Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp3791934ioo; Wed, 25 May 2022 08:13:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxsgILcOiSFKrvIyerubfWDj7+jtwV07HwpQihOkzmA0qutMkR/sjRfFokrK+WKW3Ti0aCx X-Received: by 2002:a17:906:4fd4:b0:6fe:d42b:feaf with SMTP id i20-20020a1709064fd400b006fed42bfeafmr15025024ejw.693.1653491596289; Wed, 25 May 2022 08:13:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653491596; cv=none; d=google.com; s=arc-20160816; b=rm217Roc4shmIO23hYhFTZ04awN913cwnFLdd/l6h1IyE+lVPejKMn8S05kLV+2jIH /ORsmvo6H2M9sTGM4Sr5Ri0icPJ1ysApb5oNv7CyVQ5ClTVKrWQxniiqv2e+Iv6YQwb6 K6Y5GTip58sRd2g7XKMmY4KNB+hu3IyrLCQHHO1vcjigiZOWA4/aWKydZnHpN1kh/i9M b0UWwZ59na2l6aZUrs+U6WehUQfUBLJEDlkHjUI4B0sbw5z6zs92O3AvqNE4MwreEUlt +EeYOZNLSB9HjFadVkQ0IHKFdpLnLW3f8NHlh9s4IpSNCkwbS85YMQZ9n2sxfnR8eakw CLwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=pyIdYTdUZwKmyF7GRjFGTDPirurocFZ70YWrVGnMIrs=; b=EJT4AxY8/96YHqwgSDlDhCF22R4sFc50W/MKFAhKLqk1RdmyXCs85g1vRgWEC/VSsf E17OrwptfcE9Az/Z/azQNv9Y7OA/OH+tvOlA4CR1NuhtaFHIVy9F3XtpLN13v342tY0Z lxFR9sTaWyIvjgFuMIaXpT5ne5Unx4CAEoiG1Z+bS2edkcPTbWx4UiP59tHpbIngcxTU M1AuS1PEhWo5jhJ6x9lWqi3sLab7bLAphk5OBYW656pAMJWUpLtiYrMXH9PyIYRWFRCN sINsC3bPcF4PdQumxpnGJWEkKKYEfP76+6YA6hTSTu7Xj2r9ZkuE0gqwJhNxUcQ3KMJx sdQQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p9-20020a056402154900b00427f1a23067si19314185edx.388.2022.05.25.08.12.27; Wed, 25 May 2022 08:13:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235319AbiEYKhq (ORCPT + 99 others); Wed, 25 May 2022 06:37:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49028 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229775AbiEYKhp (ORCPT ); Wed, 25 May 2022 06:37:45 -0400 Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6F0519346C for ; Wed, 25 May 2022 03:37:44 -0700 (PDT) Received: by mail-wm1-f52.google.com with SMTP id 67-20020a1c1946000000b00397382b44f4so3079238wmz.2 for ; Wed, 25 May 2022 03:37:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=pyIdYTdUZwKmyF7GRjFGTDPirurocFZ70YWrVGnMIrs=; b=5aI21qDskXX2Ud1vZaixuuJZM/bZeL2hALPi5A8hS7cR2VFZ3csyEf6ZV2IM6GoMlL 44wG+JKw2rSkvnifCmONXO9L+Ycc28j1pVKt2bfIQBTWzpVBXL3Lu6rmJg6/7s9C2JgC RMCDOizgh/Bfx2SfgVRO1k7xgve+xlxJTjZcIJVo+t+bYDga36xLDNlfK+0jHVuRAEIj +YQzHFcxjdpJoS8dOF23C16uJFmBQqZWXEeUEBdPGT4Pp8Q/2r8DQpTcfFNbmxc6yxU1 P9cdTTtz79fTblwiFMpy7JDcy0ibWmc1RyNjRDPwJIP84h7wEU8PZHW+KpXz2VU451IS x22w== X-Gm-Message-State: AOAM533tV0uGA5Fmt7qQbH8GBQh5pfX0vnIFq0ydIt0kbjXi/t9JIXQ9 IjmKIXf0wYvDC+A9L2JtcvE= X-Received: by 2002:a05:600c:d4:b0:397:5dfa:d16c with SMTP id u20-20020a05600c00d400b003975dfad16cmr6206158wmm.182.1653475062905; Wed, 25 May 2022 03:37:42 -0700 (PDT) Received: from [192.168.64.180] (bzq-219-42-90.isdn.bezeqint.net. [62.219.42.90]) by smtp.gmail.com with ESMTPSA id t9-20020a05600c198900b003974cb37a94sm1509002wmq.22.2022.05.25.03.37.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 25 May 2022 03:37:42 -0700 (PDT) Message-ID: <8dd97d9c-f241-9ce8-2aea-a703cbda25b1@grimberg.me> Date: Wed, 25 May 2022 13:37:41 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 Subject: Re: [PATCHv12 00/11] nvme: In-band authentication support Content-Language: en-US To: Hannes Reinecke , Christoph Hellwig Cc: Keith Busch , linux-nvme@lists.infradead.org, linux-crypto@vger.kernel.org References: <20220518112234.24264-1-hare@suse.de> From: Sagi Grimberg In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org >> Hi all, >> >> recent updates to the NVMe spec have added definitions for in-band >> authentication, and seeing that it provides some real benefit >> especially for NVMe-TCP here's an attempt to implement it. >> >> Thanks to Nicolai Stange the crypto DH framework has been upgraded >> to provide us with a FFDHE implementation; I've updated the patchset >> to use the ephemeral key generation provided there. >> >> Note that this is just for in-band authentication. Secure >> concatenation (ie starting TLS with the negotiated parameters) >> requires a TLS handshake, which the in-kernel TLS implementation >> does not provide. This is being worked on with a different patchset >> which is still WIP. >> >> The nvme-cli support has already been merged; please use the latest >> nvme-cli git repository to build the most recent version. >> >> A copy of this patchset can be found at >> git://git.kernel.org/pub/scm/linux/kernel/git/hare/scsi-devel >> branch auth.v12 >> >> It is being cut against the latest master branch from Linus. >> >> As usual, comments and reviews are welcome. >> > How do we proceed here? > This has been lingering for quite some time now, without any real > progress. Despite everyone agreeing that we would need to have it. > Anything which is missing from my side? > Any other obstacles? I've been through it a number of times during the iterations, I feel comfortable with it. I'd be more comfortable to get a second review at least on this code. But regardless, for the patches where it is missing: Reviewed-by: Sagi Grimberg