1 // SPDX-License-Identifier: GPL-2.0 2 3 #include <linux/ceph/ceph_debug.h> 4 5 #include <linux/err.h> 6 #include <linux/module.h> 7 #include <linux/random.h> 8 #include <linux/slab.h> 9 10 #include <linux/ceph/decode.h> 11 #include <linux/ceph/auth.h> 12 #include <linux/ceph/ceph_features.h> 13 #include <linux/ceph/libceph.h> 14 #include <linux/ceph/messenger.h> 15 16 #include "crypto.h" 17 #include "auth_x.h" 18 #include "auth_x_protocol.h" 19 20 static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed); 21 22 static int ceph_x_is_authenticated(struct ceph_auth_client *ac) 23 { 24 struct ceph_x_info *xi = ac->private; 25 int need; 26 27 ceph_x_validate_tickets(ac, &need); 28 dout("ceph_x_is_authenticated want=%d need=%d have=%d\n", 29 ac->want_keys, need, xi->have_keys); 30 return (ac->want_keys & xi->have_keys) == ac->want_keys; 31 } 32 33 static int ceph_x_should_authenticate(struct ceph_auth_client *ac) 34 { 35 struct ceph_x_info *xi = ac->private; 36 int need; 37 38 ceph_x_validate_tickets(ac, &need); 39 dout("ceph_x_should_authenticate want=%d need=%d have=%d\n", 40 ac->want_keys, need, xi->have_keys); 41 return need != 0; 42 } 43 44 static int ceph_x_encrypt_offset(void) 45 { 46 return sizeof(u32) + sizeof(struct ceph_x_encrypt_header); 47 } 48 49 static int ceph_x_encrypt_buflen(int ilen) 50 { 51 return ceph_x_encrypt_offset() + ilen + 16; 52 } 53 54 static int ceph_x_encrypt(struct ceph_crypto_key *secret, void *buf, 55 int buf_len, int plaintext_len) 56 { 57 struct ceph_x_encrypt_header *hdr = buf + sizeof(u32); 58 int ciphertext_len; 59 int ret; 60 61 hdr->struct_v = 1; 62 hdr->magic = cpu_to_le64(CEPHX_ENC_MAGIC); 63 64 ret = ceph_crypt(secret, true, buf + sizeof(u32), buf_len - sizeof(u32), 65 plaintext_len + sizeof(struct ceph_x_encrypt_header), 66 &ciphertext_len); 67 if (ret) 68 return ret; 69 70 ceph_encode_32(&buf, ciphertext_len); 71 return sizeof(u32) + ciphertext_len; 72 } 73 74 static int __ceph_x_decrypt(struct ceph_crypto_key *secret, void *p, 75 int ciphertext_len) 76 { 77 struct ceph_x_encrypt_header *hdr = p; 78 int plaintext_len; 79 int ret; 80 81 ret = ceph_crypt(secret, false, p, ciphertext_len, ciphertext_len, 82 &plaintext_len); 83 if (ret) 84 return ret; 85 86 if (le64_to_cpu(hdr->magic) != CEPHX_ENC_MAGIC) { 87 pr_err("%s bad magic\n", __func__); 88 return -EINVAL; 89 } 90 91 return plaintext_len - sizeof(*hdr); 92 } 93 94 static int ceph_x_decrypt(struct ceph_crypto_key *secret, void **p, void *end) 95 { 96 int ciphertext_len; 97 int ret; 98 99 ceph_decode_32_safe(p, end, ciphertext_len, e_inval); 100 ceph_decode_need(p, end, ciphertext_len, e_inval); 101 102 ret = __ceph_x_decrypt(secret, *p, ciphertext_len); 103 if (ret < 0) 104 return ret; 105 106 *p += ciphertext_len; 107 return ret; 108 109 e_inval: 110 return -EINVAL; 111 } 112 113 /* 114 * get existing (or insert new) ticket handler 115 */ 116 static struct ceph_x_ticket_handler * 117 get_ticket_handler(struct ceph_auth_client *ac, int service) 118 { 119 struct ceph_x_ticket_handler *th; 120 struct ceph_x_info *xi = ac->private; 121 struct rb_node *parent = NULL, **p = &xi->ticket_handlers.rb_node; 122 123 while (*p) { 124 parent = *p; 125 th = rb_entry(parent, struct ceph_x_ticket_handler, node); 126 if (service < th->service) 127 p = &(*p)->rb_left; 128 else if (service > th->service) 129 p = &(*p)->rb_right; 130 else 131 return th; 132 } 133 134 /* add it */ 135 th = kzalloc(sizeof(*th), GFP_NOFS); 136 if (!th) 137 return ERR_PTR(-ENOMEM); 138 th->service = service; 139 rb_link_node(&th->node, parent, p); 140 rb_insert_color(&th->node, &xi->ticket_handlers); 141 return th; 142 } 143 144 static void remove_ticket_handler(struct ceph_auth_client *ac, 145 struct ceph_x_ticket_handler *th) 146 { 147 struct ceph_x_info *xi = ac->private; 148 149 dout("remove_ticket_handler %p %d\n", th, th->service); 150 rb_erase(&th->node, &xi->ticket_handlers); 151 ceph_crypto_key_destroy(&th->session_key); 152 if (th->ticket_blob) 153 ceph_buffer_put(th->ticket_blob); 154 kfree(th); 155 } 156 157 static int process_one_ticket(struct ceph_auth_client *ac, 158 struct ceph_crypto_key *secret, 159 void **p, void *end) 160 { 161 struct ceph_x_info *xi = ac->private; 162 int type; 163 u8 tkt_struct_v, blob_struct_v; 164 struct ceph_x_ticket_handler *th; 165 void *dp, *dend; 166 int dlen; 167 char is_enc; 168 struct timespec64 validity; 169 void *tp, *tpend; 170 void **ptp; 171 struct ceph_crypto_key new_session_key = { 0 }; 172 struct ceph_buffer *new_ticket_blob; 173 time64_t new_expires, new_renew_after; 174 u64 new_secret_id; 175 int ret; 176 177 ceph_decode_need(p, end, sizeof(u32) + 1, bad); 178 179 type = ceph_decode_32(p); 180 dout(" ticket type %d %s\n", type, ceph_entity_type_name(type)); 181 182 tkt_struct_v = ceph_decode_8(p); 183 if (tkt_struct_v != 1) 184 goto bad; 185 186 th = get_ticket_handler(ac, type); 187 if (IS_ERR(th)) { 188 ret = PTR_ERR(th); 189 goto out; 190 } 191 192 /* blob for me */ 193 dp = *p + ceph_x_encrypt_offset(); 194 ret = ceph_x_decrypt(secret, p, end); 195 if (ret < 0) 196 goto out; 197 dout(" decrypted %d bytes\n", ret); 198 dend = dp + ret; 199 200 tkt_struct_v = ceph_decode_8(&dp); 201 if (tkt_struct_v != 1) 202 goto bad; 203 204 ret = ceph_crypto_key_decode(&new_session_key, &dp, dend); 205 if (ret) 206 goto out; 207 208 ceph_decode_timespec64(&validity, dp); 209 dp += sizeof(struct ceph_timespec); 210 new_expires = ktime_get_real_seconds() + validity.tv_sec; 211 new_renew_after = new_expires - (validity.tv_sec / 4); 212 dout(" expires=%llu renew_after=%llu\n", new_expires, 213 new_renew_after); 214 215 /* ticket blob for service */ 216 ceph_decode_8_safe(p, end, is_enc, bad); 217 if (is_enc) { 218 /* encrypted */ 219 tp = *p + ceph_x_encrypt_offset(); 220 ret = ceph_x_decrypt(&th->session_key, p, end); 221 if (ret < 0) 222 goto out; 223 dout(" encrypted ticket, decrypted %d bytes\n", ret); 224 ptp = &tp; 225 tpend = tp + ret; 226 } else { 227 /* unencrypted */ 228 ptp = p; 229 tpend = end; 230 } 231 ceph_decode_32_safe(ptp, tpend, dlen, bad); 232 dout(" ticket blob is %d bytes\n", dlen); 233 ceph_decode_need(ptp, tpend, 1 + sizeof(u64), bad); 234 blob_struct_v = ceph_decode_8(ptp); 235 if (blob_struct_v != 1) 236 goto bad; 237 238 new_secret_id = ceph_decode_64(ptp); 239 ret = ceph_decode_buffer(&new_ticket_blob, ptp, tpend); 240 if (ret) 241 goto out; 242 243 /* all is well, update our ticket */ 244 ceph_crypto_key_destroy(&th->session_key); 245 if (th->ticket_blob) 246 ceph_buffer_put(th->ticket_blob); 247 th->session_key = new_session_key; 248 th->ticket_blob = new_ticket_blob; 249 th->secret_id = new_secret_id; 250 th->expires = new_expires; 251 th->renew_after = new_renew_after; 252 th->have_key = true; 253 dout(" got ticket service %d (%s) secret_id %lld len %d\n", 254 type, ceph_entity_type_name(type), th->secret_id, 255 (int)th->ticket_blob->vec.iov_len); 256 xi->have_keys |= th->service; 257 return 0; 258 259 bad: 260 ret = -EINVAL; 261 out: 262 ceph_crypto_key_destroy(&new_session_key); 263 return ret; 264 } 265 266 static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac, 267 struct ceph_crypto_key *secret, 268 void *buf, void *end) 269 { 270 void *p = buf; 271 u8 reply_struct_v; 272 u32 num; 273 int ret; 274 275 ceph_decode_8_safe(&p, end, reply_struct_v, bad); 276 if (reply_struct_v != 1) 277 return -EINVAL; 278 279 ceph_decode_32_safe(&p, end, num, bad); 280 dout("%d tickets\n", num); 281 282 while (num--) { 283 ret = process_one_ticket(ac, secret, &p, end); 284 if (ret) 285 return ret; 286 } 287 288 return 0; 289 290 bad: 291 return -EINVAL; 292 } 293 294 /* 295 * Encode and encrypt the second part (ceph_x_authorize_b) of the 296 * authorizer. The first part (ceph_x_authorize_a) should already be 297 * encoded. 298 */ 299 static int encrypt_authorizer(struct ceph_x_authorizer *au, 300 u64 *server_challenge) 301 { 302 struct ceph_x_authorize_a *msg_a; 303 struct ceph_x_authorize_b *msg_b; 304 void *p, *end; 305 int ret; 306 307 msg_a = au->buf->vec.iov_base; 308 WARN_ON(msg_a->ticket_blob.secret_id != cpu_to_le64(au->secret_id)); 309 p = (void *)(msg_a + 1) + le32_to_cpu(msg_a->ticket_blob.blob_len); 310 end = au->buf->vec.iov_base + au->buf->vec.iov_len; 311 312 msg_b = p + ceph_x_encrypt_offset(); 313 msg_b->struct_v = 2; 314 msg_b->nonce = cpu_to_le64(au->nonce); 315 if (server_challenge) { 316 msg_b->have_challenge = 1; 317 msg_b->server_challenge_plus_one = 318 cpu_to_le64(*server_challenge + 1); 319 } else { 320 msg_b->have_challenge = 0; 321 msg_b->server_challenge_plus_one = 0; 322 } 323 324 ret = ceph_x_encrypt(&au->session_key, p, end - p, sizeof(*msg_b)); 325 if (ret < 0) 326 return ret; 327 328 p += ret; 329 if (server_challenge) { 330 WARN_ON(p != end); 331 } else { 332 WARN_ON(p > end); 333 au->buf->vec.iov_len = p - au->buf->vec.iov_base; 334 } 335 336 return 0; 337 } 338 339 static void ceph_x_authorizer_cleanup(struct ceph_x_authorizer *au) 340 { 341 ceph_crypto_key_destroy(&au->session_key); 342 if (au->buf) { 343 ceph_buffer_put(au->buf); 344 au->buf = NULL; 345 } 346 } 347 348 static int ceph_x_build_authorizer(struct ceph_auth_client *ac, 349 struct ceph_x_ticket_handler *th, 350 struct ceph_x_authorizer *au) 351 { 352 int maxlen; 353 struct ceph_x_authorize_a *msg_a; 354 struct ceph_x_authorize_b *msg_b; 355 int ret; 356 int ticket_blob_len = 357 (th->ticket_blob ? th->ticket_blob->vec.iov_len : 0); 358 359 dout("build_authorizer for %s %p\n", 360 ceph_entity_type_name(th->service), au); 361 362 ceph_crypto_key_destroy(&au->session_key); 363 ret = ceph_crypto_key_clone(&au->session_key, &th->session_key); 364 if (ret) 365 goto out_au; 366 367 maxlen = sizeof(*msg_a) + ticket_blob_len + 368 ceph_x_encrypt_buflen(sizeof(*msg_b)); 369 dout(" need len %d\n", maxlen); 370 if (au->buf && au->buf->alloc_len < maxlen) { 371 ceph_buffer_put(au->buf); 372 au->buf = NULL; 373 } 374 if (!au->buf) { 375 au->buf = ceph_buffer_new(maxlen, GFP_NOFS); 376 if (!au->buf) { 377 ret = -ENOMEM; 378 goto out_au; 379 } 380 } 381 au->service = th->service; 382 au->secret_id = th->secret_id; 383 384 msg_a = au->buf->vec.iov_base; 385 msg_a->struct_v = 1; 386 msg_a->global_id = cpu_to_le64(ac->global_id); 387 msg_a->service_id = cpu_to_le32(th->service); 388 msg_a->ticket_blob.struct_v = 1; 389 msg_a->ticket_blob.secret_id = cpu_to_le64(th->secret_id); 390 msg_a->ticket_blob.blob_len = cpu_to_le32(ticket_blob_len); 391 if (ticket_blob_len) { 392 memcpy(msg_a->ticket_blob.blob, th->ticket_blob->vec.iov_base, 393 th->ticket_blob->vec.iov_len); 394 } 395 dout(" th %p secret_id %lld %lld\n", th, th->secret_id, 396 le64_to_cpu(msg_a->ticket_blob.secret_id)); 397 398 get_random_bytes(&au->nonce, sizeof(au->nonce)); 399 ret = encrypt_authorizer(au, NULL); 400 if (ret) { 401 pr_err("failed to encrypt authorizer: %d", ret); 402 goto out_au; 403 } 404 405 dout(" built authorizer nonce %llx len %d\n", au->nonce, 406 (int)au->buf->vec.iov_len); 407 return 0; 408 409 out_au: 410 ceph_x_authorizer_cleanup(au); 411 return ret; 412 } 413 414 static int ceph_x_encode_ticket(struct ceph_x_ticket_handler *th, 415 void **p, void *end) 416 { 417 ceph_decode_need(p, end, 1 + sizeof(u64), bad); 418 ceph_encode_8(p, 1); 419 ceph_encode_64(p, th->secret_id); 420 if (th->ticket_blob) { 421 const char *buf = th->ticket_blob->vec.iov_base; 422 u32 len = th->ticket_blob->vec.iov_len; 423 424 ceph_encode_32_safe(p, end, len, bad); 425 ceph_encode_copy_safe(p, end, buf, len, bad); 426 } else { 427 ceph_encode_32_safe(p, end, 0, bad); 428 } 429 430 return 0; 431 bad: 432 return -ERANGE; 433 } 434 435 static bool need_key(struct ceph_x_ticket_handler *th) 436 { 437 if (!th->have_key) 438 return true; 439 440 return ktime_get_real_seconds() >= th->renew_after; 441 } 442 443 static bool have_key(struct ceph_x_ticket_handler *th) 444 { 445 if (th->have_key) { 446 if (ktime_get_real_seconds() >= th->expires) 447 th->have_key = false; 448 } 449 450 return th->have_key; 451 } 452 453 static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed) 454 { 455 int want = ac->want_keys; 456 struct ceph_x_info *xi = ac->private; 457 int service; 458 459 *pneed = ac->want_keys & ~(xi->have_keys); 460 461 for (service = 1; service <= want; service <<= 1) { 462 struct ceph_x_ticket_handler *th; 463 464 if (!(ac->want_keys & service)) 465 continue; 466 467 if (*pneed & service) 468 continue; 469 470 th = get_ticket_handler(ac, service); 471 if (IS_ERR(th)) { 472 *pneed |= service; 473 continue; 474 } 475 476 if (need_key(th)) 477 *pneed |= service; 478 if (!have_key(th)) 479 xi->have_keys &= ~service; 480 } 481 } 482 483 static int ceph_x_build_request(struct ceph_auth_client *ac, 484 void *buf, void *end) 485 { 486 struct ceph_x_info *xi = ac->private; 487 int need; 488 struct ceph_x_request_header *head = buf; 489 int ret; 490 struct ceph_x_ticket_handler *th = 491 get_ticket_handler(ac, CEPH_ENTITY_TYPE_AUTH); 492 493 if (IS_ERR(th)) 494 return PTR_ERR(th); 495 496 ceph_x_validate_tickets(ac, &need); 497 498 dout("build_request want %x have %x need %x\n", 499 ac->want_keys, xi->have_keys, need); 500 501 if (need & CEPH_ENTITY_TYPE_AUTH) { 502 struct ceph_x_authenticate *auth = (void *)(head + 1); 503 void *p = auth + 1; 504 void *enc_buf = xi->auth_authorizer.enc_buf; 505 struct ceph_x_challenge_blob *blob = enc_buf + 506 ceph_x_encrypt_offset(); 507 u64 *u; 508 509 if (p > end) 510 return -ERANGE; 511 512 dout(" get_auth_session_key\n"); 513 head->op = cpu_to_le16(CEPHX_GET_AUTH_SESSION_KEY); 514 515 /* encrypt and hash */ 516 get_random_bytes(&auth->client_challenge, sizeof(u64)); 517 blob->client_challenge = auth->client_challenge; 518 blob->server_challenge = cpu_to_le64(xi->server_challenge); 519 ret = ceph_x_encrypt(&xi->secret, enc_buf, CEPHX_AU_ENC_BUF_LEN, 520 sizeof(*blob)); 521 if (ret < 0) 522 return ret; 523 524 auth->struct_v = 1; 525 auth->key = 0; 526 for (u = (u64 *)enc_buf; u + 1 <= (u64 *)(enc_buf + ret); u++) 527 auth->key ^= *(__le64 *)u; 528 dout(" server_challenge %llx client_challenge %llx key %llx\n", 529 xi->server_challenge, le64_to_cpu(auth->client_challenge), 530 le64_to_cpu(auth->key)); 531 532 /* now encode the old ticket if exists */ 533 ret = ceph_x_encode_ticket(th, &p, end); 534 if (ret < 0) 535 return ret; 536 537 return p - buf; 538 } 539 540 if (need) { 541 void *p = head + 1; 542 struct ceph_x_service_ticket_request *req; 543 544 if (p > end) 545 return -ERANGE; 546 head->op = cpu_to_le16(CEPHX_GET_PRINCIPAL_SESSION_KEY); 547 548 ret = ceph_x_build_authorizer(ac, th, &xi->auth_authorizer); 549 if (ret) 550 return ret; 551 ceph_encode_copy(&p, xi->auth_authorizer.buf->vec.iov_base, 552 xi->auth_authorizer.buf->vec.iov_len); 553 554 req = p; 555 req->keys = cpu_to_le32(need); 556 p += sizeof(*req); 557 return p - buf; 558 } 559 560 return 0; 561 } 562 563 static int ceph_x_handle_reply(struct ceph_auth_client *ac, int result, 564 void *buf, void *end) 565 { 566 struct ceph_x_info *xi = ac->private; 567 struct ceph_x_reply_header *head = buf; 568 struct ceph_x_ticket_handler *th; 569 int len = end - buf; 570 int op; 571 int ret; 572 573 if (result) 574 return result; /* XXX hmm? */ 575 576 if (xi->starting) { 577 /* it's a hello */ 578 struct ceph_x_server_challenge *sc = buf; 579 580 if (len != sizeof(*sc)) 581 return -EINVAL; 582 xi->server_challenge = le64_to_cpu(sc->server_challenge); 583 dout("handle_reply got server challenge %llx\n", 584 xi->server_challenge); 585 xi->starting = false; 586 xi->have_keys &= ~CEPH_ENTITY_TYPE_AUTH; 587 return -EAGAIN; 588 } 589 590 op = le16_to_cpu(head->op); 591 result = le32_to_cpu(head->result); 592 dout("handle_reply op %d result %d\n", op, result); 593 switch (op) { 594 case CEPHX_GET_AUTH_SESSION_KEY: 595 /* verify auth key */ 596 ret = ceph_x_proc_ticket_reply(ac, &xi->secret, 597 buf + sizeof(*head), end); 598 break; 599 600 case CEPHX_GET_PRINCIPAL_SESSION_KEY: 601 th = get_ticket_handler(ac, CEPH_ENTITY_TYPE_AUTH); 602 if (IS_ERR(th)) 603 return PTR_ERR(th); 604 ret = ceph_x_proc_ticket_reply(ac, &th->session_key, 605 buf + sizeof(*head), end); 606 break; 607 608 default: 609 return -EINVAL; 610 } 611 if (ret) 612 return ret; 613 if (ac->want_keys == xi->have_keys) 614 return 0; 615 return -EAGAIN; 616 } 617 618 static void ceph_x_destroy_authorizer(struct ceph_authorizer *a) 619 { 620 struct ceph_x_authorizer *au = (void *)a; 621 622 ceph_x_authorizer_cleanup(au); 623 kfree(au); 624 } 625 626 static int ceph_x_create_authorizer( 627 struct ceph_auth_client *ac, int peer_type, 628 struct ceph_auth_handshake *auth) 629 { 630 struct ceph_x_authorizer *au; 631 struct ceph_x_ticket_handler *th; 632 int ret; 633 634 th = get_ticket_handler(ac, peer_type); 635 if (IS_ERR(th)) 636 return PTR_ERR(th); 637 638 au = kzalloc(sizeof(*au), GFP_NOFS); 639 if (!au) 640 return -ENOMEM; 641 642 au->base.destroy = ceph_x_destroy_authorizer; 643 644 ret = ceph_x_build_authorizer(ac, th, au); 645 if (ret) { 646 kfree(au); 647 return ret; 648 } 649 650 auth->authorizer = (struct ceph_authorizer *) au; 651 auth->authorizer_buf = au->buf->vec.iov_base; 652 auth->authorizer_buf_len = au->buf->vec.iov_len; 653 auth->authorizer_reply_buf = au->enc_buf; 654 auth->authorizer_reply_buf_len = CEPHX_AU_ENC_BUF_LEN; 655 auth->sign_message = ac->ops->sign_message; 656 auth->check_message_signature = ac->ops->check_message_signature; 657 658 return 0; 659 } 660 661 static int ceph_x_update_authorizer( 662 struct ceph_auth_client *ac, int peer_type, 663 struct ceph_auth_handshake *auth) 664 { 665 struct ceph_x_authorizer *au; 666 struct ceph_x_ticket_handler *th; 667 668 th = get_ticket_handler(ac, peer_type); 669 if (IS_ERR(th)) 670 return PTR_ERR(th); 671 672 au = (struct ceph_x_authorizer *)auth->authorizer; 673 if (au->secret_id < th->secret_id) { 674 dout("ceph_x_update_authorizer service %u secret %llu < %llu\n", 675 au->service, au->secret_id, th->secret_id); 676 return ceph_x_build_authorizer(ac, th, au); 677 } 678 return 0; 679 } 680 681 static int decrypt_authorize_challenge(struct ceph_x_authorizer *au, 682 void *challenge_buf, 683 int challenge_buf_len, 684 u64 *server_challenge) 685 { 686 struct ceph_x_authorize_challenge *ch = 687 challenge_buf + sizeof(struct ceph_x_encrypt_header); 688 int ret; 689 690 /* no leading len */ 691 ret = __ceph_x_decrypt(&au->session_key, challenge_buf, 692 challenge_buf_len); 693 if (ret < 0) 694 return ret; 695 if (ret < sizeof(*ch)) { 696 pr_err("bad size %d for ceph_x_authorize_challenge\n", ret); 697 return -EINVAL; 698 } 699 700 *server_challenge = le64_to_cpu(ch->server_challenge); 701 return 0; 702 } 703 704 static int ceph_x_add_authorizer_challenge(struct ceph_auth_client *ac, 705 struct ceph_authorizer *a, 706 void *challenge_buf, 707 int challenge_buf_len) 708 { 709 struct ceph_x_authorizer *au = (void *)a; 710 u64 server_challenge; 711 int ret; 712 713 ret = decrypt_authorize_challenge(au, challenge_buf, challenge_buf_len, 714 &server_challenge); 715 if (ret) { 716 pr_err("failed to decrypt authorize challenge: %d", ret); 717 return ret; 718 } 719 720 ret = encrypt_authorizer(au, &server_challenge); 721 if (ret) { 722 pr_err("failed to encrypt authorizer w/ challenge: %d", ret); 723 return ret; 724 } 725 726 return 0; 727 } 728 729 static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac, 730 struct ceph_authorizer *a) 731 { 732 struct ceph_x_authorizer *au = (void *)a; 733 void *p = au->enc_buf; 734 struct ceph_x_authorize_reply *reply = p + ceph_x_encrypt_offset(); 735 int ret; 736 737 ret = ceph_x_decrypt(&au->session_key, &p, p + CEPHX_AU_ENC_BUF_LEN); 738 if (ret < 0) 739 return ret; 740 if (ret < sizeof(*reply)) { 741 pr_err("bad size %d for ceph_x_authorize_reply\n", ret); 742 return -EINVAL; 743 } 744 745 if (au->nonce + 1 != le64_to_cpu(reply->nonce_plus_one)) 746 ret = -EPERM; 747 else 748 ret = 0; 749 dout("verify_authorizer_reply nonce %llx got %llx ret %d\n", 750 au->nonce, le64_to_cpu(reply->nonce_plus_one), ret); 751 return ret; 752 } 753 754 static void ceph_x_reset(struct ceph_auth_client *ac) 755 { 756 struct ceph_x_info *xi = ac->private; 757 758 dout("reset\n"); 759 xi->starting = true; 760 xi->server_challenge = 0; 761 } 762 763 static void ceph_x_destroy(struct ceph_auth_client *ac) 764 { 765 struct ceph_x_info *xi = ac->private; 766 struct rb_node *p; 767 768 dout("ceph_x_destroy %p\n", ac); 769 ceph_crypto_key_destroy(&xi->secret); 770 771 while ((p = rb_first(&xi->ticket_handlers)) != NULL) { 772 struct ceph_x_ticket_handler *th = 773 rb_entry(p, struct ceph_x_ticket_handler, node); 774 remove_ticket_handler(ac, th); 775 } 776 777 ceph_x_authorizer_cleanup(&xi->auth_authorizer); 778 779 kfree(ac->private); 780 ac->private = NULL; 781 } 782 783 static void invalidate_ticket(struct ceph_auth_client *ac, int peer_type) 784 { 785 struct ceph_x_ticket_handler *th; 786 787 th = get_ticket_handler(ac, peer_type); 788 if (!IS_ERR(th)) 789 th->have_key = false; 790 } 791 792 static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac, 793 int peer_type) 794 { 795 /* 796 * We are to invalidate a service ticket in the hopes of 797 * getting a new, hopefully more valid, one. But, we won't get 798 * it unless our AUTH ticket is good, so invalidate AUTH ticket 799 * as well, just in case. 800 */ 801 invalidate_ticket(ac, peer_type); 802 invalidate_ticket(ac, CEPH_ENTITY_TYPE_AUTH); 803 } 804 805 static int calc_signature(struct ceph_x_authorizer *au, struct ceph_msg *msg, 806 __le64 *psig) 807 { 808 void *enc_buf = au->enc_buf; 809 int ret; 810 811 if (!CEPH_HAVE_FEATURE(msg->con->peer_features, CEPHX_V2)) { 812 struct { 813 __le32 len; 814 __le32 header_crc; 815 __le32 front_crc; 816 __le32 middle_crc; 817 __le32 data_crc; 818 } __packed *sigblock = enc_buf + ceph_x_encrypt_offset(); 819 820 sigblock->len = cpu_to_le32(4*sizeof(u32)); 821 sigblock->header_crc = msg->hdr.crc; 822 sigblock->front_crc = msg->footer.front_crc; 823 sigblock->middle_crc = msg->footer.middle_crc; 824 sigblock->data_crc = msg->footer.data_crc; 825 826 ret = ceph_x_encrypt(&au->session_key, enc_buf, 827 CEPHX_AU_ENC_BUF_LEN, sizeof(*sigblock)); 828 if (ret < 0) 829 return ret; 830 831 *psig = *(__le64 *)(enc_buf + sizeof(u32)); 832 } else { 833 struct { 834 __le32 header_crc; 835 __le32 front_crc; 836 __le32 front_len; 837 __le32 middle_crc; 838 __le32 middle_len; 839 __le32 data_crc; 840 __le32 data_len; 841 __le32 seq_lower_word; 842 } __packed *sigblock = enc_buf; 843 struct { 844 __le64 a, b, c, d; 845 } __packed *penc = enc_buf; 846 int ciphertext_len; 847 848 sigblock->header_crc = msg->hdr.crc; 849 sigblock->front_crc = msg->footer.front_crc; 850 sigblock->front_len = msg->hdr.front_len; 851 sigblock->middle_crc = msg->footer.middle_crc; 852 sigblock->middle_len = msg->hdr.middle_len; 853 sigblock->data_crc = msg->footer.data_crc; 854 sigblock->data_len = msg->hdr.data_len; 855 sigblock->seq_lower_word = *(__le32 *)&msg->hdr.seq; 856 857 /* no leading len, no ceph_x_encrypt_header */ 858 ret = ceph_crypt(&au->session_key, true, enc_buf, 859 CEPHX_AU_ENC_BUF_LEN, sizeof(*sigblock), 860 &ciphertext_len); 861 if (ret) 862 return ret; 863 864 *psig = penc->a ^ penc->b ^ penc->c ^ penc->d; 865 } 866 867 return 0; 868 } 869 870 static int ceph_x_sign_message(struct ceph_auth_handshake *auth, 871 struct ceph_msg *msg) 872 { 873 __le64 sig; 874 int ret; 875 876 if (ceph_test_opt(from_msgr(msg->con->msgr), NOMSGSIGN)) 877 return 0; 878 879 ret = calc_signature((struct ceph_x_authorizer *)auth->authorizer, 880 msg, &sig); 881 if (ret) 882 return ret; 883 884 msg->footer.sig = sig; 885 msg->footer.flags |= CEPH_MSG_FOOTER_SIGNED; 886 return 0; 887 } 888 889 static int ceph_x_check_message_signature(struct ceph_auth_handshake *auth, 890 struct ceph_msg *msg) 891 { 892 __le64 sig_check; 893 int ret; 894 895 if (ceph_test_opt(from_msgr(msg->con->msgr), NOMSGSIGN)) 896 return 0; 897 898 ret = calc_signature((struct ceph_x_authorizer *)auth->authorizer, 899 msg, &sig_check); 900 if (ret) 901 return ret; 902 if (sig_check == msg->footer.sig) 903 return 0; 904 if (msg->footer.flags & CEPH_MSG_FOOTER_SIGNED) 905 dout("ceph_x_check_message_signature %p has signature %llx " 906 "expect %llx\n", msg, msg->footer.sig, sig_check); 907 else 908 dout("ceph_x_check_message_signature %p sender did not set " 909 "CEPH_MSG_FOOTER_SIGNED\n", msg); 910 return -EBADMSG; 911 } 912 913 static const struct ceph_auth_client_ops ceph_x_ops = { 914 .name = "x", 915 .is_authenticated = ceph_x_is_authenticated, 916 .should_authenticate = ceph_x_should_authenticate, 917 .build_request = ceph_x_build_request, 918 .handle_reply = ceph_x_handle_reply, 919 .create_authorizer = ceph_x_create_authorizer, 920 .update_authorizer = ceph_x_update_authorizer, 921 .add_authorizer_challenge = ceph_x_add_authorizer_challenge, 922 .verify_authorizer_reply = ceph_x_verify_authorizer_reply, 923 .invalidate_authorizer = ceph_x_invalidate_authorizer, 924 .reset = ceph_x_reset, 925 .destroy = ceph_x_destroy, 926 .sign_message = ceph_x_sign_message, 927 .check_message_signature = ceph_x_check_message_signature, 928 }; 929 930 931 int ceph_x_init(struct ceph_auth_client *ac) 932 { 933 struct ceph_x_info *xi; 934 int ret; 935 936 dout("ceph_x_init %p\n", ac); 937 ret = -ENOMEM; 938 xi = kzalloc(sizeof(*xi), GFP_NOFS); 939 if (!xi) 940 goto out; 941 942 ret = -EINVAL; 943 if (!ac->key) { 944 pr_err("no secret set (for auth_x protocol)\n"); 945 goto out_nomem; 946 } 947 948 ret = ceph_crypto_key_clone(&xi->secret, ac->key); 949 if (ret < 0) { 950 pr_err("cannot clone key: %d\n", ret); 951 goto out_nomem; 952 } 953 954 xi->starting = true; 955 xi->ticket_handlers = RB_ROOT; 956 957 ac->protocol = CEPH_AUTH_CEPHX; 958 ac->private = xi; 959 ac->ops = &ceph_x_ops; 960 return 0; 961 962 out_nomem: 963 kfree(xi); 964 out: 965 return ret; 966 } 967