Re: [PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms

[RFC PATCH 00/11] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-07-16
[PATCH 01/11] crypto: add crypto_has_shash() · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 01/11] crypto: add crypto_has_shash() · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
[PATCH 02/11] crypto: add crypto_has_kpp() · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 02/11] crypto: add crypto_has_kpp() · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
[PATCH 08/11] nvmet: Parse fabrics commands on all queues · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 08/11] nvmet: Parse fabrics commands on all queues · Sagi Grimberg <sagi@grimberg.me> · 2021-07-19
[PATCH 04/11] lib/base64: RFC4648-compliant base64 encoding · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 04/11] lib/base64: RFC4648-compliant base64 encoding · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
Re: [PATCH 04/11] lib/base64: RFC4648-compliant base64 encoding · Hannes Reinecke <hare@suse.de> · 2021-07-17
Re: [PATCH 04/11] lib/base64: RFC4648-compliant base64 encoding · Eric Biggers <ebiggers@kernel.org> · 2021-07-17
Re: [PATCH 04/11] lib/base64: RFC4648-compliant base64 encoding · Eric Biggers <ebiggers@kernel.org> · 2021-07-17
[PATCH 05/11] nvme: add definitions for NVMe In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 05/11] nvme: add definitions for NVMe In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
Re: [PATCH 05/11] nvme: add definitions for NVMe In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-17
Re: [PATCH 05/11] nvme: add definitions for NVMe In-Band authentication · Vladislav Bolkhovitin <hidden> · 2021-07-20
[PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms · Hannes Reinecke <hare@suse.de> · 2021-07-18
Re: [PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms · Sagi Grimberg <sagi@grimberg.me> · 2021-07-19
Re: [PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms · Hannes Reinecke <hare@suse.de> · 2021-07-19
[PATCH 10/11] nvmet-auth: implement support for augmented challenge · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 10/11] nvmet-auth: implement support for augmented challenge · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 10/11] nvmet-auth: implement support for augmented challenge · Hannes Reinecke <hare@suse.de> · 2021-07-18
[PATCH 07/11] nvme-auth: augmented challenge support · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 07/11] nvme-auth: augmented challenge support · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 07/11] nvme-auth: augmented challenge support · Hannes Reinecke <hare@suse.de> · 2021-07-18
Re: [PATCH 07/11] nvme-auth: augmented challenge support · Stephan Müller <hidden> · 2021-07-18
Re: [PATCH 07/11] nvme-auth: augmented challenge support · Sagi Grimberg <sagi@grimberg.me> · 2021-07-19
Re: [PATCH 07/11] nvme-auth: augmented challenge support · Hannes Reinecke <hare@suse.de> · 2021-07-20
[PATCH 06/11] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-18
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-07-19
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Vladislav Bolkhovitin <hidden> · 2021-07-20
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-21
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-18
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Stephan Müller <hidden> · 2021-07-18
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Vladislav Bolkhovitin <hidden> · 2021-07-20
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-21
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Vladislav Bolkhovitin <hidden> · 2021-07-21
[PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
Re: [PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Hannes Reinecke <hare@suse.de> · 2021-07-17
Re: [PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Hannes Reinecke <hare@suse.de> · 2021-07-18
[PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-18
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Müller <hidden> · 2021-07-18
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Mueller <hidden> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Mueller <hidden> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Mueller <hidden> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-20
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Simo Sorce <hidden> · 2021-07-20
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-20
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Simo Sorce <hidden> · 2021-07-20
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Mueller <hidden> · 2021-07-20
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Vladislav Bolkhovitin <hidden> · 2021-07-23
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Herbert Xu <herbert@gondor.apana.org.au> · 2021-07-18
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-20
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Simo Sorce <hidden> · 2021-07-19
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-07-19
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Vladislav Bolkhovitin <hidden> · 2021-07-20
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-07-21
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Vladislav Bolkhovitin <hidden> · 2021-07-21
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Vladislav Bolkhovitin <hidden> · 2021-07-23
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-07-24

From: Hannes Reinecke <hare@suse.de>
Date: 2021-07-19 09:57:14
Also in: linux-nvme

On 7/19/21 11:23 AM, Sagi Grimberg wrote:

quoted

TLS 1.3 specifies ECDH and curve25517 in addition to the FFDHE
groups, and these are already implemented in the kernel.

So?

quoted

So add support for these non-standard groups for NVMe in-band
authentication to validate the augmented challenge implementation.

Why? why should users come to expect controllers to support it?

Having ECDH and curve25517 algorithms (which are known-good
implementations) allows one to validate the ffdhe implementation, ie to
ensure that the remainder of the protocol works as designed, even if the
ffdhe implementation might not.
And one could argue that TLS1.3 specifies all of these algorithms, so
NVMe with it's explicit reference to TLS should do so, too.

But I don't insist on it; it's just nice for debugging, that's all.

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		           Kernel Storage Architect
hare@suse.de			                  +49 911 74053 688
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), GF: Felix Imendörffer

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help