[PATCH 0/2] crypto,nvme: fixup HKDF-Expand-Label implementation
hare at kernel.org
hare at kernel.org
Wed Aug 20 02:12:09 PDT 2025
From: Hannes Reinecke <hare at kernel.org>
As per RFC 8446 (TLS 1.3) the HKDF-Expand-Label function is using vectors
for the 'label' and 'context' field, but defines these vectors as a string
prefixed with the string length (in binary). The implementation in nvme
is missing the length prefix which was causing interoperability issues
with spec-conformant implementations.
This patchset adds a function 'hkdf_expand_label()' to correctly implement
the HKDF-Expand-Label functionality and modifies the nvme driver to utilize
this function instead of the open-coded implementation.
As usual, comments and reviews are welcome.
Chris Leech (1):
crypto: hkdf: add hkdf_expand_label()
Hannes Reinecke (1):
nvme-auth: use hkdf_expand_label()
crypto/hkdf.c | 55 ++++++++++++++++++++++++++++++++++++++
drivers/nvme/common/auth.c | 33 +++++++++--------------
include/crypto/hkdf.h | 4 +++
3 files changed, 72 insertions(+), 20 deletions(-)
--
2.43.0
More information about the Linux-nvme
mailing list