Re: [PATCHv6 00/12] nvme: In-band authentication support
From: Sagi Grimberg <sagi@grimberg.me>
Date: 2021-11-22 12:04:58
Also in:
linux-nvme
quoted
quoted
Hi all, recent updates to the NVMe spec have added definitions for in-band authentication, and seeing that it provides some real benefit especially for NVMe-TCP here's an attempt to implement it. Tricky bit here is that the specification orients itself on TLS 1.3, but supports only the FFDHE groups. Which of course the kernel doesn't support. I've been able to come up with a patch for this, but as this is my first attempt to fix anything in the crypto area I would invite people more familiar with these matters to have a look. Also note that this is just for in-band authentication. Secure concatenation (ie starting TLS with the negotiated parameters) is not implemented; one would need to update the kernel TLS implementation for this, which at this time is beyond scope. As usual, comments and reviews are welcome. Changes to v5: - Unify nvme_auth_generate_key() - Unify nvme_auth_extract_key()You mean nvme_auth_extract_secret() ?Yes.quoted
quoted
- Include reviews from SagiWhat about the bug fix folded in?Yeah, and that, to Forgot to mention it.
It is not the code that you shared in the other thread right?
Also note that I've already folded the nvme-cli patches into the git repository to ease testing; I gather that the interface won't change that much anymore, so I felt justified in doing so.
It's ok, we can still change if we want to.