Commit 93c192c4 authored by Konrad Sztyber's avatar Konrad Sztyber Committed by Tomasz Zawadzki
Browse files

nvme/auth: force authentication when ctrlr key is set 



When a controller key is set, the authenticity of the target subsystem
must be verified.  Previously, this was only done based on the authreq
flags, which could lead to a successful connection to a malicious
target.

Signed-off-by: default avatarKonrad Sztyber <konrad.sztyber@intel.com>
Change-Id: Ib01e896f226bed37eaf02527cf3265f7507db17d
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/23237


Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: default avatarJim Harris <jim.harris@samsung.com>
Reviewed-by: default avatarTomasz Zawadzki <tomasz.zawadzki@intel.com>
Community-CI: Mellanox Build Bot
parent 1c05f3fb

lib/nvme/nvme_fabric.c

+3 −1
Original line number Diff line number Diff line
@@ -640,6 +640,7 @@ finish: 
int

nvme_fabric_qpair_connect_poll(struct spdk_nvme_qpair *qpair)

{

	struct spdk_nvme_ctrlr *ctrlr = qpair->ctrlr;

	int rc;



	switch (qpair->connect_state) {
@@ -648,7 +649,8 @@ nvme_fabric_qpair_connect_poll(struct spdk_nvme_qpair *qpair) 
		if (rc != 0) {

			break;

		}

		if (qpair->auth.flags & (NVME_QPAIR_AUTH_FLAG_ATR | NVME_QPAIR_AUTH_FLAG_ASCR)) {

		if (qpair->auth.flags & (NVME_QPAIR_AUTH_FLAG_ATR | NVME_QPAIR_AUTH_FLAG_ASCR) ||

		    ctrlr->opts.dhchap_ctrlr_key != NULL) {

			rc = nvme_fabric_qpair_authenticate_async(qpair);

			if (rc == 0) {

				qpair->connect_state = NVME_QPAIR_CONNECT_STATE_AUTHENTICATING;

test/nvmf/target/auth.sh

+25 −0
Original line number Diff line number Diff line
@@ -170,5 +170,30 @@ NOT hostrpc bdev_nvme_attach_controller -b nvme0 -t "$TEST_TRANSPORT" -f ipv4 \ 
	-a "$NVMF_FIRST_TARGET_IP" -s "$NVMF_PORT" -q "$hostnqn" -n "$subnqn" \

	--dhchap-key "key3"



# Check that the authentication fails when the host wants to authenticate the target (i.e. user set

# the dhchap_ctrlr_key), but the target doesn't require authentication

hostrpc bdev_nvme_set_options \

	--dhchap-digests \

	"$(

		IFS=,

		printf "%s" "${digests[*]}"

	)" \

	--dhchap-dhgroups \

	"$(

		IFS=,

		printf "%s" "${dhgroups[*]}"

	)"

rpc_cmd nvmf_subsystem_remove_host "$subnqn" "$hostnqn"

rpc_cmd nvmf_subsystem_add_host "$subnqn" "$hostnqn"

NOT hostrpc bdev_nvme_attach_controller -b nvme0 -t "$TEST_TRANSPORT" -f ipv4 \

	-a "$NVMF_FIRST_TARGET_IP" -s "$NVMF_PORT" -q "$hostnqn" -n "$subnqn" \

	--dhchap-key "key0" --dhchap-ctrlr-key "key1"

# But it's fine when the host key is set and the controller key is not

hostrpc bdev_nvme_attach_controller -b nvme0 -t "$TEST_TRANSPORT" -f ipv4 \

	-a "$NVMF_FIRST_TARGET_IP" -s "$NVMF_PORT" -q "$hostnqn" -n "$subnqn" \

	--dhchap-key "key0"

[[ $(hostrpc bdev_nvme_get_controllers | jq -r '.[].name') == "nvme0" ]]

hostrpc bdev_nvme_detach_controller nvme0



trap - SIGINT SIGTERM EXIT

cleanup