linux: create raw secret from pin secret

igaw · igaw · commit eb0ae274603b · 2026-03-31T11:14:32.000+02:00
Allow the secret input to be a just a pin. This is for testing purposes
not recommended use in production systems.

Signed-off-by: Daniel Wagner &lt;wagi@kernel.org&gt;
diff --git a/libnvme/src/nvme/linux.c b/libnvme/src/nvme/linux.c
@@ -1000,11 +1000,62 @@ static ssize_t getrandom_bytes(void *buf, size_t buflen)
 	return result;
 }
 
+#ifdef CONFIG_OPENSSL
+static ssize_t getswordfish(struct nvme_global_ctx *ctx,
+		const char *seed, void *buf, size_t buflen)
+{
+    unsigned char hash[EVP_MAX_MD_SIZE];
+    unsigned int hash_len;
+    size_t copied = 0;
+    unsigned int counter = 0;
+
+    EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+    if (!md_ctx)
+        return -ENOMEM;
+
+    while (copied < buflen) {
+        if (EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL) != 1)
+            goto err;
+
+        EVP_DigestUpdate(md_ctx, seed, strlen(seed));
+        EVP_DigestUpdate(md_ctx, &counter, sizeof(counter));
+
+        if (EVP_DigestFinal_ex(md_ctx, hash, &hash_len) != 1)
+            goto err;
+
+        size_t to_copy = buflen - copied;
+        if (to_copy > hash_len)
+            to_copy = hash_len;
+
+        memcpy((unsigned char *)buf + copied, hash, to_copy);
+        copied += to_copy;
+        counter++;
+    }
+
+    EVP_MD_CTX_free(md_ctx);
+    return buflen;
+
+err:
+    EVP_MD_CTX_free(md_ctx);
+    return -EIO;
+}
+#else /* !CONFIG_OPENSSL */
+static ssize_t getswordfish(struct nvme_global_ctx *ctx,
+		const char *seed, void *buf, size_t buflen)
+{
+	nvme_msg(ctx, LOG_ERR, "NVMe TLS is not supported; "
+		 "recompile with OpenSSL support.\n");
+	return -ENOTSUP;
+}
+
+#endif /* !CONFIG_OPENSSL */
+
 __public int nvme_create_raw_secret(struct nvme_global_ctx *ctx,
 		const char *secret, size_t key_len, unsigned char **raw_secret)
 {
 	_cleanup_free_ unsigned char *buf = NULL;
-	int err;
+	int secret_len = 0, i, err;
+	unsigned int c;
 
 	if (key_len != 32 && key_len != 48 && key_len != 64) {
 		nvme_msg(ctx, LOG_ERR, "Invalid key length %ld", key_len);
@@ -1020,33 +1071,42 @@ __public int nvme_create_raw_secret(struct nvme_global_ctx *ctx,
 		if (err < 0)
 			return err;
 
-		*raw_secret = buf;
-		buf = NULL;
-		return 0;
-	} else {
-		int secret_len = 0, i;
-		unsigned int c;
-
-		for (i = 0; i < strlen(secret); i += 2) {
-			if (sscanf(&secret[i], "%02x", &c) != 1) {
-				nvme_msg(ctx, LOG_ERR,
-					"Invalid secret '%s'", secret);
-				return -EINVAL;
-			}
-			if (i >= key_len * 2) {
-				nvme_msg(ctx, LOG_ERR,
-					"Skipping excess secret bytes\n");
-				break;
-			}
-			buf[secret_len++] = (unsigned char)c;
-		}
-		if (secret_len != key_len) {
+		goto out;
+	}
+
+	if (strlen(secret) < 4) {
+		nvme_msg(ctx, LOG_ERR, "Input secret too short\n");
+		return -EINVAL;
+	}
+
+	if (!strncmp(secret, "pin:", 4)) {
+		err = getswordfish(ctx, &secret[4], buf, key_len);
+		if (err < 0)
+			return err;
+
+		goto out;
+	}
+
+	for (i = 0; i < strlen(secret); i += 2) {
+		if (sscanf(&secret[i], "%02x", &c) != 1) {
 			nvme_msg(ctx, LOG_ERR,
-				"Invalid key length (%d bytes)", secret_len);
+				"Invalid secret '%s'", secret);
 			return -EINVAL;
 		}
+		if (i >= key_len * 2) {
+			nvme_msg(ctx, LOG_ERR,
+				"Skipping excess secret bytes\n");
+			break;
+		}
+		buf[secret_len++] = (unsigned char)c;
+	}
+	if (secret_len != key_len) {
+		nvme_msg(ctx, LOG_ERR,
+			"Invalid key length (%d bytes)\n", secret_len);
+		return -EINVAL;
 	}
 
+out:
 	*raw_secret = buf;
 	buf = NULL;
 	return 0;
