Re: [PATCH 12/21] nvme-auth: common: use crypto library in nvme_auth_derive_tls_psk()

Next message: Francesco Dolcini: "Re: [PATCH 6.12 000/956] 6.12.75-rc2 review"
Previous message: Hannes Reinecke: "Re: [PATCH 10/21] nvme-auth: common: use crypto library in nvme_auth_generate_psk()"
In reply to: Eric Biggers: "[PATCH 12/21] nvme-auth: common: use crypto library in nvme_auth_derive_tls_psk()"
Next in thread: Eric Biggers: "[PATCH 02/21] nvme-auth: common: constify static data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Hannes Reinecke

Date: Tue Mar 03 2026 - 02:40:21 EST

On 3/2/26 08:59, Eric Biggers wrote:

For the HKDF-Expand-Label computation in nvme_auth_derive_tls_psk(), use
the crypto library instead of crypto_shash and crypto/hkdf.c.

While this means the HKDF "helper" functions are no longer utilized,
they clearly weren't buying us much: it's simpler to just inline the
HMAC computations directly, and this code needs to be tested anyway. (A
similar result was seen in fs/crypto/. As a result, this eliminates the
last user of crypto/hkdf.c, which we'll be able to remove as well.)

As usual this is also a lot more efficient, eliminating the allocation
of a transformation object and multiple other dynamic allocations.

Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
---
drivers/nvme/common/auth.c | 156 +++++++++++++------------------------
1 file changed, 53 insertions(+), 103 deletions(-)

Reviewed-by: Hannes Reinecke <hare@xxxxxxx>

Cheers,

Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@xxxxxxx +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich