1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * NVMe over Fabrics DH-HMAC-CHAP authentication.
4 * Copyright (c) 2020 Hannes Reinecke, SUSE Software Solutions.
5 * All rights reserved.
6 */
7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
8 #include <linux/module.h>
9 #include <linux/init.h>
10 #include <linux/slab.h>
11 #include <linux/err.h>
12 #include <crypto/hash.h>
13 #include <linux/crc32.h>
14 #include <linux/base64.h>
15 #include <linux/ctype.h>
16 #include <linux/random.h>
17 #include <linux/nvme-auth.h>
18 #include <asm/unaligned.h>
19
20 #include "nvmet.h"
21
nvmet_auth_set_key(struct nvmet_host * host,const char * secret,bool set_ctrl)22 int nvmet_auth_set_key(struct nvmet_host *host, const char *secret,
23 bool set_ctrl)
24 {
25 unsigned char key_hash;
26 char *dhchap_secret;
27
28 if (sscanf(secret, "DHHC-1:%hhd:%*s", &key_hash) != 1)
29 return -EINVAL;
30 if (key_hash > 3) {
31 pr_warn("Invalid DH-HMAC-CHAP hash id %d\n",
32 key_hash);
33 return -EINVAL;
34 }
35 if (key_hash > 0) {
36 /* Validate selected hash algorithm */
37 const char *hmac = nvme_auth_hmac_name(key_hash);
38
39 if (!crypto_has_shash(hmac, 0, 0)) {
40 pr_err("DH-HMAC-CHAP hash %s unsupported\n", hmac);
41 return -ENOTSUPP;
42 }
43 }
44 dhchap_secret = kstrdup(secret, GFP_KERNEL);
45 if (!dhchap_secret)
46 return -ENOMEM;
47 if (set_ctrl) {
48 kfree(host->dhchap_ctrl_secret);
49 host->dhchap_ctrl_secret = strim(dhchap_secret);
50 host->dhchap_ctrl_key_hash = key_hash;
51 } else {
52 kfree(host->dhchap_secret);
53 host->dhchap_secret = strim(dhchap_secret);
54 host->dhchap_key_hash = key_hash;
55 }
56 return 0;
57 }
58
nvmet_setup_dhgroup(struct nvmet_ctrl * ctrl,u8 dhgroup_id)59 int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, u8 dhgroup_id)
60 {
61 const char *dhgroup_kpp;
62 int ret = 0;
63
64 pr_debug("%s: ctrl %d selecting dhgroup %d\n",
65 __func__, ctrl->cntlid, dhgroup_id);
66
67 if (ctrl->dh_tfm) {
68 if (ctrl->dh_gid == dhgroup_id) {
69 pr_debug("%s: ctrl %d reuse existing DH group %d\n",
70 __func__, ctrl->cntlid, dhgroup_id);
71 return 0;
72 }
73 crypto_free_kpp(ctrl->dh_tfm);
74 ctrl->dh_tfm = NULL;
75 ctrl->dh_gid = 0;
76 }
77
78 if (dhgroup_id == NVME_AUTH_DHGROUP_NULL)
79 return 0;
80
81 dhgroup_kpp = nvme_auth_dhgroup_kpp(dhgroup_id);
82 if (!dhgroup_kpp) {
83 pr_debug("%s: ctrl %d invalid DH group %d\n",
84 __func__, ctrl->cntlid, dhgroup_id);
85 return -EINVAL;
86 }
87 ctrl->dh_tfm = crypto_alloc_kpp(dhgroup_kpp, 0, 0);
88 if (IS_ERR(ctrl->dh_tfm)) {
89 pr_debug("%s: ctrl %d failed to setup DH group %d, err %ld\n",
90 __func__, ctrl->cntlid, dhgroup_id,
91 PTR_ERR(ctrl->dh_tfm));
92 ret = PTR_ERR(ctrl->dh_tfm);
93 ctrl->dh_tfm = NULL;
94 ctrl->dh_gid = 0;
95 } else {
96 ctrl->dh_gid = dhgroup_id;
97 pr_debug("%s: ctrl %d setup DH group %d\n",
98 __func__, ctrl->cntlid, ctrl->dh_gid);
99 ret = nvme_auth_gen_privkey(ctrl->dh_tfm, ctrl->dh_gid);
100 if (ret < 0) {
101 pr_debug("%s: ctrl %d failed to generate private key, err %d\n",
102 __func__, ctrl->cntlid, ret);
103 kfree_sensitive(ctrl->dh_key);
104 ctrl->dh_key = NULL;
105 return ret;
106 }
107 ctrl->dh_keysize = crypto_kpp_maxsize(ctrl->dh_tfm);
108 kfree_sensitive(ctrl->dh_key);
109 ctrl->dh_key = kzalloc(ctrl->dh_keysize, GFP_KERNEL);
110 if (!ctrl->dh_key) {
111 pr_warn("ctrl %d failed to allocate public key\n",
112 ctrl->cntlid);
113 return -ENOMEM;
114 }
115 ret = nvme_auth_gen_pubkey(ctrl->dh_tfm, ctrl->dh_key,
116 ctrl->dh_keysize);
117 if (ret < 0) {
118 pr_warn("ctrl %d failed to generate public key\n",
119 ctrl->cntlid);
120 kfree(ctrl->dh_key);
121 ctrl->dh_key = NULL;
122 }
123 }
124
125 return ret;
126 }
127
nvmet_setup_auth(struct nvmet_ctrl * ctrl)128 int nvmet_setup_auth(struct nvmet_ctrl *ctrl)
129 {
130 int ret = 0;
131 struct nvmet_host_link *p;
132 struct nvmet_host *host = NULL;
133 const char *hash_name;
134
135 down_read(&nvmet_config_sem);
136 if (nvmet_is_disc_subsys(ctrl->subsys))
137 goto out_unlock;
138
139 if (ctrl->subsys->allow_any_host)
140 goto out_unlock;
141
142 list_for_each_entry(p, &ctrl->subsys->hosts, entry) {
143 pr_debug("check %s\n", nvmet_host_name(p->host));
144 if (strcmp(nvmet_host_name(p->host), ctrl->hostnqn))
145 continue;
146 host = p->host;
147 break;
148 }
149 if (!host) {
150 pr_debug("host %s not found\n", ctrl->hostnqn);
151 ret = -EPERM;
152 goto out_unlock;
153 }
154
155 ret = nvmet_setup_dhgroup(ctrl, host->dhchap_dhgroup_id);
156 if (ret < 0)
157 pr_warn("Failed to setup DH group");
158
159 if (!host->dhchap_secret) {
160 pr_debug("No authentication provided\n");
161 goto out_unlock;
162 }
163
164 if (host->dhchap_hash_id == ctrl->shash_id) {
165 pr_debug("Re-use existing hash ID %d\n",
166 ctrl->shash_id);
167 } else {
168 hash_name = nvme_auth_hmac_name(host->dhchap_hash_id);
169 if (!hash_name) {
170 pr_warn("Hash ID %d invalid\n", host->dhchap_hash_id);
171 ret = -EINVAL;
172 goto out_unlock;
173 }
174 ctrl->shash_id = host->dhchap_hash_id;
175 }
176
177 /* Skip the 'DHHC-1:XX:' prefix */
178 nvme_auth_free_key(ctrl->host_key);
179 ctrl->host_key = nvme_auth_extract_key(host->dhchap_secret + 10,
180 host->dhchap_key_hash);
181 if (IS_ERR(ctrl->host_key)) {
182 ret = PTR_ERR(ctrl->host_key);
183 ctrl->host_key = NULL;
184 goto out_free_hash;
185 }
186 pr_debug("%s: using hash %s key %*ph\n", __func__,
187 ctrl->host_key->hash > 0 ?
188 nvme_auth_hmac_name(ctrl->host_key->hash) : "none",
189 (int)ctrl->host_key->len, ctrl->host_key->key);
190
191 nvme_auth_free_key(ctrl->ctrl_key);
192 if (!host->dhchap_ctrl_secret) {
193 ctrl->ctrl_key = NULL;
194 goto out_unlock;
195 }
196
197 ctrl->ctrl_key = nvme_auth_extract_key(host->dhchap_ctrl_secret + 10,
198 host->dhchap_ctrl_key_hash);
199 if (IS_ERR(ctrl->ctrl_key)) {
200 ret = PTR_ERR(ctrl->ctrl_key);
201 ctrl->ctrl_key = NULL;
202 goto out_free_hash;
203 }
204 pr_debug("%s: using ctrl hash %s key %*ph\n", __func__,
205 ctrl->ctrl_key->hash > 0 ?
206 nvme_auth_hmac_name(ctrl->ctrl_key->hash) : "none",
207 (int)ctrl->ctrl_key->len, ctrl->ctrl_key->key);
208
209 out_free_hash:
210 if (ret) {
211 if (ctrl->host_key) {
212 nvme_auth_free_key(ctrl->host_key);
213 ctrl->host_key = NULL;
214 }
215 ctrl->shash_id = 0;
216 }
217 out_unlock:
218 up_read(&nvmet_config_sem);
219
220 return ret;
221 }
222
nvmet_auth_sq_free(struct nvmet_sq * sq)223 void nvmet_auth_sq_free(struct nvmet_sq *sq)
224 {
225 cancel_delayed_work(&sq->auth_expired_work);
226 kfree(sq->dhchap_c1);
227 sq->dhchap_c1 = NULL;
228 kfree(sq->dhchap_c2);
229 sq->dhchap_c2 = NULL;
230 kfree(sq->dhchap_skey);
231 sq->dhchap_skey = NULL;
232 }
233
nvmet_destroy_auth(struct nvmet_ctrl * ctrl)234 void nvmet_destroy_auth(struct nvmet_ctrl *ctrl)
235 {
236 ctrl->shash_id = 0;
237
238 if (ctrl->dh_tfm) {
239 crypto_free_kpp(ctrl->dh_tfm);
240 ctrl->dh_tfm = NULL;
241 ctrl->dh_gid = 0;
242 }
243 kfree_sensitive(ctrl->dh_key);
244 ctrl->dh_key = NULL;
245
246 if (ctrl->host_key) {
247 nvme_auth_free_key(ctrl->host_key);
248 ctrl->host_key = NULL;
249 }
250 if (ctrl->ctrl_key) {
251 nvme_auth_free_key(ctrl->ctrl_key);
252 ctrl->ctrl_key = NULL;
253 }
254 }
255
nvmet_check_auth_status(struct nvmet_req * req)256 bool nvmet_check_auth_status(struct nvmet_req *req)
257 {
258 if (req->sq->ctrl->host_key &&
259 !req->sq->authenticated)
260 return false;
261 return true;
262 }
263
nvmet_auth_host_hash(struct nvmet_req * req,u8 * response,unsigned int shash_len)264 int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response,
265 unsigned int shash_len)
266 {
267 struct crypto_shash *shash_tfm;
268 struct shash_desc *shash;
269 struct nvmet_ctrl *ctrl = req->sq->ctrl;
270 const char *hash_name;
271 u8 *challenge = req->sq->dhchap_c1, *host_response;
272 u8 buf[4];
273 int ret;
274
275 hash_name = nvme_auth_hmac_name(ctrl->shash_id);
276 if (!hash_name) {
277 pr_warn("Hash ID %d invalid\n", ctrl->shash_id);
278 return -EINVAL;
279 }
280
281 shash_tfm = crypto_alloc_shash(hash_name, 0, 0);
282 if (IS_ERR(shash_tfm)) {
283 pr_err("failed to allocate shash %s\n", hash_name);
284 return PTR_ERR(shash_tfm);
285 }
286
287 if (shash_len != crypto_shash_digestsize(shash_tfm)) {
288 pr_err("%s: hash len mismatch (len %d digest %d)\n",
289 __func__, shash_len,
290 crypto_shash_digestsize(shash_tfm));
291 ret = -EINVAL;
292 goto out_free_tfm;
293 }
294
295 host_response = nvme_auth_transform_key(ctrl->host_key, ctrl->hostnqn);
296 if (IS_ERR(host_response)) {
297 ret = PTR_ERR(host_response);
298 goto out_free_tfm;
299 }
300
301 ret = crypto_shash_setkey(shash_tfm, host_response,
302 ctrl->host_key->len);
303 if (ret)
304 goto out_free_response;
305
306 if (ctrl->dh_gid != NVME_AUTH_DHGROUP_NULL) {
307 challenge = kmalloc(shash_len, GFP_KERNEL);
308 if (!challenge) {
309 ret = -ENOMEM;
310 goto out_free_response;
311 }
312 ret = nvme_auth_augmented_challenge(ctrl->shash_id,
313 req->sq->dhchap_skey,
314 req->sq->dhchap_skey_len,
315 req->sq->dhchap_c1,
316 challenge, shash_len);
317 if (ret)
318 goto out_free_challenge;
319 }
320
321 pr_debug("ctrl %d qid %d host response seq %u transaction %d\n",
322 ctrl->cntlid, req->sq->qid, req->sq->dhchap_s1,
323 req->sq->dhchap_tid);
324
325 shash = kzalloc(sizeof(*shash) + crypto_shash_descsize(shash_tfm),
326 GFP_KERNEL);
327 if (!shash) {
328 ret = -ENOMEM;
329 goto out_free_challenge;
330 }
331 shash->tfm = shash_tfm;
332 ret = crypto_shash_init(shash);
333 if (ret)
334 goto out;
335 ret = crypto_shash_update(shash, challenge, shash_len);
336 if (ret)
337 goto out;
338 put_unaligned_le32(req->sq->dhchap_s1, buf);
339 ret = crypto_shash_update(shash, buf, 4);
340 if (ret)
341 goto out;
342 put_unaligned_le16(req->sq->dhchap_tid, buf);
343 ret = crypto_shash_update(shash, buf, 2);
344 if (ret)
345 goto out;
346 memset(buf, 0, 4);
347 ret = crypto_shash_update(shash, buf, 1);
348 if (ret)
349 goto out;
350 ret = crypto_shash_update(shash, "HostHost", 8);
351 if (ret)
352 goto out;
353 ret = crypto_shash_update(shash, ctrl->hostnqn, strlen(ctrl->hostnqn));
354 if (ret)
355 goto out;
356 ret = crypto_shash_update(shash, buf, 1);
357 if (ret)
358 goto out;
359 ret = crypto_shash_update(shash, ctrl->subsysnqn,
360 strlen(ctrl->subsysnqn));
361 if (ret)
362 goto out;
363 ret = crypto_shash_final(shash, response);
364 out:
365 kfree(shash);
366 out_free_challenge:
367 if (challenge != req->sq->dhchap_c1)
368 kfree(challenge);
369 out_free_response:
370 kfree_sensitive(host_response);
371 out_free_tfm:
372 crypto_free_shash(shash_tfm);
373 return ret;
374 }
375
nvmet_auth_ctrl_hash(struct nvmet_req * req,u8 * response,unsigned int shash_len)376 int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *response,
377 unsigned int shash_len)
378 {
379 struct crypto_shash *shash_tfm;
380 struct shash_desc *shash;
381 struct nvmet_ctrl *ctrl = req->sq->ctrl;
382 const char *hash_name;
383 u8 *challenge = req->sq->dhchap_c2, *ctrl_response;
384 u8 buf[4];
385 int ret;
386
387 hash_name = nvme_auth_hmac_name(ctrl->shash_id);
388 if (!hash_name) {
389 pr_warn("Hash ID %d invalid\n", ctrl->shash_id);
390 return -EINVAL;
391 }
392
393 shash_tfm = crypto_alloc_shash(hash_name, 0, 0);
394 if (IS_ERR(shash_tfm)) {
395 pr_err("failed to allocate shash %s\n", hash_name);
396 return PTR_ERR(shash_tfm);
397 }
398
399 if (shash_len != crypto_shash_digestsize(shash_tfm)) {
400 pr_debug("%s: hash len mismatch (len %d digest %d)\n",
401 __func__, shash_len,
402 crypto_shash_digestsize(shash_tfm));
403 ret = -EINVAL;
404 goto out_free_tfm;
405 }
406
407 ctrl_response = nvme_auth_transform_key(ctrl->ctrl_key,
408 ctrl->subsysnqn);
409 if (IS_ERR(ctrl_response)) {
410 ret = PTR_ERR(ctrl_response);
411 goto out_free_tfm;
412 }
413
414 ret = crypto_shash_setkey(shash_tfm, ctrl_response,
415 ctrl->ctrl_key->len);
416 if (ret)
417 goto out_free_response;
418
419 if (ctrl->dh_gid != NVME_AUTH_DHGROUP_NULL) {
420 challenge = kmalloc(shash_len, GFP_KERNEL);
421 if (!challenge) {
422 ret = -ENOMEM;
423 goto out_free_response;
424 }
425 ret = nvme_auth_augmented_challenge(ctrl->shash_id,
426 req->sq->dhchap_skey,
427 req->sq->dhchap_skey_len,
428 req->sq->dhchap_c2,
429 challenge, shash_len);
430 if (ret)
431 goto out_free_challenge;
432 }
433
434 shash = kzalloc(sizeof(*shash) + crypto_shash_descsize(shash_tfm),
435 GFP_KERNEL);
436 if (!shash) {
437 ret = -ENOMEM;
438 goto out_free_challenge;
439 }
440 shash->tfm = shash_tfm;
441
442 ret = crypto_shash_init(shash);
443 if (ret)
444 goto out;
445 ret = crypto_shash_update(shash, challenge, shash_len);
446 if (ret)
447 goto out;
448 put_unaligned_le32(req->sq->dhchap_s2, buf);
449 ret = crypto_shash_update(shash, buf, 4);
450 if (ret)
451 goto out;
452 put_unaligned_le16(req->sq->dhchap_tid, buf);
453 ret = crypto_shash_update(shash, buf, 2);
454 if (ret)
455 goto out;
456 memset(buf, 0, 4);
457 ret = crypto_shash_update(shash, buf, 1);
458 if (ret)
459 goto out;
460 ret = crypto_shash_update(shash, "Controller", 10);
461 if (ret)
462 goto out;
463 ret = crypto_shash_update(shash, ctrl->subsysnqn,
464 strlen(ctrl->subsysnqn));
465 if (ret)
466 goto out;
467 ret = crypto_shash_update(shash, buf, 1);
468 if (ret)
469 goto out;
470 ret = crypto_shash_update(shash, ctrl->hostnqn, strlen(ctrl->hostnqn));
471 if (ret)
472 goto out;
473 ret = crypto_shash_final(shash, response);
474 out:
475 kfree(shash);
476 out_free_challenge:
477 if (challenge != req->sq->dhchap_c2)
478 kfree(challenge);
479 out_free_response:
480 kfree_sensitive(ctrl_response);
481 out_free_tfm:
482 crypto_free_shash(shash_tfm);
483 return 0;
484 }
485
nvmet_auth_ctrl_exponential(struct nvmet_req * req,u8 * buf,int buf_size)486 int nvmet_auth_ctrl_exponential(struct nvmet_req *req,
487 u8 *buf, int buf_size)
488 {
489 struct nvmet_ctrl *ctrl = req->sq->ctrl;
490 int ret = 0;
491
492 if (!ctrl->dh_key) {
493 pr_warn("ctrl %d no DH public key!\n", ctrl->cntlid);
494 return -ENOKEY;
495 }
496 if (buf_size != ctrl->dh_keysize) {
497 pr_warn("ctrl %d DH public key size mismatch, need %zu is %d\n",
498 ctrl->cntlid, ctrl->dh_keysize, buf_size);
499 ret = -EINVAL;
500 } else {
501 memcpy(buf, ctrl->dh_key, buf_size);
502 pr_debug("%s: ctrl %d public key %*ph\n", __func__,
503 ctrl->cntlid, (int)buf_size, buf);
504 }
505
506 return ret;
507 }
508
nvmet_auth_ctrl_sesskey(struct nvmet_req * req,u8 * pkey,int pkey_size)509 int nvmet_auth_ctrl_sesskey(struct nvmet_req *req,
510 u8 *pkey, int pkey_size)
511 {
512 struct nvmet_ctrl *ctrl = req->sq->ctrl;
513 int ret;
514
515 req->sq->dhchap_skey_len = ctrl->dh_keysize;
516 req->sq->dhchap_skey = kzalloc(req->sq->dhchap_skey_len, GFP_KERNEL);
517 if (!req->sq->dhchap_skey)
518 return -ENOMEM;
519 ret = nvme_auth_gen_shared_secret(ctrl->dh_tfm,
520 pkey, pkey_size,
521 req->sq->dhchap_skey,
522 req->sq->dhchap_skey_len);
523 if (ret)
524 pr_debug("failed to compute shared secret, err %d\n", ret);
525 else
526 pr_debug("%s: shared secret %*ph\n", __func__,
527 (int)req->sq->dhchap_skey_len,
528 req->sq->dhchap_skey);
529
530 return ret;
531 }
532