Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp3545962ioo; Wed, 25 May 2022 03:08:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz8IfkZbUUt92Un9M10pkVO6EU85U/3v76dhx6hwoO2nJCY9aQxX/fgqAW2P2xxTT1+RVc+ X-Received: by 2002:a17:907:16a1:b0:6fe:ffd9:b14f with SMTP id hc33-20020a17090716a100b006feffd9b14fmr7942077ejc.573.1653473319840; Wed, 25 May 2022 03:08:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653473319; cv=none; d=google.com; s=arc-20160816; b=enkxWh65Rw6rS8k34Og4q9+GaUCRvBZXXJibL549/POoKZF1KU10z+BriAz9AOfRF2 AZkN0njy6ry32yC4qUljxXqvP2HG5wEvNxq0jfUUN2pRuroIe9fckJuXSOcGgUPhq6sJ 6JuTN3jSSfGdvafjVohtbXSdQ/Mk+Ho80kbdq/O28FODx2fiAVYRLFa21XQCifp5zXt3 Km8G/A0NBjgUqBQ0y9WpU8lHGdIsuVvtLBuSZvgNyj40y0I+BM/btK6tkptE/BjlVcbu +3u+4CX8Z2w0e8LeQI+0SbtfHQ0Txy9lg9Ki5E/+xp4r98zIEz1cRU/8fE2lJzXBYb/o ttdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature:dkim-signature; bh=dPoS6tTAzIT9GSFsK8tCzq7kbDmsveydGcvIwarTytA=; b=PusK3gLdIu1XGW1Yo8g/kKEeJtrwXGz0Vscx/hh87YDbFQiTqrxAYcIZfqwKxpH2/8 zdVLLf9drYSm879kVfIOYiDeoUnIjVL9aB1fONdG3taRjyC+k3tIHlCZ1LaqWm1assc0 KxL4UPFxQGYvj81gQuliQtpBwiJDfsVdt/j1A3jJlBlPSg01G87ZKYT8pUuf5OSl5mwL 7cLSQI0JXj4QEQtpH9tuQQw7ejCeJY09Hj0pv9/ROMxPC0X3GJK22hJBU3qisOGn9JFT b75KvfbtrHYQSA8zHCe/xIfpWW+9pStoXGUb619l7clJMHyDHf0p39UhD+zDDSAElyy7 m/dg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=FARXe43I; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=lN1mOZV9; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t13-20020a056402524d00b00418c2b5bd56si24824060edd.56.2022.05.25.03.07.32; Wed, 25 May 2022 03:08:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=FARXe43I; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=lN1mOZV9; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239560AbiEYJzG (ORCPT + 99 others); Wed, 25 May 2022 05:55:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42324 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240198AbiEYJy6 (ORCPT ); Wed, 25 May 2022 05:54:58 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 154C83B292 for ; Wed, 25 May 2022 02:54:57 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id C94111F381; Wed, 25 May 2022 09:54:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1653472495; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dPoS6tTAzIT9GSFsK8tCzq7kbDmsveydGcvIwarTytA=; b=FARXe43I27aI2GX3Pi9cUoCZ216BMmYoMBQAfhN9Efn8kJnOW/yVz3HmXhb5intBE6hs9X 3I3dwp4YzG8v8fU687T6XoGRESnLaAChXqV2UGSr7VI2eLo2Keloj0QS5F65wD1TSYR2jF oksD3/f5+kZuCrPQ5LBQPjcfoQYOR/w= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1653472495; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dPoS6tTAzIT9GSFsK8tCzq7kbDmsveydGcvIwarTytA=; b=lN1mOZV9aXbyK27wkYZ9cwLkzKm26QxFl6d2qoypigGEcbwgZ3FDF7xfUh9AvsOOXngj9m KW3GLx6mOEI/d4Aw== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 7E60513487; Wed, 25 May 2022 09:54:55 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id +H/RG+/8jWJbYAAAMHmgww (envelope-from ); Wed, 25 May 2022 09:54:55 +0000 Message-ID: Date: Wed, 25 May 2022 11:54:54 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Subject: Re: [PATCHv12 00/11] nvme: In-band authentication support Content-Language: en-US To: Christoph Hellwig Cc: Sagi Grimberg , Keith Busch , linux-nvme@lists.infradead.org, linux-crypto@vger.kernel.org References: <20220518112234.24264-1-hare@suse.de> From: Hannes Reinecke In-Reply-To: <20220518112234.24264-1-hare@suse.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 5/18/22 13:22, Hannes Reinecke wrote: > Hi all, > > recent updates to the NVMe spec have added definitions for in-band > authentication, and seeing that it provides some real benefit > especially for NVMe-TCP here's an attempt to implement it. > > Thanks to Nicolai Stange the crypto DH framework has been upgraded > to provide us with a FFDHE implementation; I've updated the patchset > to use the ephemeral key generation provided there. > > Note that this is just for in-band authentication. Secure > concatenation (ie starting TLS with the negotiated parameters) > requires a TLS handshake, which the in-kernel TLS implementation > does not provide. This is being worked on with a different patchset > which is still WIP. > > The nvme-cli support has already been merged; please use the latest > nvme-cli git repository to build the most recent version. > > A copy of this patchset can be found at > git://git.kernel.org/pub/scm/linux/kernel/git/hare/scsi-devel > branch auth.v12 > > It is being cut against the latest master branch from Linus. > > As usual, comments and reviews are welcome. > How do we proceed here? This has been lingering for quite some time now, without any real progress. Despite everyone agreeing that we would need to have it. Anything which is missing from my side? Any other obstacles? Thanks. Cheers, Hannes -- Dr. Hannes Reinecke Kernel Storage Architect hare@suse.de +49 911 74053 688 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg HRB 36809 (AG Nürnberg), GF: Felix Imendörffer