NetworkPkg/IScsiDxe: support SHA256 in CHAP

Insert a SHA256 CHAP_HASH structure at the start of "mChapHash". Update ISCSI_CHAP_MAX_DIGEST_SIZE to SHA256_DIGEST_SIZE (32). This enables the initiator and the target to negotiate SHA256 for CHAP, in preference to MD5. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3355 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Message-Id: <20210629163337.14120-6-lersek@redhat.com>
author: Laszlo Ersek <lersek@redhat.com> 2021-06-29 18:33:36 +0200
committer: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> 2021-06-30 19:20:41 +0000
commit: 47fea2abcb8b73a503568e1e2bb83a52d00a73b2 (patch)
tree: e4a2f558efa215cb94d67770d2761d4f9825890c
parent: 903ce1d8f868e394d5cea477bd568c7d68d109e9 (diff)
download: edk2-47fea2abcb8b73a503568e1e2bb83a52d00a73b2.tar.gz
2 files changed, 14 insertions, 1 deletions
diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c
index 351bf329b7..80035ece98 100644
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c
@@ -16,6 +16,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 //
 STATIC CONST CHAP_HASH mChapHash[] = {
   {
+    ISCSI_CHAP_ALGORITHM_SHA256,
+    SHA256_DIGEST_SIZE,
+    Sha256GetContextSize,
+    Sha256Init,
+    Sha256Update,
+    Sha256Final
+  },
+  //
+  // Keep the deprecated MD5 entry at the end of the array (making MD5 the
+  // least preferred choice of the initiator).
+  //
+  {
     ISCSI_CHAP_ALGORITHM_MD5,
     MD5_DIGEST_SIZE,
     Md5GetContextSize,
diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h
index 1e5cc0b287..e2df634c4e 100644
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.h
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h
@@ -22,12 +22,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 // https://www.iana.org/assignments/ppp-numbers/ppp-numbers.xhtml#ppp-numbers-9
 //
 #define ISCSI_CHAP_ALGORITHM_MD5                  5
+#define ISCSI_CHAP_ALGORITHM_SHA256               7
 
 //
 // Byte count of the largest digest over the above-listed
 // ISCSI_CHAP_ALGORITHM_* hash algorithms.
 //
-#define ISCSI_CHAP_MAX_DIGEST_SIZE                MD5_DIGEST_SIZE
+#define ISCSI_CHAP_MAX_DIGEST_SIZE                SHA256_DIGEST_SIZE
 
 #define ISCSI_CHAP_STEP_ONE                       1
 #define ISCSI_CHAP_STEP_TWO                       2
author	Laszlo Ersek <lersek@redhat.com>	2021-06-29 18:33:36 +0200
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2021-06-30 19:20:41 +0000
commit	47fea2abcb8b73a503568e1e2bb83a52d00a73b2 (patch)
tree	e4a2f558efa215cb94d67770d2761d4f9825890c
parent	903ce1d8f868e394d5cea477bd568c7d68d109e9 (diff)
download	edk2-47fea2abcb8b73a503568e1e2bb83a52d00a73b2.tar.gz