Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement version 1 TLS identities as specified in TP8018 #748

Merged
merged 5 commits into from
Nov 20, 2023

Conversation

hreinecke
Copy link
Collaborator

TP8018 specified a new version 1 for TLS identifiers, where the original (version 0) identifiers are suffixed with a PSK hash.
That allows for key rotation as the new identifiers will change whenever the key changes, thus allowing the client to request the correct key after a key rotation.

Separate out a function 'select_hmac' and pass in the HMAC value
to 'derive_retained_keys' and 'derive_tls_keys'.

Signed-off-by: Hannes Reinecke <[email protected]>
…eys'

Separate out a function to generate the TLS identity; this allows
us to reshuffle 'derive_nvme_keys()' to compile it only when
KEYUTILS is selected.

Signed-off-by: Hannes Reinecke <[email protected]>
Copied over from nvme-cli.

Signed-off-by: Hannes Reinecke <[email protected]>
With NVMe TP8018 a new version '1' for generating NVMe TLS identities
was specified; identities generated for this version require a PSK hash
to be attached to the version '0' identifier.
This patch implements a new function 'nvme_insert_tls_keys_versioned()'
to support this functionality and makes the original function
'nvme_insert_tls_keys()' a wrapper for the new function.

Signed-off-by: Hannes Reinecke <[email protected]>
Implement a function to generate the TLS key identity.

Signed-off-by: Hannes Reinecke <[email protected]>
@hreinecke hreinecke merged commit f284041 into linux-nvme:master Nov 20, 2023
10 of 14 checks passed
@hreinecke hreinecke deleted the TP8018 branch November 20, 2023 05:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant