Skip to content

Commit e2c716c

Browse files
hreineckehreinecke
committed
libnvme: separate out a function 'select_hmac'
Separate out a function 'select_hmac' and pass in the HMAC value to 'derive_retained_keys' and 'derive_tls_keys'. Signed-off-by: Hannes Reinecke <[email protected]>
1 parent 2dffc6e commit e2c716c

1 file changed

Lines changed: 39 additions & 17 deletions

File tree

src/nvme/linux.c

Lines changed: 39 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -550,15 +550,42 @@ static int derive_nvme_keys(const char *hostnqn, const char *identity,
550550
return -1;
551551
}
552552
#else /* CONFIG_OPENSSL */
553-
static int derive_retained_key(const EVP_MD *md, const char *hostnqn,
553+
static const EVP_MD *select_hmac(int hmac, size_t *key_len)
554+
{
555+
const EVP_MD *md = NULL;
556+
557+
switch (hmac) {
558+
case NVME_HMAC_ALG_SHA2_256:
559+
md = EVP_sha256();
560+
*key_len = 32;
561+
break;
562+
case NVME_HMAC_ALG_SHA2_384:
563+
md = EVP_sha384();
564+
*key_len = 48;
565+
break;
566+
default:
567+
break;
568+
}
569+
return md;
570+
}
571+
572+
static int derive_retained_key(int hmac, const char *hostnqn,
554573
unsigned char *generated,
555574
unsigned char *retained,
556575
size_t key_len)
557576
{
577+
const EVP_MD *md;
558578
EVP_PKEY_CTX *ctx;
559579
uint16_t length = key_len & 0xFFFF;
580+
size_t hmac_len;
560581
int ret;
561582

583+
md = select_hmac(hmac, &hmac_len);
584+
if (!md || hmac_len > key_len) {
585+
errno = EINVAL;
586+
return -1;
587+
}
588+
562589
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
563590
if (!ctx) {
564591
errno = ENOMEM;
@@ -599,14 +626,22 @@ static int derive_retained_key(const EVP_MD *md, const char *hostnqn,
599626
return ret;
600627
}
601628

602-
static int derive_tls_key(const EVP_MD *md, const char *identity,
629+
static int derive_tls_key(int hmac, const char *identity,
603630
unsigned char *retained,
604631
unsigned char *psk, size_t key_len)
605632
{
633+
const EVP_MD *md;
606634
EVP_PKEY_CTX *ctx;
635+
size_t hmac_len;
607636
uint16_t length = key_len & 0xFFFF;
608637
int ret;
609638

639+
md = select_hmac(hmac, &hmac_len);
640+
if (!md || hmac_len > key_len) {
641+
errno = EINVAL;
642+
return -1;
643+
}
644+
610645
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
611646
if (!ctx) {
612647
errno = ENOMEM;
@@ -653,7 +688,6 @@ static int derive_nvme_keys(const char *hostnqn, const char *identity,
653688
int hmac, unsigned char *configured,
654689
unsigned char *psk, int key_len)
655690
{
656-
const EVP_MD *md;
657691
unsigned char *retained;
658692
int ret = -1;
659693

@@ -662,26 +696,14 @@ static int derive_nvme_keys(const char *hostnqn, const char *identity,
662696
return -1;
663697
}
664698

665-
switch (hmac) {
666-
case 1:
667-
md = EVP_sha256();
668-
break;
669-
case 2:
670-
md = EVP_sha384();
671-
break;
672-
default:
673-
errno = EINVAL;
674-
return -1;
675-
}
676-
677699
retained = malloc(key_len);
678700
if (!retained) {
679701
errno = ENOMEM;
680702
return -1;
681703
}
682-
ret = derive_retained_key(md, hostnqn, configured, retained, key_len);
704+
ret = derive_retained_key(hmac, hostnqn, configured, retained, key_len);
683705
if (ret > 0)
684-
ret = derive_tls_key(md, identity, retained, psk, key_len);
706+
ret = derive_tls_key(hmac, identity, retained, psk, key_len);
685707
free(retained);
686708
return ret;
687709
}

0 commit comments

Comments
 (0)