summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/nvme/fabrics.c22
-rw-r--r--src/nvme/linux.c38
-rw-r--r--src/nvme/types.h2
3 files changed, 38 insertions, 24 deletions
diff --git a/src/nvme/fabrics.c b/src/nvme/fabrics.c
index 69acf04..6aa62ee 100644
--- a/src/nvme/fabrics.c
+++ b/src/nvme/fabrics.c
@@ -627,17 +627,19 @@ static int build_options(nvme_host_t h, nvme_ctrl_t c, char **argstr)
ctrlkey = nvme_ctrl_get_dhchap_key(c);
- ret = __nvme_import_keys_from_config(h, c, &keyring_id, &key_id);
- if (ret) {
- errno = -ret;
- return -1;
- }
+ if (cfg->tls) {
+ ret = __nvme_import_keys_from_config(h, c, &keyring_id, &key_id);
+ if (ret) {
+ errno = -ret;
+ return -1;
+ }
- if (key_id == 0) {
- if (cfg->tls_configured_key)
- key_id = cfg->tls_configured_key;
- else
- key_id = cfg->tls_key;
+ if (key_id == 0) {
+ if (cfg->tls_configured_key)
+ key_id = cfg->tls_configured_key;
+ else
+ key_id = cfg->tls_key;
+ }
}
if (add_argument(r, argstr, transport, transport) ||
diff --git a/src/nvme/linux.c b/src/nvme/linux.c
index e74fac2..a9ba58b 100644
--- a/src/nvme/linux.c
+++ b/src/nvme/linux.c
@@ -881,14 +881,14 @@ int nvme_gen_dhchap_key(char *hostnqn, enum nvme_hmac_alg hmac,
}
static int derive_psk_digest(const char *hostnqn, const char *subsysnqn,
- int version, int hmac,
+ int version, int cipher,
unsigned char *retained, size_t key_len,
char *digest, size_t digest_len)
{
static const char hmac_seed[] = "NVMe-over-Fabrics";
- const EVP_MD *md = select_hmac(hmac, &hmac_len);
_cleanup_hmac_ctx_ HMAC_CTX *hmac_ctx = NULL;
_cleanup_free_ unsigned char *psk_ctx = NULL;
+ const EVP_MD *md;
size_t hmac_len;
size_t len;
@@ -1517,9 +1517,9 @@ long nvme_revoke_tls_key(const char *keyring, const char *key_type,
return keyctl_revoke(key);
}
-static int __nvme_insert_tls_key(long keyring_id,
- const char *hostnqn, const char *subsysnqn,
- const char *identity, const char *key)
+static long __nvme_insert_tls_key(long keyring_id,
+ const char *hostnqn, const char *subsysnqn,
+ const char *identity, const char *key)
{
_cleanup_free_ unsigned char *key_data = NULL;
unsigned char version;
@@ -1554,7 +1554,7 @@ int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c,
const char *hostnqn = nvme_host_get_hostnqn(h);
const char *subsysnqn = nvme_ctrl_get_subsysnqn(c);
const char *keyring, *key, *identity;
- long kr_id, id = 0;
+ long kr_id = 0, id = 0;
if (!hostnqn || !subsysnqn) {
nvme_msg(h->r, LOG_ERR, "Invalid NQNs (%s, %s)\n",
@@ -1562,10 +1562,17 @@ int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c,
return -EINVAL;
}
+ /* If we don't have a key avoid all keyring operations */
+ key = nvme_ctrl_get_tls_key(c);
+ if (!key)
+ goto out;
+
keyring = nvme_ctrl_get_keyring(c);
- if (keyring)
+ if (keyring) {
kr_id = nvme_lookup_keyring(keyring);
- else
+ if (kr_id == 0)
+ return -errno;
+ } else
kr_id = c->cfg.keyring;
/*
@@ -1573,18 +1580,17 @@ int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c,
* keyring to connect command line and to the JSON config output.
* That means we are explicitly selecting the keyring.
*/
- if (!kr_id)
+ if (!kr_id) {
kr_id = nvme_lookup_keyring(".nvme");
+ if (kr_id == 0)
+ return -errno;
+ }
if (nvme_set_keyring(kr_id) < 0) {
nvme_msg(h->r, LOG_ERR, "Failed to set keyring\n");
return -errno;
}
- key = nvme_ctrl_get_tls_key(c);
- if (!key)
- return 0;
-
identity = nvme_ctrl_get_tls_key_identity(c);
if (identity)
id = nvme_lookup_key("psk", identity);
@@ -1599,6 +1605,7 @@ int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c,
return -errno;
}
+out:
*keyring_id = kr_id;
*key_id = id;
@@ -1681,7 +1688,10 @@ long nvme_revoke_tls_key(const char *keyring, const char *key_type,
int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c,
long *keyring_id, long *key_id)
{
- return -ENOTSUP;
+ *keyring_id = 0;
+ *key_id = 0;
+
+ return 0;
}
#endif
diff --git a/src/nvme/types.h b/src/nvme/types.h
index 7d143d3..fdc4652 100644
--- a/src/nvme/types.h
+++ b/src/nvme/types.h
@@ -1711,6 +1711,7 @@ enum nvme_id_ctrl_oaes {
* @NVME_CTRL_CTRATT_ELBAS: Extended LBA Formats supported
* @NVME_CTRL_CTRATT_MEM: MDTS and Size Limits Exclude Metadata supported
* @NVME_CTRL_CTRATT_HMBR: HMB Restrict Non-Operational Power State Access
+ * @NVME_CTRL_CTRATT_RHII: Reservations and Host Identifier Interaction
* @NVME_CTRL_CTRATT_FDPS: Flexible Data Placement supported
*/
enum nvme_id_ctrl_ctratt {
@@ -1732,6 +1733,7 @@ enum nvme_id_ctrl_ctratt {
NVME_CTRL_CTRATT_ELBAS = 1 << 15,
NVME_CTRL_CTRATT_MEM = 1 << 16,
NVME_CTRL_CTRATT_HMBR = 1 << 17,
+ NVME_CTRL_CTRATT_RHII = 1 << 18,
NVME_CTRL_CTRATT_FDPS = 1 << 19,
};