]>
Commit | Line | Data |
---|---|---|
4c5a5e0c | 1 | /** @file\r |
2 | The header file of CHAP configuration.\r | |
3 | \r | |
f75a7f56 | 4 | Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>\r |
ecf98fbc | 5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
4c5a5e0c | 6 | \r |
7 | **/\r | |
8 | \r | |
9 | #ifndef _ISCSI_CHAP_H_\r | |
10 | #define _ISCSI_CHAP_H_\r | |
11 | \r | |
d1050b9d | 12 | #define ISCSI_AUTH_METHOD_CHAP "CHAP"\r |
4c5a5e0c | 13 | \r |
d1050b9d MK |
14 | #define ISCSI_KEY_CHAP_ALGORITHM "CHAP_A"\r |
15 | #define ISCSI_KEY_CHAP_IDENTIFIER "CHAP_I"\r | |
16 | #define ISCSI_KEY_CHAP_CHALLENGE "CHAP_C"\r | |
17 | #define ISCSI_KEY_CHAP_NAME "CHAP_N"\r | |
18 | #define ISCSI_KEY_CHAP_RESPONSE "CHAP_R"\r | |
4c5a5e0c | 19 | \r |
7b6c2b2a LE |
20 | //\r |
21 | // Identifiers of supported CHAP hash algorithms:\r | |
22 | // https://www.iana.org/assignments/ppp-numbers/ppp-numbers.xhtml#ppp-numbers-9\r | |
23 | //\r | |
d1050b9d MK |
24 | #define ISCSI_CHAP_ALGORITHM_MD5 5\r |
25 | #define ISCSI_CHAP_ALGORITHM_SHA256 7\r | |
4c5a5e0c | 26 | \r |
7b6c2b2a LE |
27 | //\r |
28 | // Byte count of the largest digest over the above-listed\r | |
29 | // ISCSI_CHAP_ALGORITHM_* hash algorithms.\r | |
30 | //\r | |
d1050b9d | 31 | #define ISCSI_CHAP_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE\r |
4c5a5e0c | 32 | \r |
d1050b9d MK |
33 | #define ISCSI_CHAP_STEP_ONE 1\r |
34 | #define ISCSI_CHAP_STEP_TWO 2\r | |
35 | #define ISCSI_CHAP_STEP_THREE 3\r | |
36 | #define ISCSI_CHAP_STEP_FOUR 4\r | |
4c5a5e0c | 37 | \r |
38 | #pragma pack(1)\r | |
39 | \r | |
40 | typedef struct _ISCSI_CHAP_AUTH_CONFIG_NVDATA {\r | |
d1050b9d MK |
41 | UINT8 CHAPType;\r |
42 | CHAR8 CHAPName[ISCSI_CHAP_NAME_STORAGE];\r | |
43 | CHAR8 CHAPSecret[ISCSI_CHAP_SECRET_STORAGE];\r | |
44 | CHAR8 ReverseCHAPName[ISCSI_CHAP_NAME_STORAGE];\r | |
45 | CHAR8 ReverseCHAPSecret[ISCSI_CHAP_SECRET_STORAGE];\r | |
4c5a5e0c | 46 | } ISCSI_CHAP_AUTH_CONFIG_NVDATA;\r |
47 | \r | |
48 | #pragma pack()\r | |
49 | \r | |
903ce1d8 LE |
50 | //\r |
51 | // Typedefs for collecting sets of hash APIs from BaseCryptLib.\r | |
52 | //\r | |
53 | typedef\r | |
54 | UINTN\r | |
d1050b9d | 55 | (EFIAPI *CHAP_HASH_GET_CONTEXT_SIZE)(\r |
903ce1d8 LE |
56 | VOID\r |
57 | );\r | |
58 | \r | |
59 | typedef\r | |
60 | BOOLEAN\r | |
d1050b9d | 61 | (EFIAPI *CHAP_HASH_INIT)(\r |
903ce1d8 LE |
62 | OUT VOID *Context\r |
63 | );\r | |
64 | \r | |
65 | typedef\r | |
66 | BOOLEAN\r | |
d1050b9d | 67 | (EFIAPI *CHAP_HASH_UPDATE)(\r |
903ce1d8 LE |
68 | IN OUT VOID *Context,\r |
69 | IN CONST VOID *Data,\r | |
70 | IN UINTN DataSize\r | |
71 | );\r | |
72 | \r | |
73 | typedef\r | |
74 | BOOLEAN\r | |
d1050b9d | 75 | (EFIAPI *CHAP_HASH_FINAL)(\r |
903ce1d8 LE |
76 | IN OUT VOID *Context,\r |
77 | OUT UINT8 *HashValue\r | |
78 | );\r | |
79 | \r | |
80 | typedef struct {\r | |
d1050b9d MK |
81 | UINT8 Algorithm; // ISCSI_CHAP_ALGORITHM_*, CHAP_A\r |
82 | UINT32 DigestSize;\r | |
83 | CHAP_HASH_GET_CONTEXT_SIZE GetContextSize;\r | |
84 | CHAP_HASH_INIT Init;\r | |
85 | CHAP_HASH_UPDATE Update;\r | |
86 | CHAP_HASH_FINAL Final;\r | |
903ce1d8 LE |
87 | } CHAP_HASH;\r |
88 | \r | |
4c5a5e0c | 89 | ///\r |
