| Message ID | 20231017170919.30358-1-shiftee@posteo.net |
|---|---|
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id
ib8csp4281132vqb;
Tue, 17 Oct 2023 10:10:01 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IG9lvTpVE51o0rcKRVo5XvliBH5C7ikfN1IdKgoqYNeW1qKHLH65BUG1QcF39C6pwPrvHaX
X-Received: by 2002:a05:6a20:d80d:b0:163:ab09:193e with SMTP id
iv13-20020a056a20d80d00b00163ab09193emr2778233pzb.1.1697562601082;
Tue, 17 Oct 2023 10:10:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697562601; cv=none;
d=google.com; s=arc-20160816;
b=DDBlPPeP9owSySmuZoAFjzlKFJf4qgme7debPm4tlWfGANGRZ4EpAGpx85avhJM9zq
snMxI7Z+yjJEe4fQwDX2nf2S2ccbnh+ifyXzJ58XUxsEEZGDW+XYvc2knHobdT5YGxg4
5ofSdVXelH1JOx6TlZ8rAiQxJ+e6jStfocbXrWFl75jQaU9z8EAKgm6FIKPsclRUJQW0
QcBmYs9ZOPb14XEnSc+OYpVAGFNX1/Obu3e+CvDzUkMtfeJ1+zbZ9nc0kVcIHT0Y0HF+
SPZPjvxwE/GujJFE+A8RjrUPazEBTsJgxiQyKbMGJg6cgidwvYfBScBjOQq0fjcBlmCr
g0Ig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=Rw5yrnw5vfwiQI7TlmbzXdImcMob6nX5Hn71Zy5uSAQ=;
fh=nK/B2gIzvYPsKU0sJgdKEVdz5eoE00hHt727sEimwsQ=;
b=FgeN/RveQ5ZbQgJRpzDRwR3qViGn2jz/TUYtW5cHCPYmn1XdRCqhqCfETWh4/4vjSS
hA76UfjIxAjFMI0UhHtjq5K+ZWDg05qMZ6eW9LOWbaRnk5JTWZNR2ATd6+DwOBC9L4Nb
dsDc37k/03Zr//Z+vD+9WNk4umQDbBB/CwQVgXiaN0HnTpLs+1lTh/3BErQ5KLmZjTRi
XIF2q2R8MMo1y2JgrLo9G5oYWOmPn5WZ6HmZkSVl6VpgcVCrv9BfyxJKf2gNzwGv5bXW
Dp9+o5dbxAVIRFh+R8VBsp1gAXoMMEmRCjHgcRQyL1AldONHAjlnocUqlvR0w5ddu7qe
B7HA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@posteo.net header.s=2017 header.b=amnelQWD;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.35 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=posteo.net
Received: from groat.vger.email (groat.vger.email. [23.128.96.35])
by mx.google.com with ESMTPS id
x20-20020a656ab4000000b005aad7d77608si201119pgu.138.2023.10.17.10.10.00
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 17 Oct 2023 10:10:01 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35;
Authentication-Results: mx.google.com;
dkim=pass header.i=@posteo.net header.s=2017 header.b=amnelQWD;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.35 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=posteo.net
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by groat.vger.email (Postfix) with ESMTP id 5344580BA7E3;
Tue, 17 Oct 2023 10:09:57 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1343904AbjJQRJn (ORCPT <rfc822;hjfbswb@gmail.com> + 20 others);
Tue, 17 Oct 2023 13:09:43 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56664 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1343863AbjJQRJk (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 17 Oct 2023 13:09:40 -0400
Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.66])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 70A3BB0
for <linux-kernel@vger.kernel.org>;
Tue, 17 Oct 2023 10:09:38 -0700 (PDT)
Received: from submission (posteo.de [185.67.36.169])
by mout02.posteo.de (Postfix) with ESMTPS id 147BB240101
for <linux-kernel@vger.kernel.org>;
Tue, 17 Oct 2023 19:09:36 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017;
t=1697562576; bh=rlnHe0oU2ussQlwYxHpMoHyDbTunIDkyFCYAe1fYEf4=;
h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:
Content-Transfer-Encoding:From;
b=amnelQWDhpzqm4QS6Cc0ixV2zH5qDtADR7lfBvwPcUUtHfohhw0OIXJ35dk9WtMlm
NqIUI/cz7tnrTTAn/U7lnhKgCeTN08vVc+6KMkY+BLYWaUcV74ZuaZvV5RBESxV7a1
mJ5K93oJc1pSaMVGToHuq0iKeFFiauJ+LGwiKbiFOkX101kmOrCZnsW62eAGnFo/ra
TCNrMSVrYwbtpjYTUoovLFzgVtC/6ps1w+bV7vPcKk9iR+YOyI3z2CnkxXnG2itMDt
9QWCFerkmN843m8F9rwu016tCK4rPU+mbxbxAXOSy1F5S3dctkcVDrIHUwhOQ7fBvR
CmMM10vD5djig==
Received: from customer (localhost [127.0.0.1])
by submission (posteo.de) with ESMTPSA id 4S90p52DsNz9rxS;
Tue, 17 Oct 2023 19:09:33 +0200 (CEST)
From: Mark O'Donovan <shiftee@posteo.net>
To: linux-kernel@vger.kernel.org
Cc: linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de,
axboe@kernel.dk, kbusch@kernel.org, hare@suse.de,
Mark O'Donovan <shiftee@posteo.net>
Subject: [PATCH v5 0/3] Remove secret-size restrictions for hashes
Date: Tue, 17 Oct 2023 17:09:16 +0000
Message-Id: <20231017170919.30358-1-shiftee@posteo.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]);
Tue, 17 Oct 2023 10:09:57 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1779954857812955500
X-GMAIL-MSGID: 1780023401935485384
|
| Series |
Remove secret-size restrictions for hashes
|
|
Message
Mark O'Donovan
Oct. 17, 2023, 5:09 p.m. UTC
This relates to the hash functions used to transform the secret. The kernel currently restricts us to using secrets equal in size to the transformation hash function they use. e.g. 32 byte secrets with the SHA-256(32 byte) hash function. This restriction is not required by the spec and means incompatibility with more permissive implementations. With these patches the example secret from the spec should now be permitted with any of the following: DHHC-1:00:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:01:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:02:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:03:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: Note: Secrets are still restricted to 32,48 or 64 bits. v1: - Initial submission v2: - Added transformed_len as member of struct nvme_dhchap_key v3: - Return a struct nvme_dhchap_key from nvme_auth_transform_key() v4: - added helper to caclulate key struct size using struct_size() - Break up lines which were too long - Replace ternary operator with if - Add missing ERR_CAST() v5: - Removed newly redundant check found by kernel test robot Mark O'Donovan (3): nvme-auth: alloc nvme_dhchap_key as single buffer nvme-auth: use transformed key size to create resp nvme-auth: allow mixing of secret and hash lengths drivers/nvme/common/auth.c | 68 ++++++++++++++++++++++---------------- drivers/nvme/host/auth.c | 30 ++++++++--------- drivers/nvme/target/auth.c | 31 +++++++++-------- include/linux/nvme-auth.h | 7 ++-- 4 files changed, 76 insertions(+), 60 deletions(-)
Comments
Queued up for nvme-6.7, thanks!