net/ceph/auth_x.c

   1
   2 #include <linux/ceph/ceph_debug.h>
   3
   4 #include <linux/err.h>
   5 #include <linux/module.h>
   6 #include <linux/random.h>
   7 #include <linux/slab.h>
   8
   9 #include <linux/ceph/decode.h>
  10 #include <linux/ceph/auth.h>
  11 #include <linux/ceph/ceph_features.h>
  12 #include <linux/ceph/libceph.h>
  13 #include <linux/ceph/messenger.h>
  14
  15 #include "crypto.h"
  16 #include "auth_x.h"
  17 #include "auth_x_protocol.h"
  18
  19 static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed);
  20
  21 static int ceph_x_is_authenticated(struct ceph_auth_client *ac)
  22 {
  23         struct ceph_x_info *xi = ac->private;
  24         int need;
  25
  26         ceph_x_validate_tickets(ac, &need);
  27         dout("ceph_x_is_authenticated want=%d need=%d have=%d\n",
  28              ac->want_keys, need, xi->have_keys);
  29         return (ac->want_keys & xi->have_keys) == ac->want_keys;
  30 }
  31
  32 static int ceph_x_should_authenticate(struct ceph_auth_client *ac)
  33 {
  34         struct ceph_x_info *xi = ac->private;
  35         int need;
  36
  37         ceph_x_validate_tickets(ac, &need);
  38         dout("ceph_x_should_authenticate want=%d need=%d have=%d\n",
  39              ac->want_keys, need, xi->have_keys);
  40         return need != 0;
  41 }
  42
  43 static int ceph_x_encrypt_offset(void)
  44 {
  45         return sizeof(u32) + sizeof(struct ceph_x_encrypt_header);
  46 }
  47
  48 static int ceph_x_encrypt_buflen(int ilen)
  49 {
  50         return ceph_x_encrypt_offset() + ilen + 16;
  51 }
  52
  53 static int ceph_x_encrypt(struct ceph_crypto_key *secret, void *buf,
  54                           int buf_len, int plaintext_len)
  55 {
  56         struct ceph_x_encrypt_header *hdr = buf + sizeof(u32);
  57         int ciphertext_len;
  58         int ret;
  59
  60         hdr->struct_v = 1;
  61         hdr->magic = cpu_to_le64(CEPHX_ENC_MAGIC);
  62
  63         ret = ceph_crypt(secret, true, buf + sizeof(u32), buf_len - sizeof(u32),
  64                          plaintext_len + sizeof(struct ceph_x_encrypt_header),
  65                          &ciphertext_len);
  66         if (ret)
  67                 return ret;
  68
  69         ceph_encode_32(&buf, ciphertext_len);
  70         return sizeof(u32) + ciphertext_len;
  71 }
  72
  73 static int __ceph_x_decrypt(struct ceph_crypto_key *secret, void *p,
  74                             int ciphertext_len)
  75 {
  76         struct ceph_x_encrypt_header *hdr = p;
  77         int plaintext_len;
  78         int ret;
  79
  80         ret = ceph_crypt(secret, false, p, ciphertext_len, ciphertext_len,
  81                          &plaintext_len);
  82         if (ret)
  83                 return ret;
  84
  85         if (le64_to_cpu(hdr->magic) != CEPHX_ENC_MAGIC) {
  86                 pr_err("%s bad magic\n", __func__);
  87                 return -EINVAL;
  88         }
  89
  90         return plaintext_len - sizeof(*hdr);
  91 }
  92
  93 static int ceph_x_decrypt(struct ceph_crypto_key *secret, void **p, void *end)
  94 {
  95         int ciphertext_len;
  96         int ret;
  97
  98         ceph_decode_32_safe(p, end, ciphertext_len, e_inval);
  99         ceph_decode_need(p, end, ciphertext_len, e_inval);
 100
 101         ret = __ceph_x_decrypt(secret, *p, ciphertext_len);
 102         if (ret < 0)
 103                 return ret;
 104
 105         *p += ciphertext_len;
 106         return ret;
 107
 108 e_inval:
 109         return -EINVAL;
 110 }
 111
 112 /*
 113  * get existing (or insert new) ticket handler
 114  */
 115 static struct ceph_x_ticket_handler *
 116 get_ticket_handler(struct ceph_auth_client *ac, int service)
 117 {
 118         struct ceph_x_ticket_handler *th;
 119         struct ceph_x_info *xi = ac->private;
 120         struct rb_node *parent = NULL, **p = &xi->ticket_handlers.rb_node;
 121
 122         while (*p) {
 123                 parent = *p;
 124                 th = rb_entry(parent, struct ceph_x_ticket_handler, node);
 125                 if (service < th->service)
 126                         p = &(*p)->rb_left;
 127                 else if (service > th->service)
 128                         p = &(*p)->rb_right;
 129                 else
 130                         return th;
 131         }
 132
 133         /* add it */
 134         th = kzalloc(sizeof(*th), GFP_NOFS);
 135         if (!th)
 136                 return ERR_PTR(-ENOMEM);
 137         th->service = service;
 138         rb_link_node(&th->node, parent, p);
 139         rb_insert_color(&th->node, &xi->ticket_handlers);
 140         return th;
 141 }
 142
 143 static void remove_ticket_handler(struct ceph_auth_client *ac,
 144                                   struct ceph_x_ticket_handler *th)
 145 {
 146         struct ceph_x_info *xi = ac->private;
 147
 148         dout("remove_ticket_handler %p %d\n", th, th->service);
 149         rb_erase(&th->node, &xi->ticket_handlers);
 150         ceph_crypto_key_destroy(&th->session_key);
 151         if (th->ticket_blob)
 152                 ceph_buffer_put(th->ticket_blob);
 153         kfree(th);
 154 }
 155
 156 static int process_one_ticket(struct ceph_auth_client *ac,
 157                               struct ceph_crypto_key *secret,
 158                               void **p, void *end)
 159 {
 160         struct ceph_x_info *xi = ac->private;
 161         int type;
 162         u8 tkt_struct_v, blob_struct_v;
 163         struct ceph_x_ticket_handler *th;
 164         void *dp, *dend;
 165         int dlen;
 166         char is_enc;
 167         struct timespec validity;
 168         void *tp, *tpend;
 169         void **ptp;
 170         struct ceph_crypto_key new_session_key;
 171         struct ceph_buffer *new_ticket_blob;
 172         unsigned long new_expires, new_renew_after;
 173         u64 new_secret_id;
 174         int ret;
 175
 176         ceph_decode_need(p, end, sizeof(u32) + 1, bad);
 177
 178         type = ceph_decode_32(p);
 179         dout(" ticket type %d %s\n", type, ceph_entity_type_name(type));
 180
 181         tkt_struct_v = ceph_decode_8(p);
 182         if (tkt_struct_v != 1)
 183                 goto bad;
 184
 185         th = get_ticket_handler(ac, type);
 186         if (IS_ERR(th)) {
 187                 ret = PTR_ERR(th);
 188                 goto out;
 189         }
 190
 191         /* blob for me */
 192         dp = *p + ceph_x_encrypt_offset();
 193         ret = ceph_x_decrypt(secret, p, end);
 194         if (ret < 0)
 195                 goto out;
 196         dout(" decrypted %d bytes\n", ret);
 197         dend = dp + ret;
 198
 199         tkt_struct_v = ceph_decode_8(&dp);
 200         if (tkt_struct_v != 1)
 201                 goto bad;
 202
 203         ret = ceph_crypto_key_decode(&new_session_key, &dp, dend);
 204         if (ret)
 205                 goto out;
 206
 207         ceph_decode_timespec(&validity, dp);
 208         dp += sizeof(struct ceph_timespec);
 209         new_expires = get_seconds() + validity.tv_sec;
 210         new_renew_after = new_expires - (validity.tv_sec / 4);
 211         dout(" expires=%lu renew_after=%lu\n", new_expires,
 212              new_renew_after);
 213
 214         /* ticket blob for service */
 215         ceph_decode_8_safe(p, end, is_enc, bad);
 216         if (is_enc) {
 217                 /* encrypted */
 218                 tp = *p + ceph_x_encrypt_offset();
 219                 ret = ceph_x_decrypt(&th->session_key, p, end);
 220                 if (ret < 0)
 221                         goto out;
 222                 dout(" encrypted ticket, decrypted %d bytes\n", ret);
 223                 ptp = &tp;
 224                 tpend = tp + ret;
 225         } else {
 226                 /* unencrypted */
 227                 ptp = p;
 228                 tpend = end;
 229         }
 230         ceph_decode_32_safe(ptp, tpend, dlen, bad);
 231         dout(" ticket blob is %d bytes\n", dlen);
 232         ceph_decode_need(ptp, tpend, 1 + sizeof(u64), bad);
 233         blob_struct_v = ceph_decode_8(ptp);
 234         new_secret_id = ceph_decode_64(ptp);
 235         ret = ceph_decode_buffer(&new_ticket_blob, ptp, tpend);
 236         if (ret)
 237                 goto out;
 238
 239         /* all is well, update our ticket */
 240         ceph_crypto_key_destroy(&th->session_key);
 241         if (th->ticket_blob)
 242                 ceph_buffer_put(th->ticket_blob);
 243         th->session_key = new_session_key;
 244         th->ticket_blob = new_ticket_blob;
 245         th->secret_id = new_secret_id;
 246         th->expires = new_expires;
 247         th->renew_after = new_renew_after;
 248         th->have_key = true;
 249         dout(" got ticket service %d (%s) secret_id %lld len %d\n",
