tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
nvme: add definitions for NVMe In-Band authentication
Add new definitions for NVMe In-band authentication as defined in
the NVMe Base Specification v2.0.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
authored by
Hannes Reinecke
and committed by
Jens Axboe
88b140fe
a116e1cd
+208
-1
+208
-1
include/linux/nvme.h
+208
-1
include/linux/nvme.h
···
19
19
#define NVMF_TRSVCID_SIZE 32
20
20
#define NVMF_TRADDR_SIZE 256
21
21
#define NVMF_TSAS_SIZE 256
22
+
#define NVMF_AUTH_HASH_LEN 64
22
23
23
24
#define NVME_DISC_SUBSYS_NAME "nqn.2014-08.org.nvmexpress.discovery"
24
25
···
1374
1373
nvme_fabrics_type_property_set = 0x00,
1375
1374
nvme_fabrics_type_connect = 0x01,
1376
1375
nvme_fabrics_type_property_get = 0x04,
1376
+
nvme_fabrics_type_auth_send = 0x05,
1377
+
nvme_fabrics_type_auth_receive = 0x06,
1377
1378
};
1378
1379
1379
1380
#define nvme_fabrics_type_name(type) { type, #type }
···
1383
1380
__print_symbolic(type, \
1384
1381
nvme_fabrics_type_name(nvme_fabrics_type_property_set), \
1385
1382
nvme_fabrics_type_name(nvme_fabrics_type_connect), \
1386
-
nvme_fabrics_type_name(nvme_fabrics_type_property_get))
1383
+
nvme_fabrics_type_name(nvme_fabrics_type_property_get), \
1384
+
nvme_fabrics_type_name(nvme_fabrics_type_auth_send), \
1385
+
nvme_fabrics_type_name(nvme_fabrics_type_auth_receive))
1387
1386
1388
1387
/*
1389
1388
* If not fabrics command, fctype will be ignored.
···
1481
1476
__u8 resv4[12];
1482
1477
};
1483
1478
1479
+
enum {
1480
+
NVME_CONNECT_AUTHREQ_ASCR = (1 << 2),
1481
+
NVME_CONNECT_AUTHREQ_ATR = (1 << 1),
1482
+
};
1483
+
1484
1484
struct nvmf_connect_data {
1485
1485
uuid_t hostid;
1486
1486
__le16 cntlid;
···
1519
1509
__le32 offset;
1520
1510
__u8 resv4[16];
1521
1511
};
1512
+
1513
+
struct nvmf_auth_common_command {
1514
+
__u8 opcode;
1515
+
__u8 resv1;
1516
+
__u16 command_id;
1517
+
__u8 fctype;
1518
+
__u8 resv2[19];
1519
+
union nvme_data_ptr dptr;
1520
+
__u8 resv3;
1521
+
__u8 spsp0;
1522
+
__u8 spsp1;
1523
+
__u8 secp;
1524
+
__le32 al_tl;
1525
+
__u8 resv4[16];
1526
+
};
1527
+
1528
+
struct nvmf_auth_send_command {
1529
+
__u8 opcode;
1530
+
__u8 resv1;
1531
+
__u16 command_id;
1532
+
__u8 fctype;
1533
+
__u8 resv2[19];
1534
+
union nvme_data_ptr dptr;
1535
+
__u8 resv3;
1536
+
__u8 spsp0;
1537
+
__u8 spsp1;
1538
+
__u8 secp;
1539
+
__le32 tl;
1540
+
__u8 resv4[16];
1541
+
};
1542
+
1543
+
struct nvmf_auth_receive_command {
1544
+
__u8 opcode;
1545
+
__u8 resv1;
1546
+
__u16 command_id;
1547
+
__u8 fctype;
1548
+
__u8 resv2[19];
1549
+
union nvme_data_ptr dptr;
1550
+
__u8 resv3;
1551
+
__u8 spsp0;
1552
+
__u8 spsp1;
1553
+
__u8 secp;
1554
+
__le32 al;
1555
+
__u8 resv4[16];
1556
+
};
1557
+
1558
+
/* Value for secp */
1559
+
enum {
1560
+
NVME_AUTH_DHCHAP_PROTOCOL_IDENTIFIER = 0xe9,
1561
+
};
1562
+
1563
+
/* Defined value for auth_type */
1564
+
enum {
1565
+
NVME_AUTH_COMMON_MESSAGES = 0x00,
1566
+
NVME_AUTH_DHCHAP_MESSAGES = 0x01,
1567
+
};
1568
+
1569
+
/* Defined messages for auth_id */
1570
+
enum {
1571
+
NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE = 0x00,
1572
+
NVME_AUTH_DHCHAP_MESSAGE_CHALLENGE = 0x01,
1573
+
NVME_AUTH_DHCHAP_MESSAGE_REPLY = 0x02,
1574
+
NVME_AUTH_DHCHAP_MESSAGE_SUCCESS1 = 0x03,
1575
+
NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2 = 0x04,
1576
+
NVME_AUTH_DHCHAP_MESSAGE_FAILURE2 = 0xf0,
1577
+
NVME_AUTH_DHCHAP_MESSAGE_FAILURE1 = 0xf1,
1578
+
};
1579
+
1580
+
struct nvmf_auth_dhchap_protocol_descriptor {
1581
+
__u8 authid;
1582
+
__u8 rsvd;
1583
+
__u8 halen;
1584
+
__u8 dhlen;
1585
+
__u8 idlist[60];
1586
+
};
1587
+
1588
