Received: by 2002:a05:7412:251c:b0:e2:908c:2ebd with SMTP id w28csp2358035rda; Tue, 24 Oct 2023 23:32:46 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFeev2fQL5nw4GoGfObQCk5ZlXjuwrV241pyXFMbBkm1UeAWsdkbgTKAbtdK2W8kNzZtkyV X-Received: by 2002:a81:48c9:0:b0:5a7:af51:fa39 with SMTP id v192-20020a8148c9000000b005a7af51fa39mr18539608ywa.8.1698215566485; Tue, 24 Oct 2023 23:32:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698215566; cv=none; d=google.com; s=arc-20160816; b=b1zGjRarVizDVidzMvFspW51ba2JrY9GxGa4emxJ2XybdJB9sjWCumX4gi/LBVPpPS 7svWgH4cx+rqEGvfR5isWNkZnow5DQ4nYXUHgh1ckA7xbyh+xRiSACV8vYQKv03yFoCG 9zDxjOxbNbvebJmBwYIwBBbwH3V2L4ov4CYtgrvb+NpIMtWtZkV6JnM8jEGIZRH3dxoD ES0fEGyrLC3Kj7BLnrsO8Trz/ZAvE3a+ZzefVYsi+wqE21NNQQpLiRuTHxxrO02qualD WPAS5hCAxwJXgX/Ji+pP0q3D8+i87fCxhvGPajz+WA72PpP2oTycqRalvmHO98WnHLuo 8T/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature:dkim-signature; bh=2eyOR2CFpv/SAhARfMtejZArreUBoESwDX44f/FHnOw=; fh=Sg3QctNnffz09olm+k3+/xewvpIrPKG943V4dMChNiE=; b=O36zdTfqmDrXk3Jzc5e0szLjfeFXwuQOx0BpAXvNgjkoq95pX2JCyJudb2Ojudot2f 2TbcMu+bej8ZXuZZeF8QamoTu4maRAVZ1CD7mYR1fvpl0LtJ+mDI/HICliX17ebbs8ZR v5tSK12csjCSCnYyjx1BXmX6f+6IO5QEYEMpDbGga1abxzPWRo3zNzgPtHAGd2PCMslz srZbmwkJbygxpPejZieKw6LSgivgLvWO/5V8Z7sNYZAH0K8lTkVNGToywqr1nedwIZ8k b1dh44epPK1DAh86k3lOzo3gufKs4CzEDZTj2SgRmv33n/hvKBF9UW++/ThZ+7NoBFha wSsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=geDW+yuk; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id z16-20020a81a250000000b005702e516e67si11123498ywg.13.2023.10.24.23.32.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 23:32:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=geDW+yuk; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 367AD801B89E; Tue, 24 Oct 2023 23:32:43 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231542AbjJYGc3 (ORCPT + 99 others); Wed, 25 Oct 2023 02:32:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44096 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229688AbjJYGc1 (ORCPT ); Wed, 25 Oct 2023 02:32:27 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 96D7591 for ; Tue, 24 Oct 2023 23:32:25 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 6E99E21B76; Wed, 25 Oct 2023 06:32:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1698215543; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2eyOR2CFpv/SAhARfMtejZArreUBoESwDX44f/FHnOw=; b=geDW+yukR0pNPAkq5m4OBL38aZpFkPZ9dTyCurn2QuSV4rPyLYQMp5M67vZQPoRE5KIulK rrMFQOfeXaI1o8lhmMwrgghuKimDteFZm8gJ8QG1h3nLpUflAujUKLTu+0kPHE8UZf/nKb mP8qEx3AOPcaLmet5gbraFtoHzCK9kY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1698215543; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2eyOR2CFpv/SAhARfMtejZArreUBoESwDX44f/FHnOw=; b=yIz5+o3L/6NzeLJe9P4++SG8CF2S0C1vvsAUhuphn6srmT6JN3iq3DKPe2NjZ+jIDkuxkf 2ycmGrg9+kuHB4Dw== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 3561C13524; Wed, 25 Oct 2023 06:32:23 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id w66hC3e2OGV+RQAAMHmgww (envelope-from ); Wed, 25 Oct 2023 06:32:23 +0000 Message-ID: Date: Wed, 25 Oct 2023 08:32:22 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2 3/3] nvme-auth: always set valid seq_num in dhchap reply Content-Language: en-US To: Mark O'Donovan , linux-kernel@vger.kernel.org Cc: linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de, axboe@kernel.dk, kbusch@kernel.org References: <20231023140003.58019-1-shiftee@posteo.net> <20231023140003.58019-4-shiftee@posteo.net> From: Hannes Reinecke In-Reply-To: <20231023140003.58019-4-shiftee@posteo.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Authentication-Results: smtp-out1.suse.de; none X-Spam-Level: X-Spam-Score: -7.09 X-Spamd-Result: default: False [-7.09 / 50.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; XM_UA_NO_VERSION(0.01)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; BAYES_HAM(-3.00)[100.00%]; MIME_GOOD(-0.10)[text/plain]; NEURAL_HAM_LONG(-3.00)[-1.000]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCPT_COUNT_SEVEN(0.00)[7]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Tue, 24 Oct 2023 23:32:43 -0700 (PDT) On 10/23/23 16:00, Mark O'Donovan wrote: > Currently a seqnum of zero is sent during uni-directional > authentication. The zero value is reserved for the secure channel > feature which is not yet implemented. > > Relevant extract from the spec: > The value 0h is used to indicate that bidirectional authentication > is not performed, but a challenge value C2 is carried in order to > generate a pre-shared key (PSK) for subsequent establishment of a > secure channel > > Signed-off-by: Mark O'Donovan > > --- > v1: used incorrect prefix nvme-tcp > v2: added spec extract to commit message > > drivers/nvme/host/auth.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c > index 8558a02865ac..7f6b2e99a78c 100644 > --- a/drivers/nvme/host/auth.c > +++ b/drivers/nvme/host/auth.c > @@ -316,15 +316,14 @@ static int nvme_auth_set_dhchap_reply_data(struct nvme_ctrl *ctrl, > chap->bi_directional = true; > get_random_bytes(chap->c2, chap->hash_len); > data->cvalid = 1; > - chap->s2 = nvme_auth_get_seqnum(); > memcpy(data->rval + chap->hash_len, chap->c2, > chap->hash_len); > dev_dbg(ctrl->device, "%s: qid %d ctrl challenge %*ph\n", > __func__, chap->qid, (int)chap->hash_len, chap->c2); > } else { > memset(chap->c2, 0, chap->hash_len); > - chap->s2 = 0; > } > + chap->s2 = nvme_auth_get_seqnum(); > data->seqnum = cpu_to_le32(chap->s2); > if (chap->host_key_len) { > dev_dbg(ctrl->device, "%s: qid %d host public key %*ph\n", I guess you'll need to fix up nvmet, too, as this currently ignores 's2' when 'cvalid' is false. Cheers, Hannes -- Dr. Hannes Reinecke Kernel Storage Architect hare@suse.de +49 911 74053 688 SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman