1 // SPDX-License-Identifier: GPL-2.0
3 * NVMe over Fabrics DH-HMAC-CHAP authentication.
4 * Copyright (c) 2020 Hannes Reinecke, SUSE Software Solutions.
7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
8 #include <linux/module.h>
9 #include <linux/init.h>
10 #include <linux/slab.h>
11 #include <linux/err.h>
12 #include <crypto/hash.h>
13 #include <linux/crc32.h>
14 #include <linux/base64.h>
15 #include <linux/ctype.h>
16 #include <linux/random.h>
17 #include <linux/nvme-auth.h>
18 #include <asm/unaligned.h>
22 int nvmet_auth_set_key(struct nvmet_host *host, const char *secret,
25 unsigned char key_hash;
28 if (!strlen(secret)) {
30 kfree(host->dhchap_ctrl_secret);
31 host->dhchap_ctrl_secret = NULL;
32 host->dhchap_ctrl_key_hash = 0;
34 kfree(host->dhchap_secret);
35 host->dhchap_secret = NULL;
36 host->dhchap_key_hash = 0;
40 if (sscanf(secret, "DHHC-1:%hhd:%*s", &key_hash) != 1)
43 pr_warn("Invalid DH-HMAC-CHAP hash id %d\n",
48 /* Validate selected hash algorithm */
49 const char *hmac = nvme_auth_hmac_name(key_hash);
51 if (!crypto_has_shash(hmac, 0, 0)) {
52 pr_err("DH-HMAC-CHAP hash %s unsupported\n", hmac);
56 dhchap_secret = kstrdup(secret, GFP_KERNEL);
59 down_write(&nvmet_config_sem);
61 kfree(host->dhchap_ctrl_secret);
62 host->dhchap_ctrl_secret = strim(dhchap_secret);
63 host->dhchap_ctrl_key_hash = key_hash;
65 kfree(host->dhchap_secret);
66 host->dhchap_secret = strim(dhchap_secret);
67 host->dhchap_key_hash = key_hash;
69 up_write(&nvmet_config_sem);
73 int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, u8 dhgroup_id)
75 const char *dhgroup_kpp;
78 pr_debug("%s: ctrl %d selecting dhgroup %d\n",
79 __func__, ctrl->cntlid, dhgroup_id);
82 if (ctrl->dh_gid == dhgroup_id) {
83 pr_debug("%s: ctrl %d reuse existing DH group %d\n",
84 __func__, ctrl->cntlid, dhgroup_id);
87 crypto_free_kpp(ctrl->dh_tfm);
92 if (dhgroup_id == NVME_AUTH_DHGROUP_NULL)
95 dhgroup_kpp = nvme_auth_dhgroup_kpp(dhgroup_id);
97 pr_debug("%s: ctrl %d invalid DH group %d\n",
98 __func__, ctrl->cntlid, dhgroup_id);
101 ctrl->dh_tfm = crypto_alloc_kpp(dhgroup_kpp, 0, 0);
102 if (IS_ERR(ctrl->dh_tfm)) {
103 pr_debug("%s: ctrl %d failed to setup DH group %d, err %ld\n",
104 __func__, ctrl->cntlid, dhgroup_id,
105 PTR_ERR(ctrl->dh_tfm));
106 ret = PTR_ERR(ctrl->dh_tfm);
110 ctrl->dh_gid = dhgroup_id;
111 pr_debug("%s: ctrl %d setup DH group %d\n",
112 __func__, ctrl->cntlid, ctrl->dh_gid);
113 ret = nvme_auth_gen_privkey(ctrl->dh_tfm, ctrl->dh_gid);
115 pr_debug("%s: ctrl %d failed to generate private key, err %d\n",
116 __func__, ctrl->cntlid, ret);
117 kfree_sensitive(ctrl->dh_key);
120 ctrl->dh_keysize = crypto_kpp_maxsize(ctrl->dh_tfm);
121 kfree_sensitive(ctrl->dh_key);
122 ctrl->dh_key = kzalloc(ctrl->dh_keysize, GFP_KERNEL);
124 pr_warn("ctrl %d failed to allocate public key\n",
128 ret = nvme_auth_gen_pubkey(ctrl->dh_tfm, ctrl->dh_key,
131 pr_warn("ctrl %d failed to generate public key\n",
141 u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl)
144 struct nvmet_host_link *p;
145 struct nvmet_host *host = NULL;
147 down_read(&nvmet_config_sem);
148 if (nvmet_is_disc_subsys(ctrl->subsys))
151 if (ctrl->subsys->allow_any_host)
154 list_for_each_entry(p, &ctrl->subsys->hosts, entry) {
155 pr_debug("check %s\n", nvmet_host_name(p->host));
156 if (strcmp(nvmet_host_name(p->host), ctrl->hostnqn))
162 pr_debug("host %s not found\n", ctrl->hostnqn);
163 ret = NVME_AUTH_DHCHAP_FAILURE_FAILED;
167 ret = nvmet_setup_dhgroup(ctrl, host->dhchap_dhgroup_id);
169 pr_warn("Failed to setup DH group");
170 ret = NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE;
174 if (!host->dhchap_secret) {
175 pr_debug("No authentication provided\n");
179 if (host->dhchap_hash_id == ctrl->shash_id) {
180 pr_debug("Re-use existing hash ID %d\n",
183 ctrl->shash_id = host->dhchap_hash_id;
186 /* Skip the 'DHHC-1:XX:' prefix */
187 nvme_auth_free_key(ctrl->host_key);
188 ctrl->host_key = nvme_auth_extract_key(host->dhchap_secret + 10,
189 host->dhchap_key_hash);
190 if (IS_ERR(ctrl->host_key)) {
191 ret = NVME_AUTH_DHCHAP_FAILURE_NOT_USABLE;
192 ctrl->host_key = NULL;
195 pr_debug("%s: using hash %s key %*ph\n", __func__,
196 ctrl->host_key->hash > 0 ?
197 nvme_auth_hmac_name(ctrl->host_key->hash) : "none",
198 (int)ctrl->host_key->len, ctrl->host_key->key);
200 nvme_auth_free_key(ctrl->ctrl_key);
201 if (!host->dhchap_ctrl_secret) {
202 ctrl->ctrl_key = NULL;
206 ctrl->ctrl_key = nvme_auth_extract_key(host->dhchap_ctrl_secret + 10,
207 host->dhchap_ctrl_key_hash);
208 if (IS_ERR(ctrl->ctrl_key)) {
209 ret = NVME_AUTH_DHCHAP_FAILURE_NOT_USABLE;
210 ctrl->ctrl_key = NULL;
213 pr_debug("%s: using ctrl hash %s key %*ph\n", __func__,
214 ctrl->ctrl_key->hash > 0 ?
