[PATCH v1 1/1] nvme-auth: use crypto_memneq for DH-HMAC-CHAP response comparison
Hannes Reinecke
hare at suse.de
Thu Jul 2 23:24:15 PDT 2026
On 7/1/26 8:30 AM, Xixin Liu wrote:
> DH-HMAC-CHAP authentication compares HMAC response digests with memcmp().
> Standard memcmp() may stop at the first differing byte, which can leak
> timing information to a remote attacker and allow incremental recovery
> of the expected digest.
>
> Use crypto_memneq() for constant-time comparison on both the host path
> that validates the controller Success1 response and the target path that
> validates the host Reply digest. Other memcmp() uses in the NVMe auth
> code (e.g. fixed string prefix checks) are not security-sensitive and
> are left unchanged.
>
> Signed-off-by: Xixin Liu <liuxixin at kylinos.cn>
> ---
> drivers/nvme/host/auth.c | 3 ++-
> drivers/nvme/target/fabrics-cmd-auth.c | 3 ++-
> 2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
> index 111111111111..222222222222 100644
> --- a/drivers/nvme/host/auth.c
> +++ b/drivers/nvme/host/auth.c
> @@ -8,6 +8,7 @@
> #include <linux/prandom.h>
> #include <linux/unaligned.h>
> #include <crypto/dh.h>
> +#include <crypto/utils.h>
> #include "nvme.h"
> #include "fabrics.h"
> #include <linux/nvme-auth.h>
> @@ -361,7 +362,7 @@ static int nvme_auth_process_dhchap_success1(struct nvme_ctrl *ctrl,
> return 0;
>
> /* Validate controller response */
> - if (memcmp(chap->response, data->rval, data->hl)) {
> + if (crypto_memneq(chap->response, data->rval, data->hl)) {
> dev_dbg(ctrl->device, "%s: qid %d ctrl response %*ph\n",
> __func__, chap->qid, (int)chap->hash_len, data->rval);
> dev_dbg(ctrl->device, "%s: qid %d host response %*ph\n",
> diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/fabrics-cmd-auth.c
> index 333333333333..444444444444 100644
> --- a/drivers/nvme/target/fabrics-cmd-auth.c
> +++ b/drivers/nvme/target/fabrics-cmd-auth.c
> @@ -8,6 +8,7 @@
> #include <linux/random.h>
> #include <linux/nvme-auth.h>
> #include <crypto/kpp.h>
> +#include <crypto/utils.h>
> #include "nvmet.h"
>
> static void nvmet_auth_expired_work(struct work_struct *work)
> @@ -177,7 +178,7 @@ static u16 nvmet_auth_reply(struct nvmet_req *req,
> return NVME_AUTH_DHCHAP_FAILURE_FAILED;
> }
>
> - if (memcmp(data->rval, response, data->hl)) {
> + if (crypto_memneq(data->rval, response, data->hl)) {
> pr_info("ctrl %d qid %d host response mismatch\n",
> ctrl->cntlid, req->sq->qid);
> pr_debug("ctrl %d qid %d rval %*ph\n",
Reviewed-by: Hannes Reinecke <hare at kernel.org>
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
More information about the Linux-nvme
mailing list