From: Hannes Reinecke <hare@suse.de>
To: Sagi Grimberg <sagi@grimberg.me>, Christoph Hellwig <hch@lst.de>
Cc: Keith Busch <keith.busch@wdc.com>,
linux-nvme@lists.infradead.org,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
linux-crypto@vger.kernel.org
Subject: Re: [PATCH 07/11] nvme-auth: augmented challenge support
Date: Tue, 20 Jul 2021 15:12:30 +0200 [thread overview]
Message-ID: <7aacc3ea-fad5-78c6-1bd5-22fec11ee32e@suse.de> (raw)
In-Reply-To: <3681598b-436a-5f25-f61f-f09c6ec077a3@grimberg.me>
On 7/19/21 11:21 AM, Sagi Grimberg wrote:
>
>
> On 7/16/21 4:04 AM, Hannes Reinecke wrote:
>> Implement support for augmented challenge using FFDHE groups.
>
> Please some more info for the change log...
>
>>
>> Signed-off-by: Hannes Reinecke <hare@suse.de>
>> ---
>> drivers/nvme/host/auth.c | 403 +++++++++++++++++++++++++++++++++++----
>> 1 file changed, 371 insertions(+), 32 deletions(-)
>>
>> diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
>> index 448a3adebea6..754343aced19 100644
>> --- a/drivers/nvme/host/auth.c
>> +++ b/drivers/nvme/host/auth.c
[ .. ]
>> @@ -290,10 +382,24 @@ static int nvme_auth_dhchap_challenge(struct
>> nvme_ctrl *ctrl,
>> return -EPROTO;
>> }
>> if (data->dhgid != NVME_AUTH_DHCHAP_DHGROUP_NULL) {
>> - chap->status = NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE;
>> - return -EPROTO;
>> - }
>> - if (data->dhgid == NVME_AUTH_DHCHAP_DHGROUP_NULL && data->dhvlen
>> != 0) {
>> + if (data->dhvlen == 0) {
>> + dev_warn(ctrl->device,
>> + "qid %d: DH-HMAC-CHAP: empty DH value\n",
>> + chap->qid);
>> + chap->status = NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE;
>> + return -EPROTO;
>> + }
>> + chap->dh_tfm = crypto_alloc_kpp(gid_name, 0, 0);
>> + if (IS_ERR(chap->dh_tfm)) {
>> + dev_warn(ctrl->device,
>> + "qid %d: DH-HMAC-CHAP: failed to initialize %s\n",
>> + chap->qid, gid_name);
>> + chap->status = NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE;
>> + chap->dh_tfm = NULL;
>> + return -EPROTO;
>
> Why not propogate the error?
>
Will be doing so.
>> + }
>> + chap->dhgroup_id = data->dhgid;
>> + } else if (data->dhvlen != 0) {
>> dev_warn(ctrl->device,
>> "qid %d: DH-HMAC-CHAP: invalid DH value for NULL DH\n",
>> chap->qid);
>> @@ -313,6 +419,16 @@ static int nvme_auth_dhchap_challenge(struct
>> nvme_ctrl *ctrl,
>> chap->hash_len = data->hl;
>> chap->s1 = le32_to_cpu(data->seqnum);
>> memcpy(chap->c1, data->cval, chap->hash_len);
>> + if (data->dhvlen) {
>> + chap->ctrl_key = kmalloc(data->dhvlen, GFP_KERNEL);
>> + if (!chap->ctrl_key)
>> + return -ENOMEM;
>> + chap->ctrl_key_len = data->dhvlen;
>> + memcpy(chap->ctrl_key, data->cval + chap->hash_len,
>> + data->dhvlen);
>> + dev_dbg(ctrl->device, "ctrl public key %*ph\n",
>> + (int)chap->ctrl_key_len, chap->ctrl_key);
>> + }
>> return 0;
>> }
>> @@ -353,10 +469,13 @@ static int nvme_auth_dhchap_reply(struct
>> nvme_ctrl *ctrl,
>> memcpy(data->rval + chap->hash_len, chap->c2,
>> chap->hash_len);
>> }
>> - if (chap->host_key_len)
>> + if (chap->host_key_len) {
>> + dev_dbg(ctrl->device, "%s: qid %d host public key %*ph\n",
>> + __func__, chap->qid,
>> + chap->host_key_len, chap->host_key);
>> memcpy(data->rval + 2 * chap->hash_len, chap->host_key,
>> chap->host_key_len);
>> -
>> + }
>
> Is this change only adding the debug print?
