[PATCH v2 1/2] nvme-auth: use transformed key size to create resp
Hannes Reinecke
hare at suse.de
Mon Oct 16 02:14:38 PDT 2023
On 10/16/23 10:57, Mark O'Donovan wrote:
> This does not change current behaviour as the driver currently
> verifies that the secret size is the same size as the length of
> the transformation hash.
>
> Co-developed-by: Akash Appaiah <Akash.Appaiah at dell.com>
> Signed-off-by: Akash Appaiah <Akash.Appaiah at dell.com>
> Signed-off-by: Mark O'Donovan <shiftee at posteo.net>
> ---
> V1 -> V2: support target implementation and controller secrets also
>
> drivers/nvme/common/auth.c | 6 +++++-
> drivers/nvme/host/auth.c | 4 ++--
> drivers/nvme/target/auth.c | 4 ++--
> include/linux/nvme-auth.h | 3 ++-
> 4 files changed, 11 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c
> index d90e4f0c08b7..26a7fbdf4d55 100644
> --- a/drivers/nvme/common/auth.c
> +++ b/drivers/nvme/common/auth.c
> @@ -243,6 +243,8 @@ u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key, char *nqn)
> }
> if (key->hash == 0) {
> transformed_key = kmemdup(key->key, key->len, GFP_KERNEL);
> + if (transformed_key)
> + key->transformed_len = key->len;
> return transformed_key ? transformed_key : ERR_PTR(-ENOMEM);
Hmm. But now we're inconsistent.
The input structure 'key' doesn't know (nor does care) if the key has
been transformed; the transformation itself is returned in a different
structure.
If we were to go that way the it'll be better to return a 'struct
nvme_dhchap_key' from nvme_auth_transform_key(), which will then
encapsulate the data and the correct length.
Which probably is not a bad idea, seeing that a key transform really
should generate a new key.
Hmm?
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions Germany GmbH, Frankenstr. 146, 90461 Nürnberg
Managing Directors: I. Totev, A. Myers, A. McDonald, M. B. Moerman
(HRB 36809, AG Nürnberg)
More information about the Linux-nvme
mailing list