auth, rgw, common: switch to PK11_ImportSymKey_FIPS wrapper.

PK11_ImportSymKey() is a part of NSS API that becomes unavailable
in the FIPS mode. Apparently NSS targets stricter restrictions
than those coming from Level 1 of FIPS 140-2. In the consequence,
loading a symmetric key from plain keyring or key db (which Ceph
needs to do due to architectural reasons) fails.

The same issue affected corosync and this patchset deals with it
the same way like already followed by corosync [1]:
a raw crypto key is in-memory wrapped with fresh, random wrapping
key just before being imported via PK11_UnwrapSymKey(). Of course,
this effectively lowers to FIPS level 1. Still, this would be no
different from what OpenSSL (to which we are currently migrating
in master) gives in the matter.

The patch can be *roughly* verified in following steps:
  1. mkdir ./nssdb
  2. certutil -N -d ./nssdb --empty-password
  3. modutil -dbdir ./nssdb -fips true
  4. ../src/vstart.sh -l -n -b -o "nss_db_path=/work/ceph-3/build/nssdb"

This fix is dedicated to Luminous. In master we're switching to OpenSSL.

[1] 5dadebd21862074deaeb9a337fc9e49f5e9f692a in corosync's public repo.

Fixes: http://tracker.ceph.com/issues/38843
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>

diff --git a/src/auth/Crypto.cc b/src/auth/Crypto.cc
index 150052bfef1710840ff2cee09d704c8333013836..62636785803a16f51e118318c475d195c89d3ab3 100644 (file)
--- a/src/auth/Crypto.cc
+++ b/src/auth/Crypto.cc
@@ -291,8 +291,9 @@ public:
     keyItem.type = siBuffer;
     keyItem.data = (unsigned char*)secret.c_str();
     keyItem.len = secret.length();
-    key = PK11_ImportSymKey(slot, mechanism, PK11_OriginUnwrap, CKA_ENCRYPT,
-                           &keyItem, NULL);
+    using ceph::crypto::PK11_ImportSymKey_FIPS;
+    key = PK11_ImportSymKey_FIPS(slot, mechanism, PK11_OriginUnwrap, CKA_ENCRYPT,
+                                &keyItem, NULL);
     if (!key) {
       err << "cannot convert AES key for NSS: " << PR_GetError();
       return -1;

diff --git a/src/common/ceph_crypto.h b/src/common/ceph_crypto.h
index c0900b7248ef620f1b08c5d7323e58a0803e3b99..c58f1d0b552a44a3ee4234c7d716354ae3a8d26f 100644 (file)
--- a/src/common/ceph_crypto.h
+++ b/src/common/ceph_crypto.h
@@ -150,8 +150,8 @@ namespace ceph {
        keyItem.type = siBuffer;
        keyItem.data = (unsigned char*)key;
        keyItem.len = length;
-       symkey = PK11_ImportSymKey(slot, cktype, PK11_OriginUnwrap,
-                                  CKA_SIGN,  &keyItem, NULL);
+       symkey = PK11_ImportSymKey_FIPS(slot, cktype, PK11_OriginUnwrap,
+                                       CKA_SIGN,  &keyItem, NULL);
        assert(symkey);
        SECItem param;
        param.type = siBuffer;

diff --git a/src/rgw/rgw_crypt.cc b/src/rgw/rgw_crypt.cc
index d5893734ff71ea1e3eae7df6787438b48b823557..f857c5b0108d70309243e671615a06c878714f10 100644 (file)
--- a/src/rgw/rgw_crypt.cc
+++ b/src/rgw/rgw_crypt.cc
@@ -31,6 +31,7 @@ using namespace CryptoPP;
 #define dout_subsys ceph_subsys_rgw
 
 using namespace rgw;
+using ceph::crypto::PK11_ImportSymKey_FIPS;
 
 /**
  * Encryption in CTR mode. offset is used as IV for each block.
@@ -129,7 +130,7 @@ public:
       keyItem.data = key;
       keyItem.len = AES_256_KEYSIZE;
 
-      symkey = PK11_ImportSymKey(slot, CKM_AES_CTR, PK11_OriginUnwrap, CKA_UNWRAP, &keyItem, NULL);
+      symkey = PK11_ImportSymKey_FIPS(slot, CKM_AES_CTR, PK11_OriginUnwrap, CKA_UNWRAP, &keyItem, NULL);
       if (symkey) {
         static_assert(sizeof(ctr_params.cb) >= AES_256_IVSIZE, "Must fit counter");
         ctr_params.ulCounterBits = 128;
@@ -317,7 +318,7 @@ public:
       keyItem.type = siBuffer;
       keyItem.data = const_cast<unsigned char*>(&key[0]);
       keyItem.len = AES_256_KEYSIZE;
-      symkey = PK11_ImportSymKey(slot, CKM_AES_CBC, PK11_OriginUnwrap, CKA_UNWRAP, &keyItem, NULL);
+      symkey = PK11_ImportSymKey_FIPS(slot, CKM_AES_CBC, PK11_OriginUnwrap, CKA_UNWRAP, &keyItem, NULL);
       if (symkey) {
         memcpy(ctr_params.iv, iv, AES_256_IVSIZE);
         ivItem.type = siBuffer;
@@ -577,7 +578,7 @@ bool AES_256_ECB_encrypt(CephContext* cct,
 
       param = PK11_ParamFromIV(CKM_AES_ECB, NULL);
       if (param) {
-        symkey = PK11_ImportSymKey(slot, CKM_AES_ECB, PK11_OriginUnwrap, CKA_UNWRAP, &keyItem, NULL);
+        symkey = PK11_ImportSymKey_FIPS(slot, CKM_AES_ECB, PK11_OriginUnwrap, CKA_UNWRAP, &keyItem, NULL);
         if (symkey) {
           ectx = PK11_CreateContextBySymKey(CKM_AES_ECB, CKA_ENCRYPT, symkey, param);
           if (ectx) {