Protecting data in buffer with an SA

Kevin D Butt kdbutt at us.ibm.com
Wed Mar 4 15:58:30 PST 2009


Formatted message: <a href="http://www.t10.org/cgi-bin/ac.pl?t=r&f=r0903049_f.htm">HTML-formatted message</a>

Ralph,
If I understand this correctly, then if I desire to protect the data 
returned by a Security Protocol In command with an SA, then I would need 
to protect the Security Protocol In command with the SA during the request 
(this is required to thwart known plain-text attacks).	This in turn would 
require that the standard be updated to specify how to protect the 
Security Protocol In command.  I think this would require use of a 
variable length CDB (in order to fit in the SA protected SPIN command) and 
would preclude use of an extended CDB (because the SPIN CDB would not be 
protected by an SA and there would be nothing to create a new extension 
with).
Am I understanding this correctly?
Thanks,
Kevin D. Butt
SCSI & Fibre Channel Architect, Tape Firmware
MS 6TYA, 9000 S. Rita Rd., Tucson, AZ 85744
Tel: 520-799-5280
Fax: 520-799-2723 (T/L:321)
Email address: kdbutt at us.ibm.com
http://www-03.ibm.com/servers/storage/ 
From:
Kevin D Butt/Tucson/IBM at IBMUS
To:
Ralph Weber <roweber at ieee.org>
Cc:
t10 at t10.org
Date:
03/04/2009 11:13 AM
Subject:
Re: Protecting data in buffer with an SA
Ralph, 
Thanks.  I need to dig through this and assimilate the information. Thanks 
for your responses. 
Kevin D. Butt
SCSI & Fibre Channel Architect, Tape Firmware
MS 6TYA, 9000 S. Rita Rd., Tucson, AZ 85744
Tel: 520-799-5280
Fax: 520-799-2723 (T/L:321)
Email address: kdbutt at us.ibm.com
http://www-03.ibm.com/servers/storage/ 
From: 
Ralph Weber <roweber at ieee.org> 
To: 
t10 at t10.org 
Date: 
03/03/2009 06:32 PM 
Subject: 
Re: Protecting data in buffer with an SA
* From the T10 Reflector (t10 at t10.org), posted by:
* Ralph Weber <roweber at ieee.org>
*
Kevin,
I believe the RECEIVE CREDENTIAL command (see 6.19) provides
a worked example of how to SA-protect a data-in buffer.
N.B. The use of an SA to protect data in the CDB is a
security-motivated "feature", as described in the last
paragraph in 5.14.7.5.1.
All the best,
.Ralph
Kevin D Butt wrote:
>
> Ralph,
>
> Thanks for the response.  Does it help to restate my question as this:
> How can the device server know which SA the application client wants 
> the device server to use to protect the data-in buffer using ESP-SCSI?
>
> 5.14.7.5.1 Overview
> A device server shall transfer ESP-SCSI parameter data descriptors in 
> a data-in buffer only in response to a
> request that specifies an SA using the AC_SAI SA parameter and DS_SAI 
> SA parameter values (see 5.14.2.2). If
> the specified combination of AC_SAI and DS_SAI values in a command 
> that requests the transfer of ESP-SCSI
> parameter data descriptors is not known to the device server, the 
> command shall be terminated with CHECK
> CONDITION status, with the sense key set to ILLEGAL REQUEST, the 
> additional sense code set to INVALID
> FIELD IN PARAMETER LIST or to INVALID FIELD IN CDB, the SKSV bit set 
> to one, and SENSE KEY SPECIFIC field
> set as defined in 4.5.2.4.2.
>
> How is this line in the above fulfilled "only in response to a request 
> that specifies an SA using the AC_SAI SA parameter and DS_SAI SA 
> parameter values".  How can the request (i.e., a CDB) specify an SA?
>
> Thanks,
>
> Kevin D. Butt
> SCSI & Fibre Channel Architect, Tape Firmware
> MS 6TYA, 9000 S. Rita Rd., Tucson, AZ 85744
> Tel: 520-799-5280
> Fax: 520-799-2723 (T/L:321)
> Email address: kdbutt at us.ibm.com
> http://www-03.ibm.com/servers/storage/
>
>
> From: 		 Ralph Weber <roweber at IEEE.org>
> To:		       t10 at t10.org
> Date: 		 03/03/2009 05:06 PM
> Subject:		    Re: Protecting data in buffer with an SA
>
>
> ------------------------------------------------------------------------
>
>
>
> * From the T10 Reflector (t10 at t10.org), posted by:
> * Ralph Weber <roweber at ieee.org>
> *
> Kevin,
>
> I am having difficulty parsing everything that follows, "There
> is an ESP-SCSI defined for parameter in data but no method for
> selecting which SA to use to protect it" in the original message.
>
> Every ESP-SCSI format that I have checked contains an SAI
> (Security Association Index) -- either DS_SAI or AC_SAI --
> that identifies the SA to be applied when protecting the data.
>
> Perhaps my confusion over the other questions will be clarified
> when the inability of SAIs to identify SAs is explained.
>
> All the best,
>
> .Ralph
>
> Kevin D Butt wrote:
> >
> > IBM is looking at what would be required to protect a data in buffer
> > with an SA.  There is an ESP-SCSI defined for parameter in data but no
> > method for selecting which SA to use to protect it.  How does the
> > application client tell the device server which SA to use?	Since
> > there are no SAI fields in the CDB's for the commands that request the
> > data we are looking to protect, we don't see how to do this.
> >
> > Has anybody thought about this yet?
> >
> > Thanks,
> >
> > Kevin D. Butt
> > SCSI & Fibre Channel Architect, Tape Firmware
> > MS 6TYA, 9000 S. Rita Rd., Tucson, AZ 85744
> > Tel: 520-799-5280
> > Fax: 520-799-2723 (T/L:321)
> > Email address: kdbutt at us.ibm.com
> > http://www-03.ibm.com/servers/storage/
>
> *
> * For T10 Reflector information, send a message with
> * 'info t10' (no quotes) in the message body to majordomo at t10.org
>
>
*
* For T10 Reflector information, send a message with
* 'info t10' (no quotes) in the message body to majordomo at t10.org



More information about the T10 mailing list