[PATCHv5 00/12] nvme: In-band authentication support

Hannes Reinecke hare at suse.de
Mon Nov 15 03:34:41 PST 2021


On 11/15/21 11:20 AM, Sagi Grimberg wrote:
> 
>>>> Changes to v4:
>>>> - Validate against blktest suite
>>>
>>> Nice! thanks hannes, this is going to be very useful moving
>>> forward.
>>>
>> Oh, definitely. The number of issue these tests found...
> 
> Great, good that this was useful for you.
> 
>>>> - Fixup base64 decoding
>>>
>>> What was fixed up there?
>>>
>> The padding character '=' wasn't handled correctly on decoding (the
>> character itself was skipped, by the 'bits' value wasn't increased,
>> leading to a spurious error in decoding an any key longer than 32 bit
>> not being accepted.
> 
> I see.
> 
>>>> - Transform secret with correct hmac algorithm
>>>
>>> Is that what I reported last time? Can you perhaps
>>> point me to the exact patch that fixes this?
>>
>> Well, no, not really; the patch itself got squashed in the main patches.
>> But problem here was that the key transformation from section 8.13.5.7
>> had been using the hash algorithm from the initial challenge, not the
>> one specified in the key itself.
>> This lead to decoding errors when using a key with a different length
>> than the hash algorithm.
> 
> That is exactly what I reported, changing the key length leads to
> authentication errors.

Right-o. So it should be sorted then.

BTW, I've created a pull request for nvme-cli
(https://github.com/linux-nvme/nvme-cli/pull/1237)
to add a new command-line option 'dump-config'; can you check if that's
what you had in mind or whether it needs to be improved further?

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		           Kernel Storage Architect
hare at suse.de			                  +49 911 74053 688
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), GF: Felix Imendörffer



More information about the Linux-nvme mailing list