[PATCHv14 00/11] nvme: In-band authentication support

Hannes Reinecke hare at suse.de
Wed Jun 8 23:08:07 PDT 2022 

On 6/9/22 03:13, Chaitanya Kulkarni wrote:
> On 6/8/22 07:45, Hannes Reinecke wrote:
>> Hi all,
>>
>> recent updates to the NVMe spec have added definitions for in-band
>> authentication, and seeing that it provides some real benefit
>> especially for NVMe-TCP here's an attempt to implement it.
>>
>> Thanks to Nicolai Stange the crypto DH framework has been upgraded
>> to provide us with a FFDHE implementation; I've updated the patchset
>> to use the ephemeral key generation provided there.
>>
>> Note that this is just for in-band authentication. Secure
>> concatenation (ie starting TLS with the negotiated parameters)
>> requires a TLS handshake, which the in-kernel TLS implementation
>> does not provide. This is being worked on with a different patchset
>> which is still WIP.
>>
>> The nvme-cli support has already been merged; please use the latest
>> nvme-cli git repository to build the most recent version.
>>
>> A copy of this patchset can be found at
>> git://git.kernel.org/pub/scm/linux/kernel/git/hare/scsi-devel
>> branch auth.v14
>>
>> The patchset is being cut against v5.18.
>>
>> As usual, comments and reviews are welcome.
>>
> 
> 
> blktests (master) # ./check nvme/039
> nvme/039 (Create authenticated connections)                  [failed]
>       runtime  1.400s  ...  1.707s
>       --- tests/nvme/039.out	2022-06-08 18:09:06.239931529 -0700
>       +++ /mnt/data/blktests/results/nodev/nvme/039.out.bad	2022-06-08
> 18:09:40.596663692 -0700
>       @@ -1,6 +1,7 @@
>        Running nvme/039
>       +tests/nvme/rc: line 269: printf: write error: Invalid argument
>        Test unauthenticated connection
>       -no controller found
>       +no controller found: failed to write to nvme-fabrics device
>        NQN:blktests-subsystem-1 disconnected 0 controller(s)
>        Test authenticated connection
>       ...
>       (Run 'diff -u tests/nvme/039.out > /mnt/data/blktests/results/nodev/nvme/039.out.bad' to see the entire 
diff)

Hmm. Not sure what has happened here, but all blktests worked on my 
testbed. I'll be rechecking with the latest nvme-cli build.

Which nvme-cli version did you use?

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                Kernel Storage Architect
hare at suse.de                              +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew
Myers, Andrew McDonald, Martje Boudien Moerman

More information about the Linux-nvme mailing list