1 // SPDX-License-Identifier: GPL-2.0
2
3 #include <linux/ceph/ceph_debug.h>
4
5 #include <linux/err.h>
6 #include <linux/module.h>
7 #include <linux/random.h>
8 #include <linux/slab.h>
9
10 #include <linux/ceph/decode.h>
11 #include <linux/ceph/auth.h>
12 #include <linux/ceph/ceph_features.h>
13 #include <linux/ceph/libceph.h>
14 #include <linux/ceph/messenger.h>
15
16 #include "crypto.h"
17 #include "auth_x.h"
18 #include "auth_x_protocol.h"
19
20 static const u32 ticket_key_usages[] = {
21 CEPHX_KEY_USAGE_TICKET_SESSION_KEY,
22 CEPHX_KEY_USAGE_TICKET_BLOB,
23 CEPHX_KEY_USAGE_AUTH_CONNECTION_SECRET
24 };
25
26 static const u32 authorizer_key_usages[] = {
27 CEPHX_KEY_USAGE_AUTHORIZE,
28 CEPHX_KEY_USAGE_AUTHORIZE_CHALLENGE,
29 CEPHX_KEY_USAGE_AUTHORIZE_REPLY
30 };
31
32 static const u32 client_key_usages[] = {
33 CEPHX_KEY_USAGE_TICKET_SESSION_KEY
34 };
35
36 static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed);
37
ceph_x_is_authenticated(struct ceph_auth_client * ac)38 static int ceph_x_is_authenticated(struct ceph_auth_client *ac)
39 {
40 struct ceph_x_info *xi = ac->private;
41 int missing;
42 int need; /* missing + need renewal */
43
44 ceph_x_validate_tickets(ac, &need);
45 missing = ac->want_keys & ~xi->have_keys;
46 WARN_ON((need & missing) != missing);
47 dout("%s want 0x%x have 0x%x missing 0x%x -> %d\n", __func__,
48 ac->want_keys, xi->have_keys, missing, !missing);
49 return !missing;
50 }
51
ceph_x_should_authenticate(struct ceph_auth_client * ac)52 static int ceph_x_should_authenticate(struct ceph_auth_client *ac)
53 {
54 struct ceph_x_info *xi = ac->private;
55 int need;
56
57 ceph_x_validate_tickets(ac, &need);
58 dout("%s want 0x%x have 0x%x need 0x%x -> %d\n", __func__,
59 ac->want_keys, xi->have_keys, need, !!need);
60 return !!need;
61 }
62
__ceph_x_encrypt_offset(const struct ceph_crypto_key * key)63 static int __ceph_x_encrypt_offset(const struct ceph_crypto_key *key)
64 {
65 return ceph_crypt_data_offset(key) +
66 sizeof(struct ceph_x_encrypt_header);
67 }
68
ceph_x_encrypt_offset(const struct ceph_crypto_key * key)69 static int ceph_x_encrypt_offset(const struct ceph_crypto_key *key)
70 {
71 return sizeof(u32) + __ceph_x_encrypt_offset(key);
72 }
73
74 /*
75 * AES: ciphertext_len | hdr | data... | padding
76 * AES256KRB5: ciphertext_len | confounder | hdr | data... | hmac
77 */
ceph_x_encrypt_buflen(const struct ceph_crypto_key * key,int data_len)78 static int ceph_x_encrypt_buflen(const struct ceph_crypto_key *key,
79 int data_len)
80 {
81 int encrypt_len = sizeof(struct ceph_x_encrypt_header) + data_len;
82 return sizeof(u32) + ceph_crypt_buflen(key, encrypt_len);
83 }
84
ceph_x_encrypt(const struct ceph_crypto_key * key,int usage_slot,void * buf,int buf_len,int plaintext_len)85 static int ceph_x_encrypt(const struct ceph_crypto_key *key, int usage_slot,
86 void *buf, int buf_len, int plaintext_len)
87 {
88 struct ceph_x_encrypt_header *hdr;
89 int ciphertext_len;
90 int ret;
91
92 hdr = buf + sizeof(u32) + ceph_crypt_data_offset(key);
93 hdr->struct_v = 1;
94 hdr->magic = cpu_to_le64(CEPHX_ENC_MAGIC);
95
96 ret = ceph_crypt(key, usage_slot, true, buf + sizeof(u32),
97 buf_len - sizeof(u32), plaintext_len + sizeof(*hdr),
98 &ciphertext_len);
99 if (ret)
100 return ret;
101
102 ceph_encode_32(&buf, ciphertext_len);
103 return sizeof(u32) + ciphertext_len;
104 }
105
__ceph_x_decrypt(const struct ceph_crypto_key * key,int usage_slot,void * p,int ciphertext_len)106 static int __ceph_x_decrypt(const struct ceph_crypto_key *key, int usage_slot,
107 void *p, int ciphertext_len)
108 {
109 struct ceph_x_encrypt_header *hdr;
110 int plaintext_len;
111 int ret;
112
113 ret = ceph_crypt(key, usage_slot, false, p, ciphertext_len,
114 ciphertext_len, &plaintext_len);
115 if (ret)
116 return ret;
117
118 hdr = p + ceph_crypt_data_offset(key);
119 if (le64_to_cpu(hdr->magic) != CEPHX_ENC_MAGIC) {
120 pr_err("%s bad magic\n", __func__);
121 return -EINVAL;
122 }
123
124 return plaintext_len - sizeof(*hdr);
125 }
126
ceph_x_decrypt(const struct ceph_crypto_key * key,int usage_slot,void ** p,void * end)127 static int ceph_x_decrypt(const struct ceph_crypto_key *key, int usage_slot,
128 void **p, void *end)
129 {
130 int ciphertext_len;
131 int ret;
132
133 ceph_decode_32_safe(p, end, ciphertext_len, e_inval);
134 ceph_decode_need(p, end, ciphertext_len, e_inval);
135
136 ret = __ceph_x_decrypt(key, usage_slot, *p, ciphertext_len);
137 if (ret < 0)
138 return ret;
139
140 *p += ciphertext_len;
141 return ret;
142
143 e_inval:
144 return -EINVAL;
145 }
146
147 /*
148 * get existing (or insert new) ticket handler
149 */
150 static struct ceph_x_ticket_handler *
get_ticket_handler(struct ceph_auth_client * ac,int service)151 get_ticket_handler(struct ceph_auth_client *ac, int service)
152 {
153 struct ceph_x_ticket_handler *th;
154 struct ceph_x_info *xi = ac->private;
155 struct rb_node *parent = NULL, **p = &xi->ticket_handlers.rb_node;
156
157 while (*p) {
158 parent = *p;
159 th = rb_entry(parent, struct ceph_x_ticket_handler, node);
160 if (service < th->service)
161 p = &(*p)->rb_left;
162 else if (service > th->service)
163 p = &(*p)->rb_right;
164 else
165 return th;
166 }
167
168 /* add it */
169 th = kzalloc_obj(*th, GFP_NOFS);
170 if (!th)
171 return ERR_PTR(-ENOMEM);
172 th->service = service;
173 rb_link_node(&th->node, parent, p);
174 rb_insert_color(&th->node, &xi->ticket_handlers);
175 return th;
176 }
177
remove_ticket_handler(struct ceph_auth_client * ac,struct ceph_x_ticket_handler * th)178 static void remove_ticket_handler(struct ceph_auth_client *ac,
179 struct ceph_x_ticket_handler *th)
180 {
181 struct ceph_x_info *xi = ac->private;
182
183 dout("remove_ticket_handler %p %d\n", th, th->service);
184 rb_erase(&th->node, &xi->ticket_handlers);
185 ceph_crypto_key_destroy(&th->session_key);
186 if (th->ticket_blob)
187 ceph_buffer_put(th->ticket_blob);
188 kfree(th);
189 }
190
process_one_ticket(struct ceph_auth_client * ac,struct ceph_crypto_key * secret,void ** p,void * end)191 static int process_one_ticket(struct ceph_auth_client *ac,
192 struct ceph_crypto_key *secret,
193 void **p, void *end)
194 {
195 struct ceph_x_info *xi = ac->private;
196 int type;
197 u8 tkt_struct_v, blob_struct_v;
198 struct ceph_x_ticket_handler *th;
199 void *dp, *dend;
200 int dlen;
201 char is_enc;
202 struct timespec64 validity;
203 void *tp, *tpend;
204 void **ptp;
205 struct ceph_crypto_key new_session_key = { 0 };
206 struct ceph_buffer *new_ticket_blob;
207 time64_t new_expires, new_renew_after;
208 u64 new_secret_id;
209 int ret;
210
211 ceph_decode_need(p, end, sizeof(u32) + 1, bad);
212
213 type = ceph_decode_32(p);
214 dout(" ticket type %d %s\n", type, ceph_entity_type_name(type));
215
216 tkt_struct_v = ceph_decode_8(p);
217 if (tkt_struct_v != 1)
218 goto bad;
219
220 th = get_ticket_handler(ac, type);
221 if (IS_ERR(th)) {
222 ret = PTR_ERR(th);
223 goto out;
224 }
225
226 /* blob for me */
227 dp = *p + ceph_x_encrypt_offset(secret);
228 ret = ceph_x_decrypt(secret,
229 0 /* CEPHX_KEY_USAGE_TICKET_SESSION_KEY */,
230 p, end);
231 if (ret < 0)
232 goto out;
233 dout(" decrypted %d bytes\n", ret);
234 dend = dp + ret;
235
236 ceph_decode_8_safe(&dp, dend, tkt_struct_v, bad);
237 if (tkt_struct_v != 1)
238 goto bad;
239
240 ret = ceph_crypto_key_decode(&new_session_key, &dp, dend);
241 if (ret)
242 goto out;
243
244 ret = ceph_crypto_key_prepare(&new_session_key, ticket_key_usages,
245 ARRAY_SIZE(ticket_key_usages));
246 if (ret)
247 goto out;
248
249 ceph_decode_need(&dp, dend, sizeof(struct ceph_timespec), bad);
250 ceph_decode_timespec64(&validity, dp);
251 dp += sizeof(struct ceph_timespec);
252 new_expires = ktime_get_real_seconds() + validity.tv_sec;
253 new_renew_after = new_expires - (validity.tv_sec / 4);
254 dout(" expires=%llu renew_after=%llu\n", new_expires,
255 new_renew_after);
256
257 /* ticket blob for service */
258 ceph_decode_8_safe(p, end, is_enc, bad);
259 if (is_enc) {
260 /* encrypted */
261 tp = *p + ceph_x_encrypt_offset(&th->session_key);
262 ret = ceph_x_decrypt(&th->session_key,
263 1 /* CEPHX_KEY_USAGE_TICKET_BLOB */,
264 p, end);
265 if (ret < 0)
266 goto out;
267 dout(" encrypted ticket, decrypted %d bytes\n", ret);
268 ptp = &tp;
269 tpend = tp + ret;
270 } else {
271 /* unencrypted */
272 ptp = p;
273 tpend = end;
274 }
275 ceph_decode_32_safe(ptp, tpend, dlen, bad);
276 dout(" ticket blob is %d bytes\n", dlen);
277 ceph_decode_need(ptp, tpend, 1 + sizeof(u64), bad);
278 blob_struct_v = ceph_decode_8(ptp);
279 if (blob_struct_v != 1)
280 goto bad;
281
282 new_secret_id = ceph_decode_64(ptp);
283 ret = ceph_decode_buffer(&new_ticket_blob, ptp, tpend);
284 if (ret)
285 goto out;
286
287 /* all is well, update our ticket */
288 ceph_crypto_key_destroy(&th->session_key);
289 if (th->ticket_blob)
290 ceph_buffer_put(th->ticket_blob);
291 th->session_key = new_session_key;
292 th->ticket_blob = new_ticket_blob;
293 th->secret_id = new_secret_id;
294 th->expires = new_expires;
295 th->renew_after = new_renew_after;
296 th->have_key = true;
297 dout(" got ticket service %d (%s) secret_id %lld len %d\n",
298 type, ceph_entity_type_name(type), th->secret_id,
299 (int)th->ticket_blob->vec.iov_len);
300 xi->have_keys |= th->service;
301 return 0;
302
303 bad:
304 ret = -EINVAL;
305 out:
306 ceph_crypto_key_destroy(&new_session_key);
307 return ret;
308 }
309
ceph_x_proc_ticket_reply(struct ceph_auth_client * ac,struct ceph_crypto_key * secret,void ** p,void * end)310 static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac,
311 struct ceph_crypto_key *secret,
312 void **p, void *end)
313 {
314 u8 reply_struct_v;
315 u32 num;
316 int ret;
317
318 ceph_decode_8_safe(p, end, reply_struct_v, bad);
319 if (reply_struct_v != 1)
320 return -EINVAL;
321
322 ceph_decode_32_safe(p, end, num, bad);
323 dout("%d tickets\n", num);
324
325 while (num--) {
326 ret = process_one_ticket(ac, secret, p, end);
327 if (ret)
328 return ret;
329 }
330
331 return 0;
332
333 bad:
334 return -EINVAL;
335 }
336
337 /*
338 * Encode and encrypt the second part (ceph_x_authorize_b) of the
339 * authorizer. The first part (ceph_x_authorize_a) should already be
340 * encoded.
341 */
encrypt_authorizer(struct ceph_x_authorizer * au,u64 * server_challenge)342 static int encrypt_authorizer(struct ceph_x_authorizer *au,
343 u64 *server_challenge)
344 {
345 struct ceph_x_authorize_a *msg_a;
346 struct ceph_x_authorize_b *msg_b;
347 void *p, *end;
348 int ret;
349
350 msg_a = au->buf->vec.iov_base;
351 WARN_ON(msg_a->ticket_blob.secret_id != cpu_to_le64(au->secret_id));
352 p = (void *)(msg_a + 1) + le32_to_cpu(msg_a->ticket_blob.blob_len);
353 end = au->buf->vec.iov_base + au->buf->vec.iov_len;
354
355 msg_b = p + ceph_x_encrypt_offset(&au->session_key);
356 msg_b->struct_v = 2;
357 msg_b->nonce = cpu_to_le64(au->nonce);
358 if (server_challenge) {
359 msg_b->have_challenge = 1;
360 msg_b->server_challenge_plus_one =
361 cpu_to_le64(*server_challenge + 1);
362 } else {
363 msg_b->have_challenge = 0;
364 msg_b->server_challenge_plus_one = 0;
365 }
366
367 ret = ceph_x_encrypt(&au->session_key,
368 0 /* CEPHX_KEY_USAGE_AUTHORIZE */,
369 p, end - p, sizeof(*msg_b));
370 if (ret < 0)
371 return ret;
372
373 p += ret;
374 if (server_challenge) {
375 WARN_ON(p != end);
376 } else {
377 WARN_ON(p > end);
378 au->buf->vec.iov_len = p - au->buf->vec.iov_base;
379 }
380
381 return 0;
382 }
383
ceph_x_authorizer_cleanup(struct ceph_x_authorizer * au)384 static void ceph_x_authorizer_cleanup(struct ceph_x_authorizer *au)
385 {
386 ceph_crypto_key_destroy(&au->session_key);
387 if (au->buf) {
388 ceph_buffer_put(au->buf);
389 au->buf = NULL;
390 }
391 }
392
ceph_x_build_authorizer(struct ceph_auth_client * ac,struct ceph_x_ticket_handler * th,struct ceph_x_authorizer * au)393 static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
394 struct ceph_x_ticket_handler *th,
395 struct ceph_x_authorizer *au)
396 {
397 int maxlen;
398 struct ceph_x_authorize_a *msg_a;
399 struct ceph_x_authorize_b *msg_b;
400 int ret;
401 int ticket_blob_len =
402 (th->ticket_blob ? th->ticket_blob->vec.iov_len : 0);
403
404 dout("build_authorizer for %s %p\n",
405 ceph_entity_type_name(th->service), au);
406
407 ceph_crypto_key_destroy(&au->session_key);
408 ret = ceph_crypto_key_clone(&au->session_key, &th->session_key);
409 if (ret)
410 goto out_au;
411
412 ret = ceph_crypto_key_prepare(&au->session_key, authorizer_key_usages,
413 ARRAY_SIZE(authorizer_key_usages));
414 if (ret)
415 goto out_au;
416
417 maxlen = sizeof(*msg_a) + ticket_blob_len +
418 ceph_x_encrypt_buflen(&au->session_key, sizeof(*msg_b));
419 dout(" need len %d\n", maxlen);
420 if (au->buf && au->buf->alloc_len < maxlen) {
421 ceph_buffer_put(au->buf);
422 au->buf = NULL;
423 }
424 if (!au->buf) {
425 au->buf = ceph_buffer_new(maxlen, GFP_NOFS);
426 if (!au->buf) {
427 ret = -ENOMEM;
428 goto out_au;
429 }
430 }
431 au->service = th->service;
432 WARN_ON(!th->secret_id);
433 au->secret_id = th->secret_id;
434
435 msg_a = au->buf->vec.iov_base;
436 msg_a->struct_v = 1;
437 msg_a->global_id = cpu_to_le64(ac->global_id);
438 msg_a->service_id = cpu_to_le32(th->service);
439 msg_a->ticket_blob.struct_v = 1;
440 msg_a->ticket_blob.secret_id = cpu_to_le64(th->secret_id);
441 msg_a->ticket_blob.blob_len = cpu_to_le32(ticket_blob_len);
442 if (ticket_blob_len) {
443 memcpy(msg_a->ticket_blob.blob, th->ticket_blob->vec.iov_base,
444 th->ticket_blob->vec.iov_len);
445 }
446 dout(" th %p secret_id %lld %lld\n", th, th->secret_id,
447 le64_to_cpu(msg_a->ticket_blob.secret_id));
448
449 get_random_bytes(&au->nonce, sizeof(au->nonce));
450 ret = encrypt_authorizer(au, NULL);
451 if (ret) {
452 pr_err("failed to encrypt authorizer: %d", ret);
453 goto out_au;
454 }
455
456 dout(" built authorizer nonce %llx len %d\n", au->nonce,
457 (int)au->buf->vec.iov_len);
458 return 0;
459
460 out_au:
461 ceph_x_authorizer_cleanup(au);
462 return ret;
463 }
464
ceph_x_encode_ticket(struct ceph_x_ticket_handler * th,void ** p,void * end)465 static int ceph_x_encode_ticket(struct ceph_x_ticket_handler *th,
466 void **p, void *end)
467 {
468 ceph_decode_need(p, end, 1 + sizeof(u64), bad);
469 ceph_encode_8(p, 1);
470 ceph_encode_64(p, th->secret_id);
471 if (th->ticket_blob) {
472 const char *buf = th->ticket_blob->vec.iov_base;
473 u32 len = th->ticket_blob->vec.iov_len;
474
475 ceph_encode_32_safe(p, end, len, bad);
476 ceph_encode_copy_safe(p, end, buf, len, bad);
477 } else {
478 ceph_encode_32_safe(p, end, 0, bad);
479 }
480
481 return 0;
482 bad:
483 return -ERANGE;
484 }
485
need_key(struct ceph_x_ticket_handler * th)486 static bool need_key(struct ceph_x_ticket_handler *th)
487 {
488 if (!th->have_key)
489 return true;
490
491 return ktime_get_real_seconds() >= th->renew_after;
492 }
493
have_key(struct ceph_x_ticket_handler * th)494 static bool have_key(struct ceph_x_ticket_handler *th)
495 {
496 if (th->have_key && ktime_get_real_seconds() >= th->expires) {
497 dout("ticket %d (%s) secret_id %llu expired\n", th->service,
498 ceph_entity_type_name(th->service), th->secret_id);
499 th->have_key = false;
500 }
501
502 return th->have_key;
503 }
504
ceph_x_validate_tickets(struct ceph_auth_client * ac,int * pneed)505 static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed)
506 {
507 int want = ac->want_keys;
508 struct ceph_x_info *xi = ac->private;
509 int service;
510
511 *pneed = ac->want_keys & ~(xi->have_keys);
512
513 for (service = 1; service <= want; service <<= 1) {
514 struct ceph_x_ticket_handler *th;
515
516 if (!(ac->want_keys & service))
517 continue;
518
519 if (*pneed & service)
520 continue;
521
522 th = get_ticket_handler(ac, service);
523 if (IS_ERR(th)) {
524 *pneed |= service;
525 continue;
526 }
527
528 if (need_key(th))
529 *pneed |= service;
530 if (!have_key(th))
531 xi->have_keys &= ~service;
532 }
533 }
534
ceph_x_build_request(struct ceph_auth_client * ac,void * buf,void * end)535 static int ceph_x_build_request(struct ceph_auth_client *ac,
536 void *buf, void *end)
537 {
538 struct ceph_x_info *xi = ac->private;
539 int need;
540 struct ceph_x_request_header *head = buf;
541 void *p;
542 int ret;
543 struct ceph_x_ticket_handler *th =
544 get_ticket_handler(ac, CEPH_ENTITY_TYPE_AUTH);
545
546 if (IS_ERR(th))
547 return PTR_ERR(th);
548
549 ceph_x_validate_tickets(ac, &need);
550 dout("%s want 0x%x have 0x%x need 0x%x\n", __func__, ac->want_keys,
551 xi->have_keys, need);
552
553 if (need & CEPH_ENTITY_TYPE_AUTH) {
554 struct ceph_x_authenticate *auth = (void *)(head + 1);
555 void *enc_buf = xi->auth_authorizer.enc_buf;
556 struct ceph_x_challenge_blob *blob;
557 u64 *u;
558
559 p = auth + 1;
560 if (p > end)
561 return -ERANGE;
562
563 dout(" get_auth_session_key\n");
564 head->op = cpu_to_le16(CEPHX_GET_AUTH_SESSION_KEY);
565
566 if (xi->secret.type == CEPH_CRYPTO_AES) {
567 blob = enc_buf + ceph_x_encrypt_offset(&xi->secret);
568 } else {
569 BUILD_BUG_ON(SHA256_DIGEST_SIZE + sizeof(*blob) >
570 CEPHX_AU_ENC_BUF_LEN);
571 blob = enc_buf + SHA256_DIGEST_SIZE;
572 }
573
574 get_random_bytes(&auth->client_challenge, sizeof(u64));
575 blob->client_challenge = auth->client_challenge;
576 blob->server_challenge = cpu_to_le64(xi->server_challenge);
577
578 if (xi->secret.type == CEPH_CRYPTO_AES) {
579 ret = ceph_x_encrypt(&xi->secret, 0 /* dummy */,
580 enc_buf, CEPHX_AU_ENC_BUF_LEN,
581 sizeof(*blob));
582 if (ret < 0)
583 return ret;
584 } else {
585 ceph_hmac_sha256(&xi->secret, blob, sizeof(*blob),
586 enc_buf);
587 ret = SHA256_DIGEST_SIZE;
588 }
589
590 auth->struct_v = 3; /* nautilus+ */
591 auth->key = 0;
592 for (u = (u64 *)enc_buf; u + 1 <= (u64 *)(enc_buf + ret); u++)
593 auth->key ^= *(__le64 *)u;
594 dout(" server_challenge %llx client_challenge %llx key %llx\n",
595 xi->server_challenge, le64_to_cpu(auth->client_challenge),
596 le64_to_cpu(auth->key));
597
598 /* now encode the old ticket if exists */
599 ret = ceph_x_encode_ticket(th, &p, end);
600 if (ret < 0)
601 return ret;
602
603 /* nautilus+: request service tickets at the same time */
604 need = ac->want_keys & ~CEPH_ENTITY_TYPE_AUTH;
605 WARN_ON(!need);
606 ceph_encode_32_safe(&p, end, need, e_range);
607 return p - buf;
608 }
609
610 if (need) {
611 dout(" get_principal_session_key\n");
612 ret = ceph_x_build_authorizer(ac, th, &xi->auth_authorizer);
613 if (ret)
614 return ret;
615
616 p = buf;
617 ceph_encode_16_safe(&p, end, CEPHX_GET_PRINCIPAL_SESSION_KEY,
618 e_range);
619 ceph_encode_copy_safe(&p, end,
620 xi->auth_authorizer.buf->vec.iov_base,
621 xi->auth_authorizer.buf->vec.iov_len, e_range);
622 ceph_encode_8_safe(&p, end, 1, e_range);
623 ceph_encode_32_safe(&p, end, need, e_range);
624 return p - buf;
625 }
626
627 return 0;
628
629 e_range:
630 return -ERANGE;
631 }
632
decode_con_secret(void ** p,void * end,u8 * con_secret,int * con_secret_len)633 static int decode_con_secret(void **p, void *end, u8 *con_secret,
634 int *con_secret_len)
635 {
636 int len;
637
638 ceph_decode_32_safe(p, end, len, bad);
639 ceph_decode_need(p, end, len, bad);
640
641 dout("%s len %d\n", __func__, len);
642 if (con_secret) {
643 if (len > CEPH_MAX_CON_SECRET_LEN) {
644 pr_err("connection secret too big %d\n", len);
645 goto bad_memzero;
646 }
647 memcpy(con_secret, *p, len);
648 *con_secret_len = len;
649 }
650 memzero_explicit(*p, len);
651 *p += len;
652 return 0;
653
654 bad_memzero:
655 memzero_explicit(*p, len);
656 bad:
657 pr_err("failed to decode connection secret\n");
658 return -EINVAL;
659 }
660
handle_auth_session_key(struct ceph_auth_client * ac,u64 global_id,void ** p,void * end,u8 * session_key,int * session_key_len,u8 * con_secret,int * con_secret_len)661 static int handle_auth_session_key(struct ceph_auth_client *ac, u64 global_id,
662 void **p, void *end,
663 u8 *session_key, int *session_key_len,
664 u8 *con_secret, int *con_secret_len)
665 {
666 struct ceph_x_info *xi = ac->private;
667 struct ceph_x_ticket_handler *th;
668 void *dp, *dend;
669 int len;
670 int ret;
671
672 /* AUTH ticket */
673 ret = ceph_x_proc_ticket_reply(ac, &xi->secret, p, end);
674 if (ret)
675 return ret;
676
677 ceph_auth_set_global_id(ac, global_id);
678 if (*p == end) {
679 /* pre-nautilus (or didn't request service tickets!) */
680 WARN_ON(session_key || con_secret);
681 return 0;
682 }
683
684 th = get_ticket_handler(ac, CEPH_ENTITY_TYPE_AUTH);
685 if (IS_ERR(th))
686 return PTR_ERR(th);
687
688 if (session_key) {
689 memcpy(session_key, th->session_key.key, th->session_key.len);
690 *session_key_len = th->session_key.len;
691 }
692
693 /* connection secret */
694 ceph_decode_32_safe(p, end, len, e_inval);
695 ceph_decode_need(p, end, len, e_inval);
696 dout("%s connection secret blob len %d\n", __func__, len);
697 if (len > 0) {
698 dp = *p + ceph_x_encrypt_offset(&th->session_key);
699 ret = ceph_x_decrypt(&th->session_key,
700 2 /* CEPHX_KEY_USAGE_AUTH_CONNECTION_SECRET */,
701 p, *p + len);
702 if (ret < 0)
703 return ret;
704
705 dout("%s decrypted %d bytes\n", __func__, ret);
706 dend = dp + ret;
707
708 ret = decode_con_secret(&dp, dend, con_secret, con_secret_len);
709 if (ret)
710 return ret;
711 }
712
713 /* service tickets */
714 ceph_decode_32_safe(p, end, len, e_inval);
715 ceph_decode_need(p, end, len, e_inval);
716 dout("%s service tickets blob len %d\n", __func__, len);
717 if (len > 0) {
718 ret = ceph_x_proc_ticket_reply(ac, &th->session_key,
719 p, *p + len);
720 if (ret)
721 return ret;
722 }
723
724 return 0;
725
726 e_inval:
727 return -EINVAL;
728 }
729
ceph_x_handle_reply(struct ceph_auth_client * ac,u64 global_id,void * buf,void * end,u8 * session_key,int * session_key_len,u8 * con_secret,int * con_secret_len)730 static int ceph_x_handle_reply(struct ceph_auth_client *ac, u64 global_id,
731 void *buf, void *end,
732 u8 *session_key, int *session_key_len,
733 u8 *con_secret, int *con_secret_len)
734 {
735 struct ceph_x_info *xi = ac->private;
736 struct ceph_x_ticket_handler *th;
737 int len = end - buf;
738 int result;
739 void *p;
740 int op;
741 int ret;
742
743 if (xi->starting) {
744 /* it's a hello */
745 struct ceph_x_server_challenge *sc = buf;
746
747 if (len != sizeof(*sc))
748 return -EINVAL;
749 xi->server_challenge = le64_to_cpu(sc->server_challenge);
750 dout("handle_reply got server challenge %llx\n",
751 xi->server_challenge);
752 xi->starting = false;
753 xi->have_keys &= ~CEPH_ENTITY_TYPE_AUTH;
754 return -EAGAIN;
755 }
756
757 p = buf;
758 ceph_decode_16_safe(&p, end, op, e_inval);
759 ceph_decode_32_safe(&p, end, result, e_inval);
760 dout("handle_reply op %d result %d\n", op, result);
761 switch (op) {
762 case CEPHX_GET_AUTH_SESSION_KEY:
763 /* AUTH ticket + [connection secret] + service tickets */
764 ret = handle_auth_session_key(ac, global_id, &p, end,
765 session_key, session_key_len,
766 con_secret, con_secret_len);
767 break;
768
769 case CEPHX_GET_PRINCIPAL_SESSION_KEY:
770 th = get_ticket_handler(ac, CEPH_ENTITY_TYPE_AUTH);
771 if (IS_ERR(th))
772 return PTR_ERR(th);
773
774 /* service tickets */
775 ret = ceph_x_proc_ticket_reply(ac, &th->session_key, &p, end);
776 break;
777
778 default:
779 return -EINVAL;
780 }
781 if (ret)
782 return ret;
783 if (ac->want_keys == xi->have_keys)
784 return 0;
785 return -EAGAIN;
786
787 e_inval:
788 return -EINVAL;
789 }
790
ceph_x_destroy_authorizer(struct ceph_authorizer * a)791 static void ceph_x_destroy_authorizer(struct ceph_authorizer *a)
792 {
793 struct ceph_x_authorizer *au = (void *)a;
794
795 ceph_x_authorizer_cleanup(au);
796 kfree(au);
797 }
798
ceph_x_create_authorizer(struct ceph_auth_client * ac,int peer_type,struct ceph_auth_handshake * auth)799 static int ceph_x_create_authorizer(
800 struct ceph_auth_client *ac, int peer_type,
801 struct ceph_auth_handshake *auth)
802 {
803 struct ceph_x_authorizer *au;
804 struct ceph_x_ticket_handler *th;
805 int ret;
806
807 th = get_ticket_handler(ac, peer_type);
808 if (IS_ERR(th))
809 return PTR_ERR(th);
810
811 au = kzalloc_obj(*au, GFP_NOFS);
812 if (!au)
813 return -ENOMEM;
814
815 au->base.destroy = ceph_x_destroy_authorizer;
816
817 ret = ceph_x_build_authorizer(ac, th, au);
818 if (ret) {
819 kfree(au);
820 return ret;
821 }
822
823 auth->authorizer = (struct ceph_authorizer *) au;
824 auth->authorizer_buf = au->buf->vec.iov_base;
825 auth->authorizer_buf_len = au->buf->vec.iov_len;
826 auth->authorizer_reply_buf = au->enc_buf;
827 auth->authorizer_reply_buf_len = CEPHX_AU_ENC_BUF_LEN;
828 auth->sign_message = ac->ops->sign_message;
829 auth->check_message_signature = ac->ops->check_message_signature;
830
831 return 0;
832 }
833
ceph_x_update_authorizer(struct ceph_auth_client * ac,int peer_type,struct ceph_auth_handshake * auth)834 static int ceph_x_update_authorizer(
835 struct ceph_auth_client *ac, int peer_type,
836 struct ceph_auth_handshake *auth)
837 {
838 struct ceph_x_authorizer *au;
839 struct ceph_x_ticket_handler *th;
840
841 th = get_ticket_handler(ac, peer_type);
842 if (IS_ERR(th))
843 return PTR_ERR(th);
844
845 au = (struct ceph_x_authorizer *)auth->authorizer;
846 if (au->secret_id < th->secret_id) {
847 dout("ceph_x_update_authorizer service %u secret %llu < %llu\n",
848 au->service, au->secret_id, th->secret_id);
849 return ceph_x_build_authorizer(ac, th, au);
850 }
851 return 0;
852 }
853
854 /*
855 * CephXAuthorizeChallenge
856 */
decrypt_authorizer_challenge(struct ceph_crypto_key * secret,void * challenge,int challenge_len,u64 * server_challenge)857 static int decrypt_authorizer_challenge(struct ceph_crypto_key *secret,
858 void *challenge, int challenge_len,
859 u64 *server_challenge)
860 {
861 void *dp, *dend;
862 int ret;
863
864 /* no leading len */
865 ret = __ceph_x_decrypt(secret,
866 1 /* CEPHX_KEY_USAGE_AUTHORIZE_CHALLENGE */,
867 challenge, challenge_len);
868 if (ret < 0)
869 return ret;
870
871 dout("%s decrypted %d bytes\n", __func__, ret);
872 dp = challenge + __ceph_x_encrypt_offset(secret);
873 dend = dp + ret;
874
875 ceph_decode_skip_8(&dp, dend, e_inval); /* struct_v */
876 ceph_decode_64_safe(&dp, dend, *server_challenge, e_inval);
877 dout("%s server_challenge %llu\n", __func__, *server_challenge);
878 return 0;
879
880 e_inval:
881 return -EINVAL;
882 }
883
ceph_x_add_authorizer_challenge(struct ceph_auth_client * ac,struct ceph_authorizer * a,void * challenge,int challenge_len)884 static int ceph_x_add_authorizer_challenge(struct ceph_auth_client *ac,
885 struct ceph_authorizer *a,
886 void *challenge, int challenge_len)
887 {
888 struct ceph_x_authorizer *au = (void *)a;
889 u64 server_challenge;
890 int ret;
891
892 ret = decrypt_authorizer_challenge(&au->session_key, challenge,
893 challenge_len, &server_challenge);
894 if (ret) {
895 pr_err("failed to decrypt authorize challenge: %d", ret);
896 return ret;
897 }
898
899 ret = encrypt_authorizer(au, &server_challenge);
900 if (ret) {
901 pr_err("failed to encrypt authorizer w/ challenge: %d", ret);
902 return ret;
903 }
904
905 return 0;
906 }
907
908 /*
909 * CephXAuthorizeReply
910 */
decrypt_authorizer_reply(struct ceph_crypto_key * secret,void ** p,void * end,u64 * nonce_plus_one,u8 * con_secret,int * con_secret_len)911 static int decrypt_authorizer_reply(struct ceph_crypto_key *secret,
912 void **p, void *end, u64 *nonce_plus_one,
913 u8 *con_secret, int *con_secret_len)
914 {
915 void *dp, *dend;
916 u8 struct_v;
917 int ret;
918
919 dp = *p + ceph_x_encrypt_offset(secret);
920 ret = ceph_x_decrypt(secret, 2 /* CEPHX_KEY_USAGE_AUTHORIZE_REPLY */,
921 p, end);
922 if (ret < 0)
923 return ret;
924
925 dout("%s decrypted %d bytes\n", __func__, ret);
926 dend = dp + ret;
927
928 ceph_decode_8_safe(&dp, dend, struct_v, e_inval);
929 ceph_decode_64_safe(&dp, dend, *nonce_plus_one, e_inval);
930 dout("%s nonce_plus_one %llu\n", __func__, *nonce_plus_one);
931 if (struct_v >= 2) {
932 ret = decode_con_secret(&dp, dend, con_secret, con_secret_len);
933 if (ret)
934 return ret;
935 }
936
937 return 0;
938
939 e_inval:
940 return -EINVAL;
941 }
942
ceph_x_verify_authorizer_reply(struct ceph_auth_client * ac,struct ceph_authorizer * a,void * reply,int reply_len,u8 * session_key,int * session_key_len,u8 * con_secret,int * con_secret_len)943 static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac,
944 struct ceph_authorizer *a,
945 void *reply, int reply_len,
946 u8 *session_key, int *session_key_len,
947 u8 *con_secret, int *con_secret_len)
948 {
949 struct ceph_x_authorizer *au = (void *)a;
950 u64 nonce_plus_one;
951 int ret;
952
953 if (session_key) {
954 memcpy(session_key, au->session_key.key, au->session_key.len);
955 *session_key_len = au->session_key.len;
956 }
957
958 ret = decrypt_authorizer_reply(&au->session_key, &reply,
959 reply + reply_len, &nonce_plus_one,
960 con_secret, con_secret_len);
961 if (ret)
962 return ret;
963
964 if (nonce_plus_one != au->nonce + 1) {
965 pr_err("failed to authenticate server\n");
966 return -EPERM;
967 }
968
969 return 0;
970 }
971
ceph_x_reset(struct ceph_auth_client * ac)972 static void ceph_x_reset(struct ceph_auth_client *ac)
973 {
974 struct ceph_x_info *xi = ac->private;
975
976 dout("reset\n");
977 xi->starting = true;
978 xi->server_challenge = 0;
979 }
980
ceph_x_destroy(struct ceph_auth_client * ac)981 static void ceph_x_destroy(struct ceph_auth_client *ac)
982 {
983 struct ceph_x_info *xi = ac->private;
984 struct rb_node *p;
985
986 dout("ceph_x_destroy %p\n", ac);
987 ceph_crypto_key_destroy(&xi->secret);
988
989 while ((p = rb_first(&xi->ticket_handlers)) != NULL) {
990 struct ceph_x_ticket_handler *th =
991 rb_entry(p, struct ceph_x_ticket_handler, node);
992 remove_ticket_handler(ac, th);
993 }
994
995 ceph_x_authorizer_cleanup(&xi->auth_authorizer);
996
997 kfree(ac->private);
998 ac->private = NULL;
999 }
1000
invalidate_ticket(struct ceph_auth_client * ac,int peer_type)1001 static void invalidate_ticket(struct ceph_auth_client *ac, int peer_type)
1002 {
1003 struct ceph_x_ticket_handler *th;
1004
1005 th = get_ticket_handler(ac, peer_type);
1006 if (IS_ERR(th))
1007 return;
1008
1009 if (th->have_key) {
1010 dout("ticket %d (%s) secret_id %llu invalidated\n",
1011 th->service, ceph_entity_type_name(th->service),
1012 th->secret_id);
1013 th->have_key = false;
1014 }
1015 }
1016
ceph_x_invalidate_authorizer(struct ceph_auth_client * ac,int peer_type)1017 static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac,
1018 int peer_type)
1019 {
1020 /*
1021 * We are to invalidate a service ticket in the hopes of
1022 * getting a new, hopefully more valid, one. But, we won't get
1023 * it unless our AUTH ticket is good, so invalidate AUTH ticket
1024 * as well, just in case.
1025 */
1026 invalidate_ticket(ac, peer_type);
1027 invalidate_ticket(ac, CEPH_ENTITY_TYPE_AUTH);
1028 }
1029
calc_signature(struct ceph_x_authorizer * au,struct ceph_msg * msg,__le64 * psig)1030 static int calc_signature(struct ceph_x_authorizer *au, struct ceph_msg *msg,
1031 __le64 *psig)
1032 {
1033 void *enc_buf = au->enc_buf;
1034 int ret;
1035
1036 if (!CEPH_HAVE_FEATURE(msg->con->peer_features, CEPHX_V2)) {
1037 struct {
1038 __le32 len;
1039 __le32 header_crc;
1040 __le32 front_crc;
1041 __le32 middle_crc;
1042 __le32 data_crc;
1043 } __packed *sigblock = enc_buf +
1044 ceph_x_encrypt_offset(&au->session_key);
1045
1046 sigblock->len = cpu_to_le32(4*sizeof(u32));
1047 sigblock->header_crc = msg->hdr.crc;
1048 sigblock->front_crc = msg->footer.front_crc;
1049 sigblock->middle_crc = msg->footer.middle_crc;
1050 sigblock->data_crc = msg->footer.data_crc;
1051
1052 ret = ceph_x_encrypt(&au->session_key, 0 /* dummy */,
1053 enc_buf, CEPHX_AU_ENC_BUF_LEN,
1054 sizeof(*sigblock));
1055 if (ret < 0)
1056 return ret;
1057
1058 *psig = *(__le64 *)(enc_buf + sizeof(u32));
1059 } else {
1060 struct {
1061 __le32 header_crc;
1062 __le32 front_crc;
1063 __le32 front_len;
1064 __le32 middle_crc;
1065 __le32 middle_len;
1066 __le32 data_crc;
1067 __le32 data_len;
1068 __le32 seq_lower_word;
1069 } __packed *sigblock;
1070 struct {
1071 __le64 a, b, c, d;
1072 } __packed *penc = enc_buf;
1073
1074 if (au->session_key.type == CEPH_CRYPTO_AES) {
1075 /* no leading len, no ceph_x_encrypt_header */
1076 sigblock = enc_buf;
1077 } else {
1078 BUILD_BUG_ON(SHA256_DIGEST_SIZE + sizeof(*sigblock) >
1079 CEPHX_AU_ENC_BUF_LEN);
1080 sigblock = enc_buf + SHA256_DIGEST_SIZE;
1081 }
1082
1083 sigblock->header_crc = msg->hdr.crc;
1084 sigblock->front_crc = msg->footer.front_crc;
1085 sigblock->front_len = msg->hdr.front_len;
1086 sigblock->middle_crc = msg->footer.middle_crc;
1087 sigblock->middle_len = msg->hdr.middle_len;
1088 sigblock->data_crc = msg->footer.data_crc;
1089 sigblock->data_len = msg->hdr.data_len;
1090 sigblock->seq_lower_word = *(__le32 *)&msg->hdr.seq;
1091
1092 if (au->session_key.type == CEPH_CRYPTO_AES) {
1093 int ciphertext_len; /* unused */
1094
1095 ret = ceph_crypt(&au->session_key, 0 /* dummy */,
1096 true, enc_buf, CEPHX_AU_ENC_BUF_LEN,
1097 sizeof(*sigblock), &ciphertext_len);
1098 if (ret)
1099 return ret;
1100 } else {
1101 ceph_hmac_sha256(&au->session_key, sigblock,
1102 sizeof(*sigblock), enc_buf);
1103 }
1104
1105 *psig = penc->a ^ penc->b ^ penc->c ^ penc->d;
1106 }
1107
1108 return 0;
1109 }
1110
ceph_x_sign_message(struct ceph_auth_handshake * auth,struct ceph_msg * msg)1111 static int ceph_x_sign_message(struct ceph_auth_handshake *auth,
1112 struct ceph_msg *msg)
1113 {
1114 __le64 sig;
1115 int ret;
1116
1117 if (ceph_test_opt(from_msgr(msg->con->msgr), NOMSGSIGN))
1118 return 0;
1119
1120 ret = calc_signature((struct ceph_x_authorizer *)auth->authorizer,
1121 msg, &sig);
1122 if (ret)
1123 return ret;
1124
1125 msg->footer.sig = sig;
1126 msg->footer.flags |= CEPH_MSG_FOOTER_SIGNED;
1127 return 0;
1128 }
1129
ceph_x_check_message_signature(struct ceph_auth_handshake * auth,struct ceph_msg * msg)1130 static int ceph_x_check_message_signature(struct ceph_auth_handshake *auth,
1131 struct ceph_msg *msg)
1132 {
1133 __le64 sig_check;
1134 int ret;
1135
1136 if (ceph_test_opt(from_msgr(msg->con->msgr), NOMSGSIGN))
1137 return 0;
1138
1139 ret = calc_signature((struct ceph_x_authorizer *)auth->authorizer,
1140 msg, &sig_check);
1141 if (ret)
1142 return ret;
1143 if (sig_check == msg->footer.sig)
1144 return 0;
1145 if (msg->footer.flags & CEPH_MSG_FOOTER_SIGNED)
1146 dout("ceph_x_check_message_signature %p has signature %llx "
1147 "expect %llx\n", msg, msg->footer.sig, sig_check);
1148 else
1149 dout("ceph_x_check_message_signature %p sender did not set "
1150 "CEPH_MSG_FOOTER_SIGNED\n", msg);
1151 return -EBADMSG;
1152 }
1153
1154 static const struct ceph_auth_client_ops ceph_x_ops = {
1155 .is_authenticated = ceph_x_is_authenticated,
1156 .should_authenticate = ceph_x_should_authenticate,
1157 .build_request = ceph_x_build_request,
1158 .handle_reply = ceph_x_handle_reply,
1159 .create_authorizer = ceph_x_create_authorizer,
1160 .update_authorizer = ceph_x_update_authorizer,
1161 .add_authorizer_challenge = ceph_x_add_authorizer_challenge,
1162 .verify_authorizer_reply = ceph_x_verify_authorizer_reply,
1163 .invalidate_authorizer = ceph_x_invalidate_authorizer,
1164 .reset = ceph_x_reset,
1165 .destroy = ceph_x_destroy,
1166 .sign_message = ceph_x_sign_message,
1167 .check_message_signature = ceph_x_check_message_signature,
1168 };
1169
1170
ceph_x_init(struct ceph_auth_client * ac)1171 int ceph_x_init(struct ceph_auth_client *ac)
1172 {
1173 struct ceph_x_info *xi;
1174 int ret;
1175
1176 dout("ceph_x_init %p\n", ac);
1177 xi = kzalloc_obj(*xi, GFP_NOFS);
1178 if (!xi)
1179 return -ENOMEM;
1180
1181 ret = -EINVAL;
1182 if (!ac->key) {
1183 pr_err("no secret set (for auth_x protocol)\n");
1184 goto err_xi;
1185 }
1186
1187 ret = ceph_crypto_key_clone(&xi->secret, ac->key);
1188 if (ret < 0) {
1189 pr_err("cannot clone key: %d\n", ret);
1190 goto err_xi;
1191 }
1192
1193 ret = ceph_crypto_key_prepare(&xi->secret, client_key_usages,
1194 ARRAY_SIZE(client_key_usages));
1195 if (ret) {
1196 pr_err("cannot prepare key: %d\n", ret);
1197 goto err_secret;
1198 }
1199
1200 xi->starting = true;
1201 xi->ticket_handlers = RB_ROOT;
1202
1203 ac->protocol = CEPH_AUTH_CEPHX;
1204 ac->private = xi;
1205 ac->ops = &ceph_x_ops;
1206 return 0;
1207
1208 err_secret:
1209 ceph_crypto_key_destroy(&xi->secret);
1210 err_xi:
1211 kfree(xi);
1212 return ret;
1213 }
1214