[PATCHv6,00/12] nvme: In-band authentication support

Message ID	20211122074727.25988-1-hare@suse.de (mailing list archive)
Headers	show Return-Path: <linux-crypto-owner@kernel.org> From: Hannes Reinecke <hare@suse.de> To: Sagi Grimberg <sagi@grimberg.me> Cc: Christoph Hellwig <hch@lst.de>, Keith Busch <keith.busch@wdc.com>, linux-nvme@lists.infradead.org, Herbert Xu <herberg@gondor.apana.org.au>, David Miller <davem@davemloft.org>, linux-crypto@vger.kernel.org, Hannes Reinecke <hare@suse.de> Subject: [PATCHv6 00/12] nvme: In-band authentication support Date: Mon, 22 Nov 2021 08:47:15 +0100 Message-Id: <20211122074727.25988-1-hare@suse.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	nvme: In-band authentication support \| expand [PATCHv6,00/12] nvme: In-band authentication support [01/12] crypto: add crypto_has_shash() [02/12] crypto: add crypto_has_kpp() [03/12] crypto/ffdhe: Finite Field DH Ephemeral Parameters [04/12] lib/base64: RFC4648-compliant base64 encoding [05/12] nvme: add definitions for NVMe In-Band authentication [06/12] nvme-fabrics: decode 'authentication required' connect error [07/12] nvme: Implement In-Band authentication [08/12] nvme-auth: Diffie-Hellman key exchange support [09/12] nvmet: Parse fabrics commands on all queues [10/12] nvmet: Implement basic In-Band Authentication [11/12] nvmet-auth: Diffie-Hellman key exchange support [12/12] nvmet-auth: expire authentication sessions

Hannes Reinecke Nov. 22, 2021, 7:47 a.m. UTC

Hi all,

recent updates to the NVMe spec have added definitions for in-band
authentication, and seeing that it provides some real benefit
especially for NVMe-TCP here's an attempt to implement it.

Tricky bit here is that the specification orients itself on TLS 1.3,
but supports only the FFDHE groups. Which of course the kernel doesn't
support. I've been able to come up with a patch for this, but as this
is my first attempt to fix anything in the crypto area I would invite
people more familiar with these matters to have a look.

Also note that this is just for in-band authentication. Secure
concatenation (ie starting TLS with the negotiated parameters) is not
implemented; one would need to update the kernel TLS implementation
for this, which at this time is beyond scope.

As usual, comments and reviews are welcome.

Changes to v5:
- Unify nvme_auth_generate_key()
- Unify nvme_auth_extract_key()
- Include reviews from Sagi

Changes to v4:
- Validate against blktest suite
- Fixup base64 decoding
- Transform secret with correct hmac algorithm

Changes to v3:
- Renamed parameter to 'dhchap_ctrl_key'
- Fixed bi-directional authentication
- Included reviews from Sagi
- Fixed base64 algorithm for transport encoding

Changes to v2:
- Dropped non-standard algorithms
- Reworked base64 based on fs/crypto/fname.c
- Fixup crash with no keys

Changes to the original submission:
- Included reviews from Vladislav
- Included reviews from Sagi
- Implemented re-authentication support
- Fixed up key handling

Hannes Reinecke (12):
  crypto: add crypto_has_shash()
  crypto: add crypto_has_kpp()
  crypto/ffdhe: Finite Field DH Ephemeral Parameters
  lib/base64: RFC4648-compliant base64 encoding
  nvme: add definitions for NVMe In-Band authentication
  nvme-fabrics: decode 'authentication required' connect error
  nvme: Implement In-Band authentication
  nvme-auth: Diffie-Hellman key exchange support
  nvmet: Parse fabrics commands on all queues
  nvmet: Implement basic In-Band Authentication
  nvmet-auth: Diffie-Hellman key exchange support
  nvmet-auth: expire authentication sessions

 crypto/Kconfig                         |    8 +
 crypto/Makefile                        |    1 +
 crypto/ffdhe_helper.c                  |  880 ++++++++++++++
 crypto/kpp.c                           |    6 +
 crypto/shash.c                         |    6 +
 drivers/nvme/host/Kconfig              |   12 +
 drivers/nvme/host/Makefile             |    1 +
 drivers/nvme/host/auth.c               | 1539 ++++++++++++++++++++++++
 drivers/nvme/host/auth.h               |   34 +
 drivers/nvme/host/core.c               |  141 ++-
 drivers/nvme/host/fabrics.c            |   83 +-
 drivers/nvme/host/fabrics.h            |    7 +
 drivers/nvme/host/nvme.h               |   35 +
 drivers/nvme/host/tcp.c                |    1 +
 drivers/nvme/host/trace.c              |   32 +
 drivers/nvme/target/Kconfig            |   13 +
 drivers/nvme/target/Makefile           |    1 +
 drivers/nvme/target/admin-cmd.c        |    4 +
 drivers/nvme/target/auth.c             |  529 ++++++++
 drivers/nvme/target/configfs.c         |  138 ++-
 drivers/nvme/target/core.c             |   10 +
 drivers/nvme/target/fabrics-cmd-auth.c |  513 ++++++++
 drivers/nvme/target/fabrics-cmd.c      |   30 +-
 drivers/nvme/target/nvmet.h            |   77 ++
 include/crypto/ffdhe.h                 |   24 +
 include/crypto/hash.h                  |    2 +
 include/crypto/kpp.h                   |    2 +
 include/linux/base64.h                 |   16 +
 include/linux/nvme.h                   |  186 ++-
 lib/Makefile                           |    2 +-
 lib/base64.c                           |  103 ++
 31 files changed, 4424 insertions(+), 12 deletions(-)
 create mode 100644 crypto/ffdhe_helper.c
 create mode 100644 drivers/nvme/host/auth.c
 create mode 100644 drivers/nvme/host/auth.h
 create mode 100644 drivers/nvme/target/auth.c
 create mode 100644 drivers/nvme/target/fabrics-cmd-auth.c
 create mode 100644 include/crypto/ffdhe.h
 create mode 100644 include/linux/base64.h
 create mode 100644 lib/base64.c

Sagi Grimberg Nov. 22, 2021, 8:13 a.m. UTC | #1

On 11/22/21 9:47 AM, Hannes Reinecke wrote:
> Hi all,
> 
> recent updates to the NVMe spec have added definitions for in-band
> authentication, and seeing that it provides some real benefit
> especially for NVMe-TCP here's an attempt to implement it.
> 
> Tricky bit here is that the specification orients itself on TLS 1.3,
> but supports only the FFDHE groups. Which of course the kernel doesn't
> support. I've been able to come up with a patch for this, but as this
> is my first attempt to fix anything in the crypto area I would invite
> people more familiar with these matters to have a look.
> 
> Also note that this is just for in-band authentication. Secure
> concatenation (ie starting TLS with the negotiated parameters) is not
> implemented; one would need to update the kernel TLS implementation
> for this, which at this time is beyond scope.
> 
> As usual, comments and reviews are welcome.
> 
> Changes to v5:
> - Unify nvme_auth_generate_key()
> - Unify nvme_auth_extract_key()

You mean nvme_auth_extract_secret() ?

> - Include reviews from Sagi

What about the bug fix folded in?

Hannes Reinecke Nov. 22, 2021, 9:03 a.m. UTC | #2

On 11/22/21 9:13 AM, Sagi Grimberg wrote:
> 
> 
> On 11/22/21 9:47 AM, Hannes Reinecke wrote:
>> Hi all,
>>
>> recent updates to the NVMe spec have added definitions for in-band
>> authentication, and seeing that it provides some real benefit
>> especially for NVMe-TCP here's an attempt to implement it.
>>
>> Tricky bit here is that the specification orients itself on TLS 1.3,
>> but supports only the FFDHE groups. Which of course the kernel doesn't
>> support. I've been able to come up with a patch for this, but as this
>> is my first attempt to fix anything in the crypto area I would invite
>> people more familiar with these matters to have a look.
>>
>> Also note that this is just for in-band authentication. Secure
>> concatenation (ie starting TLS with the negotiated parameters) is not
>> implemented; one would need to update the kernel TLS implementation
>> for this, which at this time is beyond scope.
>>
>> As usual, comments and reviews are welcome.
>>
>> Changes to v5:
>> - Unify nvme_auth_generate_key()
>> - Unify nvme_auth_extract_key()
> 
> You mean nvme_auth_extract_secret() ?
> 
Yes.

>> - Include reviews from Sagi
> 
> What about the bug fix folded in?

Yeah, and that, to
Forgot to mention it.

Also note that I've already folded the nvme-cli patches into the git
repository to ease testing; I gather that the interface won't change
that much anymore, so I felt justified in doing so.
And I got tired of explaining to interested parties how to build a
non-standard nvme-cli :-)
But that's why I didn't post separate patches for nvme-cli.

Cheers,

Hannes

Sagi Grimberg Nov. 22, 2021, 11:32 a.m. UTC | #3

>>> Hi all,
>>>
>>> recent updates to the NVMe spec have added definitions for in-band
>>> authentication, and seeing that it provides some real benefit
>>> especially for NVMe-TCP here's an attempt to implement it.
>>>
>>> Tricky bit here is that the specification orients itself on TLS 1.3,
>>> but supports only the FFDHE groups. Which of course the kernel doesn't
>>> support. I've been able to come up with a patch for this, but as this
>>> is my first attempt to fix anything in the crypto area I would invite
>>> people more familiar with these matters to have a look.
>>>
>>> Also note that this is just for in-band authentication. Secure
>>> concatenation (ie starting TLS with the negotiated parameters) is not
>>> implemented; one would need to update the kernel TLS implementation
>>> for this, which at this time is beyond scope.
>>>
>>> As usual, comments and reviews are welcome.
>>>
>>> Changes to v5:
>>> - Unify nvme_auth_generate_key()
>>> - Unify nvme_auth_extract_key()
>>
>> You mean nvme_auth_extract_secret() ?
>>
> Yes.
> 
>>> - Include reviews from Sagi
>>
>> What about the bug fix folded in?
> 
> Yeah, and that, to
> Forgot to mention it.

It is not the code that you shared in the other thread right?

> 
> Also note that I've already folded the nvme-cli patches into the git
> repository to ease testing; I gather that the interface won't change
> that much anymore, so I felt justified in doing so.

It's ok, we can still change if we want to.

Hannes Reinecke Nov. 22, 2021, 11:37 a.m. UTC | #4

On 11/22/21 12:32 PM, Sagi Grimberg wrote:
> 
>>>> Hi all,
>>>>
>>>> recent updates to the NVMe spec have added definitions for in-band
>>>> authentication, and seeing that it provides some real benefit
>>>> especially for NVMe-TCP here's an attempt to implement it.
>>>>
>>>> Tricky bit here is that the specification orients itself on TLS 1.3,
>>>> but supports only the FFDHE groups. Which of course the kernel doesn't
>>>> support. I've been able to come up with a patch for this, but as this
>>>> is my first attempt to fix anything in the crypto area I would invite
>>>> people more familiar with these matters to have a look.
>>>>
>>>> Also note that this is just for in-band authentication. Secure
>>>> concatenation (ie starting TLS with the negotiated parameters) is not
>>>> implemented; one would need to update the kernel TLS implementation
>>>> for this, which at this time is beyond scope.
>>>>
>>>> As usual, comments and reviews are welcome.
>>>>
>>>> Changes to v5:
>>>> - Unify nvme_auth_generate_key()
>>>> - Unify nvme_auth_extract_key()
>>>
>>> You mean nvme_auth_extract_secret() ?
>>>
>> Yes.
>>
>>>> - Include reviews from Sagi
>>>
>>> What about the bug fix folded in?
>>
>> Yeah, and that, to
>> Forgot to mention it.
> 
> It is not the code that you shared in the other thread right?
> 
Yes, it is.
It has been folded into v6.
And test 043 has been updated to check for this issue.

Cheers,

Hannes

Sagi Grimberg Nov. 22, 2021, 11:45 a.m. UTC | #5

>>>> What about the bug fix folded in?
>>>
>>> Yeah, and that, to
>>> Forgot to mention it.
>>
>> It is not the code that you shared in the other thread right?
>>
> Yes, it is.
> It has been folded into v6.

I don't see it in patch 07/12

Hannes Reinecke Nov. 22, 2021, 11:56 a.m. UTC | #6

On 11/22/21 12:45 PM, Sagi Grimberg wrote:
> 
>>>>> What about the bug fix folded in?
>>>>
>>>> Yeah, and that, to
>>>> Forgot to mention it.
>>>
>>> It is not the code that you shared in the other thread right?
>>>
>> Yes, it is.
>> It has been folded into v6.
> 
> I don't see it in patch 07/12


+	ret = nvme_auth_process_dhchap_success1(ctrl, chap);
+	if (ret) {
+		/* Controller authentication failed */
+		goto fail2;
+	}
+

v5 had 'if (ret < 0) [' here.

Cheers,

Hannes

Sagi Grimberg Nov. 22, 2021, 12:01 p.m. UTC | #7

> +	ret = nvme_auth_process_dhchap_success1(ctrl, chap);
> +	if (ret) {
> +		/* Controller authentication failed */
> +		goto fail2;
> +	}
> +
> 
> v5 had 'if (ret < 0) [' here.

Right, thanks.

[PATCHv6,00/12] nvme: In-band authentication support

Message

Comments