summaryrefslogtreecommitdiffstats
path: root/NetworkPkg/IScsiDxe
diff options
context:
space:
mode:
authorLaszlo Ersek <lersek@redhat.com>2021-06-29 18:33:34 +0200
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2021-06-30 19:20:41 +0000
commit7b6c2b2a26d0ae0a1d0beb8a9ac81cd934646c99 (patch)
tree85cfe38832423728b41c517a49ad04c42ad7b39c /NetworkPkg/IScsiDxe
parent7eba9f698eac33be9db5d224481657bee1111425 (diff)
downloadedk2-7b6c2b2a26d0ae0a1d0beb8a9ac81cd934646c99.tar.gz
edk2-7b6c2b2a26d0ae0a1d0beb8a9ac81cd934646c99.tar.bz2
edk2-7b6c2b2a26d0ae0a1d0beb8a9ac81cd934646c99.zip
NetworkPkg/IScsiDxe: distinguish "maximum" and "selected" CHAP digest sizes
IScsiDxe uses the ISCSI_CHAP_RSP_LEN macro for expressing the size of the digest (16) that it solely supports at this point (MD5). ISCSI_CHAP_RSP_LEN is used for both (a) *allocating* digest-related buffers (binary buffers and hex encodings alike), and (b) *processing* binary digest buffers (comparing them, filling them, reading them). In preparation for adding other hash algorithms, split purpose (a) from purpose (b). For purpose (a) -- buffer allocation --, introduce ISCSI_CHAP_MAX_DIGEST_SIZE. For purpose (b) -- processing --, rely on MD5_DIGEST_SIZE from <BaseCryptLib.h>. Distinguishing these purposes is justified because purpose (b) -- processing -- must depend on the hashing algorithm negotiated between initiator and target, while for purpose (a) -- allocation --, using the maximum supported digest size is suitable. For now, because only MD5 is supported, introduce ISCSI_CHAP_MAX_DIGEST_SIZE *as* MD5_DIGEST_SIZE. Note that the argument for using the digest size as the size of the outgoing challenge (in case mutual authentication is desired by the initiator) remains in place. Because of this, the above two purposes are distinguished for the "ISCSI_CHAP_AUTH_DATA.OutChallenge" field as well. This patch is functionally a no-op, just yet. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3355 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Message-Id: <20210629163337.14120-4-lersek@redhat.com>
Diffstat (limited to 'NetworkPkg/IScsiDxe')
-rw-r--r--NetworkPkg/IScsiDxe/IScsiCHAP.c22
-rw-r--r--NetworkPkg/IScsiDxe/IScsiCHAP.h17
2 files changed, 22 insertions, 17 deletions
diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c
index bb84f4359d..744824e63d 100644
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c
@@ -112,7 +112,7 @@ IScsiCHAPAuthTarget (
{
EFI_STATUS Status;
UINT32 SecretSize;
- UINT8 VerifyRsp[ISCSI_CHAP_RSP_LEN];
+ UINT8 VerifyRsp[ISCSI_CHAP_MAX_DIGEST_SIZE];
Status = EFI_SUCCESS;
@@ -122,11 +122,11 @@ IScsiCHAPAuthTarget (
AuthData->AuthConfig->ReverseCHAPSecret,
SecretSize,
AuthData->OutChallenge,
- ISCSI_CHAP_RSP_LEN, // ChallengeLength
+ MD5_DIGEST_SIZE, // ChallengeLength
VerifyRsp
);
- if (CompareMem (VerifyRsp, TargetResponse, ISCSI_CHAP_RSP_LEN) != 0) {
