[PATCHv5 00/12] nvme: In-band authentication support
Sagi Grimberg
sagi at grimberg.me
Mon Nov 15 02:20:16 PST 2021
>>> Changes to v4:
>>> - Validate against blktest suite
>>
>> Nice! thanks hannes, this is going to be very useful moving
>> forward.
>>
> Oh, definitely. The number of issue these tests found...
Great, good that this was useful for you.
>>> - Fixup base64 decoding
>>
>> What was fixed up there?
>>
> The padding character '=' wasn't handled correctly on decoding (the
> character itself was skipped, by the 'bits' value wasn't increased,
> leading to a spurious error in decoding an any key longer than 32 bit
> not being accepted.
I see.
>>> - Transform secret with correct hmac algorithm
>>
>> Is that what I reported last time? Can you perhaps
>> point me to the exact patch that fixes this?
>
> Well, no, not really; the patch itself got squashed in the main patches.
> But problem here was that the key transformation from section 8.13.5.7
> had been using the hash algorithm from the initial challenge, not the
> one specified in the key itself.
> This lead to decoding errors when using a key with a different length
> than the hash algorithm.
That is exactly what I reported, changing the key length leads to
authentication errors.
More information about the Linux-nvme
mailing list