Re: [PATCH v4 0/7] nvme-tcp: Support receiving KeyUpdate requests

[PATCH v4 0/7] nvme-tcp: Support receiving KeyUpdate requests · <hidden> · 2025-10-17
[PATCH v4 1/7] net/handshake: Store the key serial number on completion · <hidden> · 2025-10-17
Re: [PATCH v4 1/7] net/handshake: Store the key serial number on completion · Chuck Lever <hidden> · 2025-10-17
[PATCH v4 2/7] net/handshake: Define handshake_sk_destruct_req · <hidden> · 2025-10-17
[PATCH v4 3/7] net/handshake: Ensure the request is destructed on completion · <hidden> · 2025-10-17
[PATCH v4 4/7] net/handshake: Support KeyUpdate message types · <hidden> · 2025-10-17
Re: [PATCH v4 4/7] net/handshake: Support KeyUpdate message types · Hannes Reinecke <hare@suse.de> · 2025-10-20
Re: [PATCH v4 4/7] net/handshake: Support KeyUpdate message types · Alistair Francis <hidden> · 2025-10-21
Re: [PATCH v4 4/7] net/handshake: Support KeyUpdate message types · Alistair Francis <hidden> · 2025-10-22
Re: [PATCH v4 4/7] net/handshake: Support KeyUpdate message types · Hannes Reinecke <hare@suse.de> · 2025-10-22
Re: [PATCH v4 4/7] net/handshake: Support KeyUpdate message types · Alistair Francis <hidden> · 2025-10-22
[PATCH v4 5/7] nvme-tcp: Support KeyUpdate · <hidden> · 2025-10-17
Re: [PATCH v4 5/7] nvme-tcp: Support KeyUpdate · Christoph Hellwig <hch@lst.de> · 2025-10-17
Re: [PATCH v4 5/7] nvme-tcp: Support KeyUpdate · Hannes Reinecke <hare@suse.de> · 2025-10-20
Re: [PATCH v4 5/7] nvme-tcp: Support KeyUpdate · Alistair Francis <hidden> · 2025-10-22
Re: [PATCH v4 5/7] nvme-tcp: Support KeyUpdate · Hannes Reinecke <hare@suse.de> · 2025-10-22
Re: [PATCH v4 5/7] nvme-tcp: Support KeyUpdate · Alistair Francis <hidden> · 2025-10-22
[PATCH v4 6/7] nvme-tcp: Allow userspace to trigger a KeyUpdate with debugfs · <hidden> · 2025-10-17
Re: [PATCH v4 6/7] nvme-tcp: Allow userspace to trigger a KeyUpdate with debugfs · Christoph Hellwig <hch@lst.de> · 2025-10-17
Re: [PATCH v4 6/7] nvme-tcp: Allow userspace to trigger a KeyUpdate with debugfs · Hannes Reinecke <hare@suse.de> · 2025-10-20
[PATCH v4 7/7] nvmet-tcp: Support KeyUpdate · <hidden> · 2025-10-17
Re: [PATCH v4 7/7] nvmet-tcp: Support KeyUpdate · Hannes Reinecke <hare@suse.de> · 2025-10-20
Re: [PATCH v4 0/7] nvme-tcp: Support receiving KeyUpdate requests · Hannes Reinecke <hare@suse.de> · 2025-10-20
Re: [PATCH v4 0/7] nvme-tcp: Support receiving KeyUpdate requests · Alistair Francis <hidden> · 2025-10-21
Re: [PATCH v4 0/7] nvme-tcp: Support receiving KeyUpdate requests · Hannes Reinecke <hare@suse.de> · 2025-10-21
Re: [PATCH v4 0/7] nvme-tcp: Support receiving KeyUpdate requests · Alistair Francis <hidden> · 2025-10-22

From: Hannes Reinecke <hare@suse.de>
Date: 2025-10-21 06:40:23
Also in: linux-doc, linux-nfs, linux-nvme, lkml

On 10/21/25 03:01, Alistair Francis wrote:

On Tue, Oct 21, 2025 at 3:46 AM Hannes Reinecke [off-list ref] wrote:

quoted

On 10/17/25 06:23, alistair23@gmail.com wrote:

quoted

From: Alistair Francis <redacted>

The TLS 1.3 specification allows the TLS client or server to send a
KeyUpdate. This is generally used when the sequence is about to
overflow or after a certain amount of bytes have been encrypted.

The TLS spec doesn't mandate the conditions though, so a KeyUpdate
can be sent by the TLS client or server at any time. This includes
when running NVMe-OF over a TLS 1.3 connection.

As such Linux should be able to handle a KeyUpdate event, as the
other NVMe side could initiate a KeyUpdate.

Upcoming WD NVMe-TCP hardware controllers implement TLS support
and send KeyUpdate requests.

This series builds on top of the existing TLS EKEYEXPIRED work,
which already detects a KeyUpdate request. We can now pass that
information up to the NVMe layer (target and host) and then pass
it up to userspace.

Userspace (ktls-utils) will need to save the connection state
in the keyring during the initial handshake. The kernel then
provides the key serial back to userspace when handling a
KeyUpdate. Userspace can use this to restore the connection
information and then update the keys, this final process
is similar to the initial handshake.

I am rather sceptical at the current tlshd implementation.
At which place do you update the sending keys?

The sending keys are updated as part of gnutls_session_key_update().

gnutls_session_key_update() calls update_sending_key() which updates
the sending keys.

The idea is that when the sequence number is about to overflow the
kernel will request userspace to update the sending keys via the
HANDSHAKE_KEY_UPDATE_TYPE_SEND key_update_type. Userspace updates the
keys and initiates a KeyUpdate.

That's also what the spec says.
But in order to do that we would need to get hold of the sequence
number, which currently is internal to gnutls.
Can we extract it from the session information?
And can we display it in sysfs, to give users information
whether a KeyUpdate had happened?

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                  Kernel Storage Architect
hare@suse.de                                +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help