Skip to content

nvme: Add length field to Hkdf-Expand-Label computation#737

Merged
hreinecke merged 1 commit intolinux-nvme:masterfrom
prashanth-nayak:hkdf_expand_label
Nov 15, 2023
Merged

nvme: Add length field to Hkdf-Expand-Label computation#737
hreinecke merged 1 commit intolinux-nvme:masterfrom
prashanth-nayak:hkdf_expand_label

Conversation

@prashanth-nayak
Copy link
Copy Markdown
Contributor

@prashanth-nayak prashanth-nayak commented Oct 30, 2023

Fix to add the 2 byte length field to the HKDF-Expand-Label computation for retained and TLS PSK.
#735

@hreinecke
Copy link
Copy Markdown
Collaborator

hreinecke commented Oct 31, 2023

Can you give a pointer to the HKDF specification where this is mandated?
And does it have an implication to the kernel implementation if we change it?

@prashanth-nayak
Copy link
Copy Markdown
Contributor Author

prashanth-nayak commented Oct 31, 2023
edited
Loading

Can you give a pointer to the HKDF specification where this is mandated?

RFC 8446 section 7.1 defines HKDF-Expand-Label function which is used to derive the retained-PSK and TLS-PSK: https://datatracker.ietf.org/doc/html/rfc8446#section-7.1

As per RFC8446:
HKDF-Expand-Label(Secret, Label, Context, Length) = HKDF-Expand(Secret, HkdfLabel, Length)
Where HkdfLabel is specified as:

   struct {
       uint16 length = Length;
       opaque label<7..255> = "tls13 " + Label;
       opaque context<0..255> = Context;
   } HkdfLabel;

And does it have an implication to the kernel implementation if we change it?

I don't see any implication to the current NVMe/TCP-TLS kernel implementation.

@prashanth-nayak
nvme: Add length field to Hkdf-Expand-Label computation
0d20547 
Fix to add the 2 byte length field to the HKDF-Expand-Label computation for retained and TLS PSK.
@igaw
Copy link
Copy Markdown
Collaborator

igaw commented Nov 2, 2023

Looks reasonable to me. I wonder if we couldn't add some unit test for this.

@prashanth-nayak
Copy link
Copy Markdown
Contributor Author

prashanth-nayak commented Nov 3, 2023

Looks reasonable to me. I wonder if we couldn't add some unit test for this.

Do you want me to add unit tests for this workflow ?
I believe the computation for Retained-PSK and TLS-PSK will change again when support for TP8018 is added.
Should we wait for that before adding the unit tests?

@igaw
Copy link
Copy Markdown
Collaborator

igaw commented Nov 3, 2023

If it is feasible to add a unit test I'd rather have one now than later. When support for TP8018 is added, we just update the unit test.

@prashanth-nayak
Copy link
Copy Markdown
Contributor Author

prashanth-nayak commented Nov 15, 2023

Currently, nvme_insert_tls_key() is the only global function that is exposed by the library. This function destroys the local copy of the keys once they are inserted into the key ring and returns only a key-serial-number to the caller. Calling this function from the test code will not let us validate the computed keys.

derive_nvme_keys(), derive_retained_key() and derive_tls_key() are the static functions where all the real computations happen. So, I don't think it is feasible to writing tests that validate the Retained and TLS PSK that is computed from a configured PSK input.

@hreinecke
Copy link
Copy Markdown
Collaborator

hreinecke commented Nov 15, 2023

Indeed, that change looks good.

@hreinecke hreinecke merged commit 2dffc6e into linux-nvme:master Nov 15, 2023
@prashanth-nayak prashanth-nayak deleted the hkdf_expand_label branch November 15, 2023 18:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@prashanth-nayak @hreinecke @igaw