add SHA256chap-fips-experimental

author: Chris Leech <cleech@redhat.com> 2019-09-27 10:03:12 -0700
committer: Chris Leech <cleech@redhat.com> 2019-10-07 15:14:30 -0700
commit: 15cb472b0e0a9fc678eaf4546baa275245bda4dd (patch)
tree: fb8ce08c643d62879c9404f13084478ddf9876ff
parent: 155cc45b25f29c08041c4d04646ed53c9e33f0f3 (diff)
download: open-iscsi-chap-fips-experimental.tar.gz
2 files changed, 15 insertions, 2 deletions
diff --git a/usr/auth.c b/usr/auth.c
index 6c7b4c5..afb4ea3 100644
--- a/usr/auth.c
+++ b/usr/auth.c
@@ -179,6 +179,9 @@ static int auth_hash_init(EVP_MD_CTX **context, int chap_alg) {
 	case AUTH_CHAP_ALG_SHA1:
 		digest = EVP_sha1();
 		break;
+	case AUTH_CHAP_ALG_SHA256:
+		digest = EVP_sha256();
+		break;
 	case AUTH_CHAP_ALG_SHA3_256:
 		digest = EVP_sha3_256();
 		break;
@@ -333,6 +336,7 @@ acl_chk_chap_alg_optn(int chap_algorithm)
 {
 	if (chap_algorithm == AUTH_OPTION_NONE ||
 	    chap_algorithm == AUTH_CHAP_ALG_SHA3_256 ||
+	    chap_algorithm == AUTH_CHAP_ALG_SHA256 ||
 	    chap_algorithm == AUTH_CHAP_ALG_SHA1 ||
 	    chap_algorithm == AUTH_CHAP_ALG_MD5)
 		return 0;
@@ -741,6 +745,9 @@ acl_chk_chap_alg_key(struct iscsi_acl *client)
 				case AUTH_CHAP_ALG_SHA1:
 					client->chap_challenge_len = AUTH_CHAP_SHA1_RSP_LEN;
 					break;
+				case AUTH_CHAP_ALG_SHA256:
+					client->chap_challenge_len = AUTH_CHAP_SHA256_RSP_LEN;
+					break;
 				case AUTH_CHAP_ALG_SHA3_256:
 					client->chap_challenge_len = AUTH_CHAP_SHA3_256_RSP_LEN;
 					break;
@@ -893,6 +900,7 @@ acl_local_auth(struct iscsi_acl *client)
 			client->dbg_status = AUTH_DBG_STATUS_CHAP_ALG_REJECT;
 			break;
 		} else if ((client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA3_256) &&
+			   (client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA256) &&
 			   (client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA1) &&
 			   (client->negotiated_chap_alg != AUTH_CHAP_ALG_MD5)) {
 			client->local_state = AUTH_LOCAL_STATE_ERROR;
@@ -1818,6 +1826,9 @@ acl_init_chap_digests(int *value_list) {
 	if (EVP_DigestInit_ex(context, EVP_sha3_256(), NULL)) {
 		value_list[i++] = AUTH_CHAP_ALG_SHA3_256;
 	}
+	if (EVP_DigestInit_ex(context, EVP_sha256(), NULL)) {
+		value_list[i++] = AUTH_CHAP_ALG_SHA256;
+	}
 	if (EVP_DigestInit_ex(context, EVP_sha1(), NULL)) {
 		value_list[i++] = AUTH_CHAP_ALG_SHA1;
 	}
diff --git a/usr/auth.h b/usr/auth.h
index d36163c..f6dbbe4 100644
--- a/usr/auth.h
+++ b/usr/auth.h
@@ -31,6 +31,7 @@ enum {
 	ACL_SIGNATURE = 0x5984B2E3,
 	AUTH_CHAP_MD5_RSP_LEN = 16,
 	AUTH_CHAP_SHA1_RSP_LEN = 20,
+	AUTH_CHAP_SHA256_RSP_LEN = 32,
 	AUTH_CHAP_SHA3_256_RSP_LEN = 32,
 	AUTH_CHAP_RSP_MAX = 32,
 };
@@ -65,8 +66,9 @@ enum {
 
 	AUTH_CHAP_ALG_MD5 = 5,
 	AUTH_CHAP_ALG_SHA1 = 6,
-	AUTH_CHAP_ALG_SHA3_256 = 7,
-	AUTH_CHAP_ALG_MAX_COUNT = 4
+	AUTH_CHAP_ALG_SHA256 = 7,
+	AUTH_CHAP_ALG_SHA3_256 = 8,
+	AUTH_CHAP_ALG_MAX_COUNT = 5
 };
 
 enum auth_neg_role {
author	Chris Leech <cleech@redhat.com>	2019-09-27 10:03:12 -0700
committer	Chris Leech <cleech@redhat.com>	2019-10-07 15:14:30 -0700
commit	15cb472b0e0a9fc678eaf4546baa275245bda4dd (patch)
tree	fb8ce08c643d62879c9404f13084478ddf9876ff
parent	155cc45b25f29c08041c4d04646ed53c9e33f0f3 (diff)
download	open-iscsi-chap-fips-experimental.tar.gz