tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nvme-auth: target: use crypto library in nvmet_auth_ctrl_hash()

For the HMAC computation in nvmet_auth_ctrl_hash(), use the crypto
library instead of crypto_shash. This is simpler, faster, and more
reliable. Notably, this eliminates the crypto transformation object
allocation for every call, which was very slow.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Keith Busch <kbusch@kernel.org>

authored by

Eric Biggers and committed by
Keith Busch 16977e77 e501533f

+25 -69
+25 -69
drivers/nvme/target/auth.c
··· 9 9 #include <linux/init.h> 10 10 #include <linux/slab.h> 11 11 #include <linux/err.h> 12 - #include <crypto/hash.h> 13 12 #include <linux/crc32.h> 14 13 #include <linux/base64.h> 15 14 #include <linux/ctype.h> ··· 355 356 int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *response, 356 357 unsigned int shash_len) 357 358 { 358 - struct crypto_shash *shash_tfm; 359 - struct shash_desc *shash; 359 + struct nvme_auth_hmac_ctx hmac; 360 360 struct nvmet_ctrl *ctrl = req->sq->ctrl; 361 - const char *hash_name; 362 361 u8 *challenge = req->sq->dhchap_c2; 363 362 struct nvme_dhchap_key *transformed_key; 364 363 u8 buf[4]; 365 364 int ret; 366 365 367 - hash_name = nvme_auth_hmac_name(ctrl->shash_id); 368 - if (!hash_name) { 369 - pr_warn("Hash ID %d invalid\n", ctrl->shash_id); 370 - return -EINVAL; 371 - } 372 - 373 - shash_tfm = crypto_alloc_shash(hash_name, 0, 0); 374 - if (IS_ERR(shash_tfm)) { 375 - pr_err("failed to allocate shash %s\n", hash_name); 376 - return PTR_ERR(shash_tfm); 377 - } 378 - 379 - if (shash_len != crypto_shash_digestsize(shash_tfm)) { 380 - pr_debug("%s: hash len mismatch (len %d digest %d)\n", 381 - __func__, shash_len, 382 - crypto_shash_digestsize(shash_tfm)); 383 - ret = -EINVAL; 384 - goto out_free_tfm; 385 - } 386 - 387 366 transformed_key = nvme_auth_transform_key(ctrl->ctrl_key, 388 367 ctrl->subsys->subsysnqn); 389 - if (IS_ERR(transformed_key)) { 390 - ret = PTR_ERR(transformed_key); 391 - goto out_free_tfm; 392 - } 368 + if (IS_ERR(transformed_key)) 369 + return PTR_ERR(transformed_key); 393 370 394 - ret = crypto_shash_setkey(shash_tfm, transformed_key->key, 371 + ret = nvme_auth_hmac_init(&hmac, ctrl->shash_id, transformed_key->key, 395 372 transformed_key->len); 396 373 if (ret) 397 374 goto out_free_response; 375 + 376 + if (shash_len != nvme_auth_hmac_hash_len(ctrl->shash_id)) { 377 + pr_err("%s: hash len mismatch (len %u digest %zu)\n", __func__, 378 + shash_len, nvme_auth_hmac_hash_len(ctrl->shash_id)); 379 + ret = -EINVAL; 380 + goto out_free_response; 381 + } 398 382 399 383 if (ctrl->dh_gid != NVME_AUTH_DHGROUP_NULL) { 400 384 challenge = kmalloc(shash_len, GFP_KERNEL); ··· 394 412 goto out_free_challenge; 395 413 } 396 414 397 - shash = kzalloc(sizeof(*shash) + crypto_shash_descsize(shash_tfm), 398 - GFP_KERNEL); 399 - if (!shash) { 400 - ret = -ENOMEM; 401 - goto out_free_challenge; 402 - } 403 - shash->tfm = shash_tfm; 415 + nvme_auth_hmac_update(&hmac, challenge, shash_len); 404 416 405 - ret = crypto_shash_init(shash); 406 - if (ret) 407 - goto out; 408 - ret = crypto_shash_update(shash, challenge, shash_len); 409 - if (ret) 410 - goto out; 411 417 put_unaligned_le32(req->sq->dhchap_s2, buf); 412 - ret = crypto_shash_update(shash, buf, 4); 413 - if (ret) 414 - goto out; 418 + nvme_auth_hmac_update(&hmac, buf, 4); 419 + 415 420 put_unaligned_le16(req->sq->dhchap_tid, buf); 416 - ret = crypto_shash_update(shash, buf, 2); 417 - if (ret) 418 - goto out; 421 + nvme_auth_hmac_update(&hmac, buf, 2); 422 + 419 423 memset(buf, 0, 4); 420 - ret = crypto_shash_update(shash, buf, 1); 421 - if (ret) 422 - goto out; 423 - ret = crypto_shash_update(shash, "Controller", 10); 424 - if (ret) 425 - goto out; 426 - ret = crypto_shash_update(shash, ctrl->subsys->subsysnqn, 427 - strlen(ctrl->subsys->subsysnqn)); 428 - if (ret) 429 - goto out; 430 - ret = crypto_shash_update(shash, buf, 1); 431 - if (ret) 432 - goto out; 433 - ret = crypto_shash_update(shash, ctrl->hostnqn, strlen(ctrl->hostnqn)); 434 - if (ret) 435 - goto out; 436 - ret = crypto_shash_final(shash, response); 437 - out: 438 - kfree(shash); 424 + nvme_auth_hmac_update(&hmac, buf, 1); 425 + nvme_auth_hmac_update(&hmac, "Controller", 10); 426 + nvme_auth_hmac_update(&hmac, ctrl->subsys->subsysnqn, 427 + strlen(ctrl->subsys->subsysnqn)); 428 + nvme_auth_hmac_update(&hmac, buf, 1); 429 + nvme_auth_hmac_update(&hmac, ctrl->hostnqn, strlen(ctrl->hostnqn)); 430 + nvme_auth_hmac_final(&hmac, response); 431 + ret = 0; 439 432 out_free_challenge: 440 433 if (challenge != req->sq->dhchap_c2) 441 434 kfree(challenge); 442 435 out_free_response: 436 + memzero_explicit(&hmac, sizeof(hmac)); 443 437 nvme_auth_free_key(transformed_key); 444 - out_free_tfm: 445 - crypto_free_shash(shash_tfm); 446 438 return ret; 447 439 } 448 440