Am Freitag, 16. Juli 2021, 13:04:27 CEST schrieb Hannes Reinecke:
Hi Hannes,
> Implement support for augmented challenge with FFDHE groups.
> This patch adds a new configfs attribute 'dhchap_dhgroup' to
> select the DH group to use.
>
> Signed-off-by: Hannes Reinecke <hare@xxxxxxx>
> ---
> drivers/nvme/target/auth.c | 241 ++++++++++++++++++++++++-
> drivers/nvme/target/configfs.c | 31 ++++
> drivers/nvme/target/fabrics-cmd-auth.c | 14 +-
> 3 files changed, 281 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c
> index 00c7d051dfb1..cc7f12a7c8bf 100644
> --- a/drivers/nvme/target/auth.c
> +++ b/drivers/nvme/target/auth.c
> @@ -58,11 +58,56 @@ int nvmet_auth_set_host_key(struct nvmet_host *host,
> const char *secret)
>
> int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, int dhgroup_id)
> {
> + struct nvmet_host_link *p;
> + struct nvmet_host *host = NULL;
> + const char *dhgroup_kpp;
> int ret = -ENOTSUPP;
>
> if (dhgroup_id == NVME_AUTH_DHCHAP_DHGROUP_NULL)
> return 0;
>
> + down_read(&nvmet_config_sem);
> + if (ctrl->subsys->type == NVME_NQN_DISC)
> + goto out_unlock;
> +
> + list_for_each_entry(p, &ctrl->subsys->hosts, entry) {
> + if (strcmp(nvmet_host_name(p->host), ctrl->hostnqn))
> + continue;
> + host = p->host;
> + break;
> + }
> + if (!host) {
> + pr_debug("host %s not found\n", ctrl->hostnqn);
> + ret = -ENXIO;
> + goto out_unlock;
> + }
> +
> + if (host->dhchap_dhgroup_id != dhgroup_id) {
> + ret = -EINVAL;
> + goto out_unlock;
> + }
> + dhgroup_kpp = nvme_auth_dhgroup_kpp(dhgroup_id);
> + if (!dhgroup_kpp) {
> + ret = -EINVAL;
> + goto out_unlock;
> + }
> + ctrl->dh_tfm = crypto_alloc_kpp(dhgroup_kpp, 0, 0);
> + if (IS_ERR(ctrl->dh_tfm)) {
> + pr_debug("failed to setup DH group %d, err %ld\n",
> + dhgroup_id, PTR_ERR(ctrl->dh_tfm));
> + ret = PTR_ERR(ctrl->dh_tfm);
> + ctrl->dh_tfm = NULL;
> + } else {
> + ctrl->dh_gid = dhgroup_id;
> + ctrl->dh_keysize = nvme_auth_dhgroup_pubkey_size(dhgroup_id);
> + pr_debug("select DH group %d keysize %d\n",
> + ctrl->dh_gid, ctrl->dh_keysize);
> + ret = 0;
> + }
> +
> +out_unlock:
> + up_read(&nvmet_config_sem);
> +
> return ret;
> }
>
> @@ -192,6 +237,101 @@ bool nvmet_check_auth_status(struct nvmet_req *req)
> return true;
> }
>
> +static int nvmet_auth_hash_sesskey(struct nvmet_req *req, u8 *hashed_key)
> +{
> + struct nvmet_ctrl *ctrl = req->sq->ctrl;
> + const char *hmac_name, *digest_name;
> + struct crypto_shash *tfm;
> + int hmac_id, ret;
> +
> + if (!ctrl->shash_tfm) {
> + pr_debug("%s: hash alg not set\n", __func__);
> + return -EINVAL;
> + }
> + hmac_name = crypto_shash_alg_name(ctrl->shash_tfm);
> + hmac_id = nvme_auth_hmac_id(hmac_name);
> + if (hmac_id < 0) {
> + pr_debug("%s: unsupported hmac %s\n", __func__,
> + hmac_name);
> + return -EINVAL;
> + }
