Authentication Algo keeps record of the Confidentiality algo
The confidentiality algo negotiated during Open Session Request
would be stored in the Authentication algorithm and is activated
once the session setup is successful.
Change-Id: I4d5efd71a992dd0cf505bcf7a6d9ebb394bcb880
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
diff --git a/auth_algo.hpp b/auth_algo.hpp
index 73e2c2b..828b56b 100644
--- a/auth_algo.hpp
+++ b/auth_algo.hpp
@@ -2,6 +2,7 @@
#include <array>
#include <vector>
+#include "crypt_algo.hpp"
#include "integrity_algo.hpp"
namespace cipher
@@ -46,7 +47,11 @@
class Interface
{
public:
- explicit Interface(integrity::Algorithms intAlgo) : intAlgo(intAlgo) {}
+ explicit Interface(integrity::Algorithms intAlgo,
+ crypt::Algorithms cryptAlgo) :
+ intAlgo(intAlgo),
+ cryptAlgo(cryptAlgo) {}
+
Interface() = delete;
virtual ~Interface() = default;
Interface(const Interface&) = default;
@@ -104,10 +109,19 @@
* Integrity Algorithm is activated and set in the session data only
* once the session setup is succeeded in the RAKP34 command. But the
* integrity algorithm is negotiated in the Open Session Request command
- * . So the authentication algorithm successfully negotiated is stored
- * in the authentication algorithm.
+ * . So the integrity algorithm successfully negotiated is stored
+ * in the authentication algorithm's instance.
*/
integrity::Algorithms intAlgo;
+
+ /*
+ * Confidentiality Algorithm is activated and set in the session data
+ * only once the session setup is succeeded in the RAKP34 command. But
+ * the confidentiality algorithm is negotiated in the Open Session
+ * Request command. So the confidentiality algorithm successfully
+ * negotiated is stored in the authentication algorithm's instance.
+ */
+ crypt::Algorithms cryptAlgo;
};
/*
@@ -123,7 +137,10 @@
class AlgoSHA1 : public Interface
{
public:
- explicit AlgoSHA1(integrity::Algorithms intAlgo) : Interface(intAlgo) {}
+ explicit AlgoSHA1(integrity::Algorithms intAlgo,
+ crypt::Algorithms cryptAlgo) :
+ Interface(intAlgo, cryptAlgo) {}
+
AlgoSHA1() = delete;
~AlgoSHA1() = default;
AlgoSHA1(const AlgoSHA1&) = default;
diff --git a/command/open_session.cpp b/command/open_session.cpp
index eb98a26..2eb273f 100644
--- a/command/open_session.cpp
+++ b/command/open_session.cpp
@@ -54,7 +54,8 @@
endian::from_ipmi<>(request->remoteConsoleSessionID),
static_cast<session::Privilege>(request->maxPrivLevel),
static_cast<cipher::rakp_auth::Algorithms>(request->authAlgo),
- static_cast<cipher::integrity::Algorithms>(request->intAlgo)
+ static_cast<cipher::integrity::Algorithms>(request->intAlgo),
+ static_cast<cipher::crypt::Algorithms>(request->confAlgo)
)).lock();
}
catch (std::exception& e)
diff --git a/sessions_manager.cpp b/sessions_manager.cpp
index c4de59f..18c96ba 100644
--- a/sessions_manager.cpp
+++ b/sessions_manager.cpp
@@ -26,7 +26,8 @@
std::weak_ptr<Session> Manager::startSession(SessionID remoteConsoleSessID,
Privilege priv, cipher::rakp_auth::Algorithms authAlgo,
- cipher::integrity::Algorithms intAlgo)
+ cipher::integrity::Algorithms intAlgo,
+ cipher::crypt::Algorithms cryptAlgo)
{
std::shared_ptr<Session> session = nullptr;
SessionID sessionID = 0;
@@ -69,7 +70,8 @@
case cipher::rakp_auth::Algorithms::RAKP_HMAC_SHA1:
{
session->setAuthAlgo(
- std::make_unique<cipher::rakp_auth::AlgoSHA1>(intAlgo));
+ std::make_unique<cipher::rakp_auth::AlgoSHA1>(intAlgo,
+ cryptAlgo));
break;
}
default:
diff --git a/sessions_manager.hpp b/sessions_manager.hpp
index c23e3ab..792516b 100644
--- a/sessions_manager.hpp
+++ b/sessions_manager.hpp
@@ -49,13 +49,15 @@
* @param[in] priv - Privilege level requested
* @param[in] authAlgo - Authentication Algorithm
* @param[in] intAlgo - Integrity Algorithm
+ * @param[in] cryptAlgo - Confidentiality Algorithm
*
* @return session handle on success and nullptr on failure
*
*/
std::weak_ptr<Session> startSession(SessionID remoteConsoleSessID,
Privilege priv, cipher::rakp_auth::Algorithms authAlgo,
- cipher::integrity::Algorithms intAlgo);
+ cipher::integrity::Algorithms intAlgo,
+ cipher::crypt::Algorithms cryptAlgo);
/*
* @brief Stop IPMI Session