nvme-keyring: restrict match length for version '1' identifiers (79559c75) · Commits · git / linux-nf

drivers/nvme/common/keyring.c

+26 −10

Original line number	Diff line number	Diff line
		@@ -36,14 +36,12 @@ static bool nvme_tls_psk_match(const struct key *key,
		pr_debug("%s: no key description\n", __func__);
		return false;
		}
		match_len = strlen(key->description);
		pr_debug("%s: id %s len %zd\n", __func__, key->description, match_len);

		if (!match_data->raw_data) {
		pr_debug("%s: no match data\n", __func__);
		return false;
		}
		match_id = match_data->raw_data;
		match_len = strlen(match_id);
		pr_debug("%s: match '%s' '%s' len %zd\n",
		__func__, match_id, key->description, match_len);
		return !memcmp(key->description, match_id, match_len);
		@@ -71,7 +69,7 @@ static struct key_type nvme_tls_psk_key_type = {

		static struct key nvme_tls_psk_lookup(struct key keyring,
		const char hostnqn, const char subnqn,
		int hmac, bool generated)
		u8 hmac, u8 psk_ver, bool generated)
		{
		char *identity;
		size_t identity_len = (NVMF_NQN_SIZE) * 2 + 11;
		@@ -82,8 +80,8 @@ static struct key nvme_tls_psk_lookup(struct key keyring,
		if (!identity)
		return ERR_PTR(-ENOMEM);

		snprintf(identity, identity_len, "NVMe0%c%02d %s %s",
		generated ? 'G' : 'R', hmac, hostnqn, subnqn);
		snprintf(identity, identity_len, "NVMe%u%c%02u %s %s",
		psk_ver, generated ? 'G' : 'R', hmac, hostnqn, subnqn);

		if (!keyring)
		keyring = nvme_keyring;
		@@ -107,21 +105,38 @@ static struct key nvme_tls_psk_lookup(struct key keyring,
		/*
		* NVMe PSK priority list
		*
		* 'Retained' PSKs (ie 'generated == false')
		* should be preferred to 'generated' PSKs,
		* and SHA-384 should be preferred to SHA-256.
		* 'Retained' PSKs (ie 'generated == false') should be preferred to 'generated'
		* PSKs, PSKs with hash (psk_ver 1) should be preferred to PSKs without hash
		* (psk_ver 0), and SHA-384 should be preferred to SHA-256.
		*/
		static struct nvme_tls_psk_priority_list {
		bool generated;
		u8 psk_ver;
		enum nvme_tcp_tls_cipher cipher;
		} nvme_tls_psk_prio[] = {
		{ .generated = false,
		.psk_ver = 1,
		.cipher = NVME_TCP_TLS_CIPHER_SHA384, },
		{ .generated = false,
		.psk_ver = 1,
		.cipher = NVME_TCP_TLS_CIPHER_SHA256, },
		{ .generated = false,
		.psk_ver = 0,
		.cipher = NVME_TCP_TLS_CIPHER_SHA384, },
		{ .generated = false,
		.psk_ver = 0,
		.cipher = NVME_TCP_TLS_CIPHER_SHA256, },
		{ .generated = true,
		.psk_ver = 1,
		.cipher = NVME_TCP_TLS_CIPHER_SHA384, },
		{ .generated = true,
		.psk_ver = 1,
		.cipher = NVME_TCP_TLS_CIPHER_SHA256, },
		{ .generated = true,
		.psk_ver = 0,
		.cipher = NVME_TCP_TLS_CIPHER_SHA384, },
		{ .generated = true,
		.psk_ver = 0,
		.cipher = NVME_TCP_TLS_CIPHER_SHA256, },
		};

		@@ -137,10 +152,11 @@ key_serial_t nvme_tls_psk_default(struct key *keyring,

		for (prio = 0; prio < ARRAY_SIZE(nvme_tls_psk_prio); prio++) {
		bool generated = nvme_tls_psk_prio[prio].generated;
		u8 ver = nvme_tls_psk_prio[prio].psk_ver;
		enum nvme_tcp_tls_cipher cipher = nvme_tls_psk_prio[prio].cipher;

		tls_key = nvme_tls_psk_lookup(keyring, hostnqn, subnqn,
		cipher, generated);
		cipher, ver, generated);
		if (!IS_ERR(tls_key)) {
		tls_key_id = tls_key->serial;
		key_put(tls_key);