Whamcloud - gitweb
3d12921fa69bb88aa2fa6ed90de3aea42b434c2f
[fs/lustre-release.git] / lustre / utils / gss / lgss_sk_utils.c
1 /*
2  * GPL HEADER START
3  *
4  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License version 2 only,
8  * as published by the Free Software Foundation.
9  *
10  * This program is distributed in the hope that it will be useful, but
11  * WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13  * General Public License version 2 for more details (a copy is included
14  * in the LICENSE file that accompanied this code).
15  *
16  * You should have received a copy of the GNU General Public License
17  * version 2 along with this program; If not, see
18  * http://www.gnu.org/licenses/gpl-2.0.html
19  *
20  * GPL HEADER END
21  */
22 /*
23  * Copyright (C) 2015, Trustees of Indiana University
24  *
25  * Author: Jeremy Filizetti <jfilizet@iu.edu>
26  */
27
28 #include <limits.h>
29 #include <string.h>
30 #include <openssl/dh.h>
31 #include <openssl/engine.h>
32 #include <openssl/err.h>
33
34 #include "sk_utils.h"
35 #include "lgss_utils.h"
36
37 /**
38  * Create the initial shared key credentials
39  */
40 static int lgss_sk_prepare_cred(struct lgss_cred *cred)
41 {
42         uint32_t flags = cred->lc_root_flags;
43
44         switch (cred->lc_svc_type) {
45         case 'n':
46                 flags |= LGSS_SVC_NULL;
47                 break;
48         case 'a':
49                 flags |= LGSS_SVC_AUTH;
50                 break;
51         case 'i':
52                 flags |= LGSS_SVC_INTG;
53                 break;
54         case 'p':
55                 flags |= LGSS_SVC_PRIV;
56                 break;
57         default:
58                 break;
59         }
60
61         cred->lc_mech_cred = sk_create_cred(cred->lc_tgt_uuid, NULL, flags);
62         if (cred->lc_mech_cred == NULL) {
63                 printerr(0, "sk: cannot create credential: %s\n",
64                          cred->lc_tgt_uuid);
65                 return -ENOKEY;
66         }
67
68         return 0;
69 }
70
71 /* Free all the sk_cred resources */
72 static void lgss_sk_release_cred(struct lgss_cred *cred)
73 {
74         struct sk_cred *skc = cred->lc_mech_cred;
75
76         sk_free_cred(skc);
77         cred->lc_mech_cred = NULL;
78         free(cred->lc_mech_token.value);
79 }
80
81 /**
82  * Session key parameter generation is deferred until here because if privacy
83  * mode is enabled the session key parameter generation can take a while
84  * depending on the key size used and prepare is called before returning
85  * from the request_key upcall by lgss_keyring
86  */
87 static int lgss_sk_using_cred(struct lgss_cred *cred)
88 {
89         struct sk_cred *skc = cred->lc_mech_cred;
90         gss_buffer_desc bufs[SK_INIT_BUFFERS];
91         uint32_t version;
92         uint32_t flags;
93         int rc;
94
95         rc = sk_gen_params(skc);
96         if (rc)
97                 return rc;
98
99         /* HMAC is generated in this order */
100         version = htobe32(SK_MSG_VERSION);
101         bufs[SK_INIT_VERSION].value = &version;
102         bufs[SK_INIT_VERSION].length = sizeof(version);
103         bufs[SK_INIT_RANDOM].value = &skc->sc_kctx.skc_host_random;
104         bufs[SK_INIT_RANDOM].length = sizeof(skc->sc_kctx.skc_host_random);
105         bufs[SK_INIT_PUB_KEY] = skc->sc_pub_key;
106         bufs[SK_INIT_P] = skc->sc_p;
107         bufs[SK_INIT_TARGET] = skc->sc_tgt;
108         bufs[SK_INIT_NODEMAP] = skc->sc_nodemap_hash;
109         flags = htobe32(skc->sc_flags);
110         bufs[SK_INIT_FLAGS].value = &flags;
111         bufs[SK_INIT_FLAGS].length = sizeof(flags);
112
113         /* sign all the bufs except HMAC */
114         rc = sk_sign_bufs(&skc->sc_kctx.skc_shared_key, bufs,
115                           SK_INIT_BUFFERS - 1, EVP_sha256(),
116                           &skc->sc_hmac);
117         if (rc)
118                 return rc;
119
120         bufs[SK_INIT_HMAC] = skc->sc_hmac;
121         rc = sk_encode_netstring(bufs, SK_INIT_BUFFERS, &cred->lc_mech_token);
122         if (rc)
123                 return rc;
124
125         printerr(2, "Created netstring of %zd bytes\n",
126                  cred->lc_mech_token.length);
127
128         return 0;
129 }
130
131 static int lgss_sk_validate_cred(struct lgss_cred *cred, gss_buffer_desc *token,
132                                  gss_buffer_desc *ctx_token)
133 {
134         struct sk_cred *skc = cred->lc_mech_cred;
135         gss_buffer_desc bufs[SK_RESP_BUFFERS];
136         uint32_t version;
137         int i;
138         uint32_t rc;
139
140         /* Decode responder buffers and validate */
141         i = sk_decode_netstring(bufs, SK_RESP_BUFFERS, token);
142         if (i != SK_RESP_BUFFERS) {
143                 printerr(0, "Invalid token received\n");
144                 return -EINVAL;
145         }
146
147         rc = sk_verify_hmac(skc, bufs, SK_RESP_BUFFERS - 1, EVP_sha256(),
148                             &bufs[SK_RESP_HMAC]);
149         if (rc != GSS_S_COMPLETE) {
150                 printerr(0, "Invalid HMAC receieved: 0x%x\n", rc);
151                 return -EINVAL;
152         }
153
154         if (bufs[SK_RESP_VERSION].length != sizeof(version)) {
155                 printerr(0, "Invalid version received (wrong size)\n");
156                 return -EINVAL;
157         }
158         memcpy(&version, bufs[SK_RESP_VERSION].value, sizeof(version));
159         version = be32toh(version);
160         if (version != SK_MSG_VERSION) {
161                 printerr(0, "Invalid version received: %d\n", version);
162                 return -EINVAL;
163         }
164
165         /* In the rare event that both the random values are equal the
166          * client has the responsability to retry the connection attempt
167          * otherwise we would leak information about the plain text by
168          * reuusing IVs as both peer and host use the same values other
169          * than the nonce. */
170         memcpy(&skc->sc_kctx.skc_peer_random, bufs[SK_RESP_RANDOM].value,
171                sizeof(skc->sc_kctx.skc_peer_random));
172         if (skc->sc_kctx.skc_host_random == skc->sc_kctx.skc_peer_random) {
173                 printerr(0, "Host and peer randoms are equal, must retry to "
174                          "ensure unique value for nonce\n");
175                 return -EAGAIN;
176         }
177
178         rc = sk_compute_dh_key(skc, &bufs[SK_RESP_PUB_KEY]);
179         if (rc == GSS_S_BAD_QOP) {
180                 /* Defective token for short key means we need to retry
181                  * because there is a chance that the parameters generated
182                  * resulted in a key that is 1 byte short */
183                 printerr(0, "Short key computed, must retry\n");
184                 return -EAGAIN;
185         } else if (rc != GSS_S_COMPLETE) {
186                 printerr(0, "Failed to compute session key: 0x%x\n", rc);
187                 return -EINVAL;
188         }
189
190         rc = sk_session_kdf(skc, cred->lc_self_nid, &cred->lc_mech_token,
191                             token);
192         if (rc) {
193                 printerr(0, "Failed to calulate derived key\n");
194                 return -EINVAL;
195         }
196
197         rc = sk_compute_keys(skc);
198         if (rc) {
199                 printerr(0, "Failed to compute HMAC and session key\n");
200                 return -EINVAL;
201         }
202
203         if (sk_serialize_kctx(skc, ctx_token)) {
204                 printerr(0, "Failed to serialize context for kernel\n");
205                 return -EINVAL;
206         }
207
208         return 0;
209 }
210
211 struct lgss_mech_type lgss_mech_sk = {
212         .lmt_name               = "sk",
213         .lmt_mech_n             = LGSS_MECH_SK,
214         .lmt_prepare_cred       = lgss_sk_prepare_cred,
215         .lmt_release_cred       = lgss_sk_release_cred,
216         .lmt_using_cred         = lgss_sk_using_cred,
217         .lmt_validate_cred      = lgss_sk_validate_cred,
218 };