mirror of https://github.com/acidanthera/audk.git
NetworkPkg/IScsiDxe: distinguish "maximum" and "selected" CHAP digest sizes
IScsiDxe uses the ISCSI_CHAP_RSP_LEN macro for expressing the size of the digest (16) that it solely supports at this point (MD5). ISCSI_CHAP_RSP_LEN is used for both (a) *allocating* digest-related buffers (binary buffers and hex encodings alike), and (b) *processing* binary digest buffers (comparing them, filling them, reading them). In preparation for adding other hash algorithms, split purpose (a) from purpose (b). For purpose (a) -- buffer allocation --, introduce ISCSI_CHAP_MAX_DIGEST_SIZE. For purpose (b) -- processing --, rely on MD5_DIGEST_SIZE from <BaseCryptLib.h>. Distinguishing these purposes is justified because purpose (b) -- processing -- must depend on the hashing algorithm negotiated between initiator and target, while for purpose (a) -- allocation --, using the maximum supported digest size is suitable. For now, because only MD5 is supported, introduce ISCSI_CHAP_MAX_DIGEST_SIZE *as* MD5_DIGEST_SIZE. Note that the argument for using the digest size as the size of the outgoing challenge (in case mutual authentication is desired by the initiator) remains in place. Because of this, the above two purposes are distinguished for the "ISCSI_CHAP_AUTH_DATA.OutChallenge" field as well. This patch is functionally a no-op, just yet. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3355 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Message-Id: <20210629163337.14120-4-lersek@redhat.com>
This commit is contained in:
Laszlo Ersek
mergify[bot]
parent
7eba9f698e
commit
7b6c2b2a26
|
|
@ -112,7 +112,7 @@ IScsiCHAPAuthTarget (
|
|||
{
|
||||
EFI_STATUS Status;
|
||||
UINT32 SecretSize;
|
||||
UINT8 VerifyRsp[ISCSI_CHAP_RSP_LEN];
|
||||
UINT8 VerifyRsp[ISCSI_CHAP_MAX_DIGEST_SIZE];
|
||||
|
||||
Status = EFI_SUCCESS;
|
||||
|
||||
|
|
@ -122,11 +122,11 @@ IScsiCHAPAuthTarget (
|
|||
AuthData->AuthConfig->ReverseCHAPSecret,
|
||||
SecretSize,
|
||||
AuthData->OutChallenge,
|
||||
ISCSI_CHAP_RSP_LEN, // ChallengeLength
|
||||
MD5_DIGEST_SIZE, // ChallengeLength
|
||||
VerifyRsp
|
||||
);
|
||||
|
||||
if (CompareMem (VerifyRsp, TargetResponse, ISCSI_CHAP_RSP_LEN) != 0) {
|
||||
if (CompareMem (VerifyRsp, TargetResponse, MD5_DIGEST_SIZE) != 0) {
|
||||
Status = EFI_SECURITY_VIOLATION;
|
||||
}
|
||||
|
||||
|
|
@ -163,7 +163,7 @@ IScsiCHAPOnRspReceived (
|
|||
CHAR8 *Challenge;
|
||||
CHAR8 *Name;
|
||||
CHAR8 *Response;
|
||||
UINT8 TargetRsp[ISCSI_CHAP_RSP_LEN];
|
||||
UINT8 TargetRsp[ISCSI_CHAP_MAX_DIGEST_SIZE];
|
||||
UINT32 RspLen;
|
||||
UINTN Result;
|
||||
|
||||
|
|
@ -340,9 +340,9 @@ IScsiCHAPOnRspReceived (
|
|||
goto ON_EXIT;
|
||||
}
|
||||
|
||||
RspLen = ISCSI_CHAP_RSP_LEN;
|
||||
RspLen = MD5_DIGEST_SIZE;
|
||||
Status = IScsiHexToBin (TargetRsp, &RspLen, Response);
|
||||
if (EFI_ERROR (Status) || RspLen != ISCSI_CHAP_RSP_LEN) {
|
||||
if (EFI_ERROR (Status) || RspLen != MD5_DIGEST_SIZE) {
|
||||
Status = EFI_PROTOCOL_ERROR;
|
||||
goto ON_EXIT;
|
||||
}
|
||||
|
|
@ -411,13 +411,13 @@ IScsiCHAPToSendReq (
|
|||
}
|
||||
Status = EFI_SUCCESS;
|
||||
|
||||
RspLen = 2 * ISCSI_CHAP_RSP_LEN + 3;
|
||||
RspLen = 2 * ISCSI_CHAP_MAX_DIGEST_SIZE + 3;
|
||||
Response = AllocateZeroPool (RspLen);
|
||||
if (Response == NULL) {
|
||||
return EFI_OUT_OF_RESOURCES;
|
||||
}
|
||||
|
||||
ChallengeLen = 2 * ISCSI_CHAP_RSP_LEN + 3;
|
||||
ChallengeLen = 2 * ISCSI_CHAP_MAX_DIGEST_SIZE + 3;
|
||||
Challenge = AllocateZeroPool (ChallengeLen);
|
||||
if (Challenge == NULL) {
|
||||
FreePool (Response);
|
||||
|
|
@ -482,7 +482,7 @@ IScsiCHAPToSendReq (
|
|||
//
|
||||
BinToHexStatus = IScsiBinToHex (
|
||||
(UINT8 *) AuthData->CHAPResponse,
|
||||
ISCSI_CHAP_RSP_LEN,
|
||||
MD5_DIGEST_SIZE,
|
||||
Response,
|
||||
&RspLen
|
||||
);
|
||||
|
|
@ -499,10 +499,10 @@ IScsiCHAPToSendReq (
|
|||
//
|
||||
// CHAP_C=<C>
|
||||
//
|
||||
IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN);
|
||||
IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, MD5_DIGEST_SIZE);
|
||||
BinToHexStatus = IScsiBinToHex (
|
||||
(UINT8 *) AuthData->OutChallenge,
|
||||
ISCSI_CHAP_RSP_LEN,
|
||||
MD5_DIGEST_SIZE,
|
||||
Challenge,
|
||||
&ChallengeLen
|
||||
);
|
||||
|
|
|
|||
|
|
@ -17,12 +17,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
|||
#define ISCSI_KEY_CHAP_NAME "CHAP_N"
|
||||
#define ISCSI_KEY_CHAP_RESPONSE "CHAP_R"
|
||||
|
||||
//
|
||||
// Identifiers of supported CHAP hash algorithms:
|
||||
// https://www.iana.org/assignments/ppp-numbers/ppp-numbers.xhtml#ppp-numbers-9
|
||||
//
|
||||
#define ISCSI_CHAP_ALGORITHM_MD5 5
|
||||
|
||||
///
|
||||
/// MD5_HASHSIZE
|
||||
///
|
||||
#define ISCSI_CHAP_RSP_LEN 16
|
||||
//
|
||||
// Byte count of the largest digest over the above-listed
|
||||
// ISCSI_CHAP_ALGORITHM_* hash algorithms.
|
||||
//
|
||||
#define ISCSI_CHAP_MAX_DIGEST_SIZE MD5_DIGEST_SIZE
|
||||
|
||||
#define ISCSI_CHAP_STEP_ONE 1
|
||||
#define ISCSI_CHAP_STEP_TWO 2
|
||||
|
|
@ -53,7 +58,7 @@ typedef struct _ISCSI_CHAP_AUTH_DATA {
|
|||
//
|
||||
// Calculated CHAP Response (CHAP_R) value.
|
||||
//
|
||||
UINT8 CHAPResponse[ISCSI_CHAP_RSP_LEN];
|
||||
UINT8 CHAPResponse[ISCSI_CHAP_MAX_DIGEST_SIZE];
|
||||
|
||||
//
|
||||
// Auth-data to be sent out for mutual authentication.
|
||||
|
|
@ -64,7 +69,7 @@ typedef struct _ISCSI_CHAP_AUTH_DATA {
|
|||
// bytes* to the hashing algorithm as the hashing algorithm will output.
|
||||
//
|
||||
UINT32 OutIdentifier;
|
||||
UINT8 OutChallenge[ISCSI_CHAP_RSP_LEN];
|
||||
UINT8 OutChallenge[ISCSI_CHAP_MAX_DIGEST_SIZE];
|
||||
} ISCSI_CHAP_AUTH_DATA;
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in New Issue