tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nvme-auth: use proper argument types

For input parameters, use pointer to const. This makes it easier to
understand which parameters are inputs and which are outputs.

In addition, consistently use char for strings and u8 for binary. This
makes it easier to understand what is a string and what is binary data.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Keith Busch <kbusch@kernel.org>

authored by

Eric Biggers and committed by
Keith Busch bf0e2567 e57406c0

+44 -39
+25 -22
drivers/nvme/common/auth.c
··· 159 159 } 160 160 EXPORT_SYMBOL_GPL(nvme_auth_key_struct_size); 161 161 162 - struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret, 163 - u8 key_hash) 162 + struct nvme_dhchap_key *nvme_auth_extract_key(const char *secret, u8 key_hash) 164 163 { 165 164 struct nvme_dhchap_key *key; 166 - unsigned char *p; 165 + const char *p; 167 166 u32 crc; 168 167 int ret, key_len; 169 168 size_t allocated_len = strlen(secret); ··· 180 181 pr_debug("base64 key decoding error %d\n", 181 182 key_len); 182 183 ret = key_len; 183 - goto out_free_secret; 184 + goto out_free_key; 184 185 } 185 186 186 187 if (key_len != 36 && key_len != 52 && 187 188 key_len != 68) { 188 189 pr_err("Invalid key len %d\n", key_len); 189 190 ret = -EINVAL; 190 - goto out_free_secret; 191 + goto out_free_key; 191 192 } 192 193 193 194 /* The last four bytes is the CRC in little-endian format */ ··· 202 203 pr_err("key crc mismatch (key %08x, crc %08x)\n", 203 204 get_unaligned_le32(key->key + key_len), crc); 204 205 ret = -EKEYREJECTED; 205 - goto out_free_secret; 206 + goto out_free_key; 206 207 } 207 208 key->len = key_len; 208 209 key->hash = key_hash; 209 210 return key; 210 - out_free_secret: 211 + out_free_key: 211 212 nvme_auth_free_key(key); 212 213 return ERR_PTR(ret); 213 214 } ··· 235 236 EXPORT_SYMBOL_GPL(nvme_auth_free_key); 236 237 237 238 struct nvme_dhchap_key *nvme_auth_transform_key( 238 - struct nvme_dhchap_key *key, char *nqn) 239 + const struct nvme_dhchap_key *key, const char *nqn) 239 240 { 240 241 const char *hmac_name; 241 242 struct crypto_shash *key_tfm; ··· 301 302 } 302 303 EXPORT_SYMBOL_GPL(nvme_auth_transform_key); 303 304 304 - static int nvme_auth_hash_skey(int hmac_id, u8 *skey, size_t skey_len, u8 *hkey) 305 + static int nvme_auth_hash_skey(int hmac_id, const u8 *skey, size_t skey_len, 306 + u8 *hkey) 305 307 { 306 308 const char *digest_name; 307 309 struct crypto_shash *tfm; ··· 327 327 return ret; 328 328 } 329 329 330 - int nvme_auth_augmented_challenge(u8 hmac_id, u8 *skey, size_t skey_len, 331 - u8 *challenge, u8 *aug, size_t hlen) 330 + int nvme_auth_augmented_challenge(u8 hmac_id, const u8 *skey, size_t skey_len, 331 + const u8 *challenge, u8 *aug, size_t hlen) 332 332 { 333 333 struct crypto_shash *tfm; 334 334 u8 *hashed_key; ··· 409 409 EXPORT_SYMBOL_GPL(nvme_auth_gen_pubkey); 410 410 411 411 int nvme_auth_gen_shared_secret(struct crypto_kpp *dh_tfm, 412 - u8 *ctrl_key, size_t ctrl_key_len, 412 + const u8 *ctrl_key, size_t ctrl_key_len, 413 413 u8 *sess_key, size_t sess_key_len) 414 414 { 415 415 struct kpp_request *req; ··· 436 436 } 437 437 EXPORT_SYMBOL_GPL(nvme_auth_gen_shared_secret); 438 438 439 - int nvme_auth_generate_key(u8 *secret, struct nvme_dhchap_key **ret_key) 439 + int nvme_auth_generate_key(const char *secret, struct nvme_dhchap_key **ret_key) 440 440 { 441 441 struct nvme_dhchap_key *key; 442 442 u8 key_hash; ··· 484 484 * Returns 0 on success with a valid generated PSK pointer in @ret_psk and 485 485 * the length of @ret_psk in @ret_len, or a negative error number otherwise. 486 486 */ 487 - int nvme_auth_generate_psk(u8 hmac_id, u8 *skey, size_t skey_len, 488 - u8 *c1, u8 *c2, size_t hash_len, u8 **ret_psk, size_t *ret_len) 487 + int nvme_auth_generate_psk(u8 hmac_id, const u8 *skey, size_t skey_len, 488 + const u8 *c1, const u8 *c2, size_t hash_len, 489 + u8 **ret_psk, size_t *ret_len) 489 490 { 490 491 struct crypto_shash *tfm; 491 492 SHASH_DESC_ON_STACK(shash, tfm); ··· 583 582 * Returns 0 on success with a valid digest pointer in @ret_digest, or a 584 583 * negative error number on failure. 585 584 */ 586 - int nvme_auth_generate_digest(u8 hmac_id, u8 *psk, size_t psk_len, 587 - char *subsysnqn, char *hostnqn, u8 **ret_digest) 585 + int nvme_auth_generate_digest(u8 hmac_id, const u8 *psk, size_t psk_len, 586 + const char *subsysnqn, const char *hostnqn, 587 + char **ret_digest) 588 588 { 589 589 struct crypto_shash *tfm; 590 590 SHASH_DESC_ON_STACK(shash, tfm); 591 - u8 *digest, *enc; 591 + u8 *digest; 592 + char *enc; 592 593 const char *hmac_name; 593 594 size_t digest_len, hmac_len; 594 595 int ret; ··· 764 761 * Returns 0 on success with a valid psk pointer in @ret_psk or a negative 765 762 * error number otherwise. 766 763 */ 767 - int nvme_auth_derive_tls_psk(int hmac_id, u8 *psk, size_t psk_len, 768 - u8 *psk_digest, u8 **ret_psk) 764 + int nvme_auth_derive_tls_psk(int hmac_id, const u8 *psk, size_t psk_len, 765 + const char *psk_digest, u8 **ret_psk) 769 766 { 770 767 struct crypto_shash *hmac_tfm; 771 768 const char *hmac_name; 772 769 const char *label = "nvme-tls-psk"; 773 - static const char default_salt[NVME_AUTH_MAX_DIGEST_SIZE]; 770 + static const u8 default_salt[NVME_AUTH_MAX_DIGEST_SIZE]; 774 771 size_t prk_len; 775 772 const char *ctx; 776 - unsigned char *prk, *tls_key; 773 + u8 *prk, *tls_key; 777 774 int ret; 778 775 779 776 hmac_name = nvme_auth_hmac_name(hmac_id);
+2 -1
drivers/nvme/host/auth.c
··· 708 708 static int nvme_auth_secure_concat(struct nvme_ctrl *ctrl, 709 709 struct nvme_dhchap_queue_context *chap) 710 710 { 711 - u8 *psk, *digest, *tls_psk; 711 + u8 *psk, *tls_psk; 712 + char *digest; 712 713 struct key *tls_key; 713 714 size_t psk_len; 714 715 int ret = 0;
+3 -2
drivers/nvme/target/auth.c
