Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3513802pxv;
        Mon, 19 Jul 2021 01:59:10 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwSwsvmiwLZ94Vv2JSXGoJ71nFGxQkVPGdJuFBaAZwVgkHxgvpGf8rNUyLMwrzxesYsrVbJ
X-Received: by 2002:a6b:794b:: with SMTP id j11mr17774701iop.129.1626685149989;
        Mon, 19 Jul 2021 01:59:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1626685149; cv=none;
        d=google.com; s=arc-20160816;
        b=PxwbaW0ifWxsaZsb+66czxpur3eAVifl3PMcpHNu74i3Sup0V6WdYLRX9sjljCGR2X
         Ehmtk5PMzQ9BqgBOLTeRRmly5KJS0BLH606zx3hXbiizrOb1+9jhmO1YHIVup6nywg1f
         Uw0N9Q0z8ullsV/i4U65Z2ZEeeu9pr8KY6JxLGOqtQz1iOF8I+oUXAPnlIeLDQgr/ngI
         UaaSW4yak2W/ec5D3+1294rwQ04tKidGQ2awoRq35/0pt0Sxm+lB1eDIRwk9Uta1bns4
         RXrQWAloMk66SRuLeKK5H27WBlOjTGgiT5D7gIvG3dFEejxWOdyj14gk3saF0opg2wgc
         ExZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id:dkim-signature;
        bh=dWok9o8gQ6+5Ip4xo7b/xcJ8eJ4EHeLf0PW7SYuRJ2s=;
        b=m5uwp40jsPzrOXp3IGUFVIZ/s7U66vi1QgcewYdbImklADMBFZT4HmJFmZSpdoh1kB
         eIr9g+oqppCUQd2v9cPwU9EoytRErMcOn43ulUHLj8TvzkXxzUepkHMezmXLCy/W2xmS
         wxkZPN7UYcHa6kvwuxWV3xAFQHxyKWQ21spuv1jbX9mnvGYxCzhXZVxoz3GFFNKwCsDt
         TgVSZqELrKv5jpxfh8XGtdmUfpgY0PuEU8Q1t+7eyp/9KdOffOY9v0VOPX/Evw6NoD5q
         40mTVys65w59sAdUo0sfoFPw4p08V8ipBVJvsnfqBrZrfi7OTYDgKWdvJTnsVwDtXwhG
         V5rA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=Q+nuYqZB;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id az3si10679388jab.111.2021.07.19.01.58.46;
        Mon, 19 Jul 2021 01:59:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chronox.de header.s=strato-dkim-0002 header.b=Q+nuYqZB;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235269AbhGSIRS (ORCPT <rfc822;ujwal.kundur.foss@gmail.com>
        + 99 others); Mon, 19 Jul 2021 04:17:18 -0400
Received: from mo4-p01-ob.smtp.rzone.de ([85.215.255.51]:30871 "EHLO
        mo4-p01-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235313AbhGSIRS (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Mon, 19 Jul 2021 04:17:18 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1626684715;
    s=strato-dkim-0002; d=chronox.de;
    h=References:In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Cc:Date:
    From:Subject:Sender;
    bh=dWok9o8gQ6+5Ip4xo7b/xcJ8eJ4EHeLf0PW7SYuRJ2s=;
    b=Q+nuYqZBAwl1KFY4p3jYxN7prLCv4zwXwpXwyrrrs4Rh7GK8DeeMXk5lNboUnwHyPZ
    RQX75tPCTbRhoYcGsZf0Vacg7W2CnhXza9i9OSf5hbZdQNibHMh8Ua2GN4JtqM3+4Tuy
    jtHWfR2qjv14pkcPHU7IwpxJhMSzlmzSJXPz4iOlLgnDI7w8TA9KOTStJrRGjAsZCx52
    dLwUsW8KtGATK4xcKxetS6xPks13xEIzDqaSC9L+mkAVB1hjoq6QjYlSyOdftRy7zs0p
    7uSrHc/BG35Za1uAen39capZixR+LYa9rohTT4OoIG2JhTDaGEkp+EG01rPThRqtMuZe
    QJ1A==
Authentication-Results: strato.com;
    dkim=none
X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNzyCzy1Sfr67uExK884EC0GFGHavJSlBkMRYMkE="
X-RZG-CLASS-ID: mo00
Received: from tauon.chronox.de
    by smtp.strato.de (RZmta 47.28.1 DYNA|AUTH)
    with ESMTPSA id 9043bbx6J8prGyn
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits))
        (Client did not present a certificate);
    Mon, 19 Jul 2021 10:51:53 +0200 (CEST)
Message-ID: <463a191b9896dd708015645cfc125988cd5deaef.camel@chronox.de>
Subject: Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication
From:   Stephan Mueller <smueller@chronox.de>
To:     Hannes Reinecke <hare@suse.de>, Christoph Hellwig <hch@lst.de>
Cc:     Sagi Grimberg <sagi@grimberg.me>,
        Keith Busch <keith.busch@wdc.com>,
        linux-nvme@lists.infradead.org,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S . Miller" <davem@davemloft.net>,
        linux-crypto@vger.kernel.org
Date:   Mon, 19 Jul 2021 10:51:53 +0200
In-Reply-To: <59695981-9edc-6b7a-480a-94cca95a0b8c@suse.de>
References: <20210716110428.9727-1-hare@suse.de>
         <2510347.locV8n3378@positron.chronox.de>
         <a4d4bda0-2bc8-0d0c-3e81-55adecd6ce52@suse.de>
         <6538288.aohFRl0Q45@positron.chronox.de>
         <59695981-9edc-6b7a-480a-94cca95a0b8c@suse.de>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.38.4 (3.38.4-1.fc33) 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Am Montag, dem 19.07.2021 um 10:15 +0200 schrieb Hannes Reinecke:
> On 7/18/21 2:56 PM, Stephan Müller wrote:
> > Am Sonntag, 18. Juli 2021, 14:37:34 CEST schrieb Hannes Reinecke:

> > > The key is also used when using the ffdhe algorithm.
> > > Note: I _think_ that I need to use this key for the ffdhe algorithm,
> > > because the implementation I came up with is essentially plain DH with
> > > pre-defined 'p', 'q' and 'g' values. But the DH implementation also
> > > requires a 'key', and for that I'm using this key here.
> > > 
> > > It might be that I'm completely off, and don't need to use a key for our
> > > DH implementation. In that case you are correct.
> > > (And that's why I said I'll need a review of the FFDHE implementation).
> > > But for now I'll need the key for FFDHE.
> > 
> > Do I understand you correctly that the dhchap_key is used as the input to
> > the 
> > DH - i.e. it is the remote public key then? It looks strange that this is
> > used 
> > for DH but then it is changed here by hashing it together with something
> > else 
> > to form a new dhchap_key. Maybe that is what the protocol says. But it
> > sounds 
> > strange to me, especially when you think that dhchap_key would be, say,
> > 2048 
> > bits if it is truly the remote public key and then after the hashing it is
> > 256 
> > this dhchap_key cannot be used for FFC-DH.
> > 
> > Or are you using the dhchap_key for two different purposes?
> > 
> > It seems I miss something here.
> > 
> No, not entirely. It's me who buggered it up.
> I got carried away by the fact that there is a crypto_dh_encode_key()
> function, and thought I need to use it here.

Thank you for clarifying that. It sounds to me that there is no defined
protocol (or if there, I would be wondering how the code would have worked
with a different implementation). Would it make sense to first specify a
protocol for authentication and have it discussed? I personally think it is a
bit difficult to fully understand the protocol from the code and discuss
protocol-level items based on the code.

Thanks
Stephan