From patchwork Mon Oct 28 12:38:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maurizio Lombardi X-Patchwork-Id: 11215317 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BDD15112C for ; Mon, 28 Oct 2019 12:38:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 92270208C0 for ; Mon, 28 Oct 2019 12:38:36 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="PSTtkd4l" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389139AbfJ1Mig (ORCPT ); Mon, 28 Oct 2019 08:38:36 -0400 Received: from us-smtp-2.mimecast.com ([205.139.110.61]:51650 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727024AbfJ1Mig (ORCPT ); Mon, 28 Oct 2019 08:38:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1572266314; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=k3P0oYZTZgAOrjuG9tABEviSh0hLslV9IlxutqV/tko=; b=PSTtkd4lV8SD2Eji0fqG+SbJU7Qo/5dspVZJFBaUyoUn6ucZidpbLf/tBnWzDmNK8JaU6c tdbFyBmjVq6mniRFExgldd+OuBxAPJA85jSGfTmiJ2RsQZACpbM9mrl0897pWYOXF7QUz6 iGqBOY+a/mcxEchuylaGWdj5lJIEsfU= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-138-MUP44CrvO32ATYDIMx8XaQ-1; Mon, 28 Oct 2019 08:38:31 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 32DE0180491C; Mon, 28 Oct 2019 12:38:30 +0000 (UTC) Received: from manaslu.redhat.com (ovpn-204-92.brq.redhat.com [10.40.204.92]) by smtp.corp.redhat.com (Postfix) with ESMTP id E171C600C9; Mon, 28 Oct 2019 12:38:27 +0000 (UTC) From: Maurizio Lombardi To: cleech@redhat.com Cc: mchristi@redhat.com, target-devel@vger.kernel.org, hch@infradead.org, martin.petersen@oracle.com Subject: [PATCH V3 1/3] target-iscsi: CHAP: add support to SHA1, SHA256 and SHA3-256 hash functions Date: Mon, 28 Oct 2019 13:38:20 +0100 Message-Id: <20191028123822.5864-2-mlombard@redhat.com> In-Reply-To: <20191028123822.5864-1-mlombard@redhat.com> References: <20191028123822.5864-1-mlombard@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-MC-Unique: MUP44CrvO32ATYDIMx8XaQ-1 X-Mimecast-Spam-Score: 0 Sender: target-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: target-devel@vger.kernel.org This patch modifies the chap_server_compute_hash() function to make it agnostic to the choice of hash algorithm that is used. It also adds support to three new hash algorithms: SHA1, SHA256 and SHA3-256. The chap_got_response() function has been removed because the digest type validity is already checked by chap_server_open() Signed-off-by: Maurizio Lombardi --- drivers/target/iscsi/iscsi_target_auth.c | 169 +++++++++++++++-------- drivers/target/iscsi/iscsi_target_auth.h | 13 +- 2 files changed, 120 insertions(+), 62 deletions(-) diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c index 8fe9b12a07a4..b09f20842e40 100644 --- a/drivers/target/iscsi/iscsi_target_auth.c +++ b/drivers/target/iscsi/iscsi_target_auth.c @@ -18,6 +18,22 @@ #include "iscsi_target_nego.h" #include "iscsi_target_auth.h" +static char *chap_get_digest_name(const int digest_type) +{ + switch (digest_type) { + case CHAP_DIGEST_MD5: + return "md5"; + case CHAP_DIGEST_SHA1: + return "sha1"; + case CHAP_DIGEST_SHA256: + return "sha256"; + case CHAP_DIGEST_SHA3_256: + return "sha3-256"; + default: + return NULL; + } +} + static int chap_gen_challenge( struct iscsi_conn *conn, int caller, @@ -46,9 +62,23 @@ static int chap_gen_challenge( return 0; } +static int chap_test_algorithm(const char *name) +{ + struct crypto_shash *tfm; + + tfm = crypto_alloc_shash(name, 0, 0); + if (IS_ERR(tfm)) + return -1; + + crypto_free_shash(tfm); + return 0; +} + static int chap_check_algorithm(const char *a_str) { - char *tmp, *orig, *token; + char *tmp, *orig, *token, *digest_name; + long digest_type; + int r = CHAP_DIGEST_UNKNOWN; tmp = kstrdup(a_str, GFP_KERNEL); if (!tmp) { @@ -70,15 +100,24 @@ static int chap_check_algorithm(const char *a_str) if (!token) goto out; - if (!strcmp(token, "5")) { - pr_debug("Selected MD5 Algorithm\n"); - kfree(orig); - return CHAP_DIGEST_MD5; + if (kstrtol(token, 10, &digest_type)) + continue; + + digest_name = chap_get_digest_name(digest_type); + if (!digest_name) + continue; + + pr_debug("Selected %s Algorithm\n", digest_name); + if (chap_test_algorithm(digest_name) < 0) { + pr_err("failed to allocate %s algo\n", digest_name); + } else { + r = digest_type; + goto out; } } out: kfree(orig); - return CHAP_DIGEST_UNKNOWN; + return r; } static void chap_close(struct iscsi_conn *conn) @@ -94,7 +133,7 @@ static struct iscsi_chap *chap_server_open( char *aic_str, unsigned int *aic_len) { - int ret; + int digest_type; struct iscsi_chap *chap; if (!(auth->naf_flags & NAF_USERID_SET) || @@ -109,17 +148,19 @@ static struct iscsi_chap *chap_server_open( return NULL; chap = conn->auth_protocol; - ret = chap_check_algorithm(a_str); - switch (ret) { + digest_type = chap_check_algorithm(a_str); + switch (digest_type) { case CHAP_DIGEST_MD5: - pr_debug("[server] Got CHAP_A=5\n"); - /* - * Send back CHAP_A set to MD5. - */ - *aic_len = sprintf(aic_str, "CHAP_A=5"); - *aic_len += 1; - chap->digest_type = CHAP_DIGEST_MD5; - pr_debug("[server] Sending CHAP_A=%d\n", chap->digest_type); + chap->digest_size = MD5_SIGNATURE_SIZE; + break; + case CHAP_DIGEST_SHA1: + chap->digest_size = SHA1_SIGNATURE_SIZE; + break; + case CHAP_DIGEST_SHA256: + chap->digest_size = SHA256_SIGNATURE_SIZE; + break; + case CHAP_DIGEST_SHA3_256: + chap->digest_size = SHA3_256_SIGNATURE_SIZE; break; case CHAP_DIGEST_UNKNOWN: default: @@ -128,6 +169,13 @@ static struct iscsi_chap *chap_server_open( return NULL; } + chap->digest_name = chap_get_digest_name(digest_type); + + pr_debug("[server] Got CHAP_A=%d\n", digest_type); + *aic_len = sprintf(aic_str, "CHAP_A=%d", digest_type); + *aic_len += 1; + pr_debug("[server] Sending CHAP_A=%d\n", digest_type); + /* * Set Identifier. */ @@ -146,7 +194,7 @@ static struct iscsi_chap *chap_server_open( return chap; } -static int chap_server_compute_md5( +static int chap_server_compute_hash( struct iscsi_conn *conn, struct iscsi_node_auth *auth, char *nr_in_ptr, @@ -155,12 +203,13 @@ static int chap_server_compute_md5( { unsigned long id; unsigned char id_as_uchar; - unsigned char digest[MD5_SIGNATURE_SIZE]; - unsigned char type, response[MD5_SIGNATURE_SIZE * 2 + 2]; + unsigned char type; unsigned char identifier[10], *challenge = NULL; unsigned char *challenge_binhex = NULL; - unsigned char client_digest[MD5_SIGNATURE_SIZE]; - unsigned char server_digest[MD5_SIGNATURE_SIZE]; + unsigned char *digest = NULL; + unsigned char *response = NULL; + unsigned char *client_digest = NULL; + unsigned char *server_digest = NULL; unsigned char chap_n[MAX_CHAP_N_SIZE], chap_r[MAX_RESPONSE_LENGTH]; size_t compare_len; struct iscsi_chap *chap = conn->auth_protocol; @@ -168,13 +217,33 @@ static int chap_server_compute_md5( struct shash_desc *desc = NULL; int auth_ret = -1, ret, challenge_len; + digest = kzalloc(chap->digest_size, GFP_KERNEL); + if (!digest) { + pr_err("Unable to allocate the digest buffer\n"); + goto out; + } + + response = kzalloc(chap->digest_size * 2 + 2, GFP_KERNEL); + if (!response) { + pr_err("Unable to allocate the response buffer\n"); + goto out; + } + + client_digest = kzalloc(chap->digest_size, GFP_KERNEL); + if (!client_digest) { + pr_err("Unable to allocate the client_digest buffer\n"); + goto out; + } + + server_digest = kzalloc(chap->digest_size, GFP_KERNEL); + if (!server_digest) { + pr_err("Unable to allocate the server_digest buffer\n"); + goto out; + } + memset(identifier, 0, 10); memset(chap_n, 0, MAX_CHAP_N_SIZE); memset(chap_r, 0, MAX_RESPONSE_LENGTH); - memset(digest, 0, MD5_SIGNATURE_SIZE); - memset(response, 0, MD5_SIGNATURE_SIZE * 2 + 2); - memset(client_digest, 0, MD5_SIGNATURE_SIZE); - memset(server_digest, 0, MD5_SIGNATURE_SIZE); challenge = kzalloc(CHAP_CHALLENGE_STR_LEN, GFP_KERNEL); if (!challenge) { @@ -219,18 +288,18 @@ static int chap_server_compute_md5( pr_err("Could not find CHAP_R.\n"); goto out; } - if (strlen(chap_r) != MD5_SIGNATURE_SIZE * 2) { + if (strlen(chap_r) != chap->digest_size * 2) { pr_err("Malformed CHAP_R\n"); goto out; } - if (hex2bin(client_digest, chap_r, MD5_SIGNATURE_SIZE) < 0) { + if (hex2bin(client_digest, chap_r, chap->digest_size) < 0) { pr_err("Malformed CHAP_R\n"); goto out; } pr_debug("[server] Got CHAP_R=%s\n", chap_r); - tfm = crypto_alloc_shash("md5", 0, 0); + tfm = crypto_alloc_shash(chap->digest_name, 0, 0); if (IS_ERR(tfm)) { tfm = NULL; pr_err("Unable to allocate struct crypto_shash\n"); @@ -271,15 +340,15 @@ static int chap_server_compute_md5( goto out; } - bin2hex(response, server_digest, MD5_SIGNATURE_SIZE); - pr_debug("[server] MD5 Server Digest: %s\n", response); + bin2hex(response, server_digest, chap->digest_size); + pr_debug("[server] %s Server Digest: %s\n", hash_name, response); - if (memcmp(server_digest, client_digest, MD5_SIGNATURE_SIZE) != 0) { - pr_debug("[server] MD5 Digests do not match!\n\n"); + if (memcmp(server_digest, client_digest, chap->digest_size) != 0) { + pr_debug("[server] %s Digests do not match!\n\n", hash_name); goto out; } else - pr_debug("[server] MD5 Digests match, CHAP connection" - " successful.\n\n"); + pr_debug("[server] %s Digests match, CHAP connection" + " successful.\n\n", hash_name); /* * One way authentication has succeeded, return now if mutual * authentication is not enabled. @@ -393,7 +462,7 @@ static int chap_server_compute_md5( /* * Convert response from binary hex to ascii hext. */ - bin2hex(response, digest, MD5_SIGNATURE_SIZE); + bin2hex(response, digest, chap->digest_size); *nr_out_len += sprintf(nr_out_ptr + *nr_out_len, "CHAP_R=0x%s", response); *nr_out_len += 1; @@ -405,31 +474,13 @@ static int chap_server_compute_md5( crypto_free_shash(tfm); kfree(challenge); kfree(challenge_binhex); + kfree(digest); + kfree(response); + kfree(server_digest); + kfree(client_digest); return auth_ret; } -static int chap_got_response( - struct iscsi_conn *conn, - struct iscsi_node_auth *auth, - char *nr_in_ptr, - char *nr_out_ptr, - unsigned int *nr_out_len) -{ - struct iscsi_chap *chap = conn->auth_protocol; - - switch (chap->digest_type) { - case CHAP_DIGEST_MD5: - if (chap_server_compute_md5(conn, auth, nr_in_ptr, - nr_out_ptr, nr_out_len) < 0) - return -1; - return 0; - default: - pr_err("Unknown CHAP digest type %d!\n", - chap->digest_type); - return -1; - } -} - u32 chap_main_loop( struct iscsi_conn *conn, struct iscsi_node_auth *auth, @@ -448,7 +499,7 @@ u32 chap_main_loop( return 0; } else if (chap->chap_state == CHAP_STAGE_SERVER_AIC) { convert_null_to_semi(in_text, *in_len); - if (chap_got_response(conn, auth, in_text, out_text, + if (chap_server_compute_hash(conn, auth, in_text, out_text, out_len) < 0) { chap_close(conn); return 2; diff --git a/drivers/target/iscsi/iscsi_target_auth.h b/drivers/target/iscsi/iscsi_target_auth.h index d5600ac30b53..93db1ab5516c 100644 --- a/drivers/target/iscsi/iscsi_target_auth.h +++ b/drivers/target/iscsi/iscsi_target_auth.h @@ -6,14 +6,19 @@ #define CHAP_DIGEST_UNKNOWN 0 #define CHAP_DIGEST_MD5 5 -#define CHAP_DIGEST_SHA 6 +#define CHAP_DIGEST_SHA1 6 +#define CHAP_DIGEST_SHA256 7 +#define CHAP_DIGEST_SHA3_256 8 #define CHAP_CHALLENGE_LENGTH 16 #define CHAP_CHALLENGE_STR_LEN 4096 -#define MAX_RESPONSE_LENGTH 64 /* sufficient for MD5 */ +#define MAX_RESPONSE_LENGTH 128 /* sufficient for SHA3 256 */ #define MAX_CHAP_N_SIZE 512 #define MD5_SIGNATURE_SIZE 16 /* 16 bytes in a MD5 message digest */ +#define SHA1_SIGNATURE_SIZE 20 /* 20 bytes in a SHA1 message digest */ +#define SHA256_SIGNATURE_SIZE 32 /* 32 bytes in a SHA256 message digest */ +#define SHA3_256_SIGNATURE_SIZE 32 /* 32 bytes in a SHA3 256 message digest */ #define CHAP_STAGE_CLIENT_A 1 #define CHAP_STAGE_SERVER_AIC 2 @@ -28,9 +33,11 @@ extern u32 chap_main_loop(struct iscsi_conn *, struct iscsi_node_auth *, char *, int *, int *); struct iscsi_chap { - unsigned char digest_type; unsigned char id; unsigned char challenge[CHAP_CHALLENGE_LENGTH]; + unsigned int challenge_len; + unsigned char *digest_name; + unsigned int digest_size; unsigned int authenticate_target; unsigned int chap_state; } ____cacheline_aligned; From patchwork Mon Oct 28 12:38:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maurizio Lombardi X-Patchwork-Id: 11215319 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3B59A13B1 for ; Mon, 28 Oct 2019 12:38:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 19F62208C0 for ; Mon, 28 Oct 2019 12:38:39 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="QO6NAtp/" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389140AbfJ1Mii (ORCPT ); Mon, 28 Oct 2019 08:38:38 -0400 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:44490 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727024AbfJ1Mii (ORCPT ); Mon, 28 Oct 2019 08:38:38 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1572266317; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xLvLHrbZI5/1diRlzEZRdHc+YFNWmkJY2aZBXThxYiw=; b=QO6NAtp/nnpaKqxvhwNAkDvopAaBxMQ9BoBTdVoluSN9sbL2buE17SuFO2dIPGhYqMFGQt oJ1HfU6Vf/12M4BexKlphZrn6jeDFdu8/e5QGEM5MUQFiyQ+oGJIiBCtcLa69b7rcsYhnr RDb7yphXTOwPPWbuRX+3oQnxCGdSAEo= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-377-hhOviapRPYy0HxxZSEa7cw-1; Mon, 28 Oct 2019 08:38:34 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8D88E180491C; Mon, 28 Oct 2019 12:38:33 +0000 (UTC) Received: from manaslu.redhat.com (ovpn-204-92.brq.redhat.com [10.40.204.92]) by smtp.corp.redhat.com (Postfix) with ESMTP id F275A600C9; Mon, 28 Oct 2019 12:38:30 +0000 (UTC) From: Maurizio Lombardi To: cleech@redhat.com Cc: mchristi@redhat.com, target-devel@vger.kernel.org, hch@infradead.org, martin.petersen@oracle.com Subject: [PATCH V3 2/3] target-iscsi: tie the challenge length to the hash digest size Date: Mon, 28 Oct 2019 13:38:21 +0100 Message-Id: <20191028123822.5864-3-mlombard@redhat.com> In-Reply-To: <20191028123822.5864-1-mlombard@redhat.com> References: <20191028123822.5864-1-mlombard@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-MC-Unique: hhOviapRPYy0HxxZSEa7cw-1 X-Mimecast-Spam-Score: 0 Sender: target-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: target-devel@vger.kernel.org The open-iscsi initiator uses the digest size to determine the length of the challenge values it sends to the target. This patch modifies the target driver to behave in the same way. Signed-off-by: Maurizio Lombardi --- drivers/target/iscsi/iscsi_target_auth.c | 37 +++++++++++++++++------- drivers/target/iscsi/iscsi_target_auth.h | 4 +-- 2 files changed, 28 insertions(+), 13 deletions(-) diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c index b09f20842e40..f3973ab19da2 100644 --- a/drivers/target/iscsi/iscsi_target_auth.c +++ b/drivers/target/iscsi/iscsi_target_auth.c @@ -41,16 +41,21 @@ static int chap_gen_challenge( unsigned int *c_len) { int ret; - unsigned char challenge_asciihex[CHAP_CHALLENGE_LENGTH * 2 + 1]; + unsigned char *challenge_asciihex; struct iscsi_chap *chap = conn->auth_protocol; - memset(challenge_asciihex, 0, CHAP_CHALLENGE_LENGTH * 2 + 1); + challenge_asciihex = kzalloc(chap->challenge_len * 2 + 1, GFP_KERNEL); + if (!challenge_asciihex) + return -ENOMEM; - ret = get_random_bytes_wait(chap->challenge, CHAP_CHALLENGE_LENGTH); + memset(chap->challenge, 0, MAX_CHAP_CHALLENGE_LEN); + + ret = get_random_bytes_wait(chap->challenge, chap->challenge_len); if (unlikely(ret)) - return ret; + goto out; + bin2hex(challenge_asciihex, chap->challenge, - CHAP_CHALLENGE_LENGTH); + chap->challenge_len); /* * Set CHAP_C, and copy the generated challenge into c_str. */ @@ -59,7 +64,10 @@ static int chap_gen_challenge( pr_debug("[%s] Sending CHAP_C=0x%s\n\n", (caller) ? "server" : "client", challenge_asciihex); - return 0; + +out: + kfree(challenge_asciihex); + return ret; } static int chap_test_algorithm(const char *name) @@ -171,6 +179,9 @@ static struct iscsi_chap *chap_server_open( chap->digest_name = chap_get_digest_name(digest_type); + /* Tie the challenge length to the digest size */ + chap->challenge_len = chap->digest_size; + pr_debug("[server] Got CHAP_A=%d\n", digest_type); *aic_len = sprintf(aic_str, "CHAP_A=%d", digest_type); *aic_len += 1; @@ -334,21 +345,23 @@ static int chap_server_compute_hash( } ret = crypto_shash_finup(desc, chap->challenge, - CHAP_CHALLENGE_LENGTH, server_digest); + chap->challenge_len, server_digest); if (ret < 0) { pr_err("crypto_shash_finup() failed for challenge\n"); goto out; } bin2hex(response, server_digest, chap->digest_size); - pr_debug("[server] %s Server Digest: %s\n", hash_name, response); + pr_debug("[server] %s Server Digest: %s\n", + chap->digest_name, response); if (memcmp(server_digest, client_digest, chap->digest_size) != 0) { - pr_debug("[server] %s Digests do not match!\n\n", hash_name); + pr_debug("[server] %s Digests do not match!\n\n", + chap->digest_name); goto out; } else pr_debug("[server] %s Digests match, CHAP connection" - " successful.\n\n", hash_name); + " successful.\n\n", chap->digest_name); /* * One way authentication has succeeded, return now if mutual * authentication is not enabled. @@ -414,7 +427,9 @@ static int chap_server_compute_hash( * initiator must not match the original CHAP_C generated by * the target. */ - if (!memcmp(challenge_binhex, chap->challenge, CHAP_CHALLENGE_LENGTH)) { + if (challenge_len == chap->challenge_len && + !memcmp(challenge_binhex, chap->challenge, + challenge_len)) { pr_err("initiator CHAP_C matches target CHAP_C, failing" " login attempt\n"); goto out; diff --git a/drivers/target/iscsi/iscsi_target_auth.h b/drivers/target/iscsi/iscsi_target_auth.h index 93db1ab5516c..fc75c1c20e23 100644 --- a/drivers/target/iscsi/iscsi_target_auth.h +++ b/drivers/target/iscsi/iscsi_target_auth.h @@ -10,7 +10,7 @@ #define CHAP_DIGEST_SHA256 7 #define CHAP_DIGEST_SHA3_256 8 -#define CHAP_CHALLENGE_LENGTH 16 +#define MAX_CHAP_CHALLENGE_LEN 32 #define CHAP_CHALLENGE_STR_LEN 4096 #define MAX_RESPONSE_LENGTH 128 /* sufficient for SHA3 256 */ #define MAX_CHAP_N_SIZE 512 @@ -34,7 +34,7 @@ extern u32 chap_main_loop(struct iscsi_conn *, struct iscsi_node_auth *, char *, struct iscsi_chap { unsigned char id; - unsigned char challenge[CHAP_CHALLENGE_LENGTH]; + unsigned char challenge[MAX_CHAP_CHALLENGE_LEN]; unsigned int challenge_len; unsigned char *digest_name; unsigned int digest_size; From patchwork Mon Oct 28 12:38:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maurizio Lombardi X-Patchwork-Id: 11215321 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 93D0913B1 for ; Mon, 28 Oct 2019 12:38:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 723D3208C0 for ; Mon, 28 Oct 2019 12:38:41 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="XLHni5J7" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389141AbfJ1Mil (ORCPT ); Mon, 28 Oct 2019 08:38:41 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:41201 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727024AbfJ1Mil (ORCPT ); Mon, 28 Oct 2019 08:38:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1572266319; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uTXmcDggs9arSmYol0p3kqWQyviimG5Qsl31yFm8+WA=; b=XLHni5J7FFXj//65J+XGaRQXDhaJeSLRot4tNfHYS9+66UJSMcf1wiA6OQ2LOhOihnWpEF T3qM3lKo/diAk4GBH3QG/TzS1hBHg+UemPBVXsueisOT9bQRHhw4DNAs3hLTiWxo2L3sQP 40rbVYiOPiNZXxXu3EFfn/gyuepiriA= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-198-04R8wVCSPb6LUdIR-LVYHg-1; Mon, 28 Oct 2019 08:38:37 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7CBCF180491C; Mon, 28 Oct 2019 12:38:36 +0000 (UTC) Received: from manaslu.redhat.com (ovpn-204-92.brq.redhat.com [10.40.204.92]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0F26D600C9; Mon, 28 Oct 2019 12:38:33 +0000 (UTC) From: Maurizio Lombardi To: cleech@redhat.com Cc: mchristi@redhat.com, target-devel@vger.kernel.org, hch@infradead.org, martin.petersen@oracle.com Subject: [PATCH V3 3/3] target-iscsi: rename some variables to avoid confusion. Date: Mon, 28 Oct 2019 13:38:22 +0100 Message-Id: <20191028123822.5864-4-mlombard@redhat.com> In-Reply-To: <20191028123822.5864-1-mlombard@redhat.com> References: <20191028123822.5864-1-mlombard@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-MC-Unique: 04R8wVCSPb6LUdIR-LVYHg-1 X-Mimecast-Spam-Score: 0 Sender: target-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: target-devel@vger.kernel.org This patch renames some variables in chap_server_compute_hash() to avoid confusing the initiator's challenge with the target's challenge when the mutual chap authentication is used. Signed-off-by: Maurizio Lombardi --- drivers/target/iscsi/iscsi_target_auth.c | 43 ++++++++++++------------ 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c index f3973ab19da2..09c6bde0a978 100644 --- a/drivers/target/iscsi/iscsi_target_auth.c +++ b/drivers/target/iscsi/iscsi_target_auth.c @@ -215,8 +215,8 @@ static int chap_server_compute_hash( unsigned long id; unsigned char id_as_uchar; unsigned