> + digest_name = nvme_auth_digest_name(hmac_id);
> + if (!digest_name) {
> + pr_debug("%s: failed to get digest for %s\n", __func__,
> + hmac_name);
> + return -EINVAL;
> + }
> + tfm = crypto_alloc_shash(digest_name, 0, 0);
> + if (IS_ERR(tfm))
> + return -ENOMEM;
> +
> + ret = crypto_shash_tfm_digest(tfm, req->sq->dhchap_skey,
> + req->sq->dhchap_skey_len, hashed_key);
> + if (ret < 0)
> + pr_debug("%s: Failed to hash digest len %d\n", __func__,
> + req->sq->dhchap_skey_len);
> +
> + crypto_free_shash(tfm);
> + return ret;
> +}
> +
> +static int nvmet_auth_augmented_challenge(struct nvmet_req *req,
> + u8 *challenge, u8 *aug)
> +{
> + struct nvmet_ctrl *ctrl = req->sq->ctrl;
> + struct crypto_shash *tfm;
> + struct shash_desc *desc;
> + u8 *hashed_key;
> + const char *hash_name;
> + int hash_len = req->sq->dhchap_hash_len;
> + int ret;
> +
> + hashed_key = kmalloc(hash_len, GFP_KERNEL);
> + if (!hashed_key)
> + return -ENOMEM;
> +
> + ret = nvmet_auth_hash_sesskey(req, hashed_key);
> + if (ret < 0) {
> + pr_debug("failed to hash session key, err %d\n", ret);
> + kfree(hashed_key);
> + return ret;
> + }
> + hash_name = crypto_shash_alg_name(ctrl->shash_tfm);
> + if (!hash_name) {
> + pr_debug("Invalid hash algoritm\n");
> + return -EINVAL;
> + }
> + tfm = crypto_alloc_shash(hash_name, 0, 0);
> + if (IS_ERR(tfm)) {
> + ret = PTR_ERR(tfm);
> + goto out_free_key;
> + }
> + desc = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(tfm),
> + GFP_KERNEL);
> + if (!desc) {
> + ret = -ENOMEM;
> + goto out_free_hash;
> + }
> + desc->tfm = tfm;
> +
> + ret = crypto_shash_setkey(tfm, hashed_key, hash_len);
> + if (ret)
> + goto out_free_desc;
> + ret = crypto_shash_init(desc);
> + if (ret)
> + goto out_free_desc;
> + crypto_shash_update(desc, challenge, hash_len);
> + crypto_shash_final(desc, aug);
> +
> +out_free_desc:
> + kfree_sensitive(desc);
> +out_free_hash:
> + crypto_free_shash(tfm);
> +out_free_key:
> + kfree(hashed_key);
> + return ret;
> +}
> +
> int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response,
> unsigned int shash_len)
> {
> @@ -202,8 +342,15 @@ int nvmet_auth_host_hash(struct nvmet_req *req, u8
> *response, int ret;
>
> if (ctrl->dh_gid != NVME_AUTH_DHCHAP_DHGROUP_NULL) {
> - ret = -ENOTSUPP;
> - goto out;
> + challenge = kmalloc(shash_len, GFP_KERNEL);
Alignment?
> + if (!challenge) {
> + ret = -ENOMEM;
> + goto out;
> + }
> + ret = nvmet_auth_augmented_challenge(req, req->sq->dhchap_c1,
> + challenge);
> + if (ret)
> + goto out;
> }
>
> shash->tfm = ctrl->shash_tfm;
> @@ -264,8 +411,15 @@ int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8
> *response, ctrl->cntlid, ctrl->hostnqn);
>
> if (ctrl->dh_gid != NVME_AUTH_DHCHAP_DHGROUP_NULL) {
> - ret = -ENOTSUPP;
> - goto out;
> + challenge = kmalloc(shash_len, GFP_KERNEL);
dto.
