diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 11:06:50 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 11:06:50 +0000 |
commit | c662bc3e81d6cc7c9265ea9c58b8d1dbf66245ea (patch) | |
tree | 6a0ebdb4cb3c7b76c824f021d9f3624d16037457 /src/nvme/json.c | |
parent | Adding upstream version 1.8. (diff) | |
download | libnvme-upstream.tar.xz libnvme-upstream.zip |
Adding upstream version 1.9.upstream/1.9upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | src/nvme/json.c | 95 |
1 files changed, 76 insertions, 19 deletions
diff --git a/src/nvme/json.c b/src/nvme/json.c index b49498a..a02bd2d 100644 --- a/src/nvme/json.c +++ b/src/nvme/json.c @@ -25,10 +25,62 @@ #define JSON_UPDATE_BOOL_OPTION(c, k, a, o) \ if (!strcmp(# a, k ) && !c->a) c->a = json_object_get_boolean(o); +static void json_import_nvme_tls_key(nvme_ctrl_t c, const char *keyring_str, + const char *encoded_key) +{ + struct nvme_fabrics_config *cfg = nvme_ctrl_get_config(c); + const char *hostnqn = nvme_host_get_hostnqn(c->s->h); + const char *subsysnqn = nvme_ctrl_get_subsysnqn(c); + int key_len; + unsigned int hmac; + long key_id; + _cleanup_free_ unsigned char *key_data = NULL; + + if (!hostnqn || !subsysnqn) { + nvme_msg(NULL, LOG_ERR, "Invalid NQNs (%s, %s)\n", + hostnqn, subsysnqn); + return; + } + key_data = nvme_import_tls_key(encoded_key, &key_len, &hmac); + if (!key_data) { + nvme_msg(NULL, LOG_ERR, "Failed to decode TLS Key '%s'\n", + encoded_key); + return; + } + key_id = nvme_insert_tls_key_versioned(keyring_str, "psk", + hostnqn, subsysnqn, + 0, hmac, key_data, key_len); + if (key_id <= 0) + nvme_msg(NULL, LOG_ERR, "Failed to insert TLS KEY, error %d\n", + errno); + else { + cfg->tls_key = key_id; + cfg->tls = true; + } +} + +static void json_export_nvme_tls_key(long keyring_id, long tls_key, + struct json_object *obj) +{ + int key_len; + _cleanup_free_ unsigned char *key_data = NULL; + + key_data = nvme_read_key(keyring_id, tls_key, &key_len); + if (key_data) { + _cleanup_free_ char *tls_str = NULL; + + tls_str = nvme_export_tls_key(key_data, key_len); + if (tls_str) + json_object_object_add(obj, "tls_key", + json_object_new_string(tls_str)); + } +} + static void json_update_attributes(nvme_ctrl_t c, struct json_object *ctrl_obj) { struct nvme_fabrics_config *cfg = nvme_ctrl_get_config(c); + const char *keyring_str = NULL, *encoded_key = NULL; json_object_object_foreach(ctrl_obj, key_str, val_obj) { JSON_UPDATE_INT_OPTION(cfg, key_str, @@ -75,21 +127,24 @@ static void json_update_attributes(nvme_ctrl_t c, if (!strcmp("keyring", key_str) && cfg->keyring == 0) { long keyring; - keyring = nvme_lookup_keyring(json_object_get_string(val_obj)); + keyring_str = json_object_get_string(val_obj); + keyring = nvme_lookup_keyring(keyring_str); if (keyring) { cfg->keyring = keyring; nvme_set_keyring(cfg->keyring); } } - if (!strcmp("tls_key", key_str) && cfg->tls_key == 0) { - long key; - - key = nvme_lookup_key("psk", - json_object_get_string(val_obj)); - if (key) - cfg->tls_key = key; - } + if (!strcmp("tls_key", key_str) && cfg->tls_key == 0) + encoded_key = json_object_get_string(val_obj); } + + /* + * We might need the keyring information from the above loop, + * so we can only import the TLS key once all entries are + * processed. + */ + if (encoded_key) + json_import_nvme_tls_key(c, keyring_str, encoded_key); } static void json_parse_port(nvme_subsystem_t s, struct json_object *port_obj) @@ -346,15 +401,11 @@ static void json_update_port(struct json_object *ctrl_array, nvme_ctrl_t c) json_object_new_string(desc)); } } - if (cfg->tls_key) { - _cleanup_free_ char *desc = - nvme_describe_key_serial(cfg->tls_key); - - if (desc) { - json_object_object_add(port_obj, "tls_key", - json_object_new_string(desc)); - } - } + /* + * Store the TLS key in PSK interchange format + */ + if (cfg->tls_key) + json_export_nvme_tls_key(cfg->keyring, cfg->tls_key, port_obj); json_object_array_add(ctrl_array, port_obj); } @@ -503,7 +554,13 @@ static void json_dump_ctrl(struct json_object *ctrl_array, nvme_ctrl_t c) JSON_BOOL_OPTION(cfg, ctrl_obj, disable_sqflow); JSON_BOOL_OPTION(cfg, ctrl_obj, hdr_digest); JSON_BOOL_OPTION(cfg, ctrl_obj, data_digest); - JSON_BOOL_OPTION(cfg, ctrl_obj, tls); + if (!strcmp(transport, "tcp")) { + JSON_BOOL_OPTION(cfg, ctrl_obj, tls); + + if (cfg->tls_key) + json_export_nvme_tls_key(cfg->keyring, cfg->tls_key, + ctrl_obj); + } JSON_BOOL_OPTION(cfg, ctrl_obj, concat); if (nvme_ctrl_is_persistent(c)) json_object_object_add(ctrl_obj, "persistent", |