diff options
author | Hannes Reinecke <hare@suse.de> | 2022-06-27 11:52:06 +0200 |
---|---|---|
committer | Jens Axboe <axboe@kernel.dk> | 2022-08-02 17:14:50 -0600 |
commit | 7a277c37d3522e9b2777d762bbbcecafae2b1f8d (patch) | |
tree | f73f4114c719970af9fb567ff051af7766d954e0 /drivers/nvme/target/nvmet.h | |
parent | nvmet: implement basic In-Band Authentication (diff) | |
download | linux-dev-7a277c37d3522e9b2777d762bbbcecafae2b1f8d.tar.xz linux-dev-7a277c37d3522e9b2777d762bbbcecafae2b1f8d.zip |
nvmet-auth: Diffie-Hellman key exchange support
Implement Diffie-Hellman key exchange using FFDHE groups for NVMe
In-Band Authentication.
This patch adds a new host configfs attribute 'dhchap_dhgroup' to
select the FFDHE group to use.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'drivers/nvme/target/nvmet.h')
-rw-r--r-- | drivers/nvme/target/nvmet.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h index 988551a3770f..b76b2911234a 100644 --- a/drivers/nvme/target/nvmet.h +++ b/drivers/nvme/target/nvmet.h @@ -225,6 +225,10 @@ struct nvmet_ctrl { struct nvme_dhchap_key *host_key; struct nvme_dhchap_key *ctrl_key; u8 shash_id; + struct crypto_kpp *dh_tfm; + u8 dh_gid; + u8 *dh_key; + size_t dh_keysize; #endif }; @@ -702,6 +706,7 @@ int nvmet_setup_auth(struct nvmet_ctrl *ctrl); void nvmet_init_auth(struct nvmet_ctrl *ctrl, struct nvmet_req *req); void nvmet_destroy_auth(struct nvmet_ctrl *ctrl); void nvmet_auth_sq_free(struct nvmet_sq *sq); +int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, u8 dhgroup_id); bool nvmet_check_auth_status(struct nvmet_req *req); int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response, unsigned int hash_len); @@ -711,6 +716,10 @@ static inline bool nvmet_has_auth(struct nvmet_ctrl *ctrl) { return ctrl->host_key != NULL; } +int nvmet_auth_ctrl_exponential(struct nvmet_req *req, + u8 *buf, int buf_size); +int nvmet_auth_ctrl_sesskey(struct nvmet_req *req, + u8 *buf, int buf_size); #else static inline int nvmet_setup_auth(struct nvmet_ctrl *ctrl) { |