From nobody Wed Dec 17 08:12:13 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 90A6FCDB474 for ; Mon, 16 Oct 2023 23:00:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234164AbjJPXAC (ORCPT ); Mon, 16 Oct 2023 19:00:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50646 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232985AbjJPW77 (ORCPT ); Mon, 16 Oct 2023 18:59:59 -0400 Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 95BBD9B for ; Mon, 16 Oct 2023 15:59:57 -0700 (PDT) Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id F2EA8240029 for ; Tue, 17 Oct 2023 00:59:55 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1697497196; bh=rnbADe6m90A07GERJn789AJyLmRj2m+LZ1+95wztGA4=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version: Content-Transfer-Encoding:From; b=Jh5UDJJDwz543riptIZiaIlXKxwqO2SN1Q1V4cGEbYu1Agz/0ga4sKyIegpitZdnN MQZXCjVcZans1EzSX9QLZ1MyhbX8wrfGn5qEUOI+BXTvthMCFdCEJVEPx6F0nH8J5z udKowcI8GDPfQNUGyMw8jULBGKNijrF2IP6wvMFMKrBZpRjd9kDu8zYP9ZWPnhiMYi TziYQT8sxADAQxTxE6Htmcn/+B6MKcwE9QUH/VNRJHyiczu0CD5ooOaSrryBvpz0PA cQnJJq+VVGBlSM/r3sAKexhOHeoEE3QOSAA18pFDxz7i4CBJUiLW4WlH8xgJZDiHc5 HF4qQjPO3j60g== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4S8Xcp34TVz9rxK; Tue, 17 Oct 2023 00:59:54 +0200 (CEST) From: Mark O'Donovan To: linux-kernel@vger.kernel.org Cc: linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de, axboe@kernel.dk, kbusch@kernel.org, hare@suse.de, Mark O'Donovan , Akash Appaiah Subject: [PATCH v3 1/3] nvme-auth: alloc nvme_dhchap_key as single buffer Date: Mon, 16 Oct 2023 22:58:55 +0000 Message-Id: <20231016225857.3085234-2-shiftee@posteo.net> In-Reply-To: <20231016225857.3085234-1-shiftee@posteo.net> References: <20231016225857.3085234-1-shiftee@posteo.net> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Co-developed-by: Akash Appaiah Signed-off-by: Akash Appaiah Signed-off-by: Mark O'Donovan Reviewed-by: Hannes Reinecke --- drivers/nvme/common/auth.c | 26 +++++++++++++++----------- include/linux/nvme-auth.h | 3 ++- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c index d90e4f0c08b7..225fc474e34a 100644 --- a/drivers/nvme/common/auth.c +++ b/drivers/nvme/common/auth.c @@ -163,14 +163,9 @@ struct nvme_dhchap_key *nvme_auth_extract_key(unsigned= char *secret, p =3D strrchr(secret, ':'); if (p) allocated_len =3D p - secret; - key =3D kzalloc(sizeof(*key), GFP_KERNEL); + key =3D nvme_auth_alloc_key(allocated_len, 0); if (!key) return ERR_PTR(-ENOMEM); - key->key =3D kzalloc(allocated_len, GFP_KERNEL); - if (!key->key) { - ret =3D -ENOMEM; - goto out_free_key; - } =20 key_len =3D base64_decode(secret, allocated_len, key->key); if (key_len < 0) { @@ -213,19 +208,28 @@ struct nvme_dhchap_key *nvme_auth_extract_key(unsigne= d char *secret, key->hash =3D key_hash; return key; out_free_secret: - kfree_sensitive(key->key); -out_free_key: - kfree(key); + nvme_auth_free_key(key); return ERR_PTR(ret); } EXPORT_SYMBOL_GPL(nvme_auth_extract_key); =20 +struct nvme_dhchap_key *nvme_auth_alloc_key(u32 len, u8 hash) +{ + struct nvme_dhchap_key *key =3D kzalloc(len + sizeof(*key), GFP_KERNEL); + + if (key) { + key->len =3D len; + key->hash =3D hash; + } + return key; +} +EXPORT_SYMBOL_GPL(nvme_auth_alloc_key); + void nvme_auth_free_key(struct nvme_dhchap_key *key) { if (!key) return; - kfree_sensitive(key->key); - kfree(key); + kfree_sensitive(key); } EXPORT_SYMBOL_GPL(nvme_auth_free_key); =20 diff --git a/include/linux/nvme-auth.h b/include/linux/nvme-auth.h index dcb8030062dd..df96940be930 100644 --- a/include/linux/nvme-auth.h +++ b/include/linux/nvme-auth.h @@ -9,9 +9,9 @@ #include =20 struct nvme_dhchap_key { - u8 *key; size_t len; u8 hash; + u8 key[]; }; =20 u32 