1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * NVMe over Fabrics DH-HMAC-CHAP authentication command handling. 4 * Copyright (c) 2020 Hannes Reinecke, SUSE Software Solutions. 5 * All rights reserved. 6 */ 7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 8 #include <linux/blkdev.h> 9 #include <linux/random.h> 10 #include <linux/nvme-auth.h> 11 #include <crypto/kpp.h> 12 #include "nvmet.h" 13 14 static void nvmet_auth_expired_work(struct work_struct *work) 15 { 16 struct nvmet_sq *sq = container_of(to_delayed_work(work), 17 struct nvmet_sq, auth_expired_work); 18 19 pr_debug("%s: ctrl %d qid %d transaction %u expired, resetting\n", 20 __func__, sq->ctrl->cntlid, sq->qid, sq->dhchap_tid); 21 sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE; 22 sq->dhchap_tid = -1; 23 } 24 25 void nvmet_auth_sq_init(struct nvmet_sq *sq) 26 { 27 /* Initialize in-band authentication */ 28 INIT_DELAYED_WORK(&sq->auth_expired_work, nvmet_auth_expired_work); 29 sq->authenticated = false; 30 sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE; 31 } 32 33 static u8 nvmet_auth_negotiate(struct nvmet_req *req, void *d) 34 { 35 struct nvmet_ctrl *ctrl = req->sq->ctrl; 36 struct nvmf_auth_dhchap_negotiate_data *data = d; 37 int i, hash_id = 0, fallback_hash_id = 0, dhgid, fallback_dhgid; 38 39 pr_debug("%s: ctrl %d qid %d: data sc_d %d napd %d authid %d halen %d dhlen %d\n", 40 __func__, ctrl->cntlid, req->sq->qid, 41 data->sc_c, data->napd, data->auth_protocol[0].dhchap.authid, 42 data->auth_protocol[0].dhchap.halen, 43 data->auth_protocol[0].dhchap.dhlen); 44 req->sq->dhchap_tid = le16_to_cpu(data->t_id); 45 req->sq->sc_c = data->sc_c; 46 if (data->sc_c != NVME_AUTH_SECP_NOSC) { 47 if (!IS_ENABLED(CONFIG_NVME_TARGET_TCP_TLS)) 48 return NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH; 49 /* Secure concatenation can only be enabled on the admin queue */ 50 if (req->sq->qid) 51 return NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH; 52 switch (data->sc_c) { 53 case NVME_AUTH_SECP_NEWTLSPSK: 54 if (nvmet_queue_tls_keyid(req->sq)) 55 return NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH; 56 break; 57 case NVME_AUTH_SECP_REPLACETLSPSK: 58 if (!nvmet_queue_tls_keyid(req->sq)) 59 return NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH; 60 break; 61 default: 62 return NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH; 63 } 64 ctrl->concat = true; 65 } 66 67 if (data->napd != 1) 68 return NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE; 69 70 if (data->auth_protocol[0].dhchap.authid != 71 NVME_AUTH_DHCHAP_AUTH_ID) 72 return NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD; 73 74 for (i = 0; i < data->auth_protocol[0].dhchap.halen; i++) { 75 u8 host_hmac_id = data->auth_protocol[0].dhchap.idlist[i]; 76 77 if (!fallback_hash_id && nvme_auth_hmac_hash_len(host_hmac_id)) 78 fallback_hash_id = host_hmac_id; 79 if (ctrl->shash_id != host_hmac_id) 80 continue; 81 hash_id = ctrl->shash_id; 82 break; 83 } 84 if (hash_id == 0) { 85 if (fallback_hash_id == 0) { 86 pr_debug("%s: ctrl %d qid %d: no usable hash found\n", 87 __func__, ctrl->cntlid, req->sq->qid); 88 return NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE; 89 } 90 pr_debug("%s: ctrl %d qid %d: no usable hash found, falling back to %s\n", 91 __func__, ctrl->cntlid, req->sq->qid, 92 nvme_auth_hmac_name(fallback_hash_id)); 93 ctrl->shash_id = fallback_hash_id; 94 } 95 96 dhgid = -1; 97 fallback_dhgid = -1; 98 for (i = 0; i < data->auth_protocol[0].dhchap.dhlen; i++) { 99 int tmp_dhgid = data->auth_protocol[0].dhchap.idlist[i + 30]; 100 101 if (tmp_dhgid != ctrl->dh_gid) { 102 dhgid = tmp_dhgid; 103 break; 104 } 105 if (fallback_dhgid < 0) { 106 const char *kpp = nvme_auth_dhgroup_kpp(tmp_dhgid); 107 108 if (crypto_has_kpp(kpp, 0, 0)) 109 fallback_dhgid = tmp_dhgid; 110 } 111 } 112 if (dhgid < 0) { 113 if (fallback_dhgid < 0) { 114 pr_debug("%s: ctrl %d qid %d: no usable DH group found\n", 115 __func__, ctrl->cntlid, req->sq->qid); 116 return NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE; 117 } 118 pr_debug("%s: ctrl %d qid %d: configured DH group %s not found\n", 119 __func__, ctrl->cntlid, req->sq->qid, 120 nvme_auth_dhgroup_name(fallback_dhgid)); 121 ctrl->dh_gid = fallback_dhgid; 122 } 123 if (ctrl->dh_gid == NVME_AUTH_DHGROUP_NULL && ctrl->concat) { 124 pr_debug("%s: ctrl %d qid %d: NULL DH group invalid " 125 "for secure channel concatenation\n", __func__, 126 ctrl->cntlid, req->sq->qid); 127 return NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH; 128 } 129 pr_debug("%s: ctrl %d qid %d: selected DH group %s (%d)\n", 130 __func__, ctrl->cntlid, req->sq->qid, 131 nvme_auth_dhgroup_name(ctrl->dh_gid), ctrl->dh_gid); 132 return 0; 133 } 134 135 static u8 nvmet_auth_reply(struct nvmet_req *req, void *d, u32 tl) 136 { 137 struct nvmet_ctrl *ctrl = req->sq->ctrl; 138 struct nvmf_auth_dhchap_reply_data *data = d; 139 u16 dhvlen; 140 u8 *response; 141 142 if (tl < sizeof(*data)) 143 return NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD; 144 145 dhvlen = le16_to_cpu(data->dhvlen); 146 147 /* Validate that hl and dhvlen fit within the transfer length */ 148 if (sizeof(*data) + 2 * (size_t)data->hl + dhvlen > tl) 149 return NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD; 150 151 pr_debug("%s: ctrl %d qid %d: data hl %d cvalid %d dhvlen %u\n", 152 __func__, ctrl->cntlid, req->sq->qid, 153 data->hl, data->cvalid, dhvlen); 154 155 if (dhvlen) { 156 if (!ctrl->dh_tfm) 157 return NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD; 158 if (nvmet_auth_ctrl_sesskey(req, data->rval + 2 * data->hl, 159 dhvlen) < 0) 160 return NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE; 161 } 162 163 response = kmalloc(data->hl, GFP_KERNEL); 164 if (!response) 165 return NVME_AUTH_DHCHAP_FAILURE_FAILED; 166 167 if (!ctrl->host_key) { 168 pr_warn("ctrl %d qid %d no host key\n", 169 ctrl->cntlid, req->sq->qid); 170 kfree(response); 171 return NVME_AUTH_DHCHAP_FAILURE_FAILED; 172 } 173 if (nvmet_auth_host_hash(req, response, data->hl) < 0) { 174 pr_debug("ctrl %d qid %d host hash failed\n", 175 ctrl->cntlid, req->sq->qid); 176 kfree(response); 177 return NVME_AUTH_DHCHAP_FAILURE_FAILED; 178 } 179 180 if (memcmp(data->rval, response, data->hl)) { 181 pr_info("ctrl %d qid %d host response mismatch\n", 182 ctrl->cntlid, req->sq->qid); 183 pr_debug("ctrl %d qid %d rval %*ph\n", 184 ctrl->cntlid, req->sq->qid, data->hl, data->rval); 185 pr_debug("ctrl %d qid %d response %*ph\n", 186 ctrl->cntlid, req->sq->qid, data->hl, response); 187 kfree(response); 188 return NVME_AUTH_DHCHAP_FAILURE_FAILED; 189 } 190 kfree(response); 191 pr_debug("%s: ctrl %d qid %d host authenticated\n", 192 __func__, ctrl->cntlid, req->sq->qid); 193 if (!data->cvalid && ctrl->concat) { 194 pr_debug("%s: ctrl %d qid %d invalid challenge\n", 195 __func__, ctrl->cntlid, req->sq->qid); 196 return NVME_AUTH_DHCHAP_FAILURE_FAILED; 197 } 198 req->sq->dhchap_s2 = le32_to_cpu(data->seqnum); 199 if (data->cvalid) { 200 req->sq->dhchap_c2 = kmemdup(data->rval + data->hl, data->hl, 201 GFP_KERNEL); 202 if (!req->sq->dhchap_c2) 203 return NVME_AUTH_DHCHAP_FAILURE_FAILED; 204 205 pr_debug("%s: ctrl %d qid %d challenge %*ph\n", 206 __func__, ctrl->cntlid, req->sq->qid, data->hl, 207 req->sq->dhchap_c2); 208 } 209 /* 210 * NVMe Base Spec 2.2 section 8.3.4.5.4: DH-HMAC-CHAP_Reply message 211 * Sequence Number (SEQNUM): [ .. ] 212 * The value 0h is used to indicate that bidirectional authentication 213 * is not performed, but a challenge value C2 is carried in order to 214 * generate a pre-shared key (PSK) for subsequent establishment of a 215 * secure channel. 216 */ 217 if (req->sq->dhchap_s2 == 0) { 218 if (ctrl->concat) 219 nvmet_auth_insert_psk(req->sq); 220 req->sq->authenticated = true; 221 kfree(req->sq->dhchap_c2); 222 req->sq->dhchap_c2 = NULL; 223 } else if (!data->cvalid) 224 req->sq->authenticated = true; 225 226 return 0; 227 } 228 229 static u8 nvmet_auth_failure2(void *d) 230 { 231 struct nvmf_auth_dhchap_failure_data *data = d; 232 233 return data->rescode_exp; 234 } 235 236 u32 nvmet_auth_send_data_len(struct nvmet_req *req) 237 { 238 return le32_to_cpu(req->cmd->auth_send.tl); 239 } 240 241 void nvmet_execute_auth_send(struct nvmet_req *req) 242 { 243 struct nvmet_ctrl *ctrl = req->sq->ctrl; 244 struct nvmf_auth_dhchap_success2_data *data; 245 void *d; 246 u32 tl; 247 u16 status = 0; 248 u8 dhchap_status; 249 250 if (req->cmd->auth_send.secp != NVME_AUTH_DHCHAP_PROTOCOL_IDENTIFIER) { 251 status = NVME_SC_INVALID_FIELD | NVME_STATUS_DNR; 252 req->error_loc = 253 offsetof(struct nvmf_auth_send_command, secp); 254 goto done; 255 } 256 if (req->cmd->auth_send.spsp0 != 0x01) { 257 status = NVME_SC_INVALID_FIELD | NVME_STATUS_DNR; 258 req->error_loc = 259 offsetof(struct nvmf_auth_send_command, spsp0); 260 goto done; 261 } 262 if (req->cmd->auth_send.spsp1 != 0x01) { 263 status = NVME_SC_INVALID_FIELD | NVME_STATUS_DNR; 264 req->error_loc = 265 offsetof(struct nvmf_auth_send_command, spsp1); 266 goto done; 267 } 268 tl = nvmet_auth_send_data_len(req); 269 if (!tl) { 270 status = NVME_SC_INVALID_FIELD | NVME_STATUS_DNR; 271 req->error_loc = 272 offsetof(struct nvmf_auth_send_command, tl); 273 goto done; 274 } 275 if (!nvmet_check_transfer_len(req, tl)) { 276 pr_debug("%s: transfer length mismatch (%u)\n", __func__, tl); 277 return; 278 } 279 280 d = kmalloc(tl, GFP_KERNEL); 281 if (!d) { 282 status = NVME_SC_INTERNAL; 283 goto done; 284 } 285 286 status = nvmet_copy_from_sgl(req, 0, d, tl); 287 if (status) 288 goto done_kfree; 289 290 data = d; 291 pr_debug("%s: ctrl %d qid %d type %d id %d step %x\n", __func__, 292 ctrl->cntlid, req->sq->qid, data->auth_type, data->auth_id, 293 req->sq->dhchap_step); 294 if (data->auth_type != NVME_AUTH_COMMON_MESSAGES && 295 data->auth_type != NVME_AUTH_DHCHAP_MESSAGES) 296 goto done_failure1; 297 if (data->auth_type == NVME_AUTH_COMMON_MESSAGES) { 298 if (data->auth_id == NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE) { 299 /* Restart negotiation */ 300 pr_debug("%s: ctrl %d qid %d reset negotiation\n", 301 __func__, ctrl->cntlid, req->sq->qid); 302 if (!req->sq->qid) { 303 dhchap_status = nvmet_setup_auth(ctrl, req->sq, 304 true); 305 if (dhchap_status) { 306 pr_err("ctrl %d qid 0 failed to setup re-authentication\n", 307 ctrl->cntlid); 308 req->sq->dhchap_status = dhchap_status; 309 req->sq->dhchap_step = 310 NVME_AUTH_DHCHAP_MESSAGE_FAILURE1; 311 goto done_kfree; 312 } 313 } 314 req->sq->dhchap_step = 315 NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE; 316 } else if (data->auth_id != req->sq->dhchap_step) 317 goto done_failure1; 318 /* Validate negotiation parameters */ 319 dhchap_status = nvmet_auth_negotiate(req, d); 320 if (dhchap_status == 0) 321 req->sq->dhchap_step = 322 NVME_AUTH_DHCHAP_MESSAGE_CHALLENGE; 323 else { 324 req->sq->dhchap_step = 325 NVME_AUTH_DHCHAP_MESSAGE_FAILURE1; 326 req->sq->dhchap_status = dhchap_status; 327 } 328 goto done_kfree; 329 } 330 if (data->auth_id != req->sq->dhchap_step) { 331 pr_debug("%s: ctrl %d qid %d step mismatch (%d != %d)\n", 332 __func__, ctrl->cntlid, req->sq->qid, 333 data->auth_id, req->sq->dhchap_step); 334 goto done_failure1; 335 } 336 if (le16_to_cpu(data->t_id) != req->sq->dhchap_tid) { 337 pr_debug("%s: ctrl %d qid %d invalid transaction %d (expected %d)\n", 338 __func__, ctrl->cntlid, req->sq->qid, 339 le16_to_cpu(data->t_id), 340 req->sq->dhchap_tid); 341 req->sq->dhchap_step = 342 NVME_AUTH_DHCHAP_MESSAGE_FAILURE1; 343 req->sq->dhchap_status = 344 NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD; 345 goto done_kfree; 346 } 347 348 switch (data->auth_id) { 349 case NVME_AUTH_DHCHAP_MESSAGE_REPLY: 350 dhchap_status = nvmet_auth_reply(req, d, tl); 351 if (dhchap_status == 0) 352 req->sq->dhchap_step = 353 NVME_AUTH_DHCHAP_MESSAGE_SUCCESS1; 354 else { 355 req->sq->dhchap_step = 356 NVME_AUTH_DHCHAP_MESSAGE_FAILURE1; 357 req->sq->dhchap_status = dhchap_status; 358 } 359 goto done_kfree; 360 case NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2: 361 if (ctrl->concat) 362 nvmet_auth_insert_psk(req->sq); 363 req->sq->authenticated = true; 364 pr_debug("%s: ctrl %d qid %d ctrl authenticated\n", 365 __func__, ctrl->cntlid, req->sq->qid); 366 goto done_kfree; 367 case NVME_AUTH_DHCHAP_MESSAGE_FAILURE2: 368 dhchap_status = nvmet_auth_failure2(d); 369 if (dhchap_status) { 370 pr_warn("ctrl %d qid %d: authentication failed (%d)\n", 371 ctrl->cntlid, req->sq->qid, dhchap_status); 372 req->sq->dhchap_status = dhchap_status; 373 req->sq->authenticated = false; 374 } 375 goto done_kfree; 376 default: 377 req->sq->dhchap_status = 378 NVME_AUTH_DHCHAP_FAILURE_INCORRECT_MESSAGE; 379 req->sq->dhchap_step = 380 NVME_AUTH_DHCHAP_MESSAGE_FAILURE2; 381 req->sq->authenticated = false; 382 goto done_kfree; 383 } 384 done_failure1: 385 req->sq->dhchap_status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_MESSAGE; 386 req->sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_FAILURE2; 387 388 done_kfree: 389 kfree(d); 390 done: 391 pr_debug("%s: ctrl %d qid %d dhchap status %x step %x\n", __func__, 392 ctrl->cntlid, req->sq->qid, 393 req->sq->dhchap_status, req->sq->dhchap_step); 394 if (status) 395 pr_debug("%s: ctrl %d qid %d nvme status %x error loc %d\n", 396 __func__, ctrl->cntlid, req->sq->qid, 