From: Hannes Reinecke Date: Thu, 16 Nov 2023 08:24:44 +0000 (+0100) Subject: nvme: sanitize nvme-gen-tls-key X-Git-Tag: v2.7~35 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=a471952d68ebb676403b45dddda51db7194596b9;p=users%2Fsagi%2Fnvme-cli.git nvme: sanitize nvme-gen-tls-key Simplify the hostnqn / subsysnqn check and do not insert the key if 'insert' is not specified. Signed-off-by: Hannes Reinecke --- diff --git a/Documentation/nvme-gen-tls-key.txt b/Documentation/nvme-gen-tls-key.txt index def8ecc0..772c7bcb 100644 --- a/Documentation/nvme-gen-tls-key.txt +++ b/Documentation/nvme-gen-tls-key.txt @@ -22,8 +22,9 @@ DESCRIPTION ----------- Generate a base64-encoded NVMe TLS pre-shared key (PSK). The resulting key is either printed in the PSK interchange format -'NVMeTLSkey-1:01::', -inserted as a 'retained' key into the specified keyring, or both. +'NVMeTLSkey-1:01::' or inserted as a +'retained' key into the specified keyring if the '--insert' option +is given. When the PSK should be inserted into the keyring a 'retained' key is derived from the secret key material. The resulting 'retained' key is stored with the identity diff --git a/nvme.c b/nvme.c index 7c6bbe2c..ba4e3d66 100644 --- a/nvme.c +++ b/nvme.c @@ -8702,9 +8702,18 @@ static int gen_tls_key(int argc, char **argv, struct command *command, struct pl cfg.identity); return -EINVAL; } - if (cfg.insert && !cfg.subsysnqn) { - nvme_show_error("No subsystem NQN specified"); - return -EINVAL; + if (cfg.insert) { + if (!cfg.subsysnqn) { + nvme_show_error("No subsystem NQN specified"); + return -EINVAL; + } + if (!cfg.hostnqn) { + cfg.hostnqn = nvmf_hostnqn_from_file(); + if (!cfg.hostnqn) { + nvme_show_error("Failed to read host NQN"); + return -EINVAL; + } + } } if (cfg.hmac == 2) key_len = 48; @@ -8736,19 +8745,7 @@ static int gen_tls_key(int argc, char **argv, struct command *command, struct pl } } - if (cfg.hostnqn && !cfg.subsysnqn) { - nvme_show_error("Need to specify subsystem NQN to insert a TLS key"); - return -EINVAL; - } - if (cfg.subsysnqn) { - if (!cfg.hostnqn) { - cfg.hostnqn = nvmf_hostnqn_from_file(); - if (!cfg.hostnqn) { - nvme_show_error("Failed to read host NQN"); - return -EINVAL; - } - } - + if (cfg.insert) { tls_key = nvme_insert_tls_key_versioned(cfg.keyring, cfg.keytype, cfg.hostnqn, cfg.subsysnqn, cfg.identity, @@ -8758,10 +8755,8 @@ static int gen_tls_key(int argc, char **argv, struct command *command, struct pl return -errno; } - if (cfg.insert) { - printf("Inserted TLS key %08x\n", (unsigned int)tls_key); - return 0; - } + printf("Inserted TLS key %08x\n", (unsigned int)tls_key); + return 0; } crc = crc32(crc, raw_secret, key_len); raw_secret[key_len++] = crc & 0xff;