From: Hannes Reinecke <hare@kernel.org>
To: Christoph Hellwig <hch@lst.de>
Cc: Keith Busch <kbusch@kernel.org>, Sagi Grimberg <sagi@grimberg.me>,
linux-nvme@lists.infradead.org, Hannes Reinecke <hare@kernel.org>
Subject: [PATCH 04/12] nvme-auth: do not cache the transformed secret
Date: Fri, 25 Apr 2025 11:49:19 +0200 [thread overview]
Message-ID: <20250425094927.102656-5-hare@kernel.org> (raw)
In-Reply-To: <20250425094927.102656-1-hare@kernel.org>
Only saving so much, and doesn't bring much benefit.
Signed-off-by: Hannes Reinecke <hare@kernel.org>
---
drivers/nvme/host/auth.c | 29 +++++++++++------------------
1 file changed, 11 insertions(+), 18 deletions(-)
diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
index 4b6dc1dd5f66..4e30a491e677 100644
--- a/drivers/nvme/host/auth.c
+++ b/drivers/nvme/host/auth.c
@@ -24,8 +24,6 @@ struct nvme_dhchap_queue_context {
struct nvme_ctrl *ctrl;
struct crypto_shash *shash_tfm;
struct crypto_kpp *dh_tfm;
- u8 *transformed_secret;
- size_t transformed_len;
void *buf;
int qid;
int error;
@@ -431,28 +429,25 @@ static int nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl,
struct nvme_dhchap_queue_context *chap)
{
SHASH_DESC_ON_STACK(shash, chap->shash_tfm);
+ u8 *transformed_secret;
+ size_t transformed_len;
u8 buf[4], *challenge = chap->c1;
int ret;
dev_dbg(ctrl->device, "%s: qid %d host response seq %u transaction %d\n",
__func__, chap->qid, chap->s1, chap->transaction);
- if (!chap->transformed_secret) {
- ret = nvme_auth_transform_key(ctrl->host_key,
- ctrl->opts->host->nqn,
- &chap->transformed_secret);
- if (ret < 0)
- return ret;
- chap->transformed_len = ret;
- } else {
- dev_dbg(ctrl->device, "%s: qid %d re-using host response\n",
- __func__, chap->qid);
- }
+ ret = nvme_auth_transform_key(ctrl->host_key,
+ ctrl->opts->host->nqn,
+ &transformed_secret);
+ if (ret < 0)
+ return ret;
+ transformed_len = ret;
ret = crypto_shash_setkey(chap->shash_tfm,
- chap->transformed_secret, chap->transformed_len);
+ transformed_secret, transformed_len);
if (ret) {
- dev_warn(ctrl->device, "qid %d: failed to set key, error %d\n",
+ dev_warn(ctrl->device, "qid %d: failed to set host key, error %d\n",
chap->qid, ret);
goto out;
}
@@ -509,6 +504,7 @@ static int nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl,
out:
if (challenge != chap->c1)
kfree(challenge);
+ kfree(transformed_secret);
return ret;
}
@@ -657,9 +653,6 @@ static int nvme_auth_dhchap_exponential(struct nvme_ctrl *ctrl,
static void nvme_auth_reset_dhchap(struct nvme_dhchap_queue_context *chap)
{
- kfree(chap->transformed_secret);
- chap->transformed_secret = NULL;
- chap->transformed_len = 0;
kfree_sensitive(chap->host_key);
chap->host_key = NULL;
chap->host_key_len = 0;
--
2.35.3
next prev parent reply other threads:[~2025-04-25 11:14 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-25 9:49 [PATCH 00/12] nvme-auth: switch to use the kernel keyring Hannes Reinecke
2025-04-25 9:49 ` [PATCH 01/12] nvme-auth: modify nvme_auth_transform_key() to return status Hannes Reinecke
2025-05-07 7:24 ` Christoph Hellwig
2025-05-07 7:29 ` Hannes Reinecke
2025-04-25 9:49 ` [PATCH 02/12] nvme-auth: use SHASH_DESC_ON_STACK Hannes Reinecke
2025-05-07 7:28 ` Christoph Hellwig
2025-05-07 7:29 ` Hannes Reinecke
2025-05-07 7:35 ` Christoph Hellwig
2025-04-25 9:49 ` [PATCH 03/12] nvmet-auth: " Hannes Reinecke
2025-04-25 9:49 ` Hannes Reinecke [this message]
2025-05-07 7:25 ` [PATCH 04/12] nvme-auth: do not cache the transformed secret Christoph Hellwig
2025-04-25 9:49 ` [PATCH 05/12] nvme-keyring: add 'dhchap' key type Hannes Reinecke
2025-04-25 9:49 ` [PATCH 06/12] nvme-auth: switch to use 'struct key' Hannes Reinecke
2025-04-25 9:49 ` [PATCH 07/12] nvme-auth: drop nvme_dhchap_key structure and unused functions Hannes Reinecke
2025-05-07 7:26 ` Christoph Hellwig
2025-05-07 7:30 ` Hannes Reinecke
2025-04-25 9:49 ` [PATCH 08/12] nvme: parse dhchap keys during option parsing Hannes Reinecke
2025-04-25 9:49 ` [PATCH 09/12] nvmet-auth: parse dhchap key from configfs attribute Hannes Reinecke
2025-04-25 9:49 ` [PATCH 10/12] nvme: allow to pass in key serial number as dhchap secret Hannes Reinecke
2025-04-25 9:49 ` [PATCH 11/12] nvme-auth: wait for authentication to finish when changing keys Hannes Reinecke
2025-04-25 9:49 ` [PATCH 12/12] nvme: Unify Kconfig settings Hannes Reinecke
2025-05-07 7:23 ` Christoph Hellwig
2025-05-07 7:30 ` Hannes Reinecke
2025-05-07 7:19 ` [PATCH 00/12] nvme-auth: switch to use the kernel keyring Christoph Hellwig
2025-05-07 7:42 ` Hannes Reinecke
2025-05-07 7:53 ` Sagi Grimberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250425094927.102656-5-hare@kernel.org \
--to=hare@kernel.org \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox