[PATCHv18 00/11] nvme: In-band authentication support
Sagi Grimberg
sagi at grimberg.me
Mon Jun 27 05:23:26 PDT 2022
> Hi all,
>
> recent updates to the NVMe spec have added definitions for in-band
> authentication, and seeing that it provides some real benefit
> especially for NVMe-TCP here's an attempt to implement it.
>
> Thanks to Nicolai Stange the crypto DH framework has been upgraded
> to provide us with a FFDHE implementation; I've updated the patchset
> to use the ephemeral key generation provided there.
>
> Note that this is just for in-band authentication. Secure
> concatenation (ie starting TLS with the negotiated parameters)
> requires a TLS handshake, which the in-kernel TLS implementation
> does not provide. This is being worked on with a different patchset
> which is still WIP.
>
> The nvme-cli support has already been merged; please use the latest
> nvme-cli git repository to build the most recent version.
>
> A copy of this patchset can be found at
> git://git.kernel.org/pub/scm/linux/kernel/git/hare/scsi-devel
> branch auth.v17
>
> The patchset is being cut against nvme-5.20.
>
> As usual, comments and reviews are welcome.
Thanks Hannes, will take this for a test drive as well.
Can you please respin the blktest set with additional
tests to fail bad dhchap_ctrl_key?
Thanks,
Sagi
More information about the Linux-nvme
mailing list