[PATCHv5 00/12] nvme: In-band authentication support
Sagi Grimberg
sagi at grimberg.me
Sun Nov 14 02:40:33 PST 2021
On 11/12/21 2:59 PM, Hannes Reinecke wrote:
> Hi all,
>
> recent updates to the NVMe spec have added definitions for in-band
> authentication, and seeing that it provides some real benefit
> especially for NVMe-TCP here's an attempt to implement it.
>
> Tricky bit here is that the specification orients itself on TLS 1.3,
> but supports only the FFDHE groups. Which of course the kernel doesn't
> support. I've been able to come up with a patch for this, but as this
> is my first attempt to fix anything in the crypto area I would invite
> people more familiar with these matters to have a look.
>
> Also note that this is just for in-band authentication. Secure
> concatenation (ie starting TLS with the negotiated parameters) is not
> implemented; one would need to update the kernel TLS implementation
> for this, which at this time is beyond scope.
>
> As usual, comments and reviews are welcome.
>
> Changes to v4:
> - Validate against blktest suite
Nice! thanks hannes, this is going to be very useful moving
forward.
> - Fixup base64 decoding
What was fixed up there?
> - Transform secret with correct hmac algorithm
Is that what I reported last time? Can you perhaps
point me to the exact patch that fixes this?
More information about the Linux-nvme
mailing list