[PATCH 06/21] nvme-auth: common: explicitly verify psk_len == hash_len

public inbox for linux-crypto@vger.kernel.org
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers@kernel.org>
To: linux-nvme@lists.infradead.org,
	Chaitanya Kulkarni <kch@nvidia.com>,
	Sagi Grimberg <sagi@grimberg.me>, Christoph Hellwig <hch@lst.de>,
	Hannes Reinecke <hare@suse.de>
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
	Ard Biesheuvel <ardb@kernel.org>,
	"Jason A . Donenfeld" <Jason@zx2c4.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH 06/21] nvme-auth: common: explicitly verify psk_len == hash_len
Date: Sun,  1 Mar 2026 23:59:44 -0800	[thread overview]
Message-ID: <20260302075959.338638-7-ebiggers@kernel.org> (raw)
In-Reply-To: <20260302075959.338638-1-ebiggers@kernel.org>

nvme_auth_derive_tls_psk() is always called with psk_len == hash_len.
And based on the comments above nvme_auth_generate_psk() and
nvme_auth_derive_tls_psk(), this isn't an implementation choice but
rather just the length the spec uses.  Add a check which makes this
explicit, so that when cleaning up nvme_auth_derive_tls_psk() we don't
have to retain support for arbitrary values of psk_len.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
 drivers/nvme/common/auth.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c
index 2f83c9ddea5ec..9e33fc02cf51a 100644
--- a/drivers/nvme/common/auth.c
+++ b/drivers/nvme/common/auth.c
@@ -786,10 +786,15 @@ int nvme_auth_derive_tls_psk(int hmac_id, const u8 *psk, size_t psk_len,
 		pr_warn("%s: unsupported hash algorithm %s\n",
 			__func__, hmac_name);
 		return -EINVAL;
 	}
 
+	if (psk_len != nvme_auth_hmac_hash_len(hmac_id)) {
+		pr_warn("%s: unexpected psk_len %zu\n", __func__, psk_len);
+		return -EINVAL;
+	}
+
 	hmac_tfm = crypto_alloc_shash(hmac_name, 0, 0);
 	if (IS_ERR(hmac_tfm))
 		return PTR_ERR(hmac_tfm);
 
 	prk_len = crypto_shash_digestsize(hmac_tfm);
-- 
2.53.0

next prev parent reply	other threads:[~2026-03-02  8:01 UTC|newest]

