From 342b186434cfa386ef5fc07a1cd5413199ddb950 Mon Sep 17 00:00:00 2001
From: Hannes Reinecke <hare@suse.de>
Date: Thu, 23 Mar 2023 10:44:02 +0100
Subject: [PATCH] fabrics: add configuration option 'tls_key'

Add a fabrics configuration option to specify the TLS PSK for a
connection. The PSK is referenced by its serial number, but stored
with its description in the JSON configuration file.

Signed-off-by: Hannes Reinecke <hare@suse.de>
---
 doc/config-schema.json |  4 ++++
 doc/rst/fabrics.rst    |  4 ++++
 src/nvme/fabrics.c     |  4 ++++
 src/nvme/fabrics.h     |  2 ++
 src/nvme/json.c        | 17 +++++++++++++++++
 5 files changed, 31 insertions(+)

diff --git a/doc/config-schema.json b/doc/config-schema.json
index 68b1e2fd..f10671d4 100644
--- a/doc/config-schema.json
+++ b/doc/config-schema.json
@@ -98,6 +98,10 @@
 		    "description": "Keyring to store and lookup keys",
 		    "type": "string",
 		},
+		"tls_key": {
+		    "description": "TLS PSK for the connection",
+		    "type": "string",
+		},
 		"nr_io_queues": {
 		    "description": "Number of I/O queues",
 		    "type": "integer"
diff --git a/doc/rst/fabrics.rst b/doc/rst/fabrics.rst
index ace7929d..6df058c1 100644
--- a/doc/rst/fabrics.rst
+++ b/doc/rst/fabrics.rst
@@ -28,6 +28,7 @@ Fabrics-specific definitions.
     int nr_poll_queues;
     int tos;
     int keyring;
+    int tls_key;
     bool duplicate_connect;
     bool disable_sqflow;
     bool hdr_digest;
@@ -73,6 +74,9 @@ Fabrics-specific definitions.
 ``keyring``
   Serial number of the keyring to store and lookup keys
 
+``tls_key``
+  Serial number of the TLS PSK for the connection
+
 ``duplicate_connect``
   Allow multiple connections to the same target
 
diff --git a/src/nvme/fabrics.c b/src/nvme/fabrics.c
index 8c9cff31..6dab5466 100644
--- a/src/nvme/fabrics.c
+++ b/src/nvme/fabrics.c
@@ -217,6 +217,7 @@ static struct nvme_fabrics_config *merge_config(nvme_ctrl_t c,
 	MERGE_CFG_OPTION(ctrl_cfg, cfg, fast_io_fail_tmo, 0);
 	MERGE_CFG_OPTION(ctrl_cfg, cfg, tos, -1);
 	MERGE_CFG_OPTION(ctrl_cfg, cfg, keyring, 0);
+	MERGE_CFG_OPTION(ctrl_cfg, cfg, tls_key, 0);
 	MERGE_CFG_OPTION(ctrl_cfg, cfg, duplicate_connect, false);
 	MERGE_CFG_OPTION(ctrl_cfg, cfg, disable_sqflow, false);
 	MERGE_CFG_OPTION(ctrl_cfg, cfg, hdr_digest, false);
@@ -245,6 +246,7 @@ void nvmf_update_config(nvme_ctrl_t c, const struct nvme_fabrics_config *cfg)
 	UPDATE_CFG_OPTION(ctrl_cfg, cfg, fast_io_fail_tmo, 0);
 	UPDATE_CFG_OPTION(ctrl_cfg, cfg, tos, -1);
 	UPDATE_CFG_OPTION(ctrl_cfg, cfg, keyring, 0);
+	UPDATE_CFG_OPTION(ctrl_cfg, cfg, tls_key, 0);
 	UPDATE_CFG_OPTION(ctrl_cfg, cfg, duplicate_connect, false);
 	UPDATE_CFG_OPTION(ctrl_cfg, cfg, disable_sqflow, false);
 	UPDATE_CFG_OPTION(ctrl_cfg, cfg, hdr_digest, false);
@@ -520,6 +522,8 @@ static int build_options(nvme_host_t h, nvme_ctrl_t c, char **argstr)
 	    (strcmp(transport, "loop") &&
 	     add_int_argument(argstr, "tos", cfg->tos, true)) ||
 	    add_int_argument(argstr, "keyring", cfg->keyring, false) ||
+	    (!strcmp(transport, "tcp") &&
+	     add_int_argument(argstr, "tls_key", cfg->tls_key, false)) ||
 	    add_bool_argument(argstr, "duplicate_connect",
 			      cfg->duplicate_connect) ||
 	    add_bool_argument(argstr, "disable_sqflow",
diff --git a/src/nvme/fabrics.h b/src/nvme/fabrics.h
index 68f171ab..9298f7b3 100644
--- a/src/nvme/fabrics.h
+++ b/src/nvme/fabrics.h
@@ -36,6 +36,7 @@
  * @nr_poll_queues:	Number of queues to reserve for polling completions
  * @tos:		Type of service
  * @keyring:		Keyring to store and lookup keys
+ * @tls_key:		TLS PSK for the connection
  * @duplicate_connect:	Allow multiple connections to the same target
  * @disable_sqflow:	Disable controller sq flow control
  * @hdr_digest:		Generate/verify header digest (TCP)
@@ -55,6 +56,7 @@ struct nvme_fabrics_config {
 	int nr_poll_queues;
 	int tos;
 	int keyring;
+	int tls_key;
 
 	bool duplicate_connect;
 	bool disable_sqflow;
diff --git a/src/nvme/json.c b/src/nvme/json.c
index d0f36bd9..a74b5a4d 100644
--- a/src/nvme/json.c
+++ b/src/nvme/json.c
@@ -78,6 +78,14 @@ static void json_update_attributes(nvme_ctrl_t c,
 				nvme_set_keyring(cfg->keyring);
 			}
 		}
+		if (!strcmp("tls_key", key_str) && cfg->tls_key == 0) {
+			long key;
+
+			key = nvme_lookup_key("psk",
+					      json_object_get_string(val_obj));
+			if (key)
+				cfg->tls_key = key;
+		}
 	}
 }
 
@@ -325,6 +333,15 @@ static void json_update_port(struct json_object *ctrl_array, nvme_ctrl_t c)
 			free(desc);
 		}
 	}
+	if (cfg->tls_key) {
+		char *desc = nvme_describe_key_serial(cfg->tls_key);
+
+		if (desc) {
+			json_object_object_add(port_obj, "tls_key",
+					       json_object_new_string(desc));
+			free(desc);
+		}
+	}
 
 	json_object_array_add(ctrl_array, port_obj);
 }
-- 
2.50.1