2 The header file of CHAP configuration.
4 Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
10 #define _ISCSI_CHAP_H_
12 #define ISCSI_AUTH_METHOD_CHAP "CHAP"
14 #define ISCSI_KEY_CHAP_ALGORITHM "CHAP_A"
15 #define ISCSI_KEY_CHAP_IDENTIFIER "CHAP_I"
16 #define ISCSI_KEY_CHAP_CHALLENGE "CHAP_C"
17 #define ISCSI_KEY_CHAP_NAME "CHAP_N"
18 #define ISCSI_KEY_CHAP_RESPONSE "CHAP_R"
21 // Identifiers of supported CHAP hash algorithms:
22 // https://www.iana.org/assignments/ppp-numbers/ppp-numbers.xhtml#ppp-numbers-9
24 #define ISCSI_CHAP_ALGORITHM_MD5 5
25 #define ISCSI_CHAP_ALGORITHM_SHA256 7
28 // Byte count of the largest digest over the above-listed
29 // ISCSI_CHAP_ALGORITHM_* hash algorithms.
31 #define ISCSI_CHAP_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
33 #define ISCSI_CHAP_STEP_ONE 1
34 #define ISCSI_CHAP_STEP_TWO 2
35 #define ISCSI_CHAP_STEP_THREE 3
36 #define ISCSI_CHAP_STEP_FOUR 4
41 typedef struct _ISCSI_CHAP_AUTH_CONFIG_NVDATA
{
43 CHAR8 CHAPName
[ISCSI_CHAP_NAME_STORAGE
];
44 CHAR8 CHAPSecret
[ISCSI_CHAP_SECRET_STORAGE
];
45 CHAR8 ReverseCHAPName
[ISCSI_CHAP_NAME_STORAGE
];
46 CHAR8 ReverseCHAPSecret
[ISCSI_CHAP_SECRET_STORAGE
];
47 } ISCSI_CHAP_AUTH_CONFIG_NVDATA
;
52 // Typedefs for collecting sets of hash APIs from BaseCryptLib.
56 (EFIAPI
*CHAP_HASH_GET_CONTEXT_SIZE
) (
62 (EFIAPI
*CHAP_HASH_INIT
) (
68 (EFIAPI
*CHAP_HASH_UPDATE
) (
76 (EFIAPI
*CHAP_HASH_FINAL
) (
82 UINT8 Algorithm
; // ISCSI_CHAP_ALGORITHM_*, CHAP_A
84 CHAP_HASH_GET_CONTEXT_SIZE GetContextSize
;
86 CHAP_HASH_UPDATE Update
;
87 CHAP_HASH_FINAL Final
;
91 /// ISCSI CHAP Authentication Data
93 typedef struct _ISCSI_CHAP_AUTH_DATA
{
94 ISCSI_CHAP_AUTH_CONFIG_NVDATA
*AuthConfig
;
96 UINT8 InChallenge
[1024];
97 UINT32 InChallengeLength
;
99 // The hash algorithm (CHAP_A) that the target selects in
100 // ISCSI_CHAP_STEP_TWO.
102 CONST CHAP_HASH
*Hash
;
104 // Calculated CHAP Response (CHAP_R) value.
106 UINT8 CHAPResponse
[ISCSI_CHAP_MAX_DIGEST_SIZE
];
109 // Auth-data to be sent out for mutual authentication.
111 // While the challenge size is technically independent of the hashing
112 // algorithm, it is good practice to avoid hashing *fewer bytes* than the
113 // digest size. In other words, it's good practice to feed *at least as many
114 // bytes* to the hashing algorithm as the hashing algorithm will output.
116 UINT32 OutIdentifier
;
117 UINT8 OutChallenge
[ISCSI_CHAP_MAX_DIGEST_SIZE
];
118 } ISCSI_CHAP_AUTH_DATA
;
121 This function checks the received iSCSI Login Response during the security
124 @param[in] Conn The iSCSI connection.
126 @retval EFI_SUCCESS The Login Response passed the CHAP validation.
127 @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
128 @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred.
129 @retval Others Other errors as indicated.
133 IScsiCHAPOnRspReceived (
134 IN ISCSI_CONNECTION
*Conn
137 This function fills the CHAP authentication information into the login PDU
138 during the security negotiation stage in the iSCSI connection login.
140 @param[in] Conn The iSCSI connection.
141 @param[in, out] Pdu The PDU to send out.
143 @retval EFI_SUCCESS All check passed and the phase-related CHAP
144 authentication info is filled into the iSCSI
146 @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
147 @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred.
152 IN ISCSI_CONNECTION
*Conn
,
157 Initialize the CHAP_A=<A1,A2...> *value* string for the entire driver, to be
158 sent by the initiator in ISCSI_CHAP_STEP_ONE.
160 This function sanity-checks the internal table of supported CHAP hashing
164 IScsiCHAPInitHashList (