[PATCH 04/21] nvme-auth: common: add KUnit tests for TLS key derivation
Hannes Reinecke
hare at suse.de
Mon Mar 2 02:04:43 PST 2026
On 3/2/26 08:59, Eric Biggers wrote:
> Unit-test the sequence of function calls that derive tls_psk, so that we
> can be more confident that changes in the implementation don't break it.
>
> Since the NVMe specification doesn't seem to include any test vectors
> for this (nor does its description of the algorithm seem to match what
> was actually implemented, for that matter), I just set the expected
> values to the values that the code currently produces. In the case
> of SHA-512, nvme_auth_generate_digest() currently returns -EINVAL, so
> for now the test tests for that too. If it is later determined that
> some other behavior is needed, the test can be updated accordingly.
>
Nice.
You are correct, test vectors really would have been a good idea.
There are some attempts to specify values in the spec, but these
are woefully underspecified.
I'll see if we can fix that up.
Which discrepancies do you see between the specified algorithm
and the implementation?
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
More information about the Linux-nvme
mailing list