[RFC PATCH 00/11] nvme: In-band authentication support
Simo Sorce
simo at redhat.com
Mon Jul 19 03:02:38 PDT 2021
On Fri, 2021-07-16 at 13:04 +0200, Hannes Reinecke wrote:
> Hi all,
>
> recent updates to the NVMe spec have added definitions for in-band
> authentication, and seeing that it provides some real benefit especially
> for NVMe-TCP here's an attempt to implement it.
>
> Tricky bit here is that the specification orients itself on TLS 1.3,
> but supports only the FFDHE groups. Which of course the kernel doesn't
> support. I've been able to come up with a patch for this, but as this
> is my first attempt to fix anything in the crypto area I would invite
> people more familiar with these matters to have a look.
>
> Also note that this is just for in-band authentication. Secure concatenation
> (ie starting TLS with the negotiated parameters) is not implemented; one would
> need to update the kernel TLS implementation for this, which at this time is
> beyond scope.
>
> As usual, comments and reviews are welcome.
Hi Hannes,
could you please reference the specific standards that describe the
NVMe authentication protocols?
Thanks,
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
More information about the Linux-nvme
mailing list