Hannes, was the issue on the host side or the controller side?
The issue was actually on the host side.
I'm a little lost into what was the actual fix...
The basic fix was this:
@@ -927,13 +944,17 @@ static int nvme_auth_dhchap_host_response(struct
nvme_ctrl
*ctrl,
if (!chap->host_response) {
chap->host_response =
nvme_auth_transform_key(ctrl->dhchap_key,
- ctrl->dhchap_key_len, chap->hash_id,
+ ctrl->dhchap_key_len,
+ ctrl->dhchap_key_hash,
ctrl->opts->host->nqn);
if (IS_ERR(chap->host_response)) {
ret = PTR_ERR(chap->host_response);
chap->host_response = NULL;
return ret;
}
(minus the linebreaks, of course).
'chap->hash_id' is the hash selected by the initial negotiation, which
is wrong as we should have used the hash function selected by the key
itself.
Makes sense. thanks.