tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nvme-auth: host: use crypto library in nvme_auth_dhchap_setup_host_response()

For the HMAC computation in nvme_auth_dhchap_setup_host_response(), use
the crypto library instead of crypto_shash. This is simpler, faster,
and more reliable.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Keith Busch <kbusch@kernel.org>

authored by

Eric Biggers and committed by
Keith Busch 6be8d3f0 d126cbaa

+21 -38
+21 -38
drivers/nvme/host/auth.c
··· 434 434 static int nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl, 435 435 struct nvme_dhchap_queue_context *chap) 436 436 { 437 - SHASH_DESC_ON_STACK(shash, chap->shash_tfm); 437 + struct nvme_auth_hmac_ctx hmac; 438 438 u8 buf[4], *challenge = chap->c1; 439 439 int ret; 440 440 ··· 454 454 __func__, chap->qid); 455 455 } 456 456 457 - ret = crypto_shash_setkey(chap->shash_tfm, 458 - chap->transformed_key->key, chap->transformed_key->len); 459 - if (ret) { 460 - dev_warn(ctrl->device, "qid %d: failed to set key, error %d\n", 461 - chap->qid, ret); 457 + ret = nvme_auth_hmac_init(&hmac, chap->hash_id, 458 + chap->transformed_key->key, 459 + chap->transformed_key->len); 460 + if (ret) 462 461 goto out; 463 - } 464 462 465 463 if (chap->dh_tfm) { 466 464 challenge = kmalloc(chap->hash_len, GFP_KERNEL); ··· 475 477 goto out; 476 478 } 477 479 478 - shash->tfm = chap->shash_tfm; 479 - ret = crypto_shash_init(shash); 480 - if (ret) 481 - goto out; 482 - ret = crypto_shash_update(shash, challenge, chap->hash_len); 483 - if (ret) 484 - goto out; 480 + nvme_auth_hmac_update(&hmac, challenge, chap->hash_len); 481 + 485 482 put_unaligned_le32(chap->s1, buf); 486 - ret = crypto_shash_update(shash, buf, 4); 487 - if (ret) 488 - goto out; 483 + nvme_auth_hmac_update(&hmac, buf, 4); 484 + 489 485 put_unaligned_le16(chap->transaction, buf); 490 - ret = crypto_shash_update(shash, buf, 2); 491 - if (ret) 492 - goto out; 486 + nvme_auth_hmac_update(&hmac, buf, 2); 487 + 493 488 *buf = chap->sc_c; 494 - ret = crypto_shash_update(shash, buf, 1); 495 - if (ret) 496 - goto out; 497 - ret = crypto_shash_update(shash, "HostHost", 8); 498 - if (ret) 499 - goto out; 500 - ret = crypto_shash_update(shash, ctrl->opts->host->nqn, 501 - strlen(ctrl->opts->host->nqn)); 502 - if (ret) 503 - goto out; 489 + nvme_auth_hmac_update(&hmac, buf, 1); 490 + nvme_auth_hmac_update(&hmac, "HostHost", 8); 491 + nvme_auth_hmac_update(&hmac, ctrl->opts->host->nqn, 492 + strlen(ctrl->opts->host->nqn)); 504 493 memset(buf, 0, sizeof(buf)); 505 - ret = crypto_shash_update(shash, buf, 1); 506 - if (ret) 507 - goto out; 508 - ret = crypto_shash_update(shash, ctrl->opts->subsysnqn, 509 - strlen(ctrl->opts->subsysnqn)); 510 - if (ret) 511 - goto out; 512 - ret = crypto_shash_final(shash, chap->response); 494 + nvme_auth_hmac_update(&hmac, buf, 1); 495 + nvme_auth_hmac_update(&hmac, ctrl->opts->subsysnqn, 496 + strlen(ctrl->opts->subsysnqn)); 497 + nvme_auth_hmac_final(&hmac, chap->response); 498 + ret = 0; 513 499 out: 514 500 if (challenge != chap->c1) 515 501 kfree(challenge); 502 + memzero_explicit(&hmac, sizeof(hmac)); 516 503 return ret; 517 504 } 518 505