[PATCH 12/21] nvme-auth: common: use crypto library in nvme_auth_derive_tls_psk()

Eric Biggers ebiggers at kernel.org
Thu Jun 25 11:01:30 PDT 2026


On Thu, Jun 25, 2026 at 10:02:27AM +0100, John Garry wrote:
> On 02/03/2026 07:59, Eric Biggers wrote:
> >   int nvme_auth_derive_tls_psk(int hmac_id, const u8 *psk, size_t psk_len,
> >   			     const char *psk_digest, u8 **ret_psk)
> >   {
> > -	struct crypto_shash *hmac_tfm;
> > -	const char *hmac_name;
> > -	const char *label = "nvme-tls-psk";
> >   	static const u8 default_salt[NVME_AUTH_MAX_DIGEST_SIZE];
> > -	size_t prk_len;
> > -	const char *ctx;
> > -	u8 *prk, *tls_key;
> > +	static const char label[] = "tls13 nvme-tls-psk";
> > +	const size_t label_len = sizeof(label) - 1;
> > +	u8 prk[NVME_AUTH_MAX_DIGEST_SIZE];
> > +	size_t hash_len, ctx_len;
> > +	u8 *hmac_data = NULL, *tls_key;
> > +	size_t i;
> >   	int ret;
> > -	hmac_name = nvme_auth_hmac_name(hmac_id);
> > -	if (!hmac_name) {
> > +	hash_len = nvme_auth_hmac_hash_len(hmac_id);
> > +	if (hash_len == 0) {
> >   		pr_warn("%s: invalid hash algorithm %d\n",
> 
> ...
> 
> > +	i = 0;
> > +	hmac_data[i++] = hash_len >> 8;
> > +	hmac_data[i++] = hash_len;
> > +
> > +	/* label */
> > +	static_assert(label_len <= 255);
> 
> JFYI, this is generating a C=1 warning for me:
> 
>   CHECK   drivers/nvme/common/auth.c
> drivers/nvme/common/auth.c:746:9: error: bad constant expression
> 
> The following fixes/avoids it:
> 
> /* label */
> -       static_assert(label_len <= 255);
> +       static_assert(sizeof(label) - 1 <= 255);
> 
> Even though label_len is declared as const, label_len <= 255 is not a
> constant expression.

Only affects sparse, but I sent a patch:
https://lore.kernel.org/linux-nvme/20260625175911.35094-1-ebiggers@kernel.org

- Eric



More information about the Linux-nvme mailing list