> + if (!challenge) {
> + ret = -ENOMEM;
> + goto out;
> + }
> + ret = nvmet_auth_augmented_challenge(req, req->sq->dhchap_c2,
> + challenge);
> + if (ret)
> + goto out;
> }
>
> shash->tfm = ctrl->shash_tfm;
> @@ -307,6 +461,85 @@ int nvmet_auth_ctrl_hash(struct nvmet_req *req, u8
> *response, return 0;
> }
>
> +int nvmet_auth_ctrl_exponential(struct nvmet_req *req,
> + u8 *buf, int buf_size)
> +{
> + struct nvmet_ctrl *ctrl = req->sq->ctrl;
> + struct kpp_request *kpp_req;
> + struct crypto_wait wait;
> + char *pkey;
> + struct scatterlist dst;
> + int ret, pkey_len;
> +
> + if (ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_2048 ||
> + ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_3072 ||
> + ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_4096 ||
> + ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_6144 ||
> + ctrl->dh_gid == NVME_AUTH_DHCHAP_DHGROUP_8192) {
> + struct dh p = {0};
> + int bits = nvme_auth_dhgroup_pubkey_size(ctrl->dh_gid) << 3;
> +
> + ret = crypto_ffdhe_params(&p, bits);
> + if (ret)
> + return ret;
> +
> + p.key = ctrl->dhchap_key;
> + p.key_size = ctrl->dhchap_key_len;
> +
> + pkey_len = crypto_dh_key_len(&p);
> + pkey = kmalloc(pkey_len, GFP_KERNEL);
> + if (!pkey)
> + return -ENOMEM;
> +
> + get_random_bytes(pkey, pkey_len);
> + ret = crypto_dh_encode_key(pkey, pkey_len, &p);
> + if (ret) {
> + pr_debug("failed to encode private key, error %d\n",
> + ret);
> + goto out;
> + }
> + } else {
> + pr_warn("invalid dh group %d\n", ctrl->dh_gid);
> + return -EINVAL;
> + }
> + ret = crypto_kpp_set_secret(ctrl->dh_tfm, pkey, pkey_len);
> + if (ret) {
> + pr_debug("failed to set private key, error %d\n", ret);
> + goto out;
> + }
> +
> + kpp_req = kpp_request_alloc(ctrl->dh_tfm, GFP_KERNEL);
> + if (!kpp_req) {
> + pr_debug("cannot allocate kpp request\n");
> + ret = -ENOMEM;
> + goto out;
> + }
> +
> + crypto_init_wait(&wait);
> + kpp_request_set_input(kpp_req, NULL, 0);
> + sg_init_one(&dst, buf, buf_size);
> + kpp_request_set_output(kpp_req, &dst, buf_size);
> + kpp_request_set_callback(kpp_req, CRYPTO_TFM_REQ_MAY_BACKLOG,
> + crypto_req_done, &wait);
> +
> + ret = crypto_wait_req(crypto_kpp_generate_public_key(kpp_req), &wait);
> + kpp_request_free(kpp_req);
> + if (ret == -EOVERFLOW) {
> + pr_debug("public key buffer too small, need %d is %d\n",
> + crypto_kpp_maxsize(ctrl->dh_tfm), buf_size);
> + ret = -ENOKEY;
> + } else if (ret) {
> + pr_debug("failed to generate public key, err %d\n", ret);
> + ret = -ENOKEY;
> + } else
> + pr_debug("%s: ctrl public key %*ph\n", __func__,
> + (int)buf_size, buf);
> +
> +out:
> + kfree_sensitive(pkey);
> + return ret;
> +}
In general: the target/host authentication code looks very similar. Is there
no way to have a common code base?
