Message ID | 20220518112234.24264-1-hare@suse.de |
---|---|
Headers | show |
Series | nvme: In-band authentication support | expand |
On 5/18/22 13:22, Hannes Reinecke wrote: > Hi all, > > recent updates to the NVMe spec have added definitions for in-band > authentication, and seeing that it provides some real benefit > especially for NVMe-TCP here's an attempt to implement it. > > Thanks to Nicolai Stange the crypto DH framework has been upgraded > to provide us with a FFDHE implementation; I've updated the patchset > to use the ephemeral key generation provided there. > > Note that this is just for in-band authentication. Secure > concatenation (ie starting TLS with the negotiated parameters) > requires a TLS handshake, which the in-kernel TLS implementation > does not provide. This is being worked on with a different patchset > which is still WIP. > > The nvme-cli support has already been merged; please use the latest > nvme-cli git repository to build the most recent version. > > A copy of this patchset can be found at > git://git.kernel.org/pub/scm/linux/kernel/git/hare/scsi-devel > branch auth.v12 > > It is being cut against the latest master branch from Linus. > > As usual, comments and reviews are welcome. > How do we proceed here? This has been lingering for quite some time now, without any real progress. Despite everyone agreeing that we would need to have it. Anything which is missing from my side? Any other obstacles? Thanks. Cheers, Hannes
On Fri, May 27, 2022 at 12:21:59PM +0200, Hannes Reinecke wrote: > Christoph, you can pick either v12 or v13; the difference is just the check > for available hash and kpp functions. v12 has the dynamic version > using the crypto helpers, v13 has the static version checking compile-time > configuration. > Either way would work. Please resend with these helpers included and any other fixups after rc2 is released.