[mirror_edk2.git] / NetworkPkg / IScsiDxe / IScsiCHAP.h

/** @file\r
  The header file of CHAP configuration.\r
\r
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#ifndef _ISCSI_CHAP_H_\r
#define _ISCSI_CHAP_H_\r
\r
#define ISCSI_AUTH_METHOD_CHAP  "CHAP"\r
\r
#define ISCSI_KEY_CHAP_ALGORITHM   "CHAP_A"\r
#define ISCSI_KEY_CHAP_IDENTIFIER  "CHAP_I"\r
#define ISCSI_KEY_CHAP_CHALLENGE   "CHAP_C"\r
#define ISCSI_KEY_CHAP_NAME        "CHAP_N"\r
#define ISCSI_KEY_CHAP_RESPONSE    "CHAP_R"\r
\r
//\r
// Identifiers of supported CHAP hash algorithms:\r
// https://www.iana.org/assignments/ppp-numbers/ppp-numbers.xhtml#ppp-numbers-9\r
//\r
#define ISCSI_CHAP_ALGORITHM_MD5     5\r
#define ISCSI_CHAP_ALGORITHM_SHA256  7\r
\r
//\r
// Byte count of the largest digest over the above-listed\r
// ISCSI_CHAP_ALGORITHM_* hash algorithms.\r
//\r
#define ISCSI_CHAP_MAX_DIGEST_SIZE  SHA256_DIGEST_SIZE\r
\r
#define ISCSI_CHAP_STEP_ONE    1\r
#define ISCSI_CHAP_STEP_TWO    2\r
#define ISCSI_CHAP_STEP_THREE  3\r
#define ISCSI_CHAP_STEP_FOUR   4\r
\r
#pragma pack(1)\r
\r
typedef struct _ISCSI_CHAP_AUTH_CONFIG_NVDATA {\r
  UINT8    CHAPType;\r
  CHAR8    CHAPName[ISCSI_CHAP_NAME_STORAGE];\r
  CHAR8    CHAPSecret[ISCSI_CHAP_SECRET_STORAGE];\r
  CHAR8    ReverseCHAPName[ISCSI_CHAP_NAME_STORAGE];\r
  CHAR8    ReverseCHAPSecret[ISCSI_CHAP_SECRET_STORAGE];\r
} ISCSI_CHAP_AUTH_CONFIG_NVDATA;\r
\r
#pragma pack()\r
\r
//\r
// Typedefs for collecting sets of hash APIs from BaseCryptLib.\r
//\r
typedef\r
UINTN\r
(EFIAPI *CHAP_HASH_GET_CONTEXT_SIZE)(\r
  VOID\r
  );\r
\r
typedef\r
BOOLEAN\r
(EFIAPI *CHAP_HASH_INIT)(\r
  OUT VOID *Context\r
  );\r
\r
typedef\r
BOOLEAN\r
(EFIAPI *CHAP_HASH_UPDATE)(\r
  IN OUT VOID       *Context,\r
  IN     CONST VOID *Data,\r
  IN     UINTN      DataSize\r
  );\r
\r
typedef\r
BOOLEAN\r
(EFIAPI *CHAP_HASH_FINAL)(\r
  IN OUT VOID  *Context,\r
  OUT    UINT8 *HashValue\r
  );\r
\r
typedef struct {\r
  UINT8                         Algorithm;   // ISCSI_CHAP_ALGORITHM_*, CHAP_A\r
  UINT32                        DigestSize;\r
  CHAP_HASH_GET_CONTEXT_SIZE    GetContextSize;\r
  CHAP_HASH_INIT                Init;\r
  CHAP_HASH_UPDATE              Update;\r
  CHAP_HASH_FINAL               Final;\r
} CHAP_HASH;\r
\r
///\r
/// ISCSI CHAP Authentication Data\r
///\r
typedef struct _ISCSI_CHAP_AUTH_DATA {\r
  ISCSI_CHAP_AUTH_CONFIG_NVDATA    *AuthConfig;\r
  UINT32                           InIdentifier;\r
  UINT8                            InChallenge[1024];\r
  UINT32                           InChallengeLength;\r
  //\r
  // The hash algorithm (CHAP_A) that the target selects in\r
  // ISCSI_CHAP_STEP_TWO.\r
  //\r
  CONST CHAP_HASH                  *Hash;\r
  //\r
  // Calculated CHAP Response (CHAP_R) value.\r
  //\r
  UINT8                            CHAPResponse[ISCSI_CHAP_MAX_DIGEST_SIZE];\r
\r
  //\r
  // Auth-data to be sent out for mutual authentication.\r
  //\r
  // While the challenge size is technically independent of the hashing\r
  // algorithm, it is good practice to avoid hashing *fewer bytes* than the\r
  // digest size. In other words, it's good practice to feed *at least as many\r
  // bytes* to the hashing algorithm as the hashing algorithm will output.\r
  //\r
  UINT32    OutIdentifier;\r
  UINT8     OutChallenge[ISCSI_CHAP_MAX_DIGEST_SIZE];\r
} ISCSI_CHAP_AUTH_DATA;\r
\r
/**\r
  This function checks the received iSCSI Login Response during the security\r
  negotiation stage.\r
\r
  @param[in] Conn             The iSCSI connection.\r
\r
  @retval EFI_SUCCESS          The Login Response passed the CHAP validation.\r
  @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.\r
  @retval EFI_PROTOCOL_ERROR   Some kind of protocol error occurred.\r
  @retval Others               Other errors as indicated.\r
\r
**/\r
EFI_STATUS\r
IScsiCHAPOnRspReceived (\r
  IN ISCSI_CONNECTION  *Conn\r
  );\r
\r
/**\r
  This function fills the CHAP authentication information into the login PDU\r
  during the security negotiation stage in the iSCSI connection login.\r
\r
  @param[in]       Conn        The iSCSI connection.\r
  @param[in, out]  Pdu         The PDU to send out.\r
\r
  @retval EFI_SUCCESS           All check passed and the phase-related CHAP\r
                                authentication info is filled into the iSCSI\r
                                PDU.\r
  @retval EFI_OUT_OF_RESOURCES  Failed to allocate memory.\r
  @retval EFI_PROTOCOL_ERROR    Some kind of protocol error occurred.\r
\r
**/\r
EFI_STATUS\r
IScsiCHAPToSendReq (\r
  IN      ISCSI_CONNECTION  *Conn,\r
  IN OUT  NET_BUF           *Pdu\r
  );\r
\r
/**\r
  Initialize the CHAP_A=<A1,A2...> *value* string for the entire driver, to be\r
  sent by the initiator in ISCSI_CHAP_STEP_ONE.\r
\r
  This function sanity-checks the internal table of supported CHAP hashing\r
  algorithms, as well.\r
**/\r
VOID\r
IScsiCHAPInitHashList (\r
  VOID\r
  );\r
\r
#endif\r
Commit	Line	Data
4c5a5e0c	1	/** @file\r
	2	The header file of CHAP configuration.\r
	3	\r
f75a7f56	4	Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>\r
ecf98fbc	5	SPDX-License-Identifier: BSD-2-Clause-Patent\r
4c5a5e0c	6	\r
	7	**/\r
	8	\r
	9	#ifndef _ISCSI_CHAP_H_\r
	10	#define _ISCSI_CHAP_H_\r
	11	\r
