diff options
| author | Vernon Mauery <vernon.mauery@linux.intel.com> | 2017-11-22 09:28:16 -0800 |
|---|---|---|
| committer | Vernon Mauery <vernon.mauery@linux.intel.com> | 2017-12-07 12:54:43 -0800 |
| commit | 9b307be647ff786f05c03fa742b982d99dd341ae (patch) | |
| tree | 0b19e4d830a1ee6c7e882539c7e5b1549fbdc111 | |
| parent | 70fd29cf487ceefd21af58bab988a7ff9ec07efb (diff) | |
| download | phosphor-net-ipmid-9b307be647ff786f05c03fa742b982d99dd341ae.tar.gz phosphor-net-ipmid-9b307be647ff786f05c03fa742b982d99dd341ae.zip | |
Prepare for adding RMCP+ cipher suite 17
In many places, there are baked-in assumptions about algorithms that tie
the session initiation to cipher suite 3. This commit teases out those
assumptions and prepares for the next patch that actually adds in the
new authentication and integrity algorithms to support cipher suite 17.
Change-Id: I2ee3672a7c503b89c5ff0aba30cf7a4601e24d04
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
| -rw-r--r-- | auth_algo.cpp | 1 | ||||
| -rw-r--r-- | auth_algo.hpp | 21 | ||||
| -rw-r--r-- | command/open_session.cpp | 8 | ||||
| -rw-r--r-- | command/rakp34.cpp | 14 | ||||
| -rw-r--r-- | command/rakp34.hpp | 1 | ||||
| -rw-r--r-- | crypt_algo.cpp | 17 | ||||
| -rw-r--r-- | crypt_algo.hpp | 31 | ||||
| -rw-r--r-- | integrity_algo.cpp | 37 | ||||
| -rw-r--r-- | integrity_algo.hpp | 74 | ||||
| -rw-r--r-- | rmcp.hpp | 39 | ||||
| -rw-r--r-- | sessions_manager.cpp | 2 | ||||
| -rw-r--r-- | test/cipher.cpp | 91 |
12 files changed, 193 insertions, 143 deletions
diff --git a/auth_algo.cpp b/auth_algo.cpp index f062b0f..0bc2555 100644 --- a/auth_algo.cpp +++ b/auth_algo.cpp @@ -1,5 +1,6 @@ #include "auth_algo.hpp" +#include <openssl/evp.h> #include <openssl/hmac.h> #include <openssl/sha.h> diff --git a/auth_algo.hpp b/auth_algo.hpp index 997e2c9..b6fda94 100644 --- a/auth_algo.hpp +++ b/auth_algo.hpp @@ -92,6 +92,27 @@ class Interface std::vector<uint8_t> virtual generateICV( const std::vector<uint8_t>& input) const = 0; + /** + * @brief Check if the Authentication algorithm is supported + * + * @param[in] algo - authentication algorithm + * + * @return true if algorithm is supported else false + * + */ + static bool isAlgorithmSupported(Algorithms algo) + { + if (algo == Algorithms::RAKP_NONE || + algo == Algorithms::RAKP_HMAC_SHA1) + { + return true; + } + else + { + return false; + } + } + // User Key is hardcoded to PASSW0RD till the IPMI User account // management is in place. std::array<uint8_t, USER_KEY_MAX_LENGTH> userKey = {"0penBmc"}; diff --git a/command/open_session.cpp b/command/open_session.cpp index d29cbf1..f33de3c 100644 --- a/command/open_session.cpp +++ b/command/open_session.cpp @@ -19,8 +19,8 @@ std::vector<uint8_t> openSession(const std::vector<uint8_t>& inPayload, auto response = reinterpret_cast<OpenSessionResponse*>(outPayload.data()); // Check for valid Authentication Algorithms - if (request->authAlgo != static_cast<uint8_t> - (cipher::rakp_auth::Algorithms::RAKP_HMAC_SHA1)) + if (!cipher::rakp_auth::Interface::isAlgorithmSupported( + static_cast<cipher::rakp_auth::Algorithms>(request->authAlgo))) { response->status_code = static_cast<uint8_t>(RAKP_ReturnCode::INVALID_AUTH_ALGO); @@ -28,8 +28,8 @@ std::vector<uint8_t> openSession(const std::vector<uint8_t>& inPayload, } // Check for valid Integrity Algorithms - if(!cipher::integrity::Interface::isAlgorithmSupported(static_cast - <cipher::integrity::Algorithms>(request->intAlgo))) + if (!cipher::integrity::Interface::isAlgorithmSupported( + static_cast<cipher::integrity::Algorithms>(request->intAlgo))) { response->status_code = static_cast<uint8_t>(RAKP_ReturnCode::INVALID_INTEGRITY_ALGO); diff --git a/command/rakp34.cpp b/command/rakp34.cpp index 8c95e95..5ba9aa1 100644 --- a/command/rakp34.cpp +++ b/command/rakp34.cpp @@ -8,6 +8,7 @@ #include "endian.hpp" #include "guid.hpp" #include "main.hpp" +#include "rmcp.hpp" namespace command { @@ -44,8 +45,11 @@ void applyCryptAlgo(const uint32_t bmcSessionID) { case cipher::crypt::Algorithms::AES_CBC_128: { - session->setCryptAlgo(std::make_unique<cipher::crypt::AlgoAES128>( - authAlgo->sessionIntegrityKey)); + auto intAlgo = session->getIntegrityAlgo(); + auto k2 = intAlgo->generateKn( + authAlgo->sessionIntegrityKey, rmcp::const_2); + session->setCryptAlgo( + std::make_unique<cipher::crypt::AlgoAES128>(k2)); break; } default: @@ -63,7 +67,7 @@ std::vector<uint8_t> RAKP34(const std::vector<uint8_t>& inPayload, auto response = reinterpret_cast<RAKP4response*>(outPayload.data()); // Check if the RAKP3 Payload Length is as expected - if(inPayload.size() != sizeof(RAKP3request)) + if (inPayload.size() < sizeof(RAKP3request)) { std::cerr << "RAKP34: Invalid RAKP3 request\n"; response->rmcpStatusCode = @@ -145,8 +149,8 @@ std::vector<uint8_t> RAKP34(const std::vector<uint8_t>& inPayload, // Generate Key Exchange Authentication Code - RAKP2 auto output = authAlgo->generateHMAC(input); - if (std::memcmp(output.data(), request->keyExchangeAuthCode, - output.size())) + if (inPayload.size() != (sizeof(RAKP3request) + output.size()) || + std::memcmp(output.data(), request+1, output.size())) { std::cerr << "Mismatch in HMAC sent by remote console\n"; diff --git a/command/rakp34.hpp b/command/rakp34.hpp index deaf2e9..2f00823 100644 --- a/command/rakp34.hpp +++ b/command/rakp34.hpp @@ -19,7 +19,6 @@ struct RAKP3request uint8_t rmcpStatusCode; uint16_t reserved; uint32_t managedSystemSessionID; - uint8_t keyExchangeAuthCode[20]; } __attribute__((packed)); /** diff --git a/crypt_algo.cpp b/crypt_algo.cpp index f33bca4..a10fd56 100644 --- a/crypt_algo.cpp +++ b/crypt_algo.cpp @@ -12,23 +12,6 @@ namespace cipher namespace crypt { -Interface::Interface(const std::vector<uint8_t>& sik, const key& addKey) -{ - unsigned int mdLen = 0; - - // Generated K2 for the confidentiality algorithm with the additional key - // keyed with SIK. - k2.resize(sik.size()); - if (HMAC(EVP_sha1(), sik.data(), sik.size(), addKey.data(), - addKey.size(), k2.data(), &mdLen) == NULL) - { - throw std::runtime_error("Generating K2 for confidentiality algorithm" - "failed"); - } -} - -constexpr key AlgoAES128::const2; - constexpr std::array<uint8_t, AlgoAES128::AESCBC128BlockSize - 1> AlgoAES128::confPadBytes; diff --git a/crypt_algo.hpp b/crypt_algo.hpp index ccef7d8..ca4dbca 100644 --- a/crypt_algo.hpp +++ b/crypt_algo.hpp @@ -1,7 +1,7 @@ #pragma once -#include <openssl/sha.h> #include <array> +#include <cstdint> #include <vector> namespace cipher @@ -10,8 +10,6 @@ namespace cipher namespace crypt { -using key = std::array<uint8_t, SHA_DIGEST_LENGTH>; - /** * @enum Confidentiality Algorithms * @@ -42,11 +40,9 @@ class Interface public: /** * @brief Constructor for Interface - * - * @param[in] - Session Integrity key to generate K2 - * @param[in] - Additional keying material to generate K2 */ - explicit Interface(const std::vector<uint8_t>& sik, const key& addKey); + explicit Interface(const std::vector<uint8_t>& k2) + : k2(k2) {} Interface() = delete; virtual ~Interface() = default; @@ -129,25 +125,6 @@ class AlgoAES128 final : public Interface static constexpr size_t AESCBC128BlockSize = 16; /** - * RSP needs more keying material than can be provided by session - * integrity key alone. As a result all keying material for the RSP - * confidentiality algorithms will be generated by processing a - * pre-defined set of constants using HMAC per [RFC2104], keyed by SIK. - * These constants are constructed using a hexadecimal octet value - * repeated up to the HMAC block size in length starting with the - * constant 01h. This mechanism can be used to derive up to 255 - * HMAC-block-length pieces of keying material from a single SIK.For the - * mandatory confidentiality algorithm AES-CBC-128, processing the - * following constant will generate the required amount of keying - * material. - */ - static constexpr key const2 = { 0x02, 0x02, 0x02, 0x02, 0x02, - 0x02, 0x02, 0x02, 0x02, 0x02, - 0x02, 0x02, 0x02, 0x02, 0x02, - 0x02, 0x02, 0x02, 0x02, 0x02 - }; - - /** * If confidentiality bytes are present, the value of the first byte is * one (01h). and all subsequent bytes shall have a monotonically * increasing value (e.g., 02h, 03h, 04h, etc). The receiver, as an @@ -166,7 +143,7 @@ class AlgoAES128 final : public Interface * * @param[in] - Session Integrity key */ - explicit AlgoAES128(const std::vector<uint8_t>& sik) : Interface(sik, const2) {} + explicit AlgoAES128(const std::vector<uint8_t>& k2) : Interface(k2) {} AlgoAES128() = delete; ~AlgoAES128() = default; diff --git a/integrity_algo.cpp b/integrity_algo.cpp index 3a6c34d..62c2653 100644 --- a/integrity_algo.cpp +++ b/integrity_algo.cpp @@ -1,3 +1,4 @@ +#include <openssl/evp.h> #include <openssl/hmac.h> #include <openssl/sha.h> #include "integrity_algo.hpp" @@ -9,21 +10,10 @@ namespace cipher namespace integrity { -Interface::Interface(const std::vector<uint8_t>& sik, - const Key& addKey, size_t authLength) +AlgoSHA1::AlgoSHA1(const std::vector<uint8_t>& sik) + : Interface(SHA1_96_AUTHCODE_LENGTH) { - unsigned int mdLen = 0; - - // Generated K1 for the integrity algorithm with the additional key keyed - // with SIK. - if (HMAC(EVP_sha1(), sik.data(), sik.size(), addKey.data(), - addKey.size(), K1.data(), &mdLen) == NULL) - { - throw std::runtime_error("Generating Key1 for integrity " - "algorithm failed"); - } - - authCodeLength = authLength; + k1 = generateKn(sik, rmcp::const_1); } std::vector<uint8_t> AlgoSHA1::generateHMAC(const uint8_t* input, @@ -32,7 +22,7 @@ std::vector<uint8_t> AlgoSHA1::generateHMAC(const uint8_t* input, std::vector<uint8_t> output(SHA_DIGEST_LENGTH); unsigned int mdLen = 0; - if (HMAC(EVP_sha1(), K1.data(), K1.size(), input, len, + if (HMAC(EVP_sha1(), k1.data(), k1.size(), input, len, output.data(), &mdLen) == NULL) { throw std::runtime_error("Generating integrity data failed"); @@ -70,6 +60,23 @@ std::vector<uint8_t> AlgoSHA1::generateIntegrityData( packet.size() - message::parser::RMCP_SESSION_HEADER_SIZE); } +std::vector<uint8_t> AlgoSHA1::generateKn(const std::vector<uint8_t>& sik, + const rmcp::Const_n& const_n) const +{ + unsigned int mdLen = 0; + std::vector<uint8_t> Kn(sik.size()); + + // Generated Kn for the integrity algorithm with the additional key keyed + // with SIK. + if (HMAC(EVP_sha1(), sik.data(), sik.size(), const_n.data(), + const_n.size(), Kn.data(), &mdLen) == NULL) + { + throw std::runtime_error("Generating KeyN for integrity " + "algorithm failed"); + } + return Kn; +} + }// namespace integrity }// namespace cipher diff --git a/integrity_algo.hpp b/integrity_algo.hpp index 0d869c7..3e003b6 100644 --- a/integrity_algo.hpp +++ b/integrity_algo.hpp @@ -1,8 +1,8 @@ #pragma once -#include <openssl/sha.h> #include <array> #include <vector> +#include "rmcp.hpp" namespace cipher { @@ -10,25 +10,6 @@ namespace cipher namespace integrity { -using Key = std::array<uint8_t, SHA_DIGEST_LENGTH>; - -/* - * RSP needs more keying material than can be provided by session integrity key - * alone. As a result all keying material for the RSP integrity algorithms - * will be generated by processing a pre-defined set of constants using HMAC per - * [RFC2104], keyed by SIK. These constants are constructed using a hexadecimal - * octet value repeated up to the HMAC block size in length starting with the - * constant 01h. This mechanism can be used to derive up to 255 - * HMAC-block-length pieces of keying material from a single SIK. For the - * mandatory integrity algorithm HMAC-SHA1-96, processing the following - * constant will generate the required amount of keying material. - */ -constexpr Key const1 = { 0x01, 0x01, 0x01, 0x01, 0x01, - 0x01, 0x01, 0x01, 0x01, 0x01, - 0x01, 0x01, 0x01, 0x01, 0x01, - 0x01, 0x01, 0x01, 0x01, 0x01 - }; - /** * @enum Integrity Algorithms * @@ -61,13 +42,10 @@ class Interface /** * @brief Constructor for Interface * - * @param[in] - Session Integrity Key to generate K1 - * @param[in] - Additional keying material to generate K1 * @param[in] - AuthCode length */ - explicit Interface(const std::vector<uint8_t>& sik, - const Key& addKey, - size_t authLength); + explicit Interface(size_t authLength) + : authCodeLength(authLength) {} Interface() = delete; virtual ~Interface() = default; @@ -122,6 +100,34 @@ class Interface } } + /** + * @brief Generate additional keying material based on SIK + * + * @note + * The IPMI 2.0 spec only states that the additional keying material is + * generated by running HMAC(constN) using SIK as the key. It does not + * state whether this is the integrity algorithm or the authentication + * algorithm. Other implementations of the RMCP+ algorithm (ipmitool + * and ipmiutil) are not consistent on this matter. But it does not + * really matter because based on any of the defined cipher suites, the + * integrity and authentication algorithms are both based on the same + * digest method (integrity::Algorithms::HMAC_SHA1_96 uses SHA1 and + * rakp_auth::Algorithms::RAKP_HMAC_SHA1 uses SHA1). None of the + * defined cipher suites mix and match digests for integrity and + * authentication. Generating Kn belongs in either the integrity or + * authentication classes, so in this implementation, integrity has + * been chosen. + * + * @param[in] sik - session integrity key + * @param[in] data - 20-byte Const_n + * + * @return on success returns the Kn based on this integrity class + * + */ + std::vector<uint8_t> virtual generateKn( + const std::vector<uint8_t>& sik, + const rmcp::Const_n& data) const = 0; + /** @brief Authcode field * * AuthCode field length varies based on the integrity algorithm, for @@ -133,7 +139,7 @@ class Interface protected: /** @brief K1 key used to generated the integrity data. */ - Key K1; + std::vector<uint8_t> k1; }; /** @@ -157,8 +163,7 @@ class AlgoSHA1 final : public Interface * * @param[in] - Session Integrity Key */ - explicit AlgoSHA1(const std::vector<uint8_t>& sik) : - Interface(sik, const1, SHA1_96_AUTHCODE_LENGTH) {} + explicit AlgoSHA1(const std::vector<uint8_t>& sik); AlgoSHA1() = delete; ~AlgoSHA1() = default; @@ -195,6 +200,19 @@ class AlgoSHA1 final : public Interface std::vector<uint8_t> generateIntegrityData( const std::vector<uint8_t>& packet) const override; + /** + * @brief Generate additional keying material based on SIK + * + * @param[in] sik - session integrity key + * @param[in] data - 20-byte Const_n + * + * @return on success returns the Kn based on HMAC-SHA1 + * + */ + std::vector<uint8_t> generateKn( + const std::vector<uint8_t>& sik, + const rmcp::Const_n& const_n) const; + private: /** * @brief Generate HMAC based on HMAC-SHA1-96 algorithm diff --git a/rmcp.hpp b/rmcp.hpp new file mode 100644 index 0000000..fd536cb --- /dev/null +++ b/rmcp.hpp @@ -0,0 +1,39 @@ +#pragma once + +#include <array> +#include <cstdint> + +namespace rmcp +{ + +/* + * RSP needs more keying material than can be provided by session + * integrity key alone. As a result all keying material for the RSP + * confidentiality algorithms will be generated by processing a + * pre-defined set of constants using HMAC per [RFC2104], keyed by SIK. + * These constants are constructed using a hexadecimal octet value + * repeated up to the HMAC block size in length starting with the + * constant 01h. This mechanism can be used to derive up to 255 + * HMAC-block-length pieces of keying material from a single SIK.For the + * mandatory confidentiality algorithm AES-CBC-128, processing the + * following constant will generate the required amount of keying + * material. + */ +constexpr size_t CONST_N_SIZE = 20; +using Const_n = std::array<uint8_t, CONST_N_SIZE>; + +static constexpr Const_n const_1 = { + 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01 +}; + +static constexpr Const_n const_2 = { + 0x02, 0x02, 0x02, 0x02, 0x02, + 0x02, 0x02, 0x02, 0x02, 0x02, + 0x02, 0x02, 0x02, 0x02, 0x02, + 0x02, 0x02, 0x02, 0x02, 0x02 +}; + +} // namespace rmcp diff --git a/sessions_manager.cpp b/sessions_manager.cpp index ee4a35f..ddeca4c 100644 --- a/sessions_manager.cpp +++ b/sessions_manager.cpp @@ -64,7 +64,7 @@ std::weak_ptr<Session> Manager::startSession(SessionID remoteConsoleSessID, } while (1); - // Set the Authentication Algorithm to RAKP_HMAC_SHA1 + // Set the Authentication Algorithm switch (authAlgo) { case cipher::rakp_auth::Algorithms::RAKP_HMAC_SHA1: diff --git a/test/cipher.cpp b/test/cipher.cpp index f10c8a0..ed8ccb7 100644 --- a/test/cipher.cpp +++ b/test/cipher.cpp @@ -7,6 +7,7 @@ #include "crypt_algo.hpp" #include "integrity_algo.hpp" #include "message_parsers.hpp" +#include "rmcp.hpp" #include <gtest/gtest.h> TEST(IntegrityAlgo, HMAC_SHA1_96_GenerateIntegrityDataCheck) @@ -19,7 +20,7 @@ TEST(IntegrityAlgo, HMAC_SHA1_96_GenerateIntegrityDataCheck) // Hardcoded Session Integrity Key std::vector<uint8_t> sik = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, - 13, 14, 15, 16}; + 13, 14, 15, 16, 17, 18, 19, 20 }; auto algoPtr = std::make_unique<cipher::integrity::AlgoSHA1>(sik); @@ -34,18 +35,18 @@ TEST(IntegrityAlgo, HMAC_SHA1_96_GenerateIntegrityDataCheck) /* * Step-2 Generate Integrity data using OpenSSL SHA1 algorithm */ - cipher::integrity::Key K1; - constexpr cipher::integrity::Key const1 = { 0x01, 0x01, 0x01, 0x01, 0x01, - 0x01, 0x01, 0x01, 0x01, 0x01, - 0x01, 0x01, 0x01, 0x01, 0x01, - 0x01, 0x01, 0x01, 0x01, 0x01 - }; + std::vector<uint8_t> k1(SHA_DIGEST_LENGTH); + constexpr rmcp::Const_n const1 = { 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01 + }; // Generated K1 for the integrity algorithm with the additional key keyed // with SIK. unsigned int mdLen = 0; if (HMAC(EVP_sha1(), sik.data(), sik.size(), const1.data(), - const1.size(), K1.data(), &mdLen) == NULL) + const1.size(), k1.data(), &mdLen) == NULL) { FAIL() << "Generating Key1 failed"; } @@ -54,7 +55,7 @@ TEST(IntegrityAlgo, HMAC_SHA1_96_GenerateIntegrityDataCheck) std::vector<uint8_t> output(SHA_DIGEST_LENGTH); size_t length = packet.size() - message::parser::RMCP_SESSION_HEADER_SIZE; - if (HMAC(EVP_sha1(), K1.data(), K1.size(), + if (HMAC(EVP_sha1(), k1.data(), k1.size(), packet.data() + message::parser::RMCP_SESSION_HEADER_SIZE, length, output.data(), &mdLen) == NULL) @@ -83,20 +84,20 @@ TEST(IntegrityAlgo, HMAC_SHA1_96_VerifyIntegrityDataPass) // Hardcoded Session Integrity Key std::vector<uint8_t> sik = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, - 13, 14, 15, 16}; + 13, 14, 15, 16, 17, 18, 19, 20 }; - cipher::integrity::Key K1; - constexpr cipher::integrity::Key const1 = { 0x01, 0x01, 0x01, 0x01, 0x01, - 0x01, 0x01, 0x01, 0x01, 0x01, - 0x01, 0x01, 0x01, 0x01, 0x01, - 0x01, 0x01, 0x01, 0x01, 0x01 - }; + std::vector<uint8_t> k1(SHA_DIGEST_LENGTH); + constexpr rmcp::Const_n const1 = { 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01 + }; // Generated K1 for the integrity algorithm with the additional key keyed // with SIK. unsigned int mdLen = 0; if (HMAC(EVP_sha1(), sik.data(), sik.size(), const1.data(), - const1.size(), K1.data(), &mdLen) == NULL) + const1.size(), k1.data(), &mdLen) == NULL) { FAIL() << "Generating Key1 failed"; } @@ -105,7 +106,7 @@ TEST(IntegrityAlgo, HMAC_SHA1_96_VerifyIntegrityDataPass) std::vector<uint8_t> output(SHA_DIGEST_LENGTH); size_t length = packet.size() - message::parser::RMCP_SESSION_HEADER_SIZE; - if (HMAC(EVP_sha1(), K1.data(), K1.size(), + if (HMAC(EVP_sha1(), k1.data(), k1.size(), packet.data() + message::parser::RMCP_SESSION_HEADER_SIZE, length, output.data(), &mdLen) == NULL) @@ -163,7 +164,7 @@ TEST(IntegrityAlgo, HMAC_SHA1_96_VerifyIntegrityDataFail) // Hardcoded Session Integrity Key std::vector<uint8_t> sik = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, - 13, 14, 15, 16}; + 13, 14, 15, 16, 17, 18, 19, 20 }; auto algoPtr = std::make_unique<cipher::integrity::AlgoSHA1>(sik); @@ -189,9 +190,25 @@ TEST(CryptAlgo, AES_CBC_128_EncryptPayloadValidate) // Hardcoded Session Integrity Key std::vector<uint8_t> sik = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, - 13, 14, 15, 16}; + 13, 14, 15, 16, 17, 18, 19, 20 }; - auto cryptPtr = std::make_unique<cipher::crypt::AlgoAES128>(sik); + std::vector<uint8_t> k2(SHA_DIGEST_LENGTH); + unsigned int mdLen = 0; + constexpr rmcp::Const_n const1 = { 0x02, 0x02, 0x02, 0x02, 0x02, + 0x02, 0x02, 0x02, 0x02, 0x02, + 0x02, 0x02, 0x02, 0x02, 0x02, + 0x02, 0x02, 0x02, 0x02, 0x02 + }; + + // Generated K2 for the confidentiality algorithm with the additional key + // keyed with SIK. + if (HMAC(EVP_sha1(), sik.data(), sik.size(), const1.data(), + const1.size(), k2.data(), &mdLen) == NULL) + { + FAIL() << "Generating K2 for confidentiality algorithm failed"; + } + + auto cryptPtr = std::make_unique<cipher::crypt::AlgoAES128>(k2); ASSERT_EQ(true, (cryptPtr != NULL)); @@ -204,22 +221,6 @@ TEST(CryptAlgo, AES_CBC_128_EncryptPayloadValidate) EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); - cipher::crypt::key k2; - unsigned int mdLen = 0; - constexpr cipher::crypt::key const1 = { 0x02, 0x02, 0x02, 0x02, 0x02, - 0x02, 0x02, 0x02, 0x02, 0x02, - 0x02, 0x02, 0x02, 0x02, 0x02, - 0x02, 0x02, 0x02, 0x02, 0x02 - }; - - // Generated K2 for the confidentiality algorithm with the additional key - // keyed with SIK. - if (HMAC(EVP_sha1(), sik.data(), sik.size(), const1.data(), - const1.size(), k2.data(), &mdLen) == NULL) - { - FAIL() << "Generating K2 for confidentiality algorithm failed"; - } - if (!EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, k2.data(), cipher.data())) { @@ -266,16 +267,16 @@ TEST(CryptAlgo, AES_CBC_128_DecryptPayloadValidate) // Hardcoded Session Integrity Key std::vector<uint8_t> sik = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, - 13, 14, 15, 16}; + 13, 14, 15, 16, 17, 18, 19, 20 }; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); - cipher::crypt::key k2; + std::vector<uint8_t> k2(SHA_DIGEST_LENGTH); unsigned int mdLen = 0; - constexpr cipher::crypt::key const1 = { 0x02, 0x02, 0x02, 0x02, 0x02, - 0x02, 0x02, 0x02, 0x02, 0x02, - 0x02, 0x02, 0x02, 0x02, 0x02, - 0x02, 0x02, 0x02, 0x02, 0x02 - }; + constexpr rmcp::Const_n const1 = { 0x02, 0x02, 0x02, 0x02, 0x02, + 0x02, 0x02, 0x02, 0x02, 0x02, + 0x02, 0x02, 0x02, 0x02, 0x02, + 0x02, 0x02, 0x02, 0x02, 0x02 + }; std::vector<uint8_t> output( payload.size() + cipher::crypt::AlgoAES128::AESCBC128BlockSize); @@ -322,7 +323,7 @@ TEST(CryptAlgo, AES_CBC_128_DecryptPayloadValidate) * AES-CBC-128 */ - auto cryptPtr = std::make_unique<cipher::crypt::AlgoAES128>(sik); + auto cryptPtr = std::make_unique<cipher::crypt::AlgoAES128>(k2); ASSERT_EQ(true, (cryptPtr != NULL)); |