+
enum {
1589
+
NVME_AUTH_DHCHAP_AUTH_ID = 0x01,
1590
+
};
1591
+
1592
+
/* Defined hash functions for DH-HMAC-CHAP authentication */
1593
+
enum {
1594
+
NVME_AUTH_HASH_SHA256 = 0x01,
1595
+
NVME_AUTH_HASH_SHA384 = 0x02,
1596
+
NVME_AUTH_HASH_SHA512 = 0x03,
1597
+
NVME_AUTH_HASH_INVALID = 0xff,
1598
+
};
1599
+
1600
+
/* Defined Diffie-Hellman group identifiers for DH-HMAC-CHAP authentication */
1601
+
enum {
1602
+
NVME_AUTH_DHGROUP_NULL = 0x00,
1603
+
NVME_AUTH_DHGROUP_2048 = 0x01,
1604
+
NVME_AUTH_DHGROUP_3072 = 0x02,
1605
+
NVME_AUTH_DHGROUP_4096 = 0x03,
1606
+
NVME_AUTH_DHGROUP_6144 = 0x04,
1607
+
NVME_AUTH_DHGROUP_8192 = 0x05,
1608
+
NVME_AUTH_DHGROUP_INVALID = 0xff,
1609
+
};
1610
+
1611
+
union nvmf_auth_protocol {
1612
+
struct nvmf_auth_dhchap_protocol_descriptor dhchap;
1613
+
};
1614
+
1615
+
struct nvmf_auth_dhchap_negotiate_data {
1616
+
__u8 auth_type;
1617
+
__u8 auth_id;
1618
+
__le16 rsvd;
1619
+
__le16 t_id;
1620
+
__u8 sc_c;
1621
+
__u8 napd;
1622
+
union nvmf_auth_protocol auth_protocol[];
1623
+
};
1624
+
1625
+
struct nvmf_auth_dhchap_challenge_data {
1626
+
__u8 auth_type;
1627
+
__u8 auth_id;
1628
+
__u16 rsvd1;
1629
+
__le16 t_id;
1630
+
__u8 hl;
1631
+
__u8 rsvd2;
1632
+
__u8 hashid;
1633
+
__u8 dhgid;
1634
+
__le16 dhvlen;
1635
+
__le32 seqnum;
1636
+
/* 'hl' bytes of challenge value */
1637
+
__u8 cval[];
1638
+
/* followed by 'dhvlen' bytes of DH value */
1639
+
};
1640
+
1641
+
struct nvmf_auth_dhchap_reply_data {
1642
+
__u8 auth_type;
1643
+
__u8 auth_id;
1644
+
__le16 rsvd1;
1645
+
__le16 t_id;
1646
+
__u8 hl;
1647
+
__u8 rsvd2;
1648
+
__u8 cvalid;
1649
+
__u8 rsvd3;
1650
+
__le16 dhvlen;
1651
+
__le32 seqnum;
1652
+
/* 'hl' bytes of response data */
1653
+
__u8 rval[];
1654
+
/* followed by 'hl' bytes of Challenge value */
1655
+
/* followed by 'dhvlen' bytes of DH value */
1656
+
};
1657
+
1658
+
enum {
1659
+
NVME_AUTH_DHCHAP_RESPONSE_VALID = (1 << 0),
1660
+
};
1661
+
1662
+
struct nvmf_auth_dhchap_success1_data {
1663
+
__u8 auth_type;
1664
+
__u8 auth_id;
1665
+
__le16 rsvd1;
1666
+
__le16 t_id;
1667
+
__u8 hl;
1668
+
__u8 rsvd2;
1669
+
__u8 rvalid;
1670
+
__u8 rsvd3[7];
1671
+
/* 'hl' bytes of response value if 'rvalid' is set */
1672
+
__u8 rval[];
1673
+
};
1674
+
1675
+
struct nvmf_auth_dhchap_success2_data {
1676
+
__u8 auth_type;
1677
+
__u8 auth_id;
1678
+
__le16 rsvd1;
1679
+
__le16 t_id;
1680
+
__u8 rsvd2[10];
1681
+
};
1682
+
1683
+
struct nvmf_auth_dhchap_failure_data {
1684
+
__u8 auth_type;
1685
+
__u8 auth_id;
1686
+
__le16 rsvd1;
1687
+
__le16 t_id;
1688
+
__u8 rescode;
1689
+
__u8 rescode_exp;
1690
+
};
1691
+
1692
+
enum {
1693
+
NVME_AUTH_DHCHAP_FAILURE_REASON_FAILED = 0x01,
1694
+
};
1695
+
1696
+
enum {
1697
+
NVME_AUTH_DHCHAP_FAILURE_FAILED = 0x01,
1698
+
NVME_AUTH_DHCHAP_FAILURE_NOT_USABLE = 0x02,
1699
+
NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH = 0x03,
1700
+
NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE = 0x04,
1701
+
NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE = 0x05,
1702
+
NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD = 0x06,
1703
+
NVME_AUTH_DHCHAP_FAILURE_INCORRECT_MESSAGE = 0x07,
1704
+
};
1705
+
1522
1706
1523
1707
struct nvme_dbbuf {
1524
1708
__u8 opcode;
···
1757
1553
struct nvmf_connect_command connect;
1758
1554
struct nvmf_property_set_command prop_set;
1759
1555
struct nvmf_property_get_command prop_get;
1556
+
struct nvmf_auth_common_command auth_common;
1557
+
struct nvmf_auth_send_command auth_send;
1558
+
struct nvmf_auth_receive_command auth_receive;
1760
1559
struct nvme_dbbuf dbbuf;
1761
1560
struct nvme_directive_cmd directive;
1762
1561
};