From 0d20547ef1d4e9929092345b92038f4fa71efd53 Mon Sep 17 00:00:00 2001 From: Prashanth Nayak Date: Tue, 24 Oct 2023 13:42:40 -0400 Subject: [PATCH] nvme: Add length field to Hkdf-Expand-Label computation Fix to add the 2 byte length field to the HKDF-Expand-Label computation for retained and TLS PSK. --- src/nvme/linux.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/nvme/linux.c b/src/nvme/linux.c index 66be9eb8..e578dc3e 100644 --- a/src/nvme/linux.c +++ b/src/nvme/linux.c @@ -556,6 +556,7 @@ static int derive_retained_key(const EVP_MD *md, const char *hostnqn, size_t key_len) { EVP_PKEY_CTX *ctx; + uint16_t length = key_len & 0xFFFF; int ret; ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); @@ -573,6 +574,9 @@ static int derive_retained_key(const EVP_MD *md, const char *hostnqn, goto out_free_ctx; if (EVP_PKEY_CTX_set1_hkdf_key(ctx, generated, key_len) <= 0) goto out_free_ctx; + if (EVP_PKEY_CTX_add1_hkdf_info(ctx, + (const unsigned char *)&length, 2) <= 0) + goto out_free_ctx; if (EVP_PKEY_CTX_add1_hkdf_info(ctx, (const unsigned char *)"tls13 ", 6) <= 0) goto out_free_ctx; @@ -600,6 +604,7 @@ static int derive_tls_key(const EVP_MD *md, const char *identity, unsigned char *psk, size_t key_len) { EVP_PKEY_CTX *ctx; + uint16_t length = key_len & 0xFFFF; int ret; ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); @@ -617,6 +622,9 @@ static int derive_tls_key(const EVP_MD *md, const char *identity, goto out_free_ctx; if (EVP_PKEY_CTX_set1_hkdf_key(ctx, retained, key_len) <= 0) goto out_free_ctx; + if (EVP_PKEY_CTX_add1_hkdf_info(ctx, + (const unsigned char *)&length, 2) <= 0) + goto out_free_ctx; if (EVP_PKEY_CTX_add1_hkdf_info(ctx, (const unsigned char *)"tls13 ", 6) <= 0) goto out_free_ctx;