>
Might. I'll check.
>> return size;
>> }
>> @@ -440,23 +559,10 @@ static int nvme_auth_dhchap_failure2(struct
>> nvme_ctrl *ctrl,
>> int nvme_auth_select_hash(struct nvme_ctrl *ctrl,
>> struct nvme_dhchap_context *chap)
>> {
>> - char *hash_name;
>> + const char *hash_name, *digest_name;
>> int ret;
>> - switch (chap->hash_id) {
>> - case NVME_AUTH_DHCHAP_HASH_SHA256:
>> - hash_name = "hmac(sha256)";
>> - break;
>> - case NVME_AUTH_DHCHAP_HASH_SHA384:
>> - hash_name = "hmac(sha384)";
>> - break;
>> - case NVME_AUTH_DHCHAP_HASH_SHA512:
>> - hash_name = "hmac(sha512)";
>> - break;
>> - default:
>> - hash_name = NULL;
>> - break;
>> - }
>> + hash_name = nvme_auth_hmac_name(chap->hash_id);
>> if (!hash_name) {
>> chap->status = NVME_AUTH_DHCHAP_FAILURE_NOT_USABLE;
>> return -EPROTO;
>> @@ -468,26 +574,100 @@ int nvme_auth_select_hash(struct nvme_ctrl *ctrl,
>> chap->shash_tfm = NULL;
>> return -EPROTO;
>> }
>> + digest_name = nvme_auth_digest_name(chap->hash_id);
>> + if (!digest_name) {
>> + crypto_free_shash(chap->shash_tfm);
>> + chap->shash_tfm = NULL;
>> + return -EPROTO;
>> + }
>> + chap->digest_tfm = crypto_alloc_shash(digest_name, 0, 0);
>> + if (IS_ERR(chap->digest_tfm)) {
>> + chap->status = NVME_AUTH_DHCHAP_FAILURE_NOT_USABLE;
>> + crypto_free_shash(chap->shash_tfm);
>> + chap->shash_tfm = NULL;
>> + chap->digest_tfm = NULL;
>> + return -EPROTO;
>> + }
>> if (!chap->key) {
>> dev_warn(ctrl->device, "qid %d: cannot select hash, no key\n",
>> chap->qid);
>> chap->status = NVME_AUTH_DHCHAP_FAILURE_NOT_USABLE;
>> + crypto_free_shash(chap->digest_tfm);
>> crypto_free_shash(chap->shash_tfm);
>> chap->shash_tfm = NULL;
>> + chap->digest_tfm = NULL;
>> return -EINVAL;
>
> Please have a structured goto targets in reverse order, this repeated
> cleanup is a mess...
>
Already done.
>> }
>> ret = crypto_shash_setkey(chap->shash_tfm, chap->key,
>> chap->key_len);
>> if (ret) {
>> chap->status = NVME_AUTH_DHCHAP_FAILURE_NOT_USABLE;
>> + crypto_free_shash(chap->digest_tfm);
>> crypto_free_shash(chap->shash_tfm);
>> chap->shash_tfm = NULL;
>> + chap->digest_tfm = NULL;
>> return ret;
>> }
>> - dev_info(ctrl->device, "qid %d: DH-HMAC_CHAP: selected hash %s\n",
>> - chap->qid, hash_name);
>> + dev_dbg(ctrl->device, "qid %d: DH-HMAC_CHAP: selected hash %s\n",
>> + chap->qid, hash_name);
>> return 0;
>> }
>> +static int nvme_auth_augmented_challenge(struct nvme_dhchap_context
>> *chap,
>> + u8 *challenge, u8 *aug)
>> +{
>> + struct crypto_shash *tfm;
>> + struct shash_desc *desc;
>> + u8 *hashed_key;
>> + const char *hash_name;
>> + int ret;
>> +
>> + hashed_key = kmalloc(chap->hash_len, GFP_KERNEL);
>> + if (!hashed_key)
>> + return -ENOMEM;
>> +
>> + ret = crypto_shash_tfm_digest(chap->digest_tfm, chap->sess_key,
>> + chap->sess_key_len, hashed_key);
>> + if (ret < 0) {
>> + pr_debug("failed to hash session key, err %d\n", ret);
>> + kfree(hashed_key);
>
> Same here...
>
>> + return ret;
>> + }
>
> Spaces between if conditions please?
