Thread (33 messages) 33 messages, 3 authors, 2021-11-16

Re: [PATCH 07/12] nvme: Implement In-Band authentication

From: Hannes Reinecke <hare@suse.de>
Date: 2021-11-16 10:42:54
Also in: linux-nvme

On 11/16/21 11:35 AM, Sagi Grimberg wrote:
quoted
+static int nvme_auth_dhchap_host_response(struct nvme_ctrl *ctrl,
+        struct nvme_dhchap_queue_context *chap)
Maybe better to call it nvme_auth_dhchap_setup_host_response()?
Ok.
quoted
+{
+    SHASH_DESC_ON_STACK(shash, chap->shash_tfm);
+    u8 buf[4], *challenge = chap->c1;
+    int ret;
+
+    dev_dbg(ctrl->device, "%s: qid %d host response seq %d
transaction %d\n",
+        __func__, chap->qid, chap->s1, chap->transaction);
+
+    if (!chap->host_response) {
+        chap->host_response = nvme_auth_transform_key(ctrl->dhchap_key,
+                    ctrl->dhchap_key_len,
+                    ctrl->dhchap_key_hash,
+                    ctrl->opts->host->nqn);
+        if (IS_ERR(chap->host_response)) {
+            ret = PTR_ERR(chap->host_response);
+            chap->host_response = NULL;
+            return ret;
+        }
+    } else {
+        dev_dbg(ctrl->device, "%s: qid %d re-using host response\n",
+            __func__, chap->qid);
+    }
+
+    ret = crypto_shash_setkey(chap->shash_tfm,
+            chap->host_response, ctrl->dhchap_key_len);
+    if (ret) {
+        dev_warn(ctrl->device, "qid %d: failed to set key, error %d\n",
+             chap->qid, ret);
+        goto out;
+    }
+
+    shash->tfm = chap->shash_tfm;
+    ret = crypto_shash_init(shash);
+    if (ret)
+        goto out;
+    ret = crypto_shash_update(shash, challenge, chap->hash_len);
+    if (ret)
+        goto out;
+    put_unaligned_le32(chap->s1, buf);
+    ret = crypto_shash_update(shash, buf, 4);
+    if (ret)
+        goto out;
+    put_unaligned_le16(chap->transaction, buf);
+    ret = crypto_shash_update(shash, buf, 2);
+    if (ret)
+        goto out;
+    memset(buf, 0, sizeof(buf));
+    ret = crypto_shash_update(shash, buf, 1);
+    if (ret)
+        goto out;
+    ret = crypto_shash_update(shash, "HostHost", 8);
+    if (ret)
+        goto out;
+    ret = crypto_shash_update(shash, ctrl->opts->host->nqn,
+                  strlen(ctrl->opts->host->nqn));
+    if (ret)
+        goto out;
+    ret = crypto_shash_update(shash, buf, 1);
+    if (ret)
+        goto out;
+    ret = crypto_shash_update(shash, ctrl->opts->subsysnqn,
+                strlen(ctrl->opts->subsysnqn));
+    if (ret)
+        goto out;
+    ret = crypto_shash_final(shash, chap->response);
+out:
+    if (challenge != chap->c1)
+        kfree(challenge);
+    return ret;
+}
+
+static int nvme_auth_dhchap_ctrl_response(struct nvme_ctrl *ctrl,
+        struct nvme_dhchap_queue_context *chap)
Maybe better to call it nvme_auth_dhchap_validate_ctrl_response()?
Will be doing so for the next round.

Thanks for the review.

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		           Kernel Storage Architect
hare@suse.de			                  +49 911 74053 688
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), GF: Felix Imendörffer
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help