NetworkPkg/IScsiDxe: support SHA256 in CHAP

Insert a SHA256 CHAP_HASH structure at the start of "mChapHash".

Update ISCSI_CHAP_MAX_DIGEST_SIZE to SHA256_DIGEST_SIZE (32).

This enables the initiator and the target to negotiate SHA256 for CHAP, in
preference to MD5.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3355
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Message-Id: <20210629163337.14120-6-lersek@redhat.com>

diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c
index 351bf329b73996bec9fa101317da8624d82239fa..80035ece98874de2e39eee5de016e97a4f29f7ce 100644 (file)
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c
@@ -15,6 +15,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 // by the initiator.\r
 //\r
 STATIC CONST CHAP_HASH mChapHash[] = {\r
+  {\r
+    ISCSI_CHAP_ALGORITHM_SHA256,\r
+    SHA256_DIGEST_SIZE,\r
+    Sha256GetContextSize,\r
+    Sha256Init,\r
+    Sha256Update,\r
+    Sha256Final\r
+  },\r
+  //\r
+  // Keep the deprecated MD5 entry at the end of the array (making MD5 the\r
+  // least preferred choice of the initiator).\r
+  //\r
   {\r
     ISCSI_CHAP_ALGORITHM_MD5,\r
     MD5_DIGEST_SIZE,\r

diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h
index 1e5cc0b287edc398b005571902efce018eba7ffd..e2df634c4e67064333ba43be1b70ef3650b8c0ec 100644 (file)
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.h
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h
@@ -22,12 +22,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 // https://www.iana.org/assignments/ppp-numbers/ppp-numbers.xhtml#ppp-numbers-9\r
 //\r
 #define ISCSI_CHAP_ALGORITHM_MD5                  5\r
+#define ISCSI_CHAP_ALGORITHM_SHA256               7\r
 \r
 //\r
 // Byte count of the largest digest over the above-listed\r
 // ISCSI_CHAP_ALGORITHM_* hash algorithms.\r
 //\r
-#define ISCSI_CHAP_MAX_DIGEST_SIZE                MD5_DIGEST_SIZE\r
+#define ISCSI_CHAP_MAX_DIGEST_SIZE                SHA256_DIGEST_SIZE\r
 \r
 #define ISCSI_CHAP_STEP_ONE                       1\r
 #define ISCSI_CHAP_STEP_TWO                       2\r