Add support for cipher suite 17
cipher suite 17 uses RAKP_HMAC_SHA256 for authentication and
RAKP_HMAC_SHA256_128 for integrity. This adds those in and fixes up the
lookups so the stack knows about the new algorithms.
Change-Id: Icdc66563d08060fc0e541ceaf3bee9dd5f89fdb2
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
diff --git a/auth_algo.cpp b/auth_algo.cpp
index 0bc2555..94a8c91 100644
--- a/auth_algo.cpp
+++ b/auth_algo.cpp
@@ -45,6 +45,40 @@
return output;
}
+std::vector<uint8_t> AlgoSHA256::generateHMAC(
+ const std::vector<uint8_t>& input) const
+{
+ std::vector<uint8_t> output(SHA256_DIGEST_LENGTH);
+ unsigned int mdLen = 0;
+
+ if (HMAC(EVP_sha256(), userKey.data(), userKey.size(), input.data(),
+ input.size(), output.data(), &mdLen) == NULL)
+ {
+ std::cerr << "Generate HMAC_SHA256 failed\n";
+ output.resize(0);
+ }
+
+ return output;
+}
+
+std::vector<uint8_t> AlgoSHA256::generateICV(
+ const std::vector<uint8_t>& input) const
+{
+ std::vector<uint8_t> output(SHA256_DIGEST_LENGTH);
+ unsigned int mdLen = 0;
+
+ if (HMAC(EVP_sha256(),
+ sessionIntegrityKey.data(), sessionIntegrityKey.size(),
+ input.data(), input.size(), output.data(), &mdLen) == NULL)
+ {
+ std::cerr << "Generate HMAC_SHA256_128 Integrity Check Value failed\n";
+ output.resize(0);
+ }
+ output.resize(integrityCheckValueLength);
+
+ return output;
+}
+
} // namespace auth
} // namespace cipher
diff --git a/auth_algo.hpp b/auth_algo.hpp
index b6fda94..682c091 100644
--- a/auth_algo.hpp
+++ b/auth_algo.hpp
@@ -103,7 +103,8 @@
static bool isAlgorithmSupported(Algorithms algo)
{
if (algo == Algorithms::RAKP_NONE ||
- algo == Algorithms::RAKP_HMAC_SHA1)
+ algo == Algorithms::RAKP_HMAC_SHA1 ||
+ algo == Algorithms::RAKP_HMAC_SHA256)
{
return true;
}
@@ -178,6 +179,39 @@
const std::vector<uint8_t>& input) const override;
};
+/**
+ * @class AlgoSHA256
+ *
+ * RAKP-HMAC-SHA256 specifies the use of RAKP messages for the key exchange
+ * portion of establishing the session, and that HMAC-SHA256 (per [FIPS 180-2]
+ * and [RFC4634] and is used to create a 32-byte Key Exchange Authentication
+ * Code fields in RAKP Message 2 and RAKP Message 3. HMAC-SHA256-128 (per
+ * [RFC4868]) is used for generating a 16-byte Integrity Check Value field for
+ * RAKP Message 4.
+ */
+
+class AlgoSHA256 : public Interface
+{
+ public:
+ static constexpr size_t integrityCheckValueLength = 16;
+
+ explicit AlgoSHA256(integrity::Algorithms intAlgo,
+ crypt::Algorithms cryptAlgo) :
+ Interface(intAlgo, cryptAlgo) {}
+
+ ~AlgoSHA256() = default;
+ AlgoSHA256(const AlgoSHA256&) = default;
+ AlgoSHA256& operator=(const AlgoSHA256&) = default;
+ AlgoSHA256(AlgoSHA256&&) = default;
+ AlgoSHA256& operator=(AlgoSHA256&&) = default;
+
+ std::vector<uint8_t> generateHMAC(
+ const std::vector<uint8_t>& input) const override;
+
+ std::vector<uint8_t> generateICV(
+ const std::vector<uint8_t>& input) const override;
+};
+
}// namespace auth
}// namespace cipher
diff --git a/command/rakp34.cpp b/command/rakp34.cpp
index 5ba9aa1..24deac0 100644
--- a/command/rakp34.cpp
+++ b/command/rakp34.cpp
@@ -29,6 +29,13 @@
authAlgo->sessionIntegrityKey));
break;
}
+ case cipher::integrity::Algorithms::HMAC_SHA256_128:
+ {
+ session->setIntegrityAlgo(
+ std::make_unique<cipher::integrity::AlgoSHA256>(
+ authAlgo->sessionIntegrityKey));
+ break;
+ }
default:
break;
}
diff --git a/integrity_algo.cpp b/integrity_algo.cpp
index 62c2653..0c3efe8 100644
--- a/integrity_algo.cpp
+++ b/integrity_algo.cpp
@@ -77,6 +77,73 @@
return Kn;
}
+AlgoSHA256::AlgoSHA256(const std::vector<uint8_t>& sik)
+ : Interface(SHA256_128_AUTHCODE_LENGTH)
+{
+ k1 = generateKn(sik, rmcp::const_1);
+}
+
+std::vector<uint8_t> AlgoSHA256::generateHMAC(const uint8_t* input,
+ const size_t len) const
+{
+ std::vector<uint8_t> output(SHA256_DIGEST_LENGTH);
+ unsigned int mdLen = 0;
+
+ if (HMAC(EVP_sha256(), k1.data(), k1.size(), input, len,
+ output.data(), &mdLen) == NULL)
+ {
+ throw std::runtime_error("Generating HMAC_SHA256_128 failed");
+ }
+
+ // HMAC generates Message Digest to the size of SHA256_DIGEST_LENGTH, the
+ // AuthCode field length is based on the integrity algorithm. So we are
+ // interested only in the AuthCode field length of the generated Message
+ // digest.
