[PATCH 0/6] NetworkPkg/IScsiDxe: support SHA256 in CHAP
|
Laszlo Ersek
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3355
Repo: https://pagure.io/lersek/edk2.git Branch: iscsi_sha256_bz3355 Please find the Feature Request described in comment#0 of the BZ. The patch series depends on: [edk2-devel] [PUBLIC edk2 PATCH v2 00/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Message-Id: <20210608121259.32451-1-lersek@...> https://listman.redhat.com/archives/edk2-devel-archive/2021-June/msg00316.html https://edk2.groups.io/g/devel/message/76198 Please find the test matrix *template* in comment#2 of the BZ. Actual test results, with this series applied: Tests with no authentication Results ---------------------------- ------------------------- login result test result ------------ ----------- ok PASS Tests with mutual authentication Results ---------------------------------- -------------------------------------- secret of ... matches CHAP_A target initiator ------------- ------------------- supports supports offered picked login test SHA256 MD5 target init. by init. by target result result -------- --------- ------ ----- -------- --------- --------- ------ no no n/a n/a 7 n/a targ abrt PASS no yes no n/a 7,5 5 targ abrt PASS no yes yes no 7,5 5 init abrt PASS no yes yes yes 7,5 5 ok PASS yes no no n/a 7 7 targ abrt PASS yes no yes no 7 7 init abrt PASS yes no yes yes 7 7 ok PASS yes yes no n/a 7,5 7 targ abrt PASS yes yes yes no 7,5 7 init abrt PASS yes yes yes yes 7,5 7 ok PASS Notes: - iSCSI communication was monitored with wireshark. - RHEL-7.6 was used as the target without SHA256 support. RHEL-7.9 was used as the target with SHA256 support. - The expression "initiator doesn't support MD5" means building the series with "-D NETWORK_ISCSI_MD5_ENABLE=FALSE". - SHA256 support is always present in the initiator (simply by virtue of the series being applied). MD5 support is always present in the target. Cc: Jiaxin Wu <jiaxin.wu@...> Cc: Maciej Rabeda <maciej.rabeda@...> Cc: Philippe Mathieu-Daudé <philmd@...> Cc: Siyuan Fu <siyuan.fu@...> Thanks, Laszlo Laszlo Ersek (6): NetworkPkg/IScsiDxe: re-set session-level authentication state before login NetworkPkg/IScsiDxe: add horizontal whitespace to IScsiCHAP files NetworkPkg/IScsiDxe: distinguish "maximum" and "selected" CHAP digest sizes NetworkPkg/IScsiDxe: support multiple hash algorithms for CHAP NetworkPkg/IScsiDxe: support SHA256 in CHAP NetworkPkg: introduce the NETWORK_ISCSI_MD5_ENABLE feature test macro NetworkPkg/IScsiDxe/IScsiCHAP.c | 192 ++++++++++++++++---- NetworkPkg/IScsiDxe/IScsiCHAP.h | 95 ++++++++-- NetworkPkg/IScsiDxe/IScsiDriver.c | 2 + NetworkPkg/IScsiDxe/IScsiProto.c | 21 +++ NetworkPkg/NetworkBuildOptions.dsc.inc | 2 +- NetworkPkg/NetworkDefines.dsc.inc | 20 ++ 6 files changed, 281 insertions(+), 51 deletions(-) -- 2.19.1.3.g30247aa5d201 |
|
|