Re: [PATCHv5 00/12] nvme: In-band authentication support
From: Hannes Reinecke <hare@suse.de>
Date: 2021-11-15 11:35:05
Also in:
linux-nvme
On 11/15/21 11:20 AM, Sagi Grimberg wrote:
quoted
quoted
quoted
Changes to v4: - Validate against blktest suiteNice! thanks hannes, this is going to be very useful moving forward.Oh, definitely. The number of issue these tests found...Great, good that this was useful for you.quoted
quoted
quoted
- Fixup base64 decodingWhat was fixed up there?The padding character '=' wasn't handled correctly on decoding (the character itself was skipped, by the 'bits' value wasn't increased, leading to a spurious error in decoding an any key longer than 32 bit not being accepted.I see.quoted
quoted
quoted
- Transform secret with correct hmac algorithmIs that what I reported last time? Can you perhaps point me to the exact patch that fixes this?Well, no, not really; the patch itself got squashed in the main patches. But problem here was that the key transformation from section 8.13.5.7 had been using the hash algorithm from the initial challenge, not the one specified in the key itself. This lead to decoding errors when using a key with a different length than the hash algorithm.That is exactly what I reported, changing the key length leads to authentication errors.
Right-o. So it should be sorted then. BTW, I've created a pull request for nvme-cli (https://github.com/linux-nvme/nvme-cli/pull/1237) to add a new command-line option 'dump-config'; can you check if that's what you had in mind or whether it needs to be improved further? Cheers, Hannes -- Dr. Hannes Reinecke Kernel Storage Architect hare@suse.de +49 911 74053 688 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg HRB 36809 (AG Nürnberg), GF: Felix Imendörffer