char type; - unsigned char identifier[10], *challenge = NULL; - unsigned char *challenge_binhex = NULL; + unsigned char identifier[10], *client_challenge = NULL; + unsigned char *client_challenge_binhex = NULL; unsigned char *digest = NULL; unsigned char *response = NULL; unsigned char *client_digest = NULL; @@ -226,7 +226,7 @@ static int chap_server_compute_hash( struct iscsi_chap *chap = conn->auth_protocol; struct crypto_shash *tfm = NULL; struct shash_desc *desc = NULL; - int auth_ret = -1, ret, challenge_len; + int auth_ret = -1, ret, client_challenge_len; digest = kzalloc(chap->digest_size, GFP_KERNEL); if (!digest) { @@ -256,15 +256,15 @@ static int chap_server_compute_hash( memset(chap_n, 0, MAX_CHAP_N_SIZE); memset(chap_r, 0, MAX_RESPONSE_LENGTH); - challenge = kzalloc(CHAP_CHALLENGE_STR_LEN, GFP_KERNEL); - if (!challenge) { + client_challenge = kzalloc(CHAP_CHALLENGE_STR_LEN, GFP_KERNEL); + if (!client_challenge) { pr_err("Unable to allocate challenge buffer\n"); goto out; } - challenge_binhex = kzalloc(CHAP_CHALLENGE_STR_LEN, GFP_KERNEL); - if (!challenge_binhex) { - pr_err("Unable to allocate challenge_binhex buffer\n"); + client_challenge_binhex = kzalloc(CHAP_CHALLENGE_STR_LEN, GFP_KERNEL); + if (!client_challenge_binhex) { + pr_err("Unable to allocate client_challenge_binhex buffer\n"); goto out; } /* @@ -399,7 +399,7 @@ static int chap_server_compute_hash( * Get CHAP_C. */ if (extract_param(nr_in_ptr, "CHAP_C", CHAP_CHALLENGE_STR_LEN, - challenge, &type) < 0) { + client_challenge, &type) < 0) { pr_err("Could not find CHAP_C.\n"); goto out; } @@ -408,28 +408,29 @@ static int chap_server_compute_hash( pr_err("Could not find CHAP_C.\n"); goto out; } - challenge_len = DIV_ROUND_UP(strlen(challenge), 2); - if (!challenge_len) { + client_challenge_len = DIV_ROUND_UP(strlen(client_challenge), 2); + if (!client_challenge_len) { pr_err("Unable to convert incoming challenge\n"); goto out; } - if (challenge_len > 1024) { + if (client_challenge_len > 1024) { pr_err("CHAP_C exceeds maximum binary size of 1024 bytes\n"); goto out; } - if (hex2bin(challenge_binhex, challenge, challenge_len) < 0) { + if (hex2bin(client_challenge_binhex, client_challenge, + client_challenge_len) < 0) { pr_err("Malformed CHAP_C\n"); goto out; } - pr_debug("[server] Got CHAP_C=%s\n", challenge); + pr_debug("[server] Got CHAP_C=%s\n", client_challenge); /* * During mutual authentication, the CHAP_C generated by the * initiator must not match the original CHAP_C generated by * the target. */ - if (challenge_len == chap->challenge_len && - !memcmp(challenge_binhex, chap->challenge, - challenge_len)) { + if (client_challenge_len == chap->challenge_len && + !memcmp(client_challenge_binhex, + chap->challenge, client_challenge_len)) { pr_err("initiator CHAP_C matches target CHAP_C, failing" " login attempt\n"); goto out; @@ -461,8 +462,8 @@ static int chap_server_compute_hash( /* * Convert received challenge to binary hex. */ - ret = crypto_shash_finup(desc, challenge_binhex, challenge_len, - digest); + ret = crypto_shash_finup(desc, client_challenge_binhex, + client_challenge_len, digest); if (ret < 0) { pr_err("crypto_shash_finup() failed for ma challenge\n"); goto out; @@ -487,8 +488,8 @@ static int chap_server_compute_hash( kzfree(desc); if (tfm) crypto_free_shash(tfm); - kfree(challenge); - kfree(challenge_binhex); + kfree(client_challenge); + kfree(client_challenge_binhex); kfree(digest); kfree(response); kfree(server_digest);