auth_x.c 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966
  1. // SPDX-License-Identifier: GPL-2.0
  2. #include <linux/ceph/ceph_debug.h>
  3. #include <linux/err.h>
  4. #include <linux/module.h>
  5. #include <linux/random.h>
  6. #include <linux/slab.h>
  7. #include <linux/ceph/decode.h>
  8. #include <linux/ceph/auth.h>
  9. #include <linux/ceph/ceph_features.h>
  10. #include <linux/ceph/libceph.h>
  11. #include <linux/ceph/messenger.h>
  12. #include "crypto.h"
  13. #include "auth_x.h"
  14. #include "auth_x_protocol.h"
  15. static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed);
  16. static int ceph_x_is_authenticated(struct ceph_auth_client *ac)
  17. {
  18. struct ceph_x_info *xi = ac->private;
  19. int need;
  20. ceph_x_validate_tickets(ac, &need);
  21. dout("ceph_x_is_authenticated want=%d need=%d have=%d\n",
  22. ac->want_keys, need, xi->have_keys);
  23. return (ac->want_keys & xi->have_keys) == ac->want_keys;
  24. }
  25. static int ceph_x_should_authenticate(struct ceph_auth_client *ac)
  26. {
  27. struct ceph_x_info *xi = ac->private;
  28. int need;
  29. ceph_x_validate_tickets(ac, &need);
  30. dout("ceph_x_should_authenticate want=%d need=%d have=%d\n",
  31. ac->want_keys, need, xi->have_keys);
  32. return need != 0;
  33. }
  34. static int ceph_x_encrypt_offset(void)
  35. {
  36. return sizeof(u32) + sizeof(struct ceph_x_encrypt_header);
  37. }
  38. static int ceph_x_encrypt_buflen(int ilen)
  39. {
  40. return ceph_x_encrypt_offset() + ilen + 16;
  41. }
  42. static int ceph_x_encrypt(struct ceph_crypto_key *secret, void *buf,
  43. int buf_len, int plaintext_len)
  44. {
  45. struct ceph_x_encrypt_header *hdr = buf + sizeof(u32);
  46. int ciphertext_len;
  47. int ret;
  48. hdr->struct_v = 1;
  49. hdr->magic = cpu_to_le64(CEPHX_ENC_MAGIC);
  50. ret = ceph_crypt(secret, true, buf + sizeof(u32), buf_len - sizeof(u32),
  51. plaintext_len + sizeof(struct ceph_x_encrypt_header),
  52. &ciphertext_len);
  53. if (ret)
  54. return ret;
  55. ceph_encode_32(&buf, ciphertext_len);
  56. return sizeof(u32) + ciphertext_len;
  57. }
  58. static int __ceph_x_decrypt(struct ceph_crypto_key *secret, void *p,
  59. int ciphertext_len)
  60. {
  61. struct ceph_x_encrypt_header *hdr = p;
  62. int plaintext_len;
  63. int ret;
  64. ret = ceph_crypt(secret, false, p, ciphertext_len, ciphertext_len,
  65. &plaintext_len);
  66. if (ret)
  67. return ret;
  68. if (le64_to_cpu(hdr->magic) != CEPHX_ENC_MAGIC) {
  69. pr_err("%s bad magic\n", __func__);
  70. return -EINVAL;
  71. }
  72. return plaintext_len - sizeof(*hdr);
  73. }
  74. static int ceph_x_decrypt(struct ceph_crypto_key *secret, void **p, void *end)
  75. {
  76. int ciphertext_len;
  77. int ret;
  78. ceph_decode_32_safe(p, end, ciphertext_len, e_inval);
  79. ceph_decode_need(p, end, ciphertext_len, e_inval);
  80. ret = __ceph_x_decrypt(secret, *p, ciphertext_len);
  81. if (ret < 0)
  82. return ret;
  83. *p += ciphertext_len;
  84. return ret;
  85. e_inval:
  86. return -EINVAL;
  87. }
  88. /*
  89. * get existing (or insert new) ticket handler
  90. */
  91. static struct ceph_x_ticket_handler *
  92. get_ticket_handler(struct ceph_auth_client *ac, int service)
  93. {
  94. struct ceph_x_ticket_handler *th;
  95. struct ceph_x_info *xi = ac->private;
  96. struct rb_node *parent = NULL, **p = &xi->ticket_handlers.rb_node;
  97. while (*p) {
  98. parent = *p;
  99. th = rb_entry(parent, struct ceph_x_ticket_handler, node);
  100. if (service < th->service)
  101. p = &(*p)->rb_left;
  102. else if (service > th->service)
  103. p = &(*p)->rb_right;
  104. else
  105. return th;
  106. }
  107. /* add it */
  108. th = kzalloc(sizeof(*th), GFP_NOFS);
  109. if (!th)
  110. return ERR_PTR(-ENOMEM);
  111. th->service = service;
  112. rb_link_node(&th->node, parent, p);
  113. rb_insert_color(&th->node, &xi->ticket_handlers);
  114. return th;
  115. }
  116. static void remove_ticket_handler(struct ceph_auth_client *ac,
  117. struct ceph_x_ticket_handler *th)
  118. {
  119. struct ceph_x_info *xi = ac->private;
  120. dout("remove_ticket_handler %p %d\n", th, th->service);
  121. rb_erase(&th->node, &xi->ticket_handlers);
  122. ceph_crypto_key_destroy(&th->session_key);
  123. if (th->ticket_blob)
  124. ceph_buffer_put(th->ticket_blob);
  125. kfree(th);
  126. }
  127. static int process_one_ticket(struct ceph_auth_client *ac,
  128. struct ceph_crypto_key *secret,
  129. void **p, void *end)
  130. {
  131. struct ceph_x_info *xi = ac->private;
  132. int type;
  133. u8 tkt_struct_v, blob_struct_v;
  134. struct ceph_x_ticket_handler *th;
  135. void *dp, *dend;
  136. int dlen;
  137. char is_enc;
  138. struct timespec64 validity;
  139. void *tp, *tpend;
  140. void **ptp;
  141. struct ceph_crypto_key new_session_key = { 0 };
  142. struct ceph_buffer *new_ticket_blob;
  143. time64_t new_expires, new_renew_after;
  144. u64 new_secret_id;
  145. int ret;
  146. ceph_decode_need(p, end, sizeof(u32) + 1, bad);
  147. type = ceph_decode_32(p);
  148. dout(" ticket type %d %s\n", type, ceph_entity_type_name(type));
  149. tkt_struct_v = ceph_decode_8(p);
  150. if (tkt_struct_v != 1)
  151. goto bad;
  152. th = get_ticket_handler(ac, type);
  153. if (IS_ERR(th)) {
  154. ret = PTR_ERR(th);
  155. goto out;
  156. }
  157. /* blob for me */
  158. dp = *p + ceph_x_encrypt_offset();
  159. ret = ceph_x_decrypt(secret, p, end);
  160. if (ret < 0)
  161. goto out;
  162. dout(" decrypted %d bytes\n", ret);
  163. dend = dp + ret;
  164. tkt_struct_v = ceph_decode_8(&dp);
  165. if (tkt_struct_v != 1)
  166. goto bad;
  167. ret = ceph_crypto_key_decode(&new_session_key, &dp, dend);
  168. if (ret)
  169. goto out;
  170. ceph_decode_timespec64(&validity, dp);
  171. dp += sizeof(struct ceph_timespec);
  172. new_expires = ktime_get_real_seconds() + validity.tv_sec;
  173. new_renew_after = new_expires - (validity.tv_sec / 4);
  174. dout(" expires=%llu renew_after=%llu\n", new_expires,
  175. new_renew_after);
  176. /* ticket blob for service */
  177. ceph_decode_8_safe(p, end, is_enc, bad);
  178. if (is_enc) {
  179. /* encrypted */
  180. tp = *p + ceph_x_encrypt_offset();
  181. ret = ceph_x_decrypt(&th->session_key, p, end);
  182. if (ret < 0)
  183. goto out;
  184. dout(" encrypted ticket, decrypted %d bytes\n", ret);
  185. ptp = &tp;
  186. tpend = tp + ret;
  187. } else {
  188. /* unencrypted */
  189. ptp = p;
  190. tpend = end;
  191. }
  192. ceph_decode_32_safe(ptp, tpend, dlen, bad);
  193. dout(" ticket blob is %d bytes\n", dlen);
  194. ceph_decode_need(ptp, tpend, 1 + sizeof(u64), bad);
  195. blob_struct_v = ceph_decode_8(ptp);
  196. if (blob_struct_v != 1)
  197. goto bad;
  198. new_secret_id = ceph_decode_64(ptp);
  199. ret = ceph_decode_buffer(&new_ticket_blob, ptp, tpend);
  200. if (ret)
  201. goto out;
  202. /* all is well, update our ticket */
  203. ceph_crypto_key_destroy(&th->session_key);
  204. if (th->ticket_blob)
  205. ceph_buffer_put(th->ticket_blob);
  206. th->session_key = new_session_key;
  207. th->ticket_blob = new_ticket_blob;
  208. th->secret_id = new_secret_id;
  209. th->expires = new_expires;
  210. th->renew_after = new_renew_after;
  211. th->have_key = true;
  212. dout(" got ticket service %d (%s) secret_id %lld len %d\n",
  213. type, ceph_entity_type_name(type), th->secret_id,
  214. (int)th->ticket_blob->vec.iov_len);
  215. xi->have_keys |= th->service;
  216. return 0;
  217. bad:
  218. ret = -EINVAL;
  219. out:
  220. ceph_crypto_key_destroy(&new_session_key);
  221. return ret;
  222. }
  223. static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac,
  224. struct ceph_crypto_key *secret,
  225. void *buf, void *end)
  226. {
  227. void *p = buf;
  228. u8 reply_struct_v;
  229. u32 num;
  230. int ret;
  231. ceph_decode_8_safe(&p, end, reply_struct_v, bad);
  232. if (reply_struct_v != 1)
  233. return -EINVAL;
  234. ceph_decode_32_safe(&p, end, num, bad);
  235. dout("%d tickets\n", num);
  236. while (num--) {
  237. ret = process_one_ticket(ac, secret, &p, end);
  238. if (ret)
  239. return ret;
  240. }
  241. return 0;
  242. bad:
  243. return -EINVAL;
  244. }
  245. /*
  246. * Encode and encrypt the second part (ceph_x_authorize_b) of the
  247. * authorizer. The first part (ceph_x_authorize_a) should already be
  248. * encoded.
  249. */
  250. static int encrypt_authorizer(struct ceph_x_authorizer *au,
  251. u64 *server_challenge)
  252. {
  253. struct ceph_x_authorize_a *msg_a;
  254. struct ceph_x_authorize_b *msg_b;
  255. void *p, *end;
  256. int ret;
  257. msg_a = au->buf->vec.iov_base;
  258. WARN_ON(msg_a->ticket_blob.secret_id != cpu_to_le64(au->secret_id));
  259. p = (void *)(msg_a + 1) + le32_to_cpu(msg_a->ticket_blob.blob_len);
  260. end = au->buf->vec.iov_base + au->buf->vec.iov_len;
  261. msg_b = p + ceph_x_encrypt_offset();
  262. msg_b->struct_v = 2;
  263. msg_b->nonce = cpu_to_le64(au->nonce);
  264. if (server_challenge) {
  265. msg_b->have_challenge = 1;
  266. msg_b->server_challenge_plus_one =
  267. cpu_to_le64(*server_challenge + 1);
  268. } else {
  269. msg_b->have_challenge = 0;
  270. msg_b->server_challenge_plus_one = 0;
  271. }
  272. ret = ceph_x_encrypt(&au->session_key, p, end - p, sizeof(*msg_b));
  273. if (ret < 0)
  274. return ret;
  275. p += ret;
  276. if (server_challenge) {
  277. WARN_ON(p != end);
  278. } else {
  279. WARN_ON(p > end);
  280. au->buf->vec.iov_len = p - au->buf->vec.iov_base;
  281. }
  282. return 0;
  283. }
  284. static void ceph_x_authorizer_cleanup(struct ceph_x_authorizer *au)
  285. {
  286. ceph_crypto_key_destroy(&au->session_key);
  287. if (au->buf) {
  288. ceph_buffer_put(au->buf);
  289. au->buf = NULL;
  290. }
  291. }
  292. static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
  293. struct ceph_x_ticket_handler *th,
  294. struct ceph_x_authorizer *au)
  295. {
  296. int maxlen;
  297. struct ceph_x_authorize_a *msg_a;
  298. struct ceph_x_authorize_b *msg_b;
  299. int ret;
  300. int ticket_blob_len =
  301. (th->ticket_blob ? th->ticket_blob->vec.iov_len : 0);
  302. dout("build_authorizer for %s %p\n",
  303. ceph_entity_type_name(th->service), au);
  304. ceph_crypto_key_destroy(&au->session_key);
  305. ret = ceph_crypto_key_clone(&au->session_key, &th->session_key);
  306. if (ret)
  307. goto out_au;
  308. maxlen = sizeof(*msg_a) + ticket_blob_len +
  309. ceph_x_encrypt_buflen(sizeof(*msg_b));
  310. dout(" need len %d\n", maxlen);
  311. if (au->buf && au->buf->alloc_len < maxlen) {
  312. ceph_buffer_put(au->buf);
  313. au->buf = NULL;
  314. }
  315. if (!au->buf) {
  316. au->buf = ceph_buffer_new(maxlen, GFP_NOFS);
  317. if (!au->buf) {
  318. ret = -ENOMEM;
  319. goto out_au;
  320. }
  321. }
  322. au->service = th->service;
  323. au->secret_id = th->secret_id;
  324. msg_a = au->buf->vec.iov_base;
  325. msg_a->struct_v = 1;
  326. msg_a->global_id = cpu_to_le64(ac->global_id);
  327. msg_a->service_id = cpu_to_le32(th->service);
  328. msg_a->ticket_blob.struct_v = 1;
  329. msg_a->ticket_blob.secret_id = cpu_to_le64(th->secret_id);
  330. msg_a->ticket_blob.blob_len = cpu_to_le32(ticket_blob_len);
  331. if (ticket_blob_len) {
  332. memcpy(msg_a->ticket_blob.blob, th->ticket_blob->vec.iov_base,
  333. th->ticket_blob->vec.iov_len);
  334. }
  335. dout(" th %p secret_id %lld %lld\n", th, th->secret_id,
  336. le64_to_cpu(msg_a->ticket_blob.secret_id));
  337. get_random_bytes(&au->nonce, sizeof(au->nonce));
  338. ret = encrypt_authorizer(au, NULL);
  339. if (ret) {
  340. pr_err("failed to encrypt authorizer: %d", ret);
  341. goto out_au;
  342. }
  343. dout(" built authorizer nonce %llx len %d\n", au->nonce,
  344. (int)au->buf->vec.iov_len);
  345. return 0;
  346. out_au:
  347. ceph_x_authorizer_cleanup(au);
  348. return ret;
  349. }
  350. static int ceph_x_encode_ticket(struct ceph_x_ticket_handler *th,
  351. void **p, void *end)
  352. {
  353. ceph_decode_need(p, end, 1 + sizeof(u64), bad);
  354. ceph_encode_8(p, 1);
  355. ceph_encode_64(p, th->secret_id);
  356. if (th->ticket_blob) {
  357. const char *buf = th->ticket_blob->vec.iov_base;
  358. u32 len = th->ticket_blob->vec.iov_len;
  359. ceph_encode_32_safe(p, end, len, bad);
  360. ceph_encode_copy_safe(p, end, buf, len, bad);
  361. } else {
  362. ceph_encode_32_safe(p, end, 0, bad);
  363. }
  364. return 0;
  365. bad:
  366. return -ERANGE;
  367. }
  368. static bool need_key(struct ceph_x_ticket_handler *th)
  369. {
  370. if (!th->have_key)
  371. return true;
  372. return ktime_get_real_seconds() >= th->renew_after;
  373. }
  374. static bool have_key(struct ceph_x_ticket_handler *th)
  375. {
  376. if (th->have_key) {
  377. if (ktime_get_real_seconds() >= th->expires)
  378. th->have_key = false;
  379. }
  380. return th->have_key;
  381. }
  382. static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed)
  383. {
  384. int want = ac->want_keys;
  385. struct ceph_x_info *xi = ac->private;
  386. int service;
  387. *pneed = ac->want_keys & ~(xi->have_keys);
  388. for (service = 1; service <= want; service <<= 1) {
  389. struct ceph_x_ticket_handler *th;
  390. if (!(ac->want_keys & service))
  391. continue;
  392. if (*pneed & service)
  393. continue;
  394. th = get_ticket_handler(ac, service);
  395. if (IS_ERR(th)) {
  396. *pneed |= service;
  397. continue;
  398. }
  399. if (need_key(th))
  400. *pneed |= service;
  401. if (!have_key(th))
  402. xi->have_keys &= ~service;
  403. }
  404. }
  405. static int ceph_x_build_request(struct ceph_auth_client *ac,
  406. void *buf, void *end)
  407. {
  408. struct ceph_x_info *xi = ac->private;
  409. int need;
  410. struct ceph_x_request_header *head = buf;
  411. int ret;
  412. struct ceph_x_ticket_handler *th =
  413. get_ticket_handler(ac, CEPH_ENTITY_TYPE_AUTH);
  414. if (IS_ERR(th))
  415. return PTR_ERR(th);
  416. ceph_x_validate_tickets(ac, &need);
  417. dout("build_request want %x have %x need %x\n",
  418. ac->want_keys, xi->have_keys, need);
  419. if (need & CEPH_ENTITY_TYPE_AUTH) {
  420. struct ceph_x_authenticate *auth = (void *)(head + 1);
  421. void *p = auth + 1;
  422. void *enc_buf = xi->auth_authorizer.enc_buf;
  423. struct ceph_x_challenge_blob *blob = enc_buf +
  424. ceph_x_encrypt_offset();
  425. u64 *u;
  426. if (p > end)
  427. return -ERANGE;
  428. dout(" get_auth_session_key\n");
  429. head->op = cpu_to_le16(CEPHX_GET_AUTH_SESSION_KEY);
  430. /* encrypt and hash */
  431. get_random_bytes(&auth->client_challenge, sizeof(u64));
  432. blob->client_challenge = auth->client_challenge;
  433. blob->server_challenge = cpu_to_le64(xi->server_challenge);
  434. ret = ceph_x_encrypt(&xi->secret, enc_buf, CEPHX_AU_ENC_BUF_LEN,
  435. sizeof(*blob));
  436. if (ret < 0)
  437. return ret;
  438. auth->struct_v = 1;
  439. auth->key = 0;
  440. for (u = (u64 *)enc_buf; u + 1 <= (u64 *)(enc_buf + ret); u++)
  441. auth->key ^= *(__le64 *)u;
  442. dout(" server_challenge %llx client_challenge %llx key %llx\n",
  443. xi->server_challenge, le64_to_cpu(auth->client_challenge),
  444. le64_to_cpu(auth->key));
  445. /* now encode the old ticket if exists */
  446. ret = ceph_x_encode_ticket(th, &p, end);
  447. if (ret < 0)
  448. return ret;
  449. return p - buf;
  450. }
  451. if (need) {
  452. void *p = head + 1;
  453. struct ceph_x_service_ticket_request *req;
  454. if (p > end)
  455. return -ERANGE;
  456. head->op = cpu_to_le16(CEPHX_GET_PRINCIPAL_SESSION_KEY);
  457. ret = ceph_x_build_authorizer(ac, th, &xi->auth_authorizer);
  458. if (ret)
  459. return ret;
  460. ceph_encode_copy(&p, xi->auth_authorizer.buf->vec.iov_base,
  461. xi->auth_authorizer.buf->vec.iov_len);
  462. req = p;
  463. req->keys = cpu_to_le32(need);
  464. p += sizeof(*req);
  465. return p - buf;
  466. }
  467. return 0;
  468. }
  469. static int ceph_x_handle_reply(struct ceph_auth_client *ac, int result,
  470. void *buf, void *end)
  471. {
  472. struct ceph_x_info *xi = ac->private;
  473. struct ceph_x_reply_header *head = buf;
  474. struct ceph_x_ticket_handler *th;
  475. int len = end - buf;
  476. int op;
  477. int ret;
  478. if (result)
  479. return result; /* XXX hmm? */
  480. if (xi->starting) {
  481. /* it's a hello */
  482. struct ceph_x_server_challenge *sc = buf;
  483. if (len != sizeof(*sc))
  484. return -EINVAL;
  485. xi->server_challenge = le64_to_cpu(sc->server_challenge);
  486. dout("handle_reply got server challenge %llx\n",
  487. xi->server_challenge);
  488. xi->starting = false;
  489. xi->have_keys &= ~CEPH_ENTITY_TYPE_AUTH;
  490. return -EAGAIN;
  491. }
  492. op = le16_to_cpu(head->op);
  493. result = le32_to_cpu(head->result);
  494. dout("handle_reply op %d result %d\n", op, result);
  495. switch (op) {
  496. case CEPHX_GET_AUTH_SESSION_KEY:
  497. /* verify auth key */
  498. ret = ceph_x_proc_ticket_reply(ac, &xi->secret,
  499. buf + sizeof(*head), end);
  500. break;
  501. case CEPHX_GET_PRINCIPAL_SESSION_KEY:
  502. th = get_ticket_handler(ac, CEPH_ENTITY_TYPE_AUTH);
  503. if (IS_ERR(th))
  504. return PTR_ERR(th);
  505. ret = ceph_x_proc_ticket_reply(ac, &th->session_key,
  506. buf + sizeof(*head), end);
  507. break;
  508. default:
  509. return -EINVAL;
  510. }
  511. if (ret)
  512. return ret;
  513. if (ac->want_keys == xi->have_keys)
  514. return 0;
  515. return -EAGAIN;
  516. }
  517. static void ceph_x_destroy_authorizer(struct ceph_authorizer *a)
  518. {
  519. struct ceph_x_authorizer *au = (void *)a;
  520. ceph_x_authorizer_cleanup(au);
  521. kfree(au);
  522. }
  523. static int ceph_x_create_authorizer(
  524. struct ceph_auth_client *ac, int peer_type,
  525. struct ceph_auth_handshake *auth)
  526. {
  527. struct ceph_x_authorizer *au;
  528. struct ceph_x_ticket_handler *th;
  529. int ret;
  530. th = get_ticket_handler(ac, peer_type);
  531. if (IS_ERR(th))
  532. return PTR_ERR(th);
  533. au = kzalloc(sizeof(*au), GFP_NOFS);
  534. if (!au)
  535. return -ENOMEM;
  536. au->base.destroy = ceph_x_destroy_authorizer;
  537. ret = ceph_x_build_authorizer(ac, th, au);
  538. if (ret) {
  539. kfree(au);
  540. return ret;
  541. }
  542. auth->authorizer = (struct ceph_authorizer *) au;
  543. auth->authorizer_buf = au->buf->vec.iov_base;
  544. auth->authorizer_buf_len = au->buf->vec.iov_len;
  545. auth->authorizer_reply_buf = au->enc_buf;
  546. auth->authorizer_reply_buf_len = CEPHX_AU_ENC_BUF_LEN;
  547. auth->sign_message = ac->ops->sign_message;
  548. auth->check_message_signature = ac->ops->check_message_signature;
  549. return 0;
  550. }
  551. static int ceph_x_update_authorizer(
  552. struct ceph_auth_client *ac, int peer_type,
  553. struct ceph_auth_handshake *auth)
  554. {
  555. struct ceph_x_authorizer *au;
  556. struct ceph_x_ticket_handler *th;
  557. th = get_ticket_handler(ac, peer_type);
  558. if (IS_ERR(th))
  559. return PTR_ERR(th);
  560. au = (struct ceph_x_authorizer *)auth->authorizer;
  561. if (au->secret_id < th->secret_id) {
  562. dout("ceph_x_update_authorizer service %u secret %llu < %llu\n",
  563. au->service, au->secret_id, th->secret_id);
  564. return ceph_x_build_authorizer(ac, th, au);
  565. }
  566. return 0;
  567. }
  568. static int decrypt_authorize_challenge(struct ceph_x_authorizer *au,
  569. void *challenge_buf,
  570. int challenge_buf_len,
  571. u64 *server_challenge)
  572. {
  573. struct ceph_x_authorize_challenge *ch =
  574. challenge_buf + sizeof(struct ceph_x_encrypt_header);
  575. int ret;
  576. /* no leading len */
  577. ret = __ceph_x_decrypt(&au->session_key, challenge_buf,
  578. challenge_buf_len);
  579. if (ret < 0)
  580. return ret;
  581. if (ret < sizeof(*ch)) {
  582. pr_err("bad size %d for ceph_x_authorize_challenge\n", ret);
  583. return -EINVAL;
  584. }
  585. *server_challenge = le64_to_cpu(ch->server_challenge);
  586. return 0;
  587. }
  588. static int ceph_x_add_authorizer_challenge(struct ceph_auth_client *ac,
  589. struct ceph_authorizer *a,
  590. void *challenge_buf,
  591. int challenge_buf_len)
  592. {
  593. struct ceph_x_authorizer *au = (void *)a;
  594. u64 server_challenge;
  595. int ret;
  596. ret = decrypt_authorize_challenge(au, challenge_buf, challenge_buf_len,
  597. &server_challenge);
  598. if (ret) {
  599. pr_err("failed to decrypt authorize challenge: %d", ret);
  600. return ret;
  601. }
  602. ret = encrypt_authorizer(au, &server_challenge);
  603. if (ret) {
  604. pr_err("failed to encrypt authorizer w/ challenge: %d", ret);
  605. return ret;
  606. }
  607. return 0;
  608. }
  609. static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac,
  610. struct ceph_authorizer *a)
  611. {
  612. struct ceph_x_authorizer *au = (void *)a;
  613. void *p = au->enc_buf;
  614. struct ceph_x_authorize_reply *reply = p + ceph_x_encrypt_offset();
  615. int ret;
  616. ret = ceph_x_decrypt(&au->session_key, &p, p + CEPHX_AU_ENC_BUF_LEN);
  617. if (ret < 0)
  618. return ret;
  619. if (ret < sizeof(*reply)) {
  620. pr_err("bad size %d for ceph_x_authorize_reply\n", ret);
  621. return -EINVAL;
  622. }
  623. if (au->nonce + 1 != le64_to_cpu(reply->nonce_plus_one))
  624. ret = -EPERM;
  625. else
  626. ret = 0;
  627. dout("verify_authorizer_reply nonce %llx got %llx ret %d\n",
  628. au->nonce, le64_to_cpu(reply->nonce_plus_one), ret);
  629. return ret;
  630. }
  631. static void ceph_x_reset(struct ceph_auth_client *ac)
  632. {
  633. struct ceph_x_info *xi = ac->private;
  634. dout("reset\n");
  635. xi->starting = true;
  636. xi->server_challenge = 0;
  637. }
  638. static void ceph_x_destroy(struct ceph_auth_client *ac)
  639. {
  640. struct ceph_x_info *xi = ac->private;
  641. struct rb_node *p;
  642. dout("ceph_x_destroy %p\n", ac);
  643. ceph_crypto_key_destroy(&xi->secret);
  644. while ((p = rb_first(&xi->ticket_handlers)) != NULL) {
  645. struct ceph_x_ticket_handler *th =
  646. rb_entry(p, struct ceph_x_ticket_handler, node);
  647. remove_ticket_handler(ac, th);
  648. }
  649. ceph_x_authorizer_cleanup(&xi->auth_authorizer);
  650. kfree(ac->private);
  651. ac->private = NULL;
  652. }
  653. static void invalidate_ticket(struct ceph_auth_client *ac, int peer_type)
  654. {
  655. struct ceph_x_ticket_handler *th;
  656. th = get_ticket_handler(ac, peer_type);
  657. if (!IS_ERR(th))
  658. th->have_key = false;
  659. }
  660. static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac,
  661. int peer_type)
  662. {
  663. /*
  664. * We are to invalidate a service ticket in the hopes of
  665. * getting a new, hopefully more valid, one. But, we won't get
  666. * it unless our AUTH ticket is good, so invalidate AUTH ticket
  667. * as well, just in case.
  668. */
  669. invalidate_ticket(ac, peer_type);
  670. invalidate_ticket(ac, CEPH_ENTITY_TYPE_AUTH);
  671. }
  672. static int calc_signature(struct ceph_x_authorizer *au, struct ceph_msg *msg,
  673. __le64 *psig)
  674. {
  675. void *enc_buf = au->enc_buf;
  676. int ret;
  677. if (!CEPH_HAVE_FEATURE(msg->con->peer_features, CEPHX_V2)) {
  678. struct {
  679. __le32 len;
  680. __le32 header_crc;
  681. __le32 front_crc;
  682. __le32 middle_crc;
  683. __le32 data_crc;
  684. } __packed *sigblock = enc_buf + ceph_x_encrypt_offset();
  685. sigblock->len = cpu_to_le32(4*sizeof(u32));
  686. sigblock->header_crc = msg->hdr.crc;
  687. sigblock->front_crc = msg->footer.front_crc;
  688. sigblock->middle_crc = msg->footer.middle_crc;
  689. sigblock->data_crc = msg->footer.data_crc;
  690. ret = ceph_x_encrypt(&au->session_key, enc_buf,
  691. CEPHX_AU_ENC_BUF_LEN, sizeof(*sigblock));
  692. if (ret < 0)
  693. return ret;
  694. *psig = *(__le64 *)(enc_buf + sizeof(u32));
  695. } else {
  696. struct {
  697. __le32 header_crc;
  698. __le32 front_crc;
  699. __le32 front_len;
  700. __le32 middle_crc;
  701. __le32 middle_len;
  702. __le32 data_crc;
  703. __le32 data_len;
  704. __le32 seq_lower_word;
  705. } __packed *sigblock = enc_buf;
  706. struct {
  707. __le64 a, b, c, d;
  708. } __packed *penc = enc_buf;
  709. int ciphertext_len;
  710. sigblock->header_crc = msg->hdr.crc;
  711. sigblock->front_crc = msg->footer.front_crc;
  712. sigblock->front_len = msg->hdr.front_len;
  713. sigblock->middle_crc = msg->footer.middle_crc;
  714. sigblock->middle_len = msg->hdr.middle_len;
  715. sigblock->data_crc = msg->footer.data_crc;
  716. sigblock->data_len = msg->hdr.data_len;
  717. sigblock->seq_lower_word = *(__le32 *)&msg->hdr.seq;
  718. /* no leading len, no ceph_x_encrypt_header */
  719. ret = ceph_crypt(&au->session_key, true, enc_buf,
  720. CEPHX_AU_ENC_BUF_LEN, sizeof(*sigblock),
  721. &ciphertext_len);
  722. if (ret)
  723. return ret;
  724. *psig = penc->a ^ penc->b ^ penc->c ^ penc->d;
  725. }
  726. return 0;
  727. }
  728. static int ceph_x_sign_message(struct ceph_auth_handshake *auth,
  729. struct ceph_msg *msg)
  730. {
  731. __le64 sig;
  732. int ret;
  733. if (ceph_test_opt(from_msgr(msg->con->msgr), NOMSGSIGN))
  734. return 0;
  735. ret = calc_signature((struct ceph_x_authorizer *)auth->authorizer,
  736. msg, &sig);
  737. if (ret)
  738. return ret;
  739. msg->footer.sig = sig;
  740. msg->footer.flags |= CEPH_MSG_FOOTER_SIGNED;
  741. return 0;
  742. }
  743. static int ceph_x_check_message_signature(struct ceph_auth_handshake *auth,
  744. struct ceph_msg *msg)
  745. {
  746. __le64 sig_check;
  747. int ret;
  748. if (ceph_test_opt(from_msgr(msg->con->msgr), NOMSGSIGN))
  749. return 0;
  750. ret = calc_signature((struct ceph_x_authorizer *)auth->authorizer,
  751. msg, &sig_check);
  752. if (ret)
  753. return ret;
  754. if (sig_check == msg->footer.sig)
  755. return 0;
  756. if (msg->footer.flags & CEPH_MSG_FOOTER_SIGNED)
  757. dout("ceph_x_check_message_signature %p has signature %llx "
  758. "expect %llx\n", msg, msg->footer.sig, sig_check);
  759. else
  760. dout("ceph_x_check_message_signature %p sender did not set "
  761. "CEPH_MSG_FOOTER_SIGNED\n", msg);
  762. return -EBADMSG;
  763. }
  764. static const struct ceph_auth_client_ops ceph_x_ops = {
  765. .name = "x",
  766. .is_authenticated = ceph_x_is_authenticated,
  767. .should_authenticate = ceph_x_should_authenticate,
  768. .build_request = ceph_x_build_request,
  769. .handle_reply = ceph_x_handle_reply,
  770. .create_authorizer = ceph_x_create_authorizer,
  771. .update_authorizer = ceph_x_update_authorizer,
  772. .add_authorizer_challenge = ceph_x_add_authorizer_challenge,
  773. .verify_authorizer_reply = ceph_x_verify_authorizer_reply,
  774. .invalidate_authorizer = ceph_x_invalidate_authorizer,
  775. .reset = ceph_x_reset,
  776. .destroy = ceph_x_destroy,
  777. .sign_message = ceph_x_sign_message,
  778. .check_message_signature = ceph_x_check_message_signature,
  779. };
  780. int ceph_x_init(struct ceph_auth_client *ac)
  781. {
  782. struct ceph_x_info *xi;
  783. int ret;
  784. dout("ceph_x_init %p\n", ac);
  785. ret = -ENOMEM;
  786. xi = kzalloc(sizeof(*xi), GFP_NOFS);
  787. if (!xi)
  788. goto out;
  789. ret = -EINVAL;
  790. if (!ac->key) {
  791. pr_err("no secret set (for auth_x protocol)\n");
  792. goto out_nomem;
  793. }
  794. ret = ceph_crypto_key_clone(&xi->secret, ac->key);
  795. if (ret < 0) {
  796. pr_err("cannot clone key: %d\n", ret);
  797. goto out_nomem;
  798. }
  799. xi->starting = true;
  800. xi->ticket_handlers = RB_ROOT;
  801. ac->protocol = CEPH_AUTH_CEPHX;
  802. ac->private = xi;
  803. ac->ops = &ceph_x_ops;
  804. return 0;
  805. out_nomem:
  806. kfree(xi);
  807. out:
  808. return ret;
  809. }