sysfs tls_configured_key naming?
Daniel Wagner
dwagner at suse.de
Thu Oct 17 03:54:29 PDT 2024
f5eb7397471b ("nvme-sysfs: add 'tls_configured_key' sysfs attribute")
claims that the --tls_key is expecting a 'Configured PSK'. That is not
correct. It expects a 'Derive TLS PSK'. That means user space has to do
the whole key transormation as described in Figure 21: {TLS PSK, TLS
Identity, Hash} Tuple Derivation in TCP Transport Specification,
Revision 1.1.
>From a quick look at the concantiantion patches and based on the spec,
tls_configured_key will never hold the 'Configured PSK'. I think we
should use a better name for this sysfs attribute. I suppose it should
be named 'tls_generated_psk'?
BTW, that means also for the second tuple derivation flow (where we
start with the 'Configured PSK'), the keystore doesn't contain a
'Retained PSK'. I think I need to do some more reviewing and cleanups in
libnvme to get it matching with the naming sceme of the spec in line.
More information about the Linux-nvme
mailing list