Re: [PATCH v4 0/7] nvme-tcp: Support receiving KeyUpdate requests
From: Hannes Reinecke <hare@suse.de>
Date: 2025-10-20 17:46:27
Also in:
linux-doc, linux-nfs, linux-nvme, lkml
On 10/17/25 06:23, alistair23@gmail.com wrote:
From: Alistair Francis <redacted> The TLS 1.3 specification allows the TLS client or server to send a KeyUpdate. This is generally used when the sequence is about to overflow or after a certain amount of bytes have been encrypted. The TLS spec doesn't mandate the conditions though, so a KeyUpdate can be sent by the TLS client or server at any time. This includes when running NVMe-OF over a TLS 1.3 connection. As such Linux should be able to handle a KeyUpdate event, as the other NVMe side could initiate a KeyUpdate. Upcoming WD NVMe-TCP hardware controllers implement TLS support and send KeyUpdate requests. This series builds on top of the existing TLS EKEYEXPIRED work, which already detects a KeyUpdate request. We can now pass that information up to the NVMe layer (target and host) and then pass it up to userspace. Userspace (ktls-utils) will need to save the connection state in the keyring during the initial handshake. The kernel then provides the key serial back to userspace when handling a KeyUpdate. Userspace can use this to restore the connection information and then update the keys, this final process is similar to the initial handshake.
I am rather sceptical at the current tlshd implementation. At which place do you update the sending keys? I'm only seeing a call to 'gnutls_handhake_update_receiving_key()'. But I haven't found the matching function 'gnutls_handshake_update_sending_key()' in current gnutls. So how does updating of the sending keys work? Cheers, Hannes -- Dr. Hannes Reinecke Kernel Storage Architect hare@suse.de +49 911 74053 688 SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich