Commit c4f216c2 authored by Eric Biggers's avatar Eric Biggers Committed by Keith Busch
Browse files

nvme-auth: host: use crypto library in nvme_auth_dhchap_setup_ctrl_response() 



For the HMAC computation in nvme_auth_dhchap_setup_ctrl_response(), use
the crypto library instead of crypto_shash.  This is simpler, faster,
and more reliable.

Acked-by: default avatarArd Biesheuvel <ardb@kernel.org>
Acked-by: default avatarChristoph Hellwig <hch@lst.de>
Reviewed-by: default avatarHannes Reinecke <hare@suse.de>
Signed-off-by: default avatarEric Biggers <ebiggers@kernel.org>
Signed-off-by: default avatarKeith Busch <kbusch@kernel.org>
parent 6be8d3f0

drivers/nvme/host/auth.c

+21 −35
Original line number Diff line number Diff line
@@ -504,7 +504,7 @@ static int nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl, 
static int nvme_auth_dhchap_setup_ctrl_response(struct nvme_ctrl *ctrl,

		struct nvme_dhchap_queue_context *chap)

{

	SHASH_DESC_ON_STACK(shash, chap->shash_tfm);

	struct nvme_auth_hmac_ctx hmac;

	struct nvme_dhchap_key *transformed_key;

	u8 buf[4], *challenge = chap->c2;

	int ret;
@@ -516,10 +516,10 @@ static int nvme_auth_dhchap_setup_ctrl_response(struct nvme_ctrl *ctrl, 
		return ret;

	}



	ret = crypto_shash_setkey(chap->shash_tfm,

			transformed_key->key, transformed_key->len);

	ret = nvme_auth_hmac_init(&hmac, chap->hash_id, transformed_key->key,

				  transformed_key->len);

	if (ret) {

		dev_warn(ctrl->device, "qid %d: failed to set key, error %d\n",

		dev_warn(ctrl->device, "qid %d: failed to init hmac, error %d\n",

			 chap->qid, ret);

		goto out;

	}
@@ -546,43 +546,29 @@ static int nvme_auth_dhchap_setup_ctrl_response(struct nvme_ctrl *ctrl, 
		__func__, chap->qid, ctrl->opts->subsysnqn);

	dev_dbg(ctrl->device, "%s: qid %d hostnqn %s\n",

		__func__, chap->qid, ctrl->opts->host->nqn);

	shash->tfm = chap->shash_tfm;

	ret = crypto_shash_init(shash);

	if (ret)

		goto out;

	ret = crypto_shash_update(shash, challenge, chap->hash_len);

	if (ret)

		goto out;



	nvme_auth_hmac_update(&hmac, challenge, chap->hash_len);



	put_unaligned_le32(chap->s2, buf);

	ret = crypto_shash_update(shash, buf, 4);

	if (ret)

		goto out;

	nvme_auth_hmac_update(&hmac, buf, 4);



	put_unaligned_le16(chap->transaction, buf);

	ret = crypto_shash_update(shash, buf, 2);

	if (ret)

		goto out;

	nvme_auth_hmac_update(&hmac, buf, 2);



	memset(buf, 0, 4);

	ret = crypto_shash_update(shash, buf, 1);

	if (ret)

		goto out;

	ret = crypto_shash_update(shash, "Controller", 10);

	if (ret)

		goto out;

	ret = crypto_shash_update(shash, ctrl->opts->subsysnqn,

	nvme_auth_hmac_update(&hmac, buf, 1);

	nvme_auth_hmac_update(&hmac, "Controller", 10);

	nvme_auth_hmac_update(&hmac, ctrl->opts->subsysnqn,

			      strlen(ctrl->opts->subsysnqn));

	if (ret)

		goto out;

	ret = crypto_shash_update(shash, buf, 1);

	if (ret)

		goto out;

	ret = crypto_shash_update(shash, ctrl->opts->host->nqn,

	nvme_auth_hmac_update(&hmac, buf, 1);

	nvme_auth_hmac_update(&hmac, ctrl->opts->host->nqn,

			      strlen(ctrl->opts->host->nqn));

	if (ret)

		goto out;

	ret = crypto_shash_final(shash, chap->response);

	nvme_auth_hmac_final(&hmac, chap->response);

	ret = 0;

out:

	if (challenge != chap->c2)

		kfree(challenge);

	memzero_explicit(&hmac, sizeof(hmac));

	nvme_auth_free_key(transformed_key);

	return ret;

}