ID:441 - Add support for HMAC_MD5 and HMAC_SHA256

Commit adds support for cipher suites 6/7/8 (HMAC-MD5) and cipher suites 15/16/17 (HMAC_SHA256). This also fixes: * ID:442 - IPMI_AUTH_RAKP_HMAC_MD5 support in lanplus * ID:141 - RMCP+ Cipher-suite 17 not supported Original author Liebig Holger(Fujitsu). Code cleanup done by Florian Breu and Zdenek Styblik.
2026-06-03 20:51:36 +00:00 · 2016-05-28 13:25:36 +02:00
parent b74c20c5d5
commit 8ca47f21ca
10 changed files with 347 additions and 74 deletions
--- a/include/ipmitool/ipmi.h
+++ b/include/ipmitool/ipmi.h
@@ -46,6 +46,7 @@
 #endif

 #define IPMI_BUF_SIZE 1024
+#define IPMI_MAX_MD_SIZE 0x20

 #if HAVE_PRAGMA_PACK
 #define ATTRIBUTE_PACKING
@@ -211,13 +212,13 @@ struct ipmi_rs {
 			uint32_t console_id;
 			uint8_t bmc_rand[16];	/* Random number generated by the BMC */
 			uint8_t bmc_guid[16];
-			uint8_t key_exchange_auth_code[20];
+			uint8_t key_exchange_auth_code[IPMI_MAX_MD_SIZE];
 		} rakp2_message;
 		struct {
 			uint8_t message_tag;
 			uint8_t rakp_return_code;
 			uint32_t console_id;
-			uint8_t integrity_check_value[20];
+			uint8_t integrity_check_value[IPMI_MAX_MD_SIZE];
 		} rakp4_message;
 		struct {
 			uint8_t packet_sequence_number;
--- a/include/ipmitool/ipmi_constants.h
+++ b/include/ipmitool/ipmi_constants.h
@@ -118,12 +118,14 @@
 #define IPMI_AUTH_RAKP_NONE         0x00
 #define IPMI_AUTH_RAKP_HMAC_SHA1    0x01
 #define IPMI_AUTH_RAKP_HMAC_MD5     0x02
+#define IPMI_AUTH_RAKP_HMAC_SHA256  0x03

 /* From table 13-18 of the IPMI v2 specification */
 #define IPMI_INTEGRITY_NONE         0x00
 #define IPMI_INTEGRITY_HMAC_SHA1_96 0x01
 #define IPMI_INTEGRITY_HMAC_MD5_128 0x02
 #define IPMI_INTEGRITY_MD5_128      0x03
+#define IPMI_INTEGRITY_HMAC_SHA256_128 0x04

 /* From table 13-19 of the IPMI v2 specfication */
 #define IPMI_CRYPT_NONE             0x00
--- a/include/ipmitool/ipmi_intf.h
+++ b/include/ipmitool/ipmi_intf.h
@@ -59,7 +59,7 @@ enum LANPLUS_SESSION_STATE {


 #define IPMI_AUTHCODE_BUFFER_SIZE 20
-#define IPMI_SIK_BUFFER_SIZE      20
+#define IPMI_SIK_BUFFER_SIZE      IPMI_MAX_MD_SIZE
 #define IPMI_KG_BUFFER_SIZE       21 /* key plus null byte */

 struct ipmi_session_params {
@@ -131,10 +131,13 @@ struct ipmi_session {
 		uint8_t requested_role;   /* As sent in the RAKP 1 message */
 		uint8_t rakp2_return_code;

-		uint8_t sik[IPMI_SIK_BUFFER_SIZE]; /* Session integrity key */
-		uint8_t kg[IPMI_KG_BUFFER_SIZE];   /* BMC key */
-		uint8_t k1[20];   /* Used for Integrity checking? */
-		uint8_t k2[20];   /* First 16 bytes used for AES  */
+		uint8_t  sik[IPMI_SIK_BUFFER_SIZE]; /* Session integrity key */
+		uint8_t sik_len;                   /* Session Integrity key length */
+		uint8_t  kg[IPMI_KG_BUFFER_SIZE];   /* BMC key */
+		uint8_t  k1[IPMI_MAX_MD_SIZE];      /* Used for Integrity checking? */
+		uint8_t k1_len;                    /* K1 key length */
+		uint8_t  k2[IPMI_MAX_MD_SIZE];      /* First 16 bytes used for AES  */
+		uint8_t k2_len;                    /* K2 key length */
 	} v2_data;