Insert a SHA256 CHAP_HASH structure at the start of "mChapHash".
Update ISCSI_CHAP_MAX_DIGEST_SIZE to SHA256_DIGEST_SIZE (32).
This enables the initiator and the target to negotiate SHA256 for CHAP, in
preference to MD5.
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3355
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Message-Id: <
20210629163337.14120-6-lersek@redhat.com>
// by the initiator.\r
//\r
STATIC CONST CHAP_HASH mChapHash[] = {\r
+ {\r
+ ISCSI_CHAP_ALGORITHM_SHA256,\r
+ SHA256_DIGEST_SIZE,\r
+ Sha256GetContextSize,\r
+ Sha256Init,\r
+ Sha256Update,\r
+ Sha256Final\r
+ },\r
+ //\r
+ // Keep the deprecated MD5 entry at the end of the array (making MD5 the\r
+ // least preferred choice of the initiator).\r
+ //\r
{\r
ISCSI_CHAP_ALGORITHM_MD5,\r
MD5_DIGEST_SIZE,\r
// https://www.iana.org/assignments/ppp-numbers/ppp-numbers.xhtml#ppp-numbers-9\r
//\r
#define ISCSI_CHAP_ALGORITHM_MD5 5\r
+#define ISCSI_CHAP_ALGORITHM_SHA256 7\r
\r
//\r
// Byte count of the largest digest over the above-listed\r
// ISCSI_CHAP_ALGORITHM_* hash algorithms.\r
//\r
-#define ISCSI_CHAP_MAX_DIGEST_SIZE MD5_DIGEST_SIZE\r
+#define ISCSI_CHAP_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE\r
\r
#define ISCSI_CHAP_STEP_ONE 1\r
#define ISCSI_CHAP_STEP_TWO 2\r