397 status, req->error_loc); 398 if (req->sq->dhchap_step != NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2 && 399 req->sq->dhchap_step != NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) { 400 unsigned long auth_expire_secs = ctrl->kato ? ctrl->kato : 120; 401 402 mod_delayed_work(system_percpu_wq, &req->sq->auth_expired_work, 403 auth_expire_secs * HZ); 404 goto complete; 405 } 406 /* Final states, clear up variables */ 407 nvmet_auth_sq_free(req->sq); 408 if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) 409 nvmet_ctrl_fatal_error(ctrl); 410 411 complete: 412 nvmet_req_complete(req, status); 413 } 414 415 static int nvmet_auth_challenge(struct nvmet_req *req, void *d, int al) 416 { 417 struct nvmf_auth_dhchap_challenge_data *data = d; 418 struct nvmet_ctrl *ctrl = req->sq->ctrl; 419 int ret = 0; 420 int hash_len = nvme_auth_hmac_hash_len(ctrl->shash_id); 421 int data_size = sizeof(*d) + hash_len; 422 423 if (ctrl->dh_tfm) 424 data_size += ctrl->dh_keysize; 425 if (al < data_size) { 426 pr_debug("%s: buffer too small (al %d need %d)\n", __func__, 427 al, data_size); 428 return -EINVAL; 429 } 430 memset(data, 0, data_size); 431 req->sq->dhchap_s1 = nvme_auth_get_seqnum(); 432 data->auth_type = NVME_AUTH_DHCHAP_MESSAGES; 433 data->auth_id = NVME_AUTH_DHCHAP_MESSAGE_CHALLENGE; 434 data->t_id = cpu_to_le16(req->sq->dhchap_tid); 435 data->hashid = ctrl->shash_id; 436 data->hl = hash_len; 437 data->seqnum = cpu_to_le32(req->sq->dhchap_s1); 438 req->sq->dhchap_c1 = kmalloc(data->hl, GFP_KERNEL); 439 if (!req->sq->dhchap_c1) 440 return -ENOMEM; 441 get_random_bytes(req->sq->dhchap_c1, data->hl); 442 memcpy(data->cval, req->sq->dhchap_c1, data->hl); 443 if (ctrl->dh_tfm) { 444 data->dhgid = ctrl->dh_gid; 445 data->dhvlen = cpu_to_le16(ctrl->dh_keysize); 446 ret = nvmet_auth_ctrl_exponential(req, data->cval + data->hl, 447 ctrl->dh_keysize); 448 } 449 pr_debug("%s: ctrl %d qid %d seq %d transaction %d hl %d dhvlen %zu\n", 450 __func__, ctrl->cntlid, req->sq->qid, req->sq->dhchap_s1, 451 req->sq->dhchap_tid, data->hl, ctrl->dh_keysize); 452 return ret; 453 } 454 455 static int nvmet_auth_success1(struct nvmet_req *req, void *d, int al) 456 { 457 struct nvmf_auth_dhchap_success1_data *data = d; 458 struct nvmet_ctrl *ctrl = req->sq->ctrl; 459 int hash_len = nvme_auth_hmac_hash_len(ctrl->shash_id); 460 461 WARN_ON(al < sizeof(*data)); 462 memset(data, 0, sizeof(*data)); 463 data->auth_type = NVME_AUTH_DHCHAP_MESSAGES; 464 data->auth_id = NVME_AUTH_DHCHAP_MESSAGE_SUCCESS1; 465 data->t_id = cpu_to_le16(req->sq->dhchap_tid); 466 data->hl = hash_len; 467 if (req->sq->dhchap_c2) { 468 if (!ctrl->ctrl_key) { 469 pr_warn("ctrl %d qid %d no ctrl key\n", 470 ctrl->cntlid, req->sq->qid); 471 return NVME_AUTH_DHCHAP_FAILURE_FAILED; 472 } 473 if (nvmet_auth_ctrl_hash(req, data->rval, data->hl)) 474 return NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE; 475 data->rvalid = 1; 476 pr_debug("ctrl %d qid %d response %*ph\n", 477 ctrl->cntlid, req->sq->qid, data->hl, data->rval); 478 } 479 return 0; 480 } 481 482 static void nvmet_auth_failure1(struct nvmet_req *req, void *d, int al) 483 { 484 struct nvmf_auth_dhchap_failure_data *data = d; 485 486 WARN_ON(al < sizeof(*data)); 487 data->auth_type = NVME_AUTH_COMMON_MESSAGES; 488 data->auth_id = NVME_AUTH_DHCHAP_MESSAGE_FAILURE1; 