Re: [RFC PATCH 00/11] nvme: In-band authentication support

[RFC PATCH 00/11] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-07-16
[PATCH 01/11] crypto: add crypto_has_shash() · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 01/11] crypto: add crypto_has_shash() · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
[PATCH 02/11] crypto: add crypto_has_kpp() · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 02/11] crypto: add crypto_has_kpp() · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
[PATCH 08/11] nvmet: Parse fabrics commands on all queues · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 08/11] nvmet: Parse fabrics commands on all queues · Sagi Grimberg <sagi@grimberg.me> · 2021-07-19
[PATCH 04/11] lib/base64: RFC4648-compliant base64 encoding · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 04/11] lib/base64: RFC4648-compliant base64 encoding · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
Re: [PATCH 04/11] lib/base64: RFC4648-compliant base64 encoding · Hannes Reinecke <hare@suse.de> · 2021-07-17
Re: [PATCH 04/11] lib/base64: RFC4648-compliant base64 encoding · Eric Biggers <ebiggers@kernel.org> · 2021-07-17
Re: [PATCH 04/11] lib/base64: RFC4648-compliant base64 encoding · Eric Biggers <ebiggers@kernel.org> · 2021-07-17
[PATCH 05/11] nvme: add definitions for NVMe In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 05/11] nvme: add definitions for NVMe In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
Re: [PATCH 05/11] nvme: add definitions for NVMe In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-17
Re: [PATCH 05/11] nvme: add definitions for NVMe In-Band authentication · Vladislav Bolkhovitin <hidden> · 2021-07-20
[PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms · Hannes Reinecke <hare@suse.de> · 2021-07-18
Re: [PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms · Sagi Grimberg <sagi@grimberg.me> · 2021-07-19
Re: [PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms · Hannes Reinecke <hare@suse.de> · 2021-07-19
[PATCH 10/11] nvmet-auth: implement support for augmented challenge · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 10/11] nvmet-auth: implement support for augmented challenge · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 10/11] nvmet-auth: implement support for augmented challenge · Hannes Reinecke <hare@suse.de> · 2021-07-18
[PATCH 07/11] nvme-auth: augmented challenge support · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 07/11] nvme-auth: augmented challenge support · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 07/11] nvme-auth: augmented challenge support · Hannes Reinecke <hare@suse.de> · 2021-07-18
Re: [PATCH 07/11] nvme-auth: augmented challenge support · Stephan Müller <hidden> · 2021-07-18
Re: [PATCH 07/11] nvme-auth: augmented challenge support · Sagi Grimberg <sagi@grimberg.me> · 2021-07-19
Re: [PATCH 07/11] nvme-auth: augmented challenge support · Hannes Reinecke <hare@suse.de> · 2021-07-20
[PATCH 06/11] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-18
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-07-19
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Vladislav Bolkhovitin <hidden> · 2021-07-20
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-21
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-18
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Stephan Müller <hidden> · 2021-07-18
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Vladislav Bolkhovitin <hidden> · 2021-07-20
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-21
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Vladislav Bolkhovitin <hidden> · 2021-07-21
[PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
Re: [PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Hannes Reinecke <hare@suse.de> · 2021-07-17
Re: [PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Hannes Reinecke <hare@suse.de> · 2021-07-18
[PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-18
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Müller <hidden> · 2021-07-18
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Mueller <hidden> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Mueller <hidden> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Mueller <hidden> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-20
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Simo Sorce <hidden> · 2021-07-20
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-20
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Simo Sorce <hidden> · 2021-07-20
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Mueller <hidden> · 2021-07-20
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Vladislav Bolkhovitin <hidden> · 2021-07-23
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Herbert Xu <herbert@gondor.apana.org.au> · 2021-07-18
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-20
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Simo Sorce <hidden> · 2021-07-19
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-07-19
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Vladislav Bolkhovitin <hidden> · 2021-07-20
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-07-21
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Vladislav Bolkhovitin <hidden> · 2021-07-21
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Vladislav Bolkhovitin <hidden> · 2021-07-23
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-07-24

From: Simo Sorce <hidden>
Date: 2021-07-19 10:04:40
Also in: linux-crypto

On Fri, 2021-07-16 at 13:04 +0200, Hannes Reinecke wrote:

Hi all,

recent updates to the NVMe spec have added definitions for in-band
authentication, and seeing that it provides some real benefit especially
for NVMe-TCP here's an attempt to implement it.

Tricky bit here is that the specification orients itself on TLS 1.3,
but supports only the FFDHE groups. Which of course the kernel doesn't
support. I've been able to come up with a patch for this, but as this
is my first attempt to fix anything in the crypto area I would invite
people more familiar with these matters to have a look.

Also note that this is just for in-band authentication. Secure concatenation
(ie starting TLS with the negotiated parameters) is not implemented; one would
need to update the kernel TLS implementation for this, which at this time is
beyond scope.

As usual, comments and reviews are welcome.

Hi Hannes,
could you please reference the specific standards that describe the
NVMe authentication protocols?

Thanks,
Simo.

-- 
Simo Sorce
RHEL Crypto Team
Red Hat, Inc





_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help