[PATCH 07/12] nvme: Implement In-Band authentication
Sagi Grimberg
sagi at grimberg.me
Tue Nov 16 02:35:34 PST 2021
> +static int nvme_auth_dhchap_host_response(struct nvme_ctrl *ctrl,
> + struct nvme_dhchap_queue_context *chap)
Maybe better to call it nvme_auth_dhchap_setup_host_response()?
> +{
> + SHASH_DESC_ON_STACK(shash, chap->shash_tfm);
> + u8 buf[4], *challenge = chap->c1;
> + int ret;
> +
> + dev_dbg(ctrl->device, "%s: qid %d host response seq %d transaction %d\n",
> + __func__, chap->qid, chap->s1, chap->transaction);
> +
> + if (!chap->host_response) {
> + chap->host_response = nvme_auth_transform_key(ctrl->dhchap_key,
> + ctrl->dhchap_key_len,
> + ctrl->dhchap_key_hash,
> + ctrl->opts->host->nqn);
> + if (IS_ERR(chap->host_response)) {
> + ret = PTR_ERR(chap->host_response);
> + chap->host_response = NULL;
> + return ret;
> + }
> + } else {
> + dev_dbg(ctrl->device, "%s: qid %d re-using host response\n",
> + __func__, chap->qid);
> + }
> +
> + ret = crypto_shash_setkey(chap->shash_tfm,
> + chap->host_response, ctrl->dhchap_key_len);
> + if (ret) {
> + dev_warn(ctrl->device, "qid %d: failed to set key, error %d\n",
> + chap->qid, ret);
> + goto out;
> + }
> +
> + shash->tfm = chap->shash_tfm;
> + ret = crypto_shash_init(shash);
> + if (ret)
> + goto out;
> + ret = crypto_shash_update(shash, challenge, chap->hash_len);
> + if (ret)
> + goto out;
> + put_unaligned_le32(chap->s1, buf);
> + ret = crypto_shash_update(shash, buf, 4);
> + if (ret)
> + goto out;
> + put_unaligned_le16(chap->transaction, buf);
> + ret = crypto_shash_update(shash, buf, 2);
> + if (ret)
> + goto out;
> + memset(buf, 0, sizeof(buf));
> + ret = crypto_shash_update(shash, buf, 1);
> + if (ret)
> + goto out;
> + ret = crypto_shash_update(shash, "HostHost", 8);
> + if (ret)
> + goto out;
> + ret = crypto_shash_update(shash, ctrl->opts->host->nqn,
> + strlen(ctrl->opts->host->nqn));
> + if (ret)
> + goto out;
> + ret = crypto_shash_update(shash, buf, 1);
> + if (ret)
> + goto out;
> + ret = crypto_shash_update(shash, ctrl->opts->subsysnqn,
> + strlen(ctrl->opts->subsysnqn));
> + if (ret)
> + goto out;
> + ret = crypto_shash_final(shash, chap->response);
> +out:
> + if (challenge != chap->c1)
> + kfree(challenge);
> + return ret;
> +}
> +
> +static int nvme_auth_dhchap_ctrl_response(struct nvme_ctrl *ctrl,
> + struct nvme_dhchap_queue_context *chap)
Maybe better to call it nvme_auth_dhchap_validate_ctrl_response()?
More information about the Linux-nvme
mailing list