From: Mark O'Donovan <shiftee@posteo.net>
To: linux-kernel@vger.kernel.org
Cc: linux-nvme@lists.infradead.org, sagi@grimberg.me, hch@lst.de,
axboe@kernel.dk, kbusch@kernel.org, hare@suse.de,
Mark O'Donovan <shiftee@posteo.net>
Subject: [PATCH v5 0/3] Remove secret-size restrictions for hashes
Date: Tue, 17 Oct 2023 17:09:16 +0000 [thread overview]
Message-ID: <20231017170919.30358-1-shiftee@posteo.net> (raw)
This relates to the hash functions used to transform the secret.
The kernel currently restricts us to using secrets equal in size
to the transformation hash function they use.
e.g. 32 byte secrets with the SHA-256(32 byte) hash function.
This restriction is not required by the spec and means
incompatibility with more permissive implementations.
With these patches the example secret from the spec should now
be permitted with any of the following:
DHHC-1:00:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n:
DHHC-1:01:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n:
DHHC-1:02:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n:
DHHC-1:03:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n:
Note: Secrets are still restricted to 32,48 or 64 bits.
v1:
- Initial submission
v2:
- Added transformed_len as member of struct nvme_dhchap_key
v3:
- Return a struct nvme_dhchap_key from nvme_auth_transform_key()
v4:
- added helper to caclulate key struct size using struct_size()
- Break up lines which were too long
- Replace ternary operator with if
- Add missing ERR_CAST()
v5:
- Removed newly redundant check found by kernel test robot
Mark O'Donovan (3):
nvme-auth: alloc nvme_dhchap_key as single buffer
nvme-auth: use transformed key size to create resp
nvme-auth: allow mixing of secret and hash lengths
drivers/nvme/common/auth.c | 68 ++++++++++++++++++++++----------------
drivers/nvme/host/auth.c | 30 ++++++++---------
drivers/nvme/target/auth.c | 31 +++++++++--------
include/linux/nvme-auth.h | 7 ++--
4 files changed, 76 insertions(+), 60 deletions(-)
--
2.39.2
next reply other threads:[~2023-10-17 17:09 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-17 17:09 Mark O'Donovan [this message]
2023-10-17 17:09 ` [PATCH v5 1/3] nvme-auth: alloc nvme_dhchap_key as single buffer Mark O'Donovan
2023-10-17 17:09 ` [PATCH v5 2/3] nvme-auth: use transformed key size to create resp Mark O'Donovan
2023-10-17 17:09 ` [PATCH v5 3/3] nvme-auth: allow mixing of secret and hash lengths Mark O'Donovan
2023-10-17 20:28 ` [PATCH v5 0/3] Remove secret-size restrictions for hashes Keith Busch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231017170919.30358-1-shiftee@posteo.net \
--to=shiftee@posteo.net \
--cc=axboe@kernel.dk \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox