[PATCH 04/10] nvme: add nvme_auth_derive_tls_psk()
Hannes Reinecke
hare at suse.de
Mon Feb 3 05:37:59 PST 2025
On 1/28/25 09:58, Christoph Hellwig wrote:
>> + info_len = strlen(psk_digest) + strlen(psk_prefix) + 5;
>
> Where does the magic 5 come from?
>
Two bytes for the HASH ID, two bytes for the length field from
HKDF-Expand-Label, and one byte for the space separator.
>>
>> + info = kzalloc(info_len, GFP_KERNEL);
>> + if (!info) {
>> + ret = -ENOMEM;
>> + goto out_free_prk;
>> + }
>> +
>> + put_unaligned_be16(psk_len, info);
>> + memcpy(info + 2, psk_prefix, strlen(psk_prefix));
>> + sprintf(info + 2 + strlen(psk_prefix), "%02d %s", hmac_id, psk_digest);
>
> And this feels like we'd want a basic struct for this, even if it
> just is the len field and a flexible array. Which will also help the
> compiler to to do bounds checking using __counted_by.
>
It would, if the were counting the full 'info' string.
But the 'length' field is just the length of the string 'tls13 ' +
'nvme-tls-psk' (cf the definition of HKDF-Expand-Label in RFC 8446).
So having a _counted_by thingie would only count the first part
of the full 'info' string.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
More information about the Linux-nvme
mailing list