summaryrefslogtreecommitdiffstats
path: root/src/nvme/json.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 11:06:50 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 11:06:50 +0000
commitc662bc3e81d6cc7c9265ea9c58b8d1dbf66245ea (patch)
tree6a0ebdb4cb3c7b76c824f021d9f3624d16037457 /src/nvme/json.c
parentAdding upstream version 1.8. (diff)
downloadlibnvme-upstream.tar.xz
libnvme-upstream.zip
Adding upstream version 1.9.upstream/1.9upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--src/nvme/json.c95
1 files changed, 76 insertions, 19 deletions
diff --git a/src/nvme/json.c b/src/nvme/json.c
index b49498a..a02bd2d 100644
--- a/src/nvme/json.c
+++ b/src/nvme/json.c
@@ -25,10 +25,62 @@
#define JSON_UPDATE_BOOL_OPTION(c, k, a, o) \
if (!strcmp(# a, k ) && !c->a) c->a = json_object_get_boolean(o);
+static void json_import_nvme_tls_key(nvme_ctrl_t c, const char *keyring_str,
+ const char *encoded_key)
+{
+ struct nvme_fabrics_config *cfg = nvme_ctrl_get_config(c);
+ const char *hostnqn = nvme_host_get_hostnqn(c->s->h);
+ const char *subsysnqn = nvme_ctrl_get_subsysnqn(c);
+ int key_len;
+ unsigned int hmac;
+ long key_id;
+ _cleanup_free_ unsigned char *key_data = NULL;
+
+ if (!hostnqn || !subsysnqn) {
+ nvme_msg(NULL, LOG_ERR, "Invalid NQNs (%s, %s)\n",
+ hostnqn, subsysnqn);
+ return;
+ }
+ key_data = nvme_import_tls_key(encoded_key, &key_len, &hmac);
+ if (!key_data) {
+ nvme_msg(NULL, LOG_ERR, "Failed to decode TLS Key '%s'\n",
+ encoded_key);
+ return;
+ }
+ key_id = nvme_insert_tls_key_versioned(keyring_str, "psk",
+ hostnqn, subsysnqn,
+ 0, hmac, key_data, key_len);
+ if (key_id <= 0)
+ nvme_msg(NULL, LOG_ERR, "Failed to insert TLS KEY, error %d\n",
+ errno);
+ else {
+ cfg->tls_key = key_id;
+ cfg->tls = true;
+ }
+}
+
+static void json_export_nvme_tls_key(long keyring_id, long tls_key,
+ struct json_object *obj)
+{
+ int key_len;
+ _cleanup_free_ unsigned char *key_data = NULL;
+
+ key_data = nvme_read_key(keyring_id, tls_key, &key_len);
+ if (key_data) {
+ _cleanup_free_ char *tls_str = NULL;
+
+ tls_str = nvme_export_tls_key(key_data, key_len);
+ if (tls_str)
+ json_object_object_add(obj, "tls_key",
+ json_object_new_string(tls_str));
+ }
+}
+
static void json_update_attributes(nvme_ctrl_t c,
struct json_object *ctrl_obj)
{
struct nvme_fabrics_config *cfg = nvme_ctrl_get_config(c);
+ const char *keyring_str = NULL, *encoded_key = NULL;
json_object_object_foreach(ctrl_obj, key_str, val_obj) {
JSON_UPDATE_INT_OPTION(cfg, key_str,
@@ -75,21 +127,24 @@ static void json_update_attributes(nvme_ctrl_t c,
if (!strcmp("keyring", key_str) && cfg->keyring == 0) {
long keyring;
- keyring = nvme_lookup_keyring(json_object_get_string(val_obj));
+ keyring_str = json_object_get_string(val_obj);
+ keyring = nvme_lookup_keyring(keyring_str);
if (keyring) {
cfg->keyring = keyring;
nvme_set_keyring(cfg->keyring);
}
}
- if (!strcmp("tls_key", key_str) && cfg->tls_key == 0) {
- long key;
-
- key = nvme_lookup_key("psk",
- json_object_get_string(val_obj));
- if (key)
- cfg->tls_key = key;
- }
+ if (!strcmp("tls_key", key_str) && cfg->tls_key == 0)
+ encoded_key = json_object_get_string(val_obj);
}
+
+ /*
+ * We might need the keyring information from the above loop,
+ * so we can only import the TLS key once all entries are
+ * processed.
+ */
+ if (encoded_key)
+ json_import_nvme_tls_key(c, keyring_str, encoded_key);
}
static void json_parse_port(nvme_subsystem_t s, struct json_object *port_obj)
@@ -346,15 +401,11 @@ static void json_update_port(struct json_object *ctrl_array, nvme_ctrl_t c)
json_object_new_string(desc));
}
}
- if (cfg->tls_key) {
- _cleanup_free_ char *desc =
- nvme_describe_key_serial(cfg->tls_key);
-
- if (desc) {
- json_object_object_add(port_obj, "tls_key",
- json_object_new_string(desc));
- }
- }
+ /*
+ * Store the TLS key in PSK interchange format
+ */
+ if (cfg->tls_key)
+ json_export_nvme_tls_key(cfg->keyring, cfg->tls_key, port_obj);
json_object_array_add(ctrl_array, port_obj);
}
@@ -503,7 +554,13 @@ static void json_dump_ctrl(struct json_object *ctrl_array, nvme_ctrl_t c)
JSON_BOOL_OPTION(cfg, ctrl_obj, disable_sqflow);
JSON_BOOL_OPTION(cfg, ctrl_obj, hdr_digest);
JSON_BOOL_OPTION(cfg, ctrl_obj, data_digest);
- JSON_BOOL_OPTION(cfg, ctrl_obj, tls);
+ if (!strcmp(transport, "tcp")) {
+ JSON_BOOL_OPTION(cfg, ctrl_obj, tls);
+
+ if (cfg->tls_key)
+ json_export_nvme_tls_key(cfg->keyring, cfg->tls_key,
+ ctrl_obj);
+ }
JSON_BOOL_OPTION(cfg, ctrl_obj, concat);
if (nvme_ctrl_is_persistent(c))
json_object_object_add(ctrl_obj, "persistent",