From: Eric Biggers <ebiggers@kernel.org>
To: linux-nvme@lists.infradead.org,
Chaitanya Kulkarni <kch@nvidia.com>,
Sagi Grimberg <sagi@grimberg.me>, Christoph Hellwig <hch@lst.de>,
Hannes Reinecke <hare@suse.de>
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
Ard Biesheuvel <ardb@kernel.org>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH 01/21] nvme-auth: add NVME_AUTH_MAX_DIGEST_SIZE constant
Date: Sun, 1 Mar 2026 23:59:39 -0800 [thread overview]
Message-ID: <20260302075959.338638-2-ebiggers@kernel.org> (raw)
In-Reply-To: <20260302075959.338638-1-ebiggers@kernel.org>
Define a NVME_AUTH_MAX_DIGEST_SIZE constant and use it in the
appropriate places.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
drivers/nvme/common/auth.c | 6 ++----
drivers/nvme/host/auth.c | 6 +++---
include/linux/nvme.h | 5 +++++
3 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c
index e07e7d4bf8b68..78d751481fe31 100644
--- a/drivers/nvme/common/auth.c
+++ b/drivers/nvme/common/auth.c
@@ -13,12 +13,10 @@
#include <crypto/dh.h>
#include <crypto/hkdf.h>
#include <linux/nvme.h>
#include <linux/nvme-auth.h>
-#define HKDF_MAX_HASHLEN 64
-
static u32 nvme_dhchap_seqnum;
static DEFINE_MUTEX(nvme_dhchap_mutex);
u32 nvme_auth_get_seqnum(void)
{
@@ -767,11 +765,11 @@ int nvme_auth_derive_tls_psk(int hmac_id, u8 *psk, size_t psk_len,
u8 *psk_digest, u8 **ret_psk)
{
struct crypto_shash *hmac_tfm;
const char *hmac_name;
const char *label = "nvme-tls-psk";
- static const char default_salt[HKDF_MAX_HASHLEN];
+ static const char default_salt[NVME_AUTH_MAX_DIGEST_SIZE];
size_t prk_len;
const char *ctx;
unsigned char *prk, *tls_key;
int ret;
@@ -796,11 +794,11 @@ int nvme_auth_derive_tls_psk(int hmac_id, u8 *psk, size_t psk_len,
if (!prk) {
ret = -ENOMEM;
goto out_free_shash;
}
- if (WARN_ON(prk_len > HKDF_MAX_HASHLEN)) {
+ if (WARN_ON(prk_len > NVME_AUTH_MAX_DIGEST_SIZE)) {
ret = -EINVAL;
goto out_free_prk;
}
ret = hkdf_extract(hmac_tfm, psk, psk_len,
default_salt, prk_len, prk);
diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
index 405e7c03b1cfe..301c858b7c577 100644
--- a/drivers/nvme/host/auth.c
+++ b/drivers/nvme/host/auth.c
@@ -36,13 +36,13 @@ struct nvme_dhchap_queue_context {
u8 status;
u8 dhgroup_id;
u8 hash_id;
u8 sc_c;
size_t hash_len;
- u8 c1[64];
- u8 c2[64];
- u8 response[64];
+ u8 c1[NVME_AUTH_MAX_DIGEST_SIZE];
+ u8 c2[NVME_AUTH_MAX_DIGEST_SIZE];
+ u8 response[NVME_AUTH_MAX_DIGEST_SIZE];
u8 *ctrl_key;
u8 *host_key;
u8 *sess_key;
int ctrl_key_len;
int host_key_len;
diff --git a/include/linux/nvme.h b/include/linux/nvme.h
index 655d194f8e722..edfebbce67453 100644
--- a/include/linux/nvme.h
+++ b/include/linux/nvme.h
@@ -1835,10 +1835,15 @@ enum {
NVME_AUTH_HASH_SHA384 = 0x02,
NVME_AUTH_HASH_SHA512 = 0x03,
NVME_AUTH_HASH_INVALID = 0xff,
};
+/* Maximum digest size for any NVME_AUTH_HASH_* value */
+enum {
+ NVME_AUTH_MAX_DIGEST_SIZE = 64,
+};
+
/* Defined Diffie-Hellman group identifiers for DH-HMAC-CHAP authentication */
enum {
NVME_AUTH_DHGROUP_NULL = 0x00,
NVME_AUTH_DHGROUP_2048 = 0x01,
NVME_AUTH_DHGROUP_3072 = 0x02,
--
2.53.0
next prev parent reply other threads:[~2026-03-02 8:01 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-02 7:59 [PATCH 00/21] nvme-auth: use crypto library for HMAC and hashing Eric Biggers
2026-03-02 7:59 ` Eric Biggers [this message]
2026-03-02 9:44 ` [PATCH 01/21] nvme-auth: add NVME_AUTH_MAX_DIGEST_SIZE constant Hannes Reinecke
2026-03-02 7:59 ` [PATCH 02/21] nvme-auth: common: constify static data Eric Biggers
2026-03-02 9:45 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 03/21] nvme-auth: use proper argument types Eric Biggers
2026-03-02 9:45 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 04/21] nvme-auth: common: add KUnit tests for TLS key derivation Eric Biggers
2026-03-02 10:04 ` Hannes Reinecke
2026-03-03 0:26 ` Eric Biggers
2026-03-03 1:11 ` Chris Leech
2026-03-03 22:47 ` Chris Leech
2026-03-04 0:30 ` Eric Biggers
2026-03-02 7:59 ` [PATCH 05/21] nvme-auth: rename nvme_auth_generate_key() to nvme_auth_parse_key() Eric Biggers
2026-03-02 10:05 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 06/21] nvme-auth: common: explicitly verify psk_len == hash_len Eric Biggers
2026-03-02 10:05 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 07/21] nvme-auth: common: add HMAC helper functions Eric Biggers
2026-03-02 10:07 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 08/21] nvme-auth: common: use crypto library in nvme_auth_transform_key() Eric Biggers
2026-03-02 10:09 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 09/21] nvme-auth: common: use crypto library in nvme_auth_augmented_challenge() Eric Biggers
2026-03-02 10:10 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 10/21] nvme-auth: common: use crypto library in nvme_auth_generate_psk() Eric Biggers
2026-03-03 7:37 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 11/21] nvme-auth: common: use crypto library in nvme_auth_generate_digest() Eric Biggers
2026-03-03 7:38 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 12/21] nvme-auth: common: use crypto library in nvme_auth_derive_tls_psk() Eric Biggers
2026-03-03 7:40 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 13/21] nvme-auth: host: use crypto library in nvme_auth_dhchap_setup_host_response() Eric Biggers
2026-03-03 7:40 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 14/21] nvme-auth: host: use crypto library in nvme_auth_dhchap_setup_ctrl_response() Eric Biggers
2026-03-03 7:41 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 15/21] nvme-auth: host: remove allocation of crypto_shash Eric Biggers
2026-03-03 7:42 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 16/21] nvme-auth: target: remove obsolete crypto_has_shash() checks Eric Biggers
2026-03-03 7:43 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 17/21] nvme-auth: target: use crypto library in nvmet_auth_host_hash() Eric Biggers
2026-03-03 7:43 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 18/21] nvme-auth: target: use crypto library in nvmet_auth_ctrl_hash() Eric Biggers
2026-03-03 7:44 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 19/21] nvme-auth: common: remove nvme_auth_digest_name() Eric Biggers
2026-03-03 7:45 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 20/21] nvme-auth: common: remove selections of no-longer used crypto modules Eric Biggers
2026-03-03 7:45 ` Hannes Reinecke
2026-03-02 7:59 ` [PATCH 21/21] crypto: remove HKDF library Eric Biggers
2026-03-03 7:46 ` Hannes Reinecke
2026-03-02 15:06 ` [PATCH 00/21] nvme-auth: use crypto library for HMAC and hashing Ard Biesheuvel
2026-03-03 4:04 ` Chris Leech
2026-03-04 13:23 ` Christoph Hellwig
2026-03-05 19:31 ` Eric Biggers
2026-03-05 19:35 ` Keith Busch
2026-03-25 20:20 ` Eric Biggers
2026-03-25 21:09 ` Keith Busch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260302075959.338638-2-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=herbert@gondor.apana.org.au \
--cc=kch@nvidia.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox