4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 only,
8 * as published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License version 2 for more details (a copy is included
14 * in the LICENSE file that accompanied this code).
16 * You should have received a copy of the GNU General Public License
17 * version 2 along with this program; If not, see
18 * http://www.gnu.org/licenses/gpl-2.0.html
23 * Copyright (C) 2015, Trustees of Indiana University
25 * Author: Jeremy Filizetti <jfilizet@iu.edu>
31 #ifdef HAVE_OPENSSL_SSK
32 #include <gssapi/gssapi.h>
33 #ifdef HAVE_LIBKEYUTILS
36 #include <linux/lustre/lustre_idl.h>
37 /* We need to use some deprecated APIs */
38 #define OPENSSL_SUPPRESS_DEPRECATED
39 #include <openssl/dh.h>
40 #include <openssl/evp.h>
41 #include <openssl/hmac.h>
42 #include <sys/types.h>
44 #include <libcfs/libcfs_crypto.h>
48 # define ARRAY_SIZE(a) ((sizeof(a)) / (sizeof((a)[0])))
49 #endif /* !ARRAY_SIZE */
51 /* LL_CRYPTO_MAX_NAME value must match value of
52 * CRYPTO_MAX_ALG_NAME in include/linux/crypto.h
54 #ifdef HAVE_CRYPTO_MAX_ALG_NAME_128
55 #define LL_CRYPTO_MAX_NAME 128
57 #define LL_CRYPTO_MAX_NAME 64
60 #if OPENSSL_VERSION_NUMBER < 0x10100000L
61 static inline HMAC_CTX *HMAC_CTX_new(void)
63 HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
70 static inline void HMAC_CTX_free(HMAC_CTX *ctx)
73 HMAC_CTX_cleanup(ctx);
74 OPENSSL_cleanse(ctx, sizeof(*ctx));
78 static inline void DH_get0_pqg(const DH *dh,
79 const BIGNUM **p, const BIGNUM **q,
90 static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
92 /* If the fields p and g in dh are NULL, the corresponding input
93 * parameters MUST be non-NULL. q may remain NULL.
95 if ((dh->p == NULL && p == NULL)
96 || (dh->g == NULL && g == NULL))
113 dh->length = BN_num_bits(q);
118 static inline void DH_get0_key(const DH *dh, const BIGNUM **pub_key,
119 const BIGNUM **priv_key)
122 *pub_key = dh->pub_key;
123 if (priv_key != NULL)
124 *priv_key = dh->priv_key;
128 /* Some limits and defaults */
129 #define SK_CONF_VERSION 1
130 #define SK_MSG_VERSION 1
131 #define SK_GENERATOR 2
132 #define SK_SESSION_MAX_KEYLEN_BYTES 1024
133 #define SK_MAX_KEYLEN_BYTES 128
134 #define SK_MAX_P_BYTES 2048
135 #define SK_NONCE_SIZE 4
136 #define MAX_MGSNIDS 16
138 enum sk_ctx_init_buffers {
139 /* Initiator netstring buffer ordering */
150 /* Responder netstring buffer ordering */
158 /* String consisting of "lustre:fsname:nodemap_hash" */
159 #define SK_DESCRIPTION_SIZE (9 + MTI_NAME_MAXLEN + LUSTRE_NODEMAP_NAME_LENGTH)
162 SK_TYPE_INVALID = 0x0,
163 SK_TYPE_CLIENT = 0x1,
164 SK_TYPE_SERVER = 0x2,
168 /* This is the packed structure format of key files that are distributed.
169 * The on disk format should be store in big-endian. */
170 struct sk_keyfile_config {
171 /* File format version */
172 uint32_t skc_version;
173 /* HMAC algorithm used for message integrity */
174 uint16_t skc_hmac_alg;
175 /* Crypt algorithm used for privacy mode */
176 uint16_t skc_crypt_alg;
177 /* Number of seconds that a context is valid after it is created from
180 /* Length of shared key in skc_shared_key */
181 uint32_t skc_shared_keylen;
182 /* Length of the prime used in the DHKE */
183 uint32_t skc_prime_bits;
186 /* Array of MGS NIDs to load key's for. This is for the client since
187 * the upcall only knows the target name which is MGC<IP>@<NET>
188 * Only needed when mounting with mgssec */
189 lnet_nid_t skc_mgsnids[MAX_MGSNIDS];
190 /* File system name for this key. It can be unused for MGS only keys */
191 char skc_fsname[MTI_NAME_MAXLEN + 1];
192 /* Nodemap name for this key. Used by the server side to verify the
193 * client is in the correct nodemap */
194 char skc_nodemap[LUSTRE_NODEMAP_NAME_LENGTH + 1];
196 unsigned char skc_shared_key[SK_MAX_KEYLEN_BYTES];
197 /* Prime (p) for DHKE */
198 unsigned char skc_p[SK_MAX_P_BYTES];
199 } __attribute__((packed));
201 /* Format passed to the kernel from userspace */
202 struct sk_kernel_ctx {
203 uint32_t skc_version;
204 char skc_hmac_alg[LL_CRYPTO_MAX_NAME];
205 char skc_crypt_alg[LL_CRYPTO_MAX_NAME];
207 uint32_t skc_host_random;
208 uint32_t skc_peer_random;
209 gss_buffer_desc skc_hmac_key;
210 gss_buffer_desc skc_encrypt_key;
211 gss_buffer_desc skc_shared_key;
212 gss_buffer_desc skc_session_key;
215 /* Structure used in context initiation to hold all necessary data */
218 gss_buffer_desc sc_p;
219 gss_buffer_desc sc_pub_key;
220 gss_buffer_desc sc_tgt;
221 gss_buffer_desc sc_nodemap_hash;
222 gss_buffer_desc sc_hmac;
223 gss_buffer_desc sc_dh_shared_key;
224 struct sk_kernel_ctx sc_kctx;
228 /* Names match up with openssl enc and dgst commands */
229 /* When adding new alg types, make sure first occurrence's name
230 * matches cht_name in hash_types array.
232 static const struct sk_crypt_type sk_crypt_algs[] = {
235 .sct_type = SK_CRYPT_EMPTY
239 .sct_type = SK_CRYPT_EMPTY
242 .sct_name = "ctr(aes)",
243 .sct_type = SK_CRYPT_AES256_CTR
246 .sct_name = "AES-256-CTR",
247 .sct_type = SK_CRYPT_AES256_CTR
250 static const struct sk_hmac_type sk_hmac_algs[] = {
253 .sht_type = SK_HMAC_EMPTY
257 .sht_type = SK_HMAC_EMPTY
260 .sht_name = "sha256",
261 .sht_type = SK_HMAC_SHA256
264 .sht_name = "SHA256",
265 .sht_type = SK_HMAC_SHA256
268 .sht_name = "sha512",
269 .sht_type = SK_HMAC_SHA512
272 .sht_name = "SHA512",
273 .sht_type = SK_HMAC_SHA512
277 static inline int sk_name2crypt(char *name)
281 for (i = 0; i < ARRAY_SIZE(sk_crypt_algs); i++) {
282 if (strcasecmp(name, sk_crypt_algs[i].sct_name) == 0)
283 return sk_crypt_algs[i].sct_type;
286 return SK_CRYPT_INVALID;
289 static inline int sk_name2hmac(char *name)
293 for (i = 0; i < ARRAY_SIZE(sk_hmac_algs); i++) {
294 if (strcasecmp(name, sk_hmac_algs[i].sht_name) == 0)
295 return sk_hmac_algs[i].sht_type;
298 return SK_HMAC_INVALID;
301 static inline const char *sk_crypt2name(enum sk_crypt_alg type)
305 for (i = 0; i < ARRAY_SIZE(sk_crypt_algs); i++) {
306 if (type == sk_crypt_algs[i].sct_type)
307 return sk_crypt_algs[i].sct_name;
313 static inline const char *sk_hmac2name(enum sk_hmac_alg type)
317 for (i = 0; i < ARRAY_SIZE(sk_hmac_algs); i++) {
318 if (type == sk_hmac_algs[i].sht_type)
319 return sk_hmac_algs[i].sht_name;
325 void sk_init_logging(char *program, int verbose, int fg);
326 struct sk_keyfile_config *sk_read_file(char *filename);
327 int sk_load_keyfile(char *path);
328 void sk_config_disk_to_cpu(struct sk_keyfile_config *config);
329 void sk_config_cpu_to_disk(struct sk_keyfile_config *config);
330 int sk_validate_config(const struct sk_keyfile_config *config);
331 uint32_t sk_verify_hash(const char *string, const EVP_MD *hash_alg,
332 const gss_buffer_desc *current_hash);
333 struct sk_cred *sk_create_cred(const char *fsname, const char *cluster,
334 const uint32_t flags);
335 int sk_speedtest_dh_valid(unsigned int usec_check_max);
336 uint32_t sk_gen_params(struct sk_cred *skc, int num_rounds);
337 int sk_sign_bufs(gss_buffer_desc *key, gss_buffer_desc *bufs, const int numbufs,
338 const EVP_MD *hash_alg, gss_buffer_desc *hmac);
339 uint32_t sk_verify_hmac(struct sk_cred *skc, gss_buffer_desc *bufs,
340 const int numbufs, const EVP_MD *hash_alg,
341 gss_buffer_desc *hmac);
342 void sk_free_cred(struct sk_cred *skc);
343 int sk_session_kdf(struct sk_cred *skc, lnet_nid_t client_nid,
344 gss_buffer_desc *client_token, gss_buffer_desc *server_token);
345 uint32_t sk_compute_dh_key(struct sk_cred *skc, const gss_buffer_desc *pub_key);
346 int sk_compute_keys(struct sk_cred *skc);
347 int sk_serialize_kctx(struct sk_cred *skc, gss_buffer_desc *ctx_token);
348 int sk_decode_netstring(gss_buffer_desc *bufs, int numbufs,
349 gss_buffer_desc *ns);
350 int sk_encode_netstring(gss_buffer_desc *bufs, int numbufs,
351 gss_buffer_desc *ns);
353 #endif /* HAVE_OPENSSL_SSK */
354 #endif /* SK_UTILS_H */