[PATCHv5 00/12] nvme: In-band authentication support
Sagi Grimberg
sagi at grimberg.me
Tue Nov 16 02:36:07 PST 2021
>> Hannes, was the issue on the host side or the controller side?
>>
> The issue was actually on the host side.
>
>> I'm a little lost into what was the actual fix...
>
> The basic fix was this:
>
> @@ -927,13 +944,17 @@ static int nvme_auth_dhchap_host_response(struct
> nvme_ctrl
> *ctrl,
>
> if (!chap->host_response) {
> chap->host_response =
> nvme_auth_transform_key(ctrl->dhchap_key,
> - ctrl->dhchap_key_len, chap->hash_id,
> + ctrl->dhchap_key_len,
> + ctrl->dhchap_key_hash,
> ctrl->opts->host->nqn);
> if (IS_ERR(chap->host_response)) {
> ret = PTR_ERR(chap->host_response);
> chap->host_response = NULL;
> return ret;
> }
>
>
> (minus the linebreaks, of course).
> 'chap->hash_id' is the hash selected by the initial negotiation, which
> is wrong as we should have used the hash function selected by the key
> itself.
Makes sense. thanks.
More information about the Linux-nvme
mailing list