[PATCH 1/8] nvme-keyring: restrict match length for version '1' identifiers
Hannes Reinecke
hare at suse.de
Thu Jul 18 23:16:49 PDT 2024
On 7/19/24 07:34, Christoph Hellwig wrote:
> On Thu, Jul 18, 2024 at 04:48:51PM +0200, Hannes Reinecke wrote:
>> TP8018 changed the TLS PSK identifiers to append a PSK hash value,
>> so to lookup identifiers we should just consider the length of
>> the match value, not the length of the identifiers to compare
>> against.
>> And we should modify the PSK lookup algorithm to prefer v1 identifiers
>> as they can be uniquely identified.
>
> Can you reword this a bit to remove the weird "we should" and state it
> in terms of requirements / recommendations from the standard. Bonus
> points for adding actual references to the specifications.
>
Okay.
>> @@ -109,19 +107,38 @@ static struct key *nvme_tls_psk_lookup(struct key *keyring,
>> *
>> * 'Retained' PSKs (ie 'generated == false')
>> * should be preferred to 'generated' PSKs,
>> + * PSKs with hash (psk_ver 1) should be
>> + * preferred to PSKs without (psk_ver 0),
>> * and SHA-384 should be preferred to SHA-256.
>
> Please reflow this to use up 80 characters and make the paragraph easily
> readable.
>
Sure.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
More information about the Linux-nvme
mailing list