From patchwork Mon Oct 16 22:58:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark O'Donovan X-Patchwork-Id: 15452 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp3772137vqb; Mon, 16 Oct 2023 16:00:32 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF21CI/CxQe2OIeLlww1CBX6FtRCOQosbzqd8qN2YoCFntXcwZd8wCP55be3g2D+IFKzUAS X-Received: by 2002:a05:6870:6b8a:b0:1ea:1510:d8df with SMTP id ms10-20020a0568706b8a00b001ea1510d8dfmr533292oab.4.1697497232281; Mon, 16 Oct 2023 16:00:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697497232; cv=none; d=google.com; s=arc-20160816; b=KnxQuoAZicOnyxI5Yg30pfVWCVWZ5R1oXWvrHWoJru/a+OlGhn47CcfhmM2HyTb6ec RmvtYPpVoILYgt5udW9zmKPjEnad3oVpQ5zrnl7B+xo19a3iWPb8tMsylIJoEyPq+KaB o8H3LmfNQ9llA+9j7xhGYuEpg/6sXGjgkNsTdi0+iRQOFJ+5SHrOIiwOwPJCOOv12u4b 8lWoLrs4wQONTUaoA1L/cwq+bQq5oNsZGq6n3f2yZ2JT3Twn+Y011cvjeeLBrk70k9xo 2cdB9UNH4eYCo6fFysb22l9UFO+qcdfi2vn04EhzVKdjtKfKtqxqG1Cr1DBYjR0S8Qv9 +EUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=QZD6lVcxYxA9BVfi+MXOuA9u1vCnrZMcBnWGmwFzWk4=; fh=nK/B2gIzvYPsKU0sJgdKEVdz5eoE00hHt727sEimwsQ=; b=Wxp2hitbp7NkwKxcyxlhehFQXEdT+OPCKJ+OSs7BQHoWXjgmEVA4sxLVV3rdfK1OOz lzgHek+eBH3R/SWADWT52wZDTt2iQnldRssLObTQ2hKTFkaupUG6ffFR3A8P9qQ8tj2U gEnDM6ovC+JD6SdaOZ3RnUBfMETg1GSzzMjKdPIfXxeC0rfTzsNqO8AFqIhNwfnyBc20 Wg+Zek1NcT4uPgDHbgRoHo1paDOM7VIHOHYa9HJgmUShD4g5W/hTQgoxw4QZufjU4DJO ZswzklrY1c5Mvob/lD+LsRE35WXaZnbwJxrbFATR427rFNEcfWQlYiBx/ahbLYQ00Y/V eg0A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@posteo.net header.s=2017 header.b="iZQez9/k"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=posteo.net Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id 14-20020a63020e000000b0055793097dbesi354387pgc.469.2023.10.16.16.00.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Oct 2023 16:00:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@posteo.net header.s=2017 header.b="iZQez9/k"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=posteo.net Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id BD44780774A3; Mon, 16 Oct 2023 16:00:26 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233774AbjJPXAA (ORCPT + 18 others); Mon, 16 Oct 2023 19:00:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50642 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232172AbjJPW77 (ORCPT ); Mon, 16 Oct 2023 18:59:59 -0400 Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.66]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E305583 for ; Mon, 16 Oct 2023 15:59:56 -0700 (PDT) Received: from submission (posteo.de [185.67.36.169]) by mout02.posteo.de (Postfix) with ESMTPS id 94CFE240101 for ; Tue, 17 Oct 2023 00:59:54 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1697497194; bh=ax3OYaNyzb/CAjT3t3j/wT9jnoQetJ33Pay44iGgCeE=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version: Content-Transfer-Encoding:From; b=iZQez9/kHdocquhh+VWzKq4hdZhsG/hdSrJjWmQi/dMkECPQNjUa4OiztJ9p7ExXJ 9Ky74IjH4yBdEKDoGX21yHPqHTX7vCrGzyC6hOR4aOkEjlrQcY3OyYyPZAxr1St7iA m7pFvRl4o+6keb0xszrwjzAj4ytZO7p7gCchA7pBd4NAgIBIfiOizV5si+iMLdga+I xkd7emQMJQ/lPFum2ArFhjq9vkRgLx/HQrScknw33hZ97bw+WvMAp4H5zRRZFC7d3D zjEdCVIzHNbV24xrIi1+mSvAyGgiRexqADcTwWnyGzRPB7u46pHTogmd4gKuATMnZK Hpugqn3m5hHiA== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4S8Xcl6Mlbz9rxK; Tue, 17 Oct 2023 00:59:51 +0200 (CEST) From: Mark O'Donovan To: linux-kernel@vger.kernel.org Cc: linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de, axboe@kernel.dk, kbusch@kernel.org, hare@suse.de, Mark O'Donovan Subject: [PATCH v3 0/3] Remove secret-size restrictions for hashes Date: Mon, 16 Oct 2023 22:58:54 +0000 Message-Id: <20231016225857.3085234-1-shiftee@posteo.net> MIME-Version: 1.0 X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Mon, 16 Oct 2023 16:00:26 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1779954857812955500 X-GMAIL-MSGID: 1779954857812955500 This relates to the hash functions used to transform the secret. The kernel currently restricts us to using secrets equal in size to the transformation hash function they use. e.g. 32 byte secrets with the SHA-256(32 byte) hash function. This restriction is not required by the spec and means incompatibility with more permissive implementations. With these patches the example secret from the spec should now be permitted with any of the following: DHHC-1:00:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:01:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:02:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:03:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: Note: Secrets are still restricted to 32,48 or 64 bits. v1: - Initial submission v2: - Added transformed_len as member of struct nvme_dhchap_key v3: - Return a struct nvme_dhchap_key from nvme_auth_transform_key() Mark O'Donovan (3): nvme-auth: alloc nvme_dhchap_key as single buffer nvme-auth: use transformed key size to create resp nvme-auth: allow mixing of secret and hash lengths drivers/nvme/common/auth.c | 52 ++++++++++++++++++-------------------- drivers/nvme/host/auth.c | 30 +++++++++++----------- drivers/nvme/target/auth.c | 30 ++++++++++++---------- include/linux/nvme-auth.h | 5 ++-- 4 files changed, 59 insertions(+), 58 deletions(-)