nvme_auth_get_seqnum(void); @@ -27,6 +27,7 @@ u8 nvme_auth_hmac_id(const char *hmac_name); struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret, u8 key_hash); void nvme_auth_free_key(struct nvme_dhchap_key *key); +struct nvme_dhchap_key *nvme_auth_alloc_key(u32 len, u8 hash); u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key, char *nqn); int nvme_auth_generate_key(u8 *secret, struct nvme_dhchap_key **ret_key); int nvme_auth_augmented_challenge(u8 hmac_id, u8 *skey, size_t skey_len, --=20 2.39.2 From nobody Wed Dec 17 08:12:13 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B8D84CDB483 for ; Mon, 16 Oct 2023 23:00:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234205AbjJPXAG (ORCPT ); Mon, 16 Oct 2023 19:00:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50664 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232172AbjJPXAA (ORCPT ); Mon, 16 Oct 2023 19:00:00 -0400 Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.66]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A5D2BAC for ; Mon, 16 Oct 2023 15:59:58 -0700 (PDT) Received: from submission (posteo.de [185.67.36.169]) by mout02.posteo.de (Postfix) with ESMTPS id 358BE240105 for ; Tue, 17 Oct 2023 00:59:57 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1697497197; bh=HAdzU0up7R6jFB/6QiUAp2Zvie9qM6pmoMBSC5nkdz0=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version: Content-Transfer-Encoding:From; b=XOzt2uybwjqRufkhDrjRkVhq3FXIKouvhv5h3DR/SE36569YBsI8DLr0EP1NrE3re z6QC5tWaAIJmr1XSFSOBvUhM6jrvy6uUpw80OM1E2xS76EajXyw0LuG6NEnnarmj4v Ln+vTFb4LXpzeuDzklYOAxrvu5G4KmkMWeHDeR5u5NrmxitAHzs/cqpeNYwBAde8Yr j5eSV2mXi3XxyZ4OxHqgdbJymFk6YXxAqlfiP748XXC9RXR1is/M+P0LyG8oMF4Rnr d5wIx8TXriE/6kXRgktxug34T67i6hDbECbm5a8f2fgA05N1gNMq7GCXtmBMxn2vn6 Rk0etAiWUyksA== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4S8Xcq5CBlz9rxH; Tue, 17 Oct 2023 00:59:55 +0200 (CEST) From: Mark O'Donovan To: linux-kernel@vger.kernel.org Cc: linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de, axboe@kernel.dk, kbusch@kernel.org, hare@suse.de, Mark O'Donovan , Akash Appaiah Subject: [PATCH v3 2/3] nvme-auth: use transformed key size to create resp Date: Mon, 16 Oct 2023 22:58:56 +0000 Message-Id: <20231016225857.3085234-3-shiftee@posteo.net> In-Reply-To: <20231016225857.3085234-1-shiftee@posteo.net> References: <20231016225857.3085234-1-shiftee@posteo.net> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This does not change current behaviour as the driver currently verifies that the secret size is the same size as the length of the transformation hash. Co-developed-by: Akash Appaiah Signed-off-by: Akash Appaiah Signed-off-by: Mark O'Donovan Reviewed-by: Hannes Reinecke --- V1 -> V2: support target implementation and controller secrets also V2 -> V3: return key from nvme_auth_transform_key drivers/nvme/common/auth.c | 18 ++++++++++-------- drivers/nvme/host/auth.c | 30 +++++++++++++++--------------- drivers/nvme/target/auth.c | 30 ++++++++++++++++-------------- include/linux/nvme-auth.h | 2 +- 4 files changed, 42 insertions(+), 38 deletions(-) diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c index 225fc474e34a..647931acc1ba 100644 --- a/drivers/nvme/common/auth.c +++ b/drivers/nvme/common/auth.c @@ -233,20 +233,21 @@ void nvme_auth_free_key(struct nvme_dhchap_key *key) } EXPORT_SYMBOL_GPL(nvme_auth_free_key); =20 -u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key, char *nqn) +struct nvme_dhchap_key *nvme_auth_transform_key(struct nvme_dhchap_key *ke= y, char *nqn) { const char *hmac_name; struct crypto_shash *key_tfm; struct shash_desc *shash; - u8 *transformed_key; - int ret; + struct nvme_dhchap_key *transformed_key; + int ret, key_len; =20 if (!key || !key->key) { pr_warn("No key specified\n"); return ERR_PTR(-ENOKEY); } if (key->hash =3D=3D 0) { - transformed_key =3D kmemdup(key->key, key->len, GFP_KERNEL); + key_len =3D sizeof(*key) + key->len; + transformed_key =3D kmemdup(key, key_len, GFP_KERNEL); return transformed_key ? transformed_key : ERR_PTR(-ENOMEM); } hmac_name =3D nvme_auth_hmac_name(key->hash); @@ -257,7 +258,7 @@ u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key= , char *nqn) =20 key_tfm =3D crypto_alloc_shash(hmac_name, 0, 0); if (IS_ERR(key_tfm)) - return (u8 *)key_tfm; + return (void *)key_tfm; =20 shash =3D kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(key_tfm), @@ -267,7 +268,8 @@ u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key= , char *nqn) goto out_free_key; } =20 - transformed_key =3D kzalloc(crypto_shash_digestsize(key_tfm), GFP_KERNEL); + key_len =3D crypto_shash_digestsize(key_tfm); + transformed_key =3D nvme_auth_alloc_key(key_len, key->hash); if (!transformed_key) { ret =3D -ENOMEM; goto out_free_shash; @@ -286,7 +288,7 @@ u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key= , char *nqn) ret =3D crypto_shash_update(shash, "NVMe-over-Fabrics", 17); if (ret < 0) goto out_free_transformed_key; - ret =3D crypto_shash_final(shash, transformed_key); + ret =3D crypto_shash_final(shash, transformed_key->key); if (ret < 0) goto out_free_transformed_key; =20 @@ -296,7 +298,7 @@ u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key= , char *nqn) return transformed_key; =20 out_free_transformed_key: - kfree_sensitive(transformed_key); + nvme_auth_free_key(transformed_key); out_free_shash: kfree(shash); out_free_key: diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c index daf5d144a8ea..de1390d705dc 100644 --- a/drivers/nvme/host/auth.c +++ b/drivers/nvme/host/auth.c @@ -23,6 +23,7 @@ struct nvme_dhchap_queue_context { struct nvme_ctrl *ctrl; struct crypto_shash *shash_tfm; struct crypto_kpp *dh_tfm; + struct nvme_dhchap_key *transformed_key; void *buf; int qid; int error; @@ -36,7 +37,6 @@ struct nvme_dhchap_queue_context { u8 c1[64]; u8 c2[64]; u8 response[64]; - u8 *host_response; u8 *ctrl_key; u8 *host_key; u8 *sess_key; @@ -428,12 +428,12 @@ static int nvme_auth_dhchap_setup_host_response(struc= t nvme_ctrl *ctrl, dev_dbg(ctrl->device, "%s: qid %d host response seq %u transaction %d\n", __func__, chap->qid, chap->s1, chap->transaction); =20 - if (!chap->host_response) { - chap->host_response =3D nvme_auth_transform_key(ctrl->host_key, + if (!chap->transformed_key) { + chap->transformed_key =3D nvme_auth_transform_key(ctrl->host_key, ctrl->opts->host->nqn); - if (IS_ERR(chap->host_response)) { - ret =3D PTR_ERR(chap->host_response); - chap->host_response =3D NULL; + if (IS_ERR(chap->transformed_key)) { + ret =3D PTR_ERR(chap->transformed_key); + chap->transformed_key =3D NULL; return ret; } } else { @@ -442,7 +442,7 @@ static int nvme_auth_dhchap_setup_host_response(struct = nvme_ctrl *ctrl, } =20 ret =3D crypto_shash_setkey(chap->shash_tfm, - chap->host_response, ctrl->host_key->len); + chap->transformed_key->key, chap->transformed_key->len); if (ret) { dev_warn(ctrl->device, "qid %d: failed to set key, error %d\n", chap->qid, ret); @@ -508,19 +508,19 @@ static int nvme_auth_dhchap_setup_ctrl_response(struc= t nvme_ctrl *ctrl, struct nvme_dhchap_queue_context *chap) { SHASH_DESC_ON_STACK(shash, chap->shash_tfm); - u8 *ctrl_response; + struct nvme_dhchap_key *transformed_key; u8 buf[4], *challenge =3D chap->c2; int ret; =20 - ctrl_response =3D nvme_auth_transform_key(ctrl->ctrl_key, + transformed_key =3D nvme_auth_transform_key(ctrl->ctrl_key, ctrl->opts->subsysnqn); - if (IS_ERR(ctrl_response)) { - ret =3D PTR_ERR(ctrl_response); + if (IS_ERR(transformed_key)) { + ret =3D PTR_ERR(transformed_key); return ret; } =20 ret =3D crypto_shash_setkey(chap->shash_tfm, - ctrl_response, ctrl->ctrl_key->len); + transformed_key->key, transformed_key->len); if (ret) { dev_warn(ctrl->device, "qid %d: failed to set key, error %d\n", chap->qid, ret); @@ -586,7 +586,7 @@ static int nvme_auth_dhchap_setup_ctrl_response(struct = nvme_ctrl *ctrl, out: if (challenge !=3D chap->c2) kfree(challenge); - kfree(ctrl_response); + nvme_auth_free_key(transformed_key); return ret; } =20 @@ -648,8 +648,8 @@ static int nvme_auth_dhchap_exponential(struct nvme_ctr= l *ctrl, =20 static void nvme_auth_reset_dhchap(struct nvme_dhchap_queue_context *chap) { - kfree_sensitive(chap->host_response); - chap->host_response =3D NULL; + nvme_auth_free_key(chap->transformed_key); + chap->transformed_key =3D NULL; kfree_sensitive(chap->host_key); chap->host_key =3D NULL; chap->host_key_len =3D 0; diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c index 4dcddcf95279..84f3ab1f9d02 100644 --- a/drivers/nvme/target/auth.c +++ b/drivers/nvme/target/auth.c @@ -267,7 +267,8 @@ int nvmet_auth_host_hash(struct nvmet_req *req, u8 *res= ponse, struct shash_desc *shash; struct nvmet_ctrl *ctrl =3D req->sq->ctrl; const char *hash_name; - u8 *challenge =3D req->sq->dhchap_c1, *host_response; + u8 *challenge =3D req->sq->dhchap_c1; + struct nvme_dhchap_key *transformed_key; u8 buf[4]; int ret; =20 @@ -291,14 +292,14 @@ int nvmet_auth_host_hash(struct nvmet_req *req, u8 *r= esponse, goto out_free_tfm; } =20 - host_response =3D nvme_auth_transform_key(ctrl->host_key, ctrl->hostnqn); - if (IS_ERR(host_response)) { - ret =3D PTR_ERR(host_response); + transformed_key =3D nvme_auth_transform_key(ctrl->host_key, ctrl->hostnqn= ); + if (IS_ERR(transformed_key)) { + ret =3D PTR_ERR(transformed_key); goto out_free_tfm; } =20 - ret =3D crypto_shash_setkey(shash_tfm, host_response, - ctrl->host_key->len); + ret =3D crypto_shash_setkey(shash_tfm, transformed_key->key, + transformed_key->len); if (ret) goto out_free_response; =20 @@ -365,7 +366,7 @@ int nvmet_auth_host_hash(struct nvmet_req *req, u8 *res= ponse, kfree(challenge); kfree(shash); out_free_response: - kfree_sensitive(host_response); + nvme_auth_free_key(transformed_key); out_free_tfm: crypto_free_shash(shash_tfm); return 0; @@ -378,7 +379,8 @@ int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *res= ponse, struct shash_desc *shash; struct nvmet_ctrl *ctrl =3D req->sq->ctrl; const char *hash_name; - u8 *challenge =3D req->sq->dhchap_c2, *ctrl_response; + u8 *challenge =3D req->sq->dhchap_c2; + struct nvme_dhchap_key *transformed_key; u8 buf[4]; int ret; =20 @@ -402,15 +404,15 @@ int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *r= esponse, goto out_free_tfm; } =20 - ctrl_response =3D nvme_auth_transform_key(ctrl->ctrl_key, + transformed_key =3D nvme_auth_transform_key(ctrl->ctrl_key, ctrl->subsysnqn); - if (IS_ERR(ctrl_response)) { - ret =3D PTR_ERR(ctrl_response); + if (IS_ERR(transformed_key)) { + ret =3D PTR_ERR(transformed_key); goto out_free_tfm; } =20 - ret =3D crypto_shash_setkey(shash_tfm, ctrl_response, - ctrl->ctrl_key->len); + ret =3D crypto_shash_setkey(shash_tfm, transformed_key->key, + transformed_key->len); if (ret) goto out_free_response; =20 @@ -474,7 +476,7 @@ int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *res= ponse, kfree(challenge); kfree(shash); out_free_response: - kfree_sensitive(ctrl_response); + nvme_auth_free_key(transformed_key); out_free_tfm: crypto_free_shash(shash_tfm); return 0; diff --git a/include/linux/nvme-auth.h b/include/linux/nvme-auth.h index df96940be930..fd8f69183d55 100644 --- a/include/linux/nvme-auth.h +++ b/include/linux/nvme-auth.h @@ -28,7 +28,7 @@ struct nvme_dhchap_key *nvme_auth_extract_key(unsigned ch= ar *secret, u8 key_hash); void nvme_auth_free_key(struct nvme_dhchap_key *key); struct nvme_dhchap_key *nvme_auth_alloc_key(u32 len, u8 hash); -u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key, char *nqn); +struct nvme_dhchap_key *nvme_auth_transform_key(struct nvme_dhchap_key *ke= y, char *nqn); int nvme_auth_generate_key(u8 *secret, struct nvme_dhchap_key **ret_key); int nvme_auth_augmented_challenge(u8 hmac_id, u8 *skey, size_t skey_len, u8 *challenge, u8 *aug, size_t hlen); --=20 2.39.2 From nobody Wed Dec 17 08:12:13 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D93DECDB465 for ; Mon, 16 Oct 2023 23:00:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234026AbjJPXAJ (ORCPT ); Mon, 16 Oct 2023 19:00:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50680 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233949AbjJPXAB (ORCPT ); Mon, 16 Oct 2023 19:00:01 -0400 Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DE3D495 for ; Mon, 16 Oct 2023 15:59:59 -0700 (PDT) Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id 7A71D240028 for ; Tue, 17 Oct 2023 00:59:58 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1697497198; bh=e/5Tq8mpMYFzV9iwEEcLoCLz0k+o4VrsmcZ/cYdtLww=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version: Content-Transfer-Encoding:From; b=mFwnzH/dCSbg254F+1fJ/qnNuV9LnSM9dAXfq4u+EzeUtGgSte60xd6Pp0ArZ9Fk+ kc+DoD7qHcW6vQXObYxgEIJIKcBhkw+F74AJ10Ubrcr3I5T6ZJv7+EGS2sESsBd4q0 vPESqkUkInNmBOuFUamKVnp4iAfVdgt8tGdRuxHuzHiomI9LJqbW7QcqqIwG6VjErw JXj3OPW0VIttmEusrAnzxLYKuPeC30Bqe1segyOb/xp41bTQBigoEV9avfPm2c3m9z xJsc+fz7R4NFN4H0Ml/t/NiDkZtU8LOd07RneZ5eNR3yNgRKSIzhq+41C8iGZW1+7T 07Ydq+M9ydyJw== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4S8Xcs0mk7z9rxR; Tue, 17 Oct 2023 00:59:57 +0200 (CEST) From: Mark O'Donovan To: linux-kernel@vger.kernel.org Cc: linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de, axboe@kernel.dk, kbusch@kernel.org, hare@suse.de, Mark O'Donovan , Akash Appaiah Subject: [PATCH v3 3/3] nvme-auth: allow mixing of secret and hash lengths Date: Mon, 16 Oct 2023 22:58:57 +0000 Message-Id: <20231016225857.3085234-4-shiftee@posteo.net> In-Reply-To: <20231016225857.3085234-1-shiftee@posteo.net> References: <20231016225857.3085234-1-shiftee@posteo.net> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" We can now use any of the secret transformation hashes with a secret, regardless of the secret size. e.g. a 32 byte key with the SHA-512(64 byte) hash. The example secret from the spec should now be permitted with any of the following: DHHC-1:00:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:01:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:02:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:03:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: Note: Secrets are still restricted to 32,48 or 64 bits. Co-developed-by: Akash Appaiah Signed-off-by: Akash Appaiah Signed-off-by: Mark O'Donovan Reviewed-by: Hannes Reinecke --- drivers/nvme/common/auth.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c index 647931acc1ba..c2273bc0fa56 100644 --- a/drivers/nvme/common/auth.c +++ b/drivers/nvme/common/auth.c @@ -182,14 +182,6 @@ struct nvme_dhchap_key *nvme_auth_extract_key(unsigned= char *secret, goto out_free_secret; } =20 - if (key_hash > 0 && - (key_len - 4) !=3D nvme_auth_hmac_hash_len(key_hash)) { - pr_err("Mismatched key len %d for %s\n", key_len, - nvme_auth_hmac_name(key_hash)); - ret =3D -EINVAL; - goto out_free_secret; - } - /* The last four bytes is the CRC in little-endian format */ key_len -=3D 4; /* --=20 2.39.2