Re: [PATCH v2] nvme-auth: Don't propose NVME_AUTH_DHGROUP_NULL with SC_C

Next message: Lee Jones: "[RFC v3 2/2] HID: core: Check to ensure report responses match the request"
Previous message: Lee Jones: "[RFC v3 1/2] HID: core: Mitigate potential OOB by removing bogus memset()"
In reply to: Hannes Reinecke: "Re: [PATCH v2] nvme-auth: Don't propose NVME_AUTH_DHGROUP_NULL with SC_C"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Keith Busch

Date: Mon Mar 09 2026 - 11:07:54 EST

On Mon, Mar 09, 2026 at 02:27:33PM +1000, alistair23@xxxxxxxxx wrote:
> From: Alistair Francis <alistair.francis@xxxxxxx>
>
> Section 8.3.4.5.2 of the NVMe 2.1 base spec states that
>
> """
> The 00h identifier shall not be proposed in an AUTH_Negotiate message
> that requests secure channel concatenation (i.e., with the SC_C field
> set to a non-zero value).
> """
>
> We need to ensure that we don't set the NVME_AUTH_DHGROUP_NULL idlist if
> SC_C is set.

Thanks, applied.