From ede8fff8ad6c1f54482131750a727f36a922a237 Mon Sep 17 00:00:00 2001
From: Hannes Reinecke <hare@suse.de>
Date: Thu, 4 Sep 2025 10:47:52 +0200
Subject: [PATCH 1/2] libnvme.wrap: update to latest version

Update libnvme to include support for nvme_insert_tls_key_compat().

Signed-off-by: Hannes Reinecke <hare@suse.de>
---
 subprojects/libnvme.wrap | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/subprojects/libnvme.wrap b/subprojects/libnvme.wrap
index d065a3ff7c..0e83009db7 100644
--- a/subprojects/libnvme.wrap
+++ b/subprojects/libnvme.wrap
@@ -1,6 +1,6 @@
 [wrap-git]
 url = https://github.com/linux-nvme/libnvme.git
-revision = fde6b1f51646f7f0b4a12f61f08e2bb621f01903
+revision = c2a699342fb45cbac99a8f400695bd74f8782342
 
 [provide]
 libnvme = libnvme_dep

From 1a1c09c4f6bb8743d6b9a2bb5ac9dcbf246d5a5e Mon Sep 17 00:00:00 2001
From: Hannes Reinecke <hare@suse.de>
Date: Tue, 19 Aug 2025 15:21:08 +0200
Subject: [PATCH 2/2] nvme: add --compat flag for 'gen-tls-key' and
 'check-tls-key'

Add a '--compat' flag for 'gen-tls-key' and 'check-tls-key' to
allow interoperability with older implementations.

Signed-off-by: Hannes Reinecke <hare@suse.de>
---
 Documentation/nvme-check-tls-key.txt |  6 +++++
 Documentation/nvme-gen-tls-key.txt   |  9 ++++++-
 nvme.c                               | 35 ++++++++++++++++++++++++----
 3 files changed, 44 insertions(+), 6 deletions(-)

diff --git a/Documentation/nvme-check-tls-key.txt b/Documentation/nvme-check-tls-key.txt
index 453293023c..7b2597d0df 100644
--- a/Documentation/nvme-check-tls-key.txt
+++ b/Documentation/nvme-check-tls-key.txt
@@ -16,6 +16,7 @@ SYNOPSIS
 			[--output-format=<fmt> | -o <fmt>]
 			[--identity=<id-vers> | -I <id-vers>]
 			[--insert | -i ]
+			[--compat | -C ]
 			[--keyfile=<keyfile> | -f <keyfile>]
 			[--verbose | -v]
 
@@ -62,6 +63,11 @@ OPTIONS
 --insert:
 	Insert the derived 'retained' key in the keyring.
 
+-C:
+--compat:
+	Use the original algorithm when deriving TLS keys for
+	compatibility with older implentations.
+
 -f <keyfile>
 --keyfile=<keyfile>
 	Append the resulting TLS key to keyfile. This command line option is
diff --git a/Documentation/nvme-gen-tls-key.txt b/Documentation/nvme-gen-tls-key.txt
index ef85b149ff..d474e64f6f 100644
--- a/Documentation/nvme-gen-tls-key.txt
+++ b/Documentation/nvme-gen-tls-key.txt
@@ -16,6 +16,7 @@ SYNOPSIS
 			[--identity=<id-vers> | -I <id-vers>]
 			[--secret=<secret> | -s <secret>]
 			[--insert | -i]
+			[--compat | -C]
 			[--keyfile=<keyfile> | -f <keyfile>]
 			[--output-format=<fmt> | -o <fmt>] [--verbose | -v]
 
@@ -27,7 +28,8 @@ The resulting key is either printed in the PSK interchange format
 'retained' key into the specified keyring if the '--insert' option
 is given.
 When the PSK should be inserted into the keyring a 'retained' key
-is derived from the secret key material. The resulting 'retained'
+is derived from the secret key material using the HKDF-Expand-Label
+algorithm from RFC 8446. The resulting 'retained'
 key is stored with the identity
 'NVMe0R0<hmac> <host NQN> <subsystem NQN>'
 (for identity version '0') or
@@ -82,6 +84,11 @@ OPTIONS
 	Insert the resulting TLS key into the keyring without printing out
 	the key in PSK interchange format.
 
+-C:
+--compat:
+	Use the original non-RFC 8446 compliant algorithm when
+	deriving TLS keys for compatibility with older implentations.
+
 -f <keyfile>
 --keyfile=<keyfile>
 	Append the resulting TLS key to keyfile. This command line option is
diff --git a/nvme.c b/nvme.c
index b3cd538b0c..ea5a57f1dd 100644
--- a/nvme.c
+++ b/nvme.c
@@ -9757,6 +9757,7 @@ static int gen_tls_key(int argc, char **argv, struct command *command, struct pl
 	const char *keytype = "Key type of the retained key.";
 	const char *insert = "Insert retained key into the keyring.";
 	const char *keyfile = "Update key file with the derive TLS PSK.";
+	const char *compat = "Use compatibility algorithm for HKDF-Expand-Label.";
 
