xref: /linux/include/linux/nvme-auth.h (revision 06bc7ff0a1e0f2b0102e1314e3527a7ec0997851) 
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * Copyright (c) 2021 Hannes Reinecke, SUSE Software Solutions
4  */
5 
6 #ifndef _NVME_AUTH_H
7 #define _NVME_AUTH_H
8 
9 #include <crypto/kpp.h>
10 #include <crypto/sha2.h>
11 
12 struct nvme_dhchap_key {
13 	size_t len;
14 	u8 hash;
15 	u8 key[] __counted_by(len);
16 };
17 
18 u32 nvme_auth_get_seqnum(void);
19 const char *nvme_auth_dhgroup_name(u8 dhgroup_id);
20 const char *nvme_auth_dhgroup_kpp(u8 dhgroup_id);
21 u8 nvme_auth_dhgroup_id(const char *dhgroup_name);
22 
23 const char *nvme_auth_hmac_name(u8 hmac_id);
24 size_t nvme_auth_hmac_hash_len(u8 hmac_id);
25 u8 nvme_auth_hmac_id(const char *hmac_name);
26 struct nvme_auth_hmac_ctx {
27 	u8 hmac_id;
28 	union {
29 		struct hmac_sha256_ctx sha256;
30 		struct hmac_sha384_ctx sha384;
31 		struct hmac_sha512_ctx sha512;
32 	};
33 };
34 int nvme_auth_hmac_init(struct nvme_auth_hmac_ctx *hmac, u8 hmac_id,
35 			const u8 *key, size_t key_len);
36 void nvme_auth_hmac_update(struct nvme_auth_hmac_ctx *hmac, const u8 *data,
37 			   size_t data_len);
38 void nvme_auth_hmac_final(struct nvme_auth_hmac_ctx *hmac, u8 *out);
39 
40 u32 nvme_auth_key_struct_size(u32 key_len);
41 struct nvme_dhchap_key *nvme_auth_extract_key(const char *secret, u8 key_hash);
42 void nvme_auth_free_key(struct nvme_dhchap_key *key);
43 struct nvme_dhchap_key *nvme_auth_alloc_key(u32 len, u8 hash);
44 struct nvme_dhchap_key *nvme_auth_transform_key(
45 		const struct nvme_dhchap_key *key, const char *nqn);
46 int nvme_auth_parse_key(const char *secret, struct nvme_dhchap_key **ret_key);
47 int nvme_auth_augmented_challenge(u8 hmac_id, const u8 *skey, size_t skey_len,
48 				  const u8 *challenge, u8 *aug, size_t hlen);
49 int nvme_auth_gen_privkey(struct crypto_kpp *dh_tfm, u8 dh_gid);
50 int nvme_auth_gen_pubkey(struct crypto_kpp *dh_tfm,
51 			 u8 *host_key, size_t host_key_len);
52 int nvme_auth_gen_session_key(struct crypto_kpp *dh_tfm,
53 			      const u8 *public_key, size_t public_key_len,
54 			      u8 *sess_key, size_t sess_key_len, u8 hash_id);
55 int nvme_auth_generate_psk(u8 hmac_id, const u8 *skey, size_t skey_len,
56 			   const u8 *c1, const u8 *c2, size_t hash_len,
57 			   u8 **ret_psk, size_t *ret_len);
58 int nvme_auth_generate_digest(u8 hmac_id, const u8 *psk, size_t psk_len,
59 			      const char *subsysnqn, const char *hostnqn,
60 			      char **ret_digest);
61 int nvme_auth_derive_tls_psk(int hmac_id, const u8 *psk, size_t psk_len,
62 			     const char *psk_digest, u8 **ret_psk);
63 
64 #endif /* _NVME_AUTH_H */
65