diff options
Diffstat (limited to 'integrity_algo.hpp')
-rw-r--r-- | integrity_algo.hpp | 89 |
1 files changed, 88 insertions, 1 deletions
diff --git a/integrity_algo.hpp b/integrity_algo.hpp index 3e003b6..81f7da7 100644 --- a/integrity_algo.hpp +++ b/integrity_algo.hpp @@ -90,7 +90,9 @@ class Interface */ static bool isAlgorithmSupported(Algorithms algo) { - if (algo == Algorithms::NONE || algo == Algorithms::HMAC_SHA1_96) + if (algo == Algorithms::NONE || + algo == Algorithms::HMAC_SHA1_96 || + algo == Algorithms::HMAC_SHA256_128) { return true; } @@ -227,6 +229,91 @@ class AlgoSHA1 final : public Interface const size_t len) const; }; +/** + * @class AlgoSHA256 + * + * @brief Implementation of the HMAC-SHA256-128 Integrity algorithm + * + * HMAC-SHA256-128 take the Session Integrity Key and use it to generate K1. K1 + * is then used as the key for use in HMAC to produce the AuthCode field. For + * “one-key” logins, the user’s key (password) is used in the creation of the + * Session Integrity Key. When the HMAC-SHA256-128 Integrity Algorithm is used + * the resulting AuthCode field is 16 bytes (128 bits). + */ +class AlgoSHA256 final : public Interface +{ + public: + static constexpr size_t SHA256_128_AUTHCODE_LENGTH = 16; + + /** + * @brief Constructor for AlgoSHA256 + * + * @param[in] - Session Integrity Key + */ + explicit AlgoSHA256(const std::vector<uint8_t>& sik); + + AlgoSHA256() = delete; + ~AlgoSHA256() = default; + AlgoSHA256(const AlgoSHA256&) = default; + AlgoSHA256& operator=(const AlgoSHA256&) = default; + AlgoSHA256(AlgoSHA256&&) = default; + AlgoSHA256& operator=(AlgoSHA256&&) = default; + + /** + * @brief Verify the integrity data of the packet + * + * @param[in] packet - Incoming IPMI packet + * @param[in] length - Length of the data in the packet to calculate + * the integrity data + * @param[in] integrityData - Iterator to the authCode in the packet + * + * @return true if authcode in the packet is equal to one generated + * using integrity algorithm on the packet data, false otherwise + */ + bool verifyIntegrityData( + const std::vector<uint8_t>& packet, + const size_t length, + std::vector<uint8_t>::const_iterator integrityData) + const override; + + /** + * @brief Generate integrity data for the outgoing IPMI packet + * + * @param[in] packet - Outgoing IPMI packet + * + * @return on success return the integrity data for the outgoing IPMI + * packet + */ + std::vector<uint8_t> generateIntegrityData( + const std::vector<uint8_t>& packet) const override; + + /** + * @brief Generate additional keying material based on SIK + * + * @param[in] sik - session integrity key + * @param[in] data - 20-byte Const_n + * + * @return on success returns the Kn based on HMAC-SHA256 + * + */ + std::vector<uint8_t> generateKn( + const std::vector<uint8_t>& sik, + const rmcp::Const_n& const_n) const; + + private: + /** + * @brief Generate HMAC based on HMAC-SHA256-128 algorithm + * + * @param[in] input - pointer to the message + * @param[in] len - length of the message + * + * @return on success returns the message authentication code + * + */ + std::vector<uint8_t> generateHMAC(const uint8_t* input, + const size_t len) const; +}; + }// namespace integrity }// namespace cipher |