Remove the support for insecure protocols in RMCP+
The two supported Cipher suites for RMCP+ will be cipher Suite 3
and 17 after this change. The cipher suite 3 is the default choice
for the ipmitool if the cipher suite is not explicitly mentioned.
The supported algorithms are the following:
Authentication: a) RAKP-HMAC-SHA1, b) RAKP-HMAC-SHA256
Integrity: a) HMAC-SHA1-9, b) HMAC-SHA256-128
Confidentiality: a) AES-CBC-128
Change-Id: Ia2fbaae29235e4bd43c42b59a2295a2db28efce3
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
diff --git a/crypt_algo.hpp b/crypt_algo.hpp
index ca4dbca..20f55b9 100644
--- a/crypt_algo.hpp
+++ b/crypt_algo.hpp
@@ -20,11 +20,12 @@
* When payload data is encrypted, there may be additional “Confidentiality
* Header” and/or “Confidentiality Trailer” fields that are included within the
* payload. The size and definition of those fields is specific to the
- * particular confidentiality algorithm.
+ * particular confidentiality algorithm. Based on security recommendations
+ * encrypting IPMI traffic is preferred, so NONE is not supported.
*/
enum class Algorithms : uint8_t
{
- NONE, /**< No encryption (mandatory option) */
+ NONE, /**< No encryption (mandatory , not supported) */
AES_CBC_128, /**< AES-CBC-128 Algorithm (mandatory option) */
xRC4_128, /**< xRC4-128 Algorithm (optional option) */
xRC4_40, /**< xRC4-40 Algorithm (optional option) */
@@ -86,7 +87,7 @@
*/
static bool isAlgorithmSupported(Algorithms algo)
{
- if (algo == Algorithms::NONE || algo == Algorithms::AES_CBC_128)
+ if (algo == Algorithms::AES_CBC_128)
{
return true;
}