[PATCH 12/21] nvme-auth: common: use crypto library in nvme_auth_derive_tls_psk()

John Garry john.g.garry at oracle.com
Thu Jun 25 02:02:27 PDT 2026


On 02/03/2026 07:59, Eric Biggers wrote:
>   int nvme_auth_derive_tls_psk(int hmac_id, const u8 *psk, size_t psk_len,
>   			     const char *psk_digest, u8 **ret_psk)
>   {
> -	struct crypto_shash *hmac_tfm;
> -	const char *hmac_name;
> -	const char *label = "nvme-tls-psk";
>   	static const u8 default_salt[NVME_AUTH_MAX_DIGEST_SIZE];
> -	size_t prk_len;
> -	const char *ctx;
> -	u8 *prk, *tls_key;
> +	static const char label[] = "tls13 nvme-tls-psk";
> +	const size_t label_len = sizeof(label) - 1;
> +	u8 prk[NVME_AUTH_MAX_DIGEST_SIZE];
> +	size_t hash_len, ctx_len;
> +	u8 *hmac_data = NULL, *tls_key;
> +	size_t i;
>   	int ret;
>   
> -	hmac_name = nvme_auth_hmac_name(hmac_id);
> -	if (!hmac_name) {
> +	hash_len = nvme_auth_hmac_hash_len(hmac_id);
> +	if (hash_len == 0) {
>   		pr_warn("%s: invalid hash algorithm %d\n",

...

> +	i = 0;
> +	hmac_data[i++] = hash_len >> 8;
> +	hmac_data[i++] = hash_len;
> +
> +	/* label */
> +	static_assert(label_len <= 255);

JFYI, this is generating a C=1 warning for me:

   CHECK   drivers/nvme/common/auth.c
drivers/nvme/common/auth.c:746:9: error: bad constant expression

The following fixes/avoids it:

/* label */
-       static_assert(label_len <= 255);
+       static_assert(sizeof(label) - 1 <= 255);

Even though label_len is declared as const, label_len <= 255 is not a 
constant expression.



More information about the Linux-nvme mailing list