Re: [PATCH 12/21] nvme-auth: common: use crypto library in nvme_auth_derive_tls_psk()

From: Eric Biggers

Date: Thu Jun 25 2026 - 14:02:24 EST


On Thu, Jun 25, 2026 at 10:02:27AM +0100, John Garry wrote:
> On 02/03/2026 07:59, Eric Biggers wrote:
> > int nvme_auth_derive_tls_psk(int hmac_id, const u8 *psk, size_t psk_len,
> > const char *psk_digest, u8 **ret_psk)
> > {
> > - struct crypto_shash *hmac_tfm;
> > - const char *hmac_name;
> > - const char *label = "nvme-tls-psk";
> > static const u8 default_salt[NVME_AUTH_MAX_DIGEST_SIZE];
> > - size_t prk_len;
> > - const char *ctx;
> > - u8 *prk, *tls_key;
> > + static const char label[] = "tls13 nvme-tls-psk";
> > + const size_t label_len = sizeof(label) - 1;
> > + u8 prk[NVME_AUTH_MAX_DIGEST_SIZE];
> > + size_t hash_len, ctx_len;
> > + u8 *hmac_data = NULL, *tls_key;
> > + size_t i;
> > int ret;
> > - hmac_name = nvme_auth_hmac_name(hmac_id);
> > - if (!hmac_name) {
> > + hash_len = nvme_auth_hmac_hash_len(hmac_id);
> > + if (hash_len == 0) {
> > pr_warn("%s: invalid hash algorithm %d\n",
>
> ...
>
> > + i = 0;
> > + hmac_data[i++] = hash_len >> 8;
> > + hmac_data[i++] = hash_len;
> > +
> > + /* label */
> > + static_assert(label_len <= 255);
>
> JFYI, this is generating a C=1 warning for me:
>
> CHECK drivers/nvme/common/auth.c
> drivers/nvme/common/auth.c:746:9: error: bad constant expression
>
> The following fixes/avoids it:
>
> /* label */
> - static_assert(label_len <= 255);
> + static_assert(sizeof(label) - 1 <= 255);
>
> Even though label_len is declared as const, label_len <= 255 is not a
> constant expression.

Only affects sparse, but I sent a patch:
https://lore.kernel.org/linux-nvme/20260625175911.35094-1-ebiggers@xxxxxxxxxx

- Eric