1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * NVMe over Fabrics DH-HMAC-CHAP authentication command handling.
4  * Copyright (c) 2020 Hannes Reinecke, SUSE Software Solutions.
5  * All rights reserved.
6  */
7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
8 #include <linux/blkdev.h>
9 #include <linux/random.h>
10 #include <linux/nvme-auth.h>
11 #include <crypto/hash.h>
12 #include <crypto/kpp.h>
13 #include "nvmet.h"
14 
15 static void nvmet_auth_expired_work(struct work_struct *work)
16 {
17 	struct nvmet_sq *sq = container_of(to_delayed_work(work),
18 			struct nvmet_sq, auth_expired_work);
19 
20 	pr_debug("%s: ctrl %d qid %d transaction %u expired, resetting\n",
21 		 __func__, sq->ctrl->cntlid, sq->qid, sq->dhchap_tid);
22 	sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE;
23 	sq->dhchap_tid = -1;
24 }
25 
26 void nvmet_auth_sq_init(struct nvmet_sq *sq)
27 {
28 	/* Initialize in-band authentication */
29 	INIT_DELAYED_WORK(&sq->auth_expired_work, nvmet_auth_expired_work);
30 	sq->authenticated = false;
31 	sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE;
32 }
33 
34 static u16 nvmet_auth_negotiate(struct nvmet_req *req, void *d)
35 {
36 	struct nvmet_ctrl *ctrl = req->sq->ctrl;
37 	struct nvmf_auth_dhchap_negotiate_data *data = d;
38 	int i, hash_id = 0, fallback_hash_id = 0, dhgid, fallback_dhgid;
39 
40 	pr_debug("%s: ctrl %d qid %d: data sc_d %d napd %d authid %d halen %d dhlen %d\n",
41 		 __func__, ctrl->cntlid, req->sq->qid,
42 		 data->sc_c, data->napd, data->auth_protocol[0].dhchap.authid,
43 		 data->auth_protocol[0].dhchap.halen,
44 		 data->auth_protocol[0].dhchap.dhlen);
45 	req->sq->dhchap_tid = le16_to_cpu(data->t_id);
46 	if (data->sc_c)
47 		return NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH;
48 
49 	if (data->napd != 1)
50 		return NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE;
51 
52 	if (data->auth_protocol[0].dhchap.authid !=
53 	    NVME_AUTH_DHCHAP_AUTH_ID)
54 		return NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
55 
56 	for (i = 0; i < data->auth_protocol[0].dhchap.halen; i++) {
57 		u8 host_hmac_id = data->auth_protocol[0].dhchap.idlist[i];
58 
59 		if (!fallback_hash_id &&
60 		    crypto_has_shash(nvme_auth_hmac_name(host_hmac_id), 0, 0))
61 			fallback_hash_id = host_hmac_id;
62 		if (ctrl->shash_id != host_hmac_id)
63 			continue;
64 		hash_id = ctrl->shash_id;
65 		break;
66 	}
67 	if (hash_id == 0) {
68 		if (fallback_hash_id == 0) {
69 			pr_debug("%s: ctrl %d qid %d: no usable hash found\n",
70 				 __func__, ctrl->cntlid, req->sq->qid);
71 			return NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE;
72 		}
73 		pr_debug("%s: ctrl %d qid %d: no usable hash found, falling back to %s\n",
74 			 __func__, ctrl->cntlid, req->sq->qid,
75 			 nvme_auth_hmac_name(fallback_hash_id));
76 		ctrl->shash_id = fallback_hash_id;
77 	}
78 
79 	dhgid = -1;
80 	fallback_dhgid = -1;
81 	for (i = 0; i < data->auth_protocol[0].dhchap.dhlen; i++) {
82 		int tmp_dhgid = data->auth_protocol[0].dhchap.idlist[i + 30];
83 
84 		if (tmp_dhgid != ctrl->dh_gid) {
85 			dhgid = tmp_dhgid;
86 			break;
87 		}
88 		if (fallback_dhgid < 0) {
89 			const char *kpp = nvme_auth_dhgroup_kpp(tmp_dhgid);
90 
91 			if (crypto_has_kpp(kpp, 0, 0))
92 				fallback_dhgid = tmp_dhgid;
93 		}
94 	}
95 	if (dhgid < 0) {
96 		if (fallback_dhgid < 0) {
97 			pr_debug("%s: ctrl %d qid %d: no usable DH group found\n",
98 				 __func__, ctrl->cntlid, req->sq->qid);
99 			return NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE;
100 		}
101 		pr_debug("%s: ctrl %d qid %d: configured DH group %s not found\n",
102 			 __func__, ctrl->cntlid, req->sq->qid,
103 			 nvme_auth_dhgroup_name(fallback_dhgid));
104 		ctrl->dh_gid = fallback_dhgid;
105 	}
106 	pr_debug("%s: ctrl %d qid %d: selected DH group %s (%d)\n",
107 		 __func__, ctrl->cntlid, req->sq->qid,
108 		 nvme_auth_dhgroup_name(ctrl->dh_gid), ctrl->dh_gid);
109 	return 0;
110 }
111 
112 static u16 nvmet_auth_reply(struct nvmet_req *req, void *d)
113 {
114 	struct nvmet_ctrl *ctrl = req->sq->ctrl;
115 	struct nvmf_auth_dhchap_reply_data *data = d;
116 	u16 dhvlen = le16_to_cpu(data->dhvlen);
117 	u8 *response;
118 
119 	pr_debug("%s: ctrl %d qid %d: data hl %d cvalid %d dhvlen %u\n",
120 		 __func__, ctrl->cntlid, req->sq->qid,
121 		 data->hl, data->cvalid, dhvlen);
122 
123 	if (dhvlen) {
124 		if (!ctrl->dh_tfm)
125 			return NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
126 		if (nvmet_auth_ctrl_sesskey(req, data->rval + 2 * data->hl,
127 					    dhvlen) < 0)
128 			return NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE;
129 	}
130 
131 	response = kmalloc(data->hl, GFP_KERNEL);
132 	if (!response)
133 		return NVME_AUTH_DHCHAP_FAILURE_FAILED;
134 
135 	if (!ctrl->host_key) {
136 		pr_warn("ctrl %d qid %d no host key\n",
137 			ctrl->cntlid, req->sq->qid);
138 		kfree(response);
139 		return NVME_AUTH_DHCHAP_FAILURE_FAILED;
140 	}
141 	if (nvmet_auth_host_hash(req, response, data->hl) < 0) {
142 		pr_debug("ctrl %d qid %d host hash failed\n",
143 			 ctrl->cntlid, req->sq->qid);
144 		kfree(response);
145 		return NVME_AUTH_DHCHAP_FAILURE_FAILED;
146 	}
147 
148 	if (memcmp(data->rval, response, data->hl)) {
149 		pr_info("ctrl %d qid %d host response mismatch\n",
150 			ctrl->cntlid, req->sq->qid);
151 		kfree(response);
152 		return NVME_AUTH_DHCHAP_FAILURE_FAILED;
153 	}
154 	kfree(response);
155 	pr_debug("%s: ctrl %d qid %d host authenticated\n",
156 		 __func__, ctrl->cntlid, req->sq->qid);
157 	if (data->cvalid) {
158 		req->sq->dhchap_c2 = kmemdup(data->rval + data->hl, data->hl,
159 					     GFP_KERNEL);
160 		if (!req->sq->dhchap_c2)
161 			return NVME_AUTH_DHCHAP_FAILURE_FAILED;
162 
163 		pr_debug("%s: ctrl %d qid %d challenge %*ph\n",
164 			 __func__, ctrl->cntlid, req->sq->qid, data->hl,
165 			 req->sq->dhchap_c2);
166 		req->sq->dhchap_s2 = le32_to_cpu(data->seqnum);
167 	} else {
168 		req->sq->authenticated = true;
169 		req->sq->dhchap_c2 = NULL;
170 	}
171 
172 	return 0;
173 }
174 
175 static u16 nvmet_auth_failure2(void *d)
176 {
