[linux-block.git] / drivers / nvme / common / auth.c

// SPDX-License-Identifier: GPL-2.0
/*
 * Copyright (c) 2020 Hannes Reinecke, SUSE Linux
 */

#include <linux/module.h>
#include <linux/crc32.h>
#include <linux/base64.h>
#include <linux/prandom.h>
#include <linux/scatterlist.h>
#include <asm/unaligned.h>
#include <crypto/hash.h>
#include <crypto/dh.h>
#include <linux/nvme.h>
#include <linux/nvme-auth.h>

static u32 nvme_dhchap_seqnum;
static DEFINE_MUTEX(nvme_dhchap_mutex);

u32 nvme_auth_get_seqnum(void)
{
	u32 seqnum;

	mutex_lock(&nvme_dhchap_mutex);
	if (!nvme_dhchap_seqnum)
		nvme_dhchap_seqnum = get_random_u32();
	else {
		nvme_dhchap_seqnum++;
		if (!nvme_dhchap_seqnum)
			nvme_dhchap_seqnum++;
	}
	seqnum = nvme_dhchap_seqnum;
	mutex_unlock(&nvme_dhchap_mutex);
	return seqnum;
}
EXPORT_SYMBOL_GPL(nvme_auth_get_seqnum);

static struct nvme_auth_dhgroup_map {
	const char name[16];
	const char kpp[16];
} dhgroup_map[] = {
	[NVME_AUTH_DHGROUP_NULL] = {
		.name = "null", .kpp = "null" },
	[NVME_AUTH_DHGROUP_2048] = {
		.name = "ffdhe2048", .kpp = "ffdhe2048(dh)" },
	[NVME_AUTH_DHGROUP_3072] = {
		.name = "ffdhe3072", .kpp = "ffdhe3072(dh)" },
	[NVME_AUTH_DHGROUP_4096] = {
		.name = "ffdhe4096", .kpp = "ffdhe4096(dh)" },
	[NVME_AUTH_DHGROUP_6144] = {
		.name = "ffdhe6144", .kpp = "ffdhe6144(dh)" },
	[NVME_AUTH_DHGROUP_8192] = {
		.name = "ffdhe8192", .kpp = "ffdhe8192(dh)" },
};

const char *nvme_auth_dhgroup_name(u8 dhgroup_id)
{
	if (dhgroup_id >= ARRAY_SIZE(dhgroup_map))
		return NULL;
	return dhgroup_map[dhgroup_id].name;
}
EXPORT_SYMBOL_GPL(nvme_auth_dhgroup_name);

const char *nvme_auth_dhgroup_kpp(u8 dhgroup_id)
{
	if (dhgroup_id >= ARRAY_SIZE(dhgroup_map))
		return NULL;
	return dhgroup_map[dhgroup_id].kpp;
}
EXPORT_SYMBOL_GPL(nvme_auth_dhgroup_kpp);

u8 nvme_auth_dhgroup_id(const char *dhgroup_name)
{
	int i;

	if (!dhgroup_name || !strlen(dhgroup_name))
		return NVME_AUTH_DHGROUP_INVALID;
	for (i = 0; i < ARRAY_SIZE(dhgroup_map); i++) {
		if (!strlen(dhgroup_map[i].name))
			continue;
		if (!strncmp(dhgroup_map[i].name, dhgroup_name,
			     strlen(dhgroup_map[i].name)))
			return i;
	}
	return NVME_AUTH_DHGROUP_INVALID;
}
EXPORT_SYMBOL_GPL(nvme_auth_dhgroup_id);

static struct nvme_dhchap_hash_map {
	int len;
	const char hmac[15];
	const char digest[8];
} hash_map[] = {
	[NVME_AUTH_HASH_SHA256] = {
		.len = 32,
		.hmac = "hmac(sha256)",
		.digest = "sha256",
	},
	[NVME_AUTH_HASH_SHA384] = {
		.len = 48,
		.hmac = "hmac(sha384)",
		.digest = "sha384",
	},
	[NVME_AUTH_HASH_SHA512] = {
		.len = 64,
		.hmac = "hmac(sha512)",
		.digest = "sha512",
	},
};

const char *nvme_auth_hmac_name(u8 hmac_id)
{
	if (hmac_id >= ARRAY_SIZE(hash_map))
		return NULL;
	return hash_map[hmac_id].hmac;
}
EXPORT_SYMBOL_GPL(nvme_auth_hmac_name);

const char *nvme_auth_digest_name(u8 hmac_id)
{
	if (hmac_id >= ARRAY_SIZE(hash_map))
		return NULL;
	return hash_map[hmac_id].digest;
}
EXPORT_SYMBOL_GPL(nvme_auth_digest_name);

u8 nvme_auth_hmac_id(const char *hmac_name)
{
	int i;

	if (!hmac_name || !strlen(hmac_name))
		return NVME_AUTH_HASH_INVALID;

	for (i = 0; i < ARRAY_SIZE(hash_map); i++) {
		if (!strlen(hash_map[i].hmac))
			continue;
		if (!strncmp(hash_map[i].hmac, hmac_name,
			     strlen(hash_map[i].hmac)))
			return i;
	}
	return NVME_AUTH_HASH_INVALID;
}
EXPORT_SYMBOL_GPL(nvme_auth_hmac_id);

size_t nvme_auth_hmac_hash_len(u8 hmac_id)
{
	if (hmac_id >= ARRAY_SIZE(hash_map))
		return 0;
	return hash_map[hmac_id].len;
}
EXPORT_SYMBOL_GPL(nvme_auth_hmac_hash_len);

struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret,
					      u8 key_hash)
{
	struct nvme_dhchap_key *key;
	unsigned char *p;
	u32 crc;
	int ret, key_len;
	size_t allocated_len = strlen(secret);

	/* Secret might be affixed with a ':' */
	p = strrchr(secret, ':');
	if (p)
		allocated_len = p - secret;
	key = kzalloc(sizeof(*key), GFP_KERNEL);
	if (!key)
		return ERR_PTR(-ENOMEM);
	key->key = kzalloc(allocated_len, GFP_KERNEL);
	if (!key->key) {
		ret = -ENOMEM;
		goto out_free_key;
	}

	key_len = base64_decode(secret, allocated_len, key->key);
	if (key_len < 0) {
		pr_debug("base64 key decoding error %d\n",
			 key_len);
		ret = key_len;
		goto out_free_secret;
	}

	if (key_len != 36 && key_len != 52 &&
	    key_len != 68) {
		pr_err("Invalid key len %d\n", key_len);
		ret = -EINVAL;
		goto out_free_secret;
	}

	if (key_hash > 0 &&
	    (key_len - 4) != nvme_auth_hmac_hash_len(key_hash)) {
		pr_err("Mismatched key len %d for %s\n", key_len,
		       nvme_auth_hmac_name(key_hash));
		ret = -EINVAL;
		goto out_free_secret;
	}

	/* The last four bytes is the CRC in little-endian format */
	key_len -= 4;
	/*
	 * The linux implementation doesn't do pre- and post-increments,
	 * so we have to do it manually.
	 */
	crc = ~crc32(~0, key->key, key_len);

	if (get_unaligned_le32(key->key + key_len) != crc) {
		pr_err("key crc mismatch (key %08x, crc %08x)\n",
		       get_unaligned_le32(key->key + key_len), crc);
		ret = -EKEYREJECTED;
		goto out_free_secret;
	}
	key->len = key_len;
	key->hash = key_hash;
	return key;
out_free_secret:
	kfree_sensitive(key->key);
out_free_key:
	kfree(key);
	return ERR_PTR(ret);
}
EXPORT_SYMBOL_GPL(nvme_auth_extract_key);

void nvme_auth_free_key(struct nvme_dhchap_key *key)
{
	if (!key)
		return;
	kfree_sensitive(key->key);
	kfree(key);
}
EXPORT_SYMBOL_GPL(nvme_auth_free_key);

u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key, char *nqn)
{
	const char *hmac_name;
	struct crypto_shash *key_tfm;
	struct shash_desc *shash;
	u8 *transformed_key;
	int ret;

	if (!key || !key->key) {
		pr_warn("No key specified\n");
		return ERR_PTR(-ENOKEY);
	}
	if (key->hash == 0) {
		transformed_key = kmemdup(key->key, key->len, GFP_KERNEL);
		return transformed_key ? transformed_key : ERR_PTR(-ENOMEM);
	}
	hmac_name = nvme_auth_hmac_name(key->hash);
	if (!hmac_name) {
		pr_warn("Invalid key hash id %d\n", key->hash);
		return ERR_PTR(-EINVAL);
	}

	key_tfm = crypto_alloc_shash(hmac_name, 0, 0);
	if (IS_ERR(key_tfm))
		return (u8 *)key_tfm;

	shash = kmalloc(sizeof(struct shash_desc) +
			crypto_shash_descsize(key_tfm),
			GFP_KERNEL);
	if (!shash) {
		ret = -ENOMEM;
		goto out_free_key;
	}

	transformed_key = kzalloc(crypto_shash_digestsize(key_tfm), GFP_KERNEL);
	if (!transformed_key) {
		ret = -ENOMEM;
		goto out_free_shash;
	}

	shash->tfm = key_tfm;
	ret = crypto_shash_setkey(key_tfm, key->key, key->len);
	if (ret < 0)
		goto out_free_transformed_key;
	ret = crypto_shash_init(shash);
	if (ret < 0)
		goto out_free_transformed_key;
	ret = crypto_shash_update(shash, nqn, strlen(nqn));
	if (ret < 0)
		goto out_free_transformed_key;
	ret = crypto_shash_update(shash, "NVMe-over-Fabrics", 17);
	if (ret < 0)
		goto out_free_transformed_key;
	ret = crypto_shash_final(shash, transformed_key);
	if (ret < 0)
		goto out_free_transformed_key;

	kfree(shash);
	crypto_free_shash(key_tfm);

	return transformed_key;

out_free_transformed_key:
	kfree_sensitive(transformed_key);
out_free_shash:
	kfree(shash);
out_free_key:
	crypto_free_shash(key_tfm);

	return ERR_PTR(ret);
}
EXPORT_SYMBOL_GPL(nvme_auth_transform_key);

static int nvme_auth_hash_skey(int hmac_id, u8 *skey, size_t skey_len, u8 *hkey)
{
	const char *digest_name;
	struct crypto_shash *tfm;
	int ret;

	digest_name = nvme_auth_digest_name(hmac_id);
	if (!digest_name) {
		pr_debug("%s: failed to get digest for %d\n", __func__,
			 hmac_id);
		return -EINVAL;
	}
	tfm = crypto_alloc_shash(digest_name, 0, 0);
	if (IS_ERR(tfm))
		return -ENOMEM;

	ret = crypto_shash_tfm_digest(tfm, skey, skey_len, hkey);
	if (ret < 0)
		pr_debug("%s: Failed to hash digest len %zu\n", __func__,
			 skey_len);

	crypto_free_shash(tfm);
	return ret;
}

int nvme_auth_augmented_challenge(u8 hmac_id, u8 *skey, size_t skey_len,
		u8 *challenge, u8 *aug, size_t hlen)
{
	struct crypto_shash *tfm;
	struct shash_desc *desc;
	u8 *hashed_key;
	const char *hmac_name;
	int ret;

	hashed_key = kmalloc(hlen, GFP_KERNEL);
	if (!hashed_key)
		return -ENOMEM;

	ret = nvme_auth_hash_skey(hmac_id, skey,
				  skey_len, hashed_key);
	if (ret < 0)
		goto out_free_key;

	hmac_name = nvme_auth_hmac_name(hmac_id);
	if (!hmac_name) {
		pr_warn("%s: invalid hash algorithm %d\n",
			__func__, hmac_id);
		ret = -EINVAL;
		goto out_free_key;
	}

	tfm = crypto_alloc_shash(hmac_name, 0, 0);
	if (IS_ERR(tfm)) {
		ret = PTR_ERR(tfm);
		goto out_free_key;
	}

	desc = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(tfm),
		       GFP_KERNEL);
	if (!desc) {
		ret = -ENOMEM;
		goto out_free_hash;
	}
	desc->tfm = tfm;

	ret = crypto_shash_setkey(tfm, hashed_key, hlen);
	if (ret)
		goto out_free_desc;

	ret = crypto_shash_init(desc);
	if (ret)
		goto out_free_desc;

	ret = crypto_shash_update(desc, challenge, hlen);
	if (ret)
		goto out_free_desc;

	ret = crypto_shash_final(desc, aug);
out_free_desc:
	kfree_sensitive(desc);
out_free_hash:
	crypto_free_shash(tfm);
out_free_key:
	kfree_sensitive(hashed_key);
	return ret;
}
EXPORT_SYMBOL_GPL(nvme_auth_augmented_challenge);

int nvme_auth_gen_privkey(struct crypto_kpp *dh_tfm, u8 dh_gid)
{
	int ret;

	ret = crypto_kpp_set_secret(dh_tfm, NULL, 0);
	if (ret)
		pr_debug("failed to set private key, error %d\n", ret);

	return ret;
}
EXPORT_SYMBOL_GPL(nvme_auth_gen_privkey);

int nvme_auth_gen_pubkey(struct crypto_kpp *dh_tfm,
		u8 *host_key, size_t host_key_len)
{
	struct kpp_request *req;
	struct crypto_wait wait;
	struct scatterlist dst;
	int ret;

	req = kpp_request_alloc(dh_tfm, GFP_KERNEL);
	if (!req)
		return -ENOMEM;

	crypto_init_wait(&wait);
	kpp_request_set_input(req, NULL, 0);
	sg_init_one(&dst, host_key, host_key_len);
	kpp_request_set_output(req, &dst, host_key_len);
	kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
				 crypto_req_done, &wait);

	ret = crypto_wait_req(crypto_kpp_generate_public_key(req), &wait);
	kpp_request_free(req);
	return ret;
}
EXPORT_SYMBOL_GPL(nvme_auth_gen_pubkey);

int nvme_auth_gen_shared_secret(struct crypto_kpp *dh_tfm,
		u8 *ctrl_key, size_t ctrl_key_len,
		u8 *sess_key, size_t sess_key_len)
{
	struct kpp_request *req;
	struct crypto_wait wait;
	struct scatterlist src, dst;
	int ret;

	req = kpp_request_alloc(dh_tfm, GFP_KERNEL);
	if (!req)
		return -ENOMEM;

	crypto_init_wait(&wait);
	sg_init_one(&src, ctrl_key, ctrl_key_len);
	kpp_request_set_input(req, &src, ctrl_key_len);
	sg_init_one(&dst, sess_key, sess_key_len);
	kpp_request_set_output(req, &dst, sess_key_len);
	kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
				 crypto_req_done, &wait);

	ret = crypto_wait_req(crypto_kpp_compute_shared_secret(req), &wait);

	kpp_request_free(req);
	return ret;
}
EXPORT_SYMBOL_GPL(nvme_auth_gen_shared_secret);

int nvme_auth_generate_key(u8 *secret, struct nvme_dhchap_key **ret_key)
{
	struct nvme_dhchap_key *key;
	u8 key_hash;

	if (!secret) {
		*ret_key = NULL;
		return 0;
	}

	if (sscanf(secret, "DHHC-1:%hhd:%*s:", &key_hash) != 1)
		return -EINVAL;

	/* Pass in the secret without the 'DHHC-1:XX:' prefix */
	key = nvme_auth_extract_key(secret + 10, key_hash);
	if (IS_ERR(key)) {
		*ret_key = NULL;
		return PTR_ERR(key);
	}

	*ret_key = key;
	return 0;
}
EXPORT_SYMBOL_GPL(nvme_auth_generate_key);

MODULE_LICENSE("GPL v2");
Commit	Line	Data
f50fff73 HR	1	// SPDX-License-Identifier: GPL-2.0
	2	/*
	3	* Copyright (c) 2020 Hannes Reinecke, SUSE Linux
	4	*/
	5
	6	#include <linux/module.h>
	7	#include <linux/crc32.h>
	8	#include <linux/base64.h>
	9	#include <linux/prandom.h>
	10	#include <linux/scatterlist.h>
	11	#include <asm/unaligned.h>
	12	#include <crypto/hash.h>
	13	#include <crypto/dh.h>
	14	#include <linux/nvme.h>
	15	#include <linux/nvme-auth.h>
	16
	17	static u32 nvme_dhchap_seqnum;
	18	static DEFINE_MUTEX(nvme_dhchap_mutex);
	19
	20	u32 nvme_auth_get_seqnum(void)
	21	{
	22	u32 seqnum;
	23
	24	mutex_lock(&nvme_dhchap_mutex);
	25	if (!nvme_dhchap_seqnum)
a251c17a	26	nvme_dhchap_seqnum = get_random_u32();
f50fff73 HR	27	else {
	28	nvme_dhchap_seqnum++;
	29	if (!nvme_dhchap_seqnum)
	30	nvme_dhchap_seqnum++;
	31	}
	32	seqnum = nvme_dhchap_seqnum;
	33	mutex_unlock(&nvme_dhchap_mutex);
	34	return seqnum;
	35	}
	36	EXPORT_SYMBOL_GPL(nvme_auth_get_seqnum);
	37
	38	static struct nvme_auth_dhgroup_map {
	39	const char name[16];
	40	const char kpp[16];
	41	} dhgroup_map[] = {
	42	[NVME_AUTH_DHGROUP_NULL] = {
	43	.name = "null", .kpp = "null" },
	44	[NVME_AUTH_DHGROUP_2048] = {
	45	.name = "ffdhe2048", .kpp = "ffdhe2048(dh)" },
	46	[NVME_AUTH_DHGROUP_3072] = {
	47	.name = "ffdhe3072", .kpp = "ffdhe3072(dh)" },
	48	[NVME_AUTH_DHGROUP_4096] = {
	49	.name = "ffdhe4096", .kpp = "ffdhe4096(dh)" },
	50	[NVME_AUTH_DHGROUP_6144] = {
	51	.name = "ffdhe6144", .kpp = "ffdhe6144(dh)" },
	52	[NVME_AUTH_DHGROUP_8192] = {
	53	.name = "ffdhe8192", .kpp = "ffdhe8192(dh)" },
	54	};
	55
	56	const char *nvme_auth_dhgroup_name(u8 dhgroup_id)
	57	{
4daf7fa0	58	if (dhgroup_id >= ARRAY_SIZE(dhgroup_map))
f50fff73 HR	59	return NULL;
	60	return dhgroup_map[dhgroup_id].name;
	61	}
	62	EXPORT_SYMBOL_GPL(nvme_auth_dhgroup_name);
	63
	64	const char *nvme_auth_dhgroup_kpp(u8 dhgroup_id)
	65	{
4daf7fa0	66	if (dhgroup_id >= ARRAY_SIZE(dhgroup_map))
f50fff73 HR	67	return NULL;
	68	return dhgroup_map[dhgroup_id].kpp;
	69	}
	70	EXPORT_SYMBOL_GPL(nvme_auth_dhgroup_kpp);
	71
	72	u8 nvme_auth_dhgroup_id(const char *dhgroup_name)
	73	{
	74	int i;
	75
	76	if (!dhgroup_name \|\| !strlen(dhgroup_name))
	77	return NVME_AUTH_DHGROUP_INVALID;
	78	for (i = 0; i < ARRAY_SIZE(dhgroup_map); i++) {
	79	if (!strlen(dhgroup_map[i].name))
	80	continue;
	81	if (!strncmp(dhgroup_map[i].name, dhgroup_name,
	82	strlen(dhgroup_map[i].name)))
	83	return i;
	84	}
	85	return NVME_AUTH_DHGROUP_INVALID;
	86	}
	87	EXPORT_SYMBOL_GPL(nvme_auth_dhgroup_id);
	88
	89	static struct nvme_dhchap_hash_map {
	90	int len;
	91	const char hmac[15];
	92	const char digest[8];
	93	} hash_map[] = {
	94	[NVME_AUTH_HASH_SHA256] = {
	95	.len = 32,
	96	.hmac = "hmac(sha256)",
	97	.digest = "sha256",
	98	},
	99	[NVME_AUTH_HASH_SHA384] = {
	100	.len = 48,
	101	.hmac = "hmac(sha384)",
	102	.digest = "sha384",
	103	},
	104	[NVME_AUTH_HASH_SHA512] = {
	105	.len = 64,
	106	.hmac = "hmac(sha512)",
	107	.digest = "sha512",
	108	},
	109	};
	110
	111	const char *nvme_auth_hmac_name(u8 hmac_id)
	112	{
4daf7fa0	113	if (hmac_id >= ARRAY_SIZE(hash_map))
f50fff73 HR	114	return NULL;
	115	return hash_map[hmac_id].hmac;
	116	}
	117	EXPORT_SYMBOL_GPL(nvme_auth_hmac_name);
	118
	119	const char *nvme_auth_digest_name(u8 hmac_id)
	120	{
