From patchwork Mon Oct 16 08:57:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark O'Donovan X-Patchwork-Id: 15408 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp3324861vqb; Mon, 16 Oct 2023 01:57:49 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHIY6ltCZxZa0ZDCf+OsVTeN4XK7mrFUYY67hsqqyTeAWy204/iSDvlgmS9Kk1LKdJ7h/d6 X-Received: by 2002:a05:6871:4a18:b0:1e9:9440:fe4a with SMTP id tz24-20020a0568714a1800b001e99440fe4amr11784065oab.3.1697446668882; Mon, 16 Oct 2023 01:57:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697446668; cv=none; d=google.com; s=arc-20160816; b=WJd1qoZ/plZLJA/Gq0m/3UE4sZz7xxli3jMTCWbsiuswKGjdRYr+7VTiliu93+KzES YvIsyNVlQyMeI3xoCgxniQJotApgWgLiVoQci4eVAeiZJveA/pMr49F6ijFsSPeQXB/I KgtBOXeoJDY1q5aB2DexbpTnLg4Ty/rF/Wk9k21/HOcxpgzEoS4z78jtazorBjGWEPnf RzGvsXDpZDv7qBL/edH9totnos1yjJq0kgqhc5qT5cEGHECnLzgjxktY+HspvFeQj+gF Y+qwMPCCeRVj7v4js+E6ZzcOi94NzXZsFDeum63x76zhwZC5jRcA42RscrhYoHN3laDO 0jNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=dZUE3Z5gEAdTYpsICV+v1ype6V/m6s1n6fA5c3g9VNo=; fh=nK/B2gIzvYPsKU0sJgdKEVdz5eoE00hHt727sEimwsQ=; b=fJa1eoHiyBVrgAAGic5lDet9+10pxh+NsJp/vFP8rZWTCQKY4iT2LteTd+1yy28qlQ +5WCVAiWjPFPwjo8e9ooFGaOVU2EgYjrBBTS0UX12JUuvs5+pjOYq1cgATdfMJ3wkT+A 52fMT41eSA9MbQLKoZdPaWZKo2hUlN9nq4n0kxFWnubf69ccerGpNBOC+6+fM4Cz2zsN we7T6UdxQZwXH7yRhHQ863cngTIlWeVy8tiyDKlNNr0sTRJU1n08TH7y6CpC9d6x6AfX CIsdjzvnA0rCDtmbiVvaTzYnWDiLPmrkZ+p7dgO355Lwp8ElJJ2dvxMLCkZM+QJQvunH KadQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@posteo.net header.s=2017 header.b=fuXHi9TW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=posteo.net Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id g26-20020a63111a000000b0055b731aa9adsi10121611pgl.562.2023.10.16.01.57.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Oct 2023 01:57:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@posteo.net header.s=2017 header.b=fuXHi9TW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=posteo.net Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id A53B3802D1A3; Mon, 16 Oct 2023 01:57:46 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233100AbjJPI50 (ORCPT + 18 others); Mon, 16 Oct 2023 04:57:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33404 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232541AbjJPI5Z (ORCPT ); Mon, 16 Oct 2023 04:57:25 -0400 Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.66]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0E2E195 for ; Mon, 16 Oct 2023 01:57:24 -0700 (PDT) Received: from submission (posteo.de [185.67.36.169]) by mout02.posteo.de (Postfix) with ESMTPS id A9983240107 for ; Mon, 16 Oct 2023 10:57:22 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1697446642; bh=VvG7lAdIJ52HfYW9RRUqb2VWt1HKenPkukM7Qd9aHuI=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version: Content-Transfer-Encoding:From; b=fuXHi9TWnOVTasbiPlH2+mb9Ikb8rlg+ukZHvAtXwPbkIKZNIltoGysnuzuXjGVj1 sX2IzQoh5Gcna+tWZ44R4k1HZqhMSCtRdmdISUXGRQDM2oCYlnRI1XDzyMbTOxDizJ fFHs7RtDSy44dnG/NGTcDXlOUJeD37IpQU3kzQ1J694f9t89Igq0RL+TATjAPoZkr3 WkbVxDd3m1pAONr1k28nmW8FuvqetmVBXHzDY8TpyFtgb3SVE1dgZEuxlJud89OY/g 71AZtiQa5TciPzPJj5OYhbWyvQkYxR1+pDQS+klyeZ32JzYuT8lWyMx8SdcOsAuvdo ZCSntEC+T1HNA== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4S89wc6Cx8z9rxR; Mon, 16 Oct 2023 10:57:20 +0200 (CEST) From: Mark O'Donovan To: linux-kernel@vger.kernel.org Cc: linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de, axboe@kernel.dk, kbusch@kernel.org, hare@suse.de, Mark O'Donovan Subject: [PATCH v2 0/2] Remove secret-size restrictions for hashes Date: Mon, 16 Oct 2023 08:57:13 +0000 Message-Id: <20231016085715.3068974-1-shiftee@posteo.net> MIME-Version: 1.0 X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Mon, 16 Oct 2023 01:57:46 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1779901838719281952 X-GMAIL-MSGID: 1779901838719281952 This relates to the hash functions used to transform the secret. The kernel currently restricts us to using secrets equal in size to the transformation hash function they use. e.g. 32 byte secrets with the SHA-256(32 byte) hash function. This restriction is not required by the spec and means incompatibility with more permissive implementations. With these patches the example secret from the spec should now be permitted with any of the following: DHHC-1:00:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:01:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:02:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:03:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: Note: Secrets are still restricted to 32,48 or 64 bits. Mark O'Donovan (2): nvme-auth: use transformed key size to create resp nvme-auth: allow mixing of secret and hash lengths drivers/nvme/common/auth.c | 14 +++++--------- drivers/nvme/host/auth.c | 4 ++-- drivers/nvme/target/auth.c | 4 ++-- include/linux/nvme-auth.h | 3 ++- 4 files changed, 11 insertions(+), 14 deletions(-)