tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nvme-auth: host: use crypto library in nvme_auth_dhchap_setup_ctrl_response()

For the HMAC computation in nvme_auth_dhchap_setup_ctrl_response(), use
the crypto library instead of crypto_shash. This is simpler, faster,
and more reliable.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Keith Busch <kbusch@kernel.org>

authored by

Eric Biggers and committed by
Keith Busch c4f216c2 6be8d3f0

+21 -35
+21 -35
drivers/nvme/host/auth.c
··· 504 504 static int nvme_auth_dhchap_setup_ctrl_response(struct nvme_ctrl *ctrl, 505 505 struct nvme_dhchap_queue_context *chap) 506 506 { 507 - SHASH_DESC_ON_STACK(shash, chap->shash_tfm); 507 + struct nvme_auth_hmac_ctx hmac; 508 508 struct nvme_dhchap_key *transformed_key; 509 509 u8 buf[4], *challenge = chap->c2; 510 510 int ret; ··· 516 516 return ret; 517 517 } 518 518 519 - ret = crypto_shash_setkey(chap->shash_tfm, 520 - transformed_key->key, transformed_key->len); 519 + ret = nvme_auth_hmac_init(&hmac, chap->hash_id, transformed_key->key, 520 + transformed_key->len); 521 521 if (ret) { 522 - dev_warn(ctrl->device, "qid %d: failed to set key, error %d\n", 522 + dev_warn(ctrl->device, "qid %d: failed to init hmac, error %d\n", 523 523 chap->qid, ret); 524 524 goto out; 525 525 } ··· 546 546 __func__, chap->qid, ctrl->opts->subsysnqn); 547 547 dev_dbg(ctrl->device, "%s: qid %d hostnqn %s\n", 548 548 __func__, chap->qid, ctrl->opts->host->nqn); 549 - shash->tfm = chap->shash_tfm; 550 - ret = crypto_shash_init(shash); 551 - if (ret) 552 - goto out; 553 - ret = crypto_shash_update(shash, challenge, chap->hash_len); 554 - if (ret) 555 - goto out; 549 + 550 + nvme_auth_hmac_update(&hmac, challenge, chap->hash_len); 551 + 556 552 put_unaligned_le32(chap->s2, buf); 557 - ret = crypto_shash_update(shash, buf, 4); 558 - if (ret) 559 - goto out; 553 + nvme_auth_hmac_update(&hmac, buf, 4); 554 + 560 555 put_unaligned_le16(chap->transaction, buf); 561 - ret = crypto_shash_update(shash, buf, 2); 562 - if (ret) 563 - goto out; 556 + nvme_auth_hmac_update(&hmac, buf, 2); 557 + 564 558 memset(buf, 0, 4); 565 - ret = crypto_shash_update(shash, buf, 1); 566 - if (ret) 567 - goto out; 568 - ret = crypto_shash_update(shash, "Controller", 10); 569 - if (ret) 570 - goto out; 571 - ret = crypto_shash_update(shash, ctrl->opts->subsysnqn, 572 - strlen(ctrl->opts->subsysnqn)); 573 - if (ret) 574 - goto out; 575 - ret = crypto_shash_update(shash, buf, 1); 576 - if (ret) 577 - goto out; 578 - ret = crypto_shash_update(shash, ctrl->opts->host->nqn, 579 - strlen(ctrl->opts->host->nqn)); 580 - if (ret) 581 - goto out; 582 - ret = crypto_shash_final(shash, chap->response); 559 + nvme_auth_hmac_update(&hmac, buf, 1); 560 + nvme_auth_hmac_update(&hmac, "Controller", 10); 561 + nvme_auth_hmac_update(&hmac, ctrl->opts->subsysnqn, 562 + strlen(ctrl->opts->subsysnqn)); 563 + nvme_auth_hmac_update(&hmac, buf, 1); 564 + nvme_auth_hmac_update(&hmac, ctrl->opts->host->nqn, 565 + strlen(ctrl->opts->host->nqn)); 566 + nvme_auth_hmac_final(&hmac, chap->response); 567 + ret = 0; 583 568 out: 584 569 if (challenge != chap->c2) 585 570 kfree(challenge); 571 + memzero_explicit(&hmac, sizeof(hmac)); 586 572 nvme_auth_free_key(transformed_key); 587 573 return ret; 588 574 }