Re: [PATCH 10/12] nvmet: Implement basic In-Band Authentication

[PATCHv3 00/12] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-09-10
[PATCH 09/12] nvmet: Parse fabrics commands on all queues · Hannes Reinecke <hare@suse.de> · 2021-09-10
Re: [PATCH 09/12] nvmet: Parse fabrics commands on all queues · Sagi Grimberg <sagi@grimberg.me> · 2021-09-13
[PATCH 02/12] crypto: add crypto_has_kpp() · Hannes Reinecke <hare@suse.de> · 2021-09-10
Re: [PATCH 02/12] crypto: add crypto_has_kpp() · Sagi Grimberg <sagi@grimberg.me> · 2021-09-13
Re: [PATCH 02/12] crypto: add crypto_has_kpp() · Chaitanya Kulkarni <hidden> · 2021-09-16
[PATCH 06/12] nvme-fabrics: decode 'authentication required' connect error · Hannes Reinecke <hare@suse.de> · 2021-09-10
Re: [PATCH 06/12] nvme-fabrics: decode 'authentication required' connect error · Sagi Grimberg <sagi@grimberg.me> · 2021-09-13
Re: [PATCH 06/12] nvme-fabrics: decode 'authentication required' connect error · Chaitanya Kulkarni <hidden> · 2021-09-16
[PATCH 01/12] crypto: add crypto_has_shash() · Hannes Reinecke <hare@suse.de> · 2021-09-10
Re: [PATCH 01/12] crypto: add crypto_has_shash() · Sagi Grimberg <sagi@grimberg.me> · 2021-09-13
Re: [PATCH 01/12] crypto: add crypto_has_shash() · Chaitanya Kulkarni <hidden> · 2021-09-16
[PATCH 05/12] nvme: add definitions for NVMe In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-09-10
Re: [PATCH 05/12] nvme: add definitions for NVMe In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-09-13
Re: [PATCH 05/12] nvme: add definitions for NVMe In-Band authentication · Chaitanya Kulkarni <hidden> · 2021-09-16
Re: [PATCH 05/12] nvme: add definitions for NVMe In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-09-17
[PATCH 08/12] nvme-auth: Diffie-Hellman key exchange support · Hannes Reinecke <hare@suse.de> · 2021-09-10
[PATCH 04/12] lib/base64: RFC4648-compliant base64 encoding · Hannes Reinecke <hare@suse.de> · 2021-09-10
[PATCH 12/12] nvmet-auth: expire authentication sessions · Hannes Reinecke <hare@suse.de> · 2021-09-10
[PATCH 11/12] nvmet-auth: Diffie-Hellman key exchange support · Hannes Reinecke <hare@suse.de> · 2021-09-10
[PATCH 03/12] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Hannes Reinecke <hare@suse.de> · 2021-09-10
[PATCH 10/12] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-09-10
Re: [PATCH 10/12] nvmet: Implement basic In-Band Authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-09-26
Re: [PATCH 10/12] nvmet: Implement basic In-Band Authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-09-26
Re: [PATCH 10/12] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-09-27
Re: [PATCH 10/12] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-09-27
Re: [PATCH 10/12] nvmet: Implement basic In-Band Authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-09-27
Re: [PATCH 10/12] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-09-27
Re: [PATCH 10/12] nvmet: Implement basic In-Band Authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-09-28
Re: [PATCH 10/12] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-09-29
[PATCH 07/12] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-09-10
Re: [PATCH 07/12] nvme: Implement In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-09-13
Re: [PATCH 07/12] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-09-13
Re: [PATCH 07/12] nvme: Implement In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-09-14
Re: [PATCH 07/12] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-09-14
Re: [PATCH 07/12] nvme: Implement In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-09-26
Re: [PATCH 07/12] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-09-27
Re: [PATCH 07/12] nvme: Implement In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-09-27
Re: [PATCH 07/12] nvme: Implement In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-09-26
Re: [PATCH 07/12] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-09-27
Re: [PATCH 07/12] nvme: Implement In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-09-27
Re: [PATCHv3 00/12] nvme: In-band authentication support · Sagi Grimberg <sagi@grimberg.me> · 2021-09-13
Re: [PATCHv3 00/12] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-09-13
Re: [PATCHv3 00/12] nvme: In-band authentication support · Sagi Grimberg <sagi@grimberg.me> · 2021-09-19

From: Sagi Grimberg <sagi@grimberg.me>
Date: 2021-09-28 23:21:30
Also in: linux-nvme

quoted

Actually, having re-read the spec I'm not sure if the second path is
correct.
As per spec only the _host_ can trigger re-authentication. There is no
provision for the controller to trigger re-authentication, and given
that re-auth is a soft-state anyway (ie the current authentication
stays valid until re-auth enters a final state) I _think_ we should be
good with the current implementation, where we can change the
controller keys
via configfs, but they will only become active once the host triggers
re-authentication.

Agree, so the proposed addition is good with you?

Why would we need it?
I do agree there's a bit missing for removing the old shash_tfm if there
is a hash-id mismatch, but why would we need to reset the entire
authentication?

Just need to update the new host dhchap_key from the host at this point
as the host is doing a re-authentication. I agree we don't need a big
hammer but we do need the re-authentication to not access old host
dhchap_key.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help