From nobody Tue Dec 16 20:04:54 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57EC8CDB482 for ; Tue, 17 Oct 2023 17:09:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343926AbjJQRJs (ORCPT ); Tue, 17 Oct 2023 13:09:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56674 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343878AbjJQRJl (ORCPT ); Tue, 17 Oct 2023 13:09:41 -0400 Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.66]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CA61DBA for ; Tue, 17 Oct 2023 10:09:38 -0700 (PDT) Received: from submission (posteo.de [185.67.36.169]) by mout02.posteo.de (Postfix) with ESMTPS id 5BF20240105 for ; Tue, 17 Oct 2023 19:09:37 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1697562577; bh=NF1r+NLg51G1dFzc0PzoVKjUyD6Riw2yYir+JcEjJhY=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version: Content-Transfer-Encoding:From; b=QIzeHAFnXABFpH8xmay3ntYWPKL4KEEv1raICjR7XjnQQSqakku+vsK1tRjHEOUXL xunTwLUqdm0GmvFjZOJykA+J/jH8YvQYEiW/obveAemRFCnfevfxSgqVeeQEWC3SAe pPat4vWUmhXORM/4RqlUhswGVxetZ8uHoPHF1ffAW0aSpnnD1kwnhwnrcq+WcjUdO+ DN7kFuiDGfMOW3wSXuNB9NMOa4UytiLbEMNoYUDTjZxfmAIPFD5WCZVJdLXOKSumhT JB4L0MVN47rvFS7g/bv2y7nFr59JF71VTVA6EFxRrldaxySXzgvep+2EtzbH1MAmgC zcJGQQJhY/H5g== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4S90p76xy3z9rxb; Tue, 17 Oct 2023 19:09:35 +0200 (CEST) From: Mark O'Donovan To: linux-kernel@vger.kernel.org Cc: linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de, axboe@kernel.dk, kbusch@kernel.org, hare@suse.de, Mark O'Donovan , Akash Appaiah Subject: [PATCH v5 1/3] nvme-auth: alloc nvme_dhchap_key as single buffer Date: Tue, 17 Oct 2023 17:09:17 +0000 Message-Id: <20231017170919.30358-2-shiftee@posteo.net> In-Reply-To: <20231017170919.30358-1-shiftee@posteo.net> References: <20231017170919.30358-1-shiftee@posteo.net> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Co-developed-by: Akash Appaiah Signed-off-by: Akash Appaiah Signed-off-by: Mark O'Donovan Reviewed-by: Hannes Reinecke --- V2 -> V3: initial version V3 -> V4: added function to get size of key struct V4 -> V5: removed newly redundant check found by kernel test robot drivers/nvme/common/auth.c | 37 +++++++++++++++++++++++++------------ include/linux/nvme-auth.h | 4 +++- 2 files changed, 28 insertions(+), 13 deletions(-) diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c index d90e4f0c08b7..16a071448d54 100644 --- a/drivers/nvme/common/auth.c +++ b/drivers/nvme/common/auth.c @@ -150,6 +150,14 @@ size_t nvme_auth_hmac_hash_len(u8 hmac_id) } EXPORT_SYMBOL_GPL(nvme_auth_hmac_hash_len); =20 +u32 nvme_auth_key_struct_size(u32 key_len) +{ + struct nvme_dhchap_key key; + + return struct_size(&key, key, key_len); +} +EXPORT_SYMBOL_GPL(nvme_auth_key_struct_size); + struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret, u8 key_hash) { @@ -163,14 +171,9 @@ struct nvme_dhchap_key *nvme_auth_extract_key(unsigned= char *secret, p =3D strrchr(secret, ':'); if (p) allocated_len =3D p - secret; - key =3D kzalloc(sizeof(*key), GFP_KERNEL); + key =3D nvme_auth_alloc_key(allocated_len, 0); if (!key) return ERR_PTR(-ENOMEM); - key->key =3D kzalloc(allocated_len, GFP_KERNEL); - if (!key->key) { - ret =3D -ENOMEM; - goto out_free_key; - } =20 key_len =3D base64_decode(secret, allocated_len, key->key); if (key_len < 0) { @@ -213,19 +216,29 @@ struct nvme_dhchap_key *nvme_auth_extract_key(unsigne= d char *secret, key->hash =3D key_hash; return key; out_free_secret: - kfree_sensitive(key->key); -out_free_key: - kfree(key); + nvme_auth_free_key(key); return ERR_PTR(ret); } EXPORT_SYMBOL_GPL(nvme_auth_extract_key); =20 +struct nvme_dhchap_key *nvme_auth_alloc_key(u32 len, u8 hash) +{ + u32 num_bytes =3D nvme_auth_key_struct_size(len); + struct nvme_dhchap_key *key =3D kzalloc(num_bytes, GFP_KERNEL); + + if (key) { + key->len =3D len; + key->hash =3D hash; + } + return key; +} +EXPORT_SYMBOL_GPL(nvme_auth_alloc_key); + void nvme_auth_free_key(struct nvme_dhchap_key *key) { if (!key) return; - kfree_sensitive(key->key); - kfree(key); + kfree_sensitive(key); } EXPORT_SYMBOL_GPL(nvme_auth_free_key); =20 @@ -237,7 +250,7 @@ u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key= , char *nqn) u8 *transformed_key; int ret; =20 - if (!key || !key->key) { + if (!key) { pr_warn("No key specified\n"); return ERR_PTR(-ENOKEY); } diff --git a/include/linux/nvme-auth.h b/include/linux/nvme-auth.h index dcb8030062dd..a5ae9abe1ef6 100644 --- a/include/linux/nvme-auth.h +++ b/include/linux/nvme-auth.h @@ -9,9 +9,9 @@ #include =20 struct nvme_dhchap_key { - u8 *key; size_t len; u8 hash; + u8 key[]; }; =20 u32 nvme_auth_get_seqnum(void); @@ -24,9 +24,11 @@ const char *nvme_auth_digest_name(u8 hmac_id); size_t nvme_auth_hmac_hash_len(u8 hmac_id); u8 nvme_auth_hmac_id(const char *hmac_name); =20 +u32 nvme_auth_key_struct_size(u32 key_len); struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret, u8 key_hash); void nvme_auth_free_key(struct nvme_dhchap_key *key); +struct nvme_dhchap_key *nvme_auth_alloc_key(u32 len, u8 hash); u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key, char *nqn); int nvme_auth_generate_key(u8 *secret, struct nvme_dhchap_key **ret_key); int nvme_auth_augmented_challenge(u8 hmac_id, u8 *skey, size_t skey_len, --=20 2.39.2 From nobody Tue Dec 16 20:04:54 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 998E9CDB483 for ; Tue, 17 Oct 2023 17:09:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343949AbjJQRJu (ORCPT ); Tue, 17 Oct 2023 13:09:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56700 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343896AbjJQRJm (ORCPT ); Tue, 17 Oct 2023 13:09:42 -0400 Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.66]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E6A3EFD for ; Tue, 17 Oct 2023 10:09:39 -0700 (PDT) Received: from submission (posteo.de [185.67.36.169]) by mout02.posteo.de (Postfix) with ESMTPS id 89791240101 for ; Tue, 17 Oct 2023 19:09:38 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1697562578; bh=Q8LiNL7wSMQoajblkGlA+q+m1bF1/sDz61OeFOh0htE=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version: Content-Transfer-Encoding:From; b=fOqnHezuWMpXffAdhVVR6zoXh48fIMzzNBmkq6bGUuIOO/LESRfZCV+W3BLWX2cbG gGLcpqzfqkQYG6gzR1pnB76YQhpyYbAQyJYXIdqVw7atHH3sZzWJmMDV7+cjbXlnFi Tr4I+lNcNwIdCUIGZJn8Eg17pPkQx16osi6FrrpbxN9KUrVPjL7/ECaPQmxS7bcsyr QkseKMHhLo7Sl9sUbkMD+PJqePCn9sqD7Y6IZx31d5Dq3GDwYSsF7UDoRIph6IG35v 0T7VT1S1b9dT5FoWssqNY5MMyobIWtq4z5b1qBxBWMRF+t6Ue1wiIM/YoRYuq8pTMD cBLZbEWWDq95w== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4S90p91Dbjz9rxG; Tue, 17 Oct 2023 19:09:37 +0200 (CEST) From: Mark O'Donovan To: linux-kernel@vger.kernel.org Cc: linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de, axboe@kernel.dk, kbusch@kernel.org, hare@suse.de, Mark O'Donovan , Akash Appaiah Subject: [PATCH v5 2/3] nvme-auth: use transformed key size to create resp Date: Tue, 17 Oct 2023 17:09:18 +0000 Message-Id: <20231017170919.30358-3-shiftee@posteo.net> In-Reply-To: <20231017170919.30358-1-shiftee@posteo.net> References: <20231017170919.30358-1-shiftee@posteo.net> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This does not change current behaviour as the driver currently verifies that the secret size is the same size as the length of the transformation hash. Co-developed-by: Akash Appaiah Signed-off-by: Akash Appaiah Signed-off-by: Mark O'Donovan Reviewed-by: Hannes Reinecke --- V1 -> V2: support target implementation and controller secrets also V2 -> V3: return key from nvme_auth_transform_key V3 -> V4: use helper to get key struct len, added ERR_CAST drivers/nvme/common/auth.c | 23 ++++++++++++++--------- drivers/nvme/host/auth.c | 30 +++++++++++++++--------------- drivers/nvme/target/auth.c | 31 +++++++++++++++++-------------- include/linux/nvme-auth.h | 3 ++- 4 files changed, 48 insertions(+), 39 deletions(-) diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c index 16a071448d54..f954aeb647a5 100644 --- a/drivers/nvme/common/auth.c +++ b/drivers/nvme/common/auth.c @@ -242,21 +242,25 @@ void nvme_auth_free_key(struct nvme_dhchap_key *key) } EXPORT_SYMBOL_GPL(nvme_auth_free_key); =20 -u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key, char *nqn) +struct nvme_dhchap_key *nvme_auth_transform_key( + struct nvme_dhchap_key *key, char *nqn) { const char *hmac_name; struct crypto_shash *key_tfm; struct shash_desc *shash; - u8 *transformed_key; - int ret; + struct nvme_dhchap_key *transformed_key; + int ret, key_len; =20 if (!key) { pr_warn("No key specified\n"); return ERR_PTR(-ENOKEY); } if (key->hash =3D=3D 0) { - transformed_key =3D kmemdup(key->key, key->len, GFP_KERNEL); - return transformed_key ? transformed_key : ERR_PTR(-ENOMEM); + key_len =3D nvme_auth_key_struct_size(key->len); + transformed_key =3D kmemdup(key, key_len, GFP_KERNEL); + if (!transformed_key) + return ERR_PTR(-ENOMEM); + return transformed_key; } hmac_name =3D nvme_auth_hmac_name(key->hash); if (!hmac_name) { @@ -266,7 +270,7 @@ u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key= , char *nqn) =20 key_tfm =3D crypto_alloc_shash(hmac_name, 0, 0); if (IS_ERR(key_tfm)) - return (u8 *)key_tfm; + return ERR_CAST(key_tfm); =20 shash =3D kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(key_tfm), @@ -276,7 +280,8 @@ u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key= , char *nqn) goto out_free_key; } =20 - transformed_key =3D kzalloc(crypto_shash_digestsize(key_tfm), GFP_KERNEL); + key_len =3D crypto_shash_digestsize(key_tfm); + transformed_key =3D nvme_auth_alloc_key(key_len, key->hash); if (!transformed_key) { ret =3D -ENOMEM; goto out_free_shash; @@ -295,7 +300,7 @@ u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key= , char *nqn) ret =3D crypto_shash_update(shash, "NVMe-over-Fabrics", 17); if (ret < 0) goto out_free_transformed_key; - ret =3D crypto_shash_final(shash, transformed_key); + ret =3D crypto_shash_final(shash, transformed_key->key); if (ret < 0) goto out_free_transformed_key; =20 @@ -305,7 +310,7 @@ u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key= , char *nqn) return transformed_key; =20 out_free_transformed_key: - kfree_sensitive(transformed_key); + nvme_auth_free_key(transformed_key); out_free_shash: kfree(shash); out_free_key: diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c index daf5d144a8ea..de1390d705dc 100644 --- a/drivers/nvme/host/auth.c +++ b/drivers/nvme/host/auth.c @@ -23,6 +23,7 @@ struct nvme_dhchap_queue_context { struct nvme_ctrl *ctrl; struct crypto_shash *shash_tfm; struct crypto_kpp *dh_tfm; + struct nvme_dhchap_key *transformed_key; void *buf; int qid; int error; @@ -36,7 +37,6 @@ struct nvme_dhchap_queue_context { u8 c1[64]; u8 c2[64]; u8 response[64]; - u8 *host_response; u8 *ctrl_key; u8 *host_key; u8 *sess_key; @@ -428,12 +428,12 @@ static int nvme_auth_dhchap_setup_host_response(struc= t nvme_ctrl *ctrl, dev_dbg(ctrl->device, "%s: qid %d host response seq %u transaction %d\n", __func__, chap->qid, chap->s1, chap->transaction); =20 - if (!chap->host_response) { - chap->host_response =3D nvme_auth_transform_key(ctrl->host_key, + if (!chap->transformed_key) { + chap->transformed_key =3D nvme_auth_transform_key(ctrl->host_key, ctrl->opts->host->nqn); - if (IS_ERR(chap->host_response)) { - ret =3D PTR_ERR(chap->host_response); - chap->host_response =3D NULL; + if (IS_ERR(chap->transformed_key)) { + ret =3D PTR_ERR(chap->transformed_key); + chap->transformed_key =3D NULL; return ret; } } else { @@ -442,7 +442,7 @@ static int nvme_auth_dhchap_setup_host_response(struct = nvme_ctrl *ctrl, } =20 ret =3D crypto_shash_setkey(chap->shash_tfm, - chap->host_response, ctrl->host_key->len); + chap->transformed_key->key, chap->transformed_key->len); if (ret) { dev_warn(ctrl->device, "qid %d: failed to set key, error %d\n", chap->qid, ret); @@ -508,19 +508,19 @@ static int nvme_auth_dhchap_setup_ctrl_response(struc= t nvme_ctrl *ctrl, struct nvme_dhchap_queue_context *chap) { SHASH_DESC_ON_STACK(shash, chap->shash_tfm); - u8 *ctrl_response; + struct nvme_dhchap_key *transformed_key; u8 buf[4], *challenge =3D chap->c2; int ret; =20 - ctrl_response =3D nvme_auth_transform_key(ctrl->ctrl_key, + transformed_key =3D nvme_auth_transform_key(ctrl->ctrl_key, ctrl->opts->subsysnqn); - if (IS_ERR(ctrl_response)) { - ret =3D PTR_ERR(ctrl_response); + if (IS_ERR(transformed_key)) { + ret =3D PTR_ERR(transformed_key); return ret; } =20 ret =3D crypto_shash_setkey(chap->shash_tfm, - ctrl_response, ctrl->ctrl_key->len); + transformed_key->key, transformed_key->len); if (ret) { dev_warn(ctrl->device, "qid %d: failed to set key, error %d\n", chap->qid, ret); @@ -586,7 +586,7 @@ static int nvme_auth_dhchap_setup_ctrl_response(struct = nvme_ctrl *ctrl, out: if (challenge !=3D chap->c2) kfree(challenge); - kfree(ctrl_response); + nvme_auth_free_key(transformed_key); return ret; } =20 @@ -648,8 +648,8 @@ static int nvme_auth_dhchap_exponential(struct nvme_ctr= l *ctrl, =20 static void nvme_auth_reset_dhchap(struct nvme_dhchap_queue_context *chap) { - kfree_sensitive(chap->host_response); - chap->host_response =3D NULL; + nvme_auth_free_key(chap->transformed_key); + chap->transformed_key =3D NULL; kfree_sensitive(chap->host_key); chap->host_key =3D NULL; chap->host_key_len =3D 0; diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c index 4dcddcf95279..3ddbc3880cac 100644 --- a/drivers/nvme/target/auth.c +++ b/drivers/nvme/target/auth.c @@ -267,7 +267,8 @@ int nvmet_auth_host_hash(struct nvmet_req *req, u8 *res= ponse, struct shash_desc *shash; struct nvmet_ctrl *ctrl =3D req->sq->ctrl; const char *hash_name; - u8 *challenge =3D req->sq->dhchap_c1, *host_response; + u8 *challenge =3D req->sq->dhchap_c1; + struct nvme_dhchap_key *transformed_key; u8 buf[4]; int ret; =20 @@ -291,14 +292,15 @@ int nvmet_auth_host_hash(struct nvmet_req *req, u8 *r= esponse, goto out_free_tfm; } =20 - host_response =3D nvme_auth_transform_key(ctrl->host_key, ctrl->hostnqn); - if (IS_ERR(host_response)) { - ret =3D PTR_ERR(host_response); + transformed_key =3D nvme_auth_transform_key(ctrl->host_key, + ctrl->hostnqn); + if (IS_ERR(transformed_key)) { + ret =3D PTR_ERR(transformed_key); goto out_free_tfm; } =20 - ret =3D crypto_shash_setkey(shash_tfm, host_response, - ctrl->host_key->len); + ret =3D crypto_shash_setkey(shash_tfm, transformed_key->key, + transformed_key->len); if (ret) goto out_free_response; =20 @@ -365,7 +367,7 @@ int nvmet_auth_host_hash(struct nvmet_req *req, u8 *res= ponse, kfree(challenge); kfree(shash); out_free_response: - kfree_sensitive(host_response); + nvme_auth_free_key(transformed_key); out_free_tfm: crypto_free_shash(shash_tfm); return 0; @@ -378,7 +380,8 @@ int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *res= ponse, struct shash_desc *shash; struct nvmet_ctrl *ctrl =3D req->sq->ctrl; const char *hash_name; - u8 *challenge =3D req->sq->dhchap_c2, *ctrl_response; + u8 *challenge =3D req->sq->dhchap_c2; + struct nvme_dhchap_key *transformed_key; u8 buf[4]; int ret; =20 @@ -402,15 +405,15 @@ int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *r= esponse, goto out_free_tfm; } =20 - ctrl_response =3D nvme_auth_transform_key(ctrl->ctrl_key, + transformed_key =3D nvme_auth_transform_key(ctrl->ctrl_key, ctrl->subsysnqn); - if (IS_ERR(ctrl_response)) { - ret =3D PTR_ERR(ctrl_response); + if (IS_ERR(transformed_key)) { + ret =3D PTR_ERR(transformed_key); goto out_free_tfm; } =20 - ret =3D crypto_shash_setkey(shash_tfm, ctrl_response, - ctrl->ctrl_key->len); + ret =3D crypto_shash_setkey(shash_tfm, transformed_key->key, + transformed_key->len); if (ret) goto out_free_response; =20 @@ -474,7 +477,7 @@ int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *res= ponse, kfree(challenge); kfree(shash); out_free_response: - kfree_sensitive(ctrl_response); + nvme_auth_free_key(transformed_key); out_free_tfm: crypto_free_shash(shash_tfm); return 0; diff --git a/include/linux/nvme-auth.h b/include/linux/nvme-auth.h index a5ae9abe1ef6..c1d0bc5d9624 100644 --- a/include/linux/nvme-auth.h +++ b/include/linux/nvme-auth.h @@ -29,7 +29,8 @@ struct nvme_dhchap_key *nvme_auth_extract_key(unsigned ch= ar *secret, u8 key_hash); void nvme_auth_free_key(struct nvme_dhchap_key *key); struct nvme_dhchap_key *nvme_auth_alloc_key(u32 len, u8 hash); -u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key, char *nqn); +struct nvme_dhchap_key *nvme_auth_transform_key( + struct nvme_dhchap_key *key, char *nqn); int nvme_auth_generate_key(u8 *secret, struct nvme_dhchap_key **ret_key); int nvme_auth_augmented_challenge(u8 hmac_id, u8 *skey, size_t skey_len, u8 *challenge, u8 *aug, size_t hlen); --=20 2.39.2 From nobody Tue Dec 16 20:04:54 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F22CCDB474 for ; Tue, 17 Oct 2023 17:09:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343935AbjJQRJy (ORCPT ); Tue, 17 Oct 2023 13:09:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56714 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343863AbjJQRJp (ORCPT ); Tue, 17 Oct 2023 13:09:45 -0400 Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.66]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4913ABA for ; Tue, 17 Oct 2023 10:09:41 -0700 (PDT) Received: from submission (posteo.de [185.67.36.169]) by mout02.posteo.de (Postfix) with ESMTPS id D0F22240105 for ; Tue, 17 Oct 2023 19:09:39 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1697562579; bh=VhFfYCOEPT+rQAMLdIS9Syy14aQ3ZPiksMBM2z4L0Z8=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version: Content-Transfer-Encoding:From; b=qpTo/dRWSsIHISjTrVctNufscbV1CNniMJ5LjgwNIqzQmVsyuV75LwZwNF2sAyTQD eiLz2YtLOgM/2HFraFk3p94m8k5HWtfMBhm50TXMAnu147Fu5Wd50XZEyuK4rjpuRl qLlUNJ0FwUDgL5f7/ROIPoo1Ry6Gf1KjmWbnHBtay30GIuH1YJkxb2mIF/qdpunegh W+bjIY913fRHySr082FMt0L+gf634GXU191Bp2NmU/fUm131NA1V/R6JAoQQkDuwtY 0fw/TfGOIFmNfJchUQlSD/Ay5kofCZ6/e1M+bg4AuCqRg8pqWbwm1d6kT/FE66k6u6 DGGIhfsvjZzeQ== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4S90pB2sFMz9rxW; Tue, 17 Oct 2023 19:09:38 +0200 (CEST) From: Mark O'Donovan To: linux-kernel@vger.kernel.org Cc: linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de, axboe@kernel.dk, kbusch@kernel.org, hare@suse.de, Mark O'Donovan , Akash Appaiah Subject: [PATCH v5 3/3] nvme-auth: allow mixing of secret and hash lengths Date: Tue, 17 Oct 2023 17:09:19 +0000 Message-Id: <20231017170919.30358-4-shiftee@posteo.net> In-Reply-To: <20231017170919.30358-1-shiftee@posteo.net> References: <20231017170919.30358-1-shiftee@posteo.net> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" We can now use any of the secret transformation hashes with a secret, regardless of the secret size. e.g. a 32 byte key with the SHA-512(64 byte) hash. The example secret from the spec should now be permitted with any of the following: DHHC-1:00:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:01:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:02:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:03:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: Note: Secrets are still restricted to 32,48 or 64 bits. Co-developed-by: Akash Appaiah Signed-off-by: Akash Appaiah Signed-off-by: Mark O'Donovan Reviewed-by: Hannes Reinecke --- drivers/nvme/common/auth.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c index f954aeb647a5..a8e87dfbeab2 100644 --- a/drivers/nvme/common/auth.c +++ b/drivers/nvme/common/auth.c @@ -190,14 +190,6 @@ struct nvme_dhchap_key *nvme_auth_extract_key(unsigned= char *secret, goto out_free_secret; } =20 - if (key_hash > 0 && - (key_len - 4) !=3D nvme_auth_hmac_hash_len(key_hash)) { - pr_err("Mismatched key len %d for %s\n", key_len, - nvme_auth_hmac_name(key_hash)); - ret =3D -EINVAL; - goto out_free_secret; - } - /* The last four bytes is the CRC in little-endian format */ key_len -=3D 4; /* --=20 2.39.2