 	_cleanup_free_ unsigned char *raw_secret = NULL;
 	_cleanup_free_ char *encoded_key = NULL;
@@ -9775,6 +9776,7 @@ static int gen_tls_key(int argc, char **argv, struct command *command, struct pl
 		unsigned char	hmac;
 		unsigned char	version;
 		bool		insert;
+		bool		compat;
 	};
 
 	struct config cfg = {
@@ -9787,6 +9789,7 @@ static int gen_tls_key(int argc, char **argv, struct command *command, struct pl
 		.hmac		= 1,
 		.version	= 0,
 		.insert		= false,
+		.compat		= false,
 	};
 
 	NVME_ARGS(opts,
@@ -9798,7 +9801,8 @@ static int gen_tls_key(int argc, char **argv, struct command *command, struct pl
 		  OPT_STR("keyfile",	'f', &cfg.keyfile,	keyfile),
 		  OPT_BYTE("hmac",	'm', &cfg.hmac,		hmac),
 		  OPT_BYTE("identity",	'I', &cfg.version,	version),
-		  OPT_FLAG("insert",	'i', &cfg.insert,	insert));
+		  OPT_FLAG("insert",	'i', &cfg.insert,	insert),
+		  OPT_FLAG("compat",	'C', &cfg.compat,	compat));
 
 	err = parse_args(argc, argv, desc, opts);
 	if (err)
@@ -9859,7 +9863,13 @@ static int gen_tls_key(int argc, char **argv, struct command *command, struct pl
 	printf("%s\n", encoded_key);
 
 	if (cfg.insert) {
-		tls_key = nvme_insert_tls_key_versioned(cfg.keyring,
+		if (cfg.compat)
+			tls_key = nvme_insert_tls_key_compat(cfg.keyring,
+					cfg.keytype, cfg.hostnqn,
+					cfg.subsysnqn, cfg.version,
+					cfg.hmac, raw_secret, key_len);
+		else
+			tls_key = nvme_insert_tls_key_versioned(cfg.keyring,
 					cfg.keytype, cfg.hostnqn,
 					cfg.subsysnqn, cfg.version,
 					cfg.hmac, raw_secret, key_len);
@@ -9891,6 +9901,7 @@ static int check_tls_key(int argc, char **argv, struct command *command, struct
 	const char *keytype = "Key type of the retained key.";
 	const char *insert = "Insert retained key into the keyring.";
 	const char *keyfile = "Update key file with the derive TLS PSK.";
+	const char *compat = "Use compatibility algorithm for HKDF-Expand-Label.";
 
 	_cleanup_free_ unsigned char *decoded_key = NULL;
 	_cleanup_free_ char *hnqn = NULL;
@@ -9906,6 +9917,7 @@ static int check_tls_key(int argc, char **argv, struct command *command, struct
 		char		*keyfile;
 		unsigned char	identity;
 		bool		insert;
+		bool		compat;
 	};
 
 	struct config cfg = {
@@ -9917,6 +9929,7 @@ static int check_tls_key(int argc, char **argv, struct command *command, struct
 		.keyfile	= NULL,
 		.identity	= 0,
 		.insert		= false,
+		.compat		= false,
 	};
 
 	NVME_ARGS(opts,
@@ -9927,7 +9940,8 @@ static int check_tls_key(int argc, char **argv, struct command *command, struct
 		  OPT_STR("keydata",	'd', &cfg.keydata,	keydata),
 		  OPT_STR("keyfile",	'f', &cfg.keyfile,	keyfile),
 		  OPT_BYTE("identity",	'I', &cfg.identity,	identity),
-		  OPT_FLAG("insert",	'i', &cfg.insert,	insert));
+		  OPT_FLAG("insert",	'i', &cfg.insert,	insert),
+		  OPT_FLAG("compat",	'C', &cfg.compat,	compat));
 
 	err = parse_args(argc, argv, desc, opts);
 	if (err)
@@ -9963,7 +9977,13 @@ static int check_tls_key(int argc, char **argv, struct command *command, struct
 	}
 
 	if (cfg.insert) {
-		tls_key = nvme_insert_tls_key_versioned(cfg.keyring,
+		if (cfg.compat)
+			tls_key = nvme_insert_tls_key_compat(cfg.keyring,
+					cfg.keytype, cfg.hostnqn,
+					cfg.subsysnqn, cfg.identity,
+					hmac, decoded_key, decoded_len);
+		else
+			tls_key = nvme_insert_tls_key_versioned(cfg.keyring,
 					cfg.keytype, cfg.hostnqn,
 					cfg.subsysnqn, cfg.identity,
 					hmac, decoded_key, decoded_len);
@@ -9981,7 +10001,12 @@ static int check_tls_key(int argc, char **argv, struct command *command, struct
 	} else {
 		_cleanup_free_ char *tls_id = NULL;
 
-		tls_id = nvme_generate_tls_key_identity(cfg.hostnqn,
+		if (cfg.compat)
+			tls_id = nvme_generate_tls_key_identity_compat(cfg.hostnqn,
+					cfg.subsysnqn, cfg.identity,
+					hmac, decoded_key, decoded_len);
+		else
+			tls_id = nvme_generate_tls_key_identity(cfg.hostnqn,
 					cfg.subsysnqn, cfg.identity,
 					hmac, decoded_key, decoded_len);
 		if (!tls_id) {