From patchwork Fri Nov 12 12:59:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hannes Reinecke X-Patchwork-Id: 12616757 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39A49C4332F for ; Fri, 12 Nov 2021 12:59:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1A61C61078 for ; Fri, 12 Nov 2021 12:59:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234918AbhKLNCa (ORCPT ); Fri, 12 Nov 2021 08:02:30 -0500 Received: from smtp-out1.suse.de ([195.135.220.28]:44858 "EHLO smtp-out1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234961AbhKLNC3 (ORCPT ); Fri, 12 Nov 2021 08:02:29 -0500 Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id A30D121981; Fri, 12 Nov 2021 12:59:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1636721977; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=glmAY5ZgeEte/g7LHsxvyBRe8TZVYMi0F/hsDQ23WA0=; b=PuTw6PUQiekMXLbQQxTP+NesFFn9e8OZm6nTbN1AGtQaMHZtVd7lRrO7NUVkCz7+RnTDYi AJl8nLMd3ETxk6tGmMaH1CKHqXyW6+IiGassfMxKrG4Ra6t7Csg5+q2UFYtq1Fox3y3+vA pTRMhzg+4DPzH6B+0nJVweTDob45fbo= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1636721977; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=glmAY5ZgeEte/g7LHsxvyBRe8TZVYMi0F/hsDQ23WA0=; b=xwbZDZ+lX5ypOnrXgtsIfAUuGUR49SAztjYuoeWTB/LLk6ZnXeqtwwtOHut4+S7Dl+ppzM MY0CCP9A7k0MSNCQ== Received: from adalid.arch.suse.de (adalid.arch.suse.de [10.161.8.13]) by relay2.suse.de (Postfix) with ESMTP id 5616BA3B83; Fri, 12 Nov 2021 12:59:36 +0000 (UTC) Received: by adalid.arch.suse.de (Postfix, from userid 16045) id 1891D5191253; Fri, 12 Nov 2021 13:59:36 +0100 (CET) From: Hannes Reinecke To: Sagi Grimberg Cc: Christoph Hellwig , Keith Busch , linux-nvme@lists.infradead.org, Herbert Xu , David Miller , linux-crypto@vger.kernel.org, Hannes Reinecke Subject: [PATCHv5 00/12] nvme: In-band authentication support Date: Fri, 12 Nov 2021 13:59:16 +0100 Message-Id: <20211112125928.97318-1-hare@suse.de> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi all, recent updates to the NVMe spec have added definitions for in-band authentication, and seeing that it provides some real benefit especially for NVMe-TCP here's an attempt to implement it. Tricky bit here is that the specification orients itself on TLS 1.3, but supports only the FFDHE groups. Which of course the kernel doesn't support. I've been able to come up with a patch for this, but as this is my first attempt to fix anything in the crypto area I would invite people more familiar with these matters to have a look. Also note that this is just for in-band authentication. Secure concatenation (ie starting TLS with the negotiated parameters) is not implemented; one would need to update the kernel TLS implementation for this, which at this time is beyond scope. As usual, comments and reviews are welcome. Changes to v4: - Validate against blktest suite - Fixup base64 decoding - Transform secret with correct hmac algorithm Changes to v3: - Renamed parameter to 'dhchap_ctrl_key' - Fixed bi-directional authentication - Included reviews from Sagi - Fixed base64 algorithm for transport encoding Changes to v2: - Dropped non-standard algorithms - Reworked base64 based on fs/crypto/fname.c - Fixup crash with no keys Changes to the original submission: - Included reviews from Vladislav - Included reviews from Sagi - Implemented re-authentication support - Fixed up key handling Hannes Reinecke (12): crypto: add crypto_has_shash() crypto: add crypto_has_kpp() crypto/ffdhe: Finite Field DH Ephemeral Parameters lib/base64: RFC4648-compliant base64 encoding nvme: add definitions for NVMe In-Band authentication nvme-fabrics: decode 'authentication required' connect error nvme: Implement In-Band authentication nvme-auth: Diffie-Hellman key exchange support nvmet: Parse fabrics commands on all queues nvmet: Implement basic In-Band Authentication nvmet-auth: Diffie-Hellman key exchange support nvmet-auth: expire authentication sessions crypto/Kconfig | 8 + crypto/Makefile | 1 + crypto/ffdhe_helper.c | 880 +++++++++++++ crypto/kpp.c | 6 + crypto/shash.c | 6 + drivers/nvme/host/Kconfig | 12 + drivers/nvme/host/Makefile | 1 + drivers/nvme/host/auth.c | 1564 ++++++++++++++++++++++++ drivers/nvme/host/auth.h | 34 + drivers/nvme/host/core.c | 133 +- drivers/nvme/host/fabrics.c | 83 +- drivers/nvme/host/fabrics.h | 7 + drivers/nvme/host/nvme.h | 36 + drivers/nvme/host/tcp.c | 1 + drivers/nvme/host/trace.c | 32 + drivers/nvme/target/Kconfig | 12 + drivers/nvme/target/Makefile | 1 + drivers/nvme/target/admin-cmd.c | 4 + drivers/nvme/target/auth.c | 544 +++++++++ drivers/nvme/target/configfs.c | 138 ++- drivers/nvme/target/core.c | 10 + drivers/nvme/target/fabrics-cmd-auth.c | 513 ++++++++ drivers/nvme/target/fabrics-cmd.c | 30 +- drivers/nvme/target/nvmet.h | 77 ++ include/crypto/ffdhe.h | 24 + include/crypto/hash.h | 2 + include/crypto/kpp.h | 2 + include/linux/base64.h | 16 + include/linux/nvme.h | 186 ++- lib/Makefile | 2 +- lib/base64.c | 103 ++ 31 files changed, 4456 insertions(+), 12 deletions(-) create mode 100644 crypto/ffdhe_helper.c create mode 100644 drivers/nvme/host/auth.c create mode 100644 drivers/nvme/host/auth.h create mode 100644 drivers/nvme/target/auth.c create mode 100644 drivers/nvme/target/fabrics-cmd-auth.c create mode 100644 include/crypto/ffdhe.h create mode 100644 include/linux/base64.h create mode 100644 lib/base64.c