Lines Matching defs:chap
121 struct nvme_dhchap_queue_context *chap)
123 struct nvmf_auth_dhchap_negotiate_data *data = chap->buf;
127 chap->status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
130 memset((u8 *)chap->buf, 0, size);
133 data->t_id = cpu_to_le16(chap->transaction);
153 struct nvme_dhchap_queue_context *chap)
155 struct nvmf_auth_dhchap_challenge_data *data = chap->buf;
162 chap->status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
170 chap->qid, data->hashid);
171 chap->status = NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE;
175 if (chap->hash_id == data->hashid && chap->shash_tfm &&
176 !strcmp(crypto_shash_alg_name(chap->shash_tfm), hmac_name) &&
177 crypto_shash_digestsize(chap->shash_tfm) == data->hl) {
180 chap->qid, hmac_name);
185 if (chap->shash_tfm) {
186 crypto_free_shash(chap->shash_tfm);
187 chap->hash_id = 0;
188 chap->hash_len = 0;
190 chap->shash_tfm = crypto_alloc_shash(hmac_name, 0,
192 if (IS_ERR(chap->shash_tfm)) {
195 chap->qid, hmac_name, PTR_ERR(chap->shash_tfm));
196 chap->shash_tfm = NULL;
197 chap->status = NVME_AUTH_DHCHAP_FAILURE_FAILED;
201 if (crypto_shash_digestsize(chap->shash_tfm) != data->hl) {
204 chap->qid, data->hl);
205 crypto_free_shash(chap->shash_tfm);
206 chap->shash_tfm = NULL;
207 chap->status = NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE;
211 chap->hash_id = data->hashid;
212 chap->hash_len = data->hl;
214 chap->qid, hmac_name);
221 chap->qid, data->dhgid);
222 chap->status = NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE;
227 if (chap->dhgroup_id == data->dhgid &&
228 (data->dhgid == NVME_AUTH_DHGROUP_NULL || chap->dh_tfm)) {
231 chap->qid, gid_name);
236 if (chap->dh_tfm) {
237 crypto_free_kpp(chap->dh_tfm);
238 chap->dh_tfm = NULL;
245 chap->qid);
246 chap->status = NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE;
250 chap->dh_tfm = crypto_alloc_kpp(kpp_name, 0, 0);
251 if (IS_ERR(chap->dh_tfm)) {
252 int ret = PTR_ERR(chap->dh_tfm);
256 chap->qid, ret, gid_name);
257 chap->status = NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE;
258 chap->dh_tfm = NULL;
262 chap->qid, gid_name);
266 chap->qid);
267 chap->status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
270 chap->dhgroup_id = data->dhgid;
273 chap->s1 = le32_to_cpu(data->seqnum);
274 memcpy(chap->c1, data->cval, chap->hash_len);
276 chap->ctrl_key = kmalloc(dhvlen, GFP_KERNEL);
277 if (!chap->ctrl_key) {
278 chap->status = NVME_AUTH_DHCHAP_FAILURE_FAILED;
281 chap->ctrl_key_len = dhvlen;
282 memcpy(chap->ctrl_key, data->cval + chap->hash_len,
285 (int)chap->ctrl_key_len, chap->ctrl_key);
292 struct nvme_dhchap_queue_context *chap)
294 struct nvmf_auth_dhchap_reply_data *data = chap->buf;
297 size += 2 * chap->hash_len;
299 if (chap->host_key_len)
300 size += chap->host_key_len;
303 chap->status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
307 memset(chap->buf, 0, size);
310 data->t_id = cpu_to_le16(chap->transaction);
311 data->hl = chap->hash_len;
312 data->dhvlen = cpu_to_le16(chap->host_key_len);
313 memcpy(data->rval, chap->response, chap->hash_len);
315 get_random_bytes(chap->c2, chap->hash_len);
317 chap->s2 = nvme_auth_get_seqnum();
318 memcpy(data->rval + chap->hash_len, chap->c2,
319 chap->hash_len);
321 __func__, chap->qid, (int)chap->hash_len, chap->c2);
323 memset(chap->c2, 0, chap->hash_len);
324 chap->s2 = 0;
326 data->seqnum = cpu_to_le32(chap->s2);
327 if (chap->host_key_len) {
329 __func__, chap->qid,
330 chap->host_key_len, chap->host_key);
331 memcpy(data->rval + 2 * chap->hash_len, chap->host_key,
332 chap->host_key_len);
339 struct nvme_dhchap_queue_context *chap)
341 struct nvmf_auth_dhchap_success1_data *data = chap->buf;
344 if (chap->s2)
345 size += chap->hash_len;
348 chap->status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
352 if (data->hl != chap->hash_len) {
355 chap->qid, data->hl);
356 chap->status = NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE;
361 if (chap->qid == 0)
364 nvme_auth_hmac_name(chap->hash_id),
365 nvme_auth_dhgroup_name(chap->dhgroup_id));
371 if (memcmp(chap->response, data->rval, data->hl)) {
373 __func__, chap->qid, (int)chap->hash_len, data->rval);
375 __func__, chap->qid, (int)chap->hash_len,
376 chap->response);
379 chap->qid);
380 chap->status = NVME_AUTH_DHCHAP_FAILURE_FAILED;
385 if (chap->qid == 0)
392 struct nvme_dhchap_queue_context *chap)
394 struct nvmf_auth_dhchap_success2_data *data = chap->buf;
397 memset(chap->buf, 0, size);
400 data->t_id = cpu_to_le16(chap->transaction);
406 struct nvme_dhchap_queue_context *chap)
408 struct nvmf_auth_dhchap_failure_data *data = chap->buf;
411 memset(chap->buf, 0, size);
414 data->t_id = cpu_to_le16(chap->transaction);
416 data->rescode_exp = chap->status;
422 struct nvme_dhchap_queue_context *chap)
424 SHASH_DESC_ON_STACK(shash, chap->shash_tfm);
425 u8 buf[4], *challenge = chap->c1;
429 __func__, chap->qid, chap->s1, chap->transaction);
431 if (!chap->host_response) {
432 chap->host_response = nvme_auth_transform_key(ctrl->host_key,
434 if (IS_ERR(chap->host_response)) {
435 ret = PTR_ERR(chap->host_response);
436 chap->host_response = NULL;
441 __func__, chap->qid);
444 ret = crypto_shash_setkey(chap->shash_tfm,
445 chap->host_response, ctrl->host_key->len);
448 chap->qid, ret);
452 if (chap->dh_tfm) {
453 challenge = kmalloc(chap->hash_len, GFP_KERNEL);
458 ret = nvme_auth_augmented_challenge(chap->hash_id,
459 chap->sess_key,
460 chap->sess_key_len,
461 chap->c1, challenge,
462 chap->hash_len);
467 shash->tfm = chap->shash_tfm;
471 ret = crypto_shash_update(shash, challenge, chap->hash_len);
474 put_unaligned_le32(chap->s1, buf);
478 put_unaligned_le16(chap->transaction, buf);
500 ret = crypto_shash_final(shash, chap->response);
502 if (challenge != chap->c1)
508 struct nvme_dhchap_queue_context *chap)
510 SHASH_DESC_ON_STACK(shash, chap->shash_tfm);
512 u8 buf[4], *challenge = chap->c2;
522 ret = crypto_shash_setkey(chap->shash_tfm,
526 chap->qid, ret);
530 if (chap->dh_tfm) {
531 challenge = kmalloc(chap->hash_len, GFP_KERNEL);
536 ret = nvme_auth_augmented_challenge(chap->hash_id,
537 chap->sess_key,
538 chap->sess_key_len,
539 chap->c2, challenge,
540 chap->hash_len);
545 __func__, chap->qid, chap->s2, chap->transaction);
547 __func__, chap->qid, (int)chap->hash_len, challenge);
549 __func__, chap->qid, ctrl->opts->subsysnqn);
551 __func__, chap->qid, ctrl->opts->host->nqn);
552 shash->tfm = chap->shash_tfm;
556 ret = crypto_shash_update(shash, challenge, chap->hash_len);
559 put_unaligned_le32(chap->s2, buf);
563 put_unaligned_le16(chap->transaction, buf);
585 ret = crypto_shash_final(shash, chap->response);
587 if (challenge != chap->c2)
594 struct nvme_dhchap_queue_context *chap)
598 if (chap->host_key && chap->host_key_len) {
600 "qid %d: reusing host key\n", chap->qid);
603 ret = nvme_auth_gen_privkey(chap->dh_tfm, chap->dhgroup_id);
605 chap->status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
609 chap->host_key_len = crypto_kpp_maxsize(chap->dh_tfm);
611 chap->host_key = kzalloc(chap->host_key_len, GFP_KERNEL);
612 if (!chap->host_key) {
613 chap->host_key_len = 0;
614 chap->status = NVME_AUTH_DHCHAP_FAILURE_FAILED;
617 ret = nvme_auth_gen_pubkey(chap->dh_tfm,
618 chap->host_key, chap->host_key_len);
622 chap->status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
627 chap->sess_key_len = chap->host_key_len;
628 chap->sess_key = kmalloc(chap->sess_key_len, GFP_KERNEL);
629 if (!chap->sess_key) {
630 chap->sess_key_len = 0;
631 chap->status = NVME_AUTH_DHCHAP_FAILURE_FAILED;
635 ret = nvme_auth_gen_shared_secret(chap->dh_tfm,
636 chap->ctrl_key, chap->ctrl_key_len,
637 chap->sess_key, chap->sess_key_len);
641 chap->status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
645 (int)chap->sess_key_len, chap->sess_key);
649 static void nvme_auth_reset_dhchap(struct nvme_dhchap_queue_context *chap)
651 kfree_sensitive(chap->host_response);
652 chap->host_response = NULL;
653 kfree_sensitive(chap->host_key);
654 chap->host_key = NULL;
655 chap->host_key_len = 0;
656 kfree_sensitive(chap->ctrl_key);
657 chap->ctrl_key = NULL;
658 chap->ctrl_key_len = 0;
659 kfree_sensitive(chap->sess_key);
660 chap->sess_key = NULL;
661 chap->sess_key_len = 0;
662 chap->status = 0;
663 chap->error = 0;
664 chap->s1 = 0;
665 chap->s2 = 0;
666 chap->transaction = 0;
667 memset(chap->c1, 0, sizeof(chap->c1));
668 memset(chap->c2, 0, sizeof(chap->c2));
669 mempool_free(chap->buf, nvme_chap_buf_pool);
670 chap->buf = NULL;
673 static void nvme_auth_free_dhchap(struct nvme_dhchap_queue_context *chap)
675 nvme_auth_reset_dhchap(chap);
676 if (chap->shash_tfm)
677 crypto_free_shash(chap->shash_tfm);
678 if (chap->dh_tfm)
679 crypto_free_kpp(chap->dh_tfm);
684 struct nvme_dhchap_queue_context *chap =
686 struct nvme_ctrl *ctrl = chap->ctrl;
694 chap->buf = mempool_alloc(nvme_chap_buf_pool, GFP_KERNEL);
695 if (!chap->buf) {
696 chap->error = -ENOMEM;
700 chap->transaction = ctrl->transaction++;
704 __func__, chap->qid);
705 ret = nvme_auth_set_dhchap_negotiate_data(ctrl, chap);
707 chap->error = ret;
711 ret = nvme_auth_submit(ctrl, chap->qid, chap->buf, tl, true);
713 chap->error = ret;
719 __func__, chap->qid);
721 memset(chap->buf, 0, CHAP_BUF_SIZE);
722 ret = nvme_auth_submit(ctrl, chap->qid, chap->buf, CHAP_BUF_SIZE,
727 chap->qid, ret < 0 ? "error" : "nvme status", ret);
728 chap->error = ret;
731 ret = nvme_auth_receive_validate(ctrl, chap->qid, chap->buf, chap->transaction,
734 chap->status = ret;
735 chap->error = -ECONNREFUSED;
739 ret = nvme_auth_process_dhchap_challenge(ctrl, chap);
742 chap->error = ret;
746 if (chap->ctrl_key_len) {
749 __func__, chap->qid);
750 ret = nvme_auth_dhchap_exponential(ctrl, chap);
752 chap->error = ret;
758 __func__, chap->qid);
760 ret = nvme_auth_dhchap_setup_host_response(ctrl, chap);
763 chap->error = ret;
770 __func__, chap->qid);
771 ret = nvme_auth_set_dhchap_reply_data(ctrl, chap);
773 chap->error = ret;
778 ret = nvme_auth_submit(ctrl, chap->qid, chap->buf, tl, true);
780 chap->error = ret;
786 __func__, chap->qid);
788 memset(chap->buf, 0, CHAP_BUF_SIZE);
789 ret = nvme_auth_submit(ctrl, chap->qid, chap->buf, CHAP_BUF_SIZE,
794 chap->qid, ret < 0 ? "error" : "nvme status", ret);
795 chap->error = ret;
798 ret = nvme_auth_receive_validate(ctrl, chap->qid,
799 chap->buf, chap->transaction,
802 chap->status = ret;
803 chap->error = -ECONNREFUSED;
811 __func__, chap->qid);
812 ret = nvme_auth_dhchap_setup_ctrl_response(ctrl, chap);
815 chap->error = ret;
821 ret = nvme_auth_process_dhchap_success1(ctrl, chap);
824 chap->error = -ECONNREFUSED;
828 if (chap->s2) {
831 __func__, chap->qid);
832 tl = nvme_auth_set_dhchap_success2_data(ctrl, chap);
833 ret = nvme_auth_submit(ctrl, chap->qid, chap->buf, tl, true);
835 chap->error = ret;
838 chap->error = 0;
843 if (chap->status == 0)
844 chap->status = NVME_AUTH_DHCHAP_FAILURE_FAILED;
846 __func__, chap->qid, chap->status);
847 tl = nvme_auth_set_dhchap_failure2_data(ctrl, chap);
848 ret = nvme_auth_submit(ctrl, chap->qid, chap->buf, tl, true);
853 if (ret && !chap->error)
854 chap->error = ret;
859 struct nvme_dhchap_queue_context *chap;
871 chap = &ctrl->dhchap_ctxs[qid];
872 cancel_work_sync(&chap->auth_work);
873 queue_work(nvme_auth_wq, &chap->auth_work);
880 struct nvme_dhchap_queue_context *chap;
883 chap = &ctrl->dhchap_ctxs[qid];
884 flush_work(&chap->auth_work);
885 ret = chap->error;
887 nvme_auth_reset_dhchap(chap);
943 struct nvme_dhchap_queue_context *chap;
963 sizeof(*chap), GFP_KERNEL);
970 chap = &ctrl->dhchap_ctxs[i];
971 chap->qid = i;
972 chap->ctrl = ctrl;
973 INIT_WORK(&chap->auth_work, nvme_queue_auth_work);
1020 nvme_chap_buf_cache = kmem_cache_create("nvme-chap-buf-cache",