github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-13 00:28:54 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
bd7b7ce96d
linux/include
History
Chris Leech bd7b7ce96d nvme-auth: Hash DH shared secret to create session key 
The NVMe Base Specification 8.3.5.5.9 states that the session key Ks
shall be computed from the ephemeral DH key by applying the hash
function selected by the HashID parameter.

The current implementation stores the raw DH shared secret as the
session key without hashing it. This causes redundant hash operations:

1. Augmented challenge computation (section 8.3.5.5.4) requires
   Ca = HMAC(H(g^xy mod p), C). The code compensates by hashing the
   unhashed session key in nvme_auth_augmented_challenge() to produce
   the correct result.

2. PSK generation (section 8.3.5.5.9) requires PSK = HMAC(Ks, C1 || C2)
   where Ks should already be H(g^xy mod p). As the DH shared secret
   is always larger than the HMAC block size, HMAC internally hashes
   it before use, accidentally producing the correct result.

When using secure channel concatenation with bidirectional
authentication, this results in hashing the DH value three times: twice
for augmented challenge calculations and once during PSK generation.

Fix this by:
- Modifying nvme_auth_gen_shared_secret() to hash the DH shared secret
  once after computation: Ks = H(g^xy mod p)
- Removing the hash operation from nvme_auth_augmented_challenge()
  as the session key is now already hashed
- Updating session key buffer size from DH key size to hash output size
- Adding specification references in comments

This avoid storing the raw DH shared secret and reduces the number of
hash operations from three to one when using secure channel
concatenation.

Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Chris Leech <cleech@redhat.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>
2026-04-22 13:02:16 -07:00
..
acpi mailbox: platform and core updates 2026-02-14 11:13:32 -08:00
asm-generic kbuild: Split .modinfo out from ELF_DETAILS 2026-02-26 11:50:19 -07:00
clocksource
crypto crypto: remove HKDF library 2026-03-27 07:35:03 -07:00
cxl
drm drm/dp: Add definition for Panel Replay full-line granularity 2026-03-04 15:26:08 +02:00
dt-bindings phy-for-7.0 2026-02-17 11:40:04 -08:00
hyperv hyperv-next for v7.0 2026-02-20 08:48:31 -08:00
keys keys/trusted_keys: establish PKWM as a trusted source 2026-01-30 09:27:26 +05:30
kunit kunit: irq: Ensure timer doesn't fire too frequently 2026-02-24 14:44:21 -08:00
kvm KVM: arm64: Use standard seq_file iterator for vgic-debug debugfs 2026-02-02 10:59:25 +00:00
linux nvme-auth: Hash DH shared secret to create session key 2026-04-22 13:02:16 -07:00
math-emu
media [GIT PULL for v7.0] media updates 2026-02-11 12:20:25 -08:00
memory
misc
net libeth, idpf: use truesize as XDP RxQ info frag_size 2026-03-05 08:02:05 -08:00
pcmcia
ras
rdma RDMA/core: Check id_priv->restricted_node_type in cma_listen_on_dev() 2026-02-25 07:50:10 -05:00
rv rv: Fix multiple definition of __pcpu_unique_da_mon_this 2026-02-20 13:12:00 +01:00
scsi SCSI misc on 20260212 2026-02-12 15:43:02 -08:00
soc Reset controller updates for v6.20 2026-01-29 10:24:25 +01:00
sound ASoC: Fixes for v7.0 2026-03-05 17:22:14 +01:00
target
trace vfs-7.0-rc3.fixes 2026-03-04 15:03:16 -08:00
uapi sed-opal: Add STACK_RESET command 2026-03-31 07:04:00 -06:00
ufs scsi: ufs: host: mediatek: Require CONFIG_PM 2026-02-03 22:28:44 -05:00
vdso
video
xen xen/xenbus: better handle backend crash 2026-03-04 15:31:40 +01:00
Kbuild