177 	struct nvmf_auth_dhchap_failure_data *data = d;
178 
179 	return data->rescode_exp;
180 }
181 
182 void nvmet_execute_auth_send(struct nvmet_req *req)
183 {
184 	struct nvmet_ctrl *ctrl = req->sq->ctrl;
185 	struct nvmf_auth_dhchap_success2_data *data;
186 	void *d;
187 	u32 tl;
188 	u16 status = 0;
189 
190 	if (req->cmd->auth_send.secp != NVME_AUTH_DHCHAP_PROTOCOL_IDENTIFIER) {
191 		status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
192 		req->error_loc =
193 			offsetof(struct nvmf_auth_send_command, secp);
194 		goto done;
195 	}
196 	if (req->cmd->auth_send.spsp0 != 0x01) {
197 		status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
198 		req->error_loc =
199 			offsetof(struct nvmf_auth_send_command, spsp0);
200 		goto done;
201 	}
202 	if (req->cmd->auth_send.spsp1 != 0x01) {
203 		status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
204 		req->error_loc =
205 			offsetof(struct nvmf_auth_send_command, spsp1);
206 		goto done;
207 	}
208 	tl = le32_to_cpu(req->cmd->auth_send.tl);
209 	if (!tl) {
210 		status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
211 		req->error_loc =
212 			offsetof(struct nvmf_auth_send_command, tl);
213 		goto done;
214 	}
215 	if (!nvmet_check_transfer_len(req, tl)) {
216 		pr_debug("%s: transfer length mismatch (%u)\n", __func__, tl);
217 		return;
218 	}
219 
220 	d = kmalloc(tl, GFP_KERNEL);
221 	if (!d) {
222 		status = NVME_SC_INTERNAL;
223 		goto done;
224 	}
225 
226 	status = nvmet_copy_from_sgl(req, 0, d, tl);
227 	if (status)
228 		goto done_kfree;
229 
230 	data = d;
231 	pr_debug("%s: ctrl %d qid %d type %d id %d step %x\n", __func__,
232 		 ctrl->cntlid, req->sq->qid, data->auth_type, data->auth_id,
233 		 req->sq->dhchap_step);
234 	if (data->auth_type != NVME_AUTH_COMMON_MESSAGES &&
235 	    data->auth_type != NVME_AUTH_DHCHAP_MESSAGES)
236 		goto done_failure1;
237 	if (data->auth_type == NVME_AUTH_COMMON_MESSAGES) {
238 		if (data->auth_id == NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE) {
239 			/* Restart negotiation */
240 			pr_debug("%s: ctrl %d qid %d reset negotiation\n", __func__,
241 				 ctrl->cntlid, req->sq->qid);
242 			if (!req->sq->qid) {
243 				if (nvmet_setup_auth(ctrl) < 0) {
244 					status = NVME_SC_INTERNAL;
245 					pr_err("ctrl %d qid 0 failed to setup"
246 					       "re-authentication",
247 					       ctrl->cntlid);
248 					goto done_failure1;
249 				}
250 			}
251 			req->sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE;
252 		} else if (data->auth_id != req->sq->dhchap_step)
253 			goto done_failure1;
254 		/* Validate negotiation parameters */
255 		status = nvmet_auth_negotiate(req, d);
256 		if (status == 0)
257 			req->sq->dhchap_step =
258 				NVME_AUTH_DHCHAP_MESSAGE_CHALLENGE;
259 		else {
260 			req->sq->dhchap_step =
261 				NVME_AUTH_DHCHAP_MESSAGE_FAILURE1;
262 			req->sq->dhchap_status = status;
263 			status = 0;
264 		}
265 		goto done_kfree;
266 	}
267 	if (data->auth_id != req->sq->dhchap_step) {
268 		pr_debug("%s: ctrl %d qid %d step mismatch (%d != %d)\n",
