[PATCH] nvme-auth: Hash DH shared secret to create session key
Eric Biggers
ebiggers at kernel.org
Tue Mar 10 22:13:40 PDT 2026
On Tue, Mar 10, 2026 at 06:21:16PM -0700, Chris Leech wrote:
> +/**
> + * nvme_auth_gen_session_key() - Generate an ephemeral session key
> + * @dh_tfm: Diffie-Hellman transform with local private key already set
> + * @ctrl_key: Peer's public key
> + * @ctrl_key_len: Length of @ctrl_key
> + * @sess_key: Output buffer for the session key
> + * @sess_key_len: Size of @sess_key buffer
> + * @hash_id: Hash algorithm identifier
> + *
> + * NVMe base specification 8.3.5.5.9: The session key Ks shall be computed from
> + * the ephemeral DH key (i.e., g^xy mod p) ... by applying the hash function
> + * H() selected by the HashID parameter ... (i.e., Ks = H(g^xy mod p)).
> + *
> + * Return: 0 on success, negative errno on failure.
> + */
> +int nvme_auth_gen_session_key(struct crypto_kpp *dh_tfm,
> const u8 *ctrl_key, size_t ctrl_key_len,
ctrl_key and ctrl_key_len should be public_key and public_key_len. It
is the public key of the other side, which can be either the host or the
controller.
> + hash_len = nvme_auth_hmac_hash_len(hash_id);
> + if (!hash_len) {
> + pr_warn("%s: invalid hash algorithm %d\n", __func__, hash_id);
> + return -EINVAL;
> + }
> +
> + if (sess_key_len < hash_len) {
> + pr_warn("%s: sess_key buffer too small (%zu < %zu)\n",
> + __func__, sess_key_len, hash_len);
> + return -EINVAL;
> + }
Probably should be tightened to 'sess_key_len != hash_len', since this
function writes to exactly hash_len bytes and does not report the length
it actually wrote.
- Eric
More information about the Linux-nvme
mailing list