Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp1199675pxv; Fri, 16 Jul 2021 04:06:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwLNvvbvSKDKZ4/sotPTmXkXYLecUS1kQkjRMs0sdhM1DqViMh/zgMatnDx8iAdYCEbgnlK X-Received: by 2002:a5d:914a:: with SMTP id y10mr7108536ioq.140.1626433564375; Fri, 16 Jul 2021 04:06:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626433564; cv=none; d=google.com; s=arc-20160816; b=E7Kl49vnIm3TEQdwn9iMjweSQvRGLB8faDrWCyaKMF458zdLkIiCJXZi3gRGyXKv1f L9sAXK/WQtcbc6gHzwpnaf3cCqx1EIl7eOJAOWKz4QljmgQv367b2xClMHoq0AQOKzEL +sx2UhndKpJmg/uDtKvOp/UWEjZXQ3DKuD1E0sz6Lt/S3heyf5Iv7LpjlnqumSVZbkJd ygDFMK65cpnQ73+34I+lNUTXAu+XebIdmtumegAnE6QTz5bMNKIPIljx6pmAM6wY43sw 8d/+1aUAh0PAPvy0CFAGl8TNGDY6vw/+i2krpoC2cQbERRvmploj2Zgk8A1PXCfxY//e kPLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-signature; bh=rqxozhLBJMzXENHdmmUKHtrkpmCxpVvzwbM5zntJ/Lc=; b=zIN9Bv9J8B40MvAncyRIznfLULvLS7L8K1JIwlDRmFcUGmZPdnwQyZeopjqdbHMFIr PCsTT3UivRS/ILh3qooRrtwUBREPE3GIoJ6t93ovMOOkIlpW+0uzja3xDW+mdNa8xfzY 7qrVSMS0SW+3KhazTS0yz/B+2n5YV6B+3d7tvVpT5Vr6u5mfCtVDj1luf2NDIqPaHRsl 0S0ycgZVu+hrBcIe/5w12Sw4uNb74VMr+Bk9hetDoynUOZGhuofYAQu9Dxjj90N2h0PQ Yis+kJI/AizXdvYTHZG8gC5imY/VhcrUQY4rrXkbsVok5NdO8FbJ/nmTlUbI3dQRk8VB bL0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=spMiS2wy; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w5si10866093ilu.14.2021.07.16.04.05.46; Fri, 16 Jul 2021 04:06:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=spMiS2wy; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232048AbhGPLHv (ORCPT + 99 others); Fri, 16 Jul 2021 07:07:51 -0400 Received: from smtp-out2.suse.de ([195.135.220.29]:46850 "EHLO smtp-out2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232103AbhGPLHi (ORCPT ); Fri, 16 Jul 2021 07:07:38 -0400 Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out2.suse.de (Postfix) with ESMTP id 56E89205D4; Fri, 16 Jul 2021 11:04:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1626433482; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rqxozhLBJMzXENHdmmUKHtrkpmCxpVvzwbM5zntJ/Lc=; b=spMiS2wyo87Zo14k3/peX8YCk9WXrVrNDJUZOYXzvN0iK1YWbRWPnV3BUFu5U3OGvgvvX8 2Pke3kq0jB5kKqlwYaLFVLWuHCxfxQuWO5xZqojeCZodo7xQhaaGdIvd/rpDhIjQCLJtyd TrCdS083vsrCYioEwfpajcDTRo2guuU= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1626433482; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rqxozhLBJMzXENHdmmUKHtrkpmCxpVvzwbM5zntJ/Lc=; b=CxS11aGMGQYginryk5N7w73sNCalJ8jS9PbZ79UnfzWCEkAGobOb2AAGYol08orzSKJ7yB 3qgOCrV9w2AevXCw== Received: from adalid.arch.suse.de (adalid.arch.suse.de [10.161.8.13]) by relay2.suse.de (Postfix) with ESMTP id 47557A3BB9; Fri, 16 Jul 2021 11:04:42 +0000 (UTC) Received: by adalid.arch.suse.de (Postfix, from userid 16045) id 8B050517160E; Fri, 16 Jul 2021 13:04:41 +0200 (CEST) From: Hannes Reinecke To: Christoph Hellwig Cc: Sagi Grimberg , Keith Busch , linux-nvme@lists.infradead.org, Herbert Xu , "David S . Miller" , linux-crypto@vger.kernel.org, Hannes Reinecke Subject: [PATCH 05/11] nvme: add definitions for NVMe In-Band authentication Date: Fri, 16 Jul 2021 13:04:22 +0200 Message-Id: <20210716110428.9727-6-hare@suse.de> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210716110428.9727-1-hare@suse.de> References: <20210716110428.9727-1-hare@suse.