1f50fff73SHannes Reinecke /* SPDX-License-Identifier: GPL-2.0 */ 2f50fff73SHannes Reinecke /* 3f50fff73SHannes Reinecke * Copyright (c) 2021 Hannes Reinecke, SUSE Software Solutions 4f50fff73SHannes Reinecke */ 5f50fff73SHannes Reinecke 6f50fff73SHannes Reinecke #ifndef _NVME_AUTH_H 7f50fff73SHannes Reinecke #define _NVME_AUTH_H 8f50fff73SHannes Reinecke 9f50fff73SHannes Reinecke #include <crypto/kpp.h> 10f50fff73SHannes Reinecke 11f50fff73SHannes Reinecke struct nvme_dhchap_key { 12f50fff73SHannes Reinecke size_t len; 13f50fff73SHannes Reinecke u8 hash; 143ebed374SMark O'Donovan u8 key[]; 15f50fff73SHannes Reinecke }; 16f50fff73SHannes Reinecke 17f50fff73SHannes Reinecke u32 nvme_auth_get_seqnum(void); 18f50fff73SHannes Reinecke const char *nvme_auth_dhgroup_name(u8 dhgroup_id); 19f50fff73SHannes Reinecke const char *nvme_auth_dhgroup_kpp(u8 dhgroup_id); 20f50fff73SHannes Reinecke u8 nvme_auth_dhgroup_id(const char *dhgroup_name); 21f50fff73SHannes Reinecke 22f50fff73SHannes Reinecke const char *nvme_auth_hmac_name(u8 hmac_id); 23f50fff73SHannes Reinecke const char *nvme_auth_digest_name(u8 hmac_id); 24f50fff73SHannes Reinecke size_t nvme_auth_hmac_hash_len(u8 hmac_id); 25f50fff73SHannes Reinecke u8 nvme_auth_hmac_id(const char *hmac_name); 26f50fff73SHannes Reinecke 273ebed374SMark O'Donovan u32 nvme_auth_key_struct_size(u32 key_len); 28f50fff73SHannes Reinecke struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret, 29f50fff73SHannes Reinecke u8 key_hash); 30f50fff73SHannes Reinecke void nvme_auth_free_key(struct nvme_dhchap_key *key); 313ebed374SMark O'Donovan struct nvme_dhchap_key *nvme_auth_alloc_key(u32 len, u8 hash); 32f047daedSMark O'Donovan struct nvme_dhchap_key *nvme_auth_transform_key( 33f047daedSMark O'Donovan struct nvme_dhchap_key *key, char *nqn); 34f50fff73SHannes Reinecke int nvme_auth_generate_key(u8 *secret, struct nvme_dhchap_key **ret_key); 35b61775d1SHannes Reinecke int nvme_auth_augmented_challenge(u8 hmac_id, u8 *skey, size_t skey_len, 36b61775d1SHannes Reinecke u8 *challenge, u8 *aug, size_t hlen); 37b61775d1SHannes Reinecke int nvme_auth_gen_privkey(struct crypto_kpp *dh_tfm, u8 dh_gid); 38b61775d1SHannes Reinecke int nvme_auth_gen_pubkey(struct crypto_kpp *dh_tfm, 39b61775d1SHannes Reinecke u8 *host_key, size_t host_key_len); 40b61775d1SHannes Reinecke int nvme_auth_gen_shared_secret(struct crypto_kpp *dh_tfm, 41b61775d1SHannes Reinecke u8 *ctrl_key, size_t ctrl_key_len, 42b61775d1SHannes Reinecke u8 *sess_key, size_t sess_key_len); 435c12a9cdSHannes Reinecke int nvme_auth_generate_psk(u8 hmac_id, u8 *skey, size_t skey_len, 445c12a9cdSHannes Reinecke u8 *c1, u8 *c2, size_t hash_len, 455c12a9cdSHannes Reinecke u8 **ret_psk, size_t *ret_len); 4671972b9fSHannes Reinecke int nvme_auth_generate_digest(u8 hmac_id, u8 *psk, size_t psk_len, 4771972b9fSHannes Reinecke char *subsysnqn, char *hostnqn, u8 **ret_digest); 48*9d5c0fffSHannes Reinecke int nvme_auth_derive_tls_psk(int hmac_id, u8 *psk, size_t psk_len, 49*9d5c0fffSHannes Reinecke u8 *psk_digest, u8 **ret_psk); 50f50fff73SHannes Reinecke 51f50fff73SHannes Reinecke #endif /* _NVME_AUTH_H */ 52