From: Chris Leech <cleech@redhat.com>
To: Hannes Reinecke <hare@kernel.org>
Cc: Christoph Hellwig <hch@lst.de>, Sagi Grimberg <sagi@grimberg.me>,
Keith Busch <kbusch@kernel.org>,
linux-nvme@lists.infradead.org
Subject: Re: [PATCH 3/8] nvme-auth: switch to use 'struct key'
Date: Wed, 1 Apr 2026 11:36:49 -0700 [thread overview]
Message-ID: <20260401-dd12748d3ce7d56bf6f24fa3@redhat.com> (raw)
In-Reply-To: <20260317130103.107360-4-hare@kernel.org>
On Tue, Mar 17, 2026 at 02:00:58PM +0100, Hannes Reinecke wrote:
> Use the new key type 'dhchap' to store the DH-HMAC-CHAP keys and modify
> handling function to use 'struct key'. With that we can drop the now
> unused 'struct nvme_dhchap_key' definitions.
>
> Signed-off-by: Hannes Reinecke <hare@kernel.org>
> ---
> drivers/nvme/common/Kconfig | 1 +
> drivers/nvme/common/auth.c | 191 +++++++++++++---------------------
> drivers/nvme/common/keyring.c | 98 +++++++++++++++++
> drivers/nvme/host/Kconfig | 1 -
> drivers/nvme/host/auth.c | 28 +++--
> drivers/nvme/host/nvme.h | 4 +-
> drivers/nvme/host/sysfs.c | 26 +++--
> drivers/nvme/target/Kconfig | 1 -
> drivers/nvme/target/auth.c | 40 +++----
> drivers/nvme/target/nvmet.h | 4 +-
> include/linux/nvme-auth.h | 17 +--
> include/linux/nvme-keyring.h | 22 +++-
> 12 files changed, 256 insertions(+), 177 deletions(-)
...
> @@ -180,42 +181,43 @@ u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq, bool reset)
> ctrl->shash_id = host->dhchap_hash_id;
> }
>
> - /* Skip the 'DHHC-1:XX:' prefix */
> - nvme_auth_free_key(ctrl->host_key);
> - ctrl->host_key = nvme_auth_extract_key(host->dhchap_secret + 10,
> - host->dhchap_key_hash);
> + key_put(ctrl->host_key);
> + ctrl->host_key = nvme_auth_extract_key(NULL, host->dhchap_secret,
> + strlen(host->dhchap_secret));
> if (IS_ERR(ctrl->host_key)) {
> ret = NVME_AUTH_DHCHAP_FAILURE_NOT_USABLE;
> ctrl->host_key = NULL;
> goto out_free_hash;
> }
> - pr_debug("%s: using hash %s key %*ph\n", __func__,
> - ctrl->host_key->hash > 0 ?
> - nvme_auth_hmac_name(ctrl->host_key->hash) : "none",
> - (int)ctrl->host_key->len, ctrl->host_key->key);
> + host_hash = nvme_dhchap_psk_hash(ctrl->host_key);
> + pr_debug("%s: using hash %s key %u\n", __func__,
> + ctrl_hash > 0 ?
> + nvme_auth_hmac_name(ctrl_hash) : "none",
Use of uninitialized ctrl_hash, should this be host_hash?
> --- a/include/linux/nvme-keyring.h
> +++ b/include/linux/nvme-keyring.h
> @@ -18,9 +18,14 @@ key_serial_t nvme_tls_psk_default(struct key *keyring,
>
> key_serial_t nvme_keyring_id(void);
> struct key *nvme_tls_key_lookup(key_serial_t key_id);
> +
> +struct key *nvme_dhchap_psk_create(struct key *keyring,
> + const u8 *data, size_t data_len);
> +struct key *nvme_dhchap_psk_lookup(struct key *keyring, const char *identity);
> +u8 nvme_dhchap_psk_hash(struct key *key);
> +
> #else
> static inline struct key *nvme_tls_psk_refresh(struct key *keyring,
> - const char *hostnqn, char *subnqn, u8 hmac_id,
> u8 *data, size_t data_len, const char *digest)
This looks like a mistake, it changes the signature of the stub but
there is no change to the actual implemenataion.
> {
> return ERR_PTR(-ENOTSUPP);
> @@ -38,5 +43,20 @@ static inline struct key *nvme_tls_key_lookup(key_serial_t key_id)
> {
> return ERR_PTR(-ENOTSUPP);
> }
> +static inline struct key *nvme_dhchap_psk_refresh(struct key *keyring,
> + const char *hostnqn, const char *subnqn,
> + u8 *data, size_t data_len)
This looks like a stub for something that doesn't exist, it's unused code.
> +{
> + return ERR_PTR(-ENOTSUPP);
> +}
> +static inline struct key *nvme_dhchap_psk_lookup(struct key *keyring,
> + const char *hostnqn, const char *subnqn, u8 hmac);
This stub function signature does not match the real one.
- Chris
next prev parent reply other threads:[~2026-04-01 18:37 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-17 13:00 [PATCHv3 0/8] nvme-auth: switch to use the kernel keyring Hannes Reinecke
2026-03-17 13:00 ` [PATCH 1/8] nvme-auth: modify nvme_auth_transform_key() to return status Hannes Reinecke
2026-03-17 13:09 ` Maurizio Lombardi
2026-03-17 14:55 ` Hannes Reinecke
2026-03-17 13:00 ` [PATCH 2/8] nvme-keyring: add 'dhchap' key type Hannes Reinecke
2026-04-01 18:13 ` Chris Leech
2026-03-17 13:00 ` [PATCH 3/8] nvme-auth: switch to use 'struct key' Hannes Reinecke
2026-04-01 18:36 ` Chris Leech [this message]
2026-03-17 13:00 ` [PATCH 4/8] nvme: parse dhchap keys during option parsing Hannes Reinecke
2026-04-01 18:43 ` Chris Leech
2026-03-17 13:01 ` [PATCH 5/8] nvmet-auth: parse dhchap key from configfs attribute Hannes Reinecke
2026-03-17 13:01 ` [PATCH 6/8] nvme: allow to pass in key description as dhchap secret Hannes Reinecke
2026-03-17 13:01 ` [PATCH 7/8] nvme-auth: wait for authentication to finish when changing keys Hannes Reinecke
2026-03-17 13:01 ` [PATCH 8/8] nvme-fabrics: allow to pass in keyring by name Hannes Reinecke
2026-03-17 13:20 ` [PATCHv3 0/8] nvme-auth: switch to use the kernel keyring Maurizio Lombardi
2026-03-17 14:44 ` Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260401-dd12748d3ce7d56bf6f24fa3@redhat.com \
--to=cleech@redhat.com \
--cc=hare@kernel.org \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox