1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * NVMe over Fabrics DH-HMAC-CHAP authentication. 4 * Copyright (c) 2020 Hannes Reinecke, SUSE Software Solutions. 5 * All rights reserved. 6 */ 7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 8 #include <linux/module.h> 9 #include <linux/init.h> 10 #include <linux/slab.h> 11 #include <linux/err.h> 12 #include <crypto/hash.h> 13 #include <linux/crc32.h> 14 #include <linux/base64.h> 15 #include <linux/ctype.h> 16 #include <linux/random.h> 17 #include <linux/nvme-auth.h> 18 #include <asm/unaligned.h> 19 20 #include "nvmet.h" 21 22 int nvmet_auth_set_key(struct nvmet_host *host, const char *secret, 23 bool set_ctrl) 24 { 25 unsigned char key_hash; 26 char *dhchap_secret; 27 28 if (sscanf(secret, "DHHC-1:%hhd:%*s", &key_hash) != 1) 29 return -EINVAL; 30 if (key_hash > 3) { 31 pr_warn("Invalid DH-HMAC-CHAP hash id %d\n", 32 key_hash); 33 return -EINVAL; 34 } 35 if (key_hash > 0) { 36 /* Validate selected hash algorithm */ 37 const char *hmac = nvme_auth_hmac_name(key_hash); 38 39 if (!crypto_has_shash(hmac, 0, 0)) { 40 pr_err("DH-HMAC-CHAP hash %s unsupported\n", hmac); 41 return -ENOTSUPP; 42 } 43 } 44 dhchap_secret = kstrdup(secret, GFP_KERNEL); 45 if (!dhchap_secret) 46 return -ENOMEM; 47 if (set_ctrl) { 48 kfree(host->dhchap_ctrl_secret); 49 host->dhchap_ctrl_secret = strim(dhchap_secret); 50 host->dhchap_ctrl_key_hash = key_hash; 51 } else { 52 kfree(host->dhchap_secret); 53 host->dhchap_secret = strim(dhchap_secret); 54 host->dhchap_key_hash = key_hash; 55 } 56 return 0; 57 } 58 59 int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, u8 dhgroup_id) 60 { 61 const char *dhgroup_kpp; 62 int ret = 0; 63 64 pr_debug("%s: ctrl %d selecting dhgroup %d\n", 65 __func__, ctrl->cntlid, dhgroup_id); 66 67 if (ctrl->dh_tfm) { 68 if (ctrl->dh_gid == dhgroup_id) { 69 pr_debug("%s: ctrl %d reuse existing DH group %d\n", 70 __func__, ctrl->cntlid, dhgroup_id); 71 return 0; 72 } 73 crypto_free_kpp(ctrl->dh_tfm); 74 ctrl->dh_tfm = NULL; 75 ctrl->dh_gid = 0; 76 } 77 78 if (dhgroup_id == NVME_AUTH_DHGROUP_NULL) 79 return 0; 80 81 dhgroup_kpp = nvme_auth_dhgroup_kpp(dhgroup_id); 82 if (!dhgroup_kpp) { 83 pr_debug("%s: ctrl %d invalid DH group %d\n", 84 __func__, ctrl->cntlid, dhgroup_id); 85 return -EINVAL; 86 } 87 ctrl->dh_tfm = crypto_alloc_kpp(dhgroup_kpp, 0, 0); 88 if (IS_ERR(ctrl->dh_tfm)) { 89 pr_debug("%s: ctrl %d failed to setup DH group %d, err %ld\n", 90 __func__, ctrl->cntlid, dhgroup_id, 91 PTR_ERR(ctrl->dh_tfm)); 92 ret = PTR_ERR(ctrl->dh_tfm); 93 ctrl->dh_tfm = NULL; 94 ctrl->dh_gid = 0; 95 } else { 96 ctrl->dh_gid = dhgroup_id; 97 pr_debug("%s: ctrl %d setup DH group %d\n", 98 __func__, ctrl->cntlid, ctrl->dh_gid); 99 ret = nvme_auth_gen_privkey(ctrl->dh_tfm, ctrl->dh_gid); 100 if (ret < 0) { 101 pr_debug("%s: ctrl %d failed to generate private key, err %d\n", 102 __func__, ctrl->cntlid, ret); 103 kfree_sensitive(ctrl->dh_key); 104 ctrl->dh_key = NULL; 105 return ret; 106 } 107 ctrl->dh_keysize = crypto_kpp_maxsize(ctrl->dh_tfm); 108 kfree_sensitive(ctrl->dh_key); 109 ctrl->dh_key = kzalloc(ctrl->dh_keysize, GFP_KERNEL); 110 if (!ctrl->dh_key) { 111 pr_warn("ctrl %d failed to allocate public key\n", 112 ctrl->cntlid); 113 return -ENOMEM; 114 } 115 ret = nvme_auth_gen_pubkey(ctrl->dh_tfm, ctrl->dh_key, 116 ctrl->dh_keysize); 117 if (ret < 0) { 118 pr_warn("ctrl %d failed to generate public key\n", 119 ctrl->cntlid); 120 kfree(ctrl->dh_key); 121 ctrl->dh_key = NULL; 122 } 123 } 124 125 return ret; 126 } 127 128 int nvmet_setup_auth(struct nvmet_ctrl *ctrl) 129 { 130 int ret = 0; 131 struct nvmet_host_link *p; 132 struct nvmet_host *host = NULL; 133 const char *hash_name; 134 135 down_read(&nvmet_config_sem); 136 if (nvmet_is_disc_subsys(ctrl->subsys)) 137 goto out_unlock; 138 139 if (ctrl->subsys->allow_any_host) 140 goto out_unlock; 141 142 list_for_each_entry(p, &ctrl->subsys->hosts, entry) { 143 pr_debug("check %s\n", nvmet_host_name(p->host)); 144 if (strcmp(nvmet_host_name(p->host), ctrl->hostnqn)) 145 continue; 146 host = p->host; 147 break; 148 } 149 if (!host) { 150 pr_debug("host %s not found\n", ctrl->hostnqn); 151 ret = -EPERM; 152 goto out_unlock; 153 } 154 155 ret = nvmet_setup_dhgroup(ctrl, host->dhchap_dhgroup_id); 156 if (ret < 0) 157 pr_warn("Failed to setup DH group"); 158 159 if (!host->dhchap_secret) { 160 pr_debug("No authentication provided\n"); 161 goto out_unlock; 162 } 163 164 if (host->dhchap_hash_id == ctrl->shash_id) { 165 pr_debug("Re-use existing hash ID %d\n", 166 ctrl->shash_id); 167 } else { 168 hash_name = nvme_auth_hmac_name(host->dhchap_hash_id); 169 if (!hash_name) { 170 pr_warn("Hash ID %d invalid\n", host->dhchap_hash_id); 171 ret = -EINVAL; 172 goto out_unlock; 173 } 174 ctrl->shash_id = host->dhchap_hash_id; 175 } 176 177 /* Skip the 'DHHC-1:XX:' prefix */ 178 nvme_auth_free_key(ctrl->host_key); 179 ctrl->host_key = nvme_auth_extract_key(host->dhchap_secret + 10, 180 host->dhchap_key_hash); 181 if (IS_ERR(ctrl->host_key)) { 182 ret = PTR_ERR(ctrl->host_key); 183 ctrl->host_key = NULL; 184 goto out_free_hash; 185 } 186 pr_debug("%s: using hash %s key %*ph\n", __func__, 187 ctrl->host_key->hash > 0 ? 188 nvme_auth_hmac_name(ctrl->host_key->hash) : "none", 189 (int)ctrl->host_key->len, ctrl->host_key->key); 190 191 nvme_auth_free_key(ctrl->ctrl_key); 192 if (!host->dhchap_ctrl_secret) { 193 ctrl->ctrl_key = NULL; 194 goto out_unlock; 195 } 196 197 ctrl->ctrl_key = nvme_auth_extract_key(host->dhchap_ctrl_secret + 10, 198 host->dhchap_ctrl_key_hash); 199 if (IS_ERR(ctrl->ctrl_key)) { 200 ret = PTR_ERR(ctrl->ctrl_key); 201 ctrl->ctrl_key = NULL; 202 goto out_free_hash; 203 } 204 pr_debug("%s: using ctrl hash %s key %*ph\n", __func__, 205 ctrl->ctrl_key->hash > 0 ? 206 nvme_auth_hmac_name(ctrl->ctrl_key->hash) : "none", 207 (int)ctrl->ctrl_key->len, ctrl->ctrl_key->key); 208 209 out_free_hash: 210 if (ret) { 211 if (ctrl->host_key) { 212 nvme_auth_free_key(ctrl->host_key); 213 ctrl->host_key = NULL; 214 } 215 ctrl->shash_id = 0; 216 } 217 out_unlock: 218 up_read(&nvmet_config_sem); 219 220 return ret; 221 } 222 223 void nvmet_auth_sq_free(struct nvmet_sq *sq) 224 { 225 cancel_delayed_work(&sq->auth_expired_work); 226 kfree(sq->dhchap_c1); 227 sq->dhchap_c1 = NULL; 228 kfree(sq->dhchap_c2); 229 sq->dhchap_c2 = NULL; 230 kfree(sq->dhchap_skey); 231 sq->dhchap_skey = NULL; 232 } 233 234 void nvmet_destroy_auth(struct nvmet_ctrl *ctrl) 235 { 236 ctrl->shash_id = 0; 237 238 if (ctrl->dh_tfm) { 239 crypto_free_kpp(ctrl->dh_tfm); 240 ctrl->dh_tfm = NULL; 241 ctrl->dh_gid = 0; 242 } 243 kfree_sensitive(ctrl->dh_key); 244 ctrl->dh_key = NULL; 245 246 if (ctrl->host_key) { 247 nvme_auth_free_key(ctrl->host_key); 248 ctrl->host_key = NULL; 249 } 250 if (ctrl->ctrl_key) { 251 nvme_auth_free_key(ctrl->ctrl_key); 252 ctrl->ctrl_key = NULL; 253 } 254 } 255 256 bool nvmet_check_auth_status(struct nvmet_req *req) 257 { 258 if (req->sq->ctrl->host_key && 259 !req->sq->authenticated) 260 return false; 261 return true; 262 } 263 264 int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response, 265 unsigned int shash_len) 266 { 267 struct crypto_shash *shash_tfm; 268 struct shash_desc *shash; 269 struct nvmet_ctrl *ctrl = req->sq->ctrl; 270 const char *hash_name; 271 u8 *challenge = req->sq->dhchap_c1, *host_response; 272 u8 buf[4]; 273 int ret; 274 275 hash_name = nvme_auth_hmac_name(ctrl->shash_id); 276 if (!hash_name) { 277 pr_warn("Hash ID %d invalid\n", ctrl->shash_id); 278 return -EINVAL; 279 } 280 281 shash_tfm = crypto_alloc_shash(hash_name, 0, 0); 282 if (IS_ERR(shash_tfm)) { 283 pr_err("failed to allocate shash %s\n", hash_name); 284 return PTR_ERR(shash_tfm); 285 } 286 287 if (shash_len != crypto_shash_digestsize(shash_tfm)) { 288 pr_err("%s: hash len mismatch (len %d digest %d)\n", 289 __func__, shash_len, 290 crypto_shash_digestsize(shash_tfm)); 291 ret = -EINVAL; 292 goto out_free_tfm; 293 } 294 295 host_response = nvme_auth_transform_key(ctrl->host_key, ctrl->hostnqn); 296 if (IS_ERR(host_response)) { 297 ret = PTR_ERR(host_response); 298 goto out_free_tfm; 299 } 300 301 ret = crypto_shash_setkey(shash_tfm, host_response, 302 ctrl->host_key->len); 303 if (ret) 304 goto out_free_response; 305 306 if (ctrl->dh_gid != NVME_AUTH_DHGROUP_NULL) { 307 challenge = kmalloc(shash_len, GFP_KERNEL); 308 if (!challenge) { 309 ret = -ENOMEM; 310 goto out_free_response; 311 } 312 ret = nvme_auth_augmented_challenge(ctrl->shash_id, 313 req->sq->dhchap_skey, 314 req->sq->dhchap_skey_len, 315 req->sq->dhchap_c1, 316 challenge, shash_len); 317 if (ret) 318 goto out_free_challenge; 319 } 320 321 pr_debug("ctrl %d qid %d host response seq %u transaction %d\n", 322 ctrl->cntlid, req->sq->qid, req->sq->dhchap_s1, 323 req->sq->dhchap_tid); 324 325 shash = kzalloc(sizeof(*shash) + crypto_shash_descsize(shash_tfm), 326 GFP_KERNEL); 327 if (!shash) { 328 ret = -ENOMEM; 329 goto out_free_challenge; 330 } 331 shash->tfm = shash_tfm; 332 ret = crypto_shash_init(shash); 333 if (ret) 334 goto out; 335 ret = crypto_shash_update(shash, challenge, shash_len); 336 if (ret) 337 goto out; 338 put_unaligned_le32(req->sq->dhchap_s1, buf); 339 ret = crypto_shash_update(shash, buf, 4); 340 if (ret) 341 goto out; 342 put_unaligned_le16(req->sq->dhchap_tid, buf); 343 ret = crypto_shash_update(shash, buf, 2); 344 if (ret) 345 goto out; 346 memset(buf, 0, 4); 347 ret = crypto_shash_update(shash, buf, 1); 348 if (ret) 349 goto out; 350 ret = crypto_shash_update(shash, "HostHost", 8); 351 if (ret) 352 goto out; 353 ret = crypto_shash_update(shash, ctrl->hostnqn, strlen(ctrl->hostnqn)); 354 if (ret) 355 goto out; 356 ret = crypto_shash_update(shash, buf, 1); 357 if (ret) 358 goto out; 359 ret = crypto_shash_update(shash, ctrl->subsysnqn, 360 strlen(ctrl->subsysnqn)); 361 if (ret) 362 goto out; 363 ret = crypto_shash_final(shash, response); 364 out: 365 kfree(shash); 366 out_free_challenge: 367 if (challenge != req->sq->dhchap_c1) 368 kfree(challenge); 369 out_free_response: 370 kfree_sensitive(host_response); 371 out_free_tfm: 372 crypto_free_shash(shash_tfm); 373 return ret; 374 } 375 376 int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *response, 377 unsigned int shash_len) 378 { 379 struct crypto_shash *shash_tfm; 380 struct shash_desc *shash; 381 struct nvmet_ctrl *ctrl = req->sq->ctrl; 382 const char *hash_name; 383 u8 *challenge = req->sq->dhchap_c2, *ctrl_response; 384 u8 buf[4]; 385 int ret; 386 387 hash_name = nvme_auth_hmac_name(ctrl->shash_id); 388 if (!hash_name) { 389 pr_warn("Hash ID %d invalid\n", ctrl->shash_id); 390 return -EINVAL; 391 } 392 393 shash_tfm = crypto_alloc_shash(hash_name, 0, 0); 394 if (IS_ERR(shash_tfm)) { 395 pr_err("failed to allocate shash %s\n", hash_name); 396 return PTR_ERR(shash_tfm); 397 } 398 399 if (shash_len != crypto_shash_digestsize(shash_tfm)) { 400 pr_debug("%s: hash len mismatch (len %d digest %d)\n", 401 __func__, shash_len, 402 crypto_shash_digestsize(shash_tfm)); 403 ret = -EINVAL; 404 goto out_free_tfm; 405 } 406 407 ctrl_response = nvme_auth_transform_key(ctrl->ctrl_key, 408 ctrl->subsysnqn); 409 if (IS_ERR(ctrl_response)) { 410 ret = PTR_ERR(ctrl_response); 411 goto out_free_tfm; 412 } 413 414 ret = crypto_shash_setkey(shash_tfm, ctrl_response, 415 ctrl->ctrl_key->len); 416 if (ret) 417 goto out_free_response; 418 419 if (ctrl->dh_gid != NVME_AUTH_DHGROUP_NULL) { 420 challenge = kmalloc(shash_len, GFP_KERNEL); 421 if (!challenge) { 422 ret = -ENOMEM; 423 goto out_free_response; 424 } 425 ret = nvme_auth_augmented_challenge(ctrl->shash_id, 426 req->sq->dhchap_skey, 427 req->sq->dhchap_skey_len, 428 req->sq->dhchap_c2, 429 challenge, shash_len); 430 if (ret) 431 goto out_free_challenge; 432 } 433 434 shash = kzalloc(sizeof(*shash) + crypto_shash_descsize(shash_tfm), 435 GFP_KERNEL); 436 if (!shash) { 437 ret = -ENOMEM; 438 goto out_free_challenge; 439 } 440 shash->tfm = shash_tfm; 441 442 ret = crypto_shash_init(shash); 443 if (ret) 444 goto out; 445 ret = crypto_shash_update(shash, challenge, shash_len); 446 if (ret) 447 goto out; 448 put_unaligned_le32(req->sq->dhchap_s2, buf); 449 ret = crypto_shash_update(shash, buf, 4); 450 if (ret) 451 goto out; 452 put_unaligned_le16(req->sq->dhchap_tid, buf); 453 ret = crypto_shash_update(shash, buf, 2); 454 if (ret) 455 goto out; 456 memset(buf, 0, 4); 457 ret = crypto_shash_update(shash, buf, 1); 458 if (ret) 459 goto out; 460 ret = crypto_shash_update(shash, "Controller", 10); 461 if (ret) 462 goto out; 463 ret = crypto_shash_update(shash, ctrl->subsysnqn, 464 strlen(ctrl->subsysnqn)); 465 if (ret) 466 goto out; 467 ret = crypto_shash_update(shash, buf, 1); 468 if (ret) 469 goto out; 470 ret = crypto_shash_update(shash, ctrl->hostnqn, strlen(ctrl->hostnqn)); 471 if (ret) 472 goto out; 473 ret = crypto_shash_final(shash, response); 474 out: 475 kfree(shash); 476 out_free_challenge: 477 if (challenge != req->sq->dhchap_c2) 478 kfree(challenge); 479 out_free_response: 480 kfree_sensitive(ctrl_response); 481 out_free_tfm: 482 crypto_free_shash(shash_tfm); 483 return 0; 484 } 485 486 int nvmet_auth_ctrl_exponential(struct nvmet_req *req, 487 u8 *buf, int buf_size) 488 { 489 struct nvmet_ctrl *ctrl = req->sq->ctrl; 490 int ret = 0; 491 492 if (!ctrl->dh_key) { 493 pr_warn("ctrl %d no DH public key!\n", ctrl->cntlid); 494 return -ENOKEY; 495 } 496 if (buf_size != ctrl->dh_keysize) { 497 pr_warn("ctrl %d DH public key size mismatch, need %zu is %d\n", 498 ctrl->cntlid, ctrl->dh_keysize, buf_size); 499 ret = -EINVAL; 500 } else { 501 memcpy(buf, ctrl->dh_key, buf_size); 502 pr_debug("%s: ctrl %d public key %*ph\n", __func__, 503 ctrl->cntlid, (int)buf_size, buf); 504 } 505 506 return ret; 507 } 508 509 int nvmet_auth_ctrl_sesskey(struct nvmet_req *req, 510 u8 *pkey, int pkey_size) 511 { 512 struct nvmet_ctrl *ctrl = req->sq->ctrl; 513 int ret; 514 515 req->sq->dhchap_skey_len = ctrl->dh_keysize; 516 req->sq->dhchap_skey = kzalloc(req->sq->dhchap_skey_len, GFP_KERNEL); 517 if (!req->sq->dhchap_skey) 518 return -ENOMEM; 519 ret = nvme_auth_gen_shared_secret(ctrl->dh_tfm, 520 pkey, pkey_size, 521 req->sq->dhchap_skey, 522 req->sq->dhchap_skey_len); 523 if (ret) 524 pr_debug("failed to compute shared secret, err %d\n", ret); 525 else 526 pr_debug("%s: shared secret %*ph\n", __func__, 527 (int)req->sq->dhchap_skey_len, 528 req->sq->dhchap_skey); 529 530 return ret; 531 } 532