summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark O'Donovan <shiftee@posteo.net>2023-10-17 20:09:19 +0300
committerKeith Busch <kbusch@kernel.org>2023-10-17 23:57:55 +0300
commit32445526d836f827ea7e74ef933610b531d239df (patch)
tree2e8485dcf3570231e18463140e16a88c9c9ce3a3
parentf047daed179a451657d1e66b5fe4030a593a000c (diff)
downloadlinux-32445526d836f827ea7e74ef933610b531d239df.tar.xz
nvme-auth: allow mixing of secret and hash lengths
We can now use any of the secret transformation hashes with a secret, regardless of the secret size. e.g. a 32 byte key with the SHA-512(64 byte) hash. The example secret from the spec should now be permitted with any of the following: DHHC-1:00:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:01:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:02:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: DHHC-1:03:ia6zGodOr4SEG0Zzaw398rpY0wqipUWj4jWjUh4HWUz6aQ2n: Note: Secrets are still restricted to 32,48 or 64 bits. Co-developed-by: Akash Appaiah <Akash.Appaiah@dell.com> Signed-off-by: Akash Appaiah <Akash.Appaiah@dell.com> Signed-off-by: Mark O'Donovan <shiftee@posteo.net> Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Keith Busch <kbusch@kernel.org>
-rw-r--r--drivers/nvme/common/auth.c8
1 files changed, 0 insertions, 8 deletions
diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c
index f954aeb647a5..a8e87dfbeab2 100644
--- a/drivers/nvme/common/auth.c
+++ b/drivers/nvme/common/auth.c
@@ -190,14 +190,6 @@ struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret,
goto out_free_secret;
}
- if (key_hash > 0 &&
- (key_len - 4) != nvme_auth_hmac_hash_len(key_hash)) {
- pr_err("Mismatched key len %d for %s\n", key_len,
- nvme_auth_hmac_name(key_hash));
- ret = -EINVAL;
- goto out_free_secret;
- }
-
/* The last four bytes is the CRC in little-endian format */
key_len -= 4;
/*