[PATCH nvme-cli] nvme-connect: Add 'dhchap-secret' and 'dhchap-bidi' arguments

Hannes Reinecke hare at suse.de
Mon Sep 13 02:42:01 PDT 2021 

Add 'dhchap-secret' and 'dhchap-bidi' arguments for nvme-connect
to enable NVMe In-Band authentication.
This is the nvme-cli patch to support NVMe In-band authentication as posted
on the linux-nvme mailinglist.

Signed-off-by: Hannes Reinecke <hare at suse.de>
---
 Documentation/nvme-connect.txt | 14 ++++++++++++++
 fabrics.c                      | 29 ++++++++++++++++++++++-------
 2 files changed, 36 insertions(+), 7 deletions(-)

diff --git a/Documentation/nvme-connect.txt b/Documentation/nvme-connect.txt
index 4d7bb52..8cfc34e 100644
--- a/Documentation/nvme-connect.txt
+++ b/Documentation/nvme-connect.txt
@@ -17,6 +17,7 @@ SYNOPSIS
 		[--host-iface=<iface>     | -f <iface>]
 		[--hostnqn=<hostnqn>      | -q <hostnqn>]
 		[--hostid=<hostid>        | -I <hostid>]
+		[--dhchap-secret=<secret> | -S <secret>]
 		[--nr-io-queues=<#>       | -i <#>]
 		[--nr-write-queues=<#>    | -W <#>]
 		[--nr-poll-queues=<#>     | -P <#>]
@@ -28,6 +29,7 @@ SYNOPSIS
 		[--disable-sqflow         | -d]
 		[--hdr-digest             | -g]
 		[--data-digest            | -G]
+		[--dhchap-bidi            | -B]
 
 DESCRIPTION
 -----------
@@ -92,6 +94,14 @@ OPTIONS
 	UUID(Universally Unique Identifier) to be discovered which should be
 	formatted.
 
+-S <secret>::
+--dhchap-secret=<secret>::
+	NVMe In-band authentication secret; needs to be in ASCII format as
+	specified in NVMe 2.0 section 8.13.5.8 'Secret representation'.
+	If this option is not specified, the default is read from
+	/etc/nvme/hostkey. If that does not exist no in-band authentication
+	is attempted.
+
 -i <#>::
 --nr-io-queues=<#>::
 	Overrides the default number of I/O queues create by the driver.
@@ -140,6 +150,10 @@ OPTIONS
 --data-digest::
 	Generates/verifies data digest (TCP).
 
+-B::
+--dhchap-bidi::
+	Enable bidirectional authentication (TCP).
+
 EXAMPLES
 --------
 * Connect to a subsystem named nqn.2014-08.com.example:nvme:nvm-subsystem-sn-d78432
diff --git a/fabrics.c b/fabrics.c
index b132546..d1386c3 100644
--- a/fabrics.c
+++ b/fabrics.c
@@ -60,6 +60,7 @@ static const char *nvmf_htraddr		= "host traddr (e.g. FC WWN's)";
 static const char *nvmf_hiface		= "host interface (for tcp transport)";
 static const char *nvmf_hostnqn		= "user-defined hostnqn";
 static const char *nvmf_hostid		= "user-defined hostid (if default not used)";
+static const char *nvmf_hostkey		= "user-defined hostkey (if default not used)";
 static const char *nvmf_nr_io_queues	= "number of io queues to use (default is core count)";
 static const char *nvmf_nr_write_queues	= "number of write queues to use (default 0)";
 static const char *nvmf_nr_poll_queues	= "number of poll queues to use (default 0)";
@@ -72,6 +73,7 @@ static const char *nvmf_dup_connect	= "allow duplicate connections between same
 static const char *nvmf_disable_sqflow	= "disable controller sq flow control (default false)";
 static const char *nvmf_hdr_digest	= "enable transport protocol header digest (TCP transport)";
 static const char *nvmf_data_digest	= "enable transport protocol data digest (TCP transport)";
+static const char *nvmf_dhchap_bidi	= "enable bidirectional authentication (TCP transport)";
 static const char *nvmf_config_file	= "Use specified JSON configuration file or 'none' to disable";
 
 #define NVMF_OPTS(c)									\
@@ -82,6 +84,7 @@ static const char *nvmf_config_file	= "Use specified JSON configuration file or
 	OPT_STRING("host-iface",      'f', "STR", &host_iface,	nvmf_hiface), \
 	OPT_STRING("hostnqn",         'q', "STR", &hostnqn,	nvmf_hostnqn), \
 	OPT_STRING("hostid",          'I', "STR", &hostid,	nvmf_hostid), \
+	OPT_STRING("dhchap-secret",   'S', "STR", &hostkey,	nvmf_hostkey), \
 	OPT_INT("nr-io-queues",       'i', &c.nr_io_queues,       nvmf_nr_io_queues),	\
 	OPT_INT("nr-write-queues",    'W', &c.nr_write_queues,    nvmf_nr_write_queues),\
 	OPT_INT("nr-poll-queues",     'P', &c.nr_poll_queues,     nvmf_nr_poll_queues),	\
@@ -93,8 +96,8 @@ static const char *nvmf_config_file	= "Use specified JSON configuration file or
 	OPT_FLAG("duplicate-connect", 'D', &c.duplicate_connect,  nvmf_dup_connect),	\
 	OPT_FLAG("disable-sqflow",    'd', &c.disable_sqflow,     nvmf_disable_sqflow),	\
 	OPT_FLAG("hdr-digest",        'g', &c.hdr_digest,         nvmf_hdr_digest),	\
-	OPT_FLAG("data-digest",       'G', &c.data_digest,        nvmf_data_digest)     \
-
+	OPT_FLAG("data-digest",       'G', &c.data_digest,        nvmf_data_digest), \
+	OPT_FLAG("dhchap-bidi",       'B', &c.dhchap_bidi,        nvmf_dhchap_bidi)
 
 static void space_strip_len(int max, char *str)
 {
@@ -296,7 +299,7 @@ static int discover_from_conf_file(nvme_host_t h, const char *desc,
 {
 	char *transport = NULL, *traddr = NULL, *trsvcid = NULL;
 	char *host_traddr = NULL, *host_iface = NULL;
-	char *hostnqn = NULL, *hostid = NULL;
+	char *hostnqn = NULL, *hostid = NULL, *hostkey = NULL;
 	char *ptr, **argv, *p, line[4096];
 	int argc, ret = 0;
 	FILE *f;
@@ -369,10 +372,10 @@ out:
 int nvmf_discover(const char *desc, int argc, char **argv, bool connect)
 {
 	char *nqn = NVME_DISC_SUBSYS_NAME;
-	char *hostnqn = NULL, *hostid = NULL;
+	char *hostnqn = NULL, *hostid = NULL, *hostkey = NULL;
 	char *host_traddr = NULL, *host_iface = NULL;
 	char *transport = NULL, *traddr = NULL, *trsvcid = NULL;
-	char *hnqn = NULL, *hid = NULL;
+	char *hnqn = NULL, *hid = NULL, *hkey = NULL;
 	char *config_file = PATH_NVMF_CONFIG;
 	enum nvme_print_flags flags;
 	nvme_root_t r;
@@ -434,6 +437,8 @@ int nvmf_discover(const char *desc, int argc, char **argv, bool connect)
 		hostnqn = hnqn = nvmf_hostnqn_from_file();
 	if (!hostid)
 		hostid = hid = nvmf_hostid_from_file();
+	if (!hostkey)
+		hostkey = hkey = nvmf_hostkey_from_file();
 	h = nvme_lookup_host(r, hostnqn, hostid);
 	if (!h) {
 		ret = ENOMEM;
@@ -445,6 +450,8 @@ int nvmf_discover(const char *desc, int argc, char **argv, bool connect)
 		else if (!strncmp(device, "/dev/", 5))
 			device += 5;
 	}
+	if (hostkey)
+		nvme_host_set_hostkey(h, hostkey);
 
 	if (!device && !transport && !traddr) {
 		ret = discover_from_conf_file(h, desc, connect, &cfg);
@@ -520,6 +527,8 @@ out_free:
 		free(hnqn);
 	if (hid)
 		free(hid);
+	if (hkey)
+		free(hkey);
 	nvme_free_tree(r);
 
 	return ret;
@@ -527,11 +536,11 @@ out_free:
 
 int nvmf_connect(const char *desc, int argc, char **argv)
 {
-	char *hnqn = NULL, *hid = NULL;
+	char *hnqn = NULL, *hid = NULL, *hkey = NULL;
 	char *subsysnqn = NULL;
 	char *transport = NULL, *traddr = NULL;
 	char *host_traddr = NULL, *host_iface = NULL;
-	char *trsvcid = NULL, *hostnqn = NULL, *hostid = NULL;
+	char *trsvcid = NULL, *hostnqn = NULL, *hostid = NULL, *hostkey = NULL;
 	char *config_file = PATH_NVMF_CONFIG;
 	unsigned int verbose = 0;
 	nvme_root_t r;
@@ -599,11 +608,15 @@ int nvmf_connect(const char *desc, int argc, char **argv)
 		hostnqn = hnqn = nvmf_hostnqn_from_file();
 	if (!hostid)
 		hostid = hid = nvmf_hostid_from_file();
+	if (!hostkey)
+		hostkey = hkey = nvmf_hostkey_from_file();
 	h = nvme_lookup_host(r, hostnqn, hostid);
 	if (!h) {
 		errno = ENOMEM;
 		goto out_free;
 	}
+	if (hostkey)
+		nvme_host_set_hostkey(h, hostkey);
 	c = nvme_create_ctrl(subsysnqn, transport, traddr,
 			     host_traddr, host_iface, trsvcid);
 	if (!c) {
@@ -620,6 +633,8 @@ out_free:
 		free(hnqn);
 	if (hid)
 		free(hid);
+	if (hkey)
+		free(hkey);
 	nvme_free_tree(r);
 	return errno;
 }
-- 
2.26.2

More information about the Linux-nvme mailing list