[PATCHv14 00/11] nvme: In-band authentication support

Hannes Reinecke hare at suse.de
Wed Jun 8 23:20:55 PDT 2022 

On 6/9/22 08:08, Hannes Reinecke wrote:
> On 6/9/22 03:13, Chaitanya Kulkarni wrote:
>> On 6/8/22 07:45, Hannes Reinecke wrote:
>>> Hi all,
>>>
>>> recent updates to the NVMe spec have added definitions for in-band
>>> authentication, and seeing that it provides some real benefit
>>> especially for NVMe-TCP here's an attempt to implement it.
>>>
>>> Thanks to Nicolai Stange the crypto DH framework has been upgraded
>>> to provide us with a FFDHE implementation; I've updated the patchset
>>> to use the ephemeral key generation provided there.
>>>
>>> Note that this is just for in-band authentication. Secure
>>> concatenation (ie starting TLS with the negotiated parameters)
>>> requires a TLS handshake, which the in-kernel TLS implementation
>>> does not provide. This is being worked on with a different patchset
>>> which is still WIP.
>>>
>>> The nvme-cli support has already been merged; please use the latest
>>> nvme-cli git repository to build the most recent version.
>>>
>>> A copy of this patchset can be found at
>>> git://git.kernel.org/pub/scm/linux/kernel/git/hare/scsi-devel
>>> branch auth.v14
>>>
>>> The patchset is being cut against v5.18.
>>>
>>> As usual, comments and reviews are welcome.
>>>
>>
>>
>> blktests (master) # ./check nvme/039
>> nvme/039 (Create authenticated connections)                  [failed]
>>       runtime  1.400s  ...  1.707s
>>       --- tests/nvme/039.out    2022-06-08 18:09:06.239931529 -0700
>>       +++ /mnt/data/blktests/results/nodev/nvme/039.out.bad    2022-06-08
>> 18:09:40.596663692 -0700
>>       @@ -1,6 +1,7 @@
>>        Running nvme/039
>>       +tests/nvme/rc: line 269: printf: write error: Invalid argument
>>        Test unauthenticated connection
>>       -no controller found
>>       +no controller found: failed to write to nvme-fabrics device
>>        NQN:blktests-subsystem-1 disconnected 0 controller(s)
>>        Test authenticated connection
>>       ...
>>       (Run 'diff -u tests/nvme/039.out > 
>> /mnt/data/blktests/results/nodev/nvme/039.out.bad' to see the entire 
> diff)
> 
> Hmm. Not sure what has happened here, but all blktests worked on my 
> testbed. I'll be rechecking with the latest nvme-cli build.
> 
> Which nvme-cli version did you use?
> 
Retested with latest nvme-cli:

# bash ./check tests/nvme/039
nvme/039 (Create authenticated connections)                  [passed]
     runtime  1.625s  ...  1.667s
# bash ./check tests/nvme/040
nvme/040 (Test dhchap key types for authenticated connections) [passed]
     runtime  10.497s  ...  10.657s

So not sure what is happening at your end; the 'invalid argument' seems 
to indicate that the 'connect' arguments are not understood.
Maybe a missing config option during kernel build?

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                Kernel Storage Architect
hare at suse.de                              +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew
Myers, Andrew McDonald, Martje Boudien Moerman

More information about the Linux-nvme mailing list