+ if (CompareMem (VerifyRsp, TargetResponse, MD5_DIGEST_SIZE) != 0) {
Status = EFI_SECURITY_VIOLATION;
}
@@ -163,7 +163,7 @@ IScsiCHAPOnRspReceived (
CHAR8 *Challenge;
CHAR8 *Name;
CHAR8 *Response;
- UINT8 TargetRsp[ISCSI_CHAP_RSP_LEN];
+ UINT8 TargetRsp[ISCSI_CHAP_MAX_DIGEST_SIZE];
UINT32 RspLen;
UINTN Result;
@@ -340,9 +340,9 @@ IScsiCHAPOnRspReceived (
goto ON_EXIT;
}
- RspLen = ISCSI_CHAP_RSP_LEN;
+ RspLen = MD5_DIGEST_SIZE;
Status = IScsiHexToBin (TargetRsp, &RspLen, Response);
- if (EFI_ERROR (Status) || RspLen != ISCSI_CHAP_RSP_LEN) {
+ if (EFI_ERROR (Status) || RspLen != MD5_DIGEST_SIZE) {
Status = EFI_PROTOCOL_ERROR;
goto ON_EXIT;
}
@@ -411,13 +411,13 @@ IScsiCHAPToSendReq (
}
Status = EFI_SUCCESS;
- RspLen = 2 * ISCSI_CHAP_RSP_LEN + 3;
+ RspLen = 2 * ISCSI_CHAP_MAX_DIGEST_SIZE + 3;
Response = AllocateZeroPool (RspLen);
if (Response == NULL) {
return EFI_OUT_OF_RESOURCES;
}
- ChallengeLen = 2 * ISCSI_CHAP_RSP_LEN + 3;
+ ChallengeLen = 2 * ISCSI_CHAP_MAX_DIGEST_SIZE + 3;
Challenge = AllocateZeroPool (ChallengeLen);
if (Challenge == NULL) {
FreePool (Response);
@@ -482,7 +482,7 @@ IScsiCHAPToSendReq (
//
BinToHexStatus = IScsiBinToHex (
(UINT8 *) AuthData->CHAPResponse,
- ISCSI_CHAP_RSP_LEN,
+ MD5_DIGEST_SIZE,
Response,
&RspLen
);
@@ -499,10 +499,10 @@ IScsiCHAPToSendReq (
//
// CHAP_C=<C>
//
- IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN);
+ IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, MD5_DIGEST_SIZE);
BinToHexStatus = IScsiBinToHex (
(UINT8 *) AuthData->OutChallenge,
- ISCSI_CHAP_RSP_LEN,
+ MD5_DIGEST_SIZE,
Challenge,
&ChallengeLen
);
diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h
index d6a90fc27f..b8811b7580 100644
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.h
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h
@@ -17,12 +17,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define ISCSI_KEY_CHAP_NAME "CHAP_N"
#define ISCSI_KEY_CHAP_RESPONSE "CHAP_R"
+//
+// Identifiers of supported CHAP hash algorithms:
+// https://www.iana.org/assignments/ppp-numbers/ppp-numbers.xhtml#ppp-numbers-9
+//
#define ISCSI_CHAP_ALGORITHM_MD5 5
-///
-/// MD5_HASHSIZE
-///
-#define ISCSI_CHAP_RSP_LEN 16
+//
+// Byte count of the largest digest over the above-listed
+// ISCSI_CHAP_ALGORITHM_* hash algorithms.
+//
+#define ISCSI_CHAP_MAX_DIGEST_SIZE MD5_DIGEST_SIZE
#define ISCSI_CHAP_STEP_ONE 1
#define ISCSI_CHAP_STEP_TWO 2
@@ -53,7 +58,7 @@ typedef struct _ISCSI_CHAP_AUTH_DATA {
//
// Calculated CHAP Response (CHAP_R) value.
//
- UINT8 CHAPResponse[ISCSI_CHAP_RSP_LEN];
+ UINT8 CHAPResponse[ISCSI_CHAP_MAX_DIGEST_SIZE];
//
// Auth-data to be sent out for mutual authentication.
@@ -64,7 +69,7 @@ typedef struct _ISCSI_CHAP_AUTH_DATA {
// bytes* to the hashing algorithm as the hashing algorithm will output.
//
UINT32 OutIdentifier;
- UINT8 OutChallenge[ISCSI_CHAP_RSP_LEN];
+ UINT8 OutChallenge[ISCSI_CHAP_MAX_DIGEST_SIZE];
} ISCSI_CHAP_AUTH_DATA;
/**