4daf7fa0	121	if (hmac_id >= ARRAY_SIZE(hash_map))
f50fff73 HR	122	return NULL;
	123	return hash_map[hmac_id].digest;
	124	}
	125	EXPORT_SYMBOL_GPL(nvme_auth_digest_name);
	126
	127	u8 nvme_auth_hmac_id(const char *hmac_name)
	128	{
	129	int i;
	130
	131	if (!hmac_name \|\| !strlen(hmac_name))
	132	return NVME_AUTH_HASH_INVALID;
	133
	134	for (i = 0; i < ARRAY_SIZE(hash_map); i++) {
	135	if (!strlen(hash_map[i].hmac))
	136	continue;
	137	if (!strncmp(hash_map[i].hmac, hmac_name,
	138	strlen(hash_map[i].hmac)))
	139	return i;
	140	}
	141	return NVME_AUTH_HASH_INVALID;
	142	}
	143	EXPORT_SYMBOL_GPL(nvme_auth_hmac_id);
	144
	145	size_t nvme_auth_hmac_hash_len(u8 hmac_id)
	146	{
4daf7fa0	147	if (hmac_id >= ARRAY_SIZE(hash_map))
f50fff73 HR	148	return 0;
	149	return hash_map[hmac_id].len;
	150	}
	151	EXPORT_SYMBOL_GPL(nvme_auth_hmac_hash_len);
	152
	153	struct nvme_dhchap_key nvme_auth_extract_key(unsigned char secret,
	154	u8 key_hash)
	155	{
	156	struct nvme_dhchap_key *key;
	157	unsigned char *p;
	158	u32 crc;
	159	int ret, key_len;
	160	size_t allocated_len = strlen(secret);
	161
	162	/* Secret might be affixed with a ':' */
	163	p = strrchr(secret, ':');
	164	if (p)
	165	allocated_len = p - secret;
	166	key = kzalloc(sizeof(*key), GFP_KERNEL);
	167	if (!key)
	168	return ERR_PTR(-ENOMEM);
	169	key->key = kzalloc(allocated_len, GFP_KERNEL);
	170	if (!key->key) {
	171	ret = -ENOMEM;
	172	goto out_free_key;
	173	}
	174
	175	key_len = base64_decode(secret, allocated_len, key->key);
	176	if (key_len < 0) {
	177	pr_debug("base64 key decoding error %d\n",
	178	key_len);
	179	ret = key_len;
	180	goto out_free_secret;
	181	}
	182
	183	if (key_len != 36 && key_len != 52 &&
	184	key_len != 68) {
	185	pr_err("Invalid key len %d\n", key_len);
	186	ret = -EINVAL;
	187	goto out_free_secret;
	188	}
	189
	190	if (key_hash > 0 &&
	191	(key_len - 4) != nvme_auth_hmac_hash_len(key_hash)) {
	192	pr_err("Mismatched key len %d for %s\n", key_len,
	193	nvme_auth_hmac_name(key_hash));
	194	ret = -EINVAL;
	195	goto out_free_secret;
	196	}
	197
	198	/* The last four bytes is the CRC in little-endian format */
	199	key_len -= 4;
	200	/*
	201	* The linux implementation doesn't do pre- and post-increments,
	202	* so we have to do it manually.
	203	*/
	204	crc = ~crc32(~0, key->key, key_len);
	205
	206	if (get_unaligned_le32(key->key + key_len) != crc) {
	207	pr_err("key crc mismatch (key %08x, crc %08x)\n",
	208	get_unaligned_le32(key->key + key_len), crc);
	209	ret = -EKEYREJECTED;
	210	goto out_free_secret;
	211	}
212	key->len = key_len;
213	key->hash = key_hash;
214	return key;
215	out_free_secret:
216	kfree_sensitive(key->key);
217	out_free_key:
218	kfree(key);
219	return ERR_PTR(ret);
220	}
221	EXPORT_SYMBOL_GPL(nvme_auth_extract_key);
222
223	void nvme_auth_free_key(struct nvme_dhchap_key *key)
224	{
225	if (!key)
226	return;
227	kfree_sensitive(key->key);
228	kfree(key);
229	}
230	EXPORT_SYMBOL_GPL(nvme_auth_free_key);
231
232	u8 nvme_auth_transform_key(struct nvme_dhchap_key key, char *nqn)
233	{
234	const char *hmac_name;
235	struct crypto_shash *key_tfm;
236	struct shash_desc *shash;
237	u8 *transformed_key;
238	int ret;
239
240	if (!key \|\| !key->key) {
241	pr_warn("No key specified\n");
242	return ERR_PTR(-ENOKEY);
243	}
244	if (key->hash == 0) {
245	transformed_key = kmemdup(key->key, key->len, GFP_KERNEL);
246	return transformed_key ? transformed_key : ERR_PTR(-ENOMEM);
247	}
248	hmac_name = nvme_auth_hmac_name(key->hash);
249	if (!hmac_name) {
250	pr_warn("Invalid key hash id %d\n", key->hash);
251	return ERR_PTR(-EINVAL);
252	}
253
254	key_tfm = crypto_alloc_shash(hmac_name, 0, 0);
255	if (IS_ERR(key_tfm))
256	return (u8 *)key_tfm;
257
258	shash = kmalloc(sizeof(struct shash_desc) +
259	crypto_shash_descsize(key_tfm),
260	GFP_KERNEL);
261	if (!shash) {
262	ret = -ENOMEM;
263	goto out_free_key;
264	}
265
266	transformed_key = kzalloc(crypto_shash_digestsize(key_tfm), GFP_KERNEL);
267	if (!transformed_key) {
268	ret = -ENOMEM;
269	goto out_free_shash;
270	}
271
272	shash->tfm = key_tfm;
273	ret = crypto_shash_setkey(key_tfm, key->key, key->len);
274	if (ret < 0)
80e27684	275	goto out_free_transformed_key;
f50fff73 HR	276	ret = crypto_shash_init(shash);
f50fff73 HR	277	if (ret < 0)
80e27684	278	goto out_free_transformed_key;
f50fff73 HR	279	ret = crypto_shash_update(shash, nqn, strlen(nqn));
f50fff73 HR	280	if (ret < 0)
80e27684	281	goto out_free_transformed_key;
f50fff73 HR	282	ret = crypto_shash_update(shash, "NVMe-over-Fabrics", 17);
f50fff73 HR	283	if (ret < 0)
80e27684	284	goto out_free_transformed_key;
f50fff73	285	ret = crypto_shash_final(shash, transformed_key);
80e27684 DC	286	if (ret < 0)
	287	goto out_free_transformed_key;
	288
	289	kfree(shash);
	290	crypto_free_shash(key_tfm);
	291
	292	return transformed_key;
	293
	294	out_free_transformed_key:
	295	kfree_sensitive(transformed_key);
f50fff73 HR	296	out_free_shash:
	297	kfree(shash);
	298	out_free_key:
	299	crypto_free_shash(key_tfm);
80e27684 DC	300
80e27684 DC	301	return ERR_PTR(ret);
f50fff73 HR	302	}
	303	EXPORT_SYMBOL_GPL(nvme_auth_transform_key);
	304
b61775d1 HR	305	static int nvme_auth_hash_skey(int hmac_id, u8 skey, size_t skey_len, u8 hkey)
	306	{
	307	const char *digest_name;
	308	struct crypto_shash *tfm;
	309	int ret;
	310
	311	digest_name = nvme_auth_digest_name(hmac_id);
	312	if (!digest_name) {
	313	pr_debug("%s: failed to get digest for %d\n", __func__,
	314	hmac_id);
	315	return -EINVAL;
	316	}
	317	tfm = crypto_alloc_shash(digest_name, 0, 0);
	318	if (IS_ERR(tfm))
	319	return -ENOMEM;
	320
	321	ret = crypto_shash_tfm_digest(tfm, skey, skey_len, hkey);
	322	if (ret < 0)
	323	pr_debug("%s: Failed to hash digest len %zu\n", __func__,
	324	skey_len);
	325
	326	crypto_free_shash(tfm);
	327	return ret;
	328	}
	329
	330	int nvme_auth_augmented_challenge(u8 hmac_id, u8 *skey, size_t skey_len,
	331	u8 challenge, u8 aug, size_t hlen)
	332	{
	333	struct crypto_shash *tfm;
	334	struct shash_desc *desc;
	335	u8 *hashed_key;
	336	const char *hmac_name;
	337	int ret;
	338
	339	hashed_key = kmalloc(hlen, GFP_KERNEL);
	340	if (!hashed_key)
	341	return -ENOMEM;
	342
	343	ret = nvme_auth_hash_skey(hmac_id, skey,
	344	skey_len, hashed_key);
	345	if (ret < 0)
	346	goto out_free_key;
	347
	348	hmac_name = nvme_auth_hmac_name(hmac_id);
	349	if (!hmac_name) {
9db056e9	350	pr_warn("%s: invalid hash algorithm %d\n",
b61775d1 HR	351	__func__, hmac_id);
	352	ret = -EINVAL;
	353	goto out_free_key;
	354	}
	355
	356	tfm = crypto_alloc_shash(hmac_name, 0, 0);
	357	if (IS_ERR(tfm)) {
	358	ret = PTR_ERR(tfm);
	359	goto out_free_key;
	360	}
	361
	362	desc = kmalloc(sizeof(struct shash_desc) + crypto_shash_descsize(tfm),
	363	GFP_KERNEL);
	364	if (!desc) {
	365	ret = -ENOMEM;
	366	goto out_free_hash;
	367	}
	368	desc->tfm = tfm;
	369
	370	ret = crypto_shash_setkey(tfm, hashed_key, hlen);
	371	if (ret)
	372	goto out_free_desc;
	373
	374	ret = crypto_shash_init(desc);
	375	if (ret)
	376	goto out_free_desc;
	377
	378	ret = crypto_shash_update(desc, challenge, hlen);
	379	if (ret)
	380	goto out_free_desc;
	381
	382	ret = crypto_shash_final(desc, aug);
	383	out_free_desc:
	384	kfree_sensitive(desc);
	385	out_free_hash:
	386	crypto_free_shash(tfm);
	387	out_free_key:
	388	kfree_sensitive(hashed_key);
	389	return ret;
	390	}
	391	EXPORT_SYMBOL_GPL(nvme_auth_augmented_challenge);
	392
	393	int nvme_auth_gen_privkey(struct crypto_kpp *dh_tfm, u8 dh_gid)
	394	{
	395	int ret;
	396
	397	ret = crypto_kpp_set_secret(dh_tfm, NULL, 0);
	398	if (ret)
	399	pr_debug("failed to set private key, error %d\n", ret);
	400
	401	return ret;
	402	}
	403	EXPORT_SYMBOL_GPL(nvme_auth_gen_privkey);
	404
	405	int nvme_auth_gen_pubkey(struct crypto_kpp *dh_tfm,
	406	u8 *host_key, size_t host_key_len)
	407	{
	408	struct kpp_request *req;
	409	struct crypto_wait wait;
	410	struct scatterlist dst;
	411	int ret;
	412
	413	req = kpp_request_alloc(dh_tfm, GFP_KERNEL);
	414	if (!req)
415	return -ENOMEM;
416
417	crypto_init_wait(&wait);
418	kpp_request_set_input(req, NULL, 0);
419	sg_init_one(&dst, host_key, host_key_len);
420	kpp_request_set_output(req, &dst, host_key_len);
421	kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
422	crypto_req_done, &wait);
423
424	ret = crypto_wait_req(crypto_kpp_generate_public_key(req), &wait);
425	kpp_request_free(req);
426	return ret;
427	}
428	EXPORT_SYMBOL_GPL(nvme_auth_gen_pubkey);
429
430	int nvme_auth_gen_shared_secret(struct crypto_kpp *dh_tfm,
431	u8 *ctrl_key, size_t ctrl_key_len,
432	u8 *sess_key, size_t sess_key_len)
433	{
434	struct kpp_request *req;
435	struct crypto_wait wait;
436	struct scatterlist src, dst;
437	int ret;
438
439	req = kpp_request_alloc(dh_tfm, GFP_KERNEL);
440	if (!req)
441	return -ENOMEM;
442
443	crypto_init_wait(&wait);
444	sg_init_one(&src, ctrl_key, ctrl_key_len);
445	kpp_request_set_input(req, &src, ctrl_key_len);
446	sg_init_one(&dst, sess_key, sess_key_len);
447	kpp_request_set_output(req, &dst, sess_key_len);
448	kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
449	crypto_req_done, &wait);
450
451	ret = crypto_wait_req(crypto_kpp_compute_shared_secret(req), &wait);
452
453	kpp_request_free(req);
454	return ret;
455	}
456	EXPORT_SYMBOL_GPL(nvme_auth_gen_shared_secret);
457
f50fff73 HR	458	int nvme_auth_generate_key(u8 secret, struct nvme_dhchap_key *ret_key)
	459	{
	460	struct nvme_dhchap_key *key;
	461	u8 key_hash;
	462
	463	if (!secret) {
	464	*ret_key = NULL;
	465	return 0;
	466	}
	467
	468	if (sscanf(secret, "DHHC-1:%hhd:%*s:", &key_hash) != 1)
	469	return -EINVAL;
	470
	471	/* Pass in the secret without the 'DHHC-1:XX:' prefix */
	472	key = nvme_auth_extract_key(secret + 10, key_hash);
	473	if (IS_ERR(key)) {
	474	*ret_key = NULL;
	475	return PTR_ERR(key);
	476	}
	477
	478	*ret_key = key;
	479	return 0;
	480	}
	481	EXPORT_SYMBOL_GPL(nvme_auth_generate_key);
	482
	483	MODULE_LICENSE("GPL v2");