1libnvme(9) API Manual libnvme(9)
2
3
4
6 struct nbft_security - Security Profile Descriptor (Figure 21)
7
9 struct nbft_security {
10 __u8 structure_id;
11 __u8 index;
12 __le16 flags;
13 __u8 secret_type;
14 __u8 reserved1;
15 struct nbft_heap_obj sec_chan_alg_obj;
16 struct nbft_heap_obj auth_proto_obj;
17 struct nbft_heap_obj cipher_suite_obj;
18 struct nbft_heap_obj dh_grp_obj;
19 struct nbft_heap_obj sec_hash_func_obj;
20 struct nbft_heap_obj sec_keypath_obj;
21 __u8 reserved2[22];
22 };
23
24
26 structure_id
27 Structure ID: This field shall be set to 5h (i.e., Secu‐
28 rity; #NBFT_DESC_SECURITY).
29
30 index Security Profile Descriptor Index: This field indicates the
31 number of this Security Profile Descriptor in the Security
32 Profile Descriptor List.
33
34 flags Security Profile Descriptor Flags, see enum nbft_secu‐
35 rity_flags.
36
37 secret_type Secret Type, see enum nbft_security_secret_type.
38
39 reserved1 Reserved.
40
41 sec_chan_alg_obj
42 Secure Channel Algorithm Heap Object Reference: If the Se‐
43 curity Policy List field is set to 1h, then this field in‐
44 dicates the location and size of a heap object containing a
45 list of secure channel algorithms. The list is an array of
46 bytes and the values are defined in the Security Type (SEC‐
47 TYPE) field in the Transport Specific Address Subtype Defi‐
48 nition in the NVMe TCP Transport Specification. If the Se‐
49 curity Policy List field is cleared to 0h, then this field
50 is reserved.
51
52 auth_proto_obj
53 Authentication Protocols Heap Object Reference: If the Au‐
54 thentication Policy List field is set to 1h, then this
55 field indicates the location and size of a heap object con‐
56 taining a list of authentication protocol identifiers. If
57 the Authentication Policy List field is cleared to 0h, then
58 this field is reserved.
59
60 cipher_suite_obj
61 Cipher Suite Offset Heap Object Reference: If the Cipher
62 Suites Restricted by Policy bit is set to 1h, then this
63 field indicates the location and size of a heap object con‐
64 taining a list of cipher suite identifiers. The list, if
65 any, is an array of bytes and the values are defined in the
66 IANA TLS Parameters Registry. If the Cipher Suites Re‐
67 stricted by Policy bit is cleared to 0h, then this field is
68 reserved.
69
70 dh_grp_obj DH Groups Heap Object Reference: If the Authentication DH
71 Groups Restricted by Policy List bit is set to 1h, then
72 this field indicates the location and size of a heap object
73 containing a list of DH-HMAC-CHAP Diffie-Hellman (DH) group
74 identifiers. If the Authentication DH Groups Restricted by
75 Policy List bit is cleared to 0h, then this field is re‐
76 served.
77
78 sec_hash_func_obj
79 Secure Hash Functions Offset Heap Object Reference: If the
80 Secure Hash Functions Policy List bit is set to 1h, then
81 this field indicates the offset in bytes of a heap object
82 containing a list of DH-HMAC-CHAP hash function identi‐
83 fiers. The list is an array of bytes and the values are
84 defined in the NVM Express Base Specification. If the Se‐
85 cure Hash Functions Policy List bit is cleared to 0h, then
86 this field is reserved.
87
88 sec_keypath_obj
89 Secret Keypath Offset Heap Object Reference: if this field
90 is set to a non-zero value, then this field indicates the
91 location and size of a heap object containing a URI. The
92 type of the URI is specified in the Secret Type field. If
93 this field is cleared to 0h, then this field is reserved.
94
95 reserved2 Reserved.
96
97
98
99April 2023 struct nbft_security libnvme(9)