From: Hannes Reinecke <hare@suse.de>
To: Sagi Grimberg <sagi@grimberg.me>
Cc: Christoph Hellwig <hch@lst.de>, Keith Busch <keith.busch@wdc.com>,
Omar Sandoval <osandov@fb.com>,
linux-nvme@lists.infradead.org
Subject: Re: [PATCH 5/6] nvmeof-tcp/005: test bi-directional authentication
Date: Thu, 18 Nov 2021 10:40:10 +0100 [thread overview]
Message-ID: <e1436a8e-396e-e262-c535-c0602b8455bb@suse.de> (raw)
In-Reply-To: <c34f1bbc-c54e-9e9e-86ed-421ea602efe8@grimberg.me>
On 11/17/21 10:50 PM, Sagi Grimberg wrote:
> Hannes,
>
> Should we add negative test cases for each of these tests?
> Currently for some reason I'm able to connect even though
> I provide the host a different dhchap_ctrl_key.
>
> Controller:
> --
> # grep -r ''
> /sys/kernel/config/nvmet/hosts/nqn.2014-08.org.nvmexpress:uuid:b73ff014-2723-4114-aa8d-2f784ecba4f4
>
> /sys/kernel/config/nvmet/hosts/nqn.2014-08.org.nvmexpress:uuid:b73ff014-2723-4114-aa8d-2f784ecba4f4/dhchap_dhgroup:null
>
> /sys/kernel/config/nvmet/hosts/nqn.2014-08.org.nvmexpress:uuid:b73ff014-2723-4114-aa8d-2f784ecba4f4/dhchap_hash:hmac(sha512)
>
> /sys/kernel/config/nvmet/hosts/nqn.2014-08.org.nvmexpress:uuid:b73ff014-2723-4114-aa8d-2f784ecba4f4/dhchap_ctrl_key:DHHC-1:03:M4ik+B5zPy9vqzH0Ef9sLWXLL7HQ1JEqx0IkhMWwNPc0tq8ZLkTQstMl1A9wkMFzzo52hJwQ0wP9GELWmUwUgFisuGw=:
>
> /sys/kernel/config/nvmet/hosts/nqn.2014-08.org.nvmexpress:uuid:b73ff014-2723-4114-aa8d-2f784ecba4f4/dhchap_key:DHHC-1:03:ynOWXFT8AC/OlvuIkpQ1RQlDAuHz2axeP43zmws90yRhPHNP5HyDQSI3m+WCBKcUfl7gRraflcb7nHAHR5mTh9t22Js=:
>
> --
>
> Host (use same key for -S and -C):
> --
> # ./nvme connect -t tcp -a 192.168.123.1 -n testnqn1 -s 8009 -S
> "DHHC-1:03:ynOWXFT8AC/OlvuIkpQ1RQlDAuHz2axeP43zmws90yRhPHNP5HyDQSI3m+WCBKcUfl7gRraflcb7nHAHR5mTh9t22Js=:"
> -C
> "DHHC-1:03:ynOWXFT8AC/OlvuIkpQ1RQlDAuHz2axeP43zmws90yRhPHNP5HyDQSI3m+WCBKcUfl7gRraflcb7nHAHR5mTh9t22Js=:"
>
> # nvme list
> Node SN Model Namespace
> Usage Format FW Rev
> --------------------- --------------------
> ---------------------------------------- ---------
> -------------------------- ---------------- --------
> /dev/nvme0n1 c7ebe13b94f6ad3885c7 Linux 1
> 268.44 GB / 268.44 GB 512 B + 0 B 5.15.0-r
> --
>
> Am I doing something wrong?
Hmm. Not that I can see.
I'll be checking what's going on here.
And yes, some negative tests won't go amiss.
I'll be adding them; or, rather, update the current ones to test with
mismatched credentials, too.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), GF: Felix Imendörffer
next prev parent reply other threads:[~2021-11-18 9:40 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-12 14:45 [PATCH blktests 0/6] Testsuite for nvme in-band authentication Hannes Reinecke
2021-11-12 14:45 ` [PATCH 1/6] nvmeof-tcp/001: simple test for nvmeof-tcp connection Hannes Reinecke
2021-11-14 10:31 ` Sagi Grimberg
2021-11-14 13:50 ` Hannes Reinecke
2021-11-14 14:45 ` Sagi Grimberg
2021-11-15 2:34 ` Chaitanya Kulkarni
2021-11-15 6:56 ` Hannes Reinecke
2021-11-15 8:12 ` Sagi Grimberg
2021-11-15 8:37 ` Hannes Reinecke
2021-11-12 14:45 ` [PATCH 2/6] nvmeof-tcp/002: create an authenticated " Hannes Reinecke
2021-11-12 14:45 ` [PATCH 3/6] nvmeof-tcp/003: test different key types Hannes Reinecke
2021-11-12 14:45 ` [PATCH 4/6] nvmeof-tcp/004: test hash and dhgroup variations Hannes Reinecke
2021-11-12 14:45 ` [PATCH 5/6] nvmeof-tcp/005: test bi-directional authentication Hannes Reinecke
2021-11-17 21:50 ` Sagi Grimberg
2021-11-18 9:40 ` Hannes Reinecke [this message]
2021-11-19 11:29 ` Hannes Reinecke
2021-11-12 14:45 ` [PATCH 6/6] nvmeof-tcp/006: test re-authentication Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e1436a8e-396e-e262-c535-c0602b8455bb@suse.de \
--to=hare@suse.de \
--cc=hch@lst.de \
--cc=keith.busch@wdc.com \
--cc=linux-nvme@lists.infradead.org \
--cc=osandov@fb.com \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox