Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2813502pxp; Tue, 22 Mar 2022 06:37:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwx0y8EeIwlsWIWNaDZP3iOGJWvidAI5uqM/24hQ7LHuY50y5SnO9Oq9zmf+HjZvpl46bRj X-Received: by 2002:a17:907:168b:b0:6df:f4e8:f58d with SMTP id hc11-20020a170907168b00b006dff4e8f58dmr12590048ejc.747.1647956245246; Tue, 22 Mar 2022 06:37:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647956245; cv=none; d=google.com; s=arc-20160816; b=N5C6+9McoD/00xufOOlZt75VAIx92+1EvoBIeVMl20kgSFmCyHlMoyiiojTyw/UjmB JtabUAikyXOGNDHuriOZLDLixBslKWomlvYK+MCpxC33aYUk+ZFJ0RXPP4wLjv5UmbeW HQfOa+jotMQUi73WuiLFE/lh8MeRo/3YglwLry/v77Ys9s32z5lsfBLobk9bH4rCpMZ0 XRj9+uUAWPi7G0j1oJw6Jq1hFPoWK7ty+1+bz8zxOAeZ28NNwVhW5UvFPxNjuoJX/jLq gHSTYUAl2+E/7zbiJmZTyWqadx1C9Sh1KTBVIY1Qzuke7VDiOXWVjmX+/U4S4o89AgeQ Z2dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature:dkim-signature; bh=l6YK+m0gsCWuAoRAiXa3cbZMRJ2+xfYnSRr3ofGooE8=; b=it7RqgxmpC+ohUGHqRNqtEqTWI1TmnKHicgAAkQRo0AUvhsSdZtJjyzHwYk42RCqYH npNfeHrI4P1t7qtl/yms3Q41ZjDuD11o3xWfvSBlNU0Aq9bh8LdFCWpsh7zLS3zonI3s 7OSsKAq3E5yATumdbGNA3tENdzWSm8mwjqDiq6jKwGiSgguSBPo8HXcGj9drpxJUHzYL ahv6Cy9kkYUXk94T8hmIsncekuV5FYmUwmDSe4IEARITFYvbi2YISPjM+jBqq4zNazOL 5ynQVWdRqofOJuBfmlxbCpFS2MSJ1P/HWE8BAIAleyEFtaIZJva/PaGhBMR+pkSeC20Y 9BBw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=ISU1wmpD; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=pAmkroSj; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u20-20020a50a414000000b00418c2b5bd95si11645853edb.119.2022.03.22.06.36.51; Tue, 22 Mar 2022 06:37:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=ISU1wmpD; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=pAmkroSj; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234214AbiCVMMY (ORCPT + 99 others); Tue, 22 Mar 2022 08:12:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42764 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234740AbiCVMMU (ORCPT ); Tue, 22 Mar 2022 08:12:20 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C26A085641 for ; Tue, 22 Mar 2022 05:10:51 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 5D6141F38A; Tue, 22 Mar 2022 12:10:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1647951050; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=l6YK+m0gsCWuAoRAiXa3cbZMRJ2+xfYnSRr3ofGooE8=; b=ISU1wmpDwFVkPVC1OhIgDheruEQMNYjsiCb9wzGlTpOVKRaP1UXNS8BU5n7++Qixe4L/dX 2Nryeya3YNKSp2vbj04GiXB+Y98JmG2EhBPgRJzS41kj6/8DkyY3cRlsAQf79NKObVsVlp 2sC8rQbEJg8Oq09GIQ5sWIo2dGqFl6k= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1647951050; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=l6YK+m0gsCWuAoRAiXa3cbZMRJ2+xfYnSRr3ofGooE8=; b=pAmkroSjXLFPYJekFbk8BDdBgh8azi/riV6Jn0kLbL6Boe38LXjXKrjFtJL3tBdQqipBhL eQM4wOtVppsm7nDw== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 4B7A712FC5; Tue, 22 Mar 2022 12:10:50 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id OqsTEsq8OWL5XQAAMHmgww (envelope-from ); Tue, 22 Mar 2022 12:10:50 +0000 Message-ID: <3382242d-7349-e6f9-9b3c-4a5162f630c0@suse.de> Date: Tue, 22 Mar 2022 13:10:49 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Subject: Re: [PATCH 07/12] nvme: Implement In-Band authentication Content-Language: en-US To: Max Gurtovoy , Sagi Grimberg Cc: Christoph Hellwig , Keith Busch , linux-nvme@lists.infradead.org, linux-crypto@vger.kernel.org References: <20211202152358.60116-1-hare@suse.de> <20211202152358.60116-8-hare@suse.de> <346e03e9-ece1-73f9-f7f4-c987055c5b9f@nvidia.com> From: Hannes Reinecke In-Reply-To: <346e03e9-ece1-73f9-f7f4-c987055c5b9f@nvidia.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 3/22/22 12:40, Max Gurtovoy wrote: > Hi Hannes, > > On 12/2/2021 5:23 PM, Hannes Reinecke wrote: >> Implement NVMe-oF In-Band authentication according to NVMe TPAR 8006. >> This patch adds two new fabric options 'dhchap_secret' to specify the >> pre-shared key (in ASCII respresentation according to NVMe 2.0 section >> 8.13.5.8 'Secret representation') and 'dhchap_ctrl_secret' to specify >> the pre-shared controller key for bi-directional authentication of both >> the host and the controller. >> Re-authentication can be triggered by writing the PSK into the new >> controller sysfs attribute 'dhchap_secret' or 'dhchap_ctrl_secret'. > > Can you please add to commit log an example of the process ? > > From target configuration through the 'nvme connect' cmd. > > Please check: https://github.com/hreinecke/blktests/tree/auth.v3 That contains the blktest scripts I'm using to validate the implementation. Cheers, Hannes -- Dr. Hannes Reinecke Kernel Storage Architect hare@suse.de +49 911 74053 688 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg HRB 36809 (AG Nürnberg), GF: Felix Imendörffer