summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@kernel.org>2026-03-01 23:59:48 -0800
committerKeith Busch <kbusch@kernel.org>2026-03-27 07:35:01 -0700
commitbe01b841d3dd667d873cbcd984d9839b7e98ef4f (patch)
treeee0d7769995558aed90179299b4526c62f1f5ed5
parenta67d096fe9761e3e503f40643228bca6d69c7c4e (diff)
nvme-auth: common: use crypto library in nvme_auth_generate_psk()
For the HMAC computation in nvme_auth_generate_psk(), use the crypto library instead of crypto_shash. This is simpler, faster, and more reliable. Notably, this eliminates the crypto transformation object allocation for every call, which was very slow. Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Keith Busch <kbusch@kernel.org>
Diffstat
-rw-r--r--drivers/nvme/common/auth.c63
1 files changed, 14 insertions, 49 deletions
diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c
index be5bc5fcafc6..781d1d5d46dd 100644
--- a/drivers/nvme/common/auth.c
+++ b/drivers/nvme/common/auth.c
@@ -497,63 +497,28 @@ int nvme_auth_generate_psk(u8 hmac_id, const u8 *skey, size_t skey_len,
const u8 *c1, const u8 *c2, size_t hash_len,
u8 **ret_psk, size_t *ret_len)
{
- struct crypto_shash *tfm;
- SHASH_DESC_ON_STACK(shash, tfm);
+ size_t psk_len = nvme_auth_hmac_hash_len(hmac_id);
+ struct nvme_auth_hmac_ctx hmac;
u8 *psk;
- const char *hmac_name;
- int ret, psk_len;
+ int ret;
if (!c1 || !c2)
return -EINVAL;
- hmac_name = nvme_auth_hmac_name(hmac_id);
- if (!hmac_name) {
- pr_warn("%s: invalid hash algorithm %d\n",
- __func__, hmac_id);
- return -EINVAL;
- }
-
- tfm = crypto_alloc_shash(hmac_name, 0, 0);
- if (IS_ERR(tfm))
- return PTR_ERR(tfm);
-
- psk_len = crypto_shash_digestsize(tfm);
+ ret = nvme_auth_hmac_init(&hmac, hmac_id, skey, skey_len);
+ if (ret)
+ return ret;
psk = kzalloc(psk_len, GFP_KERNEL);
if (!psk) {
- ret = -ENOMEM;
- goto out_free_tfm;
- }
-
- shash->tfm = tfm;
- ret = crypto_shash_setkey(tfm, skey, skey_len);
- if (ret)
- goto out_free_psk;
-
- ret = crypto_shash_init(shash);
- if (ret)
- goto out_free_psk;
-
- ret = crypto_shash_update(shash, c1, hash_len);
- if (ret)
- goto out_free_psk;
-
- ret = crypto_shash_update(shash, c2, hash_len);
- if (ret)
- goto out_free_psk;
-
- ret = crypto_shash_final(shash, psk);
- if (!ret) {
- *ret_psk = psk;
- *ret_len = psk_len;
+ memzero_explicit(&hmac, sizeof(hmac));
+ return -ENOMEM;
}
-
-out_free_psk:
- if (ret)
- kfree_sensitive(psk);
-out_free_tfm:
- crypto_free_shash(tfm);
-
- return ret;
+ nvme_auth_hmac_update(&hmac, c1, hash_len);
+ nvme_auth_hmac_update(&hmac, c2, hash_len);
+ nvme_auth_hmac_final(&hmac, psk);
+ *ret_psk = psk;
+ *ret_len = psk_len;
+ return 0;
}
EXPORT_SYMBOL_GPL(nvme_auth_generate_psk);
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-04 16:20:25 +0000