Re: [PATCH v2 1/2] nvme-auth: use transformed key size to create resp
From: Hannes Reinecke
Date: Mon Oct 16 2023 - 05:14:58 EST
On 10/16/23 10:57, Mark O'Donovan wrote:
This does not change current behaviour as the driver currently
verifies that the secret size is the same size as the length of
the transformation hash.
Co-developed-by: Akash Appaiah <Akash.Appaiah@xxxxxxxx>
Signed-off-by: Akash Appaiah <Akash.Appaiah@xxxxxxxx>
Signed-off-by: Mark O'Donovan <shiftee@xxxxxxxxxx>
---
V1 -> V2: support target implementation and controller secrets also
drivers/nvme/common/auth.c | 6 +++++-
drivers/nvme/host/auth.c | 4 ++--
drivers/nvme/target/auth.c | 4 ++--
include/linux/nvme-auth.h | 3 ++-
4 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c
index d90e4f0c08b7..26a7fbdf4d55 100644
--- a/drivers/nvme/common/auth.c
+++ b/drivers/nvme/common/auth.c
@@ -243,6 +243,8 @@ u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key, char *nqn)
}
if (key->hash == 0) {
transformed_key = kmemdup(key->key, key->len, GFP_KERNEL);
+ if (transformed_key)
+ key->transformed_len = key->len;
return transformed_key ? transformed_key : ERR_PTR(-ENOMEM);
Hmm. But now we're inconsistent.
The input structure 'key' doesn't know (nor does care) if the key has
been transformed; the transformation itself is returned in a different
structure.
If we were to go that way the it'll be better to return a 'struct
nvme_dhchap_key' from nvme_auth_transform_key(), which will then
encapsulate the data and the correct length.
Which probably is not a bad idea, seeing that a key transform really
should generate a new key.
Hmm?
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@xxxxxxx +49 911 74053 688
SUSE Software Solutions Germany GmbH, Frankenstr. 146, 90461 Nürnberg
Managing Directors: I. Totev, A. Myers, A. McDonald, M. B. Moerman
(HRB 36809, AG Nürnberg)