>
>> + hash_name = crypto_shash_alg_name(chap->shash_tfm);
>> + if (!hash_name) {
>> + pr_debug("Invalid hash algoritm\n");
>> + return -EINVAL;
>> + }
>> + tfm = crypto_alloc_shash(hash_name, 0, 0);
>> + if (IS_ERR(tfm)) {
>> + ret = PTR_ERR(tfm);
>> + goto out_free_key;
>> + }
>> + desc = kmalloc(sizeof(struct shash_desc) +
>> crypto_shash_descsize(tfm),
>> + GFP_KERNEL);
>> + if (!desc) {
>> + ret = -ENOMEM;
>> + goto out_free_hash;
>> + }
>> + desc->tfm = tfm;
>> +
>> + ret = crypto_shash_setkey(tfm, hashed_key, chap->hash_len);
>> + if (ret)
>> + goto out_free_desc;
>> + ret = crypto_shash_init(desc);
>> + if (ret)
>> + goto out_free_desc;
>> + crypto_shash_update(desc, challenge, chap->hash_len);
>> + crypto_shash_final(desc, aug);
>> +
>> +out_free_desc:
>> + kfree_sensitive(desc);
>> +out_free_hash:
>> + crypto_free_shash(tfm);
>> +out_free_key:
>> + kfree(hashed_key);
>> + return ret;
>> +}
>> +
>> static int nvme_auth_dhchap_host_response(struct nvme_ctrl *ctrl,
>> struct nvme_dhchap_context *chap)
>> {
>> @@ -497,6 +677,16 @@ static int nvme_auth_dhchap_host_response(struct
>> nvme_ctrl *ctrl,
>> dev_dbg(ctrl->device, "%s: qid %d host response seq %d
>> transaction %d\n",
>> __func__, chap->qid, chap->s1, chap->transaction);
>> + if (chap->dh_tfm) {
>> + challenge = kmalloc(chap->hash_len, GFP_KERNEL);
>> + if (!challenge) {
>> + ret = -ENOMEM;
>> + goto out;
>> + }
>> + ret = nvme_auth_augmented_challenge(chap, chap->c1, challenge);
>> + if (ret)
>> + goto out;
>> + }
>> shash->tfm = chap->shash_tfm;
>> ret = crypto_shash_init(shash);
>> if (ret)
>> @@ -532,6 +722,8 @@ static int nvme_auth_dhchap_host_response(struct
>> nvme_ctrl *ctrl,
>> goto out;
>> ret = crypto_shash_final(shash, chap->response);
>> out:
>> + if (challenge != chap->c1)
>> + kfree(challenge);
>> return ret;
>> }
>> @@ -542,6 +734,17 @@ static int
>> nvme_auth_dhchap_ctrl_response(struct nvme_ctrl *ctrl,
>> u8 buf[4], *challenge = chap->c2;
>> int ret;
>> + if (chap->dh_tfm) {
>> + challenge = kmalloc(chap->hash_len, GFP_KERNEL);
>> + if (!challenge) {
>> + ret = -ENOMEM;
>> + goto out;
>> + }
>> + ret = nvme_auth_augmented_challenge(chap, chap->c2,
>> + challenge);
>> + if (ret)
>> + goto out;
>> + }
>> dev_dbg(ctrl->device, "%s: qid %d host response seq %d
>> transaction %d\n",
>> __func__, chap->qid, chap->s2, chap->transaction);
>> dev_dbg(ctrl->device, "%s: qid %d challenge %*ph\n",
>> @@ -585,6 +788,8 @@ static int nvme_auth_dhchap_ctrl_response(struct
>> nvme_ctrl *ctrl,
>> goto out;
>> ret = crypto_shash_final(shash, chap->response);
>> out:
>> + if (challenge != chap->c2)
>> + kfree(challenge);
>
> Just free ?! what about failing?
>
This is not an error condition, but rather the case when we need to
construct an augmented challenge; in that case we'll allocate a
temporary buffer in 'challenge', and copy it over into 'c2'.
>> return ret;
>> }
>> @@ -644,10 +849,134 @@ int nvme_auth_generate_key(struct nvme_ctrl
>> *ctrl,
>> return 0;
>> }
>> +static int nvme_auth_dhchap_exponential(struct nvme_ctrl *ctrl,
>> + struct nvme_dhchap_context *chap)
>> +{
>> + struct kpp_request *req;
>> + struct crypto_wait wait;
>> + struct scatterlist src, dst;
>> + u8 *pkey;
>> + int ret, pkey_len;
>> +
>> + if (chap->dhgroup_id == NVME_AUTH_DHCHAP_DHGROUP_2048 ||
>> + chap->dhgroup_id == NVME_AUTH_DHCHAP_DHGROUP_3072 ||
>> + chap->dhgroup_id == NVME_AUTH_DHCHAP_DHGROUP_4096 ||
>> + chap->dhgroup_id == NVME_AUTH_DHCHAP_DHGROUP_6144 ||
>> + chap->dhgroup_id == NVME_AUTH_DHCHAP_DHGROUP_8192) {
>> + struct dh p = {0};
>> + int pubkey_size =
>> nvme_auth_dhgroup_pubkey_size(chap->dhgroup_id);
>> +
>> + ret = crypto_ffdhe_params(&p, pubkey_size << 3);
>> + if (ret) {
>> + dev_dbg(ctrl->device,
>> + "failed to generate ffdhe params, error %d\n",
>> + ret);
>> + return ret;
>> + }
>> + p.key = chap->key;
>> + p.key_size = chap->key_len;
>> +
>> + pkey_len = crypto_dh_key_len(&p);
>> + pkey = kzalloc(pkey_len, GFP_KERNEL);
>> +
>> + get_random_bytes(pkey, pkey_len);
>> + ret = crypto_dh_encode_key(pkey, pkey_len, &p);
>> + if (ret) {
>> + dev_dbg(ctrl->device,
>> + "failed to encode pkey, error %d\n", ret);
>> + kfree(pkey);
>> + return ret;
>> + }
>> + chap->host_key_len = pubkey_size;
>> + chap->sess_key_len = pubkey_size;
>> + } else {
>> + dev_warn(ctrl->device, "Invalid DH group id %d\n",
>> + chap->dhgroup_id);
>> + chap->status = NVME_AUTH_DHCHAP_FAILURE_INVALID_PAYLOAD;
>> + return -EINVAL;
>> + }
>> +
>> + ret = crypto_kpp_set_secret(chap->dh_tfm, pkey, pkey_len);
>> + if (ret) {
>> + dev_dbg(ctrl->dev, "failed to set secret, error %d\n", ret);
>> + kfree(pkey);
>> + return ret;
>> + }
>> + req = kpp_request_alloc(chap->dh_tfm, GFP_KERNEL);
>> + if (!req) {
>> + ret = -ENOMEM;
>> + goto out_free_exp;
>> + }
>> +
>> + chap->host_key = kzalloc(chap->host_key_len, GFP_KERNEL);
>> + if (!chap->host_key) {
>> + ret = -ENOMEM;
>> + goto out_free_req;
>> + }
>> + crypto_init_wait(&wait);
>> + kpp_request_set_input(req, NULL, 0);
>> + sg_init_one(&dst, chap->host_key, chap->host_key_len);
>> + kpp_request_set_output(req, &dst, chap->host_key_len);
>> + kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
>> + crypto_req_done, &wait);
>> +
>> + ret = crypto_wait_req(crypto_kpp_generate_public_key(req), &wait);
>> + if (ret == -EOVERFLOW) {
>> + dev_dbg(ctrl->dev,
>> + "public key buffer too small, wants %d is %d\n",
>> + crypto_kpp_maxsize(chap->dh_tfm), chap->host_key_len);
>> + goto out_free_host;
>
> Is this a specific retcode of intereset? Why did you specifically add
> special casing here?
>
Because that's the specific error code from the DH code, indicating that
the length isn't correct. And I needed that during development of the
FFDHE code.
