tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nvme-auth: common: use crypto library in nvme_auth_augmented_challenge()

For the hash and HMAC computations in nvme_auth_augmented_challenge(),
use the crypto library instead of crypto_shash. This is simpler,
faster, and more reliable. Notably, this eliminates two crypto
transformation object allocations for every call, which was very slow.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Keith Busch <kbusch@kernel.org>

authored by

Eric Biggers and committed by
Keith Busch a67d096f 092c05f8

+36 -60
+36 -60
drivers/nvme/common/auth.c
··· 300 300 } 301 301 EXPORT_SYMBOL_GPL(nvme_auth_hmac_final); 302 302 303 + static int nvme_auth_hmac(u8 hmac_id, const u8 *key, size_t key_len, 304 + const u8 *data, size_t data_len, u8 *out) 305 + { 306 + struct nvme_auth_hmac_ctx hmac; 307 + int ret; 308 + 309 + ret = nvme_auth_hmac_init(&hmac, hmac_id, key, key_len); 310 + if (ret == 0) { 311 + nvme_auth_hmac_update(&hmac, data, data_len); 312 + nvme_auth_hmac_final(&hmac, out); 313 + } 314 + return ret; 315 + } 316 + 317 + static int nvme_auth_hash(u8 hmac_id, const u8 *data, size_t data_len, u8 *out) 318 + { 319 + switch (hmac_id) { 320 + case NVME_AUTH_HASH_SHA256: 321 + sha256(data, data_len, out); 322 + return 0; 323 + case NVME_AUTH_HASH_SHA384: 324 + sha384(data, data_len, out); 325 + return 0; 326 + case NVME_AUTH_HASH_SHA512: 327 + sha512(data, data_len, out); 328 + return 0; 329 + } 330 + pr_warn("%s: invalid hash algorithm %d\n", __func__, hmac_id); 331 + return -EINVAL; 332 + } 333 + 303 334 struct nvme_dhchap_key *nvme_auth_transform_key( 304 335 const struct nvme_dhchap_key *key, const char *nqn) 305 336 { ··· 365 334 } 366 335 EXPORT_SYMBOL_GPL(nvme_auth_transform_key); 367 336 368 - static int nvme_auth_hash_skey(int hmac_id, const u8 *skey, size_t skey_len, 369 - u8 *hkey) 370 - { 371 - const char *digest_name; 372 - struct crypto_shash *tfm; 373 - int ret; 374 - 375 - digest_name = nvme_auth_digest_name(hmac_id); 376 - if (!digest_name) { 377 - pr_debug("%s: failed to get digest for %d\n", __func__, 378 - hmac_id); 379 - return -EINVAL; 380 - } 381 - tfm = crypto_alloc_shash(digest_name, 0, 0); 382 - if (IS_ERR(tfm)) 383 - return -ENOMEM; 384 - 385 - ret = crypto_shash_tfm_digest(tfm, skey, skey_len, hkey); 386 - if (ret < 0) 387 - pr_debug("%s: Failed to hash digest len %zu\n", __func__, 388 - skey_len); 389 - 390 - crypto_free_shash(tfm); 391 - return ret; 392 - } 393 - 394 337 int nvme_auth_augmented_challenge(u8 hmac_id, const u8 *skey, size_t skey_len, 395 338 const u8 *challenge, u8 *aug, size_t hlen) 396 339 { 397 - struct crypto_shash *tfm; 398 - u8 *hashed_key; 399 - const char *hmac_name; 340 + u8 hashed_key[NVME_AUTH_MAX_DIGEST_SIZE]; 400 341 int ret; 401 342 402 - hashed_key = kmalloc(hlen, GFP_KERNEL); 403 - if (!hashed_key) 404 - return -ENOMEM; 405 - 406 - ret = nvme_auth_hash_skey(hmac_id, skey, 407 - skey_len, hashed_key); 408 - if (ret < 0) 409 - goto out_free_key; 410 - 411 - hmac_name = nvme_auth_hmac_name(hmac_id); 412 - if (!hmac_name) { 413 - pr_warn("%s: invalid hash algorithm %d\n", 414 - __func__, hmac_id); 415 - ret = -EINVAL; 416 - goto out_free_key; 417 - } 418 - 419 - tfm = crypto_alloc_shash(hmac_name, 0, 0); 420 - if (IS_ERR(tfm)) { 421 - ret = PTR_ERR(tfm); 422 - goto out_free_key; 423 - } 424 - 425 - ret = crypto_shash_setkey(tfm, hashed_key, hlen); 343 + ret = nvme_auth_hash(hmac_id, skey, skey_len, hashed_key); 426 344 if (ret) 427 - goto out_free_hash; 428 - 429 - ret = crypto_shash_tfm_digest(tfm, challenge, hlen, aug); 430 - out_free_hash: 431 - crypto_free_shash(tfm); 432 - out_free_key: 433 - kfree_sensitive(hashed_key); 345 + return ret; 346 + ret = nvme_auth_hmac(hmac_id, hashed_key, hlen, challenge, hlen, aug); 347 + memzero_explicit(hashed_key, sizeof(hashed_key)); 434 348 return ret; 435 349 } 436 350 EXPORT_SYMBOL_GPL(nvme_auth_augmented_challenge);