Thread overview: 54+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-02  7:59 [PATCH 00/21] nvme-auth: use crypto library for HMAC and hashing Eric Biggers
2026-03-02  7:59 ` [PATCH 01/21] nvme-auth: add NVME_AUTH_MAX_DIGEST_SIZE constant Eric Biggers
2026-03-02  9:44   ` Hannes Reinecke
2026-03-02  7:59 ` [PATCH 02/21] nvme-auth: common: constify static data Eric Biggers
2026-03-02  9:45   ` Hannes Reinecke
2026-03-02  7:59 ` [PATCH 03/21] nvme-auth: use proper argument types Eric Biggers
2026-03-02  9:45   ` Hannes Reinecke
2026-03-02  7:59 ` [PATCH 04/21] nvme-auth: common: add KUnit tests for TLS key derivation Eric Biggers
2026-03-02 10:04   ` Hannes Reinecke
2026-03-03  0:26     ` Eric Biggers
2026-03-03  1:11       ` Chris Leech
2026-03-03 22:47       ` Chris Leech
2026-03-04  0:30         ` Eric Biggers
2026-03-02  7:59 ` [PATCH 05/21] nvme-auth: rename nvme_auth_generate_key() to nvme_auth_parse_key() Eric Biggers
2026-03-02 10:05   ` Hannes Reinecke
2026-03-02  7:59 ` Eric Biggers [this message]
2026-03-02 10:05   ` [PATCH 06/21] nvme-auth: common: explicitly verify psk_len == hash_len Hannes Reinecke
2026-03-02  7:59 ` [PATCH 07/21] nvme-auth: common: add HMAC helper functions Eric Biggers
2026-03-02 10:07   ` Hannes Reinecke
2026-03-02  7:59 ` [PATCH 08/21] nvme-auth: common: use crypto library in nvme_auth_transform_key() Eric Biggers
2026-03-02 10:09   ` Hannes Reinecke
2026-03-02  7:59 ` [PATCH 09/21] nvme-auth: common: use crypto library in nvme_auth_augmented_challenge() Eric Biggers
2026-03-02 10:10   ` Hannes Reinecke
2026-03-02  7:59 ` [PATCH 10/21] nvme-auth: common: use crypto library in nvme_auth_generate_psk() Eric Biggers
2026-03-03  7:37   ` Hannes Reinecke
2026-03-02  7:59 ` [PATCH 11/21] nvme-auth: common: use crypto library in nvme_auth_generate_digest() Eric Biggers
2026-03-03  7:38   ` Hannes Reinecke
2026-03-02  7:59 ` [PATCH 12/21] nvme-auth: common: use crypto library in nvme_auth_derive_tls_psk() Eric Biggers
2026-03-03  7:40   ` Hannes Reinecke
2026-03-02  7:59 ` [PATCH 13/21] nvme-auth: host: use crypto library in nvme_auth_dhchap_setup_host_response() Eric Biggers
2026-03-03  7:40   ` Hannes Reinecke
2026-03-02  7:59 ` [PATCH 14/21] nvme-auth: host: use crypto library in nvme_auth_dhchap_setup_ctrl_response() Eric Biggers
2026-03-03  7:41   ` Hannes Reinecke
2026-03-02  7:59 ` [PATCH 15/21] nvme-auth: host: remove allocation of crypto_shash Eric Biggers
2026-03-03  7:42   ` Hannes Reinecke
2026-03-02  7:59 ` [PATCH 16/21] nvme-auth: target: remove obsolete crypto_has_shash() checks Eric Biggers
2026-03-03  7:43   ` Hannes Reinecke
2026-03-02  7:59 ` [PATCH 17/21] nvme-auth: target: use crypto library in nvmet_auth_host_hash() Eric Biggers
2026-03-03  7:43   ` Hannes Reinecke
2026-03-02  7:59 ` [PATCH 18/21] nvme-auth: target: use crypto library in nvmet_auth_ctrl_hash() Eric Biggers
2026-03-03  7:44   ` Hannes Reinecke
2026-03-02  7:59 ` [PATCH 19/21] nvme-auth: common: remove nvme_auth_digest_name() Eric Biggers
2026-03-03  7:45   ` Hannes Reinecke
2026-03-02  7:59 ` [PATCH 20/21] nvme-auth: common: remove selections of no-longer used crypto modules Eric Biggers
2026-03-03  7:45   ` Hannes Reinecke
2026-03-02  7:59 ` [PATCH 21/21] crypto: remove HKDF library Eric Biggers
2026-03-03  7:46   ` Hannes Reinecke
2026-03-02 15:06 ` [PATCH 00/21] nvme-auth: use crypto library for HMAC and hashing Ard Biesheuvel
2026-03-03  4:04 ` Chris Leech
2026-03-04 13:23 ` Christoph Hellwig
2026-03-05 19:31   ` Eric Biggers
2026-03-05 19:35     ` Keith Busch
2026-03-25 20:20       ` Eric Biggers
2026-03-25 21:09         ` Keith Busch

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:2f83c9ddea5e dfblob:9e33fc02cf51 )
 OR (
bs:"[PATCH 06/21] nvme-auth: common: explicitly verify psk_len == hash_len" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260302075959.338638-7-ebiggers@kernel.org \
    --to=ebiggers@kernel.org \
    --cc=Jason@zx2c4.com \
    --cc=ardb@kernel.org \
    --cc=hare@suse.de \
    --cc=hch@lst.de \
    --cc=herbert@gondor.apana.org.au \
    --cc=kch@nvidia.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nvme@lists.infradead.org \
    --cc=sagi@grimberg.me \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox