Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3355 Repo: https://pagure.io/lersek/edk2.git Branch: iscsi_sha256_bz3355
Please find the Feature Request described in comment#0 of the BZ. The patch series depends on: [edk2-devel] [PUBLIC edk2 PATCH v2 00/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Message-Id: <20210608121259.32451-1-ler...@redhat.com> https://listman.redhat.com/archives/edk2-devel-archive/2021-June/msg00316.html https://edk2.groups.io/g/devel/message/76198 Please find the test matrix *template* in comment#2 of the BZ. Actual test results, with this series applied: Tests with no authentication Results ---------------------------- ------------------------- login result test result ------------ ----------- ok PASS Tests with mutual authentication Results ---------------------------------- -------------------------------------- secret of ... matches CHAP_A target initiator ------------- ------------------- supports supports offered picked login test SHA256 MD5 target init. by init. by target result result -------- --------- ------ ----- -------- --------- --------- ------ no no n/a n/a 7 n/a targ abrt PASS no yes no n/a 7,5 5 targ abrt PASS no yes yes no 7,5 5 init abrt PASS no yes yes yes 7,5 5 ok PASS yes no no n/a 7 7 targ abrt PASS yes no yes no 7 7 init abrt PASS yes no yes yes 7 7 ok PASS yes yes no n/a 7,5 7 targ abrt PASS yes yes yes no 7,5 7 init abrt PASS yes yes yes yes 7,5 7 ok PASS Notes: - iSCSI communication was monitored with wireshark. - RHEL-7.6 was used as the target without SHA256 support. RHEL-7.9 was used as the target with SHA256 support. - The expression "initiator doesn't support MD5" means building the series with "-D NETWORK_ISCSI_MD5_ENABLE=FALSE". - SHA256 support is always present in the initiator (simply by virtue of the series being applied). MD5 support is always present in the target. Cc: Jiaxin Wu <jiaxin...@intel.com> Cc: Maciej Rabeda <maciej.rab...@linux.intel.com> Cc: Philippe Mathieu-Daudé <phi...@redhat.com> Cc: Siyuan Fu <siyuan...@intel.com> Thanks, Laszlo Laszlo Ersek (6): NetworkPkg/IScsiDxe: re-set session-level authentication state before login NetworkPkg/IScsiDxe: add horizontal whitespace to IScsiCHAP files NetworkPkg/IScsiDxe: distinguish "maximum" and "selected" CHAP digest sizes NetworkPkg/IScsiDxe: support multiple hash algorithms for CHAP NetworkPkg/IScsiDxe: support SHA256 in CHAP NetworkPkg: introduce the NETWORK_ISCSI_MD5_ENABLE feature test macro NetworkPkg/IScsiDxe/IScsiCHAP.c | 192 ++++++++++++++++---- NetworkPkg/IScsiDxe/IScsiCHAP.h | 95 ++++++++-- NetworkPkg/IScsiDxe/IScsiDriver.c | 2 + NetworkPkg/IScsiDxe/IScsiProto.c | 21 +++ NetworkPkg/NetworkBuildOptions.dsc.inc | 2 +- NetworkPkg/NetworkDefines.dsc.inc | 20 ++ 6 files changed, 281 insertions(+), 51 deletions(-) -- 2.19.1.3.g30247aa5d201 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76213): https://edk2.groups.io/g/devel/message/76213 Mute This Topic: https://groups.io/mt/83395021/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-