Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp3601840pxt; Tue, 10 Aug 2021 07:16:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxj3C2a49uOAeR6XE/U3lQS65oYGido6myVOITEW3uaCQun7JTwHqmiwVgFIVLaI9Myv2xc X-Received: by 2002:a05:6000:1152:: with SMTP id d18mr30979572wrx.303.1628604991412; Tue, 10 Aug 2021 07:16:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628604991; cv=none; d=google.com; s=arc-20160816; b=0uEHF6WdyepuZzWXwNZ03qiXh26naQ6T9e93mvrmnsK2ToG5Ghmueu4C1VypL6VKNP vHJknGAyKsDnEIQnwA5aR2kcNahHWazKsyJFS/e1ACP/CwnYub77LY/6x/mlkJ4Wxdrm phlXWBCMcDAq8w86mgN9rs2cqqr9KTK+A6wcjt2hChv7AMONn28cACjZsqGi9hN7Chp9 l+xobC+qp6PwTIOAt5y0wt8+7Jsj8bm2yGBmjD29xpiSzGyw3jbBn6n7SR3Q/kAg1FYy cdIjKpmhovtHgnjyn9tDqkJwVamKcDnu3JgT8++1la5rDh9TgbpVW9kVDxPAopg6/aES XyWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-signature; bh=+RWp9TT74PI/W7gTm3C8We4/DOCgKW/4kX34e86Qrdo=; b=guuJa3TMs5QPUZvRCsOb52+ZZX9yQZVHFf1hsKFKJP/623uDQ1DPlmqyT2QcO8wX73 B48cSpWO69QHUKRcr2qL1uiu/oZENKIH2SCmDvY1ZrY2BAbgmZyf89Sd8wbK+AcG8RBL AGJcwUi1QsBx/zq4+n7/lw3nt/yVdQj2N0Be7BFeaYc7fcPzVw9xt5EubIZhDx53zw0C GQh1WI8Zfx6W5GTUE3iMigpf8HtrqLQ67oJe9uK0SCOfeUYLUUDkMF6QAjnQpR7xWbsp r5MXz/ME/UPENRJzzgujiuGoNzxSR1tKKwZ9lEGKhbX5qp9ghG4rvRlGeAG3m28bYSYm 4peg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=JtnXQUNA; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id sd19si6382290ejb.545.2021.08.10.07.16.05; Tue, 10 Aug 2021 07:16:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=JtnXQUNA; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240726AbhHJMnQ (ORCPT + 99 others); Tue, 10 Aug 2021 08:43:16 -0400 Received: from smtp-out1.suse.de ([195.135.220.28]:40772 "EHLO smtp-out1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240725AbhHJMnP (ORCPT ); Tue, 10 Aug 2021 08:43:15 -0400 Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 23D572205E; Tue, 10 Aug 2021 12:42:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1628599372; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+RWp9TT74PI/W7gTm3C8We4/DOCgKW/4kX34e86Qrdo=; b=JtnXQUNAdGycjXl6okGIRpDDbiFiDxlkpByQSTcVOp6eQuDvlI6k6lLPomVVG+S0wg5iRl 6rGUG3HRm2UrImMw3EWiqVirJFakTsaXmYZGZOsZi3TQ3zTg+x1QRr9vUtGwkH3ivuZATt GoL2VPoAa2UT3IsRAWkBK+t/xwXlO6M= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1628599372; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+RWp9TT74PI/W7gTm3C8We4/DOCgKW/4kX34e86Qrdo=; b=dilKpGujbrYsM4yCFVvjpUDWN6uJEo3poTz+FkHaHdWjeFTTkJLq8lP5I2dZJqQZU8GI/E bUe589jw29sXg2AQ== Received: from adalid.arch.suse.de (adalid.arch.suse.de [10.161.8.13]) by relay2.suse.de (Postfix) with ESMTP id 18687A3B8F; Tue, 10 Aug 2021 12:42:52 +0000 (UTC) Received: by adalid.arch.suse.de (Postfix, from userid 16045) id 692E5518C54A; Tue, 10 Aug 2021 14:42:50 +0200 (CEST) From: Hannes Reinecke To: Christoph Hellwig Cc: Sagi Grimberg , Keith Busch , Herbert Xu , "David S . Miller" , linux-nvme@lists.infradead.org, linux-crypto@vger.kernel.org, Hannes Reinecke Subject: [PATCH 05/13] nvme: add definitions for NVMe In-Band authentication Date: Tue, 10 Aug 2021 14:42:22 +0200 Message-Id: <20210810124230.12161-6-hare@suse.de> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210810124230.12161-1-hare@suse.de> References: <20210810124230.12161-1-hare@suse.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Signed-off-by: Hannes Reinecke --- include/linux/nvme.h | 186 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 185 insertions(+), 1 deletion(-) diff --git a/include/linux/nvme.h b/include/linux/nvme.h index b7c4c4130b65..e2142e3246eb 100644 --- a/include/linux/nvme.h +++ b/include/linux/nvme.h @@ -19,6 +19,7 @@ #define NVMF_TRSVCID_SIZE 32 #define NVMF_TRADDR_SIZE 256 #define NVMF_TSAS_SIZE 256 +#define NVMF_AUTH_HASH_LEN 64 #define NVME_DISC_SUBSYS_NAME "nqn.2014-08.org.nvmexpress.discovery" @@ -1263,6 +1264,8 @@ enum nvmf_capsule_command { nvme_fabrics_type_property_set = 0x00, nvme_fabrics_type_connect = 0x01, nvme_fabrics_type_property_get = 0x04, + nvme_fabrics_type_auth_send = 0x05, + nvme_fabrics_type_auth_receive = 0x06, }; #define nvme_fabrics_type_name(type) { type, #type } @@ -1270,7 +1273,9 @@ enum nvmf_capsule_command { __print_symbolic(type, \ nvme_fabrics_type_name(nvme_fabrics_type_property_set), \ nvme_fabrics_type_name(nvme_fabrics_type_connect), \ - nvme_fabrics_type_name(nvme_fabrics_type_property_get)) + nvme_fabrics_type_name(nvme_fabrics_type_property_get), \ + nvme_fabrics_type_name(nvme_fabrics_type_auth_send), \ + nvme_fabrics_type_name(nvme_fabrics_type_auth_receive)) /* * If not fabrics command, fctype will be ignored. @@ -1393,6 +1398,183 @@ struct nvmf_property_get_command { __u8 resv4[16]; }; +struct nvmf_auth_send_command { + __u8 opcode; + __u8 resv1; + __u16 command_id; + __u8 fctype; + __u8 resv2[19]; + union nvme_data_ptr dptr; + __u8 resv3; + __u8 spsp0; + __u8 spsp1; + __u8 secp; + __le32 tl; + __u8 resv4[16]; +}; + +struct nvmf_auth_receive_command { + __u8 opcode; + __u8 resv1; + __u16 command_id; + __u8 fctype; + __u8 resv2[19]; + union nvme_data_ptr dptr; + __u8 resv3; + __u8 spsp0; + __u8 spsp1; + __u8 secp; + __le32 al; + __u8 resv4[16]; +}; + +/* Value for secp */ +enum { + NVME_AUTH_DHCHAP_PROTOCOL_IDENTIFIER = 0xe9, +}; + +/* Defined value for auth_type */ +enum { + NVME_AUTH_COMMON_MESSAGES = 0x00, + NVME_AUTH_DHCHAP_MESSAGES = 0x01, +}; + +/* Defined messages for auth_id */ +enum { + NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE = 0x00, + NVME_AUTH_DHCHAP_MESSAGE_CHALLENGE = 0x01, + NVME_AUTH_DHCHAP_MESSAGE_REPLY = 0x02, + NVME_AUTH_DHCHAP_MESSAGE_SUCCESS1 = 0x03, + NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2 = 0x04, + NVME_AUTH_DHCHAP_MESSAGE_FAILURE2 = 0xf0, + NVME_AUTH_DHCHAP_MESSAGE_FAILURE1 = 0xf1, +}; + +struct nvmf_auth_dhchap_protocol_descriptor { + __u8 authid; + __u8 rsvd; + __u8 halen; + __u8 dhlen; + __u8 idlist[60]; +}; + +enum { + NVME_AUTH_DHCHAP_AUTH_ID = 0x01, +}; + +/* Defined hash functions for DH-HMAC-CHAP authentication */ +enum { + NVME_AUTH_DHCHAP_SHA256 = 0x01, + NVME_AUTH_DHCHAP_SHA384 = 0x02, + NVME_AUTH_DHCHAP_SHA512 = 0x03, +}; + +/* Defined Diffie-Hellman group identifiers for DH-HMAC-CHAP authentication */ +enum { + NVME_AUTH_DHCHAP_DHGROUP_NULL = 0x00, + NVME_AUTH_DHCHAP_DHGROUP_2048 = 0x01, + NVME_AUTH_DHCHAP_DHGROUP_3072 = 0x02, + NVME_AUTH_DHCHAP_DHGROUP_4096 = 0x03, + NVME_AUTH_DHCHAP_DHGROUP_6144 = 0x04, + NVME_AUTH_DHCHAP_DHGROUP_8192 = 0x05, +}; + +union nvmf_auth_protocol { + struct nvmf_auth_dhchap_protocol_descriptor dhchap; +}; + +struct nvmf_auth_dhchap_negotiate_data { + __u8 auth_type; + __u8 auth_id; + __le16 rsvd; + __le16 t_id; + __u8 sc_c; + __u8 napd; + union nvmf_auth_protocol auth_protocol[]; +}; + +struct nvmf_auth_dhchap_challenge_data { + __u8 auth_type; + __u8 auth_id; + __u16 rsvd1; + __le16 t_id; + __u8 hl; + __u8 rsvd2; + __u8 hashid; + __u8 dhgid; + __le16 dhvlen; + __le32 seqnum; + /* 'hl' bytes of challenge value */ + __u8 cval[]; + /* followed by 'dhvlen' bytes of DH value */ +}; + +struct nvmf_auth_dhchap_reply_data { + __u8 auth_type; + __u8 auth_id; + __le16 rsvd1; + __le16 t_id; + __u8 hl; + __u8 rsvd2; + __u8 cvalid; + __u8 rsvd3; + __le16 dhvlen; + __le32 seqnum; + /* 'hl' bytes of response data */ + __u8 rval[]; + /* followed by 'hl' bytes of Challenge value */ + /* followed by 'dhvlen' bytes of DH value */ +}; + +enum { + NVME_AUTH_DHCHAP_RESPONSE_VALID = (1 << 0), +}; + +struct nvmf_auth_dhchap_success1_data { + __u8 auth_type; + __u8 auth_id; + __le16 rsvd1; + __le16 t_id; + __u8 hl; + __u8 rsvd2; + __u8 rvalid; + __u8 rsvd3[7]; + /* 'hl' bytes of response value if 'rvalid' is set */ + __u8 rval[]; +}; + +struct nvmf_auth_dhchap_success2_data { + __u8 auth_type; + __u8 auth_id; + __le16 rsvd1; + __le16 t_id; + __u8 rsvd2[10]; +}; + +struct nvmf_auth_dhchap_failure_data { + __u8 auth_type; + __u8 auth_id; + __le16 rsvd1; + __le16 t_id; + __u8 rescode; + __u8 rescode_exp; +}; + +enum { + NVME_AUTH_DHCHAP_FAILURE_REASON_FAILED = 0x01, +}; + +enum { + NVME_AUTH_DHCHAP_FAILURE_FAILED = 0x01, + NVME_AUTH_DHCHAP_FAILURE_NOT_USABLE = 0x02, + NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH = 0x03, + NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE = 0x04, + NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE = 0x05, + NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD = 0x06, + NVME_AUTH_DHCHAP_FAILURE_INCORRECT_MESSAGE = 0x07, +}; + + struct nvme_dbbuf { __u8 opcode; __u8 flags; @@ -1436,6 +1618,8 @@ struct nvme_command { struct nvmf_connect_command connect; struct nvmf_property_set_command prop_set; struct nvmf_property_get_command prop_get; + struct nvmf_auth_send_command auth_send; + struct nvmf_auth_receive_command auth_receive; struct nvme_dbbuf dbbuf; struct nvme_directive_cmd directive; }; -- 2.29.2