| Message ID | 20231023140003.58019-4-shiftee@posteo.net |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp1316121vqx;
Mon, 23 Oct 2023 07:01:09 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IHoqGi/0V4Emc8wifHAf4M1yWME1IU0YlXExui1C9gtUJDWSudxiKtATQh2++Ae1WZXwSr1
X-Received: by 2002:a92:d5c8:0:b0:351:526a:4b6 with SMTP id
d8-20020a92d5c8000000b00351526a04b6mr9293739ilq.18.1698069669754;
Mon, 23 Oct 2023 07:01:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1698069669; cv=none;
d=google.com; s=arc-20160816;
b=byiRHQ04GsAUiyvdVARsBkVvi8RQYKNwiFIPaEV5cqKI6m/zL05umy3H3bj1y/Dhay
qa2eahEG9kiYqKbUOaHZHLqZB07iplXx8VdHEoNnMrwrisL1uxFurt1aYX/NNLUO40p3
LyTne50rdQ9f5EylOpk8cJzp8J8KRm7yKcL7b+4ri9oJPH9aBArdEmff0m1wU9T2Du8R
AezlqsLC7qbHTCePJDf7Ahvi/pvlyB+McYYObyx/LIdzHPriOLHkKO5R7XX1uvwtFajW
caBFR9wWUGHmnzsRscBzWidobtP4/0RW1XBgaT8U9qMtftS4AUZyaDhfr+iFTICvrgQ5
+viw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=Z40SyYvGLYKyXDNKbsBhnEqwiclPjo8D1fWa8Ktd7Ak=;
fh=nK/B2gIzvYPsKU0sJgdKEVdz5eoE00hHt727sEimwsQ=;
b=rA8TRELl2nJj7bNbESD5TmsO23imHbKN6hi3QJY8lRvjIqY4r2mJIkJ/ade3TitB1/
zh+7kyLiUs//Q5CT6jKZv706kEoq8WmiNY4LCb+qTCgn5FNvIQfjJDqXSQCO8NQYXCwH
lhYkuyNbqi13Bg04FgeQSrvzqSyyGUxiVLVS9X6dK0+ks7tYSF6/ZDYYzUdhBHU9MXJe
NmFaV7HlsnDXszi3TeYRpSoFq6OCFCt/c2YT/U79kpU6I+DtSmw+CqPpvRThI/7VO8JO
xtNjHn5xo+qyd1Z2fvRj2qZ4RpoEnu050jFo5tKqeHbWxt69omb1t1mhm9q8kh99PmcM
56Uw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@posteo.net header.s=2017 header.b="U/K/JPNl";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.31 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=posteo.net
Received: from morse.vger.email (morse.vger.email. [23.128.96.31])
by mx.google.com with ESMTPS id
bq21-20020a056a02045500b005b7c45b1f95si6877818pgb.555.2023.10.23.07.00.55
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 23 Oct 2023 07:01:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31;
Authentication-Results: mx.google.com;
dkim=pass header.i=@posteo.net header.s=2017 header.b="U/K/JPNl";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.31 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=posteo.net
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by morse.vger.email (Postfix) with ESMTP id 25553807C5EB;
Mon, 23 Oct 2023 07:00:49 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S231367AbjJWOA2 (ORCPT <rfc822;aposhian.dev@gmail.com>
+ 27 others); Mon, 23 Oct 2023 10:00:28 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55284 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S231208AbjJWOAV (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 23 Oct 2023 10:00:21 -0400
Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.66])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2D0D5D73
for <linux-kernel@vger.kernel.org>;
Mon, 23 Oct 2023 07:00:19 -0700 (PDT)
Received: from submission (posteo.de [185.67.36.169])
by mout02.posteo.de (Postfix) with ESMTPS id CB1E8240104
for <linux-kernel@vger.kernel.org>;
Mon, 23 Oct 2023 16:00:17 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017;
t=1698069617; bh=zwCuyhVmMr+6W+Jc6uApqtn4VjGeJRlPp4FvHh/J5fE=;
h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:
Content-Transfer-Encoding:From;
b=U/K/JPNl04rAE19qY8DvRu5Br7MpMde5s1OJ5R3sxavfVW42n8At+nCx1j0iD0fVi
4U/tn30rzk8OhC4sFUHEZWy+ZeeSauqtA7ctggg+9PFW+eH1uBLVI4fig4z0cubJTg
niTI3XC2IfEO/WNXa5JmQyVLwe0Vtz/xe8NNNqDxSBctzymKUBeCZsbSjz05lano9w
JpyHLkwzH2gs5Kn/0U6DAkzdQy4T4Rs75CHO1YUGZk2FuhbXJ2uF43iZf+Kr/XjWn2
Rrr5q6Z712DILTvX2X8BmXz9Q9Uwcocj4B/M18P9FoDqPiA2bdO3P1xRzh/C5o8LX2
L003NwS1i8arQ==
Received: from customer (localhost [127.0.0.1])
by submission (posteo.de) with ESMTPSA id 4SDcJw3V66z6tsB;
Mon, 23 Oct 2023 16:00:16 +0200 (CEST)
From: Mark O'Donovan <shiftee@posteo.net>
To: linux-kernel@vger.kernel.org