But yeah, it can be removed.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), GF: Felix Imendörffer
next prev parent reply other threads:[~2021-07-20 13:12 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-16 11:04 [RFC PATCH 00/11] nvme: In-band authentication support Hannes Reinecke
2021-07-16 11:04 ` [PATCH 01/11] crypto: add crypto_has_shash() Hannes Reinecke
2021-07-17 6:08 ` Sagi Grimberg
2021-07-16 11:04 ` [PATCH 02/11] crypto: add crypto_has_kpp() Hannes Reinecke
2021-07-17 6:08 ` Sagi Grimberg
2021-07-16 11:04 ` [PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters Hannes Reinecke
2021-07-17 6:14 ` Sagi Grimberg
2021-07-17 13:57 ` Hannes Reinecke
2021-07-17 15:03 ` Stephan Müller
2021-07-18 12:22 ` Hannes Reinecke
2021-07-16 11:04 ` [PATCH 04/11] lib/base64: RFC4648-compliant base64 encoding Hannes Reinecke
2021-07-17 6:16 ` Sagi Grimberg
2021-07-17 14:00 ` Hannes Reinecke
2021-07-17 14:12 ` Eric Biggers
2021-07-17 14:20 ` Eric Biggers
2021-07-16 11:04 ` [PATCH 05/11] nvme: add definitions for NVMe In-Band authentication Hannes Reinecke
2021-07-17 6:30 ` Sagi Grimberg
2021-07-17 14:04 ` Hannes Reinecke
2021-07-20 20:26 ` Vladislav Bolkhovitin
2021-07-16 11:04 ` [PATCH 06/11] nvme: Implement " Hannes Reinecke
2021-07-17 7:22 ` Sagi Grimberg
2021-07-18 12:21 ` Hannes Reinecke
2021-07-19 8:47 ` Sagi Grimberg
2021-07-20 20:28 ` Vladislav Bolkhovitin
2021-07-21 6:12 ` Hannes Reinecke
2021-07-17 16:49 ` Stephan Müller
2021-07-18 12:43 ` Hannes Reinecke
2021-07-18 12:47 ` Stephan Müller
2021-07-20 20:27 ` Vladislav Bolkhovitin
2021-07-21 6:08 ` Hannes Reinecke
2021-07-21 12:10 ` Vladislav Bolkhovitin
2021-07-16 11:04 ` [PATCH 07/11] nvme-auth: augmented challenge support Hannes Reinecke
2021-07-17 16:49 ` Stephan Müller
2021-07-18 12:27 ` Hannes Reinecke
2021-07-18 12:57 ` Stephan Müller
2021-07-19 9:21 ` Sagi Grimberg
2021-07-20 13:12 ` Hannes Reinecke [this message]
2021-07-16 11:04 ` [PATCH 08/11] nvmet: Parse fabrics commands on all queues Hannes Reinecke
2021-07-19 9:21 ` Sagi Grimberg
2021-07-16 11:04 ` [PATCH 09/11] nvmet: Implement basic In-Band Authentication Hannes Reinecke
2021-07-17 16:49 ` Stephan Müller
2021-07-18 12:37 ` Hannes Reinecke
2021-07-18 12:56 ` Stephan Müller
2021-07-19 8:15 ` Hannes Reinecke
2021-07-19 8:51 ` Stephan Mueller
2021-07-19 9:57 ` Hannes Reinecke
2021-07-19 10:19 ` Stephan Mueller
2021-07-19 11:10 ` Hannes Reinecke
2021-07-19 11:52 ` Stephan Mueller
2021-07-19 12:08 ` Hannes Reinecke
2021-07-20 10:14 ` Hannes Reinecke
2021-07-20 10:49 ` Simo Sorce
2021-07-20 11:31 ` Hannes Reinecke
2021-07-20 14:44 ` Simo Sorce
2021-07-20 14:47 ` Stephan Mueller
2021-07-23 20:02 ` Vladislav Bolkhovitin
2021-07-18 13:26 ` Herbert Xu
2021-07-19 20:38 ` Sagi Grimberg
2021-07-20 6:08 ` Hannes Reinecke
2021-07-16 11:04 ` [PATCH 10/11] nvmet-auth: implement support for augmented challenge Hannes Reinecke
2021-07-17 16:49 ` Stephan Müller
2021-07-18 12:25 ` Hannes Reinecke
2021-07-16 11:04 ` [PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms Hannes Reinecke
2021-07-17 16:50 ` Stephan Müller
2021-07-18 12:44 ` Hannes Reinecke
2021-07-19 9:23 ` Sagi Grimberg
2021-07-19 9:56 ` Hannes Reinecke
2021-07-17 6:06 ` [RFC PATCH 00/11] nvme: In-band authentication support Sagi Grimberg
2021-07-19 10:02 ` Simo Sorce
2021-07-19 11:11 ` Hannes Reinecke
2021-07-20 20:26 ` Vladislav Bolkhovitin
2021-07-21 6:06 ` Hannes Reinecke
2021-07-21 12:10 ` Vladislav Bolkhovitin
2021-07-23 20:02 ` Vladislav Bolkhovitin
2021-07-24 11:17 ` Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7aacc3ea-fad5-78c6-1bd5-22fec11ee32e@suse.de \
--to=hare@suse.de \
--cc=davem@davemloft.net \
--cc=hch@lst.de \
--cc=herbert@gondor.apana.org.au \
--cc=keith.busch@wdc.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).