> +
> int nvmet_auth_ctrl_sesskey(struct nvmet_req *req,
> u8 *pkey, int pkey_size)
> {
> diff --git a/drivers/nvme/target/configfs.c b/drivers/nvme/target/configfs.c
> index e0760911a761..e9b8884a83b0 100644
> --- a/drivers/nvme/target/configfs.c
> +++ b/drivers/nvme/target/configfs.c
> @@ -1712,9 +1712,40 @@ static ssize_t nvmet_host_dhchap_hash_store(struct
> config_item *item,
>
> CONFIGFS_ATTR(nvmet_host_, dhchap_hash);
>
> +static ssize_t nvmet_host_dhchap_dhgroup_show(struct config_item *item,
> + char *page)
> +{
> + struct nvmet_host *host = to_host(item);
> + const char *dhgroup = nvme_auth_dhgroup_name(host->dhchap_dhgroup_id);
> +
> + return sprintf(page, "%s\n", dhgroup ? dhgroup : "none");
> +}
> +
> +static ssize_t nvmet_host_dhchap_dhgroup_store(struct config_item *item,
> + const char *page, size_t count)
> +{
> + struct nvmet_host *host = to_host(item);
> + int dhgroup_id;
> +
> + dhgroup_id = nvme_auth_dhgroup_id(page);
> + if (dhgroup_id < 0)
> + return -EINVAL;
> + if (dhgroup_id != NVME_AUTH_DHCHAP_DHGROUP_NULL) {
> + const char *kpp = nvme_auth_dhgroup_kpp(dhgroup_id);
> +
> + if (!crypto_has_kpp(kpp, 0, 0))
> + return -EINVAL;
> + }
> + host->dhchap_dhgroup_id = dhgroup_id;
> + return count;
> +}
> +
> +CONFIGFS_ATTR(nvmet_host_, dhchap_dhgroup);
> +
> static struct configfs_attribute *nvmet_host_attrs[] = {
> &nvmet_host_attr_dhchap_key,
> &nvmet_host_attr_dhchap_hash,
> + &nvmet_host_attr_dhchap_dhgroup,
> NULL,
> };
> #endif /* CONFIG_NVME_TARGET_AUTH */
> diff --git a/drivers/nvme/target/fabrics-cmd-auth.c
> b/drivers/nvme/target/fabrics-cmd-auth.c index 962f9f5e9d89..478ac351c645
> 100644
> --- a/drivers/nvme/target/fabrics-cmd-auth.c
> +++ b/drivers/nvme/target/fabrics-cmd-auth.c
> @@ -98,7 +98,11 @@ static u16 nvmet_auth_reply(struct nvmet_req *req, void
> *d) return NVME_AUTH_DHCHAP_FAILURE_INVALID_PAYLOAD;
>
> if (data->dhvlen) {
> - return NVME_AUTH_DHCHAP_FAILURE_INVALID_PAYLOAD;
> + if (!ctrl->dh_tfm)
> + return NVME_AUTH_DHCHAP_FAILURE_INVALID_PAYLOAD;
> + if (nvmet_auth_ctrl_sesskey(req, data->rval + 2 * data->hl,
> + data->dhvlen) < 0)
> + return NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE;
> }
>
> response = kmalloc(data->hl, GFP_KERNEL);
> @@ -299,6 +303,8 @@ static int nvmet_auth_challenge(struct nvmet_req *req,
> void *d, int al) int ret = 0;
> int data_size = sizeof(*d) + req->sq->dhchap_hash_len;
>
> + if (ctrl->dh_tfm)
> + data_size += ctrl->dh_keysize;
> if (al < data_size) {
> pr_debug("%s: buffer too small (al %d need %d)\n", __func__,
> al, data_size);
> @@ -317,6 +323,12 @@ static int nvmet_auth_challenge(struct nvmet_req *req,
> void *d, int al) return -ENOMEM;
> get_random_bytes(req->sq->dhchap_c1, data->hl);
> memcpy(data->cval, req->sq->dhchap_c1, data->hl);
> + if (ctrl->dh_tfm) {
> + data->dhgid = ctrl->dh_gid;
> + data->dhvlen = ctrl->dh_keysize;
> + ret = nvmet_auth_ctrl_exponential(req, data->cval + data->hl,
> + data->dhvlen);
> + }
> pr_debug("%s: ctrl %d qid %d seq %d transaction %d hl %d dhvlen %d\n",
> __func__, ctrl->cntlid, req->sq->qid, req->sq->dhchap_s1,
> req->sq->dhchap_tid, data->hl, data->dhvlen);
Ciao
Stephan