 250              type, ceph_entity_type_name(type), th->secret_id,
 251              (int)th->ticket_blob->vec.iov_len);
 252         xi->have_keys |= th->service;
 253
 254 out:
 255         return ret;
 256
 257 bad:
 258         ret = -EINVAL;
 259         goto out;
 260 }
 261
 262 static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac,
 263                                     struct ceph_crypto_key *secret,
 264                                     void *buf, void *end)
 265 {
 266         void *p = buf;
 267         u8 reply_struct_v;
 268         u32 num;
 269         int ret;
 270
 271         ceph_decode_8_safe(&p, end, reply_struct_v, bad);
 272         if (reply_struct_v != 1)
 273                 return -EINVAL;
 274
 275         ceph_decode_32_safe(&p, end, num, bad);
 276         dout("%d tickets\n", num);
 277
 278         while (num--) {
 279                 ret = process_one_ticket(ac, secret, &p, end);
 280                 if (ret)
 281                         return ret;
 282         }
 283
 284         return 0;
 285
 286 bad:
 287         return -EINVAL;
 288 }
 289
 290 /*
 291  * Encode and encrypt the second part (ceph_x_authorize_b) of the
 292  * authorizer.  The first part (ceph_x_authorize_a) should already be
 293  * encoded.
 294  */
 295 static int encrypt_authorizer(struct ceph_x_authorizer *au,
 296                               u64 *server_challenge)
 297 {
 298         struct ceph_x_authorize_a *msg_a;
 299         struct ceph_x_authorize_b *msg_b;
 300         void *p, *end;
 301         int ret;
 302
 303         msg_a = au->buf->vec.iov_base;
 304         WARN_ON(msg_a->ticket_blob.secret_id != cpu_to_le64(au->secret_id));
 305         p = (void *)(msg_a + 1) + le32_to_cpu(msg_a->ticket_blob.blob_len);
 306         end = au->buf->vec.iov_base + au->buf->vec.iov_len;
 307
 308         msg_b = p + ceph_x_encrypt_offset();
 309         msg_b->struct_v = 2;
 310         msg_b->nonce = cpu_to_le64(au->nonce);
 311         if (server_challenge) {
 312                 msg_b->have_challenge = 1;
 313                 msg_b->server_challenge_plus_one =
 314                     cpu_to_le64(*server_challenge + 1);
 315         } else {
 316                 msg_b->have_challenge = 0;
 317                 msg_b->server_challenge_plus_one = 0;
 318         }
 319
 320         ret = ceph_x_encrypt(&au->session_key, p, end - p, sizeof(*msg_b));
 321         if (ret < 0)
 322                 return ret;
 323
 324         p += ret;
 325         if (server_challenge) {
 326                 WARN_ON(p != end);
 327         } else {
 328                 WARN_ON(p > end);
 329                 au->buf->vec.iov_len = p - au->buf->vec.iov_base;
 330         }
 331
 332         return 0;
 333 }
 334
 335 static void ceph_x_authorizer_cleanup(struct ceph_x_authorizer *au)
 336 {
 337         ceph_crypto_key_destroy(&au->session_key);
 338         if (au->buf) {
 339                 ceph_buffer_put(au->buf);
 340                 au->buf = NULL;
 341         }
 342 }
 343
 344 static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
 345                                    struct ceph_x_ticket_handler *th,
 346                                    struct ceph_x_authorizer *au)
 347 {
 348         int maxlen;
 349         struct ceph_x_authorize_a *msg_a;
 350         struct ceph_x_authorize_b *msg_b;
 351         int ret;
 352         int ticket_blob_len =
 353                 (th->ticket_blob ? th->ticket_blob->vec.iov_len : 0);
 354
 355         dout("build_authorizer for %s %p\n",
 356              ceph_entity_type_name(th->service), au);
 357
 358         ceph_crypto_key_destroy(&au->session_key);
 359         ret = ceph_crypto_key_clone(&au->session_key, &th->session_key);
 360         if (ret)
 361                 goto out_au;
 362
 363         maxlen = sizeof(*msg_a) + ticket_blob_len +
 364                 ceph_x_encrypt_buflen(sizeof(*msg_b));
 365         dout("  need len %d\n", maxlen);
 366         if (au->buf && au->buf->alloc_len < maxlen) {
 367                 ceph_buffer_put(au->buf);
 368                 au->buf = NULL;
 369         }
 370         if (!au->buf) {
 371                 au->buf = ceph_buffer_new(maxlen, GFP_NOFS);
 372                 if (!au->buf) {
 373                         ret = -ENOMEM;
 374                         goto out_au;
 375                 }
 376         }
 377         au->service = th->service;
 378         au->secret_id = th->secret_id;
 379
 380         msg_a = au->buf->vec.iov_base;
 381         msg_a->struct_v = 1;
 382         msg_a->global_id = cpu_to_le64(ac->global_id);
 383         msg_a->service_id = cpu_to_le32(th->service);
 384         msg_a->ticket_blob.struct_v = 1;
 385         msg_a->ticket_blob.secret_id = cpu_to_le64(th->secret_id);
 386         msg_a->ticket_blob.blob_len = cpu_to_le32(ticket_blob_len);
 387         if (ticket_blob_len) {
 388                 memcpy(msg_a->ticket_blob.blob, th->ticket_blob->vec.iov_base,
 389                        th->ticket_blob->vec.iov_len);
 390         }
 391         dout(" th %p secret_id %lld %lld\n", th, th->secret_id,
 392              le64_to_cpu(msg_a->ticket_blob.secret_id));
 393
 394         get_random_bytes(&au->nonce, sizeof(au->nonce));
 395         ret = encrypt_authorizer(au, NULL);
 396         if (ret) {
 397                 pr_err("failed to encrypt authorizer: %d", ret);
 398                 goto out_au;
 399         }
 400
 401         dout(" built authorizer nonce %llx len %d\n", au->nonce,
 402              (int)au->buf->vec.iov_len);
 403         return 0;
 404
 405 out_au:
 406         ceph_x_authorizer_cleanup(au);
 407         return ret;
 408 }
 409
 410 static int ceph_x_encode_ticket(struct ceph_x_ticket_handler *th,
 411                                 void **p, void *end)
 412 {
 413         ceph_decode_need(p, end, 1 + sizeof(u64), bad);
 414         ceph_encode_8(p, 1);
 415         ceph_encode_64(p, th->secret_id);
 416         if (th->ticket_blob) {
 417                 const char *buf = th->ticket_blob->vec.iov_base;
 418                 u32 len = th->ticket_blob->vec.iov_len;
 419
 420                 ceph_encode_32_safe(p, end, len, bad);
 421                 ceph_encode_copy_safe(p, end, buf, len, bad);
 422         } else {
 423                 ceph_encode_32_safe(p, end, 0, bad);
 424         }
 425
 426         return 0;
 427 bad:
 428         return -ERANGE;
 429 }
 430
 431 static bool need_key(struct ceph_x_ticket_handler *th)
 432 {
 433         if (!th->have_key)
 434                 return true;
 435
 436         return get_seconds() >= th->renew_after;
 437 }
 438
 439 static bool have_key(struct ceph_x_ticket_handler *th)
 440 {
 441         if (th->have_key) {
 442                 if (get_seconds() >= th->expires)
 443                         th->have_key = false;
 444         }
 445
 446         return th->have_key;
 447 }
 448
 449 static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed)
 450 {
 451         int want = ac->want_keys;
 452         struct ceph_x_info *xi = ac->private;
 453         int service;
 454
 455         *pneed = ac->want_keys & ~(xi->have_keys);
 456
 457         for (service = 1; service <= want; service <<= 1) {
 458                 struct ceph_x_ticket_handler *th;
 459
 460                 if (!(ac->want_keys & service))
 461                         continue;
 462
 463                 if (*pneed & service)
 464                         continue;
 465
 466                 th = get_ticket_handler(ac, service);
 467                 if (IS_ERR(th)) {
 468                         *pneed |= service;
 469                         continue;
 470                 }
 471
 472                 if (need_key(th))
 473                         *pneed |= service;
 474                 if (!have_key(th))
 475                         xi->have_keys &= ~service;
 476         }
 477 }
 478
 479 static int ceph_x_build_request(struct ceph_auth_client *ac,
 480                                 void *buf, void *end)
 481 {
 482         struct ceph_x_info *xi = ac->private;
 483         int need;
 484         struct ceph_x_request_header *head = buf;
 485         int ret;
 486         struct ceph_x_ticket_handler *th =
 487                 get_ticket_handler(ac, CEPH_ENTITY_TYPE_AUTH);
 488
 489         if (IS_ERR(th))
 490                 return PTR_ERR(th);
 491
 492         ceph_x_validate_tickets(ac, &need);
 493
 494         dout("build_request want %x have %x need %x\n",
 495              ac->want_keys, xi->have_keys, need);
 496
 497         if (need & CEPH_ENTITY_TYPE_AUTH) {
 498                 struct ceph_x_authenticate *auth = (void *)(head + 1);
 499                 void *p = auth + 1;
 500                 void *enc_buf = xi->auth_authorizer.enc_buf;
 501                 struct ceph_x_challenge_blob *blob = enc_buf +
 502                                                         ceph_x_encrypt_offset();
 503                 u64 *u;
 504
 505                 if (p > end)
 506                         return -ERANGE;
 507
 508                 dout(" get_auth_session_key\n");
 509                 head->op = cpu_to_le16(CEPHX_GET_AUTH_SESSION_KEY);
 510
 511                 /* encrypt and hash */
 512                 get_random_bytes(&auth->client_challenge, sizeof(u64));
 513                 blob->client_challenge = auth->client_challenge;
 514                 blob->server_challenge = cpu_to_le64(xi->server_challenge);
 515                 ret = ceph_x_encrypt(&xi->secret, enc_buf, CEPHX_AU_ENC_BUF_LEN,
 516                                      sizeof(*blob));
 517                 if (ret < 0)
 518                         return ret;
 519
 520                 auth->struct_v = 1;
 521                 auth->key = 0;
 522                 for (u = (u64 *)enc_buf; u + 1 <= (u64 *)(enc_buf + ret); u++)
 523                         auth->key ^= *(__le64 *)u;
 524                 dout(" server_challenge %llx client_challenge %llx key %llx\n",
 525                      xi->server_challenge, le64_to_cpu(auth->client_challenge),
 526                      le64_to_cpu(auth->key));
 527
 528                 /* now encode the old ticket if exists */
 529                 ret = ceph_x_encode_ticket(th, &p, end);
 530                 if (ret < 0)
 531                         return ret;
 532
 533                 return p - buf;
 534         }
 535
 536         if (need) {
 537                 void *p = head + 1;
 538                 struct ceph_x_service_ticket_request *req;
 539
 540                 if (p > end)
 541                         return -ERANGE;
 542                 head->op = cpu_to_le16(CEPHX_GET_PRINCIPAL_SESSION_KEY);
 543
 544                 ret = ceph_x_build_authorizer(ac, th, &xi->auth_authorizer);
 545                 if (ret)
 546                         return ret;
 547                 ceph_encode_copy(&p, xi->auth_authorizer.buf->vec.iov_base,
 548                                  xi->auth_authorizer.buf->vec.iov_len);
 549
 550                 req = p;
 551                 req->keys = cpu_to_le32(need);
 552                 p += sizeof(*req);
 553                 return p - buf;
 554         }
 555
 556         return 0;
 557 }
 558
 559 static int ceph_x_handle_reply(struct ceph_auth_client *ac, int result,
 560                                void *buf, void *end)
 561 {
 562         struct ceph_x_info *xi = ac->private;
 563         struct ceph_x_reply_header *head = buf;
 564         struct ceph_x_ticket_handler *th;
 565         int len = end - buf;
 566         int op;
 567         int ret;
 568
 569         if (result)
 570                 return result;  /* XXX hmm? */
 571
 572         if (xi->starting) {
 573                 /* it's a hello */
 574                 struct ceph_x_server_challenge *sc = buf;
 575
 576                 if (len != sizeof(*sc))
 577                         return -EINVAL;
 578                 xi->server_challenge = le64_to_cpu(sc->server_challenge);
 579                 dout("handle_reply got server challenge %llx\n",
 580                      xi->server_challenge);
 581                 xi->starting = false;
 582                 xi->have_keys &= ~CEPH_ENTITY_TYPE_AUTH;
 583                 return -EAGAIN;
 584         }
 585
 586         op = le16_to_cpu(head->op);
 587         result = le32_to_cpu(head->result);
 588         dout("handle_reply op %d result %d\n", op, result);
 589         switch (op) {
 590         case CEPHX_GET_AUTH_SESSION_KEY:
 591                 /* verify auth key */
 592                 ret = ceph_x_proc_ticket_reply(ac, &xi->secret,
 593                                                buf + sizeof(*head), end);
 594                 break;
 595
 596         case CEPHX_GET_PRINCIPAL_SESSION_KEY:
 597                 th = get_ticket_handler(ac, CEPH_ENTITY_TYPE_AUTH);
 598                 if (IS_ERR(th))
 599                         return PTR_ERR(th);
 600                 ret = ceph_x_proc_ticket_reply(ac, &th->session_key,
 601                                                buf + sizeof(*head), end);
 602                 break;
 603
 604         default:
 605                 return -EINVAL;
 606         }
 607         if (ret)
 608                 return ret;
 609         if (ac->want_keys == xi->have_keys)
 610                 return 0;
 611         return -EAGAIN;
 612 }
 613
 614 static void ceph_x_destroy_authorizer(struct ceph_authorizer *a)
 615 {
 616         struct ceph_x_authorizer *au = (void *)a;
 617
 618         ceph_x_authorizer_cleanup(au);
 619         kfree(au);
 620 }
 621
 622 static int ceph_x_create_authorizer(
 623         struct ceph_auth_client *ac, int peer_type,
 624         struct ceph_auth_handshake *auth)
 625 {
 626         struct ceph_x_authorizer *au;
 627         struct ceph_x_ticket_handler *th;
 628         int ret;
 629
 630         th = get_ticket_handler(ac, peer_type);
 631         if (IS_ERR(th))
 632                 return PTR_ERR(th);
 633
 634         au = kzalloc(sizeof(*au), GFP_NOFS);
 635         if (!au)
 636                 return -ENOMEM;
 637
 638         au->base.destroy = ceph_x_destroy_authorizer;
 639
 640         ret = ceph_x_build_authorizer(ac, th, au);
 641         if (ret) {
 642                 kfree(au);
 643                 return ret;
 644         }
 645
 646         auth->authorizer = (struct ceph_authorizer *) au;
 647         auth->authorizer_buf = au->buf->vec.iov_base;
 648         auth->authorizer_buf_len = au->buf->vec.iov_len;
 649         auth->authorizer_reply_buf = au->enc_buf;
 650         auth->authorizer_reply_buf_len = CEPHX_AU_ENC_BUF_LEN;
 651         auth->sign_message = ac->ops->sign_message;
 652         auth->check_message_signature = ac->ops->check_message_signature;
 653
 654         return 0;
 655 }
 656
 657 static int ceph_x_update_authorizer(
 658         struct ceph_auth_client *ac, int peer_type,
 659         struct ceph_auth_handshake *auth)
 660 {
 661         struct ceph_x_authorizer *au;
 662         struct ceph_x_ticket_handler *th;
 663
 664         th = get_ticket_handler(ac, peer_type);
 665         if (IS_ERR(th))
 666                 return PTR_ERR(th);
 667
 668         au = (struct ceph_x_authorizer *)auth->authorizer;
 669         if (au->secret_id < th->secret_id) {
 670                 dout("ceph_x_update_authorizer service %u secret %llu < %llu\n",
 671                      au->service, au->secret_id, th->secret_id);
 672                 return ceph_x_build_authorizer(ac, th, au);
 673         }
 674         return 0;
 675 }
 676
 677 static int decrypt_authorize_challenge(struct ceph_x_authorizer *au,
 678                                        void *challenge_buf,
 679                                        int challenge_buf_len,
 680                                        u64 *server_challenge)
 681 {
 682         struct ceph_x_authorize_challenge *ch =
 683             challenge_buf + sizeof(struct ceph_x_encrypt_header);
 684         int ret;
 685
 686         /* no leading len */
 687         ret = __ceph_x_decrypt(&au->session_key, challenge_buf,
 688                                challenge_buf_len);
 689         if (ret < 0)
 690                 return ret;
 691         if (ret < sizeof(*ch)) {
 692                 pr_err("bad size %d for ceph_x_authorize_challenge\n", ret);
 693                 return -EINVAL;
 694         }
 695
 696         *server_challenge = le64_to_cpu(ch->server_challenge);
 697         return 0;
 698 }
 699
 700 static int ceph_x_add_authorizer_challenge(struct ceph_auth_client *ac,
 701                                            struct ceph_authorizer *a,
 702                                            void *challenge_buf,
 703                                            int challenge_buf_len)
 704 {
 705         struct ceph_x_authorizer *au = (void *)a;
 706         u64 server_challenge;
 707         int ret;
 708
 709         ret = decrypt_authorize_challenge(au, challenge_buf, challenge_buf_len,
 710                                           &server_challenge);
 711         if (ret) {
 712                 pr_err("failed to decrypt authorize challenge: %d", ret);
 713                 return ret;
 714         }
 715
 716         ret = encrypt_authorizer(au, &server_challenge);
 717         if (ret) {
 718                 pr_err("failed to encrypt authorizer w/ challenge: %d", ret);
 719                 return ret;
 720         }
 721
 722         return 0;
 723 }
 724
 725 static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac,
 726                                           struct ceph_authorizer *a)
 727 {
 728         struct ceph_x_authorizer *au = (void *)a;
 729         void *p = au->enc_buf;
 730         struct ceph_x_authorize_reply *reply = p + ceph_x_encrypt_offset();
 731         int ret;
 732
 733         ret = ceph_x_decrypt(&au->session_key, &p, p + CEPHX_AU_ENC_BUF_LEN);
 734         if (ret < 0)
 735                 return ret;
 736         if (ret < sizeof(*reply)) {
 737                 pr_err("bad size %d for ceph_x_authorize_reply\n", ret);
 738                 return -EINVAL;
 739         }
 740
 741         if (au->nonce + 1 != le64_to_cpu(reply->nonce_plus_one))
 742                 ret = -EPERM;
 743         else
 744                 ret = 0;
 745         dout("verify_authorizer_reply nonce %llx got %llx ret %d\n",
 746              au->nonce, le64_to_cpu(reply->nonce_plus_one), ret);
 747         return ret;
 748 }
 749
 750 static void ceph_x_reset(struct ceph_auth_client *ac)
 751 {
 752         struct ceph_x_info *xi = ac->private;
 753
 754         dout("reset\n");
 755         xi->starting = true;
 756         xi->server_challenge = 0;
 757 }
 758
 759 static void ceph_x_destroy(struct ceph_auth_client *ac)
 760 {
 761         struct ceph_x_info *xi = ac->private;
 762         struct rb_node *p;
 763
 764         dout("ceph_x_destroy %p\n", ac);
 765         ceph_crypto_key_destroy(&xi->secret);
 766
 767         while ((p = rb_first(&xi->ticket_handlers)) != NULL) {
 768                 struct ceph_x_ticket_handler *th =
 769                         rb_entry(p, struct ceph_x_ticket_handler, node);
 770                 remove_ticket_handler(ac, th);
 771         }
 772
 773         ceph_x_authorizer_cleanup(&xi->auth_authorizer);
 774
 775         kfree(ac->private);
 776         ac->private = NULL;
 777 }
 778
 779 static void invalidate_ticket(struct ceph_auth_client *ac, int peer_type)
 780 {
 781         struct ceph_x_ticket_handler *th;
 782
 783         th = get_ticket_handler(ac, peer_type);
 784         if (!IS_ERR(th))
 785                 th->have_key = false;
 786 }
 787
 788 static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac,
 789                                          int peer_type)
 790 {
 791         /*
 792          * We are to invalidate a service ticket in the hopes of
 793          * getting a new, hopefully more valid, one.  But, we won't get
 794          * it unless our AUTH ticket is good, so invalidate AUTH ticket
 795          * as well, just in case.
 796          */
 797         invalidate_ticket(ac, peer_type);
 798         invalidate_ticket(ac, CEPH_ENTITY_TYPE_AUTH);
 799 }
 800
 801 static int calc_signature(struct ceph_x_authorizer *au, struct ceph_msg *msg,
 802                           __le64 *psig)
 803 {
 804         void *enc_buf = au->enc_buf;
 805         int ret;
 806
 807         if (!(msg->con->peer_features & CEPH_FEATURE_CEPHX_V2)) {
 808                 struct {
 809                         __le32 len;
 810                         __le32 header_crc;
 811                         __le32 front_crc;
 812                         __le32 middle_crc;
 813                         __le32 data_crc;
 814                 } __packed *sigblock = enc_buf + ceph_x_encrypt_offset();
 815
 816                 sigblock->len = cpu_to_le32(4*sizeof(u32));
 817                 sigblock->header_crc = msg->hdr.crc;
 818                 sigblock->front_crc = msg->footer.front_crc;
 819                 sigblock->middle_crc = msg->footer.middle_crc;
 820                 sigblock->data_crc =  msg->footer.data_crc;
 821
 822                 ret = ceph_x_encrypt(&au->session_key, enc_buf,
 823                                      CEPHX_AU_ENC_BUF_LEN, sizeof(*sigblock));
 824                 if (ret < 0)
 825                         return ret;
 826
 827                 *psig = *(__le64 *)(enc_buf + sizeof(u32));
 828         } else {
 829                 struct {
 830                         __le32 header_crc;
 831                         __le32 front_crc;
 832                         __le32 front_len;
 833                         __le32 middle_crc;
 834                         __le32 middle_len;
 835                         __le32 data_crc;
 836                         __le32 data_len;
 837                         __le32 seq_lower_word;
 838                 } __packed *sigblock = enc_buf;
 839                 struct {
 840                         __le64 a, b, c, d;
 841                 } __packed *penc = enc_buf;
 842                 int ciphertext_len;
 843
 844                 sigblock->header_crc = msg->hdr.crc;
