Re: [PATCHv5 00/12] nvme: In-band authentication support

[PATCHv5 00/12] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-11-12
[PATCH 09/12] nvmet: Parse fabrics commands on all queues · Hannes Reinecke <hare@suse.de> · 2021-11-12
Re: [PATCH 09/12] nvmet: Parse fabrics commands on all queues · Himanshu Madhani <hidden> · 2021-11-15
[PATCH 12/12] nvmet-auth: expire authentication sessions · Hannes Reinecke <hare@suse.de> · 2021-11-12
[PATCH 04/12] lib/base64: RFC4648-compliant base64 encoding · Hannes Reinecke <hare@suse.de> · 2021-11-12
Re: [PATCH 04/12] lib/base64: RFC4648-compliant base64 encoding · Himanshu Madhani <hidden> · 2021-11-15
[PATCH 01/12] crypto: add crypto_has_shash() · Hannes Reinecke <hare@suse.de> · 2021-11-12
Re: [PATCH 01/12] crypto: add crypto_has_shash() · Himanshu Madhani <hidden> · 2021-11-15
[PATCH 11/12] nvmet-auth: Diffie-Hellman key exchange support · Hannes Reinecke <hare@suse.de> · 2021-11-12
[PATCH 06/12] nvme-fabrics: decode 'authentication required' connect error · Hannes Reinecke <hare@suse.de> · 2021-11-12
Re: [PATCH 06/12] nvme-fabrics: decode 'authentication required' connect error · Himanshu Madhani <hidden> · 2021-11-15
[PATCH 02/12] crypto: add crypto_has_kpp() · Hannes Reinecke <hare@suse.de> · 2021-11-12
Re: [PATCH 02/12] crypto: add crypto_has_kpp() · Himanshu Madhani <hidden> · 2021-11-15
[PATCH 08/12] nvme-auth: Diffie-Hellman key exchange support · Hannes Reinecke <hare@suse.de> · 2021-11-12
[PATCH 05/12] nvme: add definitions for NVMe In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-11-12
Re: [PATCH 05/12] nvme: add definitions for NVMe In-Band authentication · Himanshu Madhani <hidden> · 2021-11-15
[PATCH 03/12] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Hannes Reinecke <hare@suse.de> · 2021-11-12
Re: [PATCH 03/12] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Sagi Grimberg <sagi@grimberg.me> · 2021-11-15
Re: [PATCH 03/12] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Himanshu Madhani <hidden> · 2021-11-15
[PATCH 10/12] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-11-12
[PATCH 07/12] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-11-12
Re: [PATCH 07/12] nvme: Implement In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-11-16
Re: [PATCH 07/12] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-11-16
Re: [PATCH 07/12] nvme: Implement In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-11-16
Re: [PATCH 07/12] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-11-16
Re: [PATCHv5 00/12] nvme: In-band authentication support · Sagi Grimberg <sagi@grimberg.me> · 2021-11-14
Re: [PATCHv5 00/12] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-11-14
Re: [PATCHv5 00/12] nvme: In-band authentication support · Sagi Grimberg <sagi@grimberg.me> · 2021-11-15
Re: [PATCHv5 00/12] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-11-15
Re: [PATCHv5 00/12] nvme: In-band authentication support · Sagi Grimberg <sagi@grimberg.me> · 2021-11-15
Re: [PATCHv5 00/12] nvme: In-band authentication support · Sagi Grimberg <sagi@grimberg.me> · 2021-11-16
Re: [PATCHv5 00/12] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-11-16
Re: [PATCHv5 00/12] nvme: In-band authentication support · Sagi Grimberg <sagi@grimberg.me> · 2021-11-16

From: Sagi Grimberg <sagi@grimberg.me>
Date: 2021-11-16 10:36:52
Also in: linux-nvme

quoted

Hannes, was the issue on the host side or the controller side?

The issue was actually on the host side.

quoted

I'm a little lost into what was the actual fix...

The basic fix was this:

@@ -927,13 +944,17 @@ static int nvme_auth_dhchap_host_response(struct

nvme_ctrl
  *ctrl,

         if (!chap->host_response) {
                 chap->host_response =
nvme_auth_transform_key(ctrl->dhchap_key,
-                                       ctrl->dhchap_key_len, chap->hash_id,
+                                       ctrl->dhchap_key_len,
+                                       ctrl->dhchap_key_hash,
                                         ctrl->opts->host->nqn);
                 if (IS_ERR(chap->host_response)) {
                         ret = PTR_ERR(chap->host_response);
                         chap->host_response = NULL;
                         return ret;
                 }


(minus the linebreaks, of course).
'chap->hash_id' is the hash selected by the initial negotiation, which
is wrong as we should have used the hash function selected by the key
itself.

Makes sense. thanks.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help