1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * NVMe over Fabrics DH-HMAC-CHAP authentication. 4 * Copyright (c) 2020 Hannes Reinecke, SUSE Software Solutions. 5 * All rights reserved. 6 */ 7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 8 #include <linux/module.h> 9 #include <linux/init.h> 10 #include <linux/slab.h> 11 #include <linux/err.h> 12 #include <linux/crc32.h> 13 #include <linux/base64.h> 14 #include <linux/ctype.h> 15 #include <linux/random.h> 16 #include <linux/nvme-auth.h> 17 #include <linux/nvme-keyring.h> 18 #include <linux/unaligned.h> 19 20 #include "nvmet.h" 21 22 int nvmet_auth_set_key(struct nvmet_host *host, const char *secret, 23 bool set_ctrl) 24 { 25 unsigned char key_hash; 26 char *dhchap_secret; 27 28 if (!strlen(secret)) { 29 if (set_ctrl) { 30 kfree(host->dhchap_ctrl_secret); 31 host->dhchap_ctrl_secret = NULL; 32 host->dhchap_ctrl_key_hash = 0; 33 } else { 34 kfree(host->dhchap_secret); 35 host->dhchap_secret = NULL; 36 host->dhchap_key_hash = 0; 37 } 38 return 0; 39 } 40 if (sscanf(secret, "DHHC-1:%hhd:%*s", &key_hash) != 1) 41 return -EINVAL; 42 if (key_hash > 3) { 43 pr_warn("Invalid DH-HMAC-CHAP hash id %d\n", 44 key_hash); 45 return -EINVAL; 46 } 47 dhchap_secret = kstrdup(secret, GFP_KERNEL); 48 if (!dhchap_secret) 49 return -ENOMEM; 50 down_write(&nvmet_config_sem); 51 if (set_ctrl) { 52 kfree(host->dhchap_ctrl_secret); 53 host->dhchap_ctrl_secret = strim(dhchap_secret); 54 host->dhchap_ctrl_key_hash = key_hash; 55 } else { 56 kfree(host->dhchap_secret); 57 host->dhchap_secret = strim(dhchap_secret); 58 host->dhchap_key_hash = key_hash; 59 } 60 up_write(&nvmet_config_sem); 61 return 0; 62 } 63 64 int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, u8 dhgroup_id) 65 { 66 const char *dhgroup_kpp; 67 int ret = 0; 68 69 pr_debug("%s: ctrl %d selecting dhgroup %d\n", 70 __func__, ctrl->cntlid, dhgroup_id); 71 72 if (ctrl->dh_tfm) { 73 if (ctrl->dh_gid == dhgroup_id) { 74 pr_debug("%s: ctrl %d reuse existing DH group %d\n", 75 __func__, ctrl->cntlid, dhgroup_id); 76 return 0; 77 } 78 crypto_free_kpp(ctrl->dh_tfm); 79 ctrl->dh_tfm = NULL; 80 ctrl->dh_gid = 0; 81 } 82 83 if (dhgroup_id == NVME_AUTH_DHGROUP_NULL) 84 return 0; 85 86 dhgroup_kpp = nvme_auth_dhgroup_kpp(dhgroup_id); 87 if (!dhgroup_kpp) { 88 pr_debug("%s: ctrl %d invalid DH group %d\n", 89 __func__, ctrl->cntlid, dhgroup_id); 90 return -EINVAL; 91 } 92 ctrl->dh_tfm = crypto_alloc_kpp(dhgroup_kpp, 0, 0); 93 if (IS_ERR(ctrl->dh_tfm)) { 94 pr_debug("%s: ctrl %d failed to setup DH group %d, err %ld\n", 95 __func__, ctrl->cntlid, dhgroup_id, 96 PTR_ERR(ctrl->dh_tfm)); 97 ret = PTR_ERR(ctrl->dh_tfm); 98 ctrl->dh_tfm = NULL; 99 ctrl->dh_gid = 0; 100 } else { 101 ctrl->dh_gid = dhgroup_id; 102 pr_debug("%s: ctrl %d setup DH group %d\n", 103 __func__, ctrl->cntlid, ctrl->dh_gid); 104 ret = nvme_auth_gen_privkey(ctrl->dh_tfm, ctrl->dh_gid); 105 if (ret < 0) { 106 pr_debug("%s: ctrl %d failed to generate private key, err %d\n", 107 __func__, ctrl->cntlid, ret); 108 kfree_sensitive(ctrl->dh_key); 109 ctrl->dh_key = NULL; 110 return ret; 111 } 112 ctrl->dh_keysize = crypto_kpp_maxsize(ctrl->dh_tfm); 113 kfree_sensitive(ctrl->dh_key); 114 ctrl->dh_key = kzalloc(ctrl->dh_keysize, GFP_KERNEL); 115 if (!ctrl->dh_key) { 116 pr_warn("ctrl %d failed to allocate public key\n", 117 ctrl->cntlid); 118 return -ENOMEM; 119 } 120 ret = nvme_auth_gen_pubkey(ctrl->dh_tfm, ctrl->dh_key, 121 ctrl->dh_keysize); 122 if (ret < 0) { 123 pr_warn("ctrl %d failed to generate public key\n", 124 ctrl->cntlid); 125 kfree(ctrl->dh_key); 126 ctrl->dh_key = NULL; 127 } 128 } 129 130 return ret; 131 } 132 133 u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq, bool reset) 134 { 135 int ret = 0; 136 struct nvmet_host_link *p; 137 struct nvmet_host *host = NULL; 138 139 down_read(&nvmet_config_sem); 140 if (nvmet_is_disc_subsys(ctrl->subsys)) 141 goto out_unlock; 142 143 if (ctrl->subsys->allow_any_host) 144 goto out_unlock; 145 146 list_for_each_entry(p, &ctrl->subsys->hosts, entry) { 147 pr_debug("check %s\n", nvmet_host_name(p->host)); 148 if (strcmp(nvmet_host_name(p->host), ctrl->hostnqn)) 149 continue; 150 host = p->host; 151 break; 152 } 153 if (!host) { 154 pr_debug("host %s not found\n", ctrl->hostnqn); 155 ret = NVME_AUTH_DHCHAP_FAILURE_FAILED; 156 goto out_unlock; 157 } 158 159 if (!reset && nvmet_queue_tls_keyid(sq)) { 160 pr_debug("host %s tls enabled\n", ctrl->hostnqn); 161 goto out_unlock; 162 } 163 164 ret = nvmet_setup_dhgroup(ctrl, host->dhchap_dhgroup_id); 165 if (ret < 0) { 166 pr_warn("Failed to setup DH group"); 167 ret = NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE; 168 goto out_unlock; 169 } 170 171 if (!host->dhchap_secret) { 172 pr_debug("No authentication provided\n"); 173 goto out_unlock; 174 } 175 176 if (host->dhchap_hash_id == ctrl->shash_id) { 177 pr_debug("Re-use existing hash ID %d\n", 178 ctrl->shash_id); 179 } else { 180 ctrl->shash_id = host->dhchap_hash_id; 181 } 182 183 /* Skip the 'DHHC-1:XX:' prefix */ 184 nvme_auth_free_key(ctrl->host_key); 185 ctrl->host_key = nvme_auth_extract_key(host->dhchap_secret + 10, 186 host->dhchap_key_hash); 187 if (IS_ERR(ctrl->host_key)) { 188 ret = NVME_AUTH_DHCHAP_FAILURE_NOT_USABLE; 189 ctrl->host_key = NULL; 190 goto out_free_hash; 191 } 192 pr_debug("%s: using hash %s key %*ph\n", __func__, 193 ctrl->host_key->hash > 0 ? 194 nvme_auth_hmac_name(ctrl->host_key->hash) : "none", 195 (int)ctrl->host_key->len, ctrl->host_key->key); 196 197 nvme_auth_free_key(ctrl->ctrl_key); 198 if (!host->dhchap_ctrl_secret) { 199 ctrl->ctrl_key = NULL; 200 goto out_unlock; 201 } 202 203 ctrl->ctrl_key = nvme_auth_extract_key(host->dhchap_ctrl_secret + 10, 204 host->dhchap_ctrl_key_hash); 205 if (IS_ERR(ctrl->ctrl_key)) { 206 ret = NVME_AUTH_DHCHAP_FAILURE_NOT_USABLE; 207 ctrl->ctrl_key = NULL; 208 goto out_free_hash; 209 } 210 pr_debug("%s: using ctrl hash %s key %*ph\n", __func__, 211 ctrl->ctrl_key->hash > 0 ? 212 nvme_auth_hmac_name(ctrl->ctrl_key->hash) : "none", 213 (int)ctrl->ctrl_key->len, ctrl->ctrl_key->key); 214 215 out_free_hash: 216 if (ret) { 217 if (ctrl->host_key) { 218 nvme_auth_free_key(ctrl->host_key); 219 ctrl->host_key = NULL; 220 } 221 ctrl->shash_id = 0; 222 } 223 out_unlock: 224 up_read(&nvmet_config_sem); 225 226 return ret; 227 } 228 229 void nvmet_auth_sq_free(struct nvmet_sq *sq) 230 { 231 cancel_delayed_work(&sq->auth_expired_work); 232 kfree(sq->dhchap_c1); 233 sq->dhchap_c1 = NULL; 234 kfree(sq->dhchap_c2); 235 sq->dhchap_c2 = NULL; 236 kfree(sq->dhchap_skey); 237 sq->dhchap_skey = NULL; 238 } 239 240 void nvmet_destroy_auth(struct nvmet_ctrl *ctrl) 241 { 242 ctrl->shash_id = 0; 243 244 if (ctrl->dh_tfm) { 245 crypto_free_kpp(ctrl->dh_tfm); 246 ctrl->dh_tfm = NULL; 247 ctrl->dh_gid = 0; 248 } 249 kfree_sensitive(ctrl->dh_key); 250 ctrl->dh_key = NULL; 251 252 if (ctrl->host_key) { 253 nvme_auth_free_key(ctrl->host_key); 254 ctrl->host_key = NULL; 255 } 256 if (ctrl->ctrl_key) { 257 nvme_auth_free_key(ctrl->ctrl_key); 258 ctrl->ctrl_key = NULL; 259 } 260 #ifdef CONFIG_NVME_TARGET_TCP_TLS 261 if (ctrl->tls_key) { 262 key_put(ctrl->tls_key); 263 ctrl->tls_key = NULL; 264 } 265 #endif 266 } 267 268 bool nvmet_check_auth_status(struct nvmet_req *req) 269 { 270 if (req->sq->ctrl->host_key) { 271 if (req->sq->qid > 0) 272 return true; 273 if (!req->sq->authenticated) 274 return false; 275 } 276 return true; 277 } 278 279 int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response, 280 unsigned int shash_len) 281 { 282 struct nvme_auth_hmac_ctx hmac; 283 struct nvmet_ctrl *ctrl = req->sq->ctrl; 284 u8 *challenge = req->sq->dhchap_c1; 285 struct nvme_dhchap_key *transformed_key; 286 u8 buf[4]; 287 int ret; 288 289 transformed_key = nvme_auth_transform_key(ctrl->host_key, 290 ctrl->hostnqn); 291 if (IS_ERR(transformed_key)) 292 return PTR_ERR(transformed_key); 293 294 ret = nvme_auth_hmac_init(&hmac, ctrl->shash_id, transformed_key->key, 295 transformed_key->len); 296 if (ret) 297 goto out_free_response; 298 299 if (shash_len != nvme_auth_hmac_hash_len(ctrl->shash_id)) { 300 pr_err("%s: hash len mismatch (len %u digest %zu)\n", __func__, 301 shash_len, nvme_auth_hmac_hash_len(ctrl->shash_id)); 302 ret = -EINVAL; 303 goto out_free_response; 304 } 305 306 if (ctrl->dh_gid != NVME_AUTH_DHGROUP_NULL) { 307 challenge = kmalloc(shash_len, GFP_KERNEL); 308 if (!challenge) { 309 ret = -ENOMEM; 310 goto out_free_response; 311 } 312 ret = nvme_auth_augmented_challenge(ctrl->shash_id, 313 req->sq->dhchap_skey, 314 req->sq->dhchap_skey_len, 315 req->sq->dhchap_c1, 316 challenge, shash_len); 317 if (ret) 318 goto out_free_challenge; 319 } 320 321 pr_debug("ctrl %d qid %d host response seq %u transaction %d\n", 322 ctrl->cntlid, req->sq->qid, req->sq->dhchap_s1, 323 req->sq->dhchap_tid); 324 325 nvme_auth_hmac_update(&hmac, challenge, shash_len); 326 327 put_unaligned_le32(req->sq->dhchap_s1, buf); 328 nvme_auth_hmac_update(&hmac, buf, 4); 329 330 put_unaligned_le16(req->sq->dhchap_tid, buf); 331 nvme_auth_hmac_update(&hmac, buf, 2); 332 333 *buf = req->sq->sc_c; 334 nvme_auth_hmac_update(&hmac, buf, 1); 335 nvme_auth_hmac_update(&hmac, "HostHost", 8); 336 memset(buf, 0, 4); 337 nvme_auth_hmac_update(&hmac, ctrl->hostnqn, strlen(ctrl->hostnqn)); 338 nvme_auth_hmac_update(&hmac, buf, 1); 339 nvme_auth_hmac_update(&hmac, ctrl->subsys->subsysnqn, 340 strlen(ctrl->subsys->subsysnqn)); 341 nvme_auth_hmac_final(&hmac, response); 342 ret = 0; 343 out_free_challenge: 344 if (challenge != req->sq->dhchap_c1) 345 kfree(challenge); 346 out_free_response: 347 memzero_explicit(&hmac, sizeof(hmac)); 348 nvme_auth_free_key(transformed_key); 349 return ret; 350 } 351 352 int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *response, 353 unsigned int shash_len) 354 { 355 struct nvme_auth_hmac_ctx hmac; 356 struct nvmet_ctrl *ctrl = req->sq->ctrl; 357 u8 *challenge = req->sq->dhchap_c2; 358 struct nvme_dhchap_key *transformed_key; 359 u8 buf[4]; 360 int ret; 361 362 transformed_key = nvme_auth_transform_key(ctrl->ctrl_key, 363 ctrl->subsys->subsysnqn); 364 if (IS_ERR(transformed_key)) 365 return PTR_ERR(transformed_key); 366 367 ret = nvme_auth_hmac_init(&hmac, ctrl->shash_id, transformed_key->key, 368 transformed_key->len); 369 if (ret) 370 goto out_free_response; 371 372 if (shash_len != nvme_auth_hmac_hash_len(ctrl->shash_id)) { 373 pr_err("%s: hash len mismatch (len %u digest %zu)\n", __func__, 374 shash_len, nvme_auth_hmac_hash_len(ctrl->shash_id)); 375 ret = -EINVAL; 376 goto out_free_response; 377 } 378 379 if (ctrl->dh_gid != NVME_AUTH_DHGROUP_NULL) { 380 challenge = kmalloc(shash_len, GFP_KERNEL); 381 if (!challenge) { 382 ret = -ENOMEM; 383 goto out_free_response; 384 } 385 ret = nvme_auth_augmented_challenge(ctrl->shash_id, 386 req->sq->dhchap_skey, 387 req->sq->dhchap_skey_len, 388 req->sq->dhchap_c2, 389 challenge, shash_len); 390 if (ret) 391 goto out_free_challenge; 392 } 393 394 nvme_auth_hmac_update(&hmac, challenge, shash_len); 395 396 put_unaligned_le32(req->sq->dhchap_s2, buf); 397 nvme_auth_hmac_update(&hmac, buf, 4); 398 399 put_unaligned_le16(req->sq->dhchap_tid, buf); 400 nvme_auth_hmac_update(&hmac, buf, 2); 401 402 *buf = req->sq->sc_c; 403 nvme_auth_hmac_update(&hmac, buf, 1); 404 nvme_auth_hmac_update(&hmac, "Controller", 10); 405 nvme_auth_hmac_update(&hmac, ctrl->subsys->subsysnqn, 406 strlen(ctrl->subsys->subsysnqn)); 407 memset(buf, 0, 4); 408 nvme_auth_hmac_update(&hmac, buf, 1); 409 nvme_auth_hmac_update(&hmac, ctrl->hostnqn, strlen(ctrl->hostnqn)); 410 nvme_auth_hmac_final(&hmac, response); 411 ret = 0; 412 out_free_challenge: 413 if (challenge != req->sq->dhchap_c2) 414 kfree(challenge); 415 out_free_response: 416 memzero_explicit(&hmac, sizeof(hmac)); 417 nvme_auth_free_key(transformed_key); 418 return ret; 419 } 420 421 int nvmet_auth_ctrl_exponential(struct nvmet_req *req, 422 u8 *buf, int buf_size) 423 { 424 struct nvmet_ctrl *ctrl = req->sq->ctrl; 425 int ret = 0; 426 427 if (!ctrl->dh_key) { 428 pr_warn("ctrl %d no DH public key!\n", ctrl->cntlid); 429 return -ENOKEY; 430 } 431 if (buf_size != ctrl->dh_keysize) { 432 pr_warn("ctrl %d DH public key size mismatch, need %zu is %d\n", 433 ctrl->cntlid, ctrl->dh_keysize, buf_size); 434 ret = -EINVAL; 435 } else { 436 memcpy(buf, ctrl->dh_key, buf_size); 437 pr_debug("%s: ctrl %d public key %*ph\n", __func__, 438 ctrl->cntlid, (int)buf_size, buf); 439 } 440 441 return ret; 442 } 443 444 int nvmet_auth_ctrl_sesskey(struct nvmet_req *req, 445 const u8 *pkey, int pkey_size) 446 { 447 struct nvmet_ctrl *ctrl = req->sq->ctrl; 448 int ret; 449 450 req->sq->dhchap_skey_len = nvme_auth_hmac_hash_len(ctrl->shash_id); 451 req->sq->dhchap_skey = kzalloc(req->sq->dhchap_skey_len, GFP_KERNEL); 452 if (!req->sq->dhchap_skey) 453 return -ENOMEM; 454 ret = nvme_auth_gen_session_key(ctrl->dh_tfm, 455 pkey, pkey_size, 456 req->sq->dhchap_skey, 457 req->sq->dhchap_skey_len, 458 ctrl->shash_id); 459 if (ret) 460 pr_debug("failed to compute session key, err %d\n", ret); 461 else 462 pr_debug("%s: session key %*ph\n", __func__, 463 (int)req->sq->dhchap_skey_len, 464 req->sq->dhchap_skey); 465 466 return ret; 467 } 468 469 void nvmet_auth_insert_psk(struct nvmet_sq *sq) 470 { 471 int hash_len = nvme_auth_hmac_hash_len(sq->ctrl->shash_id); 472 u8 *psk, *tls_psk; 473 char *digest; 474 size_t psk_len; 475 int ret; 476 #ifdef CONFIG_NVME_TARGET_TCP_TLS 477 struct key *tls_key = NULL; 478 #endif 479 480 ret = nvme_auth_generate_psk(sq->ctrl->shash_id, 481 sq->dhchap_skey, 482 sq->dhchap_skey_len, 483 sq->dhchap_c1, sq->dhchap_c2, 484 hash_len, &psk, &psk_len); 485 if (ret) { 486 pr_warn("%s: ctrl %d qid %d failed to generate PSK, error %d\n", 487 __func__, sq->ctrl->cntlid, sq->qid, ret); 488 return; 489 } 490 ret = nvme_auth_generate_digest(sq->ctrl->shash_id, psk, psk_len, 491 sq->ctrl->subsys->subsysnqn, 492 sq->ctrl->hostnqn, &digest); 493 if (ret) { 494 pr_warn("%s: ctrl %d qid %d failed to generate digest, error %d\n", 495 __func__, sq->ctrl->cntlid, sq->qid, ret); 496 goto out_free_psk; 497 } 498 ret = nvme_auth_derive_tls_psk(sq->ctrl->shash_id, psk, psk_len, 499 digest, &tls_psk); 500 if (ret) { 501 pr_warn("%s: ctrl %d qid %d failed to derive TLS PSK, error %d\n", 502 __func__, sq->ctrl->cntlid, sq->qid, ret); 503 goto out_free_digest; 504 } 505 #ifdef CONFIG_NVME_TARGET_TCP_TLS 506 tls_key = nvme_tls_psk_refresh(NULL, sq->ctrl->hostnqn, 507 sq->ctrl->subsys->subsysnqn, 508 sq->ctrl->shash_id, tls_psk, psk_len, 509 digest); 510 if (IS_ERR(tls_key)) { 511 pr_warn("%s: ctrl %d qid %d failed to refresh key, error %ld\n", 512 __func__, sq->ctrl->cntlid, sq->qid, PTR_ERR(tls_key)); 513 tls_key = NULL; 514 } 515 if (sq->ctrl->tls_key) 516 key_put(sq->ctrl->tls_key); 517 sq->ctrl->tls_key = tls_key; 518 #endif 519 kfree_sensitive(tls_psk); 520 out_free_digest: 521 kfree_sensitive(digest); 522 out_free_psk: 523 kfree_sensitive(psk); 524 } 525