+ output.resize(authCodeLength);
+
+ return output;
+}
+
+bool AlgoSHA256::verifyIntegrityData(
+ const std::vector<uint8_t>& packet,
+ const size_t length,
+ std::vector<uint8_t>::const_iterator integrityData) const
+{
+
+ auto output = generateHMAC(
+ packet.data() + message::parser::RMCP_SESSION_HEADER_SIZE,
+ length);
+
+ // Verify if the generated integrity data for the packet and the received
+ // integrity data matches.
+ return (std::equal(output.begin(), output.end(), integrityData));
+}
+
+std::vector<uint8_t> AlgoSHA256::generateIntegrityData(
+ const std::vector<uint8_t>& packet) const
+{
+ return generateHMAC(
+ packet.data() + message::parser::RMCP_SESSION_HEADER_SIZE,
+ packet.size() - message::parser::RMCP_SESSION_HEADER_SIZE);
+}
+
+std::vector<uint8_t> AlgoSHA256::generateKn(const std::vector<uint8_t>& sik,
+ const rmcp::Const_n& const_n) const
+{
+ unsigned int mdLen = 0;
+ std::vector<uint8_t> Kn(sik.size());
+
+ // Generated Kn for the integrity algorithm with the additional key keyed
+ // with SIK.
+ if (HMAC(EVP_sha256(), sik.data(), sik.size(), const_n.data(),
+ const_n.size(), Kn.data(), &mdLen) == NULL)
+ {
+ throw std::runtime_error("Generating KeyN for integrity "
+ "algorithm HMAC_SHA256 failed");
+ }
+ return Kn;
+}
+
}// namespace integrity
}// namespace cipher
diff --git a/integrity_algo.hpp b/integrity_algo.hpp
index 3e003b6..81f7da7 100644
--- a/integrity_algo.hpp
+++ b/integrity_algo.hpp
@@ -90,7 +90,9 @@
*/
static bool isAlgorithmSupported(Algorithms algo)
{
- if (algo == Algorithms::NONE || algo == Algorithms::HMAC_SHA1_96)
+ if (algo == Algorithms::NONE ||
+ algo == Algorithms::HMAC_SHA1_96 ||
+ algo == Algorithms::HMAC_SHA256_128)
{
return true;
}
@@ -227,6 +229,91 @@
const size_t len) const;
};
+/**
+ * @class AlgoSHA256
+ *
+ * @brief Implementation of the HMAC-SHA256-128 Integrity algorithm
+ *
+ * HMAC-SHA256-128 take the Session Integrity Key and use it to generate K1. K1
+ * is then used as the key for use in HMAC to produce the AuthCode field. For
+ * “one-key” logins, the user’s key (password) is used in the creation of the
+ * Session Integrity Key. When the HMAC-SHA256-128 Integrity Algorithm is used
+ * the resulting AuthCode field is 16 bytes (128 bits).
