nvme-auth: always set valid seq_num in dhchap reply

Currently a seqnum of zero is sent during uni-directional
authentication. The zero value is reserved for the secure channel
feature which is not yet implemented.

Relevant extract from the spec:
The value 0h is used to indicate that bidirectional authentication
is not performed, but a challenge value C2 is carried in order to
generate a pre-shared key (PSK) for subsequent establishment of a
secure channel

Signed-off-by: Mark O'Donovan <shiftee@posteo.net>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>

diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
index bff2b2c3cd79ee92fda4696ee430e38d8a825354..48328e36e93bc423974f5089a4ee5fd0bbcc9a6d 100644 (file)
--- a/drivers/nvme/host/auth.c
+++ b/drivers/nvme/host/auth.c
@@ -316,15 +316,14 @@ static int nvme_auth_set_dhchap_reply_data(struct nvme_ctrl *ctrl,
                chap->bi_directional = true;
                get_random_bytes(chap->c2, chap->hash_len);
                data->cvalid = 1;
-               chap->s2 = nvme_auth_get_seqnum();
                memcpy(data->rval + chap->hash_len, chap->c2,
                       chap->hash_len);
                dev_dbg(ctrl->device, "%s: qid %d ctrl challenge %*ph\n",
                        __func__, chap->qid, (int)chap->hash_len, chap->c2);
        } else {
                memset(chap->c2, 0, chap->hash_len);
-               chap->s2 = 0;
        }
+       chap->s2 = nvme_auth_get_seqnum();
        data->seqnum = cpu_to_le32(chap->s2);
        if (chap->host_key_len) {
                dev_dbg(ctrl->device, "%s: qid %d host public key %*ph\n",

diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/fabrics-cmd-auth.c
index 1d9854484e2e83509b46d021f4941a583b7a34c3..eb7785be0ca770c68c0084059f0a4f23b06f6dff 100644 (file)
--- a/drivers/nvme/target/fabrics-cmd-auth.c
+++ b/drivers/nvme/target/fabrics-cmd-auth.c
@@ -163,11 +163,11 @@ static u16 nvmet_auth_reply(struct nvmet_req *req, void *d)
                pr_debug("%s: ctrl %d qid %d challenge %*ph\n",
                         __func__, ctrl->cntlid, req->sq->qid, data->hl,
                         req->sq->dhchap_c2);
-               req->sq->dhchap_s2 = le32_to_cpu(data->seqnum);
        } else {
                req->sq->authenticated = true;
                req->sq->dhchap_c2 = NULL;
        }
+       req->sq->dhchap_s2 = le32_to_cpu(data->seqnum);
 
        return 0;
 }