[PATCH 07/12] nvme: Implement In-Band authentication
Sagi Grimberg
sagi at grimberg.me
Tue Nov 23 05:11:20 PST 2021
> +int nvme_auth_generate_key(struct nvme_ctrl *ctrl, u8 *secret, bool set_ctrl)
Didn't we agree to pass the key pointer? i.e.
int nvme_auth_generate_key(struct nvme_dhchap_key **key, u8 *secret)
> +{
> + struct nvme_dhchap_key *key;
> + u8 key_hash;
> +
> + if (!secret)
> + return 0;
> +
> + if (sscanf(secret, "DHHC-1:%hhd:%*s:", &key_hash) != 1)
> + return -EINVAL;
> +
> + /* Pass in the secret without the 'DHHC-1:XX:' prefix */
> + key = nvme_auth_extract_key(secret + 10, key_hash);
> + if (IS_ERR(key)) {
> + dev_dbg(ctrl->device, "failed to extract key, error %ld\n",
> + PTR_ERR(key));
The print here is slightly redundant - you already have prints inside
nvme_auth_extract_key already.
> + return PTR_ERR(key);
> + }
> +
Then we instead just do:
*key = key;
> + if (set_ctrl)
> + ctrl->ctrl_key = key;
> + else
> + ctrl->host_key = key;
> +
> + return 0;
> +}
...
> +EXPORT_SYMBOL_GPL(nvme_auth_generate_key);
> diff --git a/drivers/nvme/host/auth.h b/drivers/nvme/host/auth.h
> new file mode 100644
> index 000000000000..16e3d893d54a
> --- /dev/null
> +++ b/drivers/nvme/host/auth.h
> @@ -0,0 +1,33 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * Copyright (c) 2021 Hannes Reinecke, SUSE Software Solutions
> + */
> +
> +#ifndef _NVME_AUTH_H
> +#define _NVME_AUTH_H
> +
> +#include <crypto/kpp.h>
> +
> +struct nvme_dhchap_key {
> + u8 *key;
> + size_t key_len;
> + u8 key_hash;
Why not just name it len and hash? don't think the key_
prefix is useful...
More information about the Linux-nvme
mailing list