d1050b9d	12	#define ISCSI_AUTH_METHOD_CHAP "CHAP"\r
4c5a5e0c	13	\r
d1050b9d MK	14	#define ISCSI_KEY_CHAP_ALGORITHM "CHAP_A"\r
	15	#define ISCSI_KEY_CHAP_IDENTIFIER "CHAP_I"\r
	16	#define ISCSI_KEY_CHAP_CHALLENGE "CHAP_C"\r
	17	#define ISCSI_KEY_CHAP_NAME "CHAP_N"\r
	18	#define ISCSI_KEY_CHAP_RESPONSE "CHAP_R"\r
4c5a5e0c	19	\r
7b6c2b2a LE	20	//\r
	21	// Identifiers of supported CHAP hash algorithms:\r
	22	// https://www.iana.org/assignments/ppp-numbers/ppp-numbers.xhtml#ppp-numbers-9\r
	23	//\r
d1050b9d MK	24	#define ISCSI_CHAP_ALGORITHM_MD5 5\r
d1050b9d MK	25	#define ISCSI_CHAP_ALGORITHM_SHA256 7\r
4c5a5e0c	26	\r
7b6c2b2a LE	27	//\r
	28	// Byte count of the largest digest over the above-listed\r
	29	// ISCSI_CHAP_ALGORITHM_* hash algorithms.\r
	30	//\r
d1050b9d	31	#define ISCSI_CHAP_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE\r
4c5a5e0c	32	\r
d1050b9d MK	33	#define ISCSI_CHAP_STEP_ONE 1\r
	34	#define ISCSI_CHAP_STEP_TWO 2\r
	35	#define ISCSI_CHAP_STEP_THREE 3\r
	36	#define ISCSI_CHAP_STEP_FOUR 4\r
4c5a5e0c	37	\r
	38	#pragma pack(1)\r
	39	\r
	40	typedef struct _ISCSI_CHAP_AUTH_CONFIG_NVDATA {\r
d1050b9d MK	41	UINT8 CHAPType;\r
	42	CHAR8 CHAPName[ISCSI_CHAP_NAME_STORAGE];\r
	43	CHAR8 CHAPSecret[ISCSI_CHAP_SECRET_STORAGE];\r
	44	CHAR8 ReverseCHAPName[ISCSI_CHAP_NAME_STORAGE];\r
	45	CHAR8 ReverseCHAPSecret[ISCSI_CHAP_SECRET_STORAGE];\r
4c5a5e0c	46	} ISCSI_CHAP_AUTH_CONFIG_NVDATA;\r
	47	\r
	48	#pragma pack()\r
	49	\r
903ce1d8 LE	50	//\r
	51	// Typedefs for collecting sets of hash APIs from BaseCryptLib.\r
	52	//\r
	53	typedef\r
	54	UINTN\r
d1050b9d	55	(EFIAPI *CHAP_HASH_GET_CONTEXT_SIZE)(\r
903ce1d8 LE	56	VOID\r
	57	);\r
	58	\r
	59	typedef\r
	60	BOOLEAN\r
d1050b9d	61	(EFIAPI *CHAP_HASH_INIT)(\r
903ce1d8 LE	62	OUT VOID *Context\r
	63	);\r
	64	\r
	65	typedef\r
	66	BOOLEAN\r
d1050b9d	67	(EFIAPI *CHAP_HASH_UPDATE)(\r
903ce1d8 LE	68	IN OUT VOID *Context,\r
	69	IN CONST VOID *Data,\r
	70	IN UINTN DataSize\r
	71	);\r
	72	\r
	73	typedef\r
	74	BOOLEAN\r
d1050b9d	75	(EFIAPI *CHAP_HASH_FINAL)(\r
903ce1d8 LE	76	IN OUT VOID *Context,\r
	77	OUT UINT8 *HashValue\r
	78	);\r
	79	\r
	80	typedef struct {\r
d1050b9d MK	81	UINT8 Algorithm; // ISCSI_CHAP_ALGORITHM_*, CHAP_A\r
	82	UINT32 DigestSize;\r
	83	CHAP_HASH_GET_CONTEXT_SIZE GetContextSize;\r
	84	CHAP_HASH_INIT Init;\r
	85	CHAP_HASH_UPDATE Update;\r
	86	CHAP_HASH_FINAL Final;\r
903ce1d8 LE	87	} CHAP_HASH;\r
903ce1d8 LE	88	\r
4c5a5e0c	89	///\r
	90	/// ISCSI CHAP Authentication Data\r
	91	///\r
	92	typedef struct _ISCSI_CHAP_AUTH_DATA {\r
d1050b9d MK	93	ISCSI_CHAP_AUTH_CONFIG_NVDATA *AuthConfig;\r
	94	UINT32 InIdentifier;\r
	95	UINT8 InChallenge[1024];\r
