Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-host-ipmid / 9b307be647ff786f05c03fa742b982d99dd341ae^! / . / integrity_algo.cpp
commit9b307be647ff786f05c03fa742b982d99dd341ae[log] [tgz]
authorVernon Mauery <vernon.mauery@linux.intel.com>Wed Nov 22 09:28:16 2017 -0800
committerVernon Mauery <vernon.mauery@linux.intel.com>Thu Dec 07 12:54:43 2017 -0800
tree0b19e4d830a1ee6c7e882539c7e5b1549fbdc111
parent70fd29cf487ceefd21af58bab988a7ff9ec07efb [diff] [blame]
Prepare for adding RMCP+ cipher suite 17

In many places, there are baked-in assumptions about algorithms that tie
the session initiation to cipher suite 3. This commit teases out those
assumptions and prepares for the next patch that actually adds in the
new authentication and integrity algorithms to support cipher suite 17.

Change-Id: I2ee3672a7c503b89c5ff0aba30cf7a4601e24d04
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

diff --git a/integrity_algo.cpp b/integrity_algo.cpp
index 3a6c34d..62c2653 100644
--- a/integrity_algo.cpp
+++ b/integrity_algo.cpp

@@ -1,3 +1,4 @@
+#include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/sha.h>
 #include "integrity_algo.hpp"
@@ -9,21 +10,10 @@
 namespace integrity
 {
 
-Interface::Interface(const std::vector<uint8_t>& sik,
-                     const Key& addKey, size_t authLength)
+AlgoSHA1::AlgoSHA1(const std::vector<uint8_t>& sik)
+    : Interface(SHA1_96_AUTHCODE_LENGTH)
 {
-    unsigned int mdLen = 0;
-
-    // Generated K1 for the integrity algorithm with the additional key keyed
-    // with SIK.
-    if (HMAC(EVP_sha1(), sik.data(), sik.size(), addKey.data(),
-             addKey.size(), K1.data(), &mdLen) == NULL)
-    {
-        throw std::runtime_error("Generating Key1 for integrity "
-                                 "algorithm failed");
-    }
-
-    authCodeLength = authLength;
+    k1 = generateKn(sik, rmcp::const_1);
 }
 
 std::vector<uint8_t> AlgoSHA1::generateHMAC(const uint8_t* input,
@@ -32,7 +22,7 @@
     std::vector<uint8_t> output(SHA_DIGEST_LENGTH);
     unsigned int mdLen = 0;
 
-    if (HMAC(EVP_sha1(), K1.data(), K1.size(), input, len,
+    if (HMAC(EVP_sha1(), k1.data(), k1.size(), input, len,
              output.data(), &mdLen) == NULL)
     {
         throw std::runtime_error("Generating integrity data failed");
@@ -70,6 +60,23 @@
             packet.size() - message::parser::RMCP_SESSION_HEADER_SIZE);
 }
 
+std::vector<uint8_t> AlgoSHA1::generateKn(const std::vector<uint8_t>& sik,
+        const rmcp::Const_n& const_n) const
+{
+    unsigned int mdLen = 0;
+    std::vector<uint8_t> Kn(sik.size());
+
+    // Generated Kn for the integrity algorithm with the additional key keyed
+    // with SIK.
+    if (HMAC(EVP_sha1(), sik.data(), sik.size(), const_n.data(),
+             const_n.size(), Kn.data(), &mdLen) == NULL)
+    {
+        throw std::runtime_error("Generating KeyN for integrity "
+                                 "algorithm failed");
+    }
+    return Kn;
+}
+
 }// namespace integrity
 
 }// namespace cipher