[PATCH 06/17] nvme: add nvme_auth_derive_tls_psk()
Hannes Reinecke
hare at suse.de
Thu Apr 18 04:00:37 PDT 2024
On 4/7/24 23:04, Sagi Grimberg wrote:
>
>
> On 18/03/2024 17:03, Hannes Reinecke wrote:
>> From: Hannes Reinecke <hare at suse.de>
>>
>> Add a function to derive the TLS PSK as specified TP8018.
>>
>> Signed-off-by: Hannes Reinecke <hare at suse.de>
>> ---
>> drivers/nvme/common/auth.c | 71 ++++++++++++++++++++++++++++++++++++++
>> include/linux/nvme-auth.h | 1 +
>> 2 files changed, 72 insertions(+)
>>
>> diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c
>> index f56f08a4461e..90d525afc240 100644
>> --- a/drivers/nvme/common/auth.c
>> +++ b/drivers/nvme/common/auth.c
>> @@ -652,5 +652,76 @@ u8 *nvme_auth_generate_digest(u8 hmac_id, u8
>> *psk, size_t psk_len,
>> }
>> EXPORT_SYMBOL_GPL(nvme_auth_generate_digest);
>> +u8 *nvme_auth_derive_tls_psk(int hmac_id, u8 *psk, size_t psk_len, u8
>> *psk_digest)
>> +{
>
> Same comment here.
> Can you please add a description of the derivation process in a function
> comment?
> It is not trivial for me to follow.
>
Sure, will do.
>> + struct crypto_shash *hmac_tfm;
>> + const char *hmac_name;
>> + const char *psk_prefix = "tls13 nvme-tls-psk";
>> + size_t info_len, prk_len;
>> + char *info;
>> + unsigned char *prk, *tls_key;
>> + int ret;
>> +
>> + hmac_name = nvme_auth_hmac_name(hmac_id);
>> + if (!hmac_name) {
>> + pr_warn("%s: invalid hash algoritm %d\n",
>> + __func__, hmac_id);
>> + return ERR_PTR(-EINVAL);
>> + }
>> + if (hmac_id == NVME_AUTH_HASH_SHA512) {
>> + pr_warn("%s: unsupported hash algorithm %s\n",
>> + __func__, hmac_name);
>> + return ERR_PTR(-EINVAL);
>> + }
>> +
>> + hmac_tfm = crypto_alloc_shash(hmac_name, 0, 0);
>> + if (IS_ERR(hmac_tfm))
>> + return (u8 *)hmac_tfm;
>> +
>> + prk_len = crypto_shash_digestsize(hmac_tfm);
>> + prk = kzalloc(prk_len, GFP_KERNEL);
>
> What does prk stand for?
>
That's from the spec. It'll be referred to in the function
description.
Cheers,
Hannes
More information about the Linux-nvme
mailing list