Commit 20b5675c authored by Konrad Sztyber's avatar Konrad Sztyber Committed by Tomasz Zawadzki
Browse files

nvme/auth: send AUTH_negotiate message 



For now, only report support for NULL dhgroup, as Diffie-Hellman
exchange won't be supported from the get-go.

Signed-off-by: default avatarKonrad Sztyber <konrad.sztyber@intel.com>
Change-Id: Icd70df4acd69167bca3f28e59df7e1985568e2a7
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/21984


Community-CI: Mellanox Build Bot
Reviewed-by: default avatarJim Harris <jim.harris@samsung.com>
Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: default avatarBen Walker <ben@nvidia.com>
parent 4880b074

lib/nvme/nvme_auth.c

+113 −1
Original line number Diff line number Diff line
@@ -3,6 +3,7 @@ 
 */



#include "spdk/log.h"

#include "spdk/string.h"

#include "nvme_internal.h"



#define NVME_AUTH_DATA_SIZE 4096
@@ -43,19 +44,127 @@ nvme_auth_set_failure(struct spdk_nvme_qpair *qpair, int status, bool failure2) 
			    NVME_QPAIR_AUTH_STATE_DONE);

}



static void

nvme_auth_print_cpl(struct spdk_nvme_qpair *qpair, const char *msg)

{

	struct nvme_completion_poll_status *status = qpair->poll_status;



	AUTH_ERRLOG(qpair, "%s failed: sc=%d, sct=%d (timed out: %s)\n", msg, status->cpl.status.sc,

		    status->cpl.status.sct, status->timed_out ? "true" : "false");

}



static int

nvme_auth_submit_request(struct spdk_nvme_qpair *qpair,

			 enum spdk_nvmf_fabric_cmd_types type, uint32_t len)

{

	struct spdk_nvme_ctrlr *ctrlr = qpair->ctrlr;

	struct nvme_request *req = qpair->reserved_req;

	struct nvme_completion_poll_status *status = qpair->poll_status;

	struct spdk_nvmf_fabric_auth_recv_cmd rcmd = {};

	struct spdk_nvmf_fabric_auth_send_cmd scmd = {};



	assert(len <= NVME_AUTH_DATA_SIZE);

	memset(&status->cpl, 0, sizeof(status->cpl));

	status->timeout_tsc = ctrlr->opts.admin_timeout_ms * spdk_get_ticks_hz() / 1000 +

			      spdk_get_ticks();

	status->done = false;

	NVME_INIT_REQUEST(req, nvme_completion_poll_cb, status,

			  NVME_PAYLOAD_CONTIG(status->dma_data, NULL), len, 0);

	switch (type) {

	case SPDK_NVMF_FABRIC_COMMAND_AUTHENTICATION_SEND:

		scmd.opcode = SPDK_NVME_OPC_FABRIC;

		scmd.fctype = type;

		scmd.spsp0 = 1;

		scmd.spsp1 = 1;

		scmd.secp = SPDK_NVMF_AUTH_SECP_NVME;

		scmd.tl = len;

		memcpy(&req->cmd, &scmd, sizeof(scmd));

		break;

	case SPDK_NVMF_FABRIC_COMMAND_AUTHENTICATION_RECV:

		rcmd.opcode = SPDK_NVME_OPC_FABRIC;

		rcmd.fctype = type;

		rcmd.spsp0 = 1;

		rcmd.spsp1 = 1;

		rcmd.secp = SPDK_NVMF_AUTH_SECP_NVME;

		rcmd.al = len;

		memcpy(&req->cmd, &rcmd, sizeof(rcmd));

		break;

	default:

		assert(0 && "invalid command");

		return -EINVAL;

	}



	return nvme_qpair_submit_request(qpair, req);

}



static int

nvme_auth_send_negotiate(struct spdk_nvme_qpair *qpair)

