Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp2365308rdg;
        Mon, 16 Oct 2023 01:57:45 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IFpJv3QsAWRGjPHbTZE8a2xXHlpwcE3gLY5eimxS3oxhG1kpICKJFEJiDPQpQKjJi2vJB9+
X-Received: by 2002:a05:6a21:3294:b0:15c:b7ba:1671 with SMTP id yt20-20020a056a21329400b0015cb7ba1671mr9516981pzb.2.1697446665667;
        Mon, 16 Oct 2023 01:57:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697446665; cv=none;
        d=google.com; s=arc-20160816;
        b=G9aOhmybHAM15H7Ffy22bvcHW0Tf82bNqmCsclzHBpAK2kvvuF2UZ3ufP7ZeEQ4DbH
         eFISR6DY7tv7ntcScJPfr333KHekLMQbFV6GgXQ1e9w9ozeHIQBfe2r0auvWxAWquiLA
         fZzjQS4zI+PzTSTPYEdTGdvwZ6Qp77MGbSKFqXl5ixkvcqFHmT5DmO11iu70B+UZ0wbf
         /brev9TLQ4pWo0eiDzx3wNZk+E3UepQMnlsAcsMmRhOfohigvE4SbLYa5PtBuJRaIm4B
         iC3bEiqc9hNRafing+ha+B+ol3JjQCMDVW7kXpQoVU5/GxUkbw61jWShBxmHXmQYAiO7
         jHhA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=IMQR5cNvM+ZVjAji+5R7a1XSgCNs6VwXtgxU/bgB4Eo=;
        fh=OK6NlIuxAObXnbB+YsmCJIFQ9spAlQ71xiCElZ04Vio=;
        b=IpWLGLbX8KYhh/BdN7BxVWm1u4fUSvNMU1HT5BSb+oBxtiXW2B2XEnK0yUODOTxW4D
         mi6JmweoYrr/XBvK9WkxddBSk7FztPzOoJDV9jzgJ8EB7Gid+E/HyK5IuBTsLbUAbWvA
         jzEzZOXeozm8TakX0sn7H0azYPea7c7Yhn4vctuezX0hvkK8Q/0g3uKebqIU2EYi40yV
         A0DbAWrpa5AczR1nGJQeBXDfqkFEWvzJ2dMrEHJ09NZhBQX+n65ZpNw0J69ZgWlETnM1
         T/U8cdlNk0COv45chHNPnOYeFVtVy0w4p7DfMVGZBHfExEj6fK8qP9Kyzv14jtvnXO7r
         YUHw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@posteo.net header.s=2017 header.b=fl7cKXtK;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=posteo.net
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from morse.vger.email (morse.vger.email. [23.128.96.31])
        by mx.google.com with ESMTPS id l13-20020a635b4d000000b00589336ba9f7si9839482pgm.822.2023.10.16.01.57.45
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 16 Oct 2023 01:57:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@posteo.net header.s=2017 header.b=fl7cKXtK;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=posteo.net
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by morse.vger.email (Postfix) with ESMTP id 211D980D0CBE;
	Mon, 16 Oct 2023 01:57:43 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233118AbjJPI53 (ORCPT <rfc822;0xff07.lkml@gmail.com>
        + 99 others); Mon, 16 Oct 2023 04:57:29 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46318 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233109AbjJPI51 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 16 Oct 2023 04:57:27 -0400
Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.66])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 90D2795
        for <linux-kernel@vger.kernel.org>; Mon, 16 Oct 2023 01:57:25 -0700 (PDT)
Received: from submission (posteo.de [185.67.36.169]) 
        by mout02.posteo.de (Postfix) with ESMTPS id 39042240105
        for <linux-kernel@vger.kernel.org>; Mon, 16 Oct 2023 10:57:24 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017;
        t=1697446644; bh=kv0HETudyLnK7zerm9neLvpDVJtlAcnFf3yrw1VeEJU=;
        h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:
         Content-Transfer-Encoding:From;
        b=fl7cKXtKqgMoo+wm4CW5MibIn+9AP5TAEM+bUCfIFsikcsqq0zlIpFLLEMwrkkGU7
         MqvGf107aMkBI3j4y7GOthQmbkYuntjHWmaHHZJnMezHHR5Da7ZJIQvlufzzJZJNn0
         4irEZBPwawFDf29amh26/1rekW71at6oFz9wkszJtGJZHkxAqOnaHkNKOlT2POSLpC
         nm3B99HsSTmzoubvKH2l+bTAbi1RoelQDSHIhAU1x7xsUza2EU2mM5wFQlVSK0+E7n
         4CB6Vasig2VvGnYIodopcXpxCUqh9fvYiwczGez/vgPV7pWhd9lGkb+XU+All+BhzM
         YDy61XdIgSfzg==
Received: from customer (localhost [127.0.0.1])
        by submission (posteo.de) with ESMTPSA id 4S89wf3nYFz9rxd;
        Mon, 16 Oct 2023 10:57:22 +0200 (CEST)
From:   Mark O'Donovan <shiftee@posteo.net>
To:     linux-kernel@vger.kernel.org
Cc:     linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de,
        axboe@kernel.dk, kbusch@kernel.org, hare@suse.de,
        Mark O'Donovan <shiftee@posteo.net>,
        Akash Appaiah <Akash.Appaiah@dell.com>
Subject: [PATCH v2 1/2] nvme-auth: use transformed key size to create resp
Date:   Mon, 16 Oct 2023 08:57:14 +0000
Message-Id: <20231016085715.3068974-2-shiftee@posteo.net>
In-Reply-To: <20231016085715.3068974-1-shiftee@posteo.net>
References: <20231016085715.3068974-1-shiftee@posteo.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Mon, 16 Oct 2023 01:57:43 -0700 (PDT)

This does not change current behaviour as the driver currently
verifies that the secret size is the same size as the length of
the transformation hash.

Co-developed-by: Akash Appaiah <Akash.Appaiah@dell.com>
Signed-off-by: Akash Appaiah <Akash.Appaiah@dell.com>
Signed-off-by: Mark O'Donovan <shiftee@posteo.net>
---
V1 -> V2: support target implementation and controller secrets also

 drivers/nvme/common/auth.c | 6 +++++-
 drivers/nvme/host/auth.c   | 4 ++--
 drivers/nvme/target/auth.c | 4 ++--
 include/linux/nvme-auth.h  | 3 ++-
 4 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c
index d90e4f0c08b7..26a7fbdf4d55 100644
--- a/drivers/nvme/common/auth.c
+++ b/drivers/nvme/common/auth.c
@@ -243,6 +243,8 @@ u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key, char *nqn)
 	}
 	if (key->hash == 0) {
 		transformed_key = kmemdup(key->key, key->len, GFP_KERNEL);
+		if (transformed_key)
+			key->transformed_len = key->len;
 		return transformed_key ? transformed_key : ERR_PTR(-ENOMEM);
 	}
 	hmac_name = nvme_auth_hmac_name(key->hash);
@@ -263,7 +265,8 @@ u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key, char *nqn)
 		goto out_free_key;
 	}
 
-	transformed_key = kzalloc(crypto_shash_digestsize(key_tfm), GFP_KERNEL);
+	key->transformed_len = crypto_shash_digestsize(key_tfm);
+	transformed_key = kzalloc(key->transformed_len, GFP_KERNEL);
 	if (!transformed_key) {
 		ret = -ENOMEM;
 		goto out_free_shash;
@@ -297,6 +300,7 @@ u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key, char *nqn)
 	kfree(shash);
 out_free_key:
 	crypto_free_shash(key_tfm);
+	key->transformed_len = 0;
 
 	return ERR_PTR(ret);
 }
diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
index daf5d144a8ea..89293da3210e 100644
--- a/drivers/nvme/host/auth.c
+++ b/drivers/nvme/host/auth.c
@@ -442,7 +442,7 @@ static int nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl,
 	}
 
 	ret = crypto_shash_setkey(chap->shash_tfm,
-			chap->host_response, ctrl->host_key->len);
+			chap->host_response, ctrl->host_key->transformed_len);
 	if (ret) {
 		dev_warn(ctrl->device, "qid %d: failed to set key, error %d\n",
 			 chap->qid, ret);
@@ -520,7 +520,7 @@ static int nvme_auth_dhchap_setup_ctrl_response(struct nvme_ctrl *ctrl,
 	}
 
 	ret = crypto_shash_setkey(chap->shash_tfm,
-			ctrl_response, ctrl->ctrl_key->len);
+			ctrl_response, ctrl->ctrl_key->transformed_len);
 	if (ret) {
 		dev_warn(ctrl->device, "qid %d: failed to set key, error %d\n",
 			 chap->qid, ret);
diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c
index 4dcddcf95279..c46473b383b1 100644
--- a/drivers/nvme/target/auth.c
+++ b/drivers/nvme/target/auth.c
@@ -298,7 +298,7 @@ int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response,
 	}
 
 	ret = crypto_shash_setkey(shash_tfm, host_response,
-				  ctrl->host_key->len);
+				  ctrl->host_key->transformed_len);
 	if (ret)
 		goto out_free_response;
 
@@ -410,7 +410,7 @@ int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *response,
 	}
 
 	ret = crypto_shash_setkey(shash_tfm, ctrl_response,
-				  ctrl->ctrl_key->len);
+				  ctrl->ctrl_key->transformed_len);
 	if (ret)
 		goto out_free_response;
 
diff --git a/include/linux/nvme-auth.h b/include/linux/nvme-auth.h
index dcb8030062dd..cf24d885dfd9 100644
--- a/include/linux/nvme-auth.h
+++ b/include/linux/nvme-auth.h
@@ -10,8 +10,9 @@
 
 struct nvme_dhchap_key {
 	u8 *key;
-	size_t len;
 	u8 hash;
+	size_t len;
+	size_t transformed_len;
 };
 
 u32 nvme_auth_get_seqnum(void);
-- 
2.39.2