tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nvme-auth: common: use crypto library in nvme_auth_generate_psk()

For the HMAC computation in nvme_auth_generate_psk(), use the crypto
library instead of crypto_shash. This is simpler, faster, and more
reliable. Notably, this eliminates the crypto transformation object
allocation for every call, which was very slow.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Keith Busch <kbusch@kernel.org>

authored by

Eric Biggers and committed by
Keith Busch be01b841 a67d096f

+14 -49
+14 -49
drivers/nvme/common/auth.c
··· 497 497 const u8 *c1, const u8 *c2, size_t hash_len, 498 498 u8 **ret_psk, size_t *ret_len) 499 499 { 500 - struct crypto_shash *tfm; 501 - SHASH_DESC_ON_STACK(shash, tfm); 500 + size_t psk_len = nvme_auth_hmac_hash_len(hmac_id); 501 + struct nvme_auth_hmac_ctx hmac; 502 502 u8 *psk; 503 - const char *hmac_name; 504 - int ret, psk_len; 503 + int ret; 505 504 506 505 if (!c1 || !c2) 507 506 return -EINVAL; 508 507 509 - hmac_name = nvme_auth_hmac_name(hmac_id); 510 - if (!hmac_name) { 511 - pr_warn("%s: invalid hash algorithm %d\n", 512 - __func__, hmac_id); 513 - return -EINVAL; 514 - } 515 - 516 - tfm = crypto_alloc_shash(hmac_name, 0, 0); 517 - if (IS_ERR(tfm)) 518 - return PTR_ERR(tfm); 519 - 520 - psk_len = crypto_shash_digestsize(tfm); 508 + ret = nvme_auth_hmac_init(&hmac, hmac_id, skey, skey_len); 509 + if (ret) 510 + return ret; 521 511 psk = kzalloc(psk_len, GFP_KERNEL); 522 512 if (!psk) { 523 - ret = -ENOMEM; 524 - goto out_free_tfm; 513 + memzero_explicit(&hmac, sizeof(hmac)); 514 + return -ENOMEM; 525 515 } 526 - 527 - shash->tfm = tfm; 528 - ret = crypto_shash_setkey(tfm, skey, skey_len); 529 - if (ret) 530 - goto out_free_psk; 531 - 532 - ret = crypto_shash_init(shash); 533 - if (ret) 534 - goto out_free_psk; 535 - 536 - ret = crypto_shash_update(shash, c1, hash_len); 537 - if (ret) 538 - goto out_free_psk; 539 - 540 - ret = crypto_shash_update(shash, c2, hash_len); 541 - if (ret) 542 - goto out_free_psk; 543 - 544 - ret = crypto_shash_final(shash, psk); 545 - if (!ret) { 546 - *ret_psk = psk; 547 - *ret_len = psk_len; 548 - } 549 - 550 - out_free_psk: 551 - if (ret) 552 - kfree_sensitive(psk); 553 - out_free_tfm: 554 - crypto_free_shash(tfm); 555 - 556 - return ret; 516 + nvme_auth_hmac_update(&hmac, c1, hash_len); 517 + nvme_auth_hmac_update(&hmac, c2, hash_len); 518 + nvme_auth_hmac_final(&hmac, psk); 519 + *ret_psk = psk; 520 + *ret_len = psk_len; 521 + return 0; 557 522 } 558 523 EXPORT_SYMBOL_GPL(nvme_auth_generate_psk); 559 524