+ */
+class AlgoSHA256 final : public Interface
+{
+ public:
+ static constexpr size_t SHA256_128_AUTHCODE_LENGTH = 16;
+
+ /**
+ * @brief Constructor for AlgoSHA256
+ *
+ * @param[in] - Session Integrity Key
+ */
+ explicit AlgoSHA256(const std::vector<uint8_t>& sik);
+
+ AlgoSHA256() = delete;
+ ~AlgoSHA256() = default;
+ AlgoSHA256(const AlgoSHA256&) = default;
+ AlgoSHA256& operator=(const AlgoSHA256&) = default;
+ AlgoSHA256(AlgoSHA256&&) = default;
+ AlgoSHA256& operator=(AlgoSHA256&&) = default;
+
+ /**
+ * @brief Verify the integrity data of the packet
+ *
+ * @param[in] packet - Incoming IPMI packet
+ * @param[in] length - Length of the data in the packet to calculate
+ * the integrity data
+ * @param[in] integrityData - Iterator to the authCode in the packet
+ *
+ * @return true if authcode in the packet is equal to one generated
+ * using integrity algorithm on the packet data, false otherwise
+ */
+ bool verifyIntegrityData(
+ const std::vector<uint8_t>& packet,
+ const size_t length,
+ std::vector<uint8_t>::const_iterator integrityData)
+ const override;
+
+ /**
+ * @brief Generate integrity data for the outgoing IPMI packet
+ *
+ * @param[in] packet - Outgoing IPMI packet
+ *
+ * @return on success return the integrity data for the outgoing IPMI
+ * packet
+ */
+ std::vector<uint8_t> generateIntegrityData(
+ const std::vector<uint8_t>& packet) const override;
+
+ /**
+ * @brief Generate additional keying material based on SIK
+ *
+ * @param[in] sik - session integrity key
+ * @param[in] data - 20-byte Const_n
+ *
+ * @return on success returns the Kn based on HMAC-SHA256
+ *
+ */
+ std::vector<uint8_t> generateKn(
+ const std::vector<uint8_t>& sik,
+ const rmcp::Const_n& const_n) const;
+
+ private:
+ /**
+ * @brief Generate HMAC based on HMAC-SHA256-128 algorithm
+ *
+ * @param[in] input - pointer to the message
+ * @param[in] len - length of the message
+ *
+ * @return on success returns the message authentication code
+ *
+ */
+ std::vector<uint8_t> generateHMAC(const uint8_t* input,
+ const size_t len) const;
+};
+
}// namespace integrity
}// namespace cipher
diff --git a/sessions_manager.cpp b/sessions_manager.cpp
index ddeca4c..0f49a2d 100644
--- a/sessions_manager.cpp
+++ b/sessions_manager.cpp
@@ -74,6 +74,13 @@
cryptAlgo));
break;
}
+ case cipher::rakp_auth::Algorithms::RAKP_HMAC_SHA256:
+ {
+ session->setAuthAlgo(
+ std::make_unique<cipher::rakp_auth::AlgoSHA256>(
+ intAlgo, cryptAlgo));
+ break;
+ }
default:
{
throw std::runtime_error("Invalid Authentication Algorithm");
diff --git a/test/cipher.cpp b/test/cipher.cpp
index ed8ccb7..3fa985c 100644
--- a/test/cipher.cpp
+++ b/test/cipher.cpp
@@ -180,6 +180,179 @@
EXPECT_EQ(false, check);
}
+TEST(IntegrityAlgo, HMAC_SHA256_128_GenerateIntegrityDataCheck)
+{
+ /*
+ * Step-1 Generate Integrity Data for the packet, using the implemented API
+ */
+ // Packet = RMCP Session Header (4 bytes) + Packet (8 bytes)
+ std::vector<uint8_t> packet = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 };
+
+ // Hardcoded Session Integrity Key
+ std::vector<uint8_t> sik = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
+ 13, 14, 15, 16, 17, 18, 19, 20, 21, 22,
+ 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 };
+
+ auto algoPtr = std::make_unique<cipher::integrity::AlgoSHA256>(sik);
+
+ ASSERT_EQ(true, (algoPtr != NULL));
+
+ // Generate the Integrity Data
+ auto response = algoPtr->generateIntegrityData(packet);
+
+ EXPECT_EQ(true, (response.size() ==
+ cipher::integrity::AlgoSHA256::SHA256_128_AUTHCODE_LENGTH));
+
+ /*
+ * Step-2 Generate Integrity data using OpenSSL SHA256 algorithm
+ */
+ std::vector<uint8_t> k1(SHA256_DIGEST_LENGTH);
+ constexpr rmcp::Const_n const1 = { 0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x01, 0x01
+ };
+
+ // Generated K1 for the integrity algorithm with the additional key keyed
+ // with SIK.
+ unsigned int mdLen = 0;
+ if (HMAC(EVP_sha256(), sik.data(), sik.size(), const1.data(),
+ const1.size(), k1.data(), &mdLen) == NULL)
+ {
+ FAIL() << "Generating Key1 failed";
+ }
+
+ mdLen = 0;
+ std::vector<uint8_t> output(SHA256_DIGEST_LENGTH);
+ size_t length = packet.size() - message::parser::RMCP_SESSION_HEADER_SIZE;
+
+ if (HMAC(EVP_sha256(), k1.data(), k1.size(),
+ packet.data() + message::parser::RMCP_SESSION_HEADER_SIZE,
+ length,
+ output.data(), &mdLen) == NULL)
+ {
+ FAIL() << "Generating integrity data failed";
+ }
+
+ output.resize(cipher::integrity::AlgoSHA256::SHA256_128_AUTHCODE_LENGTH);
+
+ /*
+ * Step-3 Check if the integrity data we generated using the implemented API
+ * matches with one generated by OpenSSL SHA256 algorithm.
