[PATCHv18 00/11] nvme: In-band authentication support

Chaitanya Kulkarni chaitanyak at nvidia.com
Mon Jun 27 14:34:16 PDT 2022 

On 6/27/22 02:51, Hannes Reinecke wrote:
> Hi all,
> 
> recent updates to the NVMe spec have added definitions for in-band
> authentication, and seeing that it provides some real benefit
> especially for NVMe-TCP here's an attempt to implement it.
> 
> Thanks to Nicolai Stange the crypto DH framework has been upgraded
> to provide us with a FFDHE implementation; I've updated the patchset
> to use the ephemeral key generation provided there.
> 
> Note that this is just for in-band authentication. Secure
> concatenation (ie starting TLS with the negotiated parameters)
> requires a TLS handshake, which the in-kernel TLS implementation
> does not provide. This is being worked on with a different patchset
> which is still WIP.
> 
> The nvme-cli support has already been merged; please use the latest
> nvme-cli git repository to build the most recent version.
> 
> A copy of this patchset can be found at
> git://git.kernel.org/pub/scm/linux/kernel/git/hare/scsi-devel
> branch auth.v17
> 
> The patchset is being cut against nvme-5.20.
> 

I was able to run the V5 of blktets on this version see log below.

I am seeing few error messages when I run with tcp and loop,
please have a look to make sure they are the expected ones.

In case they are expected ones lets filter them out since it will
create confusion and people will start reporting these issues.

-ck

--------------------------------------------------
Runnig  testcase 40


+ nvme_trtype=loop
+ ./check tests/nvme/040
nvme/040 (Create authenticated connections)                  [passed]
     runtime  0.373s  ...  0.647s
+ set +x
[ 1037.027468] nvme nvme1: qid 0: authentication setup failed


--------------------------------------------------
Runnig  testcase 41


+ nvme_trtype=loop
+ ./check tests/nvme/041
nvme/041 (Test dhchap key types for authenticated connections) [passed]
     runtime  2.252s  ...  4.285s
+ set +x


--------------------------------------------------
Runnig  testcase 42


+ nvme_trtype=loop
+ ./check tests/nvme/042
nvme/042 (Test hash and DH group variations for authenticated 
connections) [passed]
     runtime  0.679s  ...  3.039s
+ set +x


--------------------------------------------------
Runnig  testcase 43


+ nvme_trtype=loop
+ ./check tests/nvme/043
nvme/043 (Test bi-directional authentication)                [passed]
     runtime  1.301s  ...  1.904s
+ set +x
[ 1046.325404] nvme nvme1: qid 0: controller authentication failed
[ 1046.325416] nvmet: ctrl 1 fatal error occurred!
[ 1046.325438] nvme nvme1: qid 0: authentication failed


--------------------------------------------------
Runnig  testcase 44


+ nvme_trtype=loop
+ ./check tests/nvme/044
nvme/044 (Test re-authentication)                            [passed]
     runtime  3.710s  ...  3.904s
+ set +x


--------------------------------------------------
Runnig  testcase 40


+ nvme_trtype=tcp
+ ./check tests/nvme/040
nvme/040 (Create authenticated connections)                  [passed]
     runtime  0.647s  ...  0.348s
+ set +x
[ 1051.464939] nvme nvme1: qid 0: authentication setup failed
[ 1051.464961] nvme nvme1: failed to connect queue: 0 ret=401


--------------------------------------------------
Runnig  testcase 41


+ nvme_trtype=tcp
+ ./check tests/nvme/041
nvme/041 (Test dhchap key types for authenticated connections) [passed]
     runtime  4.285s  ...  2.262s
+ set +x


--------------------------------------------------
Runnig  testcase 42


+ nvme_trtype=tcp
+ ./check tests/nvme/042
nvme/042 (Test hash and DH group variations for authenticated 
connections) [passed]
     runtime  3.039s  ...  0.655s
+ set +x


--------------------------------------------------
Runnig  testcase 43


+ nvme_trtype=tcp
+ ./check tests/nvme/043
nvme/043 (Test bi-directional authentication)                [passed]
     runtime  1.904s  ...  1.299s
+ set +x
[ 1055.784206] nvme nvme1: qid 0: controller authentication failed
[ 1055.784257] nvmet: ctrl 2 fatal error occurred!
[ 1055.784274] nvme nvme1: qid 0: authentication failed
[ 1055.784327] nvme nvme1: failed to connect queue: 0 ret=401


--------------------------------------------------
Runnig  testcase 44


+ nvme_trtype=tcp
+ ./check tests/nvme/044
nvme/044 (Test re-authentication)                            [passed]
     runtime  3.904s  ...  3.689s
+ set +x

More information about the Linux-nvme mailing list