215 nvme_auth_hmac_name(ctrl->ctrl_key->hash) : "none",
216 (int)ctrl->ctrl_key->len, ctrl->ctrl_key->key);
220 if (ctrl->host_key) {
221 nvme_auth_free_key(ctrl->host_key);
222 ctrl->host_key = NULL;
227 up_read(&nvmet_config_sem);
232 void nvmet_auth_sq_free(struct nvmet_sq *sq)
234 cancel_delayed_work(&sq->auth_expired_work);
235 kfree(sq->dhchap_c1);
236 sq->dhchap_c1 = NULL;
237 kfree(sq->dhchap_c2);
238 sq->dhchap_c2 = NULL;
239 kfree(sq->dhchap_skey);
240 sq->dhchap_skey = NULL;
243 void nvmet_destroy_auth(struct nvmet_ctrl *ctrl)
248 crypto_free_kpp(ctrl->dh_tfm);
252 kfree_sensitive(ctrl->dh_key);
255 if (ctrl->host_key) {
256 nvme_auth_free_key(ctrl->host_key);
257 ctrl->host_key = NULL;
259 if (ctrl->ctrl_key) {
260 nvme_auth_free_key(ctrl->ctrl_key);
261 ctrl->ctrl_key = NULL;
265 bool nvmet_check_auth_status(struct nvmet_req *req)
267 if (req->sq->ctrl->host_key &&
268 !req->sq->authenticated)
273 int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response,
274 unsigned int shash_len)
276 struct crypto_shash *shash_tfm;
277 struct shash_desc *shash;
278 struct nvmet_ctrl *ctrl = req->sq->ctrl;
279 const char *hash_name;
280 u8 *challenge = req->sq->dhchap_c1;
281 struct nvme_dhchap_key *transformed_key;
285 hash_name = nvme_auth_hmac_name(ctrl->shash_id);
287 pr_warn("Hash ID %d invalid\n", ctrl->shash_id);
291 shash_tfm = crypto_alloc_shash(hash_name, 0, 0);
292 if (IS_ERR(shash_tfm)) {
293 pr_err("failed to allocate shash %s\n", hash_name);
294 return PTR_ERR(shash_tfm);
297 if (shash_len != crypto_shash_digestsize(shash_tfm)) {
298 pr_err("%s: hash len mismatch (len %d digest %d)\n",
300 crypto_shash_digestsize(shash_tfm));
305 transformed_key = nvme_auth_transform_key(ctrl->host_key,
307 if (IS_ERR(transformed_key)) {
308 ret = PTR_ERR(transformed_key);
312 ret = crypto_shash_setkey(shash_tfm, transformed_key->key,
313 transformed_key->len);
315 goto out_free_response;
317 if (ctrl->dh_gid != NVME_AUTH_DHGROUP_NULL) {
318 challenge = kmalloc(shash_len, GFP_KERNEL);
321 goto out_free_response;
323 ret = nvme_auth_augmented_challenge(ctrl->shash_id,
324 req->sq->dhchap_skey,
325 req->sq->dhchap_skey_len,
327 challenge, shash_len);
329 goto out_free_challenge;
332 pr_debug("ctrl %d qid %d host response seq %u transaction %d\n",
333 ctrl->cntlid, req->sq->qid, req->sq->dhchap_s1,
334 req->sq->dhchap_tid);
336 shash = kzalloc(sizeof(*shash) + crypto_shash_descsize(shash_tfm),
340 goto out_free_challenge;
342 shash->tfm = shash_tfm;
343 ret = crypto_shash_init(shash);
346 ret = crypto_shash_update(shash, challenge, shash_len);
349 put_unaligned_le32(req->sq->dhchap_s1, buf);
350 ret = crypto_shash_update(shash, buf, 4);
353 put_unaligned_le16(req->sq->dhchap_tid, buf);
354 ret = crypto_shash_update(shash, buf, 2);
358 ret = crypto_shash_update(shash, buf, 1);
361 ret = crypto_shash_update(shash, "HostHost", 8);
364 ret = crypto_shash_update(shash, ctrl->hostnqn, strlen(ctrl->hostnqn));
367 ret = crypto_shash_update(shash, buf, 1);
370 ret = crypto_shash_update(shash, ctrl->subsysnqn,
371 strlen(ctrl->subsysnqn));
374 ret = crypto_shash_final(shash, response);
378 if (challenge != req->sq->dhchap_c1)
381 nvme_auth_free_key(transformed_key);
383 crypto_free_shash(shash_tfm);
387 int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *response,
388 unsigned int shash_len)
390 struct crypto_shash *shash_tfm;
391 struct shash_desc *shash;
392 struct nvmet_ctrl *ctrl = req->sq->ctrl;
393 const char *hash_name;
394 u8 *challenge = req->sq->dhchap_c2;
395 struct nvme_dhchap_key *transformed_key;
399 hash_name = nvme_auth_hmac_name(ctrl->shash_id);
401 pr_warn("Hash ID %d invalid\n", ctrl->shash_id);
405 shash_tfm = crypto_alloc_shash(hash_name, 0, 0);
406 if (IS_ERR(shash_tfm)) {
407 pr_err("failed to allocate shash %s\n", hash_name);
408 return PTR_ERR(shash_tfm);
411 if (shash_len != crypto_shash_digestsize(shash_tfm)) {
412 pr_debug("%s: hash len mismatch (len %d digest %d)\n",
414 crypto_shash_digestsize(shash_tfm));
419 transformed_key = nvme_auth_transform_key(ctrl->ctrl_key,
421 if (IS_ERR(transformed_key)) {
422 ret = PTR_ERR(transformed_key);
426 ret = crypto_shash_setkey(shash_tfm, transformed_key->key,
427 transformed_key->len);
429 goto out_free_response;
431 if (ctrl->dh_gid != NVME_AUTH_DHGROUP_NULL) {
432 challenge = kmalloc(shash_len, GFP_KERNEL);
435 goto out_free_response;
437 ret = nvme_auth_augmented_challenge(ctrl->shash_id,
438 req->sq->dhchap_skey,
439 req->sq->dhchap_skey_len,
441 challenge, shash_len);
443 goto out_free_challenge;
446 shash = kzalloc(sizeof(*shash) + crypto_shash_descsize(shash_tfm),
450 goto out_free_challenge;
452 shash->tfm = shash_tfm;
454 ret = crypto_shash_init(shash);
457 ret = crypto_shash_update(shash, challenge, shash_len);
460 put_unaligned_le32(req->sq->dhchap_s2, buf);
461 ret = crypto_shash_update(shash, buf, 4);
464 put_unaligned_le16(req->sq->dhchap_tid, buf);
465 ret = crypto_shash_update(shash, buf, 2);
469 ret = crypto_shash_update(shash, buf, 1);
472 ret = crypto_shash_update(shash, "Controller", 10);
475 ret = crypto_shash_update(shash, ctrl->subsysnqn,
476 strlen(ctrl->subsysnqn));
479 ret = crypto_shash_update(shash, buf, 1);
482 ret = crypto_shash_update(shash, ctrl->hostnqn, strlen(ctrl->hostnqn));
485 ret = crypto_shash_final(shash, response);
489 if (challenge != req->sq->dhchap_c2)
492 nvme_auth_free_key(transformed_key);
494 crypto_free_shash(shash_tfm);
498 int nvmet_auth_ctrl_exponential(struct nvmet_req *req,
499 u8 *buf, int buf_size)
501 struct nvmet_ctrl *ctrl = req->sq->ctrl;
505 pr_warn("ctrl %d no DH public key!\n", ctrl->cntlid);
508 if (buf_size != ctrl->dh_keysize) {
509 pr_warn("ctrl %d DH public key size mismatch, need %zu is %d\n",
510 ctrl->cntlid, ctrl->dh_keysize, buf_size);
513 memcpy(buf, ctrl->dh_key, buf_size);
514 pr_debug("%s: ctrl %d public key %*ph\n", __func__,
515 ctrl->cntlid, (int)buf_size, buf);
521 int nvmet_auth_ctrl_sesskey(struct nvmet_req *req,
522 u8 *pkey, int pkey_size)
524 struct nvmet_ctrl *ctrl = req->sq->ctrl;
527 req->sq->dhchap_skey_len = ctrl->dh_keysize;
528 req->sq->dhchap_skey = kzalloc(req->sq->dhchap_skey_len, GFP_KERNEL);
529 if (!req->sq->dhchap_skey)
531 ret = nvme_auth_gen_shared_secret(ctrl->dh_tfm,
533 req->sq->dhchap_skey,
534 req->sq->dhchap_skey_len);
536 pr_debug("failed to compute shared secret, err %d\n", ret);
538 pr_debug("%s: shared secret %*ph\n", __func__,
539 (int)req->sq->dhchap_skey_len,
540 req->sq->dhchap_skey);
projects / linux.git / blob