Re: [PATCH 04/21] nvme-auth: common: add KUnit tests for TLS key derivation

Next message: Benjamin Block: "Re: [PATCH v4 1/1] PCI/IOV: Add reentrant locking in sriov_add_vfs/sriov_del_vfs for complete serialization"
Previous message: Hannes Reinecke: "Re: [PATCH 06/21] nvme-auth: common: explicitly verify psk_len == hash_len"
In reply to: Eric Biggers: "[PATCH 04/21] nvme-auth: common: add KUnit tests for TLS key derivation"
Next in thread: Eric Biggers: "Re: [PATCH 04/21] nvme-auth: common: add KUnit tests for TLS key derivation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Hannes Reinecke

Date: Mon Mar 02 2026 - 05:11:16 EST

On 3/2/26 08:59, Eric Biggers wrote:

Unit-test the sequence of function calls that derive tls_psk, so that we
can be more confident that changes in the implementation don't break it.

Since the NVMe specification doesn't seem to include any test vectors
for this (nor does its description of the algorithm seem to match what
was actually implemented, for that matter), I just set the expected
values to the values that the code currently produces. In the case
of SHA-512, nvme_auth_generate_digest() currently returns -EINVAL, so
for now the test tests for that too. If it is later determined that
some other behavior is needed, the test can be updated accordingly.

Nice.
You are correct, test vectors really would have been a good idea.
There are some attempts to specify values in the spec, but these
are woefully underspecified.
I'll see if we can fix that up.

Which discrepancies do you see between the specified algorithm
and the implementation?

Cheers,

Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@xxxxxxx +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich