| Message ID | 20231017170919.30358-4-shiftee@posteo.net |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id
ib8csp4281807vqb;
Tue, 17 Oct 2023 10:11:02 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IFD5AEEeP+kQ1kqCt3gJXmvXwp3lu0SZmw9q4Kk7oABBzSknEb2uXTmtRbjUgEk+4t7BJkS
X-Received: by 2002:a17:90b:3906:b0:27d:1593:2b0b with SMTP id
ob6-20020a17090b390600b0027d15932b0bmr3053982pjb.0.1697562662524;
Tue, 17 Oct 2023 10:11:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697562662; cv=none;
d=google.com; s=arc-20160816;
b=NkVlw8VVC4v+PEongOxCYAFcvR7WGyld2TSSppbZeyoFLXvKjxR7O01WIxUlwSGpT2
LYliR+xUqxEdtHUausT09qG/p/0RBMdRS6b+sr/cYty4JUbX6rh69ptWQ9ejK4rCE1ps
NBkg9OEi9/C3UkGRRgIAN/fw5QUVld439eCoxjqpt0+SdGxfwzVr7VjiwYOfhBHjnIug
oG/ZTiWJst7PicUCC4g4cjdpWDUevQ7zD627+l0Hyo17Pd1qBf4i07ptTbOCvsSrricn
UuYuvwgR2M2N2SiTpw6Ia/YZm6FAqdodPUnHrkn8PeOid5R/wUfB7SoXh9WhCPdyzSie
2R4g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=1CjRhlbtf72LlTj1tReTtOMU4yLQZpKUBea6K5hsqBE=;
fh=OK6NlIuxAObXnbB+YsmCJIFQ9spAlQ71xiCElZ04Vio=;
b=W3ZtSdXu36AaU5En1V+W0EKylrQaRAUWuAHufks+w5CxmzlaywkXEzqFFL/8QOhA/E
f0XyPn7MvqMFp+dZqmARnuOeGgMlHpPFl4k4r2dQikJrc3l329l9hJF9NLkKw5hsiobY
z6UCXltqaGpNNaALbN34YjsS1XbRMhqNbf5xtLW7KhW8RkflPy2b5XXlTphkAwSTxyIs
lmUS+UrU5AxsUZQ/ddUqFIqHkCsIEmvcUr/YcsR5FiZbPuximJQ2bMDHJwMHC61YbsX+
3TeSewhwuo+T7I2kCHltb8cD11AsLJQk3tklq23rvqY3DvbMJ3Iv81aYk5bG4iqyDyd0
QVPQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@posteo.net header.s=2017 header.b="qpTo/dRW";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:6 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=posteo.net
Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6])
by mx.google.com with ESMTPS id
l1-20020a656801000000b00573f786103dsi175741pgt.754.2023.10.17.10.11.02
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 17 Oct 2023 10:11:02 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:6 as permitted sender)
client-ip=2620:137:e000::3:6;
Authentication-Results: mx.google.com;
dkim=pass header.i=@posteo.net header.s=2017 header.b="qpTo/dRW";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:6 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=posteo.net
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by pete.vger.email (Postfix) with ESMTP id C36A18076D08;
Tue, 17 Oct 2023 10:10:14 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1343939AbjJQRJx (ORCPT <rfc822;hjfbswb@gmail.com> + 20 others);
Tue, 17 Oct 2023 13:09:53 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56714 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1343863AbjJQRJp (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 17 Oct 2023 13:09:45 -0400
Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.66])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4913ABA
for <linux-kernel@vger.kernel.org>;
Tue, 17 Oct 2023 10:09:41 -0700 (PDT)
Received: from submission (posteo.de [185.67.36.169])
by mout02.posteo.de (Postfix) with ESMTPS id D0F22240105
for <linux-kernel@vger.kernel.org>;
Tue, 17 Oct 2023 19:09:39 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017;
t=1697562579; bh=VhFfYCOEPT+rQAMLdIS9Syy14aQ3ZPiksMBM2z4L0Z8=;
h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:
Content-Transfer-Encoding:From;
b=qpTo/dRWSsIHISjTrVctNufscbV1CNniMJ5LjgwNIqzQmVsyuV75LwZwNF2sAyTQD
eiLz2YtLOgM/2HFraFk3p94m8k5HWtfMBhm50TXMAnu147Fu5Wd50XZEyuK4rjpuRl
qLlUNJ0FwUDgL5f7/ROIPoo1Ry6Gf1KjmWbnHBtay30GIuH1YJkxb2mIF/qdpunegh
W+bjIY913fRHySr082FMt0L+gf634GXU191Bp2NmU/fUm131NA1V/R6JAoQQkDuwtY
0fw/TfGOIFmNfJchUQlSD/Ay5kofCZ6/e1M+bg4AuCqRg8pqWbwm1d6kT/FE66k6u6
DGGIhfsvjZzeQ==
Received: from customer (localhost [127.0.0.1])
by submission (posteo.de) with ESMTPSA id 4S90pB2sFMz9rxW;
Tue, 17 Oct 2023 19:09:38 +0200 (CEST)
From: Mark O'Donovan <shiftee@posteo.net>
To: linux-kernel@vger.kernel.org
Cc: linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de,
axboe@kernel.dk, kbusch@kernel.org, hare@suse.de,
Mark O'Donovan <shiftee@posteo.net>,
Akash Appaiah <Akash.Appaiah@dell.com>
Subject: [PATCH v5 3/3] nvme-auth: allow mixing of secret and hash lengths
Date: Tue, 17 Oct 2023 17:09:19 +0000
Message-Id: <20231017170919.30358-4-shiftee@posteo.net>
In-Reply-To: <20231017170919.30358-1-shiftee@posteo.net>
References: <20231017170919.30358-1-shiftee@posteo.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]);
Tue, 17 Oct 2023 10:10:14 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1780023466336248979
X-GMAIL-MSGID: 1780023466336248979
|
| Series |
Remove secret-size restrictions for hashes
|
|
Commit Message
Mark O'Donovan
Oct. 17, 2023, 5:09 p.m. UTC
We can now use any of the secret transformation hashes with a secret, regardless of the secret size. e.g. a 32 byte key with the SHA-512(64 byte) hash. The example secret from the spec should now be permitted with any of the following: DHHC-1:00:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:01:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:02:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:03:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: Note: Secrets are still restricted to 32,48 or 64 bits. Co-developed-by: Akash Appaiah <Akash.Appaiah@dell.com> Signed-off-by: Akash Appaiah <Akash.Appaiah@dell.com> Signed-off-by: Mark O'Donovan <shiftee@posteo.net> Reviewed-by: Hannes Reinecke <hare@suse.de> --- drivers/nvme/common/auth.c | 8 -------- 1 file changed, 8 deletions(-)
diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c index f954aeb647a5..a8e87dfbeab2 100644 --- a/drivers/nvme/common/auth.c +++ b/drivers/nvme/common/auth.c @@ -190,14 +190,6 @@ struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret, goto out_free_secret; } - if (key_hash > 0 && - (key_len - 4) != nvme_auth_hmac_hash_len(key_hash)) { - pr_err("Mismatched key len %d for %s\n", key_len, - nvme_auth_hmac_name(key_hash)); - ret = -EINVAL; - goto out_free_secret; - } - /* The last four bytes is the CRC in little-endian format */ key_len -= 4; /*