Cc: linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de,
axboe@kernel.dk, kbusch@kernel.org, hare@suse.de,
Mark O'Donovan <shiftee@posteo.net>
Subject: [PATCH v2 3/3] nvme-auth: always set valid seq_num in dhchap reply
Date: Mon, 23 Oct 2023 14:00:03 +0000
Message-Id: <20231023140003.58019-4-shiftee@posteo.net>
In-Reply-To: <20231023140003.58019-1-shiftee@posteo.net>
References: <20231023140003.58019-1-shiftee@posteo.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]);
Mon, 23 Oct 2023 07:00:49 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1780555101813733283
X-GMAIL-MSGID: 1780555101813733283
|
| Series |
nvme-tcp: always set valid seq_num in dhchap reply
|
|
Commit Message
Mark O'Donovan
Oct. 23, 2023, 2 p.m. UTC
Currently a seqnum of zero is sent during uni-directional
authentication. The zero value is reserved for the secure channel
feature which is not yet implemented.
Relevant extract from the spec:
The value 0h is used to indicate that bidirectional authentication
is not performed, but a challenge value C2 is carried in order to
generate a pre-shared key (PSK) for subsequent establishment of a
secure channel
Signed-off-by: Mark O'Donovan <shiftee@posteo.net>
---
v1: used incorrect prefix nvme-tcp
v2: added spec extract to commit message
drivers/nvme/host/auth.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
Comments
Looks good:
Reviewed-by: Christoph Hellwig <hch@lst.de>
On 10/23/23 16:00, Mark O'Donovan wrote: > Currently a seqnum of zero is sent during uni-directional > authentication. The zero value is reserved for the secure channel > feature which is not yet implemented. > > Relevant extract from the spec: > The value 0h is used to indicate that bidirectional authentication > is not performed, but a challenge value C2 is carried in order to > generate a pre-shared key (PSK) for subsequent establishment of a > secure channel > > Signed-off-by: Mark O'Donovan <shiftee@posteo.net> > > --- > v1: used incorrect prefix nvme-tcp > v2: added spec extract to commit message > > drivers/nvme/host/auth.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c > index 8558a02865ac..7f6b2e99a78c 100644 > --- a/drivers/nvme/host/auth.c > +++ b/drivers/nvme/host/auth.c > @@ -316,15 +316,14 @@ static int nvme_auth_set_dhchap_reply_data(struct nvme_ctrl *ctrl, > chap->bi_directional = true; > get_random_bytes(chap->c2, chap->hash_len); > data->cvalid = 1; > - chap->s2 = nvme_auth_get_seqnum(); > memcpy(data->rval + chap->hash_len, chap->c2, > chap->hash_len); > dev_dbg(ctrl->device, "%s: qid %d ctrl challenge %*ph\n", > __func__, chap->qid, (int)chap->hash_len, chap->c2); > } else { > memset(chap->c2, 0, chap->hash_len); > - chap->s2 = 0; > } > + chap->s2 = nvme_auth_get_seqnum(); > data->seqnum = cpu_to_le32(chap->s2); > if (chap->host_key_len) { > dev_dbg(ctrl->device, "%s: qid %d host public key %*ph\n", I guess you'll need to fix up nvmet, too, as this currently ignores 's2' when 'cvalid' is false. Cheers, Hannes
diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c index 8558a02865ac..7f6b2e99a78c 100644 --- a/drivers/nvme/host/auth.c +++ b/drivers/nvme/host/auth.c @@ -316,15 +316,14 @@ static int nvme_auth_set_dhchap_reply_data(struct nvme_ctrl *ctrl, chap->bi_directional = true; get_random_bytes(chap->c2, chap->hash_len); data->cvalid = 1; - chap->s2 = nvme_auth_get_seqnum(); memcpy(data->rval + chap->hash_len, chap->c2, chap->hash_len); dev_dbg(ctrl->device, "%s: qid %d ctrl challenge %*ph\n", __func__, chap->qid, (int)chap->hash_len, chap->c2); } else { memset(chap->c2, 0, chap->hash_len); - chap->s2 = 0; } + chap->s2 = nvme_auth_get_seqnum(); data->seqnum = cpu_to_le32(chap->s2); if (chap->host_key_len) { dev_dbg(ctrl->device, "%s: qid %d host public key %*ph\n",