| Message ID | 20210716110428.9727-11-hare@suse.de (mailing list archive) |
|---|---|
| State | Not Applicable |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | nvme: In-band authentication support | expand |
Am Freitag, 16. Juli 2021, 13:04:27 CEST schrieb Hannes Reinecke: Hi Hannes, > Implement support for augmented challenge with FFDHE groups. > This patch adds a new configfs attribute 'dhchap_dhgroup' to > select the DH group to use. > > Signed-off-by: Hannes Reinecke <hare@suse.de> > --- > drivers/nvme/target/auth.c | 241 ++++++++++++++++++++++++- > drivers/nvme/target/configfs.c | 31 ++++ > drivers/nvme/target/fabrics-cmd-auth.c | 14 +- > 3 files changed, 281 insertions(+), 5 deletions(-) > > diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c > index 00c7d051dfb1..cc7f12a7c8bf 100644 > --- a/drivers/nvme/target/auth.c > +++ b/drivers/nvme/target/auth.c > @@ -58,11 +58,56 @@ int nvmet_auth_set_host_key(struct nvmet_host *host, > const char *secret) > > int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, int dhgroup_id) > { > + struct nvmet_host_link *p; > + struct nvmet_host *host = NULL; > + const char *dhgroup_kpp; > int ret = -ENOTSUPP; > > if (dhgroup_id == NVME_AUTH_DHCHAP_DHGROUP_NULL) > return 0; > > + down_read(&nvmet_config_sem); > + if (ctrl->subsys->type == NVME_NQN_DISC) > + goto out_unlock; > + > + list_for_each_entry(p, &ctrl->subsys->hosts, entry) { > + if (strcmp(nvmet_host_name(p->host), ctrl->hostnqn)) > + continue; > + host = p->host; > + break; > + } > + if (!host) { > + pr_debug("host %s not found\n", ctrl->hostnqn); > + ret = -ENXIO; > + goto out_unlock; > + } > + > + if (host->dhchap_dhgroup_id != dhgroup_id) { > + ret = -EINVAL; > + goto out_unlock; > + } > + dhgroup_kpp = nvme_auth_dhgroup_kpp(dhgroup_id); > + if (!dhgroup_kpp) { > + ret = -EINVAL; > + goto out_unlock; > + } > + ctrl->dh_tfm = crypto_alloc_kpp(dhgroup_kpp, 0, 0); > + if (IS_ERR(ctrl->dh_tfm)) { > + pr_debug("failed to setup DH group %d, err %ld\n", > + dhgroup_id, PTR_ERR(ctrl->dh_tfm)); > + ret = PTR_ERR(ctrl->dh_tfm); > + ctrl->dh_tfm = NULL; > + } else { > + ctrl->dh_gid = dhgroup_id; > + ctrl->dh_keysize = nvme_auth_dhgroup_pubkey_size(dhgroup_id); > + pr_debug("select DH group %d keysize %d\n", > + ctrl->dh_gid, ctrl->dh_keysize); > + ret = 0; > + } > + > +out_unlock: > + up_read(&nvmet_config_sem); > + > return ret; > } > > @@ -192,6 +237,101 @@ bool nvmet_check_auth_status(struct nvmet_req *req) > return true; > } > > +static int nvmet_auth_hash_sesskey(struct nvmet_req *req, u8 *hashed_key) > +{ > + struct nvmet_ctrl *ctrl = req->sq->ctrl; > + const char *hmac_name, *digest_name; > + struct crypto_shash *tfm; > + int hmac_id, ret; > + > + if (!ctrl->shash_tfm) { > + pr_debug("%s: hash alg not set\n", __func__); > + return -EINVAL; > + } > + hmac_name = crypto_shash_alg_name(ctrl->shash_tfm); > + hmac_id = nvme_auth_hmac_id(hmac_name); > + if (hmac_id < 0) { > + pr_debug("%s: unsupported hmac %s\n", __func__, > + hmac_name); > + return -EINVAL; > + } > + digest_name = nvme_auth_digest_name(hmac_id); > + if (!digest_name) { > + pr_debug("%s: failed to get digest for %s\n", __func__, > + hmac_name); > + return -EINVAL; > + } > + tfm = crypto_alloc_shash(digest_name, 0, 0); > + if (IS_ERR(tfm)) > + return -ENOMEM; > + > + ret = crypto_shash_tfm_digest(tfm, req->sq->dhchap_skey, > + req->sq->dhchap_skey_len, hashed_key); > + if (ret < 0) > + pr_debug("%s: Failed to hash digest len %d\n", __func__, > + req->sq->dhchap_skey_len); > + > + crypto_free_shash(tfm); > + return ret; > +} > + > +static int nvmet_auth_augmented_challenge(struct nvmet_req *req, > + u8 *challenge, u8 *aug) > +{ > + struct nvmet_ctrl *ctrl = req->sq->ctrl; > + struct crypto_shash *tfm; > + struct shash_desc *desc; > + u8 *hashed_key; > + const char *hash_name; > + int hash_len = req->sq->dhchap_hash_len; > + int ret; > + > + hashed_key = kmalloc(hash_len, GFP_KERNEL); > + if (!hashed_key) > + return -ENOMEM; > + > + ret = nvmet_auth_hash_sesskey(req, hashed_key); > + if (ret < 0) { > + pr_debug("failed to hash session key, err %d\n", ret); > + kfree(hashed_key); > + return ret; > + } > + hash_name = crypto_shash_alg_name(ctrl->shash_tfm); > + if (!hash_name) { > + pr_debug("Invalid hash algoritm\n"); > + return -EINVAL; > + } > + tfm = crypto_alloc_shash(hash_name, 0, 0); > + if (IS_ERR(tfm)) { > + ret = PTR_ERR(tfm); > + goto out_free_key; > + } > + desc = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(tfm), > + GFP_KERNEL); > + if (!desc) { > + ret = -ENOMEM; > + goto out_free_hash; > + } > + desc->tfm = tfm; > + > + ret = crypto_shash_setkey(tfm, hashed_key, hash_len); > + if (ret) > + goto out_free_desc; > + ret = crypto_shash_init(desc); > + if (ret) > + goto out_free_desc; > + crypto_shash_update(desc, challenge, hash_len); > + crypto_shash_final(desc, aug); > + > +out_free_desc: > + kfree_sensitive(desc); > +out_free_hash: > + crypto_free_shash(tfm); > +out_free_key: > + kfree(hashed_key); > + return ret; > +} > + > int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response, > unsigned int shash_len) > { > @@ -202,8 +342,15 @@ int nvmet_auth_host_hash(struct nvmet_req *req, u8 > *response, int ret; > > if (ctrl->dh_gid != NVME_AUTH_DHCHAP_DHGROUP_NULL) { > - ret = -ENOTSUPP; > - goto out; > + challenge = kmalloc(shash_len, GFP_KERNEL); Alignment? > + if (!challenge) { > + ret = -ENOMEM; > + goto out; > + } > + ret = nvmet_auth_augmented_challenge(req, req->sq->dhchap_c1, > + challenge); > + if (ret) > + goto out; > } > > shash->tfm = ctrl->shash_tfm; > @@ -264,8 +411,15 @@ int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 > *response, ctrl->cntlid, ctrl->hostnqn); > > if (ctrl->dh_gid != NVME_AUTH_DHCHAP_DHGROUP_NULL) { > - ret = -ENOTSUPP; > - goto out; > + challenge = kmalloc(shash_len, GFP_KERNEL); dto. > + if (!challenge) { > + ret = -ENOMEM; > + goto out; > + } > + ret = nvmet_auth_augmented_challenge(req, req->sq->dhchap_c2, > + challenge); > + if (ret) > + goto out; > } > > shash->tfm = ctrl->shash_tfm; > @@ -307,6 +461,85 @@ int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 > *response, return 0; > } > > +int nvmet_auth_ctrl_exponential(struct nvmet_req *req, > + u8 *buf, int buf_size) > +{ > + struct nvmet_ctrl *ctrl = req->sq->ctrl; > + struct kpp_request *kpp_req; > + struct crypto_wait wait; > + char *pkey; > + struct scatterlist dst; > + int ret, pkey_len; > + > + if (ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_2048 || > + ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_3072 || > + ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_4096 || > + ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_6144 || > + ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_8192) { > + struct dh p = {0}; > + int bits = nvme_auth_dhgroup_pubkey_size(ctrl->dh_gid) << 3; > + > + ret = crypto_ffdhe_params(&p, bits); > + if (ret) > + return ret; > + > + p.key = ctrl->dhchap_key; > + p.key_size = ctrl->dhchap_key_len; > + > + pkey_len = crypto_dh_key_len(&p); > + pkey = kmalloc(pkey_len, GFP_KERNEL); > + if (!pkey) > + return -ENOMEM; > + > + get_random_bytes(pkey, pkey_len); > + ret = crypto_dh_encode_key(pkey, pkey_len, &p); > + if (ret) { > + pr_debug("failed to encode private key, error %d\n", > + ret); > + goto out; > + } > + } else { > + pr_warn("invalid dh group %d\n", ctrl->dh_gid); > + return -EINVAL; > + } > + ret = crypto_kpp_set_secret(ctrl->dh_tfm, pkey, pkey_len); > + if (ret) { > + pr_debug("failed to set private key, error %d\n", ret); > + goto out; > + } > + > + kpp_req = kpp_request_alloc(ctrl->dh_tfm, GFP_KERNEL); > + if (!kpp_req) { > + pr_debug("cannot allocate kpp request\n"); > + ret = -ENOMEM; > + goto out; > + } > + > + crypto_init_wait(&wait); > + kpp_request_set_input(kpp_req, NULL, 0); > + sg_init_one(&dst, buf, buf_size); > + kpp_request_set_output(kpp_req, &dst, buf_size); > + kpp_request_set_callback(kpp_req, CRYPTO_TFM_REQ_MAY_BACKLOG, > + crypto_req_done, &wait); > + > + ret = crypto_wait_req(crypto_kpp_generate_public_key(kpp_req), &wait); > + kpp_request_free(kpp_req); > + if (ret == -EOVERFLOW) { > + pr_debug("public key buffer too small, need %d is %d\n", > + crypto_kpp_maxsize(ctrl->dh_tfm), buf_size); > + ret = -ENOKEY; > + } else if (ret) { > + pr_debug("failed to generate public key, err %d\n", ret); > + ret = -ENOKEY; > + } else > + pr_debug("%s: ctrl public key %*ph\n", __func__, > + (int)buf_size, buf); > + > +out: > + kfree_sensitive(pkey); > + return ret; > +} In general: the target/host authentication code looks very similar. Is there no way to have a common code base? > + > int nvmet_auth_ctrl_sesskey(struct nvmet_req *req, > u8 *pkey, int pkey_size) > { > diff --git a/drivers/nvme/target/configfs.c b/drivers/nvme/target/configfs.c > index e0760911a761..e9b8884a83b0 100644 > --- a/drivers/nvme/target/configfs.c > +++ b/drivers/nvme/target/configfs.c > @@ -1712,9 +1712,40 @@ static ssize_t nvmet_host_dhchap_hash_store(struct > config_item *item, > > CONFIGFS_ATTR(nvmet_host_, dhchap_hash); > > +static ssize_t nvmet_host_dhchap_dhgroup_show(struct config_item *item, > + char *page) > +{ > + struct nvmet_host *host = to_host(item); > + const char *dhgroup = nvme_auth_dhgroup_name(host->dhchap_dhgroup_id); > + > + return sprintf(page, "%s\n", dhgroup ? dhgroup : "none"); > +} > + > +static ssize_t nvmet_host_dhchap_dhgroup_store(struct config_item *item, > + const char *page, size_t count) > +{ > + struct nvmet_host *host = to_host(item); > + int dhgroup_id; > + > + dhgroup_id = nvme_auth_dhgroup_id(page); > + if (dhgroup_id < 0) > + return -EINVAL; > + if (dhgroup_id != NVME_AUTH_DHCHAP_DHGROUP_NULL) { > + const char *kpp = nvme_auth_dhgroup_kpp(dhgroup_id); > + > + if (!crypto_has_kpp(kpp, 0, 0)) > + return -EINVAL; > + } > + host->dhchap_dhgroup_id = dhgroup_id; > + return count; > +} > + > +CONFIGFS_ATTR(nvmet_host_, dhchap_dhgroup); > + > static struct configfs_attribute *nvmet_host_attrs[] = { > &nvmet_host_attr_dhchap_key, > &nvmet_host_attr_dhchap_hash, > + &nvmet_host_attr_dhchap_dhgroup, > NULL, > }; > #endif /* CONFIG_NVME_TARGET_AUTH */ > diff --git a/drivers/nvme/target/fabrics-cmd-auth.c > b/drivers/nvme/target/fabrics-cmd-auth.c index 962f9f5e9d89..478ac351c645 > 100644 > --- a/drivers/nvme/target/fabrics-cmd-auth.c > +++ b/drivers/nvme/target/fabrics-cmd-auth.c > @@ -98,7 +98,11 @@ static u16 nvmet_auth_reply(struct nvmet_req *req, void > *d) return NVME_AUTH_DHCHAP_FAILURE_INVALID_PAYLOAD; > > if (data->dhvlen) { > - return NVME_AUTH_DHCHAP_FAILURE_INVALID_PAYLOAD; > + if (!ctrl->dh_tfm) > + return NVME_AUTH_DHCHAP_FAILURE_INVALID_PAYLOAD; > + if (nvmet_auth_ctrl_sesskey(req, data->rval + 2 * data->hl, > + data->dhvlen) < 0) > + return NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE; > } > > response = kmalloc(data->hl, GFP_KERNEL); > @@ -299,6 +303,8 @@ static int nvmet_auth_challenge(struct nvmet_req *req, > void *d, int al) int ret = 0; > int data_size = sizeof(*d) + req->sq->dhchap_hash_len; > > + if (ctrl->dh_tfm) > + data_size += ctrl->dh_keysize; > if (al < data_size) { > pr_debug("%s: buffer too small (al %d need %d)\n", __func__, > al, data_size); > @@ -317,6 +323,12 @@ static int nvmet_auth_challenge(struct nvmet_req *req, > void *d, int al) return -ENOMEM; > get_random_bytes(req->sq->dhchap_c1, data->hl); > memcpy(data->cval, req->sq->dhchap_c1, data->hl); > + if (ctrl->dh_tfm) { > + data->dhgid = ctrl->dh_gid; > + data->dhvlen = ctrl->dh_keysize; > + ret = nvmet_auth_ctrl_exponential(req, data->cval + data->hl, > + data->dhvlen); > + } > pr_debug("%s: ctrl %d qid %d seq %d transaction %d hl %d dhvlen %d\n", > __func__, ctrl->cntlid, req->sq->qid, req->sq->dhchap_s1, > req->sq->dhchap_tid, data->hl, data->dhvlen); Ciao Stephan
On 7/17/21 6:49 PM, Stephan Müller wrote: > Am Freitag, 16. Juli 2021, 13:04:27 CEST schrieb Hannes Reinecke: > > Hi Hannes, > >> Implement support for augmented challenge with FFDHE groups. >> This patch adds a new configfs attribute 'dhchap_dhgroup' to >> select the DH group to use. >> >> Signed-off-by: Hannes Reinecke <hare@suse.de> >> --- >> drivers/nvme/target/auth.c | 241 ++++++++++++++++++++++++- >> drivers/nvme/target/configfs.c | 31 ++++ >> drivers/nvme/target/fabrics-cmd-auth.c | 14 +- >> 3 files changed, 281 insertions(+), 5 deletions(-) >> >> diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c >> index 00c7d051dfb1..cc7f12a7c8bf 100644 >> --- a/drivers/nvme/target/auth.c >> +++ b/drivers/nvme/target/auth.c >> @@ -58,11 +58,56 @@ int nvmet_auth_set_host_key(struct nvmet_host *host, >> const char *secret) >> >> int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, int dhgroup_id) >> { >> + struct nvmet_host_link *p; >> + struct nvmet_host *host = NULL; >> + const char *dhgroup_kpp; >> int ret = -ENOTSUPP; >> >> if (dhgroup_id == NVME_AUTH_DHCHAP_DHGROUP_NULL) >> return 0; >> >> + down_read(&nvmet_config_sem); >> + if (ctrl->subsys->type == NVME_NQN_DISC) >> + goto out_unlock; >> + >> + list_for_each_entry(p, &ctrl->subsys->hosts, entry) { >> + if (strcmp(nvmet_host_name(p->host), ctrl->hostnqn)) >> + continue; >> + host = p->host; >> + break; >> + } >> + if (!host) { >> + pr_debug("host %s not found\n", ctrl->hostnqn); >> + ret = -ENXIO; >> + goto out_unlock; >> + } >> + >> + if (host->dhchap_dhgroup_id != dhgroup_id) { >> + ret = -EINVAL; >> + goto out_unlock; >> + } >> + dhgroup_kpp = nvme_auth_dhgroup_kpp(dhgroup_id); >> + if (!dhgroup_kpp) { >> + ret = -EINVAL; >> + goto out_unlock; >> + } >> + ctrl->dh_tfm = crypto_alloc_kpp(dhgroup_kpp, 0, 0); >> + if (IS_ERR(ctrl->dh_tfm)) { >> + pr_debug("failed to setup DH group %d, err %ld\n", >> + dhgroup_id, PTR_ERR(ctrl->dh_tfm)); >> + ret = PTR_ERR(ctrl->dh_tfm); >> + ctrl->dh_tfm = NULL; >> + } else { >> + ctrl->dh_gid = dhgroup_id; >> + ctrl->dh_keysize = nvme_auth_dhgroup_pubkey_size(dhgroup_id); >> + pr_debug("select DH group %d keysize %d\n", >> + ctrl->dh_gid, ctrl->dh_keysize); >> + ret = 0; >> + } >> + >> +out_unlock: >> + up_read(&nvmet_config_sem); >> + >> return ret; >> } >> >> @@ -192,6 +237,101 @@ bool nvmet_check_auth_status(struct nvmet_req *req) >> return true; >> } >> >> +static int nvmet_auth_hash_sesskey(struct nvmet_req *req, u8 *hashed_key) >> +{ >> + struct nvmet_ctrl *ctrl = req->sq->ctrl; >> + const char *hmac_name, *digest_name; >> + struct crypto_shash *tfm; >> + int hmac_id, ret; >> + >> + if (!ctrl->shash_tfm) { >> + pr_debug("%s: hash alg not set\n", __func__); >> + return -EINVAL; >> + } >> + hmac_name = crypto_shash_alg_name(ctrl->shash_tfm); >> + hmac_id = nvme_auth_hmac_id(hmac_name); >> + if (hmac_id < 0) { >> + pr_debug("%s: unsupported hmac %s\n", __func__, >> + hmac_name); >> + return -EINVAL; >> + } >> + digest_name = nvme_auth_digest_name(hmac_id); >> + if (!digest_name) { >> + pr_debug("%s: failed to get digest for %s\n", __func__, >> + hmac_name); >> + return -EINVAL; >> + } >> + tfm = crypto_alloc_shash(digest_name, 0, 0); >> + if (IS_ERR(tfm)) >> + return -ENOMEM; >> + >> + ret = crypto_shash_tfm_digest(tfm, req->sq->dhchap_skey, >> + req->sq->dhchap_skey_len, hashed_key); >> + if (ret < 0) >> + pr_debug("%s: Failed to hash digest len %d\n", __func__, >> + req->sq->dhchap_skey_len); >> + >> + crypto_free_shash(tfm); >> + return ret; >> +} >> + >> +static int nvmet_auth_augmented_challenge(struct nvmet_req *req, >> + u8 *challenge, u8 *aug) >> +{ >> + struct nvmet_ctrl *ctrl = req->sq->ctrl; >> + struct crypto_shash *tfm; >> + struct shash_desc *desc; >> + u8 *hashed_key; >> + const char *hash_name; >> + int hash_len = req->sq->dhchap_hash_len; >> + int ret; >> + >> + hashed_key = kmalloc(hash_len, GFP_KERNEL); >> + if (!hashed_key) >> + return -ENOMEM; >> + >> + ret = nvmet_auth_hash_sesskey(req, hashed_key); >> + if (ret < 0) { >> + pr_debug("failed to hash session key, err %d\n", ret); >> + kfree(hashed_key); >> + return ret; >> + } >> + hash_name = crypto_shash_alg_name(ctrl->shash_tfm); >> + if (!hash_name) { >> + pr_debug("Invalid hash algoritm\n"); >> + return -EINVAL; >> + } >> + tfm = crypto_alloc_shash(hash_name, 0, 0); >> + if (IS_ERR(tfm)) { >> + ret = PTR_ERR(tfm); >> + goto out_free_key; >> + } >> + desc = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(tfm), >> + GFP_KERNEL); >> + if (!desc) { >> + ret = -ENOMEM; >> + goto out_free_hash; >> + } >> + desc->tfm = tfm; >> + >> + ret = crypto_shash_setkey(tfm, hashed_key, hash_len); >> + if (ret) >> + goto out_free_desc; >> + ret = crypto_shash_init(desc); >> + if (ret) >> + goto out_free_desc; >> + crypto_shash_update(desc, challenge, hash_len); >> + crypto_shash_final(desc, aug); >> + >> +out_free_desc: >> + kfree_sensitive(desc); >> +out_free_hash: >> + crypto_free_shash(tfm); >> +out_free_key: >> + kfree(hashed_key); >> + return ret; >> +} >> + >> int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response, >> unsigned int shash_len) >> { >> @@ -202,8 +342,15 @@ int nvmet_auth_host_hash(struct nvmet_req *req, u8 >> *response, int ret; >> >> if (ctrl->dh_gid != NVME_AUTH_DHCHAP_DHGROUP_NULL) { >> - ret = -ENOTSUPP; >> - goto out; >> + challenge = kmalloc(shash_len, GFP_KERNEL); > > Alignment? > With what? And why? >> + if (!challenge) { >> + ret = -ENOMEM; >> + goto out; >> + } >> + ret = nvmet_auth_augmented_challenge(req, req->sq->dhchap_c1, >> + challenge); >> + if (ret) >> + goto out; >> } >> >> shash->tfm = ctrl->shash_tfm; >> @@ -264,8 +411,15 @@ int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 >> *response, ctrl->cntlid, ctrl->hostnqn); >> >> if (ctrl->dh_gid != NVME_AUTH_DHCHAP_DHGROUP_NULL) { >> - ret = -ENOTSUPP; >> - goto out; >> + challenge = kmalloc(shash_len, GFP_KERNEL); > > dto. dto. >> + if (!challenge) { >> + ret = -ENOMEM; >> + goto out; >> + } >> + ret = nvmet_auth_augmented_challenge(req, req->sq->dhchap_c2, >> + challenge); >> + if (ret) >> + goto out; >> } >> >> shash->tfm = ctrl->shash_tfm; >> @@ -307,6 +461,85 @@ int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 >> *response, return 0; >> } >> >> +int nvmet_auth_ctrl_exponential(struct nvmet_req *req, >> + u8 *buf, int buf_size) >> +{ >> + struct nvmet_ctrl *ctrl = req->sq->ctrl; >> + struct kpp_request *kpp_req; >> + struct crypto_wait wait; >> + char *pkey; >> + struct scatterlist dst; >> + int ret, pkey_len; >> + >> + if (ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_2048 || >> + ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_3072 || >> + ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_4096 || >> + ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_6144 || >> + ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_8192) { >> + struct dh p = {0}; >> + int bits = nvme_auth_dhgroup_pubkey_size(ctrl->dh_gid) << 3; >> + >> + ret = crypto_ffdhe_params(&p, bits); >> + if (ret) >> + return ret; >> + >> + p.key = ctrl->dhchap_key; >> + p.key_size = ctrl->dhchap_key_len; >> + >> + pkey_len = crypto_dh_key_len(&p); >> + pkey = kmalloc(pkey_len, GFP_KERNEL); >> + if (!pkey) >> + return -ENOMEM; >> + >> + get_random_bytes(pkey, pkey_len); >> + ret = crypto_dh_encode_key(pkey, pkey_len, &p); >> + if (ret) { >> + pr_debug("failed to encode private key, error %d\n", >> + ret); >> + goto out; >> + } >> + } else { >> + pr_warn("invalid dh group %d\n", ctrl->dh_gid); >> + return -EINVAL; >> + } >> + ret = crypto_kpp_set_secret(ctrl->dh_tfm, pkey, pkey_len); >> + if (ret) { >> + pr_debug("failed to set private key, error %d\n", ret); >> + goto out; >> + } >> + >> + kpp_req = kpp_request_alloc(ctrl->dh_tfm, GFP_KERNEL); >> + if (!kpp_req) { >> + pr_debug("cannot allocate kpp request\n"); >> + ret = -ENOMEM; >> + goto out; >> + } >> + >> + crypto_init_wait(&wait); >> + kpp_request_set_input(kpp_req, NULL, 0); >> + sg_init_one(&dst, buf, buf_size); >> + kpp_request_set_output(kpp_req, &dst, buf_size); >> + kpp_request_set_callback(kpp_req, CRYPTO_TFM_REQ_MAY_BACKLOG, >> + crypto_req_done, &wait); >> + >> + ret = crypto_wait_req(crypto_kpp_generate_public_key(kpp_req), &wait); >> + kpp_request_free(kpp_req); >> + if (ret == -EOVERFLOW) { >> + pr_debug("public key buffer too small, need %d is %d\n", >> + crypto_kpp_maxsize(ctrl->dh_tfm), buf_size); >> + ret = -ENOKEY; >> + } else if (ret) { >> + pr_debug("failed to generate public key, err %d\n", ret); >> + ret = -ENOKEY; >> + } else >> + pr_debug("%s: ctrl public key %*ph\n", __func__, >> + (int)buf_size, buf); >> + >> +out: >> + kfree_sensitive(pkey); >> + return ret; >> +} > > In general: the target/host authentication code looks very similar. Is there > no way to have a common code base? That is the plan, but I would need to rework the parameter passing for the target code to also use a 'dhchap' authentication block like the host code does. But Sagi is not entirely happy with it, so I'll rework the code once we have consensus there. Cheers, Hannes
diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c index 00c7d051dfb1..cc7f12a7c8bf 100644 --- a/drivers/nvme/target/auth.c +++ b/drivers/nvme/target/auth.c @@ -58,11 +58,56 @@ int nvmet_auth_set_host_key(struct nvmet_host *host, const char *secret) int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, int dhgroup_id) { + struct nvmet_host_link *p; + struct nvmet_host *host = NULL; + const char *dhgroup_kpp; int ret = -ENOTSUPP; if (dhgroup_id == NVME_AUTH_DHCHAP_DHGROUP_NULL) return 0; + down_read(&nvmet_config_sem); + if (ctrl->subsys->type == NVME_NQN_DISC) + goto out_unlock; + + list_for_each_entry(p, &ctrl->subsys->hosts, entry) { + if (strcmp(nvmet_host_name(p->host), ctrl->hostnqn)) + continue; + host = p->host; + break; + } + if (!host) { + pr_debug("host %s not found\n", ctrl->hostnqn); + ret = -ENXIO; + goto out_unlock; + } + + if (host->dhchap_dhgroup_id != dhgroup_id) { + ret = -EINVAL; + goto out_unlock; + } + dhgroup_kpp = nvme_auth_dhgroup_kpp(dhgroup_id); + if (!dhgroup_kpp) { + ret = -EINVAL; + goto out_unlock; + } + ctrl->dh_tfm = crypto_alloc_kpp(dhgroup_kpp, 0, 0); + if (IS_ERR(ctrl->dh_tfm)) { + pr_debug("failed to setup DH group %d, err %ld\n", + dhgroup_id, PTR_ERR(ctrl->dh_tfm)); + ret = PTR_ERR(ctrl->dh_tfm); + ctrl->dh_tfm = NULL; + } else { + ctrl->dh_gid = dhgroup_id; + ctrl->dh_keysize = nvme_auth_dhgroup_pubkey_size(dhgroup_id); + pr_debug("select DH group %d keysize %d\n", + ctrl->dh_gid, ctrl->dh_keysize); + ret = 0; + } + +out_unlock: + up_read(&nvmet_config_sem); + return ret; } @@ -192,6 +237,101 @@ bool nvmet_check_auth_status(struct nvmet_req *req) return true; } +static int nvmet_auth_hash_sesskey(struct nvmet_req *req, u8 *hashed_key) +{ + struct nvmet_ctrl *ctrl = req->sq->ctrl; + const char *hmac_name, *digest_name; + struct crypto_shash *tfm; + int hmac_id, ret; + + if (!ctrl->shash_tfm) { + pr_debug("%s: hash alg not set\n", __func__); + return -EINVAL; + } + hmac_name = crypto_shash_alg_name(ctrl->shash_tfm); + hmac_id = nvme_auth_hmac_id(hmac_name); + if (hmac_id < 0) { + pr_debug("%s: unsupported hmac %s\n", __func__, + hmac_name); + return -EINVAL; + } + digest_name = nvme_auth_digest_name(hmac_id); + if (!digest_name) { + pr_debug("%s: failed to get digest for %s\n", __func__, + hmac_name); + return -EINVAL; + } + tfm = crypto_alloc_shash(digest_name, 0, 0); + if (IS_ERR(tfm)) + return -ENOMEM; + + ret = crypto_shash_tfm_digest(tfm, req->sq->dhchap_skey, + req->sq->dhchap_skey_len, hashed_key); + if (ret < 0) + pr_debug("%s: Failed to hash digest len %d\n", __func__, + req->sq->dhchap_skey_len); + + crypto_free_shash(tfm); + return ret; +} + +static int nvmet_auth_augmented_challenge(struct nvmet_req *req, + u8 *challenge, u8 *aug) +{ + struct nvmet_ctrl *ctrl = req->sq->ctrl; + struct crypto_shash *tfm; + struct shash_desc *desc; + u8 *hashed_key; + const char *hash_name; + int hash_len = req->sq->dhchap_hash_len; + int ret; + + hashed_key = kmalloc(hash_len, GFP_KERNEL); + if (!hashed_key) + return -ENOMEM; + + ret = nvmet_auth_hash_sesskey(req, hashed_key); + if (ret < 0) { + pr_debug("failed to hash session key, err %d\n", ret); + kfree(hashed_key); + return ret; + } + hash_name = crypto_shash_alg_name(ctrl->shash_tfm); + if (!hash_name) { + pr_debug("Invalid hash algoritm\n"); + return -EINVAL; + } + tfm = crypto_alloc_shash(hash_name, 0, 0); + if (IS_ERR(tfm)) { + ret = PTR_ERR(tfm); + goto out_free_key; + } + desc = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(tfm), + GFP_KERNEL); + if (!desc) { + ret = -ENOMEM; + goto out_free_hash; + } + desc->tfm = tfm; + + ret = crypto_shash_setkey(tfm, hashed_key, hash_len); + if (ret) + goto out_free_desc; + ret = crypto_shash_init(desc); + if (ret) + goto out_free_desc; + crypto_shash_update(desc, challenge, hash_len); + crypto_shash_final(desc, aug); + +out_free_desc: + kfree_sensitive(desc); +out_free_hash: + crypto_free_shash(tfm); +out_free_key: + kfree(hashed_key); + return ret; +} + int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response, unsigned int shash_len) { @@ -202,8 +342,15 @@ int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response, int ret; if (ctrl->dh_gid != NVME_AUTH_DHCHAP_DHGROUP_NULL) { - ret = -ENOTSUPP; - goto out; + challenge = kmalloc(shash_len, GFP_KERNEL); + if (!challenge) { + ret = -ENOMEM; + goto out; + } + ret = nvmet_auth_augmented_challenge(req, req->sq->dhchap_c1, + challenge); + if (ret) + goto out; } shash->tfm = ctrl->shash_tfm; @@ -264,8 +411,15 @@ int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *response, ctrl->cntlid, ctrl->hostnqn); if (ctrl->dh_gid != NVME_AUTH_DHCHAP_DHGROUP_NULL) { - ret = -ENOTSUPP; - goto out; + challenge = kmalloc(shash_len, GFP_KERNEL); + if (!challenge) { + ret = -ENOMEM; + goto out; + } + ret = nvmet_auth_augmented_challenge(req, req->sq->dhchap_c2, + challenge); + if (ret) + goto out; } shash->tfm = ctrl->shash_tfm; @@ -307,6 +461,85 @@ int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *response, return 0; } +int nvmet_auth_ctrl_exponential(struct nvmet_req *req, + u8 *buf, int buf_size) +{ + struct nvmet_ctrl *ctrl = req->sq->ctrl; + struct kpp_request *kpp_req; + struct crypto_wait wait; + char *pkey; + struct scatterlist dst; + int ret, pkey_len; + + if (ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_2048 || + ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_3072 || + ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_4096 || + ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_6144 || + ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_8192) { + struct dh p = {0}; + int bits = nvme_auth_dhgroup_pubkey_size(ctrl->dh_gid) << 3; + + ret = crypto_ffdhe_params(&p, bits); + if (ret) + return ret; + + p.key = ctrl->dhchap_key; + p.key_size = ctrl->dhchap_key_len; + + pkey_len = crypto_dh_key_len(&p); + pkey = kmalloc(pkey_len, GFP_KERNEL); + if (!pkey) + return -ENOMEM; + + get_random_bytes(pkey, pkey_len); + ret = crypto_dh_encode_key(pkey, pkey_len, &p); + if (ret) { + pr_debug("failed to encode private key, error %d\n", + ret); + goto out; + } + } else { + pr_warn("invalid dh group %d\n", ctrl->dh_gid); + return -EINVAL; + } + ret = crypto_kpp_set_secret(ctrl->dh_tfm, pkey, pkey_len); + if (ret) { + pr_debug("failed to set private key, error %d\n", ret); + goto out; + } + + kpp_req = kpp_request_alloc(ctrl->dh_tfm, GFP_KERNEL); + if (!kpp_req) { + pr_debug("cannot allocate kpp request\n"); + ret = -ENOMEM; + goto out; + } + + crypto_init_wait(&wait); + kpp_request_set_input(kpp_req, NULL, 0); + sg_init_one(&dst, buf, buf_size); + kpp_request_set_output(kpp_req, &dst, buf_size); + kpp_request_set_callback(kpp_req, CRYPTO_TFM_REQ_MAY_BACKLOG, + crypto_req_done, &wait); + + ret = crypto_wait_req(crypto_kpp_generate_public_key(kpp_req), &wait); + kpp_request_free(kpp_req); + if (ret == -EOVERFLOW) { + pr_debug("public key buffer too small, need %d is %d\n", + crypto_kpp_maxsize(ctrl->dh_tfm), buf_size); + ret = -ENOKEY; + } else if (ret) { + pr_debug("failed to generate public key, err %d\n", ret); + ret = -ENOKEY; + } else + pr_debug("%s: ctrl public key %*ph\n", __func__, + (int)buf_size, buf); + +out: + kfree_sensitive(pkey); + return ret; +} + int nvmet_auth_ctrl_sesskey(struct nvmet_req *req, u8 *pkey, int pkey_size) { diff --git a/drivers/nvme/target/configfs.c b/drivers/nvme/target/configfs.c index e0760911a761..e9b8884a83b0 100644 --- a/drivers/nvme/target/configfs.c +++ b/drivers/nvme/target/configfs.c @@ -1712,9 +1712,40 @@ static ssize_t nvmet_host_dhchap_hash_store(struct config_item *item, CONFIGFS_ATTR(nvmet_host_, dhchap_hash); +static ssize_t nvmet_host_dhchap_dhgroup_show(struct config_item *item, + char *page) +{ + struct nvmet_host *host = to_host(item); + const char *dhgroup = nvme_auth_dhgroup_name(host->dhchap_dhgroup_id); + + return sprintf(page, "%s\n", dhgroup ? dhgroup : "none"); +} + +static ssize_t nvmet_host_dhchap_dhgroup_store(struct config_item *item, + const char *page, size_t count) +{ + struct nvmet_host *host = to_host(item); + int dhgroup_id; + + dhgroup_id = nvme_auth_dhgroup_id(page); + if (dhgroup_id < 0) + return -EINVAL; + if (dhgroup_id != NVME_AUTH_DHCHAP_DHGROUP_NULL) { + const char *kpp = nvme_auth_dhgroup_kpp(dhgroup_id); + + if (!crypto_has_kpp(kpp, 0, 0)) + return -EINVAL; + } + host->dhchap_dhgroup_id = dhgroup_id; + return count; +} + +CONFIGFS_ATTR(nvmet_host_, dhchap_dhgroup); + static struct configfs_attribute *nvmet_host_attrs[] = { &nvmet_host_attr_dhchap_key, &nvmet_host_attr_dhchap_hash, + &nvmet_host_attr_dhchap_dhgroup, NULL, }; #endif /* CONFIG_NVME_TARGET_AUTH */ diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/fabrics-cmd-auth.c index 962f9f5e9d89..478ac351c645 100644 --- a/drivers/nvme/target/fabrics-cmd-auth.c +++ b/drivers/nvme/target/fabrics-cmd-auth.c @@ -98,7 +98,11 @@ static u16 nvmet_auth_reply(struct nvmet_req *req, void *d) return NVME_AUTH_DHCHAP_FAILURE_INVALID_PAYLOAD; if (data->dhvlen) { - return NVME_AUTH_DHCHAP_FAILURE_INVALID_PAYLOAD; + if (!ctrl->dh_tfm) + return NVME_AUTH_DHCHAP_FAILURE_INVALID_PAYLOAD; + if (nvmet_auth_ctrl_sesskey(req, data->rval + 2 * data->hl, + data->dhvlen) < 0) + return NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE; } response = kmalloc(data->hl, GFP_KERNEL); @@ -299,6 +303,8 @@ static int nvmet_auth_challenge(struct nvmet_req *req, void *d, int al) int ret = 0; int data_size = sizeof(*d) + req->sq->dhchap_hash_len; + if (ctrl->dh_tfm) + data_size += ctrl->dh_keysize; if (al < data_size) { pr_debug("%s: buffer too small (al %d need %d)\n", __func__, al, data_size); @@ -317,6 +323,12 @@ static int nvmet_auth_challenge(struct nvmet_req *req, void *d, int al) return -ENOMEM; get_random_bytes(req->sq->dhchap_c1, data->hl); memcpy(data->cval, req->sq->dhchap_c1, data->hl); + if (ctrl->dh_tfm) { + data->dhgid = ctrl->dh_gid; + data->dhvlen = ctrl->dh_keysize; + ret = nvmet_auth_ctrl_exponential(req, data->cval + data->hl, + data->dhvlen); + } pr_debug("%s: ctrl %d qid %d seq %d transaction %d hl %d dhvlen %d\n", __func__, ctrl->cntlid, req->sq->qid, req->sq->dhchap_s1, req->sq->dhchap_tid, data->hl, data->dhvlen);
Implement support for augmented challenge with FFDHE groups. This patch adds a new configfs attribute 'dhchap_dhgroup' to select the DH group to use. Signed-off-by: Hannes Reinecke <hare@suse.de> --- drivers/nvme/target/auth.c | 241 ++++++++++++++++++++++++- drivers/nvme/target/configfs.c | 31 ++++ drivers/nvme/target/fabrics-cmd-auth.c | 14 +- 3 files changed, 281 insertions(+), 5 deletions(-)