	96	UINT32 InChallengeLength;\r
4c5a5e0c	97	//\r
903ce1d8 LE	98	// The hash algorithm (CHAP_A) that the target selects in\r
	99	// ISCSI_CHAP_STEP_TWO.\r
	100	//\r
d1050b9d	101	CONST CHAP_HASH *Hash;\r
903ce1d8	102	//\r
4c5a5e0c	103	// Calculated CHAP Response (CHAP_R) value.\r
4c5a5e0c	104	//\r
d1050b9d	105	UINT8 CHAPResponse[ISCSI_CHAP_MAX_DIGEST_SIZE];\r
4c5a5e0c	106	\r
	107	//\r
	108	// Auth-data to be sent out for mutual authentication.\r
	109	//\r
95616b86 LE	110	// While the challenge size is technically independent of the hashing\r
	111	// algorithm, it is good practice to avoid hashing fewer bytes than the\r
	112	// digest size. In other words, it's good practice to feed *at least as many\r
	113	// bytes* to the hashing algorithm as the hashing algorithm will output.\r
	114	//\r
d1050b9d MK	115	UINT32 OutIdentifier;\r
d1050b9d MK	116	UINT8 OutChallenge[ISCSI_CHAP_MAX_DIGEST_SIZE];\r
4c5a5e0c	117	} ISCSI_CHAP_AUTH_DATA;\r
	118	\r
	119	/**\r
	120	This function checks the received iSCSI Login Response during the security\r
	121	negotiation stage.\r
	122	\r
	123	@param[in] Conn The iSCSI connection.\r
	124	\r
	125	@retval EFI_SUCCESS The Login Response passed the CHAP validation.\r
	126	@retval EFI_OUT_OF_RESOURCES Failed to allocate memory.\r
	127	@retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred.\r
	128	@retval Others Other errors as indicated.\r
	129	\r
	130	**/\r
	131	EFI_STATUS\r
	132	IScsiCHAPOnRspReceived (\r
	133	IN ISCSI_CONNECTION *Conn\r
	134	);\r
d1050b9d	135	\r
4c5a5e0c	136	/**\r
	137	This function fills the CHAP authentication information into the login PDU\r
	138	during the security negotiation stage in the iSCSI connection login.\r
	139	\r
	140	@param[in] Conn The iSCSI connection.\r
	141	@param[in, out] Pdu The PDU to send out.\r
	142	\r
	143	@retval EFI_SUCCESS All check passed and the phase-related CHAP\r
83761337 LE	144	authentication info is filled into the iSCSI\r
83761337 LE	145	PDU.\r
4c5a5e0c	146	@retval EFI_OUT_OF_RESOURCES Failed to allocate memory.\r
	147	@retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred.\r
	148	\r
	149	**/\r
	150	EFI_STATUS\r
	151	IScsiCHAPToSendReq (\r
	152	IN ISCSI_CONNECTION *Conn,\r
	153	IN OUT NET_BUF *Pdu\r
	154	);\r
	155	\r
903ce1d8 LE	156	/**\r
	157	Initialize the CHAP_A=<A1,A2...> value string for the entire driver, to be\r
	158	sent by the initiator in ISCSI_CHAP_STEP_ONE.\r
	159	\r
	160	This function sanity-checks the internal table of supported CHAP hashing\r
	161	algorithms, as well.\r
	162	**/\r
	163	VOID\r
	164	IScsiCHAPInitHashList (\r
	165	VOID\r
	166	);\r
d1050b9d	167	\r
4c5a5e0c	168	#endif\r