+ */
+ auto check = std::equal(output.begin(), output.end(), response.begin());
+ EXPECT_EQ(true, check);
+}
+
+TEST(IntegrityAlgo, HMAC_SHA256_128_VerifyIntegrityDataPass)
+{
+ /*
+ * Step-1 Generate Integrity data using OpenSSL SHA256 algorithm
+ */
+
+ // Packet = RMCP Session Header (4 bytes) + Packet (8 bytes)
+ std::vector<uint8_t> packet = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 };
+
+ // Hardcoded Session Integrity Key
+ std::vector<uint8_t> sik = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
+ 13, 14, 15, 16, 17, 18, 19, 20, 21, 22,
+ 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 };
+
+ std::vector<uint8_t> k1(SHA256_DIGEST_LENGTH);
+ constexpr rmcp::Const_n const1 = { 0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x01, 0x01
+ };
+
+ // Generated K1 for the integrity algorithm with the additional key keyed
+ // with SIK.
+ unsigned int mdLen = 0;
+ if (HMAC(EVP_sha256(), sik.data(), sik.size(), const1.data(),
+ const1.size(), k1.data(), &mdLen) == NULL)
+ {
+ FAIL() << "Generating Key1 failed";
+ }
+
+ mdLen = 0;
+ std::vector<uint8_t> output(SHA256_DIGEST_LENGTH);
+ size_t length = packet.size() - message::parser::RMCP_SESSION_HEADER_SIZE;
+
+ if (HMAC(EVP_sha256(), k1.data(), k1.size(),
+ packet.data() + message::parser::RMCP_SESSION_HEADER_SIZE,
+ length,
+ output.data(), &mdLen) == NULL)
+ {
+ FAIL() << "Generating integrity data failed";
+ }
+
+ output.resize(cipher::integrity::AlgoSHA256::SHA256_128_AUTHCODE_LENGTH);
+
+ /*
+ * Step-2 Insert the integrity data into the packet
+ */
+ auto packetSize = packet.size();
+ packet.insert(packet.end(), output.begin(), output.end());
+
+ // Point to the integrity data in the packet
+ auto integrityIter = packet.cbegin();
+ std::advance(integrityIter, packetSize);
+
+ /*
+ * Step-3 Invoke the verifyIntegrityData API and validate the response
+ */
+
+ auto algoPtr = std::make_unique<cipher::integrity::AlgoSHA256>(sik);
+ ASSERT_EQ(true, (algoPtr != NULL));
+
+ auto check = algoPtr->verifyIntegrityData(
+ packet,
+ packetSize - message::parser::RMCP_SESSION_HEADER_SIZE,
+ integrityIter);
+
+ EXPECT_EQ(true, check);
+}
+
+TEST(IntegrityAlgo, HMAC_SHA256_128_VerifyIntegrityDataFail)
+{
+ /*
+ * Step-1 Add hardcoded Integrity data to the packet
+ */
+
+ // Packet = RMCP Session Header (4 bytes) + Packet (8 bytes)
+ std::vector<uint8_t> packet = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 };
+
+ std::vector<uint8_t> integrity = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 };
+
+ packet.insert(packet.end(), integrity.begin(), integrity.end());
+
+ // Point to the integrity data in the packet
+ auto integrityIter = packet.cbegin();
+ std::advance(integrityIter, packet.size());
+
+ /*
+ * Step-2 Invoke the verifyIntegrityData API and validate the response
+ */
+
+ // Hardcoded Session Integrity Key
+ std::vector<uint8_t> sik = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
+ 13, 14, 15, 16, 17, 18, 19, 20, 21, 22,
+ 23, 24, 25, 26, 27, 28, 29, 30, 31, 32 };
+
+ auto algoPtr = std::make_unique<cipher::integrity::AlgoSHA256>(sik);
+
+ ASSERT_EQ(true, (algoPtr != NULL));
+
+
+ // Verify the Integrity Data
+ auto check = algoPtr->verifyIntegrityData(
+ packet,
+ packet.size() - message::parser::RMCP_SESSION_HEADER_SIZE,
+ integrityIter);
+
+ EXPECT_EQ(false, check);
+}
+
TEST(CryptAlgo, AES_CBC_128_EncryptPayloadValidate)
{
/*