From 1f969449a2db1d2f5b0b6ca5a82c3e36bfd24354 Mon Sep 17 00:00:00 2001 From: Radoslaw Zarzynski Date: Tue, 12 Mar 2019 15:17:43 +0100 Subject: [PATCH] auth, rgw, common: switch to PK11_ImportSymKey_FIPS wrapper. PK11_ImportSymKey() is a part of NSS API that becomes unavailable in the FIPS mode. Apparently NSS targets stricter restrictions than those coming from Level 1 of FIPS 140-2. In the consequence, loading a symmetric key from plain keyring or key db (which Ceph needs to do due to architectural reasons) fails. The same issue affected corosync and this patchset deals with it the same way like already followed by corosync [1]: a raw crypto key is in-memory wrapped with fresh, random wrapping key just before being imported via PK11_UnwrapSymKey(). Of course, this effectively lowers to FIPS level 1. Still, this would be no different from what OpenSSL (to which we are currently migrating in master) gives in the matter. The patch can be *roughly* verified in following steps: 1. mkdir ./nssdb 2. certutil -N -d ./nssdb --empty-password 3. modutil -dbdir ./nssdb -fips true 4. ../src/vstart.sh -l -n -b -o "nss_db_path=/work/ceph-3/build/nssdb" This fix is dedicated to Luminous. In master we're switching to OpenSSL. [1] 5dadebd21862074deaeb9a337fc9e49f5e9f692a in corosync's public repo. Fixes: http://tracker.ceph.com/issues/38843 Signed-off-by: Radoslaw Zarzynski --- src/auth/Crypto.cc | 5 +++-- src/common/ceph_crypto.h | 4 ++-- src/rgw/rgw_crypt.cc | 7 ++++--- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/auth/Crypto.cc b/src/auth/Crypto.cc index 150052bfef171..62636785803a1 100644 --- a/src/auth/Crypto.cc +++ b/src/auth/Crypto.cc @@ -291,8 +291,9 @@ public: keyItem.type = siBuffer; keyItem.data = (unsigned char*)secret.c_str(); keyItem.len = secret.length(); - key = PK11_ImportSymKey(slot, mechanism, PK11_OriginUnwrap, CKA_ENCRYPT, - &keyItem, NULL); + using ceph::crypto::PK11_ImportSymKey_FIPS; + key = PK11_ImportSymKey_FIPS(slot, mechanism, PK11_OriginUnwrap, CKA_ENCRYPT, + &keyItem, NULL); if (!key) { err << "cannot convert AES key for NSS: " << PR_GetError(); return -1; diff --git a/src/common/ceph_crypto.h b/src/common/ceph_crypto.h index c0900b7248ef6..c58f1d0b552a4 100644 --- a/src/common/ceph_crypto.h +++ b/src/common/ceph_crypto.h @@ -150,8 +150,8 @@ namespace ceph { keyItem.type = siBuffer; keyItem.data = (unsigned char*)key; keyItem.len = length; - symkey = PK11_ImportSymKey(slot, cktype, PK11_OriginUnwrap, - CKA_SIGN, &keyItem, NULL); + symkey = PK11_ImportSymKey_FIPS(slot, cktype, PK11_OriginUnwrap, + CKA_SIGN, &keyItem, NULL); assert(symkey); SECItem param; param.type = siBuffer; diff --git a/src/rgw/rgw_crypt.cc b/src/rgw/rgw_crypt.cc index d5893734ff71e..f857c5b0108d7 100644 --- a/src/rgw/rgw_crypt.cc +++ b/src/rgw/rgw_crypt.cc @@ -31,6 +31,7 @@ using namespace CryptoPP; #define dout_subsys ceph_subsys_rgw using namespace rgw; +using ceph::crypto::PK11_ImportSymKey_FIPS; /** * Encryption in CTR mode. offset is used as IV for each block. @@ -129,7 +130,7 @@ public: keyItem.data = key; keyItem.len = AES_256_KEYSIZE; - symkey = PK11_ImportSymKey(slot, CKM_AES_CTR, PK11_OriginUnwrap, CKA_UNWRAP, &keyItem, NULL); + symkey = PK11_ImportSymKey_FIPS(slot, CKM_AES_CTR, PK11_OriginUnwrap, CKA_UNWRAP, &keyItem, NULL); if (symkey) { static_assert(sizeof(ctr_params.cb) >= AES_256_IVSIZE, "Must fit counter"); ctr_params.ulCounterBits = 128; @@ -317,7 +318,7 @@ public: keyItem.type = siBuffer; keyItem.data = const_cast(&key[0]); keyItem.len = AES_256_KEYSIZE; - symkey = PK11_ImportSymKey(slot, CKM_AES_CBC, PK11_OriginUnwrap, CKA_UNWRAP, &keyItem, NULL); + symkey = PK11_ImportSymKey_FIPS(slot, CKM_AES_CBC, PK11_OriginUnwrap, CKA_UNWRAP, &keyItem, NULL); if (symkey) { memcpy(ctr_params.iv, iv, AES_256_IVSIZE); ivItem.type = siBuffer; @@ -577,7 +578,7 @@ bool AES_256_ECB_encrypt(CephContext* cct, param = PK11_ParamFromIV(CKM_AES_ECB, NULL); if (param) { - symkey = PK11_ImportSymKey(slot, CKM_AES_ECB, PK11_OriginUnwrap, CKA_UNWRAP, &keyItem, NULL); + symkey = PK11_ImportSymKey_FIPS(slot, CKM_AES_ECB, PK11_OriginUnwrap, CKA_UNWRAP, &keyItem, NULL); if (symkey) { ectx = PK11_CreateContextBySymKey(CKM_AES_ECB, CKA_ENCRYPT, symkey, param); if (ectx) { -- 2.39.5