1 // SPDX-License-Identifier: GPL-2.0
3 * NVMe over Fabrics DH-HMAC-CHAP authentication.
4 * Copyright (c) 2020 Hannes Reinecke, SUSE Software Solutions.
7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
8 #include <linux/module.h>
9 #include <linux/init.h>
10 #include <linux/slab.h>
11 #include <linux/err.h>
12 #include <crypto/hash.h>
13 #include <linux/crc32.h>
14 #include <linux/base64.h>
15 #include <linux/ctype.h>
16 #include <linux/random.h>
17 #include <linux/nvme-auth.h>
18 #include <asm/unaligned.h>
22 int nvmet_auth_set_key(struct nvmet_host *host, const char *secret,
25 unsigned char key_hash;
28 if (sscanf(secret, "DHHC-1:%hhd:%*s", &key_hash) != 1)
31 pr_warn("Invalid DH-HMAC-CHAP hash id %d\n",
36 /* Validate selected hash algorithm */
37 const char *hmac = nvme_auth_hmac_name(key_hash);
39 if (!crypto_has_shash(hmac, 0, 0)) {
40 pr_err("DH-HMAC-CHAP hash %s unsupported\n", hmac);
44 dhchap_secret = kstrdup(secret, GFP_KERNEL);
48 host->dhchap_ctrl_secret = strim(dhchap_secret);
49 host->dhchap_ctrl_key_hash = key_hash;
51 host->dhchap_secret = strim(dhchap_secret);
52 host->dhchap_key_hash = key_hash;
57 int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, u8 dhgroup_id)
59 const char *dhgroup_kpp;
62 pr_debug("%s: ctrl %d selecting dhgroup %d\n",
63 __func__, ctrl->cntlid, dhgroup_id);
66 if (ctrl->dh_gid == dhgroup_id) {
67 pr_debug("%s: ctrl %d reuse existing DH group %d\n",
68 __func__, ctrl->cntlid, dhgroup_id);
71 crypto_free_kpp(ctrl->dh_tfm);
76 if (dhgroup_id == NVME_AUTH_DHGROUP_NULL)
79 dhgroup_kpp = nvme_auth_dhgroup_kpp(dhgroup_id);
81 pr_debug("%s: ctrl %d invalid DH group %d\n",
82 __func__, ctrl->cntlid, dhgroup_id);
85 ctrl->dh_tfm = crypto_alloc_kpp(dhgroup_kpp, 0, 0);
86 if (IS_ERR(ctrl->dh_tfm)) {
87 pr_debug("%s: ctrl %d failed to setup DH group %d, err %ld\n",
88 __func__, ctrl->cntlid, dhgroup_id,
89 PTR_ERR(ctrl->dh_tfm));
90 ret = PTR_ERR(ctrl->dh_tfm);
94 ctrl->dh_gid = dhgroup_id;
95 pr_debug("%s: ctrl %d setup DH group %d\n",
96 __func__, ctrl->cntlid, ctrl->dh_gid);
97 ret = nvme_auth_gen_privkey(ctrl->dh_tfm, ctrl->dh_gid);
99 pr_debug("%s: ctrl %d failed to generate private key, err %d\n",
100 __func__, ctrl->cntlid, ret);
101 kfree_sensitive(ctrl->dh_key);
104 ctrl->dh_keysize = crypto_kpp_maxsize(ctrl->dh_tfm);
105 kfree_sensitive(ctrl->dh_key);
106 ctrl->dh_key = kzalloc(ctrl->dh_keysize, GFP_KERNEL);
108 pr_warn("ctrl %d failed to allocate public key\n",
112 ret = nvme_auth_gen_pubkey(ctrl->dh_tfm, ctrl->dh_key,
115 pr_warn("ctrl %d failed to generate public key\n",
125 int nvmet_setup_auth(struct nvmet_ctrl *ctrl)
128 struct nvmet_host_link *p;
129 struct nvmet_host *host = NULL;
130 const char *hash_name;
132 down_read(&nvmet_config_sem);
133 if (nvmet_is_disc_subsys(ctrl->subsys))
136 if (ctrl->subsys->allow_any_host)
139 list_for_each_entry(p, &ctrl->subsys->hosts, entry) {
140 pr_debug("check %s\n", nvmet_host_name(p->host));
141 if (strcmp(nvmet_host_name(p->host), ctrl->hostnqn))
147 pr_debug("host %s not found\n", ctrl->hostnqn);
152 ret = nvmet_setup_dhgroup(ctrl, host->dhchap_dhgroup_id);
154 pr_warn("Failed to setup DH group");
156 if (!host->dhchap_secret) {
157 pr_debug("No authentication provided\n");
161 if (host->dhchap_hash_id == ctrl->shash_id) {
162 pr_debug("Re-use existing hash ID %d\n",
165 hash_name = nvme_auth_hmac_name(host->dhchap_hash_id);
167 pr_warn("Hash ID %d invalid\n", host->dhchap_hash_id);
171 ctrl->shash_id = host->dhchap_hash_id;
174 /* Skip the 'DHHC-1:XX:' prefix */
175 nvme_auth_free_key(ctrl->host_key);
176 ctrl->host_key = nvme_auth_extract_key(host->dhchap_secret + 10,
177 host->dhchap_key_hash);
178 if (IS_ERR(ctrl->host_key)) {
179 ret = PTR_ERR(ctrl->host_key);
180 ctrl->host_key = NULL;
183 pr_debug("%s: using hash %s key %*ph\n", __func__,
184 ctrl->host_key->hash > 0 ?
185 nvme_auth_hmac_name(ctrl->host_key->hash) : "none",
186 (int)ctrl->host_key->len, ctrl->host_key->key);
188 nvme_auth_free_key(ctrl->ctrl_key);
189 if (!host->dhchap_ctrl_secret) {
190 ctrl->ctrl_key = NULL;
194 ctrl->ctrl_key = nvme_auth_extract_key(host->dhchap_ctrl_secret + 10,
195 host->dhchap_ctrl_key_hash);
196 if (IS_ERR(ctrl->ctrl_key)) {
197 ret = PTR_ERR(ctrl->ctrl_key);
198 ctrl->ctrl_key = NULL;
200 pr_debug("%s: using ctrl hash %s key %*ph\n", __func__,
201 ctrl->ctrl_key->hash > 0 ?
202 nvme_auth_hmac_name(ctrl->ctrl_key->hash) : "none",
203 (int)ctrl->ctrl_key->len, ctrl->ctrl_key->key);
207 if (ctrl->host_key) {
208 nvme_auth_free_key(ctrl->host_key);
209 ctrl->host_key = NULL;
214 up_read(&nvmet_config_sem);
219 void nvmet_auth_sq_free(struct nvmet_sq *sq)
221 cancel_delayed_work(&sq->auth_expired_work);
222 kfree(sq->dhchap_c1);
223 sq->dhchap_c1 = NULL;
224 kfree(sq->dhchap_c2);
225 sq->dhchap_c2 = NULL;
226 kfree(sq->dhchap_skey);
227 sq->dhchap_skey = NULL;
230 void nvmet_destroy_auth(struct nvmet_ctrl *ctrl)
235 crypto_free_kpp(ctrl->dh_tfm);
239 kfree_sensitive(ctrl->dh_key);
242 if (ctrl->host_key) {
243 nvme_auth_free_key(ctrl->host_key);
244 ctrl->host_key = NULL;
246 if (ctrl->ctrl_key) {
247 nvme_auth_free_key(ctrl->ctrl_key);
248 ctrl->ctrl_key = NULL;
252 bool nvmet_check_auth_status(struct nvmet_req *req)
254 if (req->sq->ctrl->host_key &&
255 !req->sq->authenticated)
260 int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response,
261 unsigned int shash_len)
263 struct crypto_shash *shash_tfm;
264 struct shash_desc *shash;
265 struct nvmet_ctrl *ctrl = req->sq->ctrl;
266 const char *hash_name;
267 u8 *challenge = req->sq->dhchap_c1, *host_response;
271 hash_name = nvme_auth_hmac_name(ctrl->shash_id);
273 pr_warn("Hash ID %d invalid\n", ctrl->shash_id);
277 shash_tfm = crypto_alloc_shash(hash_name, 0, 0);
278 if (IS_ERR(shash_tfm)) {
279 pr_err("failed to allocate shash %s\n", hash_name);
280 return PTR_ERR(shash_tfm);
283 if (shash_len != crypto_shash_digestsize(shash_tfm)) {
284 pr_debug("%s: hash len mismatch (len %d digest %d)\n",
286 crypto_shash_digestsize(shash_tfm));
291 host_response = nvme_auth_transform_key(ctrl->host_key, ctrl->hostnqn);
292 if (IS_ERR(host_response)) {
293 ret = PTR_ERR(host_response);
297 ret = crypto_shash_setkey(shash_tfm, host_response,
298 ctrl->host_key->len);
300 goto out_free_response;
302 if (ctrl->dh_gid != NVME_AUTH_DHGROUP_NULL) {
303 challenge = kmalloc(shash_len, GFP_KERNEL);
306 goto out_free_response;
308 ret = nvme_auth_augmented_challenge(ctrl->shash_id,
309 req->sq->dhchap_skey,
310 req->sq->dhchap_skey_len,
312 challenge, shash_len);
314 goto out_free_response;
317 pr_debug("ctrl %d qid %d host response seq %u transaction %d\n",
318 ctrl->cntlid, req->sq->qid, req->sq->dhchap_s1,
319 req->sq->dhchap_tid);
321 shash = kzalloc(sizeof(*shash) + crypto_shash_descsize(shash_tfm),
325 goto out_free_response;
327 shash->tfm = shash_tfm;
328 ret = crypto_shash_init(shash);
331 ret = crypto_shash_update(shash, challenge, shash_len);
334 put_unaligned_le32(req->sq->dhchap_s1, buf);
335 ret = crypto_shash_update(shash, buf, 4);
338 put_unaligned_le16(req->sq->dhchap_tid, buf);
339 ret = crypto_shash_update(shash, buf, 2);
343 ret = crypto_shash_update(shash, buf, 1);
346 ret = crypto_shash_update(shash, "HostHost", 8);
349 ret = crypto_shash_update(shash, ctrl->hostnqn, strlen(ctrl->hostnqn));
352 ret = crypto_shash_update(shash, buf, 1);
355 ret = crypto_shash_update(shash, ctrl->subsysnqn,
356 strlen(ctrl->subsysnqn));
359 ret = crypto_shash_final(shash, response);
361 if (challenge != req->sq->dhchap_c1)
365 kfree_sensitive(host_response);
367 crypto_free_shash(shash_tfm);
371 int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8 *response,
372 unsigned int shash_len)
374 struct crypto_shash *shash_tfm;
375 struct shash_desc *shash;
376 struct nvmet_ctrl *ctrl = req->sq->ctrl;
377 const char *hash_name;
378 u8 *challenge = req->sq->dhchap_c2, *ctrl_response;
382 hash_name = nvme_auth_hmac_name(ctrl->shash_id);
384 pr_warn("Hash ID %d invalid\n", ctrl->shash_id);
388 shash_tfm = crypto_alloc_shash(hash_name, 0, 0);
389 if (IS_ERR(shash_tfm)) {
390 pr_err("failed to allocate shash %s\n", hash_name);
391 return PTR_ERR(shash_tfm);
394 if (shash_len != crypto_shash_digestsize(shash_tfm)) {
395 pr_debug("%s: hash len mismatch (len %d digest %d)\n",
397 crypto_shash_digestsize(shash_tfm));
402 ctrl_response = nvme_auth_transform_key(ctrl->ctrl_key,
404 if (IS_ERR(ctrl_response)) {
405 ret = PTR_ERR(ctrl_response);
409 ret = crypto_shash_setkey(shash_tfm, ctrl_response,
410 ctrl->ctrl_key->len);
412 goto out_free_response;
414 if (ctrl->dh_gid != NVME_AUTH_DHGROUP_NULL) {
415 challenge = kmalloc(shash_len, GFP_KERNEL);
418 goto out_free_response;
420 ret = nvme_auth_augmented_challenge(ctrl->shash_id,
421 req->sq->dhchap_skey,
422 req->sq->dhchap_skey_len,
424 challenge, shash_len);
426 goto out_free_response;
429 shash = kzalloc(sizeof(*shash) + crypto_shash_descsize(shash_tfm),
433 goto out_free_response;
435 shash->tfm = shash_tfm;
437 ret = crypto_shash_init(shash);
440 ret = crypto_shash_update(shash, challenge, shash_len);
443 put_unaligned_le32(req->sq->dhchap_s2, buf);
444 ret = crypto_shash_update(shash, buf, 4);
447 put_unaligned_le16(req->sq->dhchap_tid, buf);
448 ret = crypto_shash_update(shash, buf, 2);
452 ret = crypto_shash_update(shash, buf, 1);
455 ret = crypto_shash_update(shash, "Controller", 10);
458 ret = crypto_shash_update(shash, ctrl->subsysnqn,
459 strlen(ctrl->subsysnqn));
462 ret = crypto_shash_update(shash, buf, 1);
465 ret = crypto_shash_update(shash, ctrl->hostnqn, strlen(ctrl->hostnqn));
468 ret = crypto_shash_final(shash, response);
470 if (challenge != req->sq->dhchap_c2)
474 kfree_sensitive(ctrl_response);
476 crypto_free_shash(shash_tfm);
480 int nvmet_auth_ctrl_exponential(struct nvmet_req *req,
481 u8 *buf, int buf_size)
483 struct nvmet_ctrl *ctrl = req->sq->ctrl;
487 pr_warn("ctrl %d no DH public key!\n", ctrl->cntlid);
490 if (buf_size != ctrl->dh_keysize) {
491 pr_warn("ctrl %d DH public key size mismatch, need %zu is %d\n",
492 ctrl->cntlid, ctrl->dh_keysize, buf_size);
495 memcpy(buf, ctrl->dh_key, buf_size);
496 pr_debug("%s: ctrl %d public key %*ph\n", __func__,
497 ctrl->cntlid, (int)buf_size, buf);
503 int nvmet_auth_ctrl_sesskey(struct nvmet_req *req,
504 u8 *pkey, int pkey_size)
506 struct nvmet_ctrl *ctrl = req->sq->ctrl;
509 req->sq->dhchap_skey_len = ctrl->dh_keysize;
510 req->sq->dhchap_skey = kzalloc(req->sq->dhchap_skey_len, GFP_KERNEL);
511 if (!req->sq->dhchap_skey)
513 ret = nvme_auth_gen_shared_secret(ctrl->dh_tfm,
515 req->sq->dhchap_skey,
516 req->sq->dhchap_skey_len);
518 pr_debug("failed to compute shared secret, err %d\n", ret);
520 pr_debug("%s: shared secret %*ph\n", __func__,
521 (int)req->sq->dhchap_skey_len,
522 req->sq->dhchap_skey);
projects / platform / kernel / linux-rpi.git / blob