Re: [PATCH 02/10] nvme: add nvme_auth_generate_psk()

public inbox for linux-nvme@lists.infradead.org
 help / color / mirror / Atom feed

From: Christoph Hellwig <hch@lst.de>
To: Hannes Reinecke <hare@kernel.org>
Cc: Christoph Hellwig <hch@lst.de>, Keith Busch <kbusch@kernel.org>,
	Sagi Grimberg <sagi@grimberg.me>,
	linux-nvme@lists.infradead.org
Subject: Re: [PATCH 02/10] nvme: add nvme_auth_generate_psk()
Date: Tue, 28 Jan 2025 09:53:36 +0100	[thread overview]
Message-ID: <20250128085336.GA25760@lst.de> (raw)
In-Reply-To: <20250122165829.11603-3-hare@kernel.org>

> + * Generate a PSK for TLS as specified in NVMe base specification, section 8.13.5.9:

Please fix your comment to stay in 80 characters.  The line wrapping
here makes the text almost unreadable.

> +int nvme_auth_generate_psk(u8 hmac_id, u8 *skey, size_t skey_len,
> +		u8 *c1, u8 *c2, size_t hash_len, u8 **ret_psk,size_t *ret_len)

Missing whitespace before the last size_t.

> +{
> +	struct crypto_shash *tfm;
> +	struct shash_desc *shash;
> +	u8 *psk;
> +	const char *hmac_name;
> +	int ret, psk_len;
> +
> +	if (!c1 || !c2) {
> +		pr_warn("%s: invalid parameter\n", __func__);
> +		return -EINVAL;
> +	}

No a very useful error message.  Given that this is a violation of
the API contract either a WARN_ON_ONCE or just letting the crypto
algorithm fail should be fine.

> +	tfm = crypto_alloc_shash(hmac_name, 0, 0);
> +	if (IS_ERR(tfm))
> +		return PTR_ERR(tfm);
> +
> +	psk_len = crypto_shash_digestsize(tfm);
> +	psk = kzalloc(psk_len, GFP_KERNEL);
> +	if (!psk) {
> +		ret = -ENOMEM;
> +		goto out_free_tfm;
> +	}
> +
> +	shash = kmalloc(sizeof(struct shash_desc) +
> +			crypto_shash_descsize(tfm),
> +			GFP_KERNEL);
> +	if (!shash) {
> +		ret = -ENOMEM;
> +		goto out_free_psk;
> +	}

Is there a good reason this can't use SHASH_DESC_ON_STACK()?

next prev parent reply	other threads:[~2025-01-28  8:54 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-22 16:58 [PATCHv14 00/10] nvme: implement secure concatenation Hannes Reinecke
2025-01-22 16:58 ` [PATCH 01/10] crypto,fs: Separate out hkdf_extract() and hkdf_expand() Hannes Reinecke
2025-01-22 16:58 ` [PATCH 02/10] nvme: add nvme_auth_generate_psk() Hannes Reinecke
2025-01-28  8:53   ` Christoph Hellwig [this message]
2025-01-28 15:26     ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 03/10] nvme: add nvme_auth_generate_digest() Hannes Reinecke
2025-01-28  8:56   ` Christoph Hellwig
2025-01-22 16:58 ` [PATCH 04/10] nvme: add nvme_auth_derive_tls_psk() Hannes Reinecke
2025-01-28  8:58   ` Christoph Hellwig
2025-02-03 13:37     ` Hannes Reinecke
2025-02-04  5:23       ` Christoph Hellwig
2025-01-22 16:58 ` [PATCH 05/10] nvme-keyring: add nvme_tls_psk_refresh() Hannes Reinecke
2025-01-28  9:00   ` Christoph Hellwig
2025-02-03 13:55     ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 06/10] nvme: always include <linux/key.h> Hannes Reinecke
2025-01-28  9:01   ` Christoph Hellwig
2025-02-03 13:55     ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 07/10] nvme-tcp: request secure channel concatenation Hannes Reinecke
2025-01-28  9:11   ` Christoph Hellwig
2025-01-28 15:33     ` Hannes Reinecke
2025-02-03 14:06     ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 08/10] nvme-fabrics: reset admin connection for secure concatenation Hannes Reinecke
2025-01-22 16:58 ` [PATCH 09/10] nvmet-tcp: support secure channel concatenation Hannes Reinecke
2025-01-28  9:15   ` Christoph Hellwig
2025-02-03 14:20     ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 10/10] nvmet: add tls_concat and tls_key debugfs entries Hannes Reinecke
2025-01-23 22:13 ` [PATCHv14 00/10] nvme: implement secure concatenation Sagi Grimberg
  -- strict thread matches above, loose matches on Subject: below --
2025-02-24 12:38 [PATCHv15 " Hannes Reinecke
2025-02-24 12:38 ` [PATCH 02/10] nvme: add nvme_auth_generate_psk() Hannes Reinecke
2024-12-03 11:02 [PATCHv13 00/10] nvme: implement secure concatenation Hannes Reinecke
2024-12-03 11:02 ` [PATCH 02/10] nvme: add nvme_auth_generate_psk() Hannes Reinecke
2024-12-02 14:29 [PATCHv12 00/10] nvme: implement secure concatenation Hannes Reinecke
2024-12-02 14:29 ` [PATCH 02/10] nvme: add nvme_auth_generate_psk() Hannes Reinecke

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250128085336.GA25760@lst.de \
    --to=hch@lst.de \
    --cc=hare@kernel.org \
    --cc=kbusch@kernel.org \
    --cc=linux-nvme@lists.infradead.org \
    --cc=sagi@grimberg.me \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox