1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * NVMe over Fabrics DH-HMAC-CHAP authentication.
4  * Copyright (c) 2020 Hannes Reinecke, SUSE Software Solutions.
5  * All rights reserved.
6  */
7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
8 #include <linux/module.h>
9 #include <linux/init.h>
10 #include <linux/slab.h>
11 #include <linux/err.h>
12 #include <crypto/hash.h>
13 #include <linux/crc32.h>
14 #include <linux/base64.h>
15 #include <linux/ctype.h>
16 #include <linux/random.h>
17 #include <linux/nvme-auth.h>
18 #include <asm/unaligned.h>
19 
20 #include "nvmet.h"
21 
nvmet_auth_set_key(struct nvmet_host * host,const char * secret,bool set_ctrl)22 int nvmet_auth_set_key(struct nvmet_host *host, const char *secret,
23 		       bool set_ctrl)
24 {
25 	unsigned char key_hash;
26 	char *dhchap_secret;
27 
28 	if (sscanf(secret, "DHHC-1:%hhd:%*s", &key_hash) != 1)
29 		return -EINVAL;
30 	if (key_hash > 3) {
31 		pr_warn("Invalid DH-HMAC-CHAP hash id %d\n",
32 			 key_hash);
33 		return -EINVAL;
34 	}
35 	if (key_hash > 0) {
36 		/* Validate selected hash algorithm */
37 		const char *hmac = nvme_auth_hmac_name(key_hash);
38 
39 		if (!crypto_has_shash(hmac, 0, 0)) {
40 			pr_err("DH-HMAC-CHAP hash %s unsupported\n", hmac);
41 			return -ENOTSUPP;
42 		}
43 	}
44 	dhchap_secret = kstrdup(secret, GFP_KERNEL);
45 	if (!dhchap_secret)
46 		return -ENOMEM;
47 	if (set_ctrl) {
48 		kfree(host->dhchap_ctrl_secret);
49 		host->dhchap_ctrl_secret = strim(dhchap_secret);
50 		host->dhchap_ctrl_key_hash = key_hash;
51 	} else {
52 		kfree(host->dhchap_secret);
53 		host->dhchap_secret = strim(dhchap_secret);
54 		host->dhchap_key_hash = key_hash;
55 	}
56 	return 0;
57 }
58 
nvmet_setup_dhgroup(struct nvmet_ctrl * ctrl,u8 dhgroup_id)59 int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, u8 dhgroup_id)
60 {
61 	const char *dhgroup_kpp;
62 	int ret = 0;
63 
64 	pr_debug("%s: ctrl %d selecting dhgroup %d\n",
65 		 __func__, ctrl->cntlid, dhgroup_id);
66 
67 	if (ctrl->dh_tfm) {
68 		if (ctrl->dh_gid == dhgroup_id) {
69 			pr_debug("%s: ctrl %d reuse existing DH group %d\n",
70 				 __func__, ctrl->cntlid, dhgroup_id);
71 			return 0;
72 		}
73 		crypto_free_kpp(ctrl->dh_tfm);
74 		ctrl->dh_tfm = NULL;
75 		ctrl->dh_gid = 0;
76 	}
77 
78 	if (dhgroup_id == NVME_AUTH_DHGROUP_NULL)
79 		return 0;
80 
81 	dhgroup_kpp = nvme_auth_dhgroup_kpp(dhgroup_id);
82 	if (!dhgroup_kpp) {
83 		pr_debug("%s: ctrl %d invalid DH group %d\n",
84 			 __func__, ctrl->cntlid, dhgroup_id);
85 		return -EINVAL;
86 	}
87 	ctrl->dh_tfm = crypto_alloc_kpp(dhgroup_kpp, 0, 0);
88 	if (IS_ERR(ctrl->dh_tfm)) {
89 		pr_debug("%s: ctrl %d failed to setup DH group %d, err %ld\n",
90 			 __func__, ctrl->cntlid, dhgroup_id,
91 			 PTR_ERR(ctrl->dh_tfm));
92 		ret = PTR_ERR(ctrl->dh_tfm);
93 		ctrl->dh_tfm = NULL;
94 		ctrl->dh_gid = 0;
95 	} else {
96 		ctrl->dh_gid = dhgroup_id;
97 		pr_debug("%s: ctrl %d setup DH group %d\n",
98 			 __func__, ctrl->cntlid, ctrl->dh_gid);
99 		ret = nvme_auth_gen_privkey(ctrl->dh_tfm, ctrl->dh_gid);
100 		if (ret < 0) {
101 			pr_debug("%s: ctrl %d failed to generate private key, err %d\n",
102 				 __func__, ctrl->cntlid, ret);
103 			kfree_sensitive(ctrl->dh_key);
104 			return ret;
105 		}
106 		ctrl->dh_keysize = crypto_kpp_maxsize(ctrl->dh_tfm);
107 		kfree_sensitive(ctrl->dh_key);
108 		ctrl->dh_key = kzalloc(ctrl->dh_keysize, GFP_KERNEL);
109 		if (!ctrl->dh_key) {
110 			pr_warn("ctrl %d failed to allocate public key\n",
111 				ctrl->cntlid);
112 			return -ENOMEM;
113 		}
114 		ret = nvme_auth_gen_pubkey(ctrl->dh_tfm, ctrl->dh_key,
115 					   ctrl->dh_keysize);
116 		if (ret < 0) {
117 			pr_warn("ctrl %d failed to generate public key\n",
118 				ctrl->cntlid);
119 			kfree(ctrl->dh_key);
120 			ctrl->dh_key = NULL;
121 		}
122 	}
123 
124 	return ret;
125 }
126 
nvmet_setup_auth(struct nvmet_ctrl * ctrl)127 int nvmet_setup_auth(struct nvmet_ctrl *ctrl)
128 {
129 	int ret = 0;
130 	struct nvmet_host_link *p;
131 	struct nvmet_host *host = NULL;
132 	const char *hash_name;
133 
134 	down_read(&nvmet_config_sem);
135 	if (nvmet_is_disc_subsys(ctrl->subsys))
136 		goto out_unlock;
137 
138 	if (ctrl->subsys->allow_any_host)
139 		goto out_unlock;
140 
141 	list_for_each_entry(p, &ctrl->subsys->hosts, entry) {
142 		pr_debug("check %s\n", nvmet_host_name(p->host));
143 		if (strcmp(nvmet_host_name(p->host), ctrl->hostnqn))
144 			continue;
145 		host = p->host;
146 		break;
147 	}
148 	if (!host) {
149 		pr_debug("host %s not found\n", ctrl->hostnqn);
150 		ret = -EPERM;
151 		goto out_unlock;
152 	}
153 
154 	ret = nvmet_setup_dhgroup(ctrl, host->dhchap_dhgroup_id);
155 	if (ret < 0)
156 		pr_warn("Failed to setup DH group");
157 
158 	if (!host->dhchap_secret) {
159 		pr_debug("No authentication provided\n");
160 		goto out_unlock;
161 	}
162 
163 	if (host->dhchap_hash_id == ctrl->shash_id) {
164 		pr_debug("Re-use existing hash ID %d\n",
165 			 ctrl->shash_id);
166 	} else {
167 		hash_name = nvme_auth_hmac_name(host->dhchap_hash_id);
168 		if (!hash_name) {
169 			pr_warn("Hash ID %d invalid\n", host->dhchap_hash_id);
170 			ret = -EINVAL;
171 			goto out_unlock;
172 		}
173 		ctrl->shash_id = host->dhchap_hash_id;
174 	}
175 
176 	/* Skip the 'DHHC-1:XX:' prefix */
177 	nvme_auth_free_key(ctrl->host_key);
178 	ctrl->host_key = nvme_auth_extract_key(host->dhchap_secret + 10,
179 					       host->dhchap_key_hash);
180 	if (IS_ERR(ctrl->host_key)) {
181 		ret = PTR_ERR(ctrl->host_key);
182 		ctrl->host_key = NULL;
183 		goto out_free_hash;
184 	}
185 	pr_debug("%s: using hash %s key %*ph\n", __func__,
186 		 ctrl->host_key->hash > 0 ?
187 		 nvme_auth_hmac_name(ctrl->host_key->hash) : "none",
188 		 (int)ctrl->host_key->len, ctrl->host_key->key);
189 
190 	nvme_auth_free_key(ctrl->ctrl_key);
191 	if (!host->dhchap_ctrl_secret) {
192 		ctrl->ctrl_key = NULL;
193 		goto out_unlock;
194 	}
195 
196 	ctrl->ctrl_key = nvme_auth_extract_key(host->dhchap_ctrl_secret + 10,
197 					       host->dhchap_ctrl_key_hash);
198 	if (IS_ERR(ctrl->ctrl_key)) {
199 		ret = PTR_ERR(ctrl->ctrl_key);
200 		ctrl->ctrl_key = NULL;
201 		goto out_free_hash;
202 	}
203 	pr_debug("%s: using ctrl hash %s key %*ph\n", __func__,
204 		 ctrl->ctrl_key->hash > 0 ?
205 		 nvme_auth_hmac_name(ctrl->ctrl_key->hash) : "none",
206 		 (int)ctrl->ctrl_key->len, ctrl->ctrl_key->key);
207 
208 out_free_hash:
209 	if (ret) {
210 		if (ctrl->host_key) {
211 			nvme_auth_free_key(ctrl->host_key);
212 			ctrl->host_key = NULL;
213 		}
214 		ctrl->shash_id = 0;
215 	}
216 out_unlock:
217 	up_read(&nvmet_config_sem);
218 
219 	return ret;
220 }
221 
nvmet_auth_sq_free(struct nvmet_sq * sq)222 void nvmet_auth_sq_free(struct nvmet_sq *sq)
223 {
224 	cancel_delayed_work(&sq->auth_expired_work);
225 	kfree(sq->dhchap_c1);
226 	sq->dhchap_c1 = NULL;
227 	kfree(sq->dhchap_c2);
228 	sq->dhchap_c2 = NULL;
229 	kfree(sq->dhchap_skey);
230 	sq->dhchap_skey = NULL;
231 }
232 
nvmet_destroy_auth(struct nvmet_ctrl * ctrl)233 void nvmet_destroy_auth(struct nvmet_ctrl *ctrl)
234 {
235 	ctrl->shash_id = 0;
236 
237 	if (ctrl->dh_tfm) {
238 		crypto_free_kpp(ctrl->dh_tfm);
239 		ctrl->dh_tfm = NULL;
240 		ctrl->dh_gid = 0;
241 	}
242 	kfree_sensitive(ctrl->dh_key);
243 	ctrl->dh_key = NULL;
244 
245 	if (ctrl->host_key) {
246 		nvme_auth_free_key(ctrl->host_key);
247 		ctrl->host_key = NULL;
248 	}
249 	if (ctrl->ctrl_key) {
250 		nvme_auth_free_key(ctrl->ctrl_key);
251 		ctrl->ctrl_key = NULL;
252 	}
253 }
254 
nvmet_check_auth_status(struct nvmet_req * req)255 bool nvmet_check_auth_status(struct nvmet_req *req)
256 {
257 	if (req->sq->ctrl->host_key &&
258 	    !req->sq->authenticated)
259 		return false;
260 	return true;
261 }
262 
nvmet_auth_host_hash(struct nvmet_req * req,u8 * response,unsigned int shash_len)263 int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response,
264 			 unsigned int shash_len)
265 {
266 	struct crypto_shash *shash_tfm;
267 	struct shash_desc *shash;
268 	struct nvmet_ctrl *ctrl = req->sq->ctrl;
269 	const char *hash_name;
270 	u8 *challenge = req->sq->dhchap_c1, *host_response;
271 	u8 buf[4];
272 	int ret;
273 
274 	hash_name = nvme_auth_hmac_name(ctrl->shash_id);
275 	if (!hash_name) {
276 		pr_warn("Hash ID %d invalid\n", ctrl->shash_id);
277 		return -EINVAL;
278 	}
279 
280 	shash_tfm = crypto_alloc_shash(hash_name, 0, 0);
281 	if (IS_ERR(shash_tfm)) {
282 		pr_err("failed to allocate shash %s\n", hash_name);
283 		return PTR_ERR(shash_tfm);
284 	}
285 
286 	if (shash_len != crypto_shash_digestsize(shash_tfm)) {
287 		pr_debug("%s: hash len mismatch (len %d digest %d)\n",
288 			 __func__, shash_len,
289 			 crypto_shash_digestsize(shash_tfm));
290 		ret = -EINVAL;
291 		goto out_free_tfm;
292 	}
293 
294 	host_response = nvme_auth_transform_key(ctrl->host_key, ctrl->hostnqn);
295 	if (IS_ERR(host_response)) {
296 		ret = PTR_ERR(host_response);
297 		goto out_free_tfm;
298 	}
299 
300 	ret = crypto_shash_setkey(shash_tfm, host_response,
301 				  ctrl->host_key->len);
302 	if (ret)
303 		goto out_free_response;
304 
305 	if (ctrl->dh_gid != NVME_AUTH_DHGROUP_NULL) {
306 		challenge = kmalloc(shash_len, GFP_KERNEL);
307 		if (!challenge) {
308 			ret = -ENOMEM;
309 			goto out_free_response;
310 		}
311 		ret = nvme_auth_augmented_challenge(ctrl->shash_id,
312 						    req->sq->dhchap_skey,
313 						    req->sq->dhchap_skey_len,
314 						    req->sq->dhchap_c1,
315 						    challenge, shash_len);
316 		if (ret)
317 			goto out_free_response;
318 	}
319 
320 	pr_debug("ctrl %d qid %d host response seq %u transaction %d\n",
321 		 ctrl->cntlid, req->sq->qid, req->sq->dhchap_s1,
322 		 req->sq->dhchap_tid);
323 
324 	shash = kzalloc(sizeof(*shash) + crypto_shash_descsize(shash_tfm),
325 			GFP_KERNEL);
326 	if (!shash) {
327 		ret = -ENOMEM;
328 		goto out_free_response;
329 	}
330 	shash->tfm = shash_tfm;
331 	ret = crypto_shash_init(shash);
332 	if (ret)
333 		goto out;
334 	ret = crypto_shash_update(shash, challenge, shash_len);
335 	if (ret)
336 		goto out;
337 	put_unaligned_le32(req->sq->dhchap_s1, buf);
338 	ret = crypto_shash_update(shash, buf, 4);
339 	if (ret)
340 		goto out;
341 	put_unaligned_le16(req->sq->dhchap_tid, buf);
342 	ret = crypto_shash_update(shash, buf, 2);
343 	if (ret)
344 		goto out;
345 	memset(buf, 0, 4);
346 	ret = crypto_shash_update(shash, buf, 1);
347 	if (ret)
348 		goto out;
349 	ret = crypto_shash_update(shash, "HostHost", 8);
350 	if (ret)
351 		goto out;
352 	ret = crypto_shash_update(shash, ctrl->hostnqn, strlen(ctrl->hostnqn));
353 	if (ret)
354 		goto out;
355 	ret = crypto_shash_update(shash, buf, 1);
356 	if (ret)
357 		goto out;
358 	ret = crypto_shash_update(shash, ctrl->subsysnqn,
359 				  strlen(ctrl->subsysnqn));
360 	if (ret)
361 		goto out;
362 	ret = crypto_shash_final(shash, response);
363 out:
364 	if (challenge != req->sq->dhchap_c1)
365 		kfree(challenge);
366 	kfree(shash);
367 out_free_response:
368 	kfree_sensitive(host_response);
369 out_free_tfm:
370 	crypto_free_shash(shash_tfm);
371 	return 0;
372 }
373 
nvmet_auth_ctrl_hash(struct nvmet_req * req,u8 * response,unsigned int shash_len)374 int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *response,
375 			 unsigned int shash_len)
376 {
377 	struct crypto_shash *shash_tfm;
378 	struct shash_desc *shash;
379 	struct nvmet_ctrl *ctrl = req->sq->ctrl;
380 	const char *hash_name;
381 	u8 *challenge = req->sq->dhchap_c2, *ctrl_response;
382 	u8 buf[4];
383 	int ret;
384 
385 	hash_name = nvme_auth_hmac_name(ctrl->shash_id);
386 	if (!hash_name) {
387 		pr_warn("Hash ID %d invalid\n", ctrl->shash_id);
388 		return -EINVAL;
389 	}
390 
391 	shash_tfm = crypto_alloc_shash(hash_name, 0, 0);
392 	if (IS_ERR(shash_tfm)) {
393 		pr_err("failed to allocate shash %s\n", hash_name);
394 		return PTR_ERR(shash_tfm);
395 	}
396 
397 	if (shash_len != crypto_shash_digestsize(shash_tfm)) {
398 		pr_debug("%s: hash len mismatch (len %d digest %d)\n",
399 			 __func__, shash_len,
400 			 crypto_shash_digestsize(shash_tfm));
401 		ret = -EINVAL;
402 		goto out_free_tfm;
403 	}
404 
405 	ctrl_response = nvme_auth_transform_key(ctrl->ctrl_key,
406 						ctrl->subsysnqn);
407 	if (IS_ERR(ctrl_response)) {
408 		ret = PTR_ERR(ctrl_response);
409 		goto out_free_tfm;
410 	}
411 
412 	ret = crypto_shash_setkey(shash_tfm, ctrl_response,
413 				  ctrl->ctrl_key->len);
414 	if (ret)
415 		goto out_free_response;
416 
417 	if (ctrl->dh_gid != NVME_AUTH_DHGROUP_NULL) {
418 		challenge = kmalloc(shash_len, GFP_KERNEL);
419 		if (!challenge) {
420 			ret = -ENOMEM;
421 			goto out_free_response;
422 		}
423 		ret = nvme_auth_augmented_challenge(ctrl->shash_id,
424 						    req->sq->dhchap_skey,
425 						    req->sq->dhchap_skey_len,
426 						    req->sq->dhchap_c2,
427 						    challenge, shash_len);
428 		if (ret)
429 			goto out_free_response;
430 	}
431 
432 	shash = kzalloc(sizeof(*shash) + crypto_shash_descsize(shash_tfm),
433 			GFP_KERNEL);
434 	if (!shash) {
435 		ret = -ENOMEM;
436 		goto out_free_response;
437 	}
438 	shash->tfm = shash_tfm;
439 
440 	ret = crypto_shash_init(shash);
441 	if (ret)
442 		goto out;
443 	ret = crypto_shash_update(shash, challenge, shash_len);
444 	if (ret)
445 		goto out;
446 	put_unaligned_le32(req->sq->dhchap_s2, buf);
447 	ret = crypto_shash_update(shash, buf, 4);
448 	if (ret)
449 		goto out;
450 	put_unaligned_le16(req->sq->dhchap_tid, buf);
451 	ret = crypto_shash_update(shash, buf, 2);
452 	if (ret)
453 		goto out;
454 	memset(buf, 0, 4);
455 	ret = crypto_shash_update(shash, buf, 1);
456 	if (ret)
457 		goto out;
458 	ret = crypto_shash_update(shash, "Controller", 10);
459 	if (ret)
460 		goto out;
461 	ret = crypto_shash_update(shash, ctrl->subsysnqn,
462 			    strlen(ctrl->subsysnqn));
463 	if (ret)
464 		goto out;
465 	ret = crypto_shash_update(shash, buf, 1);
466 	if (ret)
467 		goto out;
468 	ret = crypto_shash_update(shash, ctrl->hostnqn, strlen(ctrl->hostnqn));
469 	if (ret)
470 		goto out;
471 	ret = crypto_shash_final(shash, response);
472 out:
473 	if (challenge != req->sq->dhchap_c2)
474 		kfree(challenge);
475 	kfree(shash);
476 out_free_response:
477 	kfree_sensitive(ctrl_response);
478 out_free_tfm:
479 	crypto_free_shash(shash_tfm);
480 	return 0;
481 }
482 
nvmet_auth_ctrl_exponential(struct nvmet_req * req,u8 * buf,int buf_size)483 int nvmet_auth_ctrl_exponential(struct nvmet_req *req,
484 				u8 *buf, int buf_size)
485 {
486 	struct nvmet_ctrl *ctrl = req->sq->ctrl;
487 	int ret = 0;
488 
489 	if (!ctrl->dh_key) {
490 		pr_warn("ctrl %d no DH public key!\n", ctrl->cntlid);
491 		return -ENOKEY;
492 	}
493 	if (buf_size != ctrl->dh_keysize) {
494 		pr_warn("ctrl %d DH public key size mismatch, need %zu is %d\n",
495 			ctrl->cntlid, ctrl->dh_keysize, buf_size);
496 		ret = -EINVAL;
497 	} else {
498 		memcpy(buf, ctrl->dh_key, buf_size);
499 		pr_debug("%s: ctrl %d public key %*ph\n", __func__,
500 			 ctrl->cntlid, (int)buf_size, buf);
501 	}
502 
503 	return ret;
504 }
505 
nvmet_auth_ctrl_sesskey(struct nvmet_req * req,u8 * pkey,int pkey_size)506 int nvmet_auth_ctrl_sesskey(struct nvmet_req *req,
507 			    u8 *pkey, int pkey_size)
508 {
509 	struct nvmet_ctrl *ctrl = req->sq->ctrl;
510 	int ret;
511 
512 	req->sq->dhchap_skey_len = ctrl->dh_keysize;
513 	req->sq->dhchap_skey = kzalloc(req->sq->dhchap_skey_len, GFP_KERNEL);
514 	if (!req->sq->dhchap_skey)
515 		return -ENOMEM;
516 	ret = nvme_auth_gen_shared_secret(ctrl->dh_tfm,
517 					  pkey, pkey_size,
518 					  req->sq->dhchap_skey,
519 					  req->sq->dhchap_skey_len);
520 	if (ret)
521 		pr_debug("failed to compute shared secret, err %d\n", ret);
522 	else
523 		pr_debug("%s: shared secret %*ph\n", __func__,
524 			 (int)req->sq->dhchap_skey_len,
525 			 req->sq->dhchap_skey);
526 
527 	return ret;
528 }
529