* [PATCH] nvme-auth: update sc_c in host response
@ 2025-09-08 11:26 Martin George
2025-09-08 12:49 ` Hannes Reinecke
0 siblings, 1 reply; 3+ messages in thread
From: Martin George @ 2025-09-08 11:26 UTC (permalink / raw)
To: linux-nvme; +Cc: hch, kbusch, sagi, hare, Martin George, Prashanth Adurthi
The sc_c field is currently not updated in the host response to the
controller challenge leading to failures while attempting secure
channel concatenation. Fix this by adding a new sc_c variable to the
dhchap queue context structure which is appropriately set during
negotiate and then used in the host response.
Fixes: e88a7595b57f ("nvme-tcp: request secure channel concatenation")
Signed-off-by: Martin George <marting@netapp.com>
Signed-off-by: Prashanth Adurthi <prashana@netapp.com>
---
drivers/nvme/host/auth.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
index 201fc8809a62..a7344faab2b2 100644
--- a/drivers/nvme/host/auth.c
+++ b/drivers/nvme/host/auth.c
@@ -36,6 +36,7 @@ struct nvme_dhchap_queue_context {
u8 status;
u8 dhgroup_id;
u8 hash_id;
+ u8 sc_c;
size_t hash_len;
u8 c1[64];
u8 c2[64];
@@ -154,6 +155,8 @@ static int nvme_auth_set_dhchap_negotiate_data(struct nvme_ctrl *ctrl,
data->auth_protocol[0].dhchap.idlist[34] = NVME_AUTH_DHGROUP_6144;
data->auth_protocol[0].dhchap.idlist[35] = NVME_AUTH_DHGROUP_8192;
+ chap->sc_c = data->sc_c;
+
return size;
}
@@ -488,7 +491,7 @@ static int nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl,
ret = crypto_shash_update(shash, buf, 2);
if (ret)
goto out;
- memset(buf, 0, sizeof(buf));
+ memset(buf, chap->sc_c, sizeof(buf));
ret = crypto_shash_update(shash, buf, 1);
if (ret)
goto out;
@@ -499,6 +502,7 @@ static int nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl,
strlen(ctrl->opts->host->nqn));
if (ret)
goto out;
+ memset(buf, 0, sizeof(buf));
ret = crypto_shash_update(shash, buf, 1);
if (ret)
goto out;
--
2.43.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] nvme-auth: update sc_c in host response
2025-09-08 11:26 [PATCH] nvme-auth: update sc_c in host response Martin George
@ 2025-09-08 12:49 ` Hannes Reinecke
2025-09-08 15:09 ` Martin George
0 siblings, 1 reply; 3+ messages in thread
From: Hannes Reinecke @ 2025-09-08 12:49 UTC (permalink / raw)
To: Martin George, linux-nvme
Cc: hch, kbusch, sagi, hare, Martin George, Prashanth Adurthi
On 9/8/25 13:26, Martin George wrote:
> The sc_c field is currently not updated in the host response to the
> controller challenge leading to failures while attempting secure
> channel concatenation. Fix this by adding a new sc_c variable to the
> dhchap queue context structure which is appropriately set during
> negotiate and then used in the host response.
>
> Fixes: e88a7595b57f ("nvme-tcp: request secure channel concatenation")
> Signed-off-by: Martin George <marting@netapp.com>
> Signed-off-by: Prashanth Adurthi <prashana@netapp.com>
> ---
> drivers/nvme/host/auth.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
> index 201fc8809a62..a7344faab2b2 100644
> --- a/drivers/nvme/host/auth.c
> +++ b/drivers/nvme/host/auth.c
> @@ -36,6 +36,7 @@ struct nvme_dhchap_queue_context {
> u8 status;
> u8 dhgroup_id;
> u8 hash_id;
> + u8 sc_c;
> size_t hash_len;
> u8 c1[64];
> u8 c2[64];
> @@ -154,6 +155,8 @@ static int nvme_auth_set_dhchap_negotiate_data(struct nvme_ctrl *ctrl,
> data->auth_protocol[0].dhchap.idlist[34] = NVME_AUTH_DHGROUP_6144;
> data->auth_protocol[0].dhchap.idlist[35] = NVME_AUTH_DHGROUP_8192;
>
> + chap->sc_c = data->sc_c;
> +
> return size;
> }
>
> @@ -488,7 +491,7 @@ static int nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl,
> ret = crypto_shash_update(shash, buf, 2);
> if (ret)
> goto out;
> - memset(buf, 0, sizeof(buf));
> + memset(buf, chap->sc_c, sizeof(buf));
'sc_c' is just a single byte, please do
*buf = chap->sc_c;
Otherwise both bytes in 'buf' are being set to 'sc_c'.
