Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-host-ipmid / 9b307be647ff786f05c03fa742b982d99dd341ae^! / . / integrity_algo.hpp
commit9b307be647ff786f05c03fa742b982d99dd341ae[log] [tgz]
authorVernon Mauery <vernon.mauery@linux.intel.com>Wed Nov 22 09:28:16 2017 -0800
committerVernon Mauery <vernon.mauery@linux.intel.com>Thu Dec 07 12:54:43 2017 -0800
tree0b19e4d830a1ee6c7e882539c7e5b1549fbdc111
parent70fd29cf487ceefd21af58bab988a7ff9ec07efb [diff] [blame]
Prepare for adding RMCP+ cipher suite 17

In many places, there are baked-in assumptions about algorithms that tie
the session initiation to cipher suite 3. This commit teases out those
assumptions and prepares for the next patch that actually adds in the
new authentication and integrity algorithms to support cipher suite 17.

Change-Id: I2ee3672a7c503b89c5ff0aba30cf7a4601e24d04
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

diff --git a/integrity_algo.hpp b/integrity_algo.hpp
index 0d869c7..3e003b6 100644
--- a/integrity_algo.hpp
+++ b/integrity_algo.hpp

@@ -1,8 +1,8 @@
 #pragma once
 
-#include <openssl/sha.h>
 #include <array>
 #include <vector>
+#include "rmcp.hpp"
 
 namespace cipher
 {
@@ -10,25 +10,6 @@
 namespace integrity
 {
 
-using Key = std::array<uint8_t, SHA_DIGEST_LENGTH>;
-
-/*
- * RSP needs more keying material than can be provided by session integrity key
- * alone. As a result all keying material for the RSP integrity algorithms
- * will be generated by processing a pre-defined set of constants using HMAC per
- * [RFC2104], keyed by SIK. These constants are constructed using a hexadecimal
- * octet value repeated up to the HMAC block size in length starting with the
- * constant 01h. This mechanism can be used to derive up to 255
- * HMAC-block-length pieces of keying material from a single SIK. For the
- * mandatory integrity algorithm HMAC-SHA1-96, processing the following
- * constant will generate the required amount of keying material.
- */
-constexpr Key const1 = { 0x01, 0x01, 0x01, 0x01, 0x01,
-                         0x01, 0x01, 0x01, 0x01, 0x01,
-                         0x01, 0x01, 0x01, 0x01, 0x01,
-                         0x01, 0x01, 0x01, 0x01, 0x01
-                       };
-
 /**
  * @enum Integrity Algorithms
  *
@@ -61,13 +42,10 @@
         /**
          * @brief Constructor for Interface
          *
-         * @param[in] - Session Integrity Key to generate K1
-         * @param[in] - Additional keying material to generate K1
          * @param[in] - AuthCode length
          */
-        explicit Interface(const std::vector<uint8_t>& sik,
-                           const Key& addKey,
-                           size_t authLength);
+        explicit Interface(size_t authLength)
+            : authCodeLength(authLength) {}
 
         Interface() = delete;
         virtual ~Interface() = default;
@@ -122,6 +100,34 @@
             }
         }
 
+        /**
+         * @brief Generate additional keying material based on SIK
+         *
+         * @note
+         * The IPMI 2.0 spec only states that the additional keying material is
+         * generated by running HMAC(constN) using SIK as the key. It does not
+         * state whether this is the integrity algorithm or the authentication
+         * algorithm. Other implementations of the RMCP+ algorithm (ipmitool
+         * and ipmiutil) are not consistent on this matter. But it does not
+         * really matter because based on any of the defined cipher suites, the
+         * integrity and authentication algorithms are both based on the same
+         * digest method (integrity::Algorithms::HMAC_SHA1_96 uses SHA1 and
+         * rakp_auth::Algorithms::RAKP_HMAC_SHA1 uses SHA1). None of the
+         * defined cipher suites mix and match digests for integrity and
+         * authentication. Generating Kn belongs in either the integrity or
+         * authentication classes, so in this implementation, integrity has
+         * been chosen.
+         *
+         * @param[in] sik - session integrity key
+         * @param[in] data - 20-byte Const_n
+         *
+         * @return on success returns the Kn based on this integrity class
+         *
+         */
+        std::vector<uint8_t> virtual generateKn(
+                const std::vector<uint8_t>& sik,
+                const rmcp::Const_n& data) const = 0;
+
         /** @brief Authcode field
          *
          *  AuthCode field length varies based on the integrity algorithm, for
@@ -133,7 +139,7 @@
     protected:
 
         /** @brief K1 key used to generated the integrity data. */
-        Key K1;
+        std::vector<uint8_t> k1;
 };
 
 /**
@@ -157,8 +163,7 @@
          *
          * @param[in] - Session Integrity Key
          */
-        explicit AlgoSHA1(const std::vector<uint8_t>& sik) :
-            Interface(sik, const1, SHA1_96_AUTHCODE_LENGTH) {}
+        explicit AlgoSHA1(const std::vector<uint8_t>& sik);
 
         AlgoSHA1() = delete;
         ~AlgoSHA1() = default;
@@ -195,6 +200,19 @@
         std::vector<uint8_t> generateIntegrityData(
                 const std::vector<uint8_t>& packet) const override;
 
+        /**
+         * @brief Generate additional keying material based on SIK
+         *
+         * @param[in] sik - session integrity key
+         * @param[in] data - 20-byte Const_n
+         *
+         * @return on success returns the Kn based on HMAC-SHA1
+         *
+         */
+        std::vector<uint8_t> generateKn(
+                const std::vector<uint8_t>& sik,
+                const rmcp::Const_n& const_n) const;
+
     private:
         /**
          * @brief Generate HMAC based on HMAC-SHA1-96 algorithm