[PATCHv14 00/11] nvme: In-band authentication support
Chaitanya Kulkarni
chaitanyak at nvidia.com
Wed Jun 8 18:13:11 PDT 2022
On 6/8/22 07:45, Hannes Reinecke wrote:
> Hi all,
>
> recent updates to the NVMe spec have added definitions for in-band
> authentication, and seeing that it provides some real benefit
> especially for NVMe-TCP here's an attempt to implement it.
>
> Thanks to Nicolai Stange the crypto DH framework has been upgraded
> to provide us with a FFDHE implementation; I've updated the patchset
> to use the ephemeral key generation provided there.
>
> Note that this is just for in-band authentication. Secure
> concatenation (ie starting TLS with the negotiated parameters)
> requires a TLS handshake, which the in-kernel TLS implementation
> does not provide. This is being worked on with a different patchset
> which is still WIP.
>
> The nvme-cli support has already been merged; please use the latest
> nvme-cli git repository to build the most recent version.
>
> A copy of this patchset can be found at
> git://git.kernel.org/pub/scm/linux/kernel/git/hare/scsi-devel
> branch auth.v14
>
> The patchset is being cut against v5.18.
>
> As usual, comments and reviews are welcome.
>
blktests (master) # ./check nvme/039
nvme/039 (Create authenticated connections) [failed]
runtime 1.400s ... 1.707s
--- tests/nvme/039.out 2022-06-08 18:09:06.239931529 -0700
+++ /mnt/data/blktests/results/nodev/nvme/039.out.bad 2022-06-08
18:09:40.596663692 -0700
@@ -1,6 +1,7 @@
Running nvme/039
+tests/nvme/rc: line 269: printf: write error: Invalid argument
Test unauthenticated connection
-no controller found
+no controller found: failed to write to nvme-fabrics device
NQN:blktests-subsystem-1 disconnected 0 controller(s)
Test authenticated connection
...
(Run 'diff -u tests/nvme/039.out
/mnt/data/blktests/results/nodev/nvme/039.out.bad' to see the entire diff)
blktests (master) # ./check nvme/040
nvme/040 (Test dhchap key types for authenticated connections) [failed]
runtime 0.119s ... 11.141s
--- tests/nvme/040.out 2022-06-08 18:09:06.473936524 -0700
+++ /mnt/data/blktests/results/nodev/nvme/040.out.bad 2022-06-08
18:09:58.453043923 -0700
@@ -1,4 +1,5 @@
Running nvme/040
+tests/nvme/rc: line 269: printf: write error: Invalid argument
Testing hmac 0
NQN:blktests-subsystem-1 disconnected 1 controller(s)
Testing hmac 1
blktests (master) # ./check nvme/041
nvme/041 (Test hash and DH group variations for authenticated
connections) [failed]
runtime 10.814s ... 14.777s
--- tests/nvme/041.out 2022-06-08 18:09:06.708941544 -0700
+++ /mnt/data/blktests/results/nodev/nvme/041.out.bad 2022-06-08
18:10:39.374915307 -0700
@@ -1,4 +1,5 @@
Running nvme/041
+tests/nvme/rc: line 269: printf: write error: Invalid argument
Testing hash hmac(sha256)
NQN:blktests-subsystem-1 disconnected 1 controller(s)
Testing hash hmac(sha384)
blktests (master) # ./check nvme/042
nvme/042 (Test bi-directional authentication) [failed]
runtime 0.066s ... 3.889s
--- tests/nvme/042.out 2022-06-08 18:09:06.939946473 -0700
+++ /mnt/data/blktests/results/nodev/nvme/042.out.bad 2022-06-08
18:10:46.273062196 -0700
@@ -1,8 +1,9 @@
Running nvme/042
+tests/nvme/rc: line 269: printf: write error: Invalid argument
Test host authentication
NQN:blktests-subsystem-1 disconnected 1 controller(s)
Test host authentication and invalid ctrl authentication
-no controller found
+no controller found: failed to write to nvme-fabrics device
...
(Run 'diff -u tests/nvme/042.out
/mnt/data/blktests/results/nodev/nvme/042.out.bad' to see the entire diff)
blktests (master) # nvme_trtype=tcp ./check nvme/042
nvme/042 (Test bi-directional authentication) [failed]
runtime 3.889s ... 3.293s
--- tests/nvme/042.out 2022-06-08 18:09:06.939946473 -0700
+++ /mnt/data/blktests/results/nodev/nvme/042.out.bad 2022-06-08
18:11:44.248296709 -0700
@@ -1,8 +1,9 @@
Running nvme/042
+tests/nvme/rc: line 269: printf: write error: Invalid argument
Test host authentication
NQN:blktests-subsystem-1 disconnected 1 controller(s)
Test host authentication and invalid ctrl authentication
-no controller found
+no controller found: failed to write to nvme-fabrics device
...
(Run 'diff -u tests/nvme/042.out
/mnt/data/blktests/results/nodev/nvme/042.out.bad' to see the entire diff)
blktests (master) # nvme_trtype=tcp ./check nvme/039
nvme/039 (Create authenticated connections) [failed]
runtime 1.707s ... 1.391s
--- tests/nvme/039.out 2022-06-08 18:09:06.239931529 -0700
+++ /mnt/data/blktests/results/nodev/nvme/039.out.bad 2022-06-08
18:11:51.896459567 -0700
@@ -1,6 +1,7 @@
Running nvme/039
+tests/nvme/rc: line 269: printf: write error: Invalid argument
Test unauthenticated connection
-no controller found
+no controller found: failed to write to nvme-fabrics device
NQN:blktests-subsystem-1 disconnected 0 controller(s)
Test authenticated connection
...
(Run 'diff -u tests/nvme/039.out
/mnt/data/blktests/results/nodev/nvme/039.out.bad' to see the entire diff)
blktests (master) # nvme_trtype=tcp ./check nvme/040
nvme/040 (Test dhchap key types for authenticated connections) [failed]
runtime 11.141s ... 9.133s
--- tests/nvme/040.out 2022-06-08 18:09:06.473936524 -0700
+++ /mnt/data/blktests/results/nodev/nvme/040.out.bad 2022-06-08
18:12:05.467748553 -0700
@@ -1,4 +1,5 @@
Running nvme/040
+tests/nvme/rc: line 269: printf: write error: Invalid argument
Testing hmac 0
NQN:blktests-subsystem-1 disconnected 1 controller(s)
Testing hmac 1
blktests (master) # nvme_trtype=tcp ./check nvme/041
nvme/041 (Test hash and DH group variations for authenticated
connections) [failed]
runtime 14.777s ... 8.555s
--- tests/nvme/041.out 2022-06-08 18:09:06.708941544 -0700
+++ /mnt/data/blktests/results/nodev/nvme/041.out.bad 2022-06-08
18:12:17.358001741 -0700
@@ -1,4 +1,5 @@
Running nvme/041
+tests/nvme/rc: line 269: printf: write error: Invalid argument
Testing hash hmac(sha256)
NQN:blktests-subsystem-1 disconnected 1 controller(s)
Testing hash hmac(sha384)
blktests (master) #
More information about the Linux-nvme
mailing list