[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <7e3e0394-c644-4f7c-b7c8-849d459b3931@posteo.net>
Date: Mon, 16 Oct 2023 08:54:57 +0000
From: Mark O'Donovan <shiftee@...teo.net>
To: Hannes Reinecke <hare@...e.de>, linux-kernel@...r.kernel.org
Cc: linux-nvme@...ts.infradead.org, sagi@...mberg.me, hch@....de,
axboe@...nel.dk, kbusch@...nel.org,
Akash Appaiah <Akash.Appaiah@...l.com>
Subject: Re: [PATCH 1/2] nvme-auth: use transformed key size to create resp
On 14/10/2023 12:41, Hannes Reinecke wrote:
> On 10/13/23 22:28, Mark O'Donovan wrote:
>> This does not change current behaviour as the driver currently
>> verifies that the secret size is the same size as the length of
>> the transformation hash.
>>
>> Co-developed-by: Akash Appaiah <Akash.Appaiah@...l.com>
>> Signed-off-by: Akash Appaiah <Akash.Appaiah@...l.com>
>> Signed-off-by: Mark O'Donovan <shiftee@...teo.net>
>> ---
>> drivers/nvme/host/auth.c | 11 ++++++++++-
>> 1 file changed, 10 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
>> index daf5d144a8ea..e7d478d17b06 100644
>> --- a/drivers/nvme/host/auth.c
>> +++ b/drivers/nvme/host/auth.c
>> @@ -418,6 +418,14 @@ static int nvme_auth_set_dhchap_failure2_data(struct nvme_ctrl *ctrl,
>> return size;
>> }
>> +static int nvme_auth_dhchap_transformed_key_len(struct nvme_dhchap_key *key)
>> +{
>> + if (key->hash)
>> + return nvme_auth_hmac_hash_len(key->hash);
>> +
>> + return key->len;
>> +}
>> +
>> static int nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl,
>> struct nvme_dhchap_queue_context *chap)
>> {
>> @@ -442,7 +450,8 @@ static int nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl,
>> }
>> ret = crypto_shash_setkey(chap->shash_tfm,
>> - chap->host_response, ctrl->host_key->len);
>> + chap->host_response,
>> + nvme_auth_dhchap_transformed_key_len(ctrl->host_key));
>> if (ret) {
>> dev_warn(ctrl->device, "qid %d: failed to set key, error %d\n",
>> chap->qid, ret);
>
> Hmm. Yeah, hash size vs secret size always gets me.
> However, wouldn't it be better to return the key size from
> nvme_auth_transform_key and us that directly?
> (cf the attached patch)
>
> Cheers,
>
> Hannes
Hi Hannes,
I gave this a try and it ended up being easier to put it in struct nvme_dhchap_key.
V2 also does the nvme target code, and this means the length is stored in the same place.
Let me know if this works for you.
Thanks,
Mark
Powered by blists - more mailing lists