From: Mark O'Donovan <shiftee@posteo.net>
To: linux-kernel@vger.kernel.org
Cc: linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de,
axboe@kernel.dk, kbusch@kernel.org, hare@suse.de,
Mark O'Donovan <shiftee@posteo.net>
Subject: [PATCH v2 3/3] nvme-auth: always set valid seq_num in dhchap reply
Date: Mon, 23 Oct 2023 14:00:03 +0000 [thread overview]
Message-ID: <20231023140003.58019-4-shiftee@posteo.net> (raw)
In-Reply-To: <20231023140003.58019-1-shiftee@posteo.net>
Currently a seqnum of zero is sent during uni-directional
authentication. The zero value is reserved for the secure channel
feature which is not yet implemented.
Relevant extract from the spec:
The value 0h is used to indicate that bidirectional authentication
is not performed, but a challenge value C2 is carried in order to
generate a pre-shared key (PSK) for subsequent establishment of a
secure channel
Signed-off-by: Mark O'Donovan <shiftee@posteo.net>
---
v1: used incorrect prefix nvme-tcp
v2: added spec extract to commit message
drivers/nvme/host/auth.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
index 8558a02865ac..7f6b2e99a78c 100644
--- a/drivers/nvme/host/auth.c
+++ b/drivers/nvme/host/auth.c
@@ -316,15 +316,14 @@ static int nvme_auth_set_dhchap_reply_data(struct nvme_ctrl *ctrl,
chap->bi_directional = true;
get_random_bytes(chap->c2, chap->hash_len);
data->cvalid = 1;
- chap->s2 = nvme_auth_get_seqnum();
memcpy(data->rval + chap->hash_len, chap->c2,
chap->hash_len);
dev_dbg(ctrl->device, "%s: qid %d ctrl challenge %*ph\n",
__func__, chap->qid, (int)chap->hash_len, chap->c2);
} else {
memset(chap->c2, 0, chap->hash_len);
- chap->s2 = 0;
}
+ chap->s2 = nvme_auth_get_seqnum();
data->seqnum = cpu_to_le32(chap->s2);
if (chap->host_key_len) {
dev_dbg(ctrl->device, "%s: qid %d host public key %*ph\n",
--
2.39.2
next prev parent reply other threads:[~2023-10-23 14:00 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-23 14:00 [PATCH v2 0/3] nvme-tcp: always set valid seq_num in dhchap reply Mark O'Donovan
2023-10-23 14:00 ` [PATCH v2 1/3] nvme-auth: auth success1 msg always includes resp Mark O'Donovan
2023-10-24 6:49 ` Christoph Hellwig
2023-10-23 14:00 ` [PATCH v2 2/3] nvme-auth: add flag for bi-directional auth Mark O'Donovan
2023-10-24 6:49 ` Christoph Hellwig
2023-10-25 6:27 ` Hannes Reinecke
2023-10-23 14:00 ` Mark O'Donovan [this message]
2023-10-24 6:49 ` [PATCH v2 3/3] nvme-auth: always set valid seq_num in dhchap reply Christoph Hellwig
2023-10-25 6:32 ` Hannes Reinecke
2023-10-24 16:40 ` [PATCH v2 0/3] nvme-tcp: " Keith Busch
2023-10-25 6:33 ` Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231023140003.58019-4-shiftee@posteo.net \
--to=shiftee@posteo.net \
--cc=axboe@kernel.dk \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox