[PATCH 1/1] libnvme: TLS PSK derivation fixes
Hannes Reinecke
hare at suse.de
Fri Jul 25 02:36:20 PDT 2025
On 7/21/25 17:31, Chris Leech wrote:
> On Mon, Jul 21, 2025 at 08:36:01AM +0200, Hannes Reinecke wrote:
>> On 7/21/25 04:17, Chris Leech wrote:
>>> There are issues with the Retained and TLS PSK derivations due to the
>>> implementation not adhering to the RFC 8446 definition of the
>>> HKDF-Expand-Label function.
>>> ...
>> Hmm. I _thought_ we had it all fixed...
>
> I went into this expecting/hoping to find the problem on the spdk side,
> and I'd be happy to wrong here (especially if backed up by another
> interoperable implementor).
>
> The lack of a full example in the nvme/tcp transport spec to verify
> implemenatations against is kind of a bummer.
>
Okay, seems that you have been right after all.
I've re-read RFC 8466 and indeed you seem to be right about
the encoding of variable length vectors (cf RFC 8446 section 3.4).
So I guess we need to take this patch after all.
_However_: PSKs generated with after applying this patch will be
different than those prior to this patch.
Consequently there will be interop issues with existing implementations
(which will use the original encoding).
I guess we would need to wait for the target implementations to be fixed
or introduce a flag switching to the old / compat implementation to
avoid interop issues.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
More information about the Linux-nvme
mailing list