nvme: Add length field to Hkdf-Expand-Label computation

Fix to add the 2 byte length field to the HKDF-Expand-Label computation for retained and TLS PSK.

diff --git a/src/nvme/linux.c b/src/nvme/linux.c
index 66be9eb8172219f4d3692cded45e57fc8fb1620c..e578dc3ec8deab442b1878747a286cffdd3da49d 100644 (file)
--- a/src/nvme/linux.c
+++ b/src/nvme/linux.c
@@ -556,6 +556,7 @@ static int derive_retained_key(const EVP_MD *md, const char *hostnqn,
                               size_t key_len)
 {
        EVP_PKEY_CTX *ctx;
+       uint16_t length = key_len & 0xFFFF;
        int ret;
 
        ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
@@ -573,6 +574,9 @@ static int derive_retained_key(const EVP_MD *md, const char *hostnqn,
                goto out_free_ctx;
        if (EVP_PKEY_CTX_set1_hkdf_key(ctx, generated, key_len) <= 0)
                goto out_free_ctx;
+       if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
+                       (const unsigned char *)&length, 2) <= 0)
+               goto out_free_ctx;
        if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
                        (const unsigned char *)"tls13 ", 6) <= 0)
                goto out_free_ctx;
@@ -600,6 +604,7 @@ static int derive_tls_key(const EVP_MD *md, const char *identity,
                          unsigned char *psk, size_t key_len)
 {
        EVP_PKEY_CTX *ctx;
+       uint16_t length = key_len & 0xFFFF;
        int ret;
 
        ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
@@ -617,6 +622,9 @@ static int derive_tls_key(const EVP_MD *md, const char *identity,
                goto out_free_ctx;
        if (EVP_PKEY_CTX_set1_hkdf_key(ctx, retained, key_len) <= 0)
                goto out_free_ctx;
+       if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
+                       (const unsigned char *)&length, 2) <= 0)
+               goto out_free_ctx;
        if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
                        (const unsigned char *)"tls13 ", 6) <= 0)
                goto out_free_ctx;