On 11/16/21 11:35 AM, Sagi Grimberg wrote: > >> +static int nvme_auth_dhchap_host_response(struct nvme_ctrl *ctrl, >> + struct nvme_dhchap_queue_context *chap) > > Maybe better to call it nvme_auth_dhchap_setup_host_response()? > Ok. >> +{ >> + SHASH_DESC_ON_STACK(shash, chap->shash_tfm); >> + u8 buf[4], *challenge = chap->c1; >> + int ret; >> + >> + dev_dbg(ctrl->device, "%s: qid %d host response seq %d >> transaction %d\n", >> + __func__, chap->qid, chap->s1, chap->transaction); >> + >> + if (!chap->host_response) { >> + chap->host_response = nvme_auth_transform_key(ctrl->dhchap_key, >> + ctrl->dhchap_key_len, >> + ctrl->dhchap_key_hash, >> + ctrl->opts->host->nqn); >> + if (IS_ERR(chap->host_response)) { >> + ret = PTR_ERR(chap->host_response); >> + chap->host_response = NULL; >> + return ret; >> + } >> + } else { >> + dev_dbg(ctrl->device, "%s: qid %d re-using host response\n", >> + __func__, chap->qid); >> + } >> + >> + ret = crypto_shash_setkey(chap->shash_tfm, >> + chap->host_response, ctrl->dhchap_key_len); >> + if (ret) { >> + dev_warn(ctrl->device, "qid %d: failed to set key, error %d\n", >> + chap->qid, ret); >> + goto out; >> + } >> + >> + shash->tfm = chap->shash_tfm; >> + ret = crypto_shash_init(shash); >> + if (ret) >> + goto out; >> + ret = crypto_shash_update(shash, challenge, chap->hash_len); >> + if (ret) >> + goto out; >> + put_unaligned_le32(chap->s1, buf); >> + ret = crypto_shash_update(shash, buf, 4); >> + if (ret) >> + goto out; >> + put_unaligned_le16(chap->transaction, buf); >> + ret = crypto_shash_update(shash, buf, 2); >> + if (ret) >> + goto out; >> + memset(buf, 0, sizeof(buf)); >> + ret = crypto_shash_update(shash, buf, 1); >> + if (ret) >> + goto out; >> + ret = crypto_shash_update(shash, "HostHost", 8); >> + if (ret) >> + goto out; >> + ret = crypto_shash_update(shash, ctrl->opts->host->nqn, >> + strlen(ctrl->opts->host->nqn)); >> + if (ret) >> + goto out; >> + ret = crypto_shash_update(shash, buf, 1); >> + if (ret) >> + goto out; >> + ret = crypto_shash_update(shash, ctrl->opts->subsysnqn, >> + strlen(ctrl->opts->subsysnqn)); >> + if (ret) >> + goto out; >> + ret = crypto_shash_final(shash, chap->response); >> +out: >> + if (challenge != chap->c1) >> + kfree(challenge); >> + return ret; >> +} >> + >> +static int nvme_auth_dhchap_ctrl_response(struct nvme_ctrl *ctrl, >> + struct nvme_dhchap_queue_context *chap) > > Maybe better to call it nvme_auth_dhchap_validate_ctrl_response()? Will be doing so for the next round. Thanks for the review. Cheers, Hannes -- Dr. Hannes Reinecke Kernel Storage Architect hare@xxxxxxx +49 911 74053 688 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg HRB 36809 (AG Nürnberg), GF: Felix Imendörffer