#!/bin/bash
# SPDX-License-Identifier: GPL-3.0+
# Copyright (C) 2022 Hannes Reinecke, SUSE Labs
#
# Test bi-directional authentication

. tests/nvme/rc

DESCRIPTION="Test bi-directional authentication"
QUICK=1

requires() {
	_nvme_requires
	_have_loop
	_have_kernel_option NVME_AUTH
	_have_kernel_option NVME_TARGET_AUTH
	_require_nvme_trtype_is_fabrics
	_require_nvme_cli_auth
	_have_driver dh_generic
}


test() {
	local port
	local subsys_name="blktests-subsystem-1"
	local hostid
	local hostnqn
	local file_path="${TMPDIR}/img"
	local hostkey
	local ctrlkey
	local ctrldev

	echo "Running ${TEST_NAME}"

	hostid="$(uuidgen)"
	if [ -z "$hostid" ] ; then
		echo "uuidgen failed"
		return 1
	fi
	hostnqn="nqn.2014-08.org.nvmexpress:uuid:${hostid}"

	hostkey="$(nvme gen-dhchap-key -n ${subsys_name} 2> /dev/null)"
	if [ -z "$hostkey" ] ; then
		echo "failed to generate host key"
		return 1
	fi

	ctrlkey="$(nvme gen-dhchap-key -n ${subsys_name} 2> /dev/null)"
	if [ -z "$ctrlkey" ] ; then
		echo "failed to generate ctrl key"
		return 1
	fi

	_setup_nvmet

	truncate -s "${nvme_img_size}" "${file_path}"

	_create_nvmet_subsystem "${subsys_name}" "${file_path}"
	port="$(_create_nvmet_port "${nvme_trtype}")"
	_add_nvmet_subsys_to_port "${port}" "${subsys_name}"
	_create_nvmet_host "${subsys_name}" "${hostnqn}" \
			   "${hostkey}" "${ctrlkey}"

	_set_nvmet_dhgroup "${hostnqn}" "ffdhe2048"

	# Step 1: Connect with host authentication only
	echo "Test host authentication"
	_nvme_connect_subsys "${nvme_trtype}" "${subsys_name}" \
			     --hostnqn "${hostnqn}" \
			     --hostid "${hostid}" \
			     --dhchap-secret "${hostkey}"

	udevadm settle

	_nvme_disconnect_subsys "${subsys_name}"

	# Step 2: Connect with host authentication
	# and invalid ctrl authentication
	echo "Test invalid ctrl authentication (should fail)"
	_nvme_connect_subsys "${nvme_trtype}" "${subsys_name}" \
			     --hostnqn "${hostnqn}" \
			     --hostid "${hostid}" \
			     --dhchap-secret "${hostkey}" \
			     --dhchap-ctrl-secret "${hostkey}"

	udevadm settle

	_nvme_disconnect_subsys "${subsys_name}"

	# Step 3: Connect with host authentication
	# and valid ctrl authentication
	echo "Test valid ctrl authentication"
	_nvme_connect_subsys "${nvme_trtype}" "${subsys_name}" \
			     --hostnqn "${hostnqn}" \
			     --hostid "${hostid}" \
			     --dhchap-secret "${hostkey}" \
			     --dhchap-ctrl-secret "${ctrlkey}"

	udevadm settle

	_nvme_disconnect_subsys "${subsys_name}"

	# Step 4: Connect with host authentication
	# and invalid ctrl key
	echo "Test invalid ctrl key (should fail)"
	invkey="DHHC-1:00:Jc/My1o0qtLCWRp+sHhAVafdfaS7YQOMYhk9zSmlatobqB8C:"
	_nvme_connect_subsys "${nvme_trtype}" "${subsys_name}" \
			     --hostnqn "${hostnqn}" \
			     --hostid "${hostid}" \
			     --dhchap-secret "${hostkey}" \
			     --dhchap-ctrl-secret "${invkey}"

	udevadm settle

	_nvme_disconnect_subsys "${subsys_name}"

	_remove_nvmet_subsystem_from_port "${port}" "${subsys_name}"
	_remove_nvmet_subsystem "${subsys_name}"

	_remove_nvmet_port "${port}"

	_remove_nvmet_host "${hostnqn}"

	rm "${file_path}"

	echo "Test complete"
}
