4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.gnu.org/licenses/gpl-2.0.html
23 * Copyright (C) 2015, Trustees of Indiana University
25 * Author: Jeremy Filizetti <jfilizet@iu.edu>
30 #include <openssl/dh.h>
31 #include <openssl/engine.h>
32 #include <openssl/err.h>
35 #include "lgss_utils.h"
38 * Create the initial shared key credentials
40 static int lgss_sk_prepare_cred(struct lgss_cred *cred)
42 uint32_t flags = cred->lc_root_flags;
44 switch (cred->lc_svc_type) {
46 flags |= LGSS_SVC_NULL;
49 flags |= LGSS_SVC_AUTH;
52 flags |= LGSS_SVC_INTG;
55 flags |= LGSS_SVC_PRIV;
61 cred->lc_mech_cred = sk_create_cred(cred->lc_tgt_uuid, NULL, flags);
62 if (cred->lc_mech_cred == NULL) {
63 printerr(0, "sk: cannot create credential: %s\n",
71 /* Free all the sk_cred resources */
72 static void lgss_sk_release_cred(struct lgss_cred *cred)
74 struct sk_cred *skc = cred->lc_mech_cred;
77 cred->lc_mech_cred = NULL;
78 free(cred->lc_mech_token.value);
82 * Session key parameter generation is deferred until here because if privacy
83 * mode is enabled the session key parameter generation can take a while
84 * depending on the key size used and prepare is called before returning
85 * from the request_key upcall by lgss_keyring
87 static int lgss_sk_using_cred(struct lgss_cred *cred)
89 struct sk_cred *skc = cred->lc_mech_cred;
90 gss_buffer_desc bufs[SK_INIT_BUFFERS];
95 rc = sk_gen_params(skc, 0);
99 /* HMAC is generated in this order */
100 version = htobe32(SK_MSG_VERSION);
101 bufs[SK_INIT_VERSION].value = &version;
102 bufs[SK_INIT_VERSION].length = sizeof(version);
103 bufs[SK_INIT_RANDOM].value = &skc->sc_kctx.skc_host_random;
104 bufs[SK_INIT_RANDOM].length = sizeof(skc->sc_kctx.skc_host_random);
105 bufs[SK_INIT_PUB_KEY] = skc->sc_pub_key;
106 bufs[SK_INIT_P] = skc->sc_p;
107 bufs[SK_INIT_TARGET] = skc->sc_tgt;
108 bufs[SK_INIT_NODEMAP] = skc->sc_nodemap_hash;
109 flags = htobe32(skc->sc_flags);
110 bufs[SK_INIT_FLAGS].value = &flags;
111 bufs[SK_INIT_FLAGS].length = sizeof(flags);
113 /* sign all the bufs except HMAC */
114 rc = sk_sign_bufs(&skc->sc_kctx.skc_shared_key, bufs,
115 SK_INIT_BUFFERS - 1, EVP_sha256(),
120 bufs[SK_INIT_HMAC] = skc->sc_hmac;
121 rc = sk_encode_netstring(bufs, SK_INIT_BUFFERS, &cred->lc_mech_token);
125 printerr(2, "Created netstring of %zd bytes\n",
126 cred->lc_mech_token.length);
131 static int lgss_sk_validate_cred(struct lgss_cred *cred, gss_buffer_desc *token,
132 gss_buffer_desc *ctx_token)
134 struct sk_cred *skc = cred->lc_mech_cred;
135 gss_buffer_desc bufs[SK_RESP_BUFFERS];
140 /* Decode responder buffers and validate */
141 i = sk_decode_netstring(bufs, SK_RESP_BUFFERS, token);
142 if (i != SK_RESP_BUFFERS) {
143 printerr(0, "Invalid token received\n");
147 rc = sk_verify_hmac(skc, bufs, SK_RESP_BUFFERS - 1, EVP_sha256(),
148 &bufs[SK_RESP_HMAC]);
149 if (rc != GSS_S_COMPLETE) {
150 printerr(0, "Invalid HMAC receieved: 0x%x\n", rc);
154 if (bufs[SK_RESP_VERSION].length != sizeof(version)) {
155 printerr(0, "Invalid version received (wrong size)\n");
158 memcpy(&version, bufs[SK_RESP_VERSION].value, sizeof(version));
159 version = be32toh(version);
160 if (version != SK_MSG_VERSION) {
161 printerr(0, "Invalid version received: %d\n", version);
165 /* In the rare event that both the random values are equal the
166 * client has the responsability to retry the connection attempt
167 * otherwise we would leak information about the plain text by
168 * reuusing IVs as both peer and host use the same values other
170 memcpy(&skc->sc_kctx.skc_peer_random, bufs[SK_RESP_RANDOM].value,
171 sizeof(skc->sc_kctx.skc_peer_random));
172 if (skc->sc_kctx.skc_host_random == skc->sc_kctx.skc_peer_random) {
173 printerr(0, "Host and peer randoms are equal, must retry to "
174 "ensure unique value for nonce\n");
178 rc = sk_compute_dh_key(skc, &bufs[SK_RESP_PUB_KEY]);
179 if (rc == GSS_S_BAD_QOP) {
180 /* Defective token for short key means we need to retry
181 * because there is a chance that the parameters generated
182 * resulted in a key that is 1 byte short */
183 printerr(0, "Short key computed, must retry\n");
184 if (skc->sc_dh_shared_key.value) {
185 /* erase secret key before freeing memory */
186 memset(skc->sc_dh_shared_key.value, 0,
187 skc->sc_dh_shared_key.length);
188 free(skc->sc_dh_shared_key.value);
189 skc->sc_dh_shared_key.value = NULL;
191 skc->sc_dh_shared_key.length = 0;
193 } else if (rc != GSS_S_COMPLETE) {
194 printerr(0, "Failed to compute session key: 0x%x\n", rc);
198 rc = sk_session_kdf(skc, cred->lc_self_nid, &cred->lc_mech_token,
201 printerr(0, "Failed to calculate derived key\n");
205 rc = sk_compute_keys(skc);
207 printerr(0, "Failed to compute HMAC and session key\n");
211 if (sk_serialize_kctx(skc, ctx_token)) {
212 printerr(0, "Failed to serialize context for kernel\n");
219 struct lgss_mech_type lgss_mech_sk = {
221 .lmt_mech_n = LGSS_MECH_SK,
222 .lmt_prepare_cred = lgss_sk_prepare_cred,
223 .lmt_release_cred = lgss_sk_release_cred,
224 .lmt_using_cred = lgss_sk_using_cred,
225 .lmt_validate_cred = lgss_sk_validate_cred,
git://git.whamcloud.com / fs / lustre-release.git / blob