 845                 sigblock->front_crc = msg->footer.front_crc;
 846                 sigblock->front_len = msg->hdr.front_len;
 847                 sigblock->middle_crc = msg->footer.middle_crc;
 848                 sigblock->middle_len = msg->hdr.middle_len;
 849                 sigblock->data_crc =  msg->footer.data_crc;
 850                 sigblock->data_len = msg->hdr.data_len;
 851                 sigblock->seq_lower_word = *(__le32 *)&msg->hdr.seq;
 852
 853                 /* no leading len, no ceph_x_encrypt_header */
 854                 ret = ceph_crypt(&au->session_key, true, enc_buf,
 855                                  CEPHX_AU_ENC_BUF_LEN, sizeof(*sigblock),
 856                                  &ciphertext_len);
 857                 if (ret)
 858                         return ret;
 859
 860                 *psig = penc->a ^ penc->b ^ penc->c ^ penc->d;
 861         }
 862
 863         return 0;
 864 }
 865
 866 static int ceph_x_sign_message(struct ceph_auth_handshake *auth,
 867                                struct ceph_msg *msg)
 868 {
 869         __le64 sig;
 870         int ret;
 871
 872         if (ceph_test_opt(from_msgr(msg->con->msgr), NOMSGSIGN))
 873                 return 0;
 874
 875         ret = calc_signature((struct ceph_x_authorizer *)auth->authorizer,
 876                              msg, &sig);
 877         if (ret)
 878                 return ret;
 879
 880         msg->footer.sig = sig;
 881         msg->footer.flags |= CEPH_MSG_FOOTER_SIGNED;
 882         return 0;
 883 }
 884
 885 static int ceph_x_check_message_signature(struct ceph_auth_handshake *auth,
 886                                           struct ceph_msg *msg)
 887 {
 888         __le64 sig_check;
 889         int ret;
 890
 891         if (ceph_test_opt(from_msgr(msg->con->msgr), NOMSGSIGN))
 892                 return 0;
 893
 894         ret = calc_signature((struct ceph_x_authorizer *)auth->authorizer,
 895                              msg, &sig_check);
 896         if (ret)
 897                 return ret;
 898         if (sig_check == msg->footer.sig)
 899                 return 0;
 900         if (msg->footer.flags & CEPH_MSG_FOOTER_SIGNED)
 901                 dout("ceph_x_check_message_signature %p has signature %llx "
 902                      "expect %llx\n", msg, msg->footer.sig, sig_check);
 903         else
 904                 dout("ceph_x_check_message_signature %p sender did not set "
 905                      "CEPH_MSG_FOOTER_SIGNED\n", msg);
 906         return -EBADMSG;
 907 }
 908
 909 static const struct ceph_auth_client_ops ceph_x_ops = {
 910         .name = "x",
 911         .is_authenticated = ceph_x_is_authenticated,
 912         .should_authenticate = ceph_x_should_authenticate,
 913         .build_request = ceph_x_build_request,
 914         .handle_reply = ceph_x_handle_reply,
 915         .create_authorizer = ceph_x_create_authorizer,
 916         .update_authorizer = ceph_x_update_authorizer,
 917         .add_authorizer_challenge = ceph_x_add_authorizer_challenge,
 918         .verify_authorizer_reply = ceph_x_verify_authorizer_reply,
 919         .invalidate_authorizer = ceph_x_invalidate_authorizer,
 920         .reset =  ceph_x_reset,
 921         .destroy = ceph_x_destroy,
 922         .sign_message = ceph_x_sign_message,
 923         .check_message_signature = ceph_x_check_message_signature,
 924 };
 925
 926
 927 int ceph_x_init(struct ceph_auth_client *ac)
 928 {
 929         struct ceph_x_info *xi;
 930         int ret;
 931
 932         dout("ceph_x_init %p\n", ac);
 933         ret = -ENOMEM;
 934         xi = kzalloc(sizeof(*xi), GFP_NOFS);
 935         if (!xi)
 936                 goto out;
 937
 938         ret = -EINVAL;
 939         if (!ac->key) {
 940                 pr_err("no secret set (for auth_x protocol)\n");
 941                 goto out_nomem;
 942         }
 943
 944         ret = ceph_crypto_key_clone(&xi->secret, ac->key);
 945         if (ret < 0) {
 946                 pr_err("cannot clone key: %d\n", ret);
 947                 goto out_nomem;
 948         }
 949
 950         xi->starting = true;
 951         xi->ticket_handlers = RB_ROOT;
 952
 953         ac->protocol = CEPH_AUTH_CEPHX;
 954         ac->private = xi;
 955         ac->ops = &ceph_x_ops;
 956         return 0;
 957
 958 out_nomem:
 959         kfree(xi);
 960 out:
 961         return ret;
 962 }
 963
 964