From e2c716c47cc3aed10fe781e0f05fcc332997e79e Mon Sep 17 00:00:00 2001
From: Hannes Reinecke <hare@suse.de>
Date: Thu, 16 Nov 2023 06:58:03 +0100
Subject: [PATCH] libnvme: separate out a function 'select_hmac'

Separate out a function 'select_hmac' and pass in the HMAC value
to 'derive_retained_keys' and 'derive_tls_keys'.

Signed-off-by: Hannes Reinecke <hare@suse.de>
---
 src/nvme/linux.c | 56 +++++++++++++++++++++++++++++++++---------------
 1 file changed, 39 insertions(+), 17 deletions(-)

diff --git a/src/nvme/linux.c b/src/nvme/linux.c
index e578dc3e..e620f4c3 100644
--- a/src/nvme/linux.c
+++ b/src/nvme/linux.c
@@ -550,15 +550,42 @@ static int derive_nvme_keys(const char *hostnqn, const char *identity,
 	return -1;
 }
 #else /* CONFIG_OPENSSL */
-static int derive_retained_key(const EVP_MD *md, const char *hostnqn,
+static const EVP_MD *select_hmac(int hmac, size_t *key_len)
+{
+	const EVP_MD *md = NULL;
+
+	switch (hmac) {
+	case NVME_HMAC_ALG_SHA2_256:
+		md = EVP_sha256();
+		*key_len = 32;
+		break;
+	case NVME_HMAC_ALG_SHA2_384:
+		md = EVP_sha384();
+		*key_len = 48;
+		break;
+	default:
+		break;
+	}
+	return md;
+}
+
+static int derive_retained_key(int hmac, const char *hostnqn,
 			       unsigned char *generated,
 			       unsigned char *retained,
 			       size_t key_len)
 {
+	const EVP_MD *md;
 	EVP_PKEY_CTX *ctx;
 	uint16_t length = key_len & 0xFFFF;
+	size_t hmac_len;
 	int ret;
 
+	md = select_hmac(hmac, &hmac_len);
+	if (!md || hmac_len > key_len) {
+		errno = EINVAL;
+		return -1;
+	}
+
 	ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
 	if (!ctx) {
 		errno = ENOMEM;
@@ -599,14 +626,22 @@ out_free_ctx:
 	return ret;
 }
 
-static int derive_tls_key(const EVP_MD *md, const char *identity,
+static int derive_tls_key(int hmac, const char *identity,
 			  unsigned char *retained,
 			  unsigned char *psk, size_t key_len)
 {
+	const EVP_MD *md;
 	EVP_PKEY_CTX *ctx;
+	size_t hmac_len;
 	uint16_t length = key_len & 0xFFFF;
 	int ret;
 
+	md = select_hmac(hmac, &hmac_len);
+	if (!md || hmac_len > key_len) {
+		errno = EINVAL;
+		return -1;
+	}
+
 	ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
 	if (!ctx) {
 		errno = ENOMEM;
@@ -653,7 +688,6 @@ static int derive_nvme_keys(const char *hostnqn, const char *identity,
 			    int hmac, unsigned char *configured,
 			    unsigned char *psk, int key_len)
 {
-	const EVP_MD *md;
 	unsigned char *retained;
 	int ret = -1;
 
@@ -662,26 +696,14 @@ static int derive_nvme_keys(const char *hostnqn, const char *identity,
 		return -1;
 	}
 
-	switch (hmac) {
-	case 1:
-		md = EVP_sha256();
-		break;
-	case 2:
-		md = EVP_sha384();
-		break;
-	default:
-		errno = EINVAL;
-		return -1;
-	}
-
 	retained = malloc(key_len);
 	if (!retained) {
 		errno = ENOMEM;
 		return -1;
 	}
-	ret = derive_retained_key(md, hostnqn, configured, retained, key_len);
+	ret = derive_retained_key(hmac, hostnqn, configured, retained, key_len);
 	if (ret > 0)
-		ret = derive_tls_key(md, identity, retained, psk, key_len);
+		ret = derive_tls_key(hmac, identity, retained, psk, key_len);
 	free(retained);
 	return ret;
 }
-- 
2.50.1