From nobody Tue Dec 16 19:56:41 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 709A1CDB482 for ; Fri, 13 Oct 2023 20:29:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232251AbjJMU3M (ORCPT ); Fri, 13 Oct 2023 16:29:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33060 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232005AbjJMU3L (ORCPT ); Fri, 13 Oct 2023 16:29:11 -0400 Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76F9D83 for ; Fri, 13 Oct 2023 13:29:08 -0700 (PDT) Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id 200D724002A for ; Fri, 13 Oct 2023 22:29:07 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1697228947; bh=wCPxNhXED6Xa4hXVL029+O8olAaVDn+KVg7XUvMNVA4=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version: Content-Transfer-Encoding:From; b=JIVIcEgvumkdb/aKU3G+lxzED3XX7aoaZ5ReEFljmhfXYoziONBFN6WVshOp5r2Mk 973rUH53cYgKyGvHCnzIMrQ58aU1FsT4ZguVtMwSgdxz6LKzaS7WAtFgs/KhA9ErgM U1i+0lKq5XiTFLfhVkiACL096l8IAr/HmC2TLehwU3GKoBw6ZTCHpfaq1BvKXuAXnf FDLbTjxXMuB1/iV1ivg2qfz7+903zzy4D5jG5cKSpMCi1QOnpY0pYrK+XP0YXocpib cwGNal6t9YdcgIeU3mF7KmXU+7v9FwX/vCXgKeMNDu2TgZpI/73mkF+XX6DFe6vuMT AR+UqFw/9k/hQ== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4S6dQ93TzBz9rxM; Fri, 13 Oct 2023 22:29:05 +0200 (CEST) From: Mark O'Donovan To: linux-kernel@vger.kernel.org Cc: linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de, axboe@kernel.dk, kbusch@kernel.org, hare@suse.de, Mark O'Donovan , Akash Appaiah Subject: [PATCH 1/2] nvme-auth: use transformed key size to create resp Date: Fri, 13 Oct 2023 20:28:26 +0000 Message-Id: <20231013202827.2262708-2-shiftee@posteo.net> In-Reply-To: <20231013202827.2262708-1-shiftee@posteo.net> References: <20231013202827.2262708-1-shiftee@posteo.net> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This does not change current behaviour as the driver currently verifies that the secret size is the same size as the length of the transformation hash. Co-developed-by: Akash Appaiah Signed-off-by: Akash Appaiah Signed-off-by: Mark O'Donovan --- drivers/nvme/host/auth.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c index daf5d144a8ea..e7d478d17b06 100644 --- a/drivers/nvme/host/auth.c +++ b/drivers/nvme/host/auth.c @@ -418,6 +418,14 @@ static int nvme_auth_set_dhchap_failure2_data(struct n= vme_ctrl *ctrl, return size; } =20 +static int nvme_auth_dhchap_transformed_key_len(struct nvme_dhchap_key *ke= y) +{ + if (key->hash) + return nvme_auth_hmac_hash_len(key->hash); + + return key->len; +} + static int nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl, struct nvme_dhchap_queue_context *chap) { @@ -442,7 +450,8 @@ static int nvme_auth_dhchap_setup_host_response(struct = nvme_ctrl *ctrl, } =20 ret =3D crypto_shash_setkey(chap->shash_tfm, - chap->host_response, ctrl->host_key->len); + chap->host_response, + nvme_auth_dhchap_transformed_key_len(ctrl->host_key)); if (ret) { dev_warn(ctrl->device, "qid %d: failed to set key, error %d\n", chap->qid, ret); --=20 2.39.2 From nobody Tue Dec 16 19:56:41 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73463CDB47E for ; Fri, 13 Oct 2023 20:29:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232281AbjJMU3O (ORCPT ); Fri, 13 Oct 2023 16:29:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33082 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232197AbjJMU3L (ORCPT ); Fri, 13 Oct 2023 16:29:11 -0400 Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.66]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 840AABE for ; Fri, 13 Oct 2023 13:29:09 -0700 (PDT) Received: from submission (posteo.de [185.67.36.169]) by mout02.posteo.de (Postfix) with ESMTPS id 0E3EE240103 for ; Fri, 13 Oct 2023 22:29:08 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1697228948; bh=PZesDCIO0qB1QiAn0VpqqXvIqc6VhWTAaPu3kq45sGo=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version: Content-Transfer-Encoding:From; b=p21QMCQZptEMN8nCgKKrSJyOyuSRMzuXEZInHKUlwjZmVMFuJHrKcz8TcT8Q5ijVU P43BfasODEUKbqFXO9F01rmPwq5DRdF+NXCZQsVnmK5/FSX3z+04vB1/hnyFk4k4Td q8WLruBeboMc5YIg/sVAfI1aeZq1gZRoXo816fyEM1valib3PmSo+RRqJLq3Cdcgaf GgEf4Q9OLc32FJE6fz6Lyes1HNk9LPRLIPAFmP5+049kCOcGSijQI7G6dFGi8RupOH rYLndMQal2wARJf1uLBEiw2hsixheq5cgvSysDglPh+fDIKoeX3iWSy9JZHDGq8XRF V0iUHB9Qub+5A== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4S6dQB5FQ1z9rxF; Fri, 13 Oct 2023 22:29:06 +0200 (CEST) From: Mark O'Donovan To: linux-kernel@vger.kernel.org Cc: linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de, axboe@kernel.dk, kbusch@kernel.org, hare@suse.de, Mark O'Donovan , Akash Appaiah Subject: [PATCH 2/2] nvme-auth: allow mixing of secret and hash lengths Date: Fri, 13 Oct 2023 20:28:27 +0000 Message-Id: <20231013202827.2262708-3-shiftee@posteo.net> In-Reply-To: <20231013202827.2262708-1-shiftee@posteo.net> References: <20231013202827.2262708-1-shiftee@posteo.net> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" We can now use any of the secret transformation hashes with a secret, regardless of the secret size. e.g. a 32 byte key with the SHA-512(64 byte) hash. The example secret from the spec should now be permitted with any of the following: DHHC-1:00:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:01:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:02:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:03:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: Note: Secrets are still restricted to 32,48 or 64 bits. Co-developed-by: Akash Appaiah Signed-off-by: Akash Appaiah Signed-off-by: Mark O'Donovan Reviewed-by: Hannes Reinecke --- drivers/nvme/common/auth.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c index d90e4f0c08b7..176855f86f0d 100644 --- a/drivers/nvme/common/auth.c +++ b/drivers/nvme/common/auth.c @@ -187,14 +187,6 @@ struct nvme_dhchap_key *nvme_auth_extract_key(unsigned= char *secret, goto out_free_secret; } =20 - if (key_hash > 0 && - (key_len - 4) !=3D nvme_auth_hmac_hash_len(key_hash)) { - pr_err("Mismatched key len %d for %s\n", key_len, - nvme_auth_hmac_name(key_hash)); - ret =3D -EINVAL; - goto out_free_secret; - } - /* The last four bytes is the CRC in little-endian format */ key_len -=3D 4; /* --=20 2.39.2