On 11/16/21 11:35 AM, Sagi Grimberg wrote:
>
>> +static int nvme_auth_dhchap_host_response(struct nvme_ctrl *ctrl,
>> + struct nvme_dhchap_queue_context *chap)
>
> Maybe better to call it nvme_auth_dhchap_setup_host_response()?
>
Ok.
>> +{
>> + SHASH_DESC_ON_STACK(shash, chap->shash_tfm);
>> + u8 buf[4], *challenge = chap->c1;
>> + int ret;
>> +
>> + dev_dbg(ctrl->device, "%s: qid %d host response seq %d
>> transaction %d\n",
>> + __func__, chap->qid, chap->s1, chap->transaction);
>> +
>> + if (!chap->host_response) {
>> + chap->host_response = nvme_auth_transform_key(ctrl->dhchap_key,
>> + ctrl->dhchap_key_len,
>> + ctrl->dhchap_key_hash,
>> + ctrl->opts->host->nqn);
>> + if (IS_ERR(chap->host_response)) {
>> + ret = PTR_ERR(chap->host_response);
>> + chap->host_response = NULL;
>> + return ret;
>> + }
>> + } else {
>> + dev_dbg(ctrl->device, "%s: qid %d re-using host response\n",
>> + __func__, chap->qid);
>> + }
>> +
>> + ret = crypto_shash_setkey(chap->shash_tfm,
>> + chap->host_response, ctrl->dhchap_key_len);
>> + if (ret) {
>> + dev_warn(ctrl->device, "qid %d: failed to set key, error %d\n",
>> + chap->qid, ret);
>> + goto out;
>> + }
>> +
>> + shash->tfm = chap->shash_tfm;
>> + ret = crypto_shash_init(shash);
>> + if (ret)
>> + goto out;
>> + ret = crypto_shash_update(shash, challenge, chap->hash_len);
>> + if (ret)
>> + goto out;
>> + put_unaligned_le32(chap->s1, buf);
>> + ret = crypto_shash_update(shash, buf, 4);
>> + if (ret)
>> + goto out;
>> + put_unaligned_le16(chap->transaction, buf);
>> + ret = crypto_shash_update(shash, buf, 2);
>> + if (ret)
>> + goto out;
>> + memset(buf, 0, sizeof(buf));
>> + ret = crypto_shash_update(shash, buf, 1);
>> + if (ret)
>> + goto out;
>> + ret = crypto_shash_update(shash, "HostHost", 8);
>> + if (ret)
>> + goto out;
>> + ret = crypto_shash_update(shash, ctrl->opts->host->nqn,
>> + strlen(ctrl->opts->host->nqn));
>> + if (ret)
>> + goto out;
>> + ret = crypto_shash_update(shash, buf, 1);
>> + if (ret)
>> + goto out;
>> + ret = crypto_shash_update(shash, ctrl->opts->subsysnqn,
>> + strlen(ctrl->opts->subsysnqn));
>> + if (ret)
>> + goto out;
>> + ret = crypto_shash_final(shash, chap->response);
>> +out:
>> + if (challenge != chap->c1)
>> + kfree(challenge);
>> + return ret;
>> +}
>> +
>> +static int nvme_auth_dhchap_ctrl_response(struct nvme_ctrl *ctrl,
>> + struct nvme_dhchap_queue_context *chap)
>
> Maybe better to call it nvme_auth_dhchap_validate_ctrl_response()?
Will be doing so for the next round.
Thanks for the review.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@xxxxxxx +49 911 74053 688
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), GF: Felix Imendörffer
