[PATCH 0/6] NetworkPkg/IScsiDxe: support SHA256 in CHAP

Laszlo Ersek

Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3355
Repo: https://pagure.io/lersek/edk2.git
Branch: iscsi_sha256_bz3355

Please find the Feature Request described in comment#0 of the BZ.

The patch series depends on:

[edk2-devel] [PUBLIC edk2 PATCH v2 00/10]
NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs

Message-Id: <20210608121259.32451-1-lersek@...>

Please find the test matrix *template* in comment#2 of the BZ.

Actual test results, with this series applied:

Tests with no authentication Results
---------------------------- -------------------------
login result test result
------------ -----------

Tests with mutual authentication Results
---------------------------------- --------------------------------------
secret of ...
matches CHAP_A
target initiator ------------- -------------------
supports supports offered picked login test
SHA256 MD5 target init. by init. by target result result
-------- --------- ------ ----- -------- --------- --------- ------
no no n/a n/a 7 n/a targ abrt PASS
no yes no n/a 7,5 5 targ abrt PASS
no yes yes no 7,5 5 init abrt PASS
no yes yes yes 7,5 5 ok PASS
yes no no n/a 7 7 targ abrt PASS
yes no yes no 7 7 init abrt PASS
yes no yes yes 7 7 ok PASS
yes yes no n/a 7,5 7 targ abrt PASS
yes yes yes no 7,5 7 init abrt PASS
yes yes yes yes 7,5 7 ok PASS


- iSCSI communication was monitored with wireshark.

- RHEL-7.6 was used as the target without SHA256 support. RHEL-7.9 was
used as the target with SHA256 support.

- The expression "initiator doesn't support MD5" means building the

- SHA256 support is always present in the initiator (simply by virtue of
the series being applied). MD5 support is always present in the

Cc: Jiaxin Wu <jiaxin.wu@...>
Cc: Maciej Rabeda <maciej.rabeda@...>
Cc: Philippe Mathieu-Daudé <philmd@...>
Cc: Siyuan Fu <siyuan.fu@...>


Laszlo Ersek (6):
NetworkPkg/IScsiDxe: re-set session-level authentication state before
NetworkPkg/IScsiDxe: add horizontal whitespace to IScsiCHAP files
NetworkPkg/IScsiDxe: distinguish "maximum" and "selected" CHAP digest
NetworkPkg/IScsiDxe: support multiple hash algorithms for CHAP
NetworkPkg/IScsiDxe: support SHA256 in CHAP
NetworkPkg: introduce the NETWORK_ISCSI_MD5_ENABLE feature test macro

NetworkPkg/IScsiDxe/IScsiCHAP.c | 192 ++++++++++++++++----
NetworkPkg/IScsiDxe/IScsiCHAP.h | 95 ++++++++--
NetworkPkg/IScsiDxe/IScsiDriver.c | 2 +
NetworkPkg/IScsiDxe/IScsiProto.c | 21 +++
NetworkPkg/NetworkBuildOptions.dsc.inc | 2 +-
NetworkPkg/NetworkDefines.dsc.inc | 20 ++
6 files changed, 281 insertions(+), 51 deletions(-)


Join {devel@edk2.groups.io to automatically receive all group messages.