Prepare for adding RMCP+ cipher suite 17
In many places, there are baked-in assumptions about algorithms that tie
the session initiation to cipher suite 3. This commit teases out those
assumptions and prepares for the next patch that actually adds in the
new authentication and integrity algorithms to support cipher suite 17.
Change-Id: I2ee3672a7c503b89c5ff0aba30cf7a4601e24d04
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
diff --git a/test/cipher.cpp b/test/cipher.cpp
index f10c8a0..ed8ccb7 100644
--- a/test/cipher.cpp
+++ b/test/cipher.cpp
@@ -7,6 +7,7 @@
#include "crypt_algo.hpp"
#include "integrity_algo.hpp"
#include "message_parsers.hpp"
+#include "rmcp.hpp"
#include <gtest/gtest.h>
TEST(IntegrityAlgo, HMAC_SHA1_96_GenerateIntegrityDataCheck)
@@ -19,7 +20,7 @@
// Hardcoded Session Integrity Key
std::vector<uint8_t> sik = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
- 13, 14, 15, 16};
+ 13, 14, 15, 16, 17, 18, 19, 20 };
auto algoPtr = std::make_unique<cipher::integrity::AlgoSHA1>(sik);
@@ -34,18 +35,18 @@
/*
* Step-2 Generate Integrity data using OpenSSL SHA1 algorithm
*/
- cipher::integrity::Key K1;
- constexpr cipher::integrity::Key const1 = { 0x01, 0x01, 0x01, 0x01, 0x01,
- 0x01, 0x01, 0x01, 0x01, 0x01,
- 0x01, 0x01, 0x01, 0x01, 0x01,
- 0x01, 0x01, 0x01, 0x01, 0x01
- };
+ std::vector<uint8_t> k1(SHA_DIGEST_LENGTH);
+ constexpr rmcp::Const_n const1 = { 0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x01, 0x01
+ };
// Generated K1 for the integrity algorithm with the additional key keyed
// with SIK.
unsigned int mdLen = 0;
if (HMAC(EVP_sha1(), sik.data(), sik.size(), const1.data(),
- const1.size(), K1.data(), &mdLen) == NULL)
+ const1.size(), k1.data(), &mdLen) == NULL)
{
FAIL() << "Generating Key1 failed";
}
@@ -54,7 +55,7 @@
std::vector<uint8_t> output(SHA_DIGEST_LENGTH);
size_t length = packet.size() - message::parser::RMCP_SESSION_HEADER_SIZE;
- if (HMAC(EVP_sha1(), K1.data(), K1.size(),
+ if (HMAC(EVP_sha1(), k1.data(), k1.size(),
packet.data() + message::parser::RMCP_SESSION_HEADER_SIZE,
length,
output.data(), &mdLen) == NULL)
@@ -83,20 +84,20 @@
// Hardcoded Session Integrity Key
std::vector<uint8_t> sik = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
- 13, 14, 15, 16};
+ 13, 14, 15, 16, 17, 18, 19, 20 };
- cipher::integrity::Key K1;
- constexpr cipher::integrity::Key const1 = { 0x01, 0x01, 0x01, 0x01, 0x01,
- 0x01, 0x01, 0x01, 0x01, 0x01,
- 0x01, 0x01, 0x01, 0x01, 0x01,
- 0x01, 0x01, 0x01, 0x01, 0x01
- };
+ std::vector<uint8_t> k1(SHA_DIGEST_LENGTH);
+ constexpr rmcp::Const_n const1 = { 0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x01, 0x01
+ };
// Generated K1 for the integrity algorithm with the additional key keyed
// with SIK.
unsigned int mdLen = 0;
if (HMAC(EVP_sha1(), sik.data(), sik.size(), const1.data(),
- const1.size(), K1.data(), &mdLen) == NULL)
+ const1.size(), k1.data(), &mdLen) == NULL)
{
FAIL() << "Generating Key1 failed";
}
@@ -105,7 +106,7 @@
std::vector<uint8_t> output(SHA_DIGEST_LENGTH);
size_t length = packet.size() - message::parser::RMCP_SESSION_HEADER_SIZE;
- if (HMAC(EVP_sha1(), K1.data(), K1.size(),
+ if (HMAC(EVP_sha1(), k1.data(), k1.size(),
packet.data() + message::parser::RMCP_SESSION_HEADER_SIZE,
length,
output.data(), &mdLen) == NULL)
@@ -163,7 +164,7 @@
// Hardcoded Session Integrity Key
std::vector<uint8_t> sik = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
- 13, 14, 15, 16};
+ 13, 14, 15, 16, 17, 18, 19, 20 };
auto algoPtr = std::make_unique<cipher::integrity::AlgoSHA1>(sik);
@@ -189,9 +190,25 @@
// Hardcoded Session Integrity Key
std::vector<uint8_t> sik = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
- 13, 14, 15, 16};
+ 13, 14, 15, 16, 17, 18, 19, 20 };
- auto cryptPtr = std::make_unique<cipher::crypt::AlgoAES128>(sik);
+ std::vector<uint8_t> k2(SHA_DIGEST_LENGTH);
+ unsigned int mdLen = 0;
+ constexpr rmcp::Const_n const1 = { 0x02, 0x02, 0x02, 0x02, 0x02,
+ 0x02, 0x02, 0x02, 0x02, 0x02,
+ 0x02, 0x02, 0x02, 0x02, 0x02,
+ 0x02, 0x02, 0x02, 0x02, 0x02
+ };
+
+ // Generated K2 for the confidentiality algorithm with the additional key
+ // keyed with SIK.
+ if (HMAC(EVP_sha1(), sik.data(), sik.size(), const1.data(),
+ const1.size(), k2.data(), &mdLen) == NULL)
+ {
+ FAIL() << "Generating K2 for confidentiality algorithm failed";
+ }
+
+ auto cryptPtr = std::make_unique<cipher::crypt::AlgoAES128>(k2);
ASSERT_EQ(true, (cryptPtr != NULL));
@@ -204,22 +221,6 @@
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
- cipher::crypt::key k2;
- unsigned int mdLen = 0;
- constexpr cipher::crypt::key const1 = { 0x02, 0x02, 0x02, 0x02, 0x02,
- 0x02, 0x02, 0x02, 0x02, 0x02,
- 0x02, 0x02, 0x02, 0x02, 0x02,
- 0x02, 0x02, 0x02, 0x02, 0x02
- };
-
- // Generated K2 for the confidentiality algorithm with the additional key
- // keyed with SIK.
- if (HMAC(EVP_sha1(), sik.data(), sik.size(), const1.data(),
- const1.size(), k2.data(), &mdLen) == NULL)
- {
- FAIL() << "Generating K2 for confidentiality algorithm failed";
- }
-
if (!EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, k2.data(),
cipher.data()))
{
@@ -266,16 +267,16 @@
// Hardcoded Session Integrity Key
std::vector<uint8_t> sik = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
- 13, 14, 15, 16};
+ 13, 14, 15, 16, 17, 18, 19, 20 };
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
- cipher::crypt::key k2;
+ std::vector<uint8_t> k2(SHA_DIGEST_LENGTH);
unsigned int mdLen = 0;
- constexpr cipher::crypt::key const1 = { 0x02, 0x02, 0x02, 0x02, 0x02,
- 0x02, 0x02, 0x02, 0x02, 0x02,
- 0x02, 0x02, 0x02, 0x02, 0x02,
- 0x02, 0x02, 0x02, 0x02, 0x02
- };
+ constexpr rmcp::Const_n const1 = { 0x02, 0x02, 0x02, 0x02, 0x02,
+ 0x02, 0x02, 0x02, 0x02, 0x02,
+ 0x02, 0x02, 0x02, 0x02, 0x02,
+ 0x02, 0x02, 0x02, 0x02, 0x02
+ };
std::vector<uint8_t> output(
payload.size() + cipher::crypt::AlgoAES128::AESCBC128BlockSize);
@@ -322,7 +323,7 @@
* AES-CBC-128
*/
- auto cryptPtr = std::make_unique<cipher::crypt::AlgoAES128>(sik);
+ auto cryptPtr = std::make_unique<cipher::crypt::AlgoAES128>(k2);
ASSERT_EQ(true, (cryptPtr != NULL));