Received: by 2002:a05:6a10:6d25:0:0:0:0 with SMTP id gq37csp1647440pxb;
        Mon, 13 Sep 2021 02:16:47 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyLn7UbdqFscMM3JJ0J+XGNymjCKyJwOJMcYIjumoFZrr+SrxD9ExaoO48GDb6Qyr43vKpX
X-Received: by 2002:aa7:df8d:: with SMTP id b13mr12124904edy.393.1631524607440;
        Mon, 13 Sep 2021 02:16:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1631524607; cv=none;
        d=google.com; s=arc-20160816;
        b=RjXRvfQfEC+bjbDcPIelbuYspyfvshiT1D1GMtTxaCs57d7qjMdO1MncrcCQX5TScQ
         YXovqj0r7xUVHntp5Eth8kc6yXluNHZeMCwgDhzoVwNf4RSLVEk4QpZ3Mbcpd9LJ4tx9
         eDrftrG+n9OubzkAysKCjoGzpOm695Qi0vMHvD3r9OdHYT+200yE4xN6ZL6v+hXHksvL
         QCre2dtCUvGkDi8YsQGwL/eP3iQaHa9aYHin+rIO8HJuI8Ln7VP5uF3AWJx2BhRPnEn1
         zW8Ftv19pXKZfb348aS15d8d8ugI3xO3OrtsJ/Ulf7Woj3srYvN0HhEamzQUpIkOsGMQ
         hFfA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :cc:to:subject;
        bh=UlWb7GG9KmgW1uBK20hHYqN4Cy+L80BmV4mPEcAhQv8=;
        b=pEQ2msO3/it0qXlRDO1SAXagd7gYN9ZdMHkPv+mHvpO8sC9mY6LlFKdjn74tP5xlCf
         6AtIG8BtAAnN1ZrSGOQ1iLkMVO7wgAVEL24yp26HRxZ3Df1bli4b7WWN35gFniQrBc5J
         3BU1MOSC2IdUgCN9rukCGMOVzJdFF1ScQniHvIcRp9c+fxvoDuTcF80BR95k2i8DjF4W
         QjiQQs2tsTX+6YobLO9NWjLcbrpnZ/N1qC1nWVYTo4Er4H45/39VcrBSqtq58zvZAYxO
         jPlWwNyKLDbJf8YuiovMdPDPbVc8dnUhdKC0gITVZXq4qVsU3IQZwz7iNsUD9IWCKOsD
         mdhg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id g4si6598271edb.272.2021.09.13.02.16.12;
        Mon, 13 Sep 2021 02:16:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238348AbhIMJRV (ORCPT <rfc822;will.sands.v@gmail.com>
        + 99 others); Mon, 13 Sep 2021 05:17:21 -0400
Received: from mail-wm1-f43.google.com ([209.85.128.43]:34708 "EHLO
        mail-wm1-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238342AbhIMJRU (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Mon, 13 Sep 2021 05:17:20 -0400
Received: by mail-wm1-f43.google.com with SMTP id v20-20020a1cf714000000b002e71f4d2026so4811469wmh.1
        for <linux-crypto@vger.kernel.org>; Mon, 13 Sep 2021 02:16:04 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=UlWb7GG9KmgW1uBK20hHYqN4Cy+L80BmV4mPEcAhQv8=;
        b=6ppoNNIgtivWTlmaJKIDpPsw+K1HQTVAP3klfSnzu5+jwKAnxY/iNtT/jiydIqMIvN
         Obu+HFqT0GwKwQqibuCc+/sObMpnNWTaSKULAEkepINdbBBO/b51Dj84ocuuVif+smrl
         VH0kcgyVw/5ByoecK7O3VrexNvBk8QplaF37cvT50VkEbp+upMZFDdic/XCzFsSEkUkf
         B6nM2D5KCBFxDFiT1iaiK1SYrnmNoCa0wDnUsniqokx80lAPPO/p4+QbyQ01+jnINxH1
         PMpFt354lf/dTBLKU21PSVPs7t9Ntht977o5Hh1iVQV7RprT1aagLvIIx0IxhJ6Fw99b
         AghQ==
X-Gm-Message-State: AOAM531rJnqjJj0+m6dENdeo+TiZ1DLV/z8rth4yl5AiieENyYoyktwb
        6GtH9R37SZ6o2J1QsnFizuZ7w3p3A3I=
X-Received: by 2002:a7b:c0c7:: with SMTP id s7mr10129533wmh.66.1631524564128;
        Mon, 13 Sep 2021 02:16:04 -0700 (PDT)
Received: from [192.168.64.123] (bzq-219-42-90.isdn.bezeqint.net. [62.219.42.90])
        by smtp.gmail.com with ESMTPSA id u13sm5830705wmq.33.2021.09.13.02.16.03
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 13 Sep 2021 02:16:03 -0700 (PDT)
Subject: Re: [PATCHv3 00/12] nvme: In-band authentication support
To:     Hannes Reinecke <hare@suse.de>, Christoph Hellwig <hch@lst.de>
Cc:     Keith Busch <keith.busch@wdc.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S . Miller" <davem@davemloft.net>,
        linux-nvme@lists.infradead.org, linux-crypto@vger.kernel.org
References: <20210910064322.67705-1-hare@suse.de>
From:   Sagi Grimberg <sagi@grimberg.me>
Message-ID: <47a839c3-1c8d-9ccf-3b3d-387862227c4f@grimberg.me>
Date:   Mon, 13 Sep 2021 12:16:02 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.13.0
MIME-Version: 1.0
In-Reply-To: <20210910064322.67705-1-hare@suse.de>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org


> Hi all,
> 
> recent updates to the NVMe spec have added definitions for in-band
> authentication, and seeing that it provides some real benefit
> especially for NVMe-TCP here's an attempt to implement it.
> 
> Tricky bit here is that the specification orients itself on TLS 1.3,
> but supports only the FFDHE groups. Which of course the kernel doesn't
> support. I've been able to come up with a patch for this, but as this
> is my first attempt to fix anything in the crypto area I would invite
> people more familiar with these matters to have a look.
> 
> Also note that this is just for in-band authentication. Secure
> concatenation (ie starting TLS with the negotiated parameters) is not
> implemented; one would need to update the kernel TLS implementation
> for this, which at this time is beyond scope.
> 
> As usual, comments and reviews are welcome.

Still no nvme-cli nor nvmetcli :(