Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp1625474pxv; Fri, 23 Jul 2021 13:04:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw0zQ9bP33NkTgvjsCJklHF4RpLHt6nEk0kVvyQ06KNEjoo5ZI7HolbDerBRGIJqzgAn/tv X-Received: by 2002:a02:aa15:: with SMTP id r21mr5519213jam.37.1627070640733; Fri, 23 Jul 2021 13:04:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627070640; cv=none; d=google.com; s=arc-20160816; b=aBLyV+WsFPUHRQNGK/ZnwXUX+hIrmhDlEcTfbRPuz9z0Vc3r/CPTIM9DbqinF3ObxO o8pTt1kNUUXxQFhwVk5sj6eyGxcIxrrfIPhpbokdfwOKqUwhiN42uIjbBlKUiIwxU7QB o+wgY2xkVWTPn8sYOGwCfX5XgNzyR1Kdzale+0MUcxrRcfNyiKQiLTR8h8rhlFGq1K8n 2kGBlkHn5DruaJf9QNXYXzte2OCjInK0g09AiSYOEX3l9WBmfBIrSe+D/emotUAdAW+g oSlJjFPDfXx6pv6sSCVJKpyYXO0S/LOYCc0ZUfCtbBWrBMJKsHxSSdURvJp2iQxvT83k yo3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=X2n7ZvZMzyHS9n6V/Fl/6+3A2Jlbx3whl+yzk7zQF/c=; b=T7GbjW3R9dtI956upLsXNale9Iyv7szLo2tckQfA8sLLspCx8rw7DxE39oYxo9xTtH AHwzW/ouSnT0Lzailg/NiyMMGjqz7XnBPttIqjXo6r/XU/80JVY0qJKBdRoa6kGO52TX HFvjj88b8nLD+66nwc6uzsw3+CFsVNKd8Z8umUQ7+zb5LhhsQrOw6ecIHVF8dNzZroH1 QQoLMfrclkB4O/eltpVB9FfWpvg04vlWXL0YTjDfm6jQt6aWr6b3/xRSO9uqUbiBfVCN 7GDFmjiuYdn3sFw9RzdIJgySZuig3UaMYhbz+vJcq4f1S+tdc7JemIuaquigKdjPiNv6 ef7A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m10si46734465ilu.53.2021.07.23.13.03.36; Fri, 23 Jul 2021 13:04:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229535AbhGWTWo (ORCPT + 99 others); Fri, 23 Jul 2021 15:22:44 -0400 Received: from mout.kundenserver.de ([212.227.17.10]:35667 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229461AbhGWTWo (ORCPT ); Fri, 23 Jul 2021 15:22:44 -0400 Received: from [192.168.0.113] ([178.252.67.224]) by mrelayeu.kundenserver.de (mreue109 [212.227.15.179]) with ESMTPSA (Nemesis) id 1MTiHb-1lfIPd23ED-00Tz9u; Fri, 23 Jul 2021 22:02:48 +0200 Subject: Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication To: Stephan Mueller , Hannes Reinecke , Christoph Hellwig Cc: Sagi Grimberg , Keith Busch , linux-nvme@lists.infradead.org, Herbert Xu , "David S . Miller" , linux-crypto@vger.kernel.org References: <20210716110428.9727-1-hare@suse.de> <2510347.locV8n3378@positron.chronox.de> <6538288.aohFRl0Q45@positron.chronox.de> <59695981-9edc-6b7a-480a-94cca95a0b8c@suse.de> <463a191b9896dd708015645cfc125988cd5deaef.camel@chronox.de> <2af95a8e-50d9-7e2d-a556-696e9404fee4@suse.de> <740af9f7334c294ce879bef33985dfab6d0523b3.camel@chronox.de> From: Vladislav Bolkhovitin Message-ID: <5eb59cb2-75c7-f21c-b0a2-c5d6b8bec53c@vlnb.net> Date: Fri, 23 Jul 2021 23:02:25 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: <740af9f7334c294ce879bef33985dfab6d0523b3.camel@chronox.de> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K1:6kCqBtG5jsfxD5zTrmlNFZV7U01GfmgfMq8knZTmjxPZGZJ2Tj+ 7eb3/qB2HkCWfz3t9sv1PZKZEgKnThQRYEATAu6juN1BLyy3zh8K00jkOwGVH/gYhzuJQHY oGGyA/qnG+UaaygImUYHZKLUBf1KgVlqUjh/I3MYyIkLjGDmBaJZlcRgeX98qyBsks2NtVW Yax+rZ9fL9/V3RrJrO82Q== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:vvPfKYNtUX4=:0hP+AbxlgHWDDw6ou7RYAg i0SBJDZzrHqLj82UZBF5lno40pU1RpyremPecoMkmKTvsIgy4T6AkfEkdWWIgXAQcIYChv05D /xFnLHVS+HrP/Kgac9Sjd6B7mh5Vhr9aMJAd6u2l/hwMW1j5I3SLjLnLHiVSFXci4Iejh6BGJ Kke+9VWsbD2gjH4yVvXBvYlTorwof8DPbqzGsq7/E+Z8dIuxhUB3dgIEncsx08lLEHo2RxLYW Jj8bNU4JS3kVE3mro26sO+WCuAwyhj74tMZ71kmZGCBlOnY2VaikFDJUOz4XFDlGM1l+uiS5/ DsYTF62eqQT//JHPFj9rFkUMJQWli9rWjXthOE8olalHW3nqKxt/oqDOBIJY0SAdsAV98W+JS ypJd9gxSQqmPNpP8KN/C90q5DBXAEIiAk2Beapcbda+RZlaeMKDGtdHJeujMRKiWYYIq+sZxB zM/EIuisSZlbQvfADsXI0n6sWIi9++thlW1zOURqT0psKSniAKAaeP2WJNng35MtM4U4W7yd4 Y+BXXe0tcIUONVME7oz4iQdrosRdZ/K7Zkci8Nv3lotHg3ov/amu7A7Ql+YC5aUqo0Ms6eFU+ oidulEggU9/axRh8Y2aOCwvjmxtSSX86ZVbFwHZvdJxYvim/17JejTYDMFhX+48ZUlAb/IDTq +WnmJ/DCNrF/gv4OWSO2mAtI4cTVxez4UXiRUnbP78t1LYDAEDuvLyFAtygj9ItFjJ4+/IsXG ZlK8isqU+uqsiEM3KfzNBpytCosGLo4HSJXVMUr/ZSzCeqchSIWXZ1bRVuos0FatBZJFn+d49 d2du/LWef0lipaOAWiB9J0COAslSRUM1wjEUTHtId66OjZ5WPDU7u/wFtVTphVRJtI/u3y8 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 7/19/21 1:19 PM, Stephan Mueller wrote: > Am Montag, dem 19.07.2021 um 11:57 +0200 schrieb Hannes Reinecke: >> On 7/19/21 10:51 AM, Stephan Mueller wrote: >>> Am Montag, dem 19.07.2021 um 10:15 +0200 schrieb Hannes Reinecke: >>>> On 7/18/21 2:56 PM, Stephan Müller wrote: >>>>> Am Sonntag, 18. Juli 2021, 14:37:34 CEST schrieb Hannes Reinecke: >>> >>>>>> The key is also used when using the ffdhe algorithm. >>>>>> Note: I _think_ that I need to use this key for the ffdhe algorithm, >>>>>> because the implementation I came up with is essentially plain DH >>>>>> with >>>>>> pre-defined 'p', 'q' and 'g' values. But the DH implementation also >>>>>> requires a 'key', and for that I'm using this key here. >>>>>> >>>>>> It might be that I'm completely off, and don't need to use a key for >>>>>> our >>>>>> DH implementation. In that case you are correct. >>>>>> (And that's why I said I'll need a review of the FFDHE >>>>>> implementation). >>>>>> But for now I'll need the key for FFDHE. >>>>> >>>>> Do I understand you correctly that the dhchap_key is used as the input >>>>> to >>>>> the >>>>> DH - i.e. it is the remote public key then? It looks strange that this >>>>> is >>>>> used >>>>> for DH but then it is changed here by hashing it together with >>>>> something >>>>> else >>>>> to form a new dhchap_key. Maybe that is what the protocol says. But it >>>>> sounds >>>>> strange to me, especially when you think that dhchap_key would be, >>>>> say, >>>>> 2048 >>>>> bits if it is truly the remote public key and then after the hashing >>>>> it is >>>>> 256 >>>>> this dhchap_key cannot be used for FFC-DH. >>>>> >>>>> Or are you using the dhchap_key for two different purposes? >>>>> >>>>> It seems I miss something here. >>>>> >>>> No, not entirely. It's me who buggered it up. >>>> I got carried away by the fact that there is a crypto_dh_encode_key() >>>> function, and thought I need to use it here. >>> >>> Thank you for clarifying that. It sounds to me that there is no defined >>> protocol (or if there, I would be wondering how the code would have worked >>> with a different implementation). Would it make sense to first specify a >>> protocol for authentication and have it discussed? I personally think it >>> is a >>> bit difficult to fully understand the protocol from the code and discuss >>> protocol-level items based on the code. >>> >> Oh, the protocol _is_ specified: >> >> https://nvmexpress.org/wp-content/uploads/NVM-Express-Base-Specification-2_0-2021.06.02-Ratified-5.pdf >> >> It's just that I have issues translating that spec onto what the kernel >> provides. > > according to the naming conventions there in figures 447 and following: > > - x and y: DH private key (kernel calls it secret set with dh_set_secret or > encoded into param.key) x and y are defined in Figure 444: "Random numbers used as exponents in a DH exchange". Sections 8.13.5.3 "DH-HMAC-CHAP_Challenge Message" and 8.13.5.4 "DH-HMAC-CHAP_Reply Message" additionally specify that "x is a random number selected by the controller that shall be at least 256 bits long" and "y is a random number selected by the host that shall be at least 256 bits long". So, x and y are just random numbers, no need to overcomplicate their generation in the way that is beyond of the standard scope. Vlad