Lines Matching +full:16 +full:- +full:input
22 * PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED.
54 * SIDm - Remote console session ID
55 * SIDc - BMC session ID
56 * Rm - Remote console random number
57 * Rc - BMC random number
58 * GUIDc - BMC guid
59 * ROLEm - Requested privilege level (entire byte)
60 * ULENGTHm - Username length
61 * <UNAMEm> - Username (absent for null user names)
83 if (session->v2_data.auth_alg == IPMI_AUTH_RAKP_NONE) in lanplus_rakp2_hmac_matches()
87 assert(session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1); in lanplus_rakp2_hmac_matches()
93 16 + /* Rm */ in lanplus_rakp2_hmac_matches()
94 16 + /* Rc */ in lanplus_rakp2_hmac_matches()
95 16 + /* GUIDc */ in lanplus_rakp2_hmac_matches()
98 strlen((const char *)intf->ssn_params.username); /* optional */ in lanplus_rakp2_hmac_matches()
112 SIDm_lsbf = session->v2_data.console_id; in lanplus_rakp2_hmac_matches()
120 SIDc_lsbf = session->v2_data.bmc_id; in lanplus_rakp2_hmac_matches()
128 for (i = 0; i < 16; ++i) in lanplus_rakp2_hmac_matches()
129 buffer[8 + i] = session->v2_data.console_rand[16 - 1 - i]; in lanplus_rakp2_hmac_matches()
131 for (i = 0; i < 16; ++i) in lanplus_rakp2_hmac_matches()
132 buffer[8 + i] = session->v2_data.console_rand[i]; in lanplus_rakp2_hmac_matches()
137 for (i = 0; i < 16; ++i) in lanplus_rakp2_hmac_matches()
138 buffer[24 + i] = session->v2_data.bmc_rand[16 - 1 - i]; in lanplus_rakp2_hmac_matches()
140 for (i = 0; i < 16; ++i) in lanplus_rakp2_hmac_matches()
141 buffer[24 + i] = session->v2_data.bmc_rand[i]; in lanplus_rakp2_hmac_matches()
146 for (i = 0; i < 16; ++i) in lanplus_rakp2_hmac_matches()
147 buffer[40 + i] = session->v2_data.bmc_guid[16 - 1 - i]; in lanplus_rakp2_hmac_matches()
149 for (i = 0; i < 16; ++i) in lanplus_rakp2_hmac_matches()
150 buffer[40 + i] = session->v2_data.bmc_guid[i]; in lanplus_rakp2_hmac_matches()
154 buffer[56] = session->v2_data