics.c
@@ -60,6 +60,8 @@ static const char *nvmf_htraddr = "host traddr (e.g. FC WWN's)";
static const char *nvmf_hiface = "host interface (for tcp transport)";
static const char *nvmf_hostnqn = "user-defined hostnqn";
static const char *nvmf_hostid = "user-defined hostid (if default not used)";
+static const char *nvmf_hostkey = "user-defined dhchap key (if default not used)";
+static const char *nvmf_ctrlkey = "user-defined dhchap controller key (for bi-directional authentication)";
static const char *nvmf_nr_io_queues = "number of io queues to use (default is core count)";
static const char *nvmf_nr_write_queues = "number of write queues to use (default 0)";
static const char *nvmf_nr_poll_queues = "number of poll queues to use (default 0)";
@@ -82,6 +84,8 @@ static const char *nvmf_config_file = "Use specified JSON configuration file or
OPT_STRING("host-iface", 'f', "STR", &host_iface, nvmf_hiface), \
OPT_STRING("hostnqn", 'q', "STR", &hostnqn, nvmf_hostnqn), \
OPT_STRING("hostid", 'I', "STR", &hostid, nvmf_hostid), \
+ OPT_STRING("dhchap-secret", 'S', "STR", &hostkey, nvmf_hostkey), \
+ OPT_STRING("dhchap-ctrl-secret", 'C', "STR", &ctrlkey, nvmf_ctrlkey), \
OPT_INT("nr-io-queues", 'i', &c.nr_io_queues, nvmf_nr_io_queues), \
OPT_INT("nr-write-queues", 'W', &c.nr_write_queues, nvmf_nr_write_queues),\
OPT_INT("nr-poll-queues", 'P', &c.nr_poll_queues, nvmf_nr_poll_queues), \
@@ -93,7 +97,7 @@ static const char *nvmf_config_file = "Use specified JSON configuration file or
OPT_FLAG("duplicate-connect", 'D', &c.duplicate_connect, nvmf_dup_connect), \
OPT_FLAG("disable-sqflow", 'd', &c.disable_sqflow, nvmf_disable_sqflow), \
OPT_FLAG("hdr-digest", 'g', &c.hdr_digest, nvmf_hdr_digest), \
- OPT_FLAG("data-digest", 'G', &c.data_digest, nvmf_data_digest) \
+ OPT_FLAG("data-digest", 'G', &c.data_digest, nvmf_data_digest) \
static void space_strip_len(int max, char *str)
@@ -296,7 +300,7 @@ static int discover_from_conf_file(nvme_host_t h, const char *desc,
{
char *transport = NULL, *traddr = NULL, *trsvcid = NULL;
char *host_traddr = NULL, *host_iface = NULL;
- char *hostnqn = NULL, *hostid = NULL;
+ char *hostnqn = NULL, *hostid = NULL, *hostkey = NULL, *ctrlkey = NULL;
char *ptr, **argv, *p, line[4096];
int argc, ret = 0;
unsigned int verbose = 0;
@@ -383,7 +387,7 @@ out:
int nvmf_discover(const char *desc, int argc, char **argv, bool connect)
{
char *nqn = NVME_DISC_SUBSYS_NAME;
- char *hostnqn = NULL, *hostid = NULL;
+ char *hostnqn = NULL, *hostid = NULL, *hostkey = NULL, *ctrlkey = NULL;
char *host_traddr = NULL, *host_iface = NULL;
char *transport = NULL, *traddr = NULL, *trsvcid = NULL;
char *hnqn = NULL, *hid = NULL;
@@ -459,6 +463,8 @@ int nvmf_discover(const char *desc, int argc, char **argv, bool connect)
else if (!strncmp(device, "/dev/", 5))
device += 5;
}
+ if (hostkey)
+ nvme_host_set_dhchap_key(h, hostkey);
if (!device && !transport && !traddr) {
ret = discover_from_conf_file(h, desc, connect, &cfg);
@@ -546,6 +552,7 @@ int nvmf_connect(const char *desc, int argc, char **argv)
char *transport = NULL, *traddr = NULL;
char *host_traddr = NULL, *host_iface = NULL;
char *trsvcid = NULL, *hostnqn = NULL, *hostid = NULL;
+ char *hostkey = NULL, *ctrlkey = NULL;
char *config_file = PATH_NVMF_CONFIG;
unsigned int verbose = 0;
nvme_root_t r;
@@ -618,12 +625,16 @@ int nvmf_connect(const char *desc, int argc, char **argv)
errno = ENOMEM;
goto out_free;
}
+ if (hostkey)
+ nvme_host_set_dhchap_key(h, hostkey);
c = nvme_create_ctrl(subsysnqn, transport, traddr,
host_traddr, host_iface, trsvcid);
if (!c) {
errno = ENOMEM;
goto out_free;
}
+ if (ctrlkey)
+ nvme_ctrl_set_dhchap_key(c, ctrlkey);
errno = 0;
ret = nvmf_add_ctrl(h, c, &cfg, cfg.disable_sqflow);
--
2.31.1
prev parent reply other threads:[~2021-11-12 13:13 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-12 13:11 [PATCHv5 nvme-cli 0/3] nvme-cli authentication support Hannes Reinecke
2021-11-12 13:11 ` [PATCH nvme-cli 1/3] Add 'gen-dhchap-key' command Hannes Reinecke
2021-11-12 13:11 ` [PATCH nvme-cli 2/3] Add 'check-dhchap-key' function Hannes Reinecke
2021-11-12 13:11 ` Hannes Reinecke [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211112131111.97599-4-hare@suse.de \
--to=hare@suse.de \
--cc=hch@lst.de \
--cc=keith.busch@wdc.com \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.