Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp1489750rdg;
        Sat, 14 Oct 2023 04:41:50 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IGn/PtsByKU4KrBWcpVzaB+kpUiOVPPUgZFUC4AOy+8CYgi4KCOZMVPtmGw0+c52EHE7fnH
X-Received: by 2002:a5e:c90b:0:b0:776:fd07:3c96 with SMTP id z11-20020a5ec90b000000b00776fd073c96mr32638333iol.7.1697283710448;
        Sat, 14 Oct 2023 04:41:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697283710; cv=none;
        d=google.com; s=arc-20160816;
        b=oKOaUsLXT+X3PiD0ZLkBIFfKSlOOEKjP2rTXQfMq2609JpnVhkIfkyueSek+w8LHnl
         LzlcKJtvxA0JKHjhUegStViAFHpoCjpm6sKmkEPEUuoa4Q8FVHlW6PGxBPJQigSzsb2H
         s7+SeBXIXsTkL+cFchOPUpxu8MlTwBde6VDZ7xXJ1rmmSLe2bjUbzK/C4gglGON9J93d
         1JC2rnpnEWQ05tN/ortejZxRHVqJzPD9mUt6edmTzFTSfQCxy4aN11Yo5prnbvuDy2Gw
         nBNiIeVUXUEb1WJi6EB7tIkkehxrjRhmwEgJXmoJWnHC7rU9ykREUVZJzrJflchJeANY
         45Ew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:user-agent:mime-version
         :date:message-id:dkim-signature:dkim-signature;
        bh=Y9uZ51ZUb5gL4y/Lhq+1cbuZunfyPPyvTfq17MbiPl8=;
        fh=vJZB2aV+cB+txuIVrz7D2XJQZdKuuVcQYg//KHgChho=;
        b=urmaaGO7qCCUQjNSkm3XivAkh8LuClCzEEb5uJBmPFJOn+hqtphqHKmITDdScveGHq
         Wjm/jGyMBbn2KXVpZf7rEOW0eZmPkIZRfDKmz2VuomnkxqtdpKaU2tCyVR8OfV8K3/TM
         6EJL+P+Ww8YDnOLJ/j6ZKsx3kkdzjSJN044Rr9nl/OHBILz4VGSG7myEKfJ/hexH2X/n
         WS060cI8M6Nwv+aLJqe3zgYXBl6XrRVgcsG6n1KTiH+QypDhDHl2EzpO4icyk2V1fQwx
         ElHR2bS5MoAweBqtaZo5iyvtTShwtYCdArOYvCb47oDJozxt3iRgJQqtuJU8ccqXlbin
         PsGQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=KMi9ugVk;
       dkim=neutral (no key) header.i=@suse.de;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7])
        by mx.google.com with ESMTPS id e4-20020a636904000000b005b3e6867a01si327265pgc.427.2023.10.14.04.41.50
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 14 Oct 2023 04:41:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=KMi9ugVk;
       dkim=neutral (no key) header.i=@suse.de;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by snail.vger.email (Postfix) with ESMTP id 98B71802FBA2;
	Sat, 14 Oct 2023 04:41:49 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233173AbjJNLlr (ORCPT <rfc822;tarbal@gmail.com> + 99 others);
        Sat, 14 Oct 2023 07:41:47 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33032 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233183AbjJNLlo (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 14 Oct 2023 07:41:44 -0400
Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C152BDA
        for <linux-kernel@vger.kernel.org>; Sat, 14 Oct 2023 04:41:39 -0700 (PDT)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by smtp-out1.suse.de (Postfix) with ESMTPS id 0DDE921A99;
        Sat, 14 Oct 2023 11:41:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
        t=1697283698; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=Y9uZ51ZUb5gL4y/Lhq+1cbuZunfyPPyvTfq17MbiPl8=;
        b=KMi9ugVkDPC+8MgANOzVmNvZv+4MdqoxeIuFxiHS8RBVaASoawOwgRLLtA3Llf419h5gSe
        tzHz/p1c4cf/7uQ5ncnj2XKKI+HU3UjTAf2f9IPqztdVdehU3IkQy5uVUAx0fBGHGa0U9K
        1jzTplltV9Vi9b89GKkM8H+pn2KLkrk=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
        s=susede2_ed25519; t=1697283698;
        h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=Y9uZ51ZUb5gL4y/Lhq+1cbuZunfyPPyvTfq17MbiPl8=;
        b=GQWDRth9A5gxQOmTOsERHf1BKbyHpVz1ypNdqyreaHSb75yHcN+eQjUbdLJy7DG0uByLnQ
        lqXCZE8JIbQG9VBg==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 8F4091377D;
        Sat, 14 Oct 2023 11:41:37 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id eLy+IHF+KmWzNAAAMHmgww
        (envelope-from <hare@suse.de>); Sat, 14 Oct 2023 11:41:37 +0000
Message-ID: <ed5dd7d7-9795-40fe-bc4a-5bf4e99f9266@suse.de>
Date:   Sat, 14 Oct 2023 13:41:38 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH 2/2] nvme-auth: allow mixing of secret and hash lengths
Content-Language: en-US
To:     Mark O'Donovan <shiftee@posteo.net>, linux-kernel@vger.kernel.org
Cc:     linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de,
        axboe@kernel.dk, kbusch@kernel.org,
        Akash Appaiah <Akash.Appaiah@dell.com>
References: <20231013202827.2262708-1-shiftee@posteo.net>
 <20231013202827.2262708-3-shiftee@posteo.net>
From:   Hannes Reinecke <hare@suse.de>
In-Reply-To: <20231013202827.2262708-3-shiftee@posteo.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Authentication-Results: smtp-out1.suse.de;
        none
X-Spam-Level: 
X-Spam-Score: -9.70
X-Spamd-Result: default: False [-9.70 / 50.00];
         ARC_NA(0.00)[];
         RCVD_VIA_SMTP_AUTH(0.00)[];
         XM_UA_NO_VERSION(0.01)[];
         FROM_HAS_DN(0.00)[];
         TO_DN_SOME(0.00)[];
         TO_MATCH_ENVRCPT_ALL(0.00)[];
         BAYES_HAM(-1.61)[92.49%];
         MIME_GOOD(-0.10)[text/plain];
         REPLY(-4.00)[];
         NEURAL_HAM_LONG(-3.00)[-1.000];
         DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];
         NEURAL_HAM_SHORT(-1.00)[-1.000];
         RCPT_COUNT_SEVEN(0.00)[8];
         FROM_EQ_ENVFROM(0.00)[];
         MIME_TRACE(0.00)[0:+];
         RCVD_COUNT_TWO(0.00)[2];
         RCVD_TLS_ALL(0.00)[];
         MID_RHS_MATCH_FROM(0.00)[]
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Sat, 14 Oct 2023 04:41:49 -0700 (PDT)

