/** @file The header file of CHAP configuration. Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent **/ #ifndef _ISCSI_CHAP_H_ #define _ISCSI_CHAP_H_ #define ISCSI_AUTH_METHOD_CHAP "CHAP" #define ISCSI_KEY_CHAP_ALGORITHM "CHAP_A" #define ISCSI_KEY_CHAP_IDENTIFIER "CHAP_I" #define ISCSI_KEY_CHAP_CHALLENGE "CHAP_C" #define ISCSI_KEY_CHAP_NAME "CHAP_N" #define ISCSI_KEY_CHAP_RESPONSE "CHAP_R" // // Identifiers of supported CHAP hash algorithms: // https://www.iana.org/assignments/ppp-numbers/ppp-numbers.xhtml#ppp-numbers-9 // #define ISCSI_CHAP_ALGORITHM_MD5 5 #define ISCSI_CHAP_ALGORITHM_SHA256 7 // // Byte count of the largest digest over the above-listed // ISCSI_CHAP_ALGORITHM_* hash algorithms. // #define ISCSI_CHAP_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE #define ISCSI_CHAP_STEP_ONE 1 #define ISCSI_CHAP_STEP_TWO 2 #define ISCSI_CHAP_STEP_THREE 3 #define ISCSI_CHAP_STEP_FOUR 4 #pragma pack(1) typedef struct _ISCSI_CHAP_AUTH_CONFIG_NVDATA { UINT8 CHAPType; CHAR8 CHAPName[ISCSI_CHAP_NAME_STORAGE]; CHAR8 CHAPSecret[ISCSI_CHAP_SECRET_STORAGE]; CHAR8 ReverseCHAPName[ISCSI_CHAP_NAME_STORAGE]; CHAR8 ReverseCHAPSecret[ISCSI_CHAP_SECRET_STORAGE]; } ISCSI_CHAP_AUTH_CONFIG_NVDATA; #pragma pack() // // Typedefs for collecting sets of hash APIs from BaseCryptLib. // typedef UINTN (EFIAPI *CHAP_HASH_GET_CONTEXT_SIZE) ( VOID ); typedef BOOLEAN (EFIAPI *CHAP_HASH_INIT) ( OUT VOID *Context ); typedef BOOLEAN (EFIAPI *CHAP_HASH_UPDATE) ( IN OUT VOID *Context, IN CONST VOID *Data, IN UINTN DataSize ); typedef BOOLEAN (EFIAPI *CHAP_HASH_FINAL) ( IN OUT VOID *Context, OUT UINT8 *HashValue ); typedef struct { UINT8 Algorithm; // ISCSI_CHAP_ALGORITHM_*, CHAP_A UINT32 DigestSize; CHAP_HASH_GET_CONTEXT_SIZE GetContextSize; CHAP_HASH_INIT Init; CHAP_HASH_UPDATE Update; CHAP_HASH_FINAL Final; } CHAP_HASH; /// /// ISCSI CHAP Authentication Data /// typedef struct _ISCSI_CHAP_AUTH_DATA { ISCSI_CHAP_AUTH_CONFIG_NVDATA *AuthConfig; UINT32 InIdentifier; UINT8 InChallenge[1024]; UINT32 InChallengeLength; // // The hash algorithm (CHAP_A) that the target selects in // ISCSI_CHAP_STEP_TWO. // CONST CHAP_HASH *Hash; // // Calculated CHAP Response (CHAP_R) value. // UINT8 CHAPResponse[ISCSI_CHAP_MAX_DIGEST_SIZE]; // // Auth-data to be sent out for mutual authentication. // // While the challenge size is technically independent of the hashing // algorithm, it is good practice to avoid hashing *fewer bytes* than the // digest size. In other words, it's good practice to feed *at least as many // bytes* to the hashing algorithm as the hashing algorithm will output. // UINT32 OutIdentifier; UINT8 OutChallenge[ISCSI_CHAP_MAX_DIGEST_SIZE]; } ISCSI_CHAP_AUTH_DATA; /** This function checks the received iSCSI Login Response during the security negotiation stage. @param[in] Conn The iSCSI connection. @retval EFI_SUCCESS The Login Response passed the CHAP validation. @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred. @retval Others Other errors as indicated. **/ EFI_STATUS IScsiCHAPOnRspReceived ( IN ISCSI_CONNECTION *Conn ); /** This function fills the CHAP authentication information into the login PDU during the security negotiation stage in the iSCSI connection login. @param[in] Conn The iSCSI connection. @param[in, out] Pdu The PDU to send out. @retval EFI_SUCCESS All check passed and the phase-related CHAP authentication info is filled into the iSCSI PDU. @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred. **/ EFI_STATUS IScsiCHAPToSendReq ( IN ISCSI_CONNECTION *Conn, IN OUT NET_BUF *Pdu ); /** Initialize the CHAP_A= *value* string for the entire driver, to be sent by the initiator in ISCSI_CHAP_STEP_ONE. This function sanity-checks the internal table of supported CHAP hashing algorithms, as well. **/ VOID IScsiCHAPInitHashList ( VOID ); #endif