Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp383487iob; Wed, 18 May 2022 04:26:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzIsO2hK+JHHOyxQouy7S1RXk6Sz3keJQghheXjRqoxDehhV/x3TmoaahW4EqYo5bdP1+dX X-Received: by 2002:a05:6a00:e0e:b0:50a:cb86:883c with SMTP id bq14-20020a056a000e0e00b0050acb86883cmr27536370pfb.11.1652873197536; Wed, 18 May 2022 04:26:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652873197; cv=none; d=google.com; s=arc-20160816; b=Ty35Ar/xSMrbxmNYuZyqdwFfOHskDTvp0luB7SHsAa7X60S6lNn/HBx0ES+Y3vlQqS jY6uN1iwmRgHQ9fYaxdLUYjg2jQlDC29YwYPJhVXzQUw6w+00hPld+8neRTjX8+nRpLA VHWqpUe3IUxR7res4O9vyFql5ZL95yxP8egeIU0kZECWZnXXHbxR6/+12AsP52J+hq5l SRS7W2s3QzCbT2+DpdetiJFKGSU8Ulo35NPP6hC+1drGG0qKvfCKVNxUSkGICadnrqc7 PM3iRvg56HzY7+f0eFI3/qCsOgQjOGwaZ7lUdjOxtfADsoTZqWjgFx521HXduF+4GPC3 OnVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature:dkim-signature; bh=EOKZQUXbqSFXnwPe6/EEeGU/hehsrwyMsWt6anT8vUc=; b=kXhmWQfiM8QZik9tS3chfkTLY9L+wIRzAJLDVel68mOVeVr591NtJVL29dgrjkZbD1 iB/sKMyjOIidDqDuIZQa85kUnJohog9SpbQL+GmCCV7JgTHrP1Jjx2qf5hbxUJfwVLad zCqNg9ekS650jEn25hIbTLz3Xemd50thiBASC+RQBuWPSs8pagCZx1nh96bSrFax6kzT 9jQGiGCA/VwgGPv+A9yxbzN6eJjFYSr5PjP8F8VjD4S264gbBj7FBcZ+VYvKwh682nSD Wsg0AcVuL3Zlk3j3eQq53WDdeTmf3JLpHpChcsxb+ME4MCgfplmGA9sk+H0bS0JraXCg 7vaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=gU9Zk9Y8; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id l9-20020a170903120900b0015c16a75912si2658890plh.552.2022.05.18.04.26.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 May 2022 04:26:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=gU9Zk9Y8; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E6B7D15E601; Wed, 18 May 2022 04:23:01 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235324AbiERLW6 (ORCPT + 99 others); Wed, 18 May 2022 07:22:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45580 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235408AbiERLW5 (ORCPT ); Wed, 18 May 2022 07:22:57 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 264CA15D318 for ; Wed, 18 May 2022 04:22:54 -0700 (PDT) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 5668F21B49; Wed, 18 May 2022 11:22:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1652872973; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=EOKZQUXbqSFXnwPe6/EEeGU/hehsrwyMsWt6anT8vUc=; b=gU9Zk9Y8vh3UhYP8cx8GSBHI4vYXSLlYlMoe+MM6KrxrEBJYSbqxTfWwfsjppANwc7jzAr 6uG4XXgJSBFur7NLFYXsApVZw38pmpG2M10TmGmH8EHI/RngCDlzUyb6pTd6d6arCveHV1 1tyspphrexvs7SG5SoQf+ftJ/jC60L4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1652872973; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=EOKZQUXbqSFXnwPe6/EEeGU/hehsrwyMsWt6anT8vUc=; b=Pll+nSfHN4/0G665KpTsveU+usbJ2u/a50Xklrz+WD1Vi7AK7z71GGKWVzxknnuvMs68KP YCW/mmcBm14dEyBg== Received: from adalid.arch.suse.de (adalid.arch.suse.de [10.161.8.13]) by relay2.suse.de (Postfix) with ESMTP id 4A7BE2C143; Wed, 18 May 2022 11:22:52 +0000 (UTC) Received: by adalid.arch.suse.de (Postfix, from userid 16045) id 6D5E75194505; Wed, 18 May 2022 13:22:52 +0200 (CEST) From: Hannes Reinecke To: Christoph Hellwig Cc: Sagi Grimberg , Keith Busch , linux-nvme@lists.infradead.org, linux-crypto@vger.kernel.org, Hannes Reinecke Subject: [PATCHv12 00/11] nvme: In-band authentication support Date: Wed, 18 May 2022 13:22:23 +0200 Message-Id: <20220518112234.24264-1-hare@suse.de> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi all, recent updates to the NVMe spec have added definitions for in-band authentication, and seeing that it provides some real benefit especially for NVMe-TCP here's an attempt to implement it. Thanks to Nicolai Stange the crypto DH framework has been upgraded to provide us with a FFDHE implementation; I've updated the patchset to use the ephemeral key generation provided there. Note that this is just for in-band authentication. Secure concatenation (ie starting TLS with the negotiated parameters) requires a TLS handshake, which the in-kernel TLS implementation does not provide. This is being worked on with a different patchset which is still WIP. The nvme-cli support has already been merged; please use the latest nvme-cli git repository to build the most recent version. A copy of this patchset can be found at git://git.kernel.org/pub/scm/linux/kernel/git/hare/scsi-devel branch auth.v12 It is being cut against the latest master branch from Linus. As usual, comments and reviews are welcome. Changes to v11: - Fixup type for FAILURE2 message (Prashant Nayak) - Do not sent SUCCESS2 if bi-directional authentication is not requested (Martin George) Changes to v10: - Fixup error return value when authentication failed Changes to v9: - Include review from Chaitanya - Use sparse array for dhgroup and hash lookup - Common function for auth_send and auth_receive Changes to v8: - Rebased to Nicolais crypto DH rework - Fixed oops on non-fabrics devices Changes to v7: - Space out hash list and dhgroup list in nvme negotiate data to be conformant with the spec - Update sequence number handling to start with a random value and ignore '0' as mandated by the spec - Update nvme_auth_generate_key to return the key as suggested by Sagi - Add nvmet_parse_fabrics_io_cmd() as suggested by hch Changes to v6: - Use 'u8' for DH group id and hash id - Use 'struct nvme_dhchap_key' - Rename variables to drop 'DHCHAP' - Include reviews from Chaitanya Changes to v5: - Unify nvme_auth_generate_key() - Unify nvme_auth_extract_key() - Fixed bug where re-authentication with wrong controller key would not fail - Include reviews from Sagi Changes to v4: - Validate against blktest suite - Fixup base64 decoding - Transform secret with correct hmac algorithm Changes to v3: - Renamed parameter to 'dhchap_ctrl_key' - Fixed bi-directional authentication - Included reviews from Sagi - Fixed base64 algorithm for transport encoding Changes to v2: - Dropped non-standard algorithms - Reworked base64 based on fs/crypto/fname.c - Fixup crash with no keys Changes to the original submission: - Included reviews from Vladislav - Included reviews from Sagi - Implemented re-authentication support - Fixed up key handling Hannes Reinecke (11): crypto: add crypto_has_shash() crypto: add crypto_has_kpp() lib/base64: RFC4648-compliant base64 encoding nvme: add definitions for NVMe In-Band authentication nvme-fabrics: decode 'authentication required' connect error nvme: Implement In-Band authentication nvme-auth: Diffie-Hellman key exchange support nvmet: parse fabrics commands on io queues nvmet: Implement basic In-Band Authentication nvmet-auth: Diffie-Hellman key exchange support nvmet-auth: expire authentication sessions crypto/kpp.c | 6 + crypto/shash.c | 6 + drivers/nvme/host/Kconfig | 12 + drivers/nvme/host/Makefile | 1 + drivers/nvme/host/auth.c | 1464 ++++++++++++++++++++++++ drivers/nvme/host/auth.h | 40 + drivers/nvme/host/core.c | 141 ++- drivers/nvme/host/fabrics.c | 83 +- drivers/nvme/host/fabrics.h | 7 + drivers/nvme/host/nvme.h | 31 + drivers/nvme/host/rdma.c | 1 + drivers/nvme/host/tcp.c | 1 + drivers/nvme/host/trace.c | 32 + drivers/nvme/target/Kconfig | 13 + drivers/nvme/target/Makefile | 1 + drivers/nvme/target/admin-cmd.c | 4 +- drivers/nvme/target/auth.c | 525 +++++++++ drivers/nvme/target/configfs.c | 138 ++- drivers/nvme/target/core.c | 15 + drivers/nvme/target/fabrics-cmd-auth.c | 536 +++++++++ drivers/nvme/target/fabrics-cmd.c | 55 +- drivers/nvme/target/nvmet.h | 75 +- include/crypto/hash.h | 2 + include/crypto/kpp.h | 2 + include/linux/base64.h | 16 + include/linux/nvme.h | 204 +++- lib/Makefile | 2 +- lib/base64.c | 103 ++ 28 files changed, 3501 insertions(+), 15 deletions(-) create mode 100644 drivers/nvme/host/auth.c create mode 100644 drivers/nvme/host/auth.h create mode 100644 drivers/nvme/target/auth.c create mode 100644 drivers/nvme/target/fabrics-cmd-auth.c create mode 100644 include/linux/base64.h create mode 100644 lib/base64.c -- 2.29.2