Remove the support for insecure protocols in RMCP+
The two supported Cipher suites for RMCP+ will be cipher Suite 3
and 17 after this change. The cipher suite 3 is the default choice
for the ipmitool if the cipher suite is not explicitly mentioned.
The supported algorithms are the following:
Authentication: a) RAKP-HMAC-SHA1, b) RAKP-HMAC-SHA256
Integrity: a) HMAC-SHA1-9, b) HMAC-SHA256-128
Confidentiality: a) AES-CBC-128
Change-Id: Ia2fbaae29235e4bd43c42b59a2295a2db28efce3
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
diff --git a/auth_algo.hpp b/auth_algo.hpp
index 6bd32d0..c9fb821 100644
--- a/auth_algo.hpp
+++ b/auth_algo.hpp
@@ -27,10 +27,10 @@
*/
enum class Algorithms : uint8_t
{
- RAKP_NONE = 0, // Mandatory
- RAKP_HMAC_SHA1, // Mandatory
- RAKP_HMAC_MD5, // Optional
- RAKP_HMAC_SHA256, // Optional
+ RAKP_NONE = 0, // Mandatory (implemented, not supported)
+ RAKP_HMAC_SHA1, // Mandatory (implemented, default choice in ipmitool)
+ RAKP_HMAC_MD5, // Optional (not implemented)
+ RAKP_HMAC_SHA256, // Optional (implemented, best available)
// Reserved used to indicate an invalid authentication algorithm
RAKP_HMAC_INVALID = 0xB0
};
@@ -102,8 +102,7 @@
*/
static bool isAlgorithmSupported(Algorithms algo)
{
- if (algo == Algorithms::RAKP_NONE ||
- algo == Algorithms::RAKP_HMAC_SHA1 ||
+ if (algo == Algorithms::RAKP_HMAC_SHA1 ||
algo == Algorithms::RAKP_HMAC_SHA256)
{
return true;