1 // SPDX-License-Identifier: GPL-2.0-or-later
5  * (c) Copyright 2007-2013 Datera, Inc.
7  * Author: Nicholas A. Bellinger <nab@linux-iscsi.org>
31 		return "sha3-256";  in chap_get_digest_name()
45 	struct iscsi_chap *chap = conn->auth_protocol;  in chap_gen_challenge()
47 	challenge_asciihex = kzalloc(chap->challenge_len * 2 + 1, GFP_KERNEL);  in chap_gen_challenge()
49 		return -ENOMEM;  in chap_gen_challenge()
51 	memset(chap->challenge, 0, MAX_CHAP_CHALLENGE_LEN);  in chap_gen_challenge()
53 	ret = get_random_bytes_wait(chap->challenge, chap->challenge_len);  in chap_gen_challenge()
57 	bin2hex(challenge_asciihex, chap->challenge,  in chap_gen_challenge()
58 				chap->challenge_len);  in chap_gen_challenge()
60 	 * Set CHAP_C, and copy the generated challenge into c_str.  in chap_gen_challenge()
79 		return -1;  in chap_test_algorithm()
133 	kfree(conn->auth_protocol);  in chap_close()
134 	conn->auth_protocol = NULL;  in chap_close()
147 	if (!(auth->naf_flags & NAF_USERID_SET) ||  in chap_server_open()
148 	    !(auth->naf_flags & NAF_PASSWORD_SET)) {  in chap_server_open()
149 		pr_err("CHAP user or password not set for"  in chap_server_open()
154 	conn->auth_protocol = kzalloc(sizeof(struct iscsi_chap), GFP_KERNEL);  in chap_server_open()
155 	if (!conn->auth_protocol)  in chap_server_open()
158 	chap = conn->auth_protocol;  in chap_server_open()
162 		chap->digest_size = MD5_SIGNATURE_SIZE;  in chap_server_open()
165 		chap->digest_size = SHA1_SIGNATURE_SIZE;  in chap_server_open()
168 		chap->digest_size = SHA256_SIGNATURE_SIZE;  in chap_server_open()
171 		chap->digest_size = SHA3_256_SIGNATURE_SIZE;  in chap_server_open()
180 	chap->digest_name = chap_get_digest_name(digest_type);  in chap_server_open()
182 	/* Tie the challenge length to the digest size */  in chap_server_open()
183 	chap->challenge_len = chap->digest_size;  in chap_server_open()
193 	chap->id = conn->tpg->tpg_chap_id++;  in chap_server_open()
194 	*aic_len += sprintf(aic_str + *aic_len, "CHAP_I=%d", chap->id);  in chap_server_open()
196 	pr_debug("[server] Sending CHAP_I=%d\n", chap->id);  in chap_server_open()
198 	 * Generate Challenge.  in chap_server_open()
219 			return cp - dst;  in chap_base64_decode()
223 			return -2;  in chap_base64_decode()
226 		ac += (p - base64_lookup_table);  in chap_base64_decode()
229 			*cp++ = (ac >> (bits - 8)) & 0xff;  in chap_base64_decode()
230 			ac &= ~(BIT(16) - BIT(bits - 8));  in chap_base64_decode()
231 			bits -= 8;  in chap_base64_decode()
235 		return -1;  in chap_base64_decode()
237 	return cp - dst;  in chap_base64_decode()
258 	struct iscsi_chap *chap = conn->auth_protocol;  in chap_server_compute_hash()
261 	int auth_ret = -1, ret, initiatorchg_len;  in chap_server_compute_hash()
263 	digest = kzalloc(chap->digest_size, GFP_KERNEL);  in chap_server_compute_hash()
269 	response = kzalloc(chap->digest_size * 2 + 2, GFP_KERNEL);  in chap_server_compute_hash()
275 	client_digest = kzalloc(chap->digest_size, GFP_KERNEL);  in chap_server_compute_hash()
281 	server_digest = kzalloc(chap->digest_size, GFP_KERNEL);  in chap_server_compute_hash()
293 		pr_err("Unable to allocate challenge buffer\n");  in chap_server_compute_hash()
316 	compare_len = strlen(auth->userid) + 1;  in chap_server_compute_hash()
317 	if (strncmp(chap_n, auth->userid, compare_len) != 0) {  in chap_server_compute_hash()
333 		if (strlen(chap_r) != chap->digest_size * 2) {  in chap_server_compute_hash()
337 		if (hex2bin(client_digest, chap_r, chap->digest_size) < 0) {  in chap_server_compute_hash()
344 		    chap->digest_size) {  in chap_server_compute_hash()
356 	tfm = crypto_alloc_shash(chap->digest_name, 0, 0);  in chap_server_compute_hash()
369 	desc->tfm = tfm;  in chap_server_compute_hash()
377 	ret = crypto_shash_update(desc, &chap->id, 1);  in chap_server_compute_hash()
383 	ret = crypto_shash_update(desc, (char *)&auth->password,  in chap_server_compute_hash()
384 				  strlen(auth->password));  in chap_server_compute_hash()
390 	ret = crypto_shash_finup(desc, chap->challenge,  in chap_server_compute_hash()
391 				 chap->challenge_len, server_digest);  in chap_server_compute_hash()
393 		pr_err("crypto_shash_finup() failed for challenge\n");  in chap_server_compute_hash()
397 	bin2hex(response, server_digest, chap->digest_size);  in chap_server_compute_hash()
399 		chap->digest_name, response);  in chap_server_compute_hash()
401 	if (memcmp(server_digest, client_digest, chap->digest_size) != 0) {  in chap_server_compute_hash()
403 			chap->digest_name);  in chap_server_compute_hash()
407 				" successful.\n\n", chap->digest_name);  in chap_server_compute_hash()
412 	if (!auth->authenticate_target) {  in chap_server_compute_hash()
420 	if (ret == -ENOENT) {  in chap_server_compute_hash()
460 			pr_err("Unable to convert incoming challenge\n");  in chap_server_compute_hash()
483 			pr_err("Unable to convert incoming challenge\n");  in chap_server_compute_hash()
502 	if (initiatorchg_len == chap->challenge_len &&  in chap_server_compute_hash()
503 				!memcmp(initiatorchg_binhex, chap->challenge,  in chap_server_compute_hash()
526 	ret = crypto_shash_update(desc, auth->password_mutual,  in chap_server_compute_hash()
527 				  strlen(auth->password_mutual));  in chap_server_compute_hash()
534 	 * Convert received challenge to binary hex.  in chap_server_compute_hash()
539 		pr_err("crypto_shash_finup() failed for ma challenge\n");  in chap_server_compute_hash()
546 	*nr_out_len = sprintf(nr_out_ptr, "CHAP_N=%s", auth->userid_mutual);  in chap_server_compute_hash()
548 	pr_debug("[server] Sending CHAP_N=%s\n", auth->userid_mutual);  in chap_server_compute_hash()
552 	bin2hex(response, digest, chap->digest_size);  in chap_server_compute_hash()
579 	struct iscsi_chap *chap = conn->auth_protocol;  in chap_main_loop()
585 		chap->chap_state = CHAP_STAGE_SERVER_AIC;  in chap_main_loop()
587 	} else if (chap->chap_state == CHAP_STAGE_SERVER_AIC) {  in chap_main_loop()
594 		if (auth->authenticate_target)  in chap_main_loop()
595 			chap->chap_state = CHAP_STAGE_SERVER_NR;  in chap_main_loop()