On 10/13/23 22:28, Mark O'Donovan wrote:
> We can now use any of the secret transformation hashes with a
> secret, regardless of the secret size.
> e.g. a 32 byte key with the SHA-512(64 byte) hash.
> 
> The example secret from the spec should now be permitted with
> any of the following:
> DHHC-1:00:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n:
> DHHC-1:01:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n:
> DHHC-1:02:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n:
> DHHC-1:03:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n:
> 
> Note: Secrets are still restricted to 32,48 or 64 bits.
> 
> Co-developed-by: Akash Appaiah <Akash.Appaiah@dell.com>
> Signed-off-by: Akash Appaiah <Akash.Appaiah@dell.com>
> Signed-off-by: Mark O'Donovan <shiftee@posteo.net>
> ---
>   drivers/nvme/common/auth.c | 8 --------
>   1 file changed, 8 deletions(-)
> 
> diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c
> index d90e4f0c08b7..176855f86f0d 100644
> --- a/drivers/nvme/common/auth.c
> +++ b/drivers/nvme/common/auth.c
> @@ -187,14 +187,6 @@ struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret,
>   		goto out_free_secret;
>   	}
>   
> -	if (key_hash > 0 &&
> -	    (key_len - 4) != nvme_auth_hmac_hash_len(key_hash)) {
> -		pr_err("Mismatched key len %d for %s\n", key_len,
> -		       nvme_auth_hmac_name(key_hash));
> -		ret = -EINVAL;
> -		goto out_free_secret;
> -	}
> -
>   	/* The last four bytes is the CRC in little-endian format */
>   	key_len -= 4;
>   	/*

That, however, looks good.

Reviewed-by: Hannes Reinecke <hare@suse.de>

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                Kernel Storage Architect
hare@suse.de                              +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew
Myers, Andrew McDonald, Martje Boudien Moerman