[PATCH 00/21] nvme-auth: use crypto library for HMAC and hashing

[Eric Biggers <ebiggers@kernel.org>]

This series converts the implementation of NVMe in-band authentication
to use the crypto library instead of crypto_shash for HMAC and hashing.

The result is simpler, faster, and more reliable.  Notably, it
eliminates a lot of dynamic memory allocations, indirect calls, lookups
in crypto_alg_list, and other API overhead.  It also uses the library's
support for initializing HMAC contexts directly from a raw key, which is
an optimization not accessible via crypto_shash.  Finally, a lot of the
error handling code goes away, since the library functions just always
succeed and return void.

The last patch removes crypto/hkdf.c, as it's no longer needed.

This series applies to v7.0-rc1 and is targeting the nvme tree.

I've tested the TLS key derivation using the KUnit test suite added in
this series.  I don't know how to test the other parts, but it all
should behave the same as before.

Eric Biggers (21):
  nvme-auth: add NVME_AUTH_MAX_DIGEST_SIZE constant
  nvme-auth: common: constify static data
  nvme-auth: use proper argument types
  nvme-auth: common: add KUnit tests for TLS key derivation
  nvme-auth: rename nvme_auth_generate_key() to nvme_auth_parse_key()
  nvme-auth: common: explicitly verify psk_len == hash_len
  nvme-auth: common: add HMAC helper functions
  nvme-auth: common: use crypto library in nvme_auth_transform_key()
  nvme-auth: common: use crypto library in
    nvme_auth_augmented_challenge()
  nvme-auth: common: use crypto library in nvme_auth_generate_psk()
  nvme-auth: common: use crypto library in nvme_auth_generate_digest()
  nvme-auth: common: use crypto library in nvme_auth_derive_tls_psk()
  nvme-auth: host: use crypto library in
    nvme_auth_dhchap_setup_host_response()
  nvme-auth: host: use crypto library in
    nvme_auth_dhchap_setup_ctrl_response()
  nvme-auth: host: remove allocation of crypto_shash
  nvme-auth: target: remove obsolete crypto_has_shash() checks
  nvme-auth: target: use crypto library in nvmet_auth_host_hash()
  nvme-auth: target: use crypto library in nvmet_auth_ctrl_hash()
  nvme-auth: common: remove nvme_auth_digest_name()
  nvme-auth: common: remove selections of no-longer used crypto modules
  crypto: remove HKDF library

 crypto/Kconfig                         |   6 -
 crypto/Makefile                        |   1 -
 crypto/hkdf.c                          | 573 ------------------------
 drivers/nvme/common/.kunitconfig       |   6 +
 drivers/nvme/common/Kconfig            |  14 +-
 drivers/nvme/common/Makefile           |   2 +
 drivers/nvme/common/auth.c             | 587 ++++++++++---------------
 drivers/nvme/common/tests/auth_kunit.c | 175 ++++++++
 drivers/nvme/host/auth.c               | 160 +++----
 drivers/nvme/host/sysfs.c              |   4 +-
 drivers/nvme/target/auth.c             | 198 +++------
 drivers/nvme/target/configfs.c         |   3 -
 drivers/nvme/target/fabrics-cmd-auth.c |   4 +-
 drivers/nvme/target/nvmet.h            |   2 +-
 include/crypto/hkdf.h                  |  20 -
 include/linux/nvme-auth.h              |  41 +-
 include/linux/nvme.h                   |   5 +
 17 files changed, 571 insertions(+), 1230 deletions(-)
 delete mode 100644 crypto/hkdf.c
 create mode 100644 drivers/nvme/common/.kunitconfig
 create mode 100644 drivers/nvme/common/tests/auth_kunit.c
 delete mode 100644 include/crypto/hkdf.h


base-commit: 6de23f81a5e08be8fbf5e8d7e9febc72a5b5f27f
-- 
2.53.0