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Signed-off-by: Hannes Reinecke --- include/linux/nvme.h | 185 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 184 insertions(+), 1 deletion(-) diff --git a/include/linux/nvme.h b/include/linux/nvme.h index b7c4c4130b65..7b94abacfd08 100644 --- a/include/linux/nvme.h +++ b/include/linux/nvme.h @@ -19,6 +19,7 @@ #define NVMF_TRSVCID_SIZE 32 #define NVMF_TRADDR_SIZE 256 #define NVMF_TSAS_SIZE 256 +#define NVMF_AUTH_HASH_LEN 64 #define NVME_DISC_SUBSYS_NAME "nqn.2014-08.org.nvmexpress.discovery" @@ -1263,6 +1264,8 @@ enum nvmf_capsule_command { nvme_fabrics_type_property_set = 0x00, nvme_fabrics_type_connect = 0x01, nvme_fabrics_type_property_get = 0x04, + nvme_fabrics_type_auth_send = 0x05, + nvme_fabrics_type_auth_receive = 0x06, }; #define nvme_fabrics_type_name(type) { type, #type } @@ -1270,7 +1273,9 @@ enum nvmf_capsule_command { __print_symbolic(type, \ nvme_fabrics_type_name(nvme_fabrics_type_property_set), \ nvme_fabrics_type_name(nvme_fabrics_type_connect), \ - nvme_fabrics_type_name(nvme_fabrics_type_property_get)) + nvme_fabrics_type_name(nvme_fabrics_type_property_get), \ + nvme_fabrics_type_name(nvme_fabrics_type_auth_send), \ + nvme_fabrics_type_name(nvme_fabrics_type_auth_receive)) /* * If not fabrics command, fctype will be ignored. @@ -1393,6 +1398,182 @@ struct nvmf_property_get_command { __u8 resv4[16]; }; +struct nvmf_auth_send_command { + __u8 opcode; + __u8 resv1; + __u16 command_id; + __u8 fctype; + __u8 resv2[19]; + union nvme_data_ptr dptr; + __u8 resv3; + __u8 spsp0; + __u8 spsp1; + __u8 secp; + __le32 tl; + __u8 resv4[12]; + +}; + +struct nvmf_auth_receive_command { + __u8 opcode; + __u8 resv1; + __u16 command_id; + __u8 fctype; + __u8 resv2[19]; + union nvme_data_ptr dptr; + __u8 resv3; + __u8 spsp0; + __u8 spsp1; + __u8 secp; + __le32 al; + __u8 resv4[12]; +}; + +/* Value for secp */ +enum { + NVME_AUTH_DHCHAP_PROTOCOL_IDENTIFIER = 0xe9, +}; + +/* Defined value for auth_type */ +enum { + NVME_AUTH_COMMON_MESSAGES = 0x00, + NVME_AUTH_DHCHAP_MESSAGES = 0x01, +}; + +/* Defined messages for auth_id */ +enum { + NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE = 0x00, + NVME_AUTH_DHCHAP_MESSAGE_CHALLENGE = 0x01, + NVME_AUTH_DHCHAP_MESSAGE_REPLY = 0x02, + NVME_AUTH_DHCHAP_MESSAGE_SUCCESS1 = 0x03, + NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2 = 0x04, + NVME_AUTH_DHCHAP_MESSAGE_FAILURE2 = 0xf0, + NVME_AUTH_DHCHAP_MESSAGE_FAILURE1 = 0xf1, +}; + +struct nvmf_auth_dhchap_protocol_descriptor { + __u8 authid; + __u8 rsvd; + __u8 halen; + __u8 dhlen; + __u8 idlist[60]; +}; + +enum { + NVME_AUTH_DHCHAP_AUTH_ID = 0x01, +}; + +enum { + NVME_AUTH_DHCHAP_HASH_SHA256 = 0x01, + NVME_AUTH_DHCHAP_HASH_SHA384 = 0x02, + NVME_AUTH_DHCHAP_HASH_SHA512 = 0x03, +}; + +enum { + NVME_AUTH_DHCHAP_DHGROUP_NULL = 0x00, + NVME_AUTH_DHCHAP_DHGROUP_2048 = 0x01, + NVME_AUTH_DHCHAP_DHGROUP_3072 = 0x02, + NVME_AUTH_DHCHAP_DHGROUP_4096 = 0x03, + NVME_AUTH_DHCHAP_DHGROUP_6144 = 0x04, + NVME_AUTH_DHCHAP_DHGROUP_8192 = 0x05, +}; + +union nvmf_auth_protocol { + struct nvmf_auth_dhchap_protocol_descriptor dhchap; +}; + +struct nvmf_auth_dhchap_negotiate_data { + __u8 auth_type; + __u8 auth_id; + __u8 rsvd[2]; + __le16 t_id; + __u8 sc_c; + __u8 napd; + union nvmf_auth_protocol auth_protocol[]; +}; + +struct nvmf_auth_dhchap_challenge_data { + __u8 auth_type; + __u8 auth_id; + __u8 rsvd1[2]; + __le16 t_id; + __u8 hl; + __u8 rsvd2; + __u8 hashid; + __u8 dhgid; + __le16 dhvlen; + __le32 seqnum; + /* 'hl' bytes of challenge value */ + __u8 cval[]; + /* followed by 'dhvlen' bytes of DH value */ +}; + +struct nvmf_auth_dhchap_reply_data { + __u8 auth_type; + __u8 auth_id; + __u8 rsvd1[2]; + __le16 t_id; + __u8 hl; + __u8 rsvd2; + __u8 cvalid; + __u8 rsvd3; + __le16 dhvlen; + __le32 seqnum; + /* 'hl' bytes of response data */ + __u8 rval[]; + /* followed by 'hl' bytes of Challenge value */ + /* followed by 'dhvlen' bytes of DH value */ +}; + +enum { + NVME_AUTH_DHCHAP_RESPONSE_VALID = (1 << 0), +}; + +struct nvmf_auth_dhchap_success1_data { + __u8 auth_type; + __u8 auth_id; + __u8 rsvd1[2]; + __le16 t_id; + __u8 hl; + __u8 rsvd2; + __u8 rvalid; + __u8 rsvd3[7]; + /* 'hl' bytes of response value if 'rvalid' is set */ + __u8 rval[]; +}; + +struct nvmf_auth_dhchap_success2_data { + __u8 auth_type; + __u8 auth_id; + __u8 rsvd1[2]; + __le16 t_id; + __u8 rsvd2[10]; +}; + +struct nvmf_auth_dhchap_failure_data { + __u8 auth_type; + __u8 auth_id; + __u8 rsvd1[2]; + __le16 t_id; + __u8 reason_code; + __u8 reason_code_explanation; +}; + +enum { + NVME_AUTH_DHCHAP_FAILURE_REASON_FAILED = 0x01, +}; + +enum { + NVME_AUTH_DHCHAP_FAILURE_FAILED = 0x01, + NVME_AUTH_DHCHAP_FAILURE_NOT_USABLE = 0x02, + NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH = 0x03, + NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE = 0x04, + NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE = 0x05, + NVME_AUTH_DHCHAP_FAILURE_INVALID_PAYLOAD = 0x06, + NVME_AUTH_DHCHAP_FAILURE_INVALID_MESSAGE = 0x07, +}; + + struct nvme_dbbuf { __u8 opcode; __u8 flags; @@ -1436,6 +1617,8 @@ struct nvme_command { struct nvmf_connect_command connect; struct nvmf_property_set_command prop_set; struct nvmf_property_get_command prop_get; + struct nvmf_auth_send_command auth_send; + struct nvmf_auth_receive_command auth_receive; struct nvme_dbbuf dbbuf; struct nvme_directive_cmd directive; }; -- 2.29.2