Skip to content

Commit

Permalink
nvme: Add length field to Hkdf-Expand-Label computation
Browse files Browse the repository at this point in the history
Fix to add the 2 byte length field to the HKDF-Expand-Label computation for retained and TLS PSK.
  • Loading branch information
prashanth-nayak committed Nov 1, 2023
1 parent 01620b4 commit 0d20547
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions src/nvme/linux.c
Original file line number Diff line number Diff line change
Expand Up @@ -556,6 +556,7 @@ static int derive_retained_key(const EVP_MD *md, const char *hostnqn,
size_t key_len)
{
EVP_PKEY_CTX *ctx;
uint16_t length = key_len & 0xFFFF;
int ret;

ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
Expand All @@ -573,6 +574,9 @@ static int derive_retained_key(const EVP_MD *md, const char *hostnqn,
goto out_free_ctx;
if (EVP_PKEY_CTX_set1_hkdf_key(ctx, generated, key_len) <= 0)
goto out_free_ctx;
if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
(const unsigned char *)&length, 2) <= 0)
goto out_free_ctx;
if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
(const unsigned char *)"tls13 ", 6) <= 0)
goto out_free_ctx;
Expand Down Expand Up @@ -600,6 +604,7 @@ static int derive_tls_key(const EVP_MD *md, const char *identity,
unsigned char *psk, size_t key_len)
{
EVP_PKEY_CTX *ctx;
uint16_t length = key_len & 0xFFFF;
int ret;

ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
Expand All @@ -617,6 +622,9 @@ static int derive_tls_key(const EVP_MD *md, const char *identity,
goto out_free_ctx;
if (EVP_PKEY_CTX_set1_hkdf_key(ctx, retained, key_len) <= 0)
goto out_free_ctx;
if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
(const unsigned char *)&length, 2) <= 0)
goto out_free_ctx;
if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
(const unsigned char *)"tls13 ", 6) <= 0)
goto out_free_ctx;
Expand Down

0 comments on commit 0d20547

Please sign in to comment.