269 			 __func__, ctrl->cntlid, req->sq->qid,
270 			 data->auth_id, req->sq->dhchap_step);
271 		goto done_failure1;
272 	}
273 	if (le16_to_cpu(data->t_id) != req->sq->dhchap_tid) {
274 		pr_debug("%s: ctrl %d qid %d invalid transaction %d (expected %d)\n",
275 			 __func__, ctrl->cntlid, req->sq->qid,
276 			 le16_to_cpu(data->t_id),
277 			 req->sq->dhchap_tid);
278 		req->sq->dhchap_step =
279 			NVME_AUTH_DHCHAP_MESSAGE_FAILURE1;
280 		req->sq->dhchap_status =
281 			NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
282 		goto done_kfree;
283 	}
284 
285 	switch (data->auth_id) {
286 	case NVME_AUTH_DHCHAP_MESSAGE_REPLY:
287 		status = nvmet_auth_reply(req, d);
288 		if (status == 0)
289 			req->sq->dhchap_step =
290 				NVME_AUTH_DHCHAP_MESSAGE_SUCCESS1;
291 		else {
292 			req->sq->dhchap_step =
293 				NVME_AUTH_DHCHAP_MESSAGE_FAILURE1;
294 			req->sq->dhchap_status = status;
295 			status = 0;
296 		}
297 		goto done_kfree;
298 	case NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2:
299 		req->sq->authenticated = true;
300 		pr_debug("%s: ctrl %d qid %d ctrl authenticated\n",
301 			 __func__, ctrl->cntlid, req->sq->qid);
302 		goto done_kfree;
303 	case NVME_AUTH_DHCHAP_MESSAGE_FAILURE2:
304 		status = nvmet_auth_failure2(d);
305 		if (status) {
306 			pr_warn("ctrl %d qid %d: authentication failed (%d)\n",
307 				ctrl->cntlid, req->sq->qid, status);
308 			req->sq->dhchap_status = status;
309 			req->sq->authenticated = false;
310 			status = 0;
311 		}
312 		goto done_kfree;
313 	default:
314 		req->sq->dhchap_status =
315 			NVME_AUTH_DHCHAP_FAILURE_INCORRECT_MESSAGE;
316 		req->sq->dhchap_step =
317 			NVME_AUTH_DHCHAP_MESSAGE_FAILURE2;
318 		req->sq->authenticated = false;
319 		goto done_kfree;
320 	}
321 done_failure1:
322 	req->sq->dhchap_status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_MESSAGE;
323 	req->sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_FAILURE2;
324 
325 done_kfree:
326 	kfree(d);
327 done:
328 	pr_debug("%s: ctrl %d qid %d dhchap status %x step %x\n", __func__,
329 		 ctrl->cntlid, req->sq->qid,
330 		 req->sq->dhchap_status, req->sq->dhchap_step);
331 	if (status)
332 		pr_debug("%s: ctrl %d qid %d nvme status %x error loc %d\n",
333 			 __func__, ctrl->cntlid, req->sq->qid,
334 			 status, req->error_loc);
335 	req->cqe->result.u64 = 0;
336 	nvmet_req_complete(req, status);
337 	if (req->sq->dhchap_step != NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2 &&
338 	    req->sq->dhchap_step != NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) {
339 		unsigned long auth_expire_secs = ctrl->kato ? ctrl->kato : 120;
340 
341 		mod_delayed_work(system_wq, &req->sq->auth_expired_work,
342 				 auth_expire_secs * HZ);
343 		return;
344 	}
345 	/* Final states, clear up variables */
346 	nvmet_auth_sq_free(req->sq);
347 	if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE2)
348 		nvmet_ctrl_fatal_error(ctrl);
349 }
350 
351 static int nvmet_auth_challenge(struct nvmet_req *req, void *d, int al)
352 {
353 	struct nvmf_auth_dhchap_challenge_data *data = d;
354 	struct nvmet_ctrl *ctrl = req->sq->ctrl;
355 	int ret = 0;
356 	int hash_len = nvme_auth_hmac_hash_len(ctrl->shash_id);
357 	int data_size = sizeof(*d) + hash_len;
358 
359 	if (ctrl->dh_tfm)
360 		data_size += ctrl->dh_keysize;
361 	if (al < data_size) {
362 		pr_debug("%s: buffer too small (al %d need %d)\n", __func__,
363 			 al, data_size);
364 		return -EINVAL;
365 	}
366 	memset(data, 0, data_size);
367 	req->sq->dhchap_s1 = nvme_auth_get_seqnum();
368 	data->auth_type = NVME_AUTH_DHCHAP_MESSAGES;
369 	data->auth_id = NVME_AUTH_DHCHAP_MESSAGE_CHALLENGE;
370 	data->t_id = cpu_to_le16(req->sq->dhchap_tid);
371 	data->hashid = ctrl->shash_id;
372 	data->hl = hash_len;
373 	data->seqnum = cpu_to_le32(req->sq->dhchap_s1);
374 	req->sq->dhchap_c1 = kmalloc(data->hl, GFP_KERNEL);
375 	if (!req->sq->dhchap_c1)
376 		return -ENOMEM;
377 	get_random_bytes(req->sq->dhchap_c1, data->hl);
378 	memcpy(data->cval, req->sq->dhchap_c1, data->hl);
379 	if (ctrl->dh_tfm) {
380 		data->dhgid = ctrl->dh_gid;
381 		data->dhvlen = cpu_to_le16(ctrl->dh_keysize);
382 		ret = nvmet_auth_ctrl_exponential(req, data->cval + data->hl,
383 						  ctrl->dh_keysize);
384 	}
385 	pr_debug("%s: ctrl %d qid %d seq %d transaction %d hl %d dhvlen %zu\n",
386 		 __func__, ctrl->cntlid, req->sq->qid, req->sq->dhchap_s1,
387 		 req->sq->dhchap_tid, data->hl, ctrl->dh_keysize);
388 	return ret;
389 }
390 
391 static int nvmet_auth_success1(struct nvmet_req *req, void *d, int al)
392 {
393 	struct nvmf_auth_dhchap_success1_data *data = d;
394 	struct nvmet_ctrl *ctrl = req->sq->ctrl;
395 	int hash_len = nvme_auth_hmac_hash_len(ctrl->shash_id);
396 
397 	WARN_ON(al < sizeof(*data));
398 	memset(data, 0, sizeof(*data));
399 	data->auth_type = NVME_AUTH_DHCHAP_MESSAGES;
400 	data->auth_id = NVME_AUTH_DHCHAP_MESSAGE_SUCCESS1;
401 	data->t_id = cpu_to_le16(req->sq->dhchap_tid);
402 	data->hl = hash_len;
403 	if (req->sq->dhchap_c2) {
404 		if (!ctrl->ctrl_key) {
405 			pr_warn("ctrl %d qid %d no ctrl key\n",
406 				ctrl->cntlid, req->sq->qid);
407 			return NVME_AUTH_DHCHAP_FAILURE_FAILED;
408 		}
409 		if (nvmet_auth_ctrl_hash(req, data->rval, data->hl))
410 			return NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE;
411 		data->rvalid = 1;
412 		pr_debug("ctrl %d qid %d response %*ph\n",
413 			 ctrl->cntlid, req->sq->qid, data->hl, data->rval);
414 	}
415 	return 0;
416 }
417 
418 static void nvmet_auth_failure1(struct nvmet_req *req, void *d, int al)
419 {
420 	struct nvmf_auth_dhchap_failure_data *data = d;
421 
422 	WARN_ON(al < sizeof(*data));
423 	data->auth_type = NVME_AUTH_COMMON_MESSAGES;
424 	data->auth_id = NVME_AUTH_DHCHAP_MESSAGE_FAILURE1;
425 	data->t_id = cpu_to_le16(req->sq->dhchap_tid);
426 	data->rescode = NVME_AUTH_DHCHAP_FAILURE_REASON_FAILED;
427 	data->rescode_exp = req->sq->dhchap_status;
428 }
429 
430 void nvmet_execute_auth_receive(struct nvmet_req *req)
431 {
432 	struct nvmet_ctrl *ctrl = req->sq->ctrl;
433 	void *d;
434 	u32 al;
435 	u16 status = 0;
436 
437 	if (req->cmd->auth_receive.secp != NVME_AUTH_DHCHAP_PROTOCOL_IDENTIFIER) {
438 		status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
439 		req->error_loc =
440 			offsetof(struct nvmf_auth_receive_command, secp);
441 		goto done;
442 	}
443 	if (req->cmd->auth_receive.spsp0 != 0x01) {
444 		status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
445 		req->error_loc =
446 			offsetof(struct nvmf_auth_receive_command, spsp0);
447 		goto done;
448 	}
449 	if (req->cmd->auth_receive.spsp1 != 0x01) {
450 		status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
451 		req->error_loc =
452 			offsetof(struct nvmf_auth_receive_command, spsp1);
453 		goto done;
454 	}
455 	al = le32_to_cpu(req->cmd->auth_receive.al);
456 	if (!al) {
457 		status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
458 		req->error_loc =
459 			offsetof(struct nvmf_auth_receive_command, al);
460 		goto done;
461 	}
462 	if (!nvmet_check_transfer_len(req, al)) {
463 		pr_debug("%s: transfer length mismatch (%u)\n", __func__, al);
464 		return;
465 	}
466 
467 	d = kmalloc(al, GFP_KERNEL);
468 	if (!d) {
469 		status = NVME_SC_INTERNAL;
470 		goto done;
471 	}
472 	pr_debug("%s: ctrl %d qid %d step %x\n", __func__,
473 		 ctrl->cntlid, req->sq->qid, req->sq->dhchap_step);
474 	switch (req->sq->dhchap_step) {
475 	case NVME_AUTH_DHCHAP_MESSAGE_CHALLENGE:
476 		if (nvmet_auth_challenge(req, d, al) < 0) {
477 			pr_warn("ctrl %d qid %d: challenge error (%d)\n",
478 				ctrl->cntlid, req->sq->qid, status);
479 			status = NVME_SC_INTERNAL;
480 			break;
481 		}
482 		req->sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_REPLY;
483 		break;
484 	case NVME_AUTH_DHCHAP_MESSAGE_SUCCESS1:
485 		status = nvmet_auth_success1(req, d, al);
486 		if (status) {
487 			req->sq->dhchap_status = status;
488 			req->sq->authenticated = false;
489 			nvmet_auth_failure1(req, d, al);
490 			pr_warn("ctrl %d qid %d: success1 status (%x)\n",
491 				ctrl->cntlid, req->sq->qid,
492 				req->sq->dhchap_status);
493 			break;
494 		}
495 		req->sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2;
496 		break;
497 	case NVME_AUTH_DHCHAP_MESSAGE_FAILURE1:
498 		req->sq->authenticated = false;
499 		nvmet_auth_failure1(req, d, al);
500 		pr_warn("ctrl %d qid %d failure1 (%x)\n",
501 			ctrl->cntlid, req->sq->qid, req->sq->dhchap_status);
502 		break;
503 	default:
504 		pr_warn("ctrl %d qid %d unhandled step (%d)\n",
505 			ctrl->cntlid, req->sq->qid, req->sq->dhchap_step);
506 		req->sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_FAILURE1;
507 		req->sq->dhchap_status = NVME_AUTH_DHCHAP_FAILURE_FAILED;
508 		nvmet_auth_failure1(req, d, al);
509 		status = 0;
510 		break;
511 	}
512 
513 	status = nvmet_copy_to_sgl(req, 0, d, al);
514 	kfree(d);
515 done:
516 	req->cqe->result.u64 = 0;
517 	nvmet_req_complete(req, status);
518 	if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2)
519 		nvmet_auth_sq_free(req->sq);
520 	else if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE1) {
521 		nvmet_auth_sq_free(req->sq);
522 		nvmet_ctrl_fatal_error(ctrl);
523 	}
524 }
525