> ret = crypto_shash_update(shash, buf, 1);
> if (ret)
> goto out;
> @@ -499,6 +502,7 @@ static int nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl,
> strlen(ctrl->opts->host->nqn));
> if (ret)
> goto out;
> + memset(buf, 0, sizeof(buf));
> ret = crypto_shash_update(shash, buf, 1);
> if (ret)
> goto out;
Otherwise looks good.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] nvme-auth: update sc_c in host response
2025-09-08 12:49 ` Hannes Reinecke
@ 2025-09-08 15:09 ` Martin George
0 siblings, 0 replies; 3+ messages in thread
From: Martin George @ 2025-09-08 15:09 UTC (permalink / raw)
To: Hannes Reinecke, linux-nvme
Cc: hch, kbusch, sagi, hare, Martin George, Prashanth Adurthi
On Mon, 2025-09-08 at 14:49 +0200, Hannes Reinecke wrote:
> On 9/8/25 13:26, Martin George wrote:
> > The sc_c field is currently not updated in the host response to the
> > controller challenge leading to failures while attempting secure
> > channel concatenation. Fix this by adding a new sc_c variable to
> > the
> > dhchap queue context structure which is appropriately set during
> > negotiate and then used in the host response.
> >
> > Fixes: e88a7595b57f ("nvme-tcp: request secure channel
> > concatenation")
> > Signed-off-by: Martin George <marting@netapp.com>
> > Signed-off-by: Prashanth Adurthi <prashana@netapp.com>
> > ---
> > drivers/nvme/host/auth.c | 6 +++++-
> > 1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
> > index 201fc8809a62..a7344faab2b2 100644
> > --- a/drivers/nvme/host/auth.c
> > +++ b/drivers/nvme/host/auth.c
> > @@ -36,6 +36,7 @@ struct nvme_dhchap_queue_context {
> > u8 status;
> > u8 dhgroup_id;
> > u8 hash_id;
> > + u8 sc_c;
> > size_t hash_len;
> > u8 c1[64];
> > u8 c2[64];
> > @@ -154,6 +155,8 @@ static int
> > nvme_auth_set_dhchap_negotiate_data(struct nvme_ctrl *ctrl,
> > data->auth_protocol[0].dhchap.idlist[34] =
> > NVME_AUTH_DHGROUP_6144;
> > data->auth_protocol[0].dhchap.idlist[35] =
> > NVME_AUTH_DHGROUP_8192;
> >
> > + chap->sc_c = data->sc_c;
> > +
> > return size;
> > }
> >
> > @@ -488,7 +491,7 @@ static int
> > nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl,
> > ret = crypto_shash_update(shash, buf, 2);
> > if (ret)
> > goto out;
> > - memset(buf, 0, sizeof(buf));
> > + memset(buf, chap->sc_c, sizeof(buf));
>
> 'sc_c' is just a single byte, please do
>
> *buf = chap->sc_c;
>
> Otherwise both bytes in 'buf' are being set to 'sc_c'.
>
Sure, will send a v2 of the patch with this change. Thanks.
-Martin
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-09-08 18:28 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-08 11:26 [PATCH] nvme-auth: update sc_c in host response Martin George
2025-09-08 12:49 ` Hannes Reinecke
2025-09-08 15:09 ` Martin George
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.