{

	struct nvme_auth *auth = &qpair->auth;

	struct spdk_nvmf_auth_negotiate *msg = qpair->poll_status->dma_data;

	struct spdk_nvmf_auth_descriptor *desc = msg->descriptors;

	uint8_t hashids[] = {

		SPDK_NVMF_DHCHAP_HASH_SHA256,

		SPDK_NVMF_DHCHAP_HASH_SHA384,

		SPDK_NVMF_DHCHAP_HASH_SHA512,

	};

	uint8_t dhgids[] = {

		SPDK_NVMF_DHCHAP_DHGROUP_NULL,

	};



	memset(qpair->poll_status->dma_data, 0, NVME_AUTH_DATA_SIZE);

	desc->auth_id = SPDK_NVMF_AUTH_TYPE_DHCHAP;

	desc->halen = SPDK_COUNTOF(hashids);

	desc->dhlen = SPDK_COUNTOF(dhgids);



	assert(desc->halen <= sizeof(desc->hash_id_list));

	assert(desc->dhlen <= sizeof(desc->dhg_id_list));

	memcpy(desc->hash_id_list, hashids, desc->halen);

	memcpy(desc->dhg_id_list, dhgids, desc->dhlen);



	msg->auth_type = SPDK_NVMF_AUTH_TYPE_COMMON_MESSAGE;

	msg->auth_id = SPDK_NVMF_AUTH_ID_NEGOTIATE;

	msg->t_id = auth->tid;

	msg->sc_c = SPDK_NVMF_AUTH_SCC_DISABLED;

	msg->napd = 1;



	return nvme_auth_submit_request(qpair, SPDK_NVMF_FABRIC_COMMAND_AUTHENTICATION_SEND,

					sizeof(*msg) + msg->napd * sizeof(*desc));

}



int

nvme_fabric_qpair_authenticate_poll(struct spdk_nvme_qpair *qpair)

{

	struct nvme_auth *auth = &qpair->auth;

	struct nvme_completion_poll_status *status = qpair->poll_status;

	enum nvme_qpair_auth_state prev_state;

	int rc;



	do {

		prev_state = auth->state;



		switch (auth->state) {

		case NVME_QPAIR_AUTH_STATE_NEGOTIATE:

			rc = nvme_auth_send_negotiate(qpair);

			if (rc != 0) {

				nvme_auth_set_failure(qpair, rc, false);

				AUTH_ERRLOG(qpair, "failed to send AUTH_negotiate: %s\n",

					    spdk_strerror(-rc));

				break;

			}

			nvme_auth_set_state(qpair, NVME_QPAIR_AUTH_STATE_AWAIT_NEGOTIATE);

			break;

		case NVME_QPAIR_AUTH_STATE_AWAIT_NEGOTIATE:

			rc = nvme_wait_for_completion_robust_lock_timeout_poll(qpair, status, NULL);

			if (rc != 0) {

				if (rc != -EAGAIN) {

					nvme_auth_print_cpl(qpair, "AUTH_negotiate");

					nvme_auth_set_failure(qpair, rc, false);

				}

				break;

			}

			nvme_auth_set_state(qpair, NVME_QPAIR_AUTH_STATE_AWAIT_CHALLENGE);

			break;

		case NVME_QPAIR_AUTH_STATE_AWAIT_CHALLENGE:

		case NVME_QPAIR_AUTH_STATE_AWAIT_REPLY:

		case NVME_QPAIR_AUTH_STATE_AWAIT_SUCCESS1:
@@ -84,6 +193,7 @@ nvme_fabric_qpair_authenticate_async(struct spdk_nvme_qpair *qpair) 
	struct spdk_nvme_ctrlr *ctrlr = qpair->ctrlr;

	struct nvme_completion_poll_status *status;

	struct nvme_auth *auth = &qpair->auth;

	int rc;



	if (ctrlr->opts.dhchap_key == NULL) {

		AUTH_ERRLOG(qpair, "missing DH-HMAC-CHAP key\n");
@@ -118,6 +228,8 @@ nvme_fabric_qpair_authenticate_async(struct spdk_nvme_qpair *qpair) 


	nvme_auth_set_state(qpair, NVME_QPAIR_AUTH_STATE_NEGOTIATE);



	return 0;

	/* Do the initial poll to kick-start the state machine */

	rc = nvme_fabric_qpair_authenticate_poll(qpair);

	return rc != -EAGAIN ? rc : 0;

}

SPDK_LOG_REGISTER_COMPONENT(nvme_auth)