tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nvme-auth: common: use crypto library in nvme_auth_generate_digest()

For the HMAC computation in nvme_auth_generate_digest(), use the crypto
library instead of crypto_shash. This is simpler, faster, and more
reliable. Notably, this eliminates the crypto transformation object
allocation for every call, which was very slow.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Keith Busch <kbusch@kernel.org>

authored by

Eric Biggers and committed by
Keith Busch 0002764c be01b841

+24 -61
+24 -61
drivers/nvme/common/auth.c
··· 561 561 const char *subsysnqn, const char *hostnqn, 562 562 char **ret_digest) 563 563 { 564 - struct crypto_shash *tfm; 565 - SHASH_DESC_ON_STACK(shash, tfm); 566 - u8 *digest; 564 + struct nvme_auth_hmac_ctx hmac; 565 + u8 digest[NVME_AUTH_MAX_DIGEST_SIZE]; 566 + size_t hash_len = nvme_auth_hmac_hash_len(hmac_id); 567 567 char *enc; 568 - const char *hmac_name; 569 - size_t digest_len, hmac_len; 568 + size_t enc_len; 570 569 int ret; 571 570 572 571 if (WARN_ON(!subsysnqn || !hostnqn)) 573 572 return -EINVAL; 574 573 575 - hmac_name = nvme_auth_hmac_name(hmac_id); 576 - if (!hmac_name) { 574 + if (hash_len == 0) { 577 575 pr_warn("%s: invalid hash algorithm %d\n", 578 576 __func__, hmac_id); 579 577 return -EINVAL; 580 578 } 581 579 582 - switch (nvme_auth_hmac_hash_len(hmac_id)) { 580 + switch (hash_len) { 583 581 case 32: 584 - hmac_len = 44; 582 + enc_len = 44; 585 583 break; 586 584 case 48: 587 - hmac_len = 64; 585 + enc_len = 64; 588 586 break; 589 587 default: 590 588 pr_warn("%s: invalid hash algorithm '%s'\n", 591 - __func__, hmac_name); 589 + __func__, nvme_auth_hmac_name(hmac_id)); 592 590 return -EINVAL; 593 591 } 594 592 595 - enc = kzalloc(hmac_len + 1, GFP_KERNEL); 596 - if (!enc) 597 - return -ENOMEM; 598 - 599 - tfm = crypto_alloc_shash(hmac_name, 0, 0); 600 - if (IS_ERR(tfm)) { 601 - ret = PTR_ERR(tfm); 602 - goto out_free_enc; 603 - } 604 - 605 - digest_len = crypto_shash_digestsize(tfm); 606 - digest = kzalloc(digest_len, GFP_KERNEL); 607 - if (!digest) { 593 + enc = kzalloc(enc_len + 1, GFP_KERNEL); 594 + if (!enc) { 608 595 ret = -ENOMEM; 609 - goto out_free_tfm; 596 + goto out; 610 597 } 611 598 612 - shash->tfm = tfm; 613 - ret = crypto_shash_setkey(tfm, psk, psk_len); 599 + ret = nvme_auth_hmac_init(&hmac, hmac_id, psk, psk_len); 614 600 if (ret) 615 - goto out_free_digest; 601 + goto out; 602 + nvme_auth_hmac_update(&hmac, hostnqn, strlen(hostnqn)); 603 + nvme_auth_hmac_update(&hmac, " ", 1); 604 + nvme_auth_hmac_update(&hmac, subsysnqn, strlen(subsysnqn)); 605 + nvme_auth_hmac_update(&hmac, " NVMe-over-Fabrics", 18); 606 + nvme_auth_hmac_final(&hmac, digest); 616 607 617 - ret = crypto_shash_init(shash); 618 - if (ret) 619 - goto out_free_digest; 620 - 621 - ret = crypto_shash_update(shash, hostnqn, strlen(hostnqn)); 622 - if (ret) 623 - goto out_free_digest; 624 - 625 - ret = crypto_shash_update(shash, " ", 1); 626 - if (ret) 627 - goto out_free_digest; 628 - 629 - ret = crypto_shash_update(shash, subsysnqn, strlen(subsysnqn)); 630 - if (ret) 631 - goto out_free_digest; 632 - 633 - ret = crypto_shash_update(shash, " NVMe-over-Fabrics", 18); 634 - if (ret) 635 - goto out_free_digest; 636 - 637 - ret = crypto_shash_final(shash, digest); 638 - if (ret) 639 - goto out_free_digest; 640 - 641 - ret = base64_encode(digest, digest_len, enc, true, BASE64_STD); 642 - if (ret < hmac_len) { 608 + ret = base64_encode(digest, hash_len, enc, true, BASE64_STD); 609 + if (ret < enc_len) { 643 610 ret = -ENOKEY; 644 - goto out_free_digest; 611 + goto out; 645 612 } 646 613 *ret_digest = enc; 647 614 ret = 0; 648 615 649 - out_free_digest: 650 - kfree_sensitive(digest); 651 - out_free_tfm: 652 - crypto_free_shash(tfm); 653 - out_free_enc: 616 + out: 654 617 if (ret) 655 618 kfree_sensitive(enc); 656 - 619 + memzero_explicit(digest, sizeof(digest)); 657 620 return ret; 658 621 } 659 622 EXPORT_SYMBOL_GPL(nvme_auth_generate_digest);