Re: [PATCH 07/12] nvme: Implement In-Band authentication

[PATCHv7 00/12] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-11-23
[PATCH 06/12] nvme-fabrics: decode 'authentication required' connect error · Hannes Reinecke <hare@suse.de> · 2021-11-23
[PATCH 12/12] nvmet-auth: expire authentication sessions · Hannes Reinecke <hare@suse.de> · 2021-11-23
[PATCH 02/12] crypto: add crypto_has_kpp() · Hannes Reinecke <hare@suse.de> · 2021-11-23
[PATCH 09/12] nvmet: Parse fabrics commands on all queues · Hannes Reinecke <hare@suse.de> · 2021-11-23
Re: [PATCH 09/12] nvmet: Parse fabrics commands on all queues · Christoph Hellwig <hch@lst.de> · 2021-11-26
[PATCH 01/12] crypto: add crypto_has_shash() · Hannes Reinecke <hare@suse.de> · 2021-11-23
[PATCH 04/12] lib/base64: RFC4648-compliant base64 encoding · Hannes Reinecke <hare@suse.de> · 2021-11-23
Re: [PATCH 04/12] lib/base64: RFC4648-compliant base64 encoding · Eric Biggers <ebiggers@kernel.org> · 2021-11-23
[PATCH 05/12] nvme: add definitions for NVMe In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-11-23
[PATCH 11/12] nvmet-auth: Diffie-Hellman key exchange support · Hannes Reinecke <hare@suse.de> · 2021-11-23
[PATCH 08/12] nvme-auth: Diffie-Hellman key exchange support · Hannes Reinecke <hare@suse.de> · 2021-11-23
[PATCH 03/12] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Hannes Reinecke <hare@suse.de> · 2021-11-23
[PATCH 10/12] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-11-23
[PATCH 07/12] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-11-23
Re: [PATCH 07/12] nvme: Implement In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-11-23
Re: [PATCH 07/12] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-11-23

From: Sagi Grimberg <sagi@grimberg.me>
Date: 2021-11-23 13:20:47
Also in: linux-nvme

+int nvme_auth_generate_key(struct nvme_ctrl *ctrl, u8 *secret, bool set_ctrl)

Didn't we agree to pass the key pointer? i.e.
int nvme_auth_generate_key(struct nvme_dhchap_key **key, u8 *secret)

+{
+	struct nvme_dhchap_key *key;
+	u8 key_hash;
+
+	if (!secret)
+		return 0;
+
+	if (sscanf(secret, "DHHC-1:%hhd:%*s:", &key_hash) != 1)
+		return -EINVAL;
+
+	/* Pass in the secret without the 'DHHC-1:XX:' prefix */
+	key = nvme_auth_extract_key(secret + 10, key_hash);
+	if (IS_ERR(key)) {
+		dev_dbg(ctrl->device, "failed to extract key, error %ld\n",
+			PTR_ERR(key));

The print here is slightly redundant - you already have prints inside
nvme_auth_extract_key already.

+		return PTR_ERR(key);
+	}
+

Then we instead just do:
	*key = key;

+	if (set_ctrl)
+		ctrl->ctrl_key = key;
+	else
+		ctrl->host_key = key;
+
+	return 0;
+}

...

quoted hunk ↗ jump to hunk

+EXPORT_SYMBOL_GPL(nvme_auth_generate_key);

diff --git a/drivers/nvme/host/auth.h b/drivers/nvme/host/auth.h
new file mode 100644
index 000000000000..16e3d893d54a
--- /dev/null
+++ b/drivers/nvme/host/auth.h

@@ -0,0 +1,33 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright (c) 2021 Hannes Reinecke, SUSE Software Solutions
+ */
+
+#ifndef _NVME_AUTH_H
+#define _NVME_AUTH_H
+
+#include <crypto/kpp.h>
+
+struct nvme_dhchap_key {
+	u8 *key;
+	size_t key_len;
+	u8 key_hash;

Why not just name it len and hash? don't think the key_
prefix is useful...

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help