add new system file

hc

2024-02-20 102a0743326a03cd1a1202ceda21e175b7d3575c

 kernel/drivers/target/iscsi/iscsi_target_auth.c
..
..
@@ -1,3 +1,4 @@
1
+// SPDX-License-Identifier: GPL-2.0-or-later
1
2
 /*******************************************************************************
2
3
  * This file houses the main functions for the iSCSI CHAP support
3
4
  *
..
..
@@ -5,15 +6,6 @@
5
6
  *
6
7
  * Author: Nicholas A. Bellinger <nab@linux-iscsi.org>
7
8
  *
8
- * This program is free software; you can redistribute it and/or modify
9
- * it under the terms of the GNU General Public License as published by
10
- * the Free Software Foundation; either version 2 of the License, or
11
- * (at your option) any later version.
12
- *
13
- * This program is distributed in the hope that it will be useful,
14
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
15
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16
- * GNU General Public License for more details.
17
9
  ******************************************************************************/
18
10
 
19
11
 #include <crypto/hash.h>
..
..
@@ -26,6 +18,22 @@
26
18
 #include "iscsi_target_nego.h"
27
19
 #include "iscsi_target_auth.h"
28
20
 
21
+static char *chap_get_digest_name(const int digest_type)
22
+{
23
+	switch (digest_type) {
24
+	case CHAP_DIGEST_MD5:
25
+		return "md5";
26
+	case CHAP_DIGEST_SHA1:
27
+		return "sha1";
28
+	case CHAP_DIGEST_SHA256:
29
+		return "sha256";
30
+	case CHAP_DIGEST_SHA3_256:
31
+		return "sha3-256";
32
+	default:
33
+		return NULL;
34
+	}
35
+}
36
+
29
37
 static int chap_gen_challenge(
30
38
 	struct iscsi_conn *conn,
31
39
 	int caller,
..
..
@@ -33,16 +41,21 @@
33
41
 	unsigned int *c_len)
34
42
 {
35
43
 	int ret;
36
-	unsigned char challenge_asciihex[CHAP_CHALLENGE_LENGTH * 2 + 1];
44
+	unsigned char *challenge_asciihex;
37
45
 	struct iscsi_chap *chap = conn->auth_protocol;
38
46
 
39
-	memset(challenge_asciihex, 0, CHAP_CHALLENGE_LENGTH * 2 + 1);
47
+	challenge_asciihex = kzalloc(chap->challenge_len * 2 + 1, GFP_KERNEL);
48
+	if (!challenge_asciihex)
49
+		return -ENOMEM;
40
50
 
41
-	ret = get_random_bytes_wait(chap->challenge, CHAP_CHALLENGE_LENGTH);
51
+	memset(chap->challenge, 0, MAX_CHAP_CHALLENGE_LEN);
52
+
53
+	ret = get_random_bytes_wait(chap->challenge, chap->challenge_len);
42
54
 	if (unlikely(ret))
43
-		return ret;
55
+		goto out;
56
+
44
57
 	bin2hex(challenge_asciihex, chap->challenge,
45
-				CHAP_CHALLENGE_LENGTH);
58
+				chap->challenge_len);
46
59
 	/*
47
60
 	 * Set CHAP_C, and copy the generated challenge into c_str.
48
61
 	 */
..
..
@@ -51,12 +64,29 @@
51
64
 
52
65
 	pr_debug("[%s] Sending CHAP_C=0x%s\n\n", (caller) ? "server" : "client",
53
66
 			challenge_asciihex);
67
+
68
+out:
69
+	kfree(challenge_asciihex);
70
+	return ret;
71
+}
72
+
73
+static int chap_test_algorithm(const char *name)
74
+{
75
+	struct crypto_shash *tfm;
76
+
77
+	tfm = crypto_alloc_shash(name, 0, 0);
78
+	if (IS_ERR(tfm))
79
+		return -1;
80
+
81
+	crypto_free_shash(tfm);
54
82
 	return 0;
55
83
 }
56
84
 
57
85
 static int chap_check_algorithm(const char *a_str)
58
86
 {
59
-	char *tmp, *orig, *token;
87
+	char *tmp, *orig, *token, *digest_name;
88
+	long digest_type;
89
+	int r = CHAP_DIGEST_UNKNOWN;
60
90
 
61
91
 	tmp = kstrdup(a_str, GFP_KERNEL);
62
92
 	if (!tmp) {
..
..
@@ -78,15 +108,24 @@
78
108
 		if (!token)
79
109
 			goto out;
80
110
 
81
-		if (!strcmp(token, "5")) {
82
-			pr_debug("Selected MD5 Algorithm\n");
83
-			kfree(orig);
84
-			return CHAP_DIGEST_MD5;
111
+		if (kstrtol(token, 10, &digest_type))
112
+			continue;
113
+
114
+		digest_name = chap_get_digest_name(digest_type);
115
+		if (!digest_name)
116
+			continue;
117
+
118
+		pr_debug("Selected %s Algorithm\n", digest_name);
119
+		if (chap_test_algorithm(digest_name) < 0) {
120
+			pr_err("failed to allocate %s algo\n", digest_name);
121
+		} else {
122
+			r = digest_type;
123
+			goto out;
85
124
 		}
86
125
 	}
87
126
 out:
88
127
 	kfree(orig);
89
-	return CHAP_DIGEST_UNKNOWN;
128
+	return r;
90
129
 }
91
130
 
92
131
 static void chap_close(struct iscsi_conn *conn)
..
..
@@ -102,7 +141,7 @@
102
141
 	char *aic_str,
103
142
 	unsigned int *aic_len)
104
143
 {
105
-	int ret;
144
+	int digest_type;
106
145
 	struct iscsi_chap *chap;
107
146
 
108
147
 	if (!(auth->naf_flags & NAF_USERID_SET) ||
..
..
@@ -117,17 +156,19 @@
117
156
 		return NULL;
118
157
 
119
158
 	chap = conn->auth_protocol;
120
-	ret = chap_check_algorithm(a_str);
121
-	switch (ret) {
159
+	digest_type = chap_check_algorithm(a_str);
160
+	switch (digest_type) {
122
161
 	case CHAP_DIGEST_MD5:
123
-		pr_debug("[server] Got CHAP_A=5\n");
124
-		/*
125
-		 * Send back CHAP_A set to MD5.
126
-		*/
127
-		*aic_len = sprintf(aic_str, "CHAP_A=5");
128
-		*aic_len += 1;
129
-		chap->digest_type = CHAP_DIGEST_MD5;
130
-		pr_debug("[server] Sending CHAP_A=%d\n", chap->digest_type);
162
+		chap->digest_size = MD5_SIGNATURE_SIZE;
163
+		break;
164
+	case CHAP_DIGEST_SHA1:
165
+		chap->digest_size = SHA1_SIGNATURE_SIZE;
166
+		break;
167
+	case CHAP_DIGEST_SHA256:
168
+		chap->digest_size = SHA256_SIGNATURE_SIZE;
169
+		break;
170
+	case CHAP_DIGEST_SHA3_256:
171
+		chap->digest_size = SHA3_256_SIGNATURE_SIZE;
131
172
 		break;
132
173
 	case CHAP_DIGEST_UNKNOWN:
133
174
 	default:
..
..
@@ -135,6 +176,16 @@
135
176
 		chap_close(conn);
136
177
 		return NULL;
137
178
 	}
179
+
180
+	chap->digest_name = chap_get_digest_name(digest_type);
181
+
182
+	/* Tie the challenge length to the digest size */
183
+	chap->challenge_len = chap->digest_size;
184
+
185
+	pr_debug("[server] Got CHAP_A=%d\n", digest_type);
186
+	*aic_len = sprintf(aic_str, "CHAP_A=%d", digest_type);
187
+	*aic_len += 1;
188
+	pr_debug("[server] Sending CHAP_A=%d\n", digest_type);
138
189
 
139
190
 	/*
140
191
 	 * Set Identifier.
..
..
@@ -154,7 +205,7 @@
154
205
 	return chap;
155
206
 }
156
207
 
