[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c60d34b1-5e2f-4b32-8519-c4a4ff89060a@suse.de>
Date: Sat, 14 Oct 2023 13:41:01 +0200
From: Hannes Reinecke <hare@...e.de>
To: Mark O'Donovan <shiftee@...teo.net>, linux-kernel@...r.kernel.org
Cc: linux-nvme@...ts.infradead.org, sagi@...mberg.me, hch@....de,
axboe@...nel.dk, kbusch@...nel.org,
Akash Appaiah <Akash.Appaiah@...l.com>
Subject: Re: [PATCH 1/2] nvme-auth: use transformed key size to create resp
On 10/13/23 22:28, Mark O'Donovan wrote:
> This does not change current behaviour as the driver currently
> verifies that the secret size is the same size as the length of
> the transformation hash.
>
> Co-developed-by: Akash Appaiah <Akash.Appaiah@...l.com>
> Signed-off-by: Akash Appaiah <Akash.Appaiah@...l.com>
> Signed-off-by: Mark O'Donovan <shiftee@...teo.net>
> ---
> drivers/nvme/host/auth.c | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
> index daf5d144a8ea..e7d478d17b06 100644
> --- a/drivers/nvme/host/auth.c
> +++ b/drivers/nvme/host/auth.c
> @@ -418,6 +418,14 @@ static int nvme_auth_set_dhchap_failure2_data(struct nvme_ctrl *ctrl,
> return size;
> }
>
> +static int nvme_auth_dhchap_transformed_key_len(struct nvme_dhchap_key *key)
> +{
> + if (key->hash)
> + return nvme_auth_hmac_hash_len(key->hash);
> +
> + return key->len;
> +}
> +
> static int nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl,
> struct nvme_dhchap_queue_context *chap)
> {
> @@ -442,7 +450,8 @@ static int nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl,
> }
>
> ret = crypto_shash_setkey(chap->shash_tfm,
> - chap->host_response, ctrl->host_key->len);
> + chap->host_response,
> + nvme_auth_dhchap_transformed_key_len(ctrl->host_key));
> if (ret) {
> dev_warn(ctrl->device, "qid %d: failed to set key, error %d\n",
> chap->qid, ret);
Hmm. Yeah, hash size vs secret size always gets me.
However, wouldn't it be better to return the key size from
nvme_auth_transform_key and us that directly?
(cf the attached patch)
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@...e.de +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew
Myers, Andrew McDonald, Martje Boudien Moerman
View attachment "0001-nvme-auth-use-length-of-the-transformed-key.patch" of type "text/x-patch" (3998 bytes)
Powered by blists - more mailing lists