··· 531 531 } 532 532 533 533 int nvmet_auth_ctrl_sesskey(struct nvmet_req *req, 534 - u8 *pkey, int pkey_size) 534 + const u8 *pkey, int pkey_size) 535 535 { 536 536 struct nvmet_ctrl *ctrl = req->sq->ctrl; 537 537 int ret; ··· 557 557 void nvmet_auth_insert_psk(struct nvmet_sq *sq) 558 558 { 559 559 int hash_len = nvme_auth_hmac_hash_len(sq->ctrl->shash_id); 560 - u8 *psk, *digest, *tls_psk; 560 + u8 *psk, *tls_psk; 561 + char *digest; 561 562 size_t psk_len; 562 563 int ret; 563 564 #ifdef CONFIG_NVME_TARGET_TCP_TLS
+1 -1
drivers/nvme/target/nvmet.h
··· 912 912 int nvmet_auth_ctrl_exponential(struct nvmet_req *req, 913 913 u8 *buf, int buf_size); 914 914 int nvmet_auth_ctrl_sesskey(struct nvmet_req *req, 915 - u8 *buf, int buf_size); 915 + const u8 *pkey, int pkey_size); 916 916 void nvmet_auth_insert_psk(struct nvmet_sq *sq); 917 917 #else 918 918 static inline u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl,
+13 -13
include/linux/nvme-auth.h
··· 25 25 u8 nvme_auth_hmac_id(const char *hmac_name); 26 26 27 27 u32 nvme_auth_key_struct_size(u32 key_len); 28 - struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret, 29 - u8 key_hash); 28 + struct nvme_dhchap_key *nvme_auth_extract_key(const char *secret, u8 key_hash); 30 29 void nvme_auth_free_key(struct nvme_dhchap_key *key); 31 30 struct nvme_dhchap_key *nvme_auth_alloc_key(u32 len, u8 hash); 32 31 struct nvme_dhchap_key *nvme_auth_transform_key( 33 - struct nvme_dhchap_key *key, char *nqn); 34 - int nvme_auth_generate_key(u8 *secret, struct nvme_dhchap_key **ret_key); 35 - int nvme_auth_augmented_challenge(u8 hmac_id, u8 *skey, size_t skey_len, 36 - u8 *challenge, u8 *aug, size_t hlen); 32 + const struct nvme_dhchap_key *key, const char *nqn); 33 + int nvme_auth_generate_key(const char *secret, struct nvme_dhchap_key **ret_key); 34 + int nvme_auth_augmented_challenge(u8 hmac_id, const u8 *skey, size_t skey_len, 35 + const u8 *challenge, u8 *aug, size_t hlen); 37 36 int nvme_auth_gen_privkey(struct crypto_kpp *dh_tfm, u8 dh_gid); 38 37 int nvme_auth_gen_pubkey(struct crypto_kpp *dh_tfm, 39 38 u8 *host_key, size_t host_key_len); 40 39 int nvme_auth_gen_shared_secret(struct crypto_kpp *dh_tfm, 41 - u8 *ctrl_key, size_t ctrl_key_len, 40 + const u8 *ctrl_key, size_t ctrl_key_len, 42 41 u8 *sess_key, size_t sess_key_len); 43 - int nvme_auth_generate_psk(u8 hmac_id, u8 *skey, size_t skey_len, 44 - u8 *c1, u8 *c2, size_t hash_len, 42 + int nvme_auth_generate_psk(u8 hmac_id, const u8 *skey, size_t skey_len, 43 + const u8 *c1, const u8 *c2, size_t hash_len, 45 44 u8 **ret_psk, size_t *ret_len); 46 - int nvme_auth_generate_digest(u8 hmac_id, u8 *psk, size_t psk_len, 47 - char *subsysnqn, char *hostnqn, u8 **ret_digest); 48 - int nvme_auth_derive_tls_psk(int hmac_id, u8 *psk, size_t psk_len, 49 - u8 *psk_digest, u8 **ret_psk); 45 + int nvme_auth_generate_digest(u8 hmac_id, const u8 *psk, size_t psk_len, 46 + const char *subsysnqn, const char *hostnqn, 47 + char **ret_digest); 48 + int nvme_auth_derive_tls_psk(int hmac_id, const u8 *psk, size_t psk_len, 49 + const char *psk_digest, u8 **ret_psk); 50 50 51 51 #endif /* _NVME_AUTH_H */