From: Hannes Reinecke <hare@suse.de>
To: Christoph Hellwig <hch@lst.de>, Hannes Reinecke <hare@kernel.org>
Cc: Keith Busch <kbusch@kernel.org>, Sagi Grimberg <sagi@grimberg.me>,
linux-nvme@lists.infradead.org
Subject: Re: [PATCH 02/10] nvme: add nvme_auth_generate_psk()
Date: Tue, 28 Jan 2025 16:26:23 +0100 [thread overview]
Message-ID: <f49aa2da-5449-4612-b1b1-9b63c815ec83@suse.de> (raw)
In-Reply-To: <20250128085336.GA25760@lst.de>
On 1/28/25 09:53, Christoph Hellwig wrote:
>> + * Generate a PSK for TLS as specified in NVMe base specification, section 8.13.5.9:
>
> Please fix your comment to stay in 80 characters. The line wrapping
> here makes the text almost unreadable.
>
>> +int nvme_auth_generate_psk(u8 hmac_id, u8 *skey, size_t skey_len,
>> + u8 *c1, u8 *c2, size_t hash_len, u8 **ret_psk,size_t *ret_len)
>
> Missing whitespace before the last size_t.
>
>> +{
>> + struct crypto_shash *tfm;
>> + struct shash_desc *shash;
>> + u8 *psk;
>> + const char *hmac_name;
>> + int ret, psk_len;
>> +
>> + if (!c1 || !c2) {
>> + pr_warn("%s: invalid parameter\n", __func__);
>> + return -EINVAL;
>> + }
>
> No a very useful error message. Given that this is a violation of
> the API contract either a WARN_ON_ONCE or just letting the crypto
> algorithm fail should be fine.
>
Okay, will just let it fail.
>> + tfm = crypto_alloc_shash(hmac_name, 0, 0);
>> + if (IS_ERR(tfm))
>> + return PTR_ERR(tfm);
>> +
>> + psk_len = crypto_shash_digestsize(tfm);
>> + psk = kzalloc(psk_len, GFP_KERNEL);
>> + if (!psk) {
>> + ret = -ENOMEM;
>> + goto out_free_tfm;
>> + }
>> +
>> + shash = kmalloc(sizeof(struct shash_desc) +
>> + crypto_shash_descsize(tfm),
>> + GFP_KERNEL);
>> + if (!shash) {
>> + ret = -ENOMEM;
>> + goto out_free_psk;
>> + }
>
> Is there a good reason this can't use SHASH_DESC_ON_STACK()?
>
I'll check.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
next prev parent reply other threads:[~2025-01-28 15:27 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-22 16:58 [PATCHv14 00/10] nvme: implement secure concatenation Hannes Reinecke
2025-01-22 16:58 ` [PATCH 01/10] crypto,fs: Separate out hkdf_extract() and hkdf_expand() Hannes Reinecke
2025-01-22 16:58 ` [PATCH 02/10] nvme: add nvme_auth_generate_psk() Hannes Reinecke
2025-01-28 8:53 ` Christoph Hellwig
2025-01-28 15:26 ` Hannes Reinecke [this message]
2025-01-22 16:58 ` [PATCH 03/10] nvme: add nvme_auth_generate_digest() Hannes Reinecke
2025-01-28 8:56 ` Christoph Hellwig
2025-01-22 16:58 ` [PATCH 04/10] nvme: add nvme_auth_derive_tls_psk() Hannes Reinecke
2025-01-28 8:58 ` Christoph Hellwig
2025-02-03 13:37 ` Hannes Reinecke
2025-02-04 5:23 ` Christoph Hellwig
2025-01-22 16:58 ` [PATCH 05/10] nvme-keyring: add nvme_tls_psk_refresh() Hannes Reinecke
2025-01-28 9:00 ` Christoph Hellwig
2025-02-03 13:55 ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 06/10] nvme: always include <linux/key.h> Hannes Reinecke
2025-01-28 9:01 ` Christoph Hellwig
2025-02-03 13:55 ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 07/10] nvme-tcp: request secure channel concatenation Hannes Reinecke
2025-01-28 9:11 ` Christoph Hellwig
2025-01-28 15:33 ` Hannes Reinecke
2025-02-03 14:06 ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 08/10] nvme-fabrics: reset admin connection for secure concatenation Hannes Reinecke
2025-01-22 16:58 ` [PATCH 09/10] nvmet-tcp: support secure channel concatenation Hannes Reinecke
2025-01-28 9:15 ` Christoph Hellwig
2025-02-03 14:20 ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 10/10] nvmet: add tls_concat and tls_key debugfs entries Hannes Reinecke
2025-01-23 22:13 ` [PATCHv14 00/10] nvme: implement secure concatenation Sagi Grimberg
-- strict thread matches above, loose matches on Subject: below --
2025-02-24 12:38 [PATCHv15 " Hannes Reinecke
2025-02-24 12:38 ` [PATCH 02/10] nvme: add nvme_auth_generate_psk() Hannes Reinecke
2024-12-03 11:02 [PATCHv13 00/10] nvme: implement secure concatenation Hannes Reinecke
2024-12-03 11:02 ` [PATCH 02/10] nvme: add nvme_auth_generate_psk() Hannes Reinecke
2024-12-02 14:29 [PATCHv12 00/10] nvme: implement secure concatenation Hannes Reinecke
2024-12-02 14:29 ` [PATCH 02/10] nvme: add nvme_auth_generate_psk() Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f49aa2da-5449-4612-b1b1-9b63c815ec83@suse.de \
--to=hare@suse.de \
--cc=hare@kernel.org \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox