diff mbox series

[v4,1/3] nvme-auth: alloc nvme_dhchap_key as single buffer

Message ID	20231017105251.3274652-2-shiftee@posteo.net
State	New
Headers	Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; From: Mark O'Donovan <shiftee@posteo.net> To: linux-kernel@vger.kernel.org Cc: linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de, axboe@kernel.dk, kbusch@kernel.org, hare@suse.de, Mark O'Donovan <shiftee@posteo.net>, Akash Appaiah <Akash.Appaiah@dell.com> Subject: [PATCH v4 1/3] nvme-auth: alloc nvme_dhchap_key as single buffer Date: Tue, 17 Oct 2023 10:52:49 +0000 Message-Id: <20231017105251.3274652-2-shiftee@posteo.net> In-Reply-To: <20231017105251.3274652-1-shiftee@posteo.net> References: <20231017105251.3274652-1-shiftee@posteo.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Remove secret-size restrictions for hashes \| [v4,0/3] Remove secret-size restrictions for hashes [v4,1/3] nvme-auth: alloc nvme_dhchap_key as single buffer [v4,2/3] nvme-auth: use transformed key size to create resp [v4,3/3] nvme-auth: allow mixing of secret and hash lengths

Commit Message

Mark O'Donovan Oct. 17, 2023, 10:52 a.m. UTC

  Co-developed-by: Akash Appaiah <Akash.Appaiah@dell.com>
Signed-off-by: Akash Appaiah <Akash.Appaiah@dell.com>
Signed-off-by: Mark O'Donovan <shiftee@posteo.net>
Reviewed-by: Hannes Reinecke <hare@suse.de>
---
V2 -> V3: initial version

V3 -> V4: added function to get size of key struct

 drivers/nvme/common/auth.c | 35 ++++++++++++++++++++++++-----------
 include/linux/nvme-auth.h  |  4 +++-
 2 files changed, 27 insertions(+), 12 deletions(-)

Comments

kernel test robot Oct. 17, 2023, 3:55 p.m. UTC | #1

Hi Mark,

kernel test robot noticed the following build warnings:

[auto build test WARNING on hch-configfs/for-next]
[also build test WARNING on linus/master v6.6-rc6 next-20231017]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Mark-O-Donovan/nvme-auth-alloc-nvme_dhchap_key-as-single-buffer/20231017-185421
base:   git://git.infradead.org/users/hch/configfs.git for-next
patch link:    https://lore.kernel.org/r/20231017105251.3274652-2-shiftee%40posteo.net
patch subject: [PATCH v4 1/3] nvme-auth: alloc nvme_dhchap_key as single buffer
config: m68k-allyesconfig (https://download.01.org/0day-ci/archive/20231017/202310172318.IgK0V5EX-lkp@intel.com/config)
compiler: m68k-linux-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231017/202310172318.IgK0V5EX-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202310172318.IgK0V5EX-lkp@intel.com/

All warnings (new ones prefixed by >>):

   drivers/nvme/common/auth.c: In function 'nvme_auth_transform_key':
>> drivers/nvme/common/auth.c:253:21: warning: the comparison will always evaluate as 'true' for the address of 'key' will never be NULL [-Waddress]
     253 |         if (!key || !key->key) {
         |                     ^
   In file included from drivers/nvme/common/auth.c:15:
   include/linux/nvme-auth.h:14:12: note: 'key' declared here
      14 |         u8 key[];
         |            ^~~


vim +253 drivers/nvme/common/auth.c

f50fff73d620cd Hannes Reinecke 2022-06-27  244  
f50fff73d620cd Hannes Reinecke 2022-06-27  245  u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key, char *nqn)
f50fff73d620cd Hannes Reinecke 2022-06-27  246  {
f50fff73d620cd Hannes Reinecke 2022-06-27  247  	const char *hmac_name;
f50fff73d620cd Hannes Reinecke 2022-06-27  248  	struct crypto_shash *key_tfm;
f50fff73d620cd Hannes Reinecke 2022-06-27  249  	struct shash_desc *shash;
f50fff73d620cd Hannes Reinecke 2022-06-27  250  	u8 *transformed_key;
f50fff73d620cd Hannes Reinecke 2022-06-27  251  	int ret;
f50fff73d620cd Hannes Reinecke 2022-06-27  252  
f50fff73d620cd Hannes Reinecke 2022-06-27 @253  	if (!key || !key->key) {
f50fff73d620cd Hannes Reinecke 2022-06-27  254  		pr_warn("No key specified\n");
f50fff73d620cd Hannes Reinecke 2022-06-27  255  		return ERR_PTR(-ENOKEY);
f50fff73d620cd Hannes Reinecke 2022-06-27  256  	}
f50fff73d620cd Hannes Reinecke 2022-06-27  257  	if (key->hash == 0) {
f50fff73d620cd Hannes Reinecke 2022-06-27  258  		transformed_key = kmemdup(key->key, key->len, GFP_KERNEL);
f50fff73d620cd Hannes Reinecke 2022-06-27  259  		return transformed_key ? transformed_key : ERR_PTR(-ENOMEM);
f50fff73d620cd Hannes Reinecke 2022-06-27  260  	}
f50fff73d620cd Hannes Reinecke 2022-06-27  261  	hmac_name = nvme_auth_hmac_name(key->hash);
f50fff73d620cd Hannes Reinecke 2022-06-27  262  	if (!hmac_name) {
f50fff73d620cd Hannes Reinecke 2022-06-27  263  		pr_warn("Invalid key hash id %d\n", key->hash);
f50fff73d620cd Hannes Reinecke 2022-06-27  264  		return ERR_PTR(-EINVAL);
f50fff73d620cd Hannes Reinecke 2022-06-27  265  	}
f50fff73d620cd Hannes Reinecke 2022-06-27  266  
f50fff73d620cd Hannes Reinecke 2022-06-27  267  	key_tfm = crypto_alloc_shash(hmac_name, 0, 0);
f50fff73d620cd Hannes Reinecke 2022-06-27  268  	if (IS_ERR(key_tfm))
f50fff73d620cd Hannes Reinecke 2022-06-27  269  		return (u8 *)key_tfm;
f50fff73d620cd Hannes Reinecke 2022-06-27  270  
f50fff73d620cd Hannes Reinecke 2022-06-27  271  	shash = kmalloc(sizeof(struct shash_desc) +
f50fff73d620cd Hannes Reinecke 2022-06-27  272  			crypto_shash_descsize(key_tfm),
f50fff73d620cd Hannes Reinecke 2022-06-27  273  			GFP_KERNEL);
f50fff73d620cd Hannes Reinecke 2022-06-27  274  	if (!shash) {
f50fff73d620cd Hannes Reinecke 2022-06-27  275  		ret = -ENOMEM;
f50fff73d620cd Hannes Reinecke 2022-06-27  276  		goto out_free_key;
f50fff73d620cd Hannes Reinecke 2022-06-27  277  	}
f50fff73d620cd Hannes Reinecke 2022-06-27  278  
f50fff73d620cd Hannes Reinecke 2022-06-27  279  	transformed_key = kzalloc(crypto_shash_digestsize(key_tfm), GFP_KERNEL);
f50fff73d620cd Hannes Reinecke 2022-06-27  280  	if (!transformed_key) {
f50fff73d620cd Hannes Reinecke 2022-06-27  281  		ret = -ENOMEM;
f50fff73d620cd Hannes Reinecke 2022-06-27  282  		goto out_free_shash;
f50fff73d620cd Hannes Reinecke 2022-06-27  283  	}
f50fff73d620cd Hannes Reinecke 2022-06-27  284  
f50fff73d620cd Hannes Reinecke 2022-06-27  285  	shash->tfm = key_tfm;
f50fff73d620cd Hannes Reinecke 2022-06-27  286  	ret = crypto_shash_setkey(key_tfm, key->key, key->len);
f50fff73d620cd Hannes Reinecke 2022-06-27  287  	if (ret < 0)
80e2768496a494 Dan Carpenter   2022-07-18  288  		goto out_free_transformed_key;
f50fff73d620cd Hannes Reinecke 2022-06-27  289  	ret = crypto_shash_init(shash);
f50fff73d620cd Hannes Reinecke 2022-06-27  290  	if (ret < 0)
80e2768496a494 Dan Carpenter   2022-07-18  291  		goto out_free_transformed_key;
f50fff73d620cd Hannes Reinecke 2022-06-27  292  	ret = crypto_shash_update(shash, nqn, strlen(nqn));
f50fff73d620cd Hannes Reinecke 2022-06-27  293  	if (ret < 0)
80e2768496a494 Dan Carpenter   2022-07-18  294  		goto out_free_transformed_key;
f50fff73d620cd Hannes Reinecke 2022-06-27  295  	ret = crypto_shash_update(shash, "NVMe-over-Fabrics", 17);
f50fff73d620cd Hannes Reinecke 2022-06-27  296  	if (ret < 0)
80e2768496a494 Dan Carpenter   2022-07-18  297  		goto out_free_transformed_key;
f50fff73d620cd Hannes Reinecke 2022-06-27  298  	ret = crypto_shash_final(shash, transformed_key);
80e2768496a494 Dan Carpenter   2022-07-18  299  	if (ret < 0)
80e2768496a494 Dan Carpenter   2022-07-18  300  		goto out_free_transformed_key;
80e2768496a494 Dan Carpenter   2022-07-18  301  
80e2768496a494 Dan Carpenter   2022-07-18  302  	kfree(shash);
80e2768496a494 Dan Carpenter   2022-07-18  303  	crypto_free_shash(key_tfm);
80e2768496a494 Dan Carpenter   2022-07-18  304  
80e2768496a494 Dan Carpenter   2022-07-18  305  	return transformed_key;
80e2768496a494 Dan Carpenter   2022-07-18  306  
80e2768496a494 Dan Carpenter   2022-07-18  307  out_free_transformed_key:
80e2768496a494 Dan Carpenter   2022-07-18  308  	kfree_sensitive(transformed_key);
f50fff73d620cd Hannes Reinecke 2022-06-27  309  out_free_shash:
f50fff73d620cd Hannes Reinecke 2022-06-27  310  	kfree(shash);
f50fff73d620cd Hannes Reinecke 2022-06-27  311  out_free_key:
f50fff73d620cd Hannes Reinecke 2022-06-27  312  	crypto_free_shash(key_tfm);
80e2768496a494 Dan Carpenter   2022-07-18  313  
f50fff73d620cd Hannes Reinecke 2022-06-27  314  	return ERR_PTR(ret);
f50fff73d620cd Hannes Reinecke 2022-06-27  315  }
f50fff73d620cd Hannes Reinecke 2022-06-27  316  EXPORT_SYMBOL_GPL(nvme_auth_transform_key);
f50fff73d620cd Hannes Reinecke 2022-06-27  317

diff mbox series

Patch

diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c
index d90e4f0c08b7..984f4320aca3 100644
--- a/drivers/nvme/common/auth.c
+++ b/drivers/nvme/common/auth.c
@@ -150,6 +150,14 @@  size_t nvme_auth_hmac_hash_len(u8 hmac_id)
 }
 EXPORT_SYMBOL_GPL(nvme_auth_hmac_hash_len);
 
+u32 nvme_auth_key_struct_size(u32 key_len)
+{
+	struct nvme_dhchap_key key;
+
+	return struct_size(&key, key, key_len);
+}
+EXPORT_SYMBOL_GPL(nvme_auth_key_struct_size);
+
 struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret,
 					      u8 key_hash)
 {
@@ -163,14 +171,9 @@  struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret,
 	p = strrchr(secret, ':');
 	if (p)
 		allocated_len = p - secret;
-	key = kzalloc(sizeof(*key), GFP_KERNEL);
+	key = nvme_auth_alloc_key(allocated_len, 0);
 	if (!key)
 		return ERR_PTR(-ENOMEM);
-	key->key = kzalloc(allocated_len, GFP_KERNEL);
-	if (!key->key) {
-		ret = -ENOMEM;
-		goto out_free_key;
-	}
 
 	key_len = base64_decode(secret, allocated_len, key->key);
 	if (key_len < 0) {
@@ -213,19 +216,29 @@  struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret,
 	key->hash = key_hash;
 	return key;
 out_free_secret:
-	kfree_sensitive(key->key);
-out_free_key:
-	kfree(key);
+	nvme_auth_free_key(key);
 	return ERR_PTR(ret);
 }
 EXPORT_SYMBOL_GPL(nvme_auth_extract_key);
 
+struct nvme_dhchap_key *nvme_auth_alloc_key(u32 len, u8 hash)
+{
+	u32 num_bytes = nvme_auth_key_struct_size(len);
+	struct nvme_dhchap_key *key = kzalloc(num_bytes, GFP_KERNEL);
+
+	if (key) {
+		key->len = len;
+		key->hash = hash;
+	}
+	return key;
+}
+EXPORT_SYMBOL_GPL(nvme_auth_alloc_key);
+
 void nvme_auth_free_key(struct nvme_dhchap_key *key)
 {
 	if (!key)
 		return;
-	kfree_sensitive(key->key);
-	kfree(key);
+	kfree_sensitive(key);
 }
 EXPORT_SYMBOL_GPL(nvme_auth_free_key);
 
diff --git a/include/linux/nvme-auth.h b/include/linux/nvme-auth.h
index dcb8030062dd..a5ae9abe1ef6 100644
--- a/include/linux/nvme-auth.h
+++ b/include/linux/nvme-auth.h
@@ -9,9 +9,9 @@ 
 #include <crypto/kpp.h>
 
 struct nvme_dhchap_key {
-	u8 *key;
 	size_t len;
 	u8 hash;
+	u8 key[];
 };
 
 u32 nvme_auth_get_seqnum(void);
@@ -24,9 +24,11 @@  const char *nvme_auth_digest_name(u8 hmac_id);
 size_t nvme_auth_hmac_hash_len(u8 hmac_id);
 u8 nvme_auth_hmac_id(const char *hmac_name);
 
+u32 nvme_auth_key_struct_size(u32 key_len);
 struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret,
 					      u8 key_hash);
 void nvme_auth_free_key(struct nvme_dhchap_key *key);
+struct nvme_dhchap_key *nvme_auth_alloc_key(u32 len, u8 hash);
 u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key, char *nqn);
 int nvme_auth_generate_key(u8 *secret, struct nvme_dhchap_key **ret_key);
 int nvme_auth_augmented_challenge(u8 hmac_id, u8 *skey, size_t skey_len,