157
-static int chap_server_compute_md5(
208
+static int chap_server_compute_hash(
158
209
 	struct iscsi_conn *conn,
159
210
 	struct iscsi_node_auth *auth,
160
211
 	char *nr_in_ptr,
..
..
@@ -163,36 +214,57 @@
163
214
 {
164
215
 	unsigned long id;
165
216
 	unsigned char id_as_uchar;
166
-	unsigned char digest[MD5_SIGNATURE_SIZE];
167
-	unsigned char type, response[MD5_SIGNATURE_SIZE * 2 + 2];
168
-	unsigned char identifier[10], *challenge = NULL;
169
-	unsigned char *challenge_binhex = NULL;
170
-	unsigned char client_digest[MD5_SIGNATURE_SIZE];
171
-	unsigned char server_digest[MD5_SIGNATURE_SIZE];
217
+	unsigned char type;
218
+	unsigned char identifier[10], *initiatorchg = NULL;
219
+	unsigned char *initiatorchg_binhex = NULL;
220
+	unsigned char *digest = NULL;
221
+	unsigned char *response = NULL;
222
+	unsigned char *client_digest = NULL;
223
+	unsigned char *server_digest = NULL;
172
224
 	unsigned char chap_n[MAX_CHAP_N_SIZE], chap_r[MAX_RESPONSE_LENGTH];
173
225
 	size_t compare_len;
174
226
 	struct iscsi_chap *chap = conn->auth_protocol;
175
227
 	struct crypto_shash *tfm = NULL;
176
228
 	struct shash_desc *desc = NULL;
177
-	int auth_ret = -1, ret, challenge_len;
229
+	int auth_ret = -1, ret, initiatorchg_len;
230
+
231
+	digest = kzalloc(chap->digest_size, GFP_KERNEL);
232
+	if (!digest) {
233
+		pr_err("Unable to allocate the digest buffer\n");
234
+		goto out;
235
+	}
236
+
237
+	response = kzalloc(chap->digest_size * 2 + 2, GFP_KERNEL);
238
+	if (!response) {
239
+		pr_err("Unable to allocate the response buffer\n");
240
+		goto out;
241
+	}
242
+
243
+	client_digest = kzalloc(chap->digest_size, GFP_KERNEL);
244
+	if (!client_digest) {
245
+		pr_err("Unable to allocate the client_digest buffer\n");
246
+		goto out;
247
+	}
248
+
249
+	server_digest = kzalloc(chap->digest_size, GFP_KERNEL);
250
+	if (!server_digest) {
251
+		pr_err("Unable to allocate the server_digest buffer\n");
252
+		goto out;
253
+	}
178
254
 
179
255
 	memset(identifier, 0, 10);
180
256
 	memset(chap_n, 0, MAX_CHAP_N_SIZE);
181
257
 	memset(chap_r, 0, MAX_RESPONSE_LENGTH);
182
-	memset(digest, 0, MD5_SIGNATURE_SIZE);
183
-	memset(response, 0, MD5_SIGNATURE_SIZE * 2 + 2);
184
-	memset(client_digest, 0, MD5_SIGNATURE_SIZE);
185
-	memset(server_digest, 0, MD5_SIGNATURE_SIZE);
186
258
 
187
-	challenge = kzalloc(CHAP_CHALLENGE_STR_LEN, GFP_KERNEL);
188
-	if (!challenge) {
259
+	initiatorchg = kzalloc(CHAP_CHALLENGE_STR_LEN, GFP_KERNEL);
260
+	if (!initiatorchg) {
189
261
 		pr_err("Unable to allocate challenge buffer\n");
190
262
 		goto out;
191
263
 	}
192
264
 
193
-	challenge_binhex = kzalloc(CHAP_CHALLENGE_STR_LEN, GFP_KERNEL);
194
-	if (!challenge_binhex) {
195
-		pr_err("Unable to allocate challenge_binhex buffer\n");
265
+	initiatorchg_binhex = kzalloc(CHAP_CHALLENGE_STR_LEN, GFP_KERNEL);
266
+	if (!initiatorchg_binhex) {
267
+		pr_err("Unable to allocate initiatorchg_binhex buffer\n");
196
268
 		goto out;
197
269
 	}
198
270
 	/*
..
..
@@ -227,18 +299,18 @@
227
299
 		pr_err("Could not find CHAP_R.\n");
228
300
 		goto out;
229
301
 	}
230
-	if (strlen(chap_r) != MD5_SIGNATURE_SIZE * 2) {
302
+	if (strlen(chap_r) != chap->digest_size * 2) {
231
303
 		pr_err("Malformed CHAP_R\n");
232
304
 		goto out;
233
305
 	}
234
-	if (hex2bin(client_digest, chap_r, MD5_SIGNATURE_SIZE) < 0) {
306
+	if (hex2bin(client_digest, chap_r, chap->digest_size) < 0) {
235
307
 		pr_err("Malformed CHAP_R\n");
236
308
 		goto out;
237
309
 	}
238
310
 
239
311
 	pr_debug("[server] Got CHAP_R=%s\n", chap_r);
240
312
 
241
-	tfm = crypto_alloc_shash("md5", 0, 0);
313
+	tfm = crypto_alloc_shash(chap->digest_name, 0, 0);
242
314
 	if (IS_ERR(tfm)) {
243
315
 		tfm = NULL;
244
316
 		pr_err("Unable to allocate struct crypto_shash\n");
..
..
@@ -252,7 +324,6 @@
252
324
 	}
253
325
 
254
326
 	desc->tfm = tfm;
255
-	desc->flags = 0;
256
327
 
257
328
 	ret = crypto_shash_init(desc);
258
329
 	if (ret < 0) {
..
..
@@ -274,21 +345,23 @@
274
345
 	}
275
346
 
276
347
 	ret = crypto_shash_finup(desc, chap->challenge,
277
-				 CHAP_CHALLENGE_LENGTH, server_digest);
348
+				 chap->challenge_len, server_digest);
278
349
 	if (ret < 0) {
279
350
 		pr_err("crypto_shash_finup() failed for challenge\n");
280
351
 		goto out;
281
352
 	}
282
353
 
283
-	bin2hex(response, server_digest, MD5_SIGNATURE_SIZE);
284
-	pr_debug("[server] MD5 Server Digest: %s\n", response);
354
+	bin2hex(response, server_digest, chap->digest_size);
355
+	pr_debug("[server] %s Server Digest: %s\n",
356
+		chap->digest_name, response);
285
357
 
286
-	if (memcmp(server_digest, client_digest, MD5_SIGNATURE_SIZE) != 0) {
287
-		pr_debug("[server] MD5 Digests do not match!\n\n");
358
+	if (memcmp(server_digest, client_digest, chap->digest_size) != 0) {
359
+		pr_debug("[server] %s Digests do not match!\n\n",
360
+			chap->digest_name);
288
361
 		goto out;
289
362
 	} else
290
-		pr_debug("[server] MD5 Digests match, CHAP connection"
291
-				" successful.\n\n");
363
+		pr_debug("[server] %s Digests match, CHAP connection"
364
+				" successful.\n\n", chap->digest_name);
292
365
 	/*
293
366
 	 * One way authentication has succeeded, return now if mutual
294
367
 	 * authentication is not enabled.
..
..
@@ -326,7 +399,7 @@
326
399
 	 * Get CHAP_C.
327
400
 	 */
328
401
 	if (extract_param(nr_in_ptr, "CHAP_C", CHAP_CHALLENGE_STR_LEN,
329
-			challenge, &type) < 0) {
402
+			initiatorchg, &type) < 0) {
330
403
 		pr_err("Could not find CHAP_C.\n");
331
404
 		goto out;
332
405
 	}
..
..
@@ -335,26 +408,28 @@
335
408
 		pr_err("Could not find CHAP_C.\n");
336
409
 		goto out;
337
410
 	}
338
-	challenge_len = DIV_ROUND_UP(strlen(challenge), 2);
339
-	if (!challenge_len) {
411
+	initiatorchg_len = DIV_ROUND_UP(strlen(initiatorchg), 2);
412
+	if (!initiatorchg_len) {
340
413
 		pr_err("Unable to convert incoming challenge\n");
341
414
 		goto out;
342
415
 	}
343
-	if (challenge_len > 1024) {
416
+	if (initiatorchg_len > 1024) {
344
417
 		pr_err("CHAP_C exceeds maximum binary size of 1024 bytes\n");
345
418
 		goto out;
346
419
 	}
347
-	if (hex2bin(challenge_binhex, challenge, challenge_len) < 0) {
420
+	if (hex2bin(initiatorchg_binhex, initiatorchg, initiatorchg_len) < 0) {
348
421
 		pr_err("Malformed CHAP_C\n");
349
422
 		goto out;
350
423
 	}
351
-	pr_debug("[server] Got CHAP_C=%s\n", challenge);
424
+	pr_debug("[server] Got CHAP_C=%s\n", initiatorchg);
352
425
 	/*
353
426
 	 * During mutual authentication, the CHAP_C generated by the
354
427
 	 * initiator must not match the original CHAP_C generated by
355
428
 	 * the target.
356
429
 	 */
357
-	if (!memcmp(challenge_binhex, chap->challenge, CHAP_CHALLENGE_LENGTH)) {
430
+	if (initiatorchg_len == chap->challenge_len &&
431
+				!memcmp(initiatorchg_binhex, chap->challenge,
432
+				initiatorchg_len)) {
358
433
 		pr_err("initiator CHAP_C matches target CHAP_C, failing"
359
434
 		       " login attempt\n");
360
435
 		goto out;
..
..
@@ -386,7 +461,7 @@
386
461
 	/*
387
462
 	 * Convert received challenge to binary hex.
388
463
 	 */
389
-	ret = crypto_shash_finup(desc, challenge_binhex, challenge_len,
464
+	ret = crypto_shash_finup(desc, initiatorchg_binhex, initiatorchg_len,
390
465
 				 digest);
391
466
 	if (ret < 0) {
392
467
 		pr_err("crypto_shash_finup() failed for ma challenge\n");
..
..
@@ -402,41 +477,23 @@
402
477
 	/*
403
478
 	 * Convert response from binary hex to ascii hext.
404
479
 	 */
405
-	bin2hex(response, digest, MD5_SIGNATURE_SIZE);
480
+	bin2hex(response, digest, chap->digest_size);
406
481
 	*nr_out_len += sprintf(nr_out_ptr + *nr_out_len, "CHAP_R=0x%s",
407
482
 			response);
408
483
 	*nr_out_len += 1;
409
484
 	pr_debug("[server] Sending CHAP_R=0x%s\n", response);
410
485
 	auth_ret = 0;
411
486
 out:
412
-	kzfree(desc);
487
+	kfree_sensitive(desc);
413
488
 	if (tfm)
414
489
 		crypto_free_shash(tfm);
415
-	kfree(challenge);
416
-	kfree(challenge_binhex);
490
+	kfree(initiatorchg);
491
+	kfree(initiatorchg_binhex);
492
+	kfree(digest);
493
+	kfree(response);
494
+	kfree(server_digest);
495
+	kfree(client_digest);
417
496
 	return auth_ret;
418
-}
419
-
420
-static int chap_got_response(
421
-	struct iscsi_conn *conn,
422
-	struct iscsi_node_auth *auth,
423
-	char *nr_in_ptr,
424
-	char *nr_out_ptr,
425
-	unsigned int *nr_out_len)
426
-{
427
-	struct iscsi_chap *chap = conn->auth_protocol;
428
-
429
-	switch (chap->digest_type) {
430
-	case CHAP_DIGEST_MD5:
431
-		if (chap_server_compute_md5(conn, auth, nr_in_ptr,
432
-				nr_out_ptr, nr_out_len) < 0)
433
-			return -1;
434
-		return 0;
435
-	default:
436
-		pr_err("Unknown CHAP digest type %d!\n",
437
-				chap->digest_type);
438
-		return -1;
439
-	}
440
497
 }
441
498
 
442
499
 u32 chap_main_loop(
..
..
@@ -457,7 +514,7 @@
457
514
 		return 0;
458
515
 	} else if (chap->chap_state == CHAP_STAGE_SERVER_AIC) {
459
516
 		convert_null_to_semi(in_text, *in_len);
460
-		if (chap_got_response(conn, auth, in_text, out_text,
517
+		if (chap_server_compute_hash(conn, auth, in_text, out_text,
461
518
 				out_len) < 0) {
462
519
 			chap_close(conn);
463
520
 			return 2;