Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-host-ipmid / 9b307be647ff786f05c03fa742b982d99dd341ae^! / . / crypt_algo.hpp
commit9b307be647ff786f05c03fa742b982d99dd341ae[log] [tgz]
authorVernon Mauery <vernon.mauery@linux.intel.com>Wed Nov 22 09:28:16 2017 -0800
committerVernon Mauery <vernon.mauery@linux.intel.com>Thu Dec 07 12:54:43 2017 -0800
tree0b19e4d830a1ee6c7e882539c7e5b1549fbdc111
parent70fd29cf487ceefd21af58bab988a7ff9ec07efb [diff] [blame]
Prepare for adding RMCP+ cipher suite 17

In many places, there are baked-in assumptions about algorithms that tie
the session initiation to cipher suite 3. This commit teases out those
assumptions and prepares for the next patch that actually adds in the
new authentication and integrity algorithms to support cipher suite 17.

Change-Id: I2ee3672a7c503b89c5ff0aba30cf7a4601e24d04
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

diff --git a/crypt_algo.hpp b/crypt_algo.hpp
index ccef7d8..ca4dbca 100644
--- a/crypt_algo.hpp
+++ b/crypt_algo.hpp

@@ -1,7 +1,7 @@
 #pragma once
 
-#include <openssl/sha.h>
 #include <array>
+#include <cstdint>
 #include <vector>
 
 namespace cipher
@@ -10,8 +10,6 @@
 namespace crypt
 {
 
-using key = std::array<uint8_t, SHA_DIGEST_LENGTH>;
-
 /**
  * @enum Confidentiality Algorithms
  *
@@ -42,11 +40,9 @@
     public:
         /**
          * @brief Constructor for Interface
-         *
-         * @param[in] - Session Integrity key to generate K2
-         * @param[in] - Additional keying material to generate K2
          */
-        explicit Interface(const std::vector<uint8_t>& sik, const key& addKey);
+        explicit Interface(const std::vector<uint8_t>& k2)
+            : k2(k2) {}
 
         Interface() = delete;
         virtual ~Interface() = default;
@@ -129,25 +125,6 @@
         static constexpr size_t AESCBC128BlockSize = 16;
 
         /**
-         * RSP needs more keying material than can be provided by session
-         * integrity key alone. As a result all keying material for the RSP
-         * confidentiality algorithms will be generated by processing a
-         * pre-defined set of constants using HMAC per [RFC2104], keyed by SIK.
-         * These constants are constructed using a hexadecimal octet value
-         * repeated up to the HMAC block size in length starting with the
-         * constant 01h. This mechanism can be used to derive up to 255
-         * HMAC-block-length pieces of keying material from a single SIK.For the
-         * mandatory confidentiality algorithm AES-CBC-128, processing the
-         * following constant will generate the required amount of keying
-         * material.
-         */
-        static constexpr key const2 = { 0x02, 0x02, 0x02, 0x02, 0x02,
-                                        0x02, 0x02, 0x02, 0x02, 0x02,
-                                        0x02, 0x02, 0x02, 0x02, 0x02,
-                                        0x02, 0x02, 0x02, 0x02, 0x02
-                                       };
-
-        /**
          * If confidentiality bytes are present, the value of the first byte is
          * one (01h). and all subsequent bytes shall have a monotonically
          * increasing value (e.g., 02h, 03h, 04h, etc). The receiver, as an
@@ -166,7 +143,7 @@
          *
          * @param[in] - Session Integrity key
          */
-        explicit AlgoAES128(const std::vector<uint8_t>& sik) : Interface(sik, const2) {}
+        explicit AlgoAES128(const std::vector<uint8_t>& k2) : Interface(k2) {}
 
         AlgoAES128() = delete;
         ~AlgoAES128() = default;