Make IPMI 2.0 crypto dependencies mandatory

Faced with an increasing population of IPMI 2 only devices, make the AES/CBC
requirements mandatory as it is a common source of systems failing to work
now.
This commit is contained in:
Jarrod Johnson 2014-01-13 10:50:00 -05:00
parent dd8096b39f
commit c2c29970ff

View File

@ -66,14 +66,9 @@ else {
1;
};
}
my $aessupport;
if ($ipmi2support) {
$aessupport = eval {
require Crypt::Rijndael;
require Crypt::CBC;
1;
};
}
use Crypt::Rijndael;
use Crypt::CBC;
sub hexdump {
foreach (@_) {
printf "%02X ",$_;
@ -383,10 +378,7 @@ sub open_rmcpplus_request {
@sidbytes,
0,0,0,8,1,0,0,0, #table 13-17, request sha
1,0,0,8,1,0,0,0); #sha integrity
if ($aessupport) {
push @payload,(2,0,0,8,1,0,0,0);
} else {
push @payload,(2,0,0,8,0,0,0,0);
push @payload,(2,0,0,8,1,0,0,0); # aes
}
$self->{sessionestablishmentcontext} = STATE_OPENSESSION;
$self->sendpayload(payload=>\@payload,type=>$payload_types{'rmcpplusopenreq'});
@ -803,9 +795,7 @@ sub got_rakp4 {
}
$self->{sessionid} = $self->{pendingsessionid};
$self->{integrityalgo}='sha1';
if ($aessupport) {
$self->{confalgo} = 'aes';
}
$self->{confalgo} = 'aes';
$self->{sequencenumber}=1;
$self->{sequencenumberbytes}=[1,0,0,0];
$self->{sessionestablishmentcontext} = STATE_ESTABLISHED; #will move on to relying upon session sequence number
@ -863,11 +853,9 @@ sub got_rakp2 {
}
$self->{sik} = hmac_sha1(pack("C*",@{$self->{randomnumber}},@{$self->{remoterandomnumber}},4,$ulength,@user),$self->{password});
$self->{k1} = hmac_sha1(pack("C*",1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1),$self->{sik});
if ($aessupport) {
$self->{k2} = hmac_sha1(pack("C*",2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2),$self->{sik});
my @aeskey = unpack("C*",$self->{k2});
$self->{aeskey} = pack("C*",(splice @aeskey,0,16));
}
$self->{k2} = hmac_sha1(pack("C*",2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2),$self->{sik});
my @aeskey = unpack("C*",$self->{k2});
$self->{aeskey} = pack("C*",(splice @aeskey,0,16));
$self->{sessionestablishmentcontext} = STATE_EXPECTINGRAKP4;
$self->send_rakp3();
return 0;