489 data->t_id = cpu_to_le16(req->sq->dhchap_tid); 490 data->rescode = NVME_AUTH_DHCHAP_FAILURE_REASON_FAILED; 491 data->rescode_exp = req->sq->dhchap_status; 492 } 493 494 u32 nvmet_auth_receive_data_len(struct nvmet_req *req) 495 { 496 return le32_to_cpu(req->cmd->auth_receive.al); 497 } 498 499 void nvmet_execute_auth_receive(struct nvmet_req *req) 500 { 501 struct nvmet_ctrl *ctrl = req->sq->ctrl; 502 void *d; 503 u32 al; 504 u16 status = 0; 505 506 if (req->cmd->auth_receive.secp != NVME_AUTH_DHCHAP_PROTOCOL_IDENTIFIER) { 507 status = NVME_SC_INVALID_FIELD | NVME_STATUS_DNR; 508 req->error_loc = 509 offsetof(struct nvmf_auth_receive_command, secp); 510 goto done; 511 } 512 if (req->cmd->auth_receive.spsp0 != 0x01) { 513 status = NVME_SC_INVALID_FIELD | NVME_STATUS_DNR; 514 req->error_loc = 515 offsetof(struct nvmf_auth_receive_command, spsp0); 516 goto done; 517 } 518 if (req->cmd->auth_receive.spsp1 != 0x01) { 519 status = NVME_SC_INVALID_FIELD | NVME_STATUS_DNR; 520 req->error_loc = 521 offsetof(struct nvmf_auth_receive_command, spsp1); 522 goto done; 523 } 524 al = nvmet_auth_receive_data_len(req); 525 if (!al) { 526 status = NVME_SC_INVALID_FIELD | NVME_STATUS_DNR; 527 req->error_loc = 528 offsetof(struct nvmf_auth_receive_command, al); 529 goto done; 530 } 531 if (!nvmet_check_transfer_len(req, al)) { 532 pr_debug("%s: transfer length mismatch (%u)\n", __func__, al); 533 return; 534 } 535 536 d = kmalloc(al, GFP_KERNEL); 537 if (!d) { 538 status = NVME_SC_INTERNAL; 539 goto done; 540 } 541 pr_debug("%s: ctrl %d qid %d step %x\n", __func__, 542 ctrl->cntlid, req->sq->qid, req->sq->dhchap_step); 543 switch (req->sq->dhchap_step) { 544 case NVME_AUTH_DHCHAP_MESSAGE_CHALLENGE: 545 if (nvmet_auth_challenge(req, d, al) < 0) { 546 pr_warn("ctrl %d qid %d: challenge error (%d)\n", 547 ctrl->cntlid, req->sq->qid, status); 548 status = NVME_SC_INTERNAL; 549 break; 550 } 551 req->sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_REPLY; 552 break; 553 case NVME_AUTH_DHCHAP_MESSAGE_SUCCESS1: 554 status = nvmet_auth_success1(req, d, al); 555 if (status) { 556 req->sq->dhchap_status = status; 557 req->sq->authenticated = false; 558 nvmet_auth_failure1(req, d, al); 559 pr_warn("ctrl %d qid %d: success1 status (%x)\n", 560 ctrl->cntlid, req->sq->qid, 561 req->sq->dhchap_status); 562 break; 563 } 564 req->sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2; 565 break; 566 case NVME_AUTH_DHCHAP_MESSAGE_FAILURE1: 567 req->sq->authenticated = false; 568 nvmet_auth_failure1(req, d, al); 569 pr_warn("ctrl %d qid %d failure1 (%x)\n", 570 ctrl->cntlid, req->sq->qid, req->sq->dhchap_status); 571 break; 572 default: 573 pr_warn("ctrl %d qid %d unhandled step (%d)\n", 574 ctrl->cntlid, req->sq->qid, req->sq->dhchap_step); 575 req->sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_FAILURE1; 576 req->sq->dhchap_status = NVME_AUTH_DHCHAP_FAILURE_FAILED; 577 nvmet_auth_failure1(req, d, al); 578 status = 0; 579 break; 580 } 581 582 status = nvmet_copy_to_sgl(req, 0, d, al); 583 kfree(d); 584 done: 585 if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2) 586 nvmet_auth_sq_free(req->sq); 587 else if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE1) { 588 nvmet_auth_sq_free(req->sq); 589 nvmet_ctrl_fatal_error(ctrl); 590 } 591 nvmet_req_complete(req, status); 592 } 593