90 | /// ISCSI CHAP Authentication Data\r | |
91 | ///\r | |
92 | typedef struct _ISCSI_CHAP_AUTH_DATA {\r | |
d1050b9d MK |
93 | ISCSI_CHAP_AUTH_CONFIG_NVDATA *AuthConfig;\r |
94 | UINT32 InIdentifier;\r | |
95 | UINT8 InChallenge[1024];\r | |
96 | UINT32 InChallengeLength;\r | |
4c5a5e0c | 97 | //\r |
903ce1d8 LE |
98 | // The hash algorithm (CHAP_A) that the target selects in\r |
99 | // ISCSI_CHAP_STEP_TWO.\r | |
100 | //\r | |
d1050b9d | 101 | CONST CHAP_HASH *Hash;\r |
903ce1d8 | 102 | //\r |
4c5a5e0c | 103 | // Calculated CHAP Response (CHAP_R) value.\r |
104 | //\r | |
d1050b9d | 105 | UINT8 CHAPResponse[ISCSI_CHAP_MAX_DIGEST_SIZE];\r |
4c5a5e0c | 106 | \r |
107 | //\r | |
108 | // Auth-data to be sent out for mutual authentication.\r | |
109 | //\r | |
95616b86 LE |
110 | // While the challenge size is technically independent of the hashing\r |
111 | // algorithm, it is good practice to avoid hashing *fewer bytes* than the\r | |
112 | // digest size. In other words, it's good practice to feed *at least as many\r | |
113 | // bytes* to the hashing algorithm as the hashing algorithm will output.\r | |
114 | //\r | |
d1050b9d MK |
115 | UINT32 OutIdentifier;\r |
116 | UINT8 OutChallenge[ISCSI_CHAP_MAX_DIGEST_SIZE];\r | |
4c5a5e0c | 117 | } ISCSI_CHAP_AUTH_DATA;\r |
118 | \r | |
119 | /**\r | |
120 | This function checks the received iSCSI Login Response during the security\r | |
121 | negotiation stage.\r | |
122 | \r | |
123 | @param[in] Conn The iSCSI connection.\r | |
124 | \r | |
125 | @retval EFI_SUCCESS The Login Response passed the CHAP validation.\r | |
126 | @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.\r | |
127 | @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred.\r | |
128 | @retval Others Other errors as indicated.\r | |
129 | \r | |
130 | **/\r | |
131 | EFI_STATUS\r | |
132 | IScsiCHAPOnRspReceived (\r | |
133 | IN ISCSI_CONNECTION *Conn\r | |
134 | );\r | |
d1050b9d | 135 | \r |
4c5a5e0c | 136 | /**\r |
137 | This function fills the CHAP authentication information into the login PDU\r | |
138 | during the security negotiation stage in the iSCSI connection login.\r | |
139 | \r | |
140 | @param[in] Conn The iSCSI connection.\r | |
141 | @param[in, out] Pdu The PDU to send out.\r | |
142 | \r | |
143 | @retval EFI_SUCCESS All check passed and the phase-related CHAP\r | |
83761337 LE |
144 | authentication info is filled into the iSCSI\r |
145 | PDU.\r | |
4c5a5e0c | 146 | @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.\r |
147 | @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred.\r | |
148 | \r | |
149 | **/\r | |
150 | EFI_STATUS\r | |
151 | IScsiCHAPToSendReq (\r | |
152 | IN ISCSI_CONNECTION *Conn,\r | |
153 | IN OUT NET_BUF *Pdu\r | |
154 | );\r | |
155 | \r | |
903ce1d8 LE |
156 | /**\r |
157 | Initialize the CHAP_A=<A1,A2...> *value* string for the entire driver, to be\r | |
158 | sent by the initiator in ISCSI_CHAP_STEP_ONE.\r | |
159 | \r | |
160 | This function sanity-checks the internal table of supported CHAP hashing\r | |
161 | algorithms, as well.\r | |
162 | **/\r | |
163 | VOID\r | |
164 | IScsiCHAPInitHashList (\r | |
165 | VOID\r | |
166 | );\r | |
d1050b9d | 167 | \r |
4c5a5e0c | 168 | #endif\r |