kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   c9f801deb73d69cb815199861d1f433ea476f4a2
  2.   patches.suse
  3.   nvme-auth-align-to-pre-upstream-FFDHE-implementation.patch
Blob Blame History Raw 
From: Hannes Reinecke <hare@suse.de>
Date: Fri, 12 Aug 2022 08:30:00 +0200
Subject: [PATCH] nvme-auth: align to pre-upstream FFDHE implementation
Patch-Mainline: never, SLES-specific
References: bsc#1202265

The FFDHE implementation changed several times before being accepted
upstream, and SLES is carrying an earlier version of that. So modify
the upstream code to work with the SLES version.

Signed-off-by: Hannes Reinecke <hare@suse.de>
---
 drivers/nvme/common/auth.c | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c
index 0c86ebce59d2..56d0d9355640 100644
--- a/drivers/nvme/common/auth.c
+++ b/drivers/nvme/common/auth.c
@@ -42,15 +42,15 @@ static struct nvme_auth_dhgroup_map {
 	[NVME_AUTH_DHGROUP_NULL] = {
 		.name = "null", .kpp = "null" },
 	[NVME_AUTH_DHGROUP_2048] = {
-		.name = "ffdhe2048", .kpp = "ffdhe2048(dh)" },
+		.name = "ffdhe2048", .kpp = "dh" },
 	[NVME_AUTH_DHGROUP_3072] = {
-		.name = "ffdhe3072", .kpp = "ffdhe3072(dh)" },
+		.name = "ffdhe3072", .kpp = "dh" },
 	[NVME_AUTH_DHGROUP_4096] = {
-		.name = "ffdhe4096", .kpp = "ffdhe4096(dh)" },
+		.name = "ffdhe4096", .kpp = "dh" },
 	[NVME_AUTH_DHGROUP_6144] = {
-		.name = "ffdhe6144", .kpp = "ffdhe6144(dh)" },
+		.name = "ffdhe6144", .kpp = "dh" },
 	[NVME_AUTH_DHGROUP_8192] = {
-		.name = "ffdhe8192", .kpp = "ffdhe8192(dh)" },
+		.name = "ffdhe8192", .kpp = "dh" },
 };
 
 const char *nvme_auth_dhgroup_name(u8 dhgroup_id)
@@ -392,11 +392,35 @@ EXPORT_SYMBOL_GPL(nvme_auth_augmented_challenge);
 int nvme_auth_gen_privkey(struct crypto_kpp *dh_tfm, u8 dh_gid)
 {
 	int ret;
+	struct dh dh = {0};
+	size_t dh_secret_len;
+	u8 *dh_secret;
+
+	dh.group_id = dh_gid;
+	if (!nvme_auth_dhgroup_name(dh.group_id) ||
+	    dh_gid == NVME_AUTH_DHGROUP_NULL) {
+		pr_warn("invalid dh group %u\n", dh_gid);
+		return -EINVAL;
+	}
+
+	dh_secret_len = crypto_dh_key_len(&dh);
+	dh_secret = kzalloc(dh_secret_len, GFP_KERNEL);
+	if (!dh_secret)
+		return -ENOMEM;
+
+	ret = crypto_dh_encode_key(dh_secret, dh_secret_len, &dh);
+	if (ret) {
+		pr_debug("failed to encode private key, error %d\n", ret);
+		goto out;
+	}
 
-	ret = crypto_kpp_set_secret(dh_tfm, NULL, 0);
+	ret = crypto_kpp_set_secret(dh_tfm, dh_secret, dh_secret_len);
 	if (ret)
 		pr_debug("failed to set private key, error %d\n", ret);
 
+out:
+	kfree_sensitive(dh_secret);
+	dh_secret = NULL;
 	return ret;
 }
 EXPORT_SYMBOL_GPL(nvme_auth_gen_privkey);
-- 
2.35.3
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.