Thread (34 messages) 34 messages, 3 authors, 2021-11-23

Re: [PATCHv6 00/12] nvme: In-band authentication support

From: Hannes Reinecke <hare@suse.de>
Date: 2021-11-22 09:05:12
Also in: linux-nvme

On 11/22/21 9:13 AM, Sagi Grimberg wrote:

On 11/22/21 9:47 AM, Hannes Reinecke wrote:
quoted
Hi all,

recent updates to the NVMe spec have added definitions for in-band
authentication, and seeing that it provides some real benefit
especially for NVMe-TCP here's an attempt to implement it.

Tricky bit here is that the specification orients itself on TLS 1.3,
but supports only the FFDHE groups. Which of course the kernel doesn't
support. I've been able to come up with a patch for this, but as this
is my first attempt to fix anything in the crypto area I would invite
people more familiar with these matters to have a look.

Also note that this is just for in-band authentication. Secure
concatenation (ie starting TLS with the negotiated parameters) is not
implemented; one would need to update the kernel TLS implementation
for this, which at this time is beyond scope.

As usual, comments and reviews are welcome.

Changes to v5:
- Unify nvme_auth_generate_key()
- Unify nvme_auth_extract_key()
You mean nvme_auth_extract_secret() ?
Yes.
quoted
- Include reviews from Sagi
What about the bug fix folded in?
Yeah, and that, to
Forgot to mention it.

Also note that I've already folded the nvme-cli patches into the git
repository to ease testing; I gather that the interface won't change
that much anymore, so I felt justified in doing so.
And I got tired of explaining to interested parties how to build a
non-standard nvme-cli :-)
But that's why I didn't post separate patches for nvme-cli.

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		        Kernel Storage Architect
hare@suse.de			               +49 911 74053 688
SUSE Software Solutions Germany GmbH, 90409 Nürnberg
GF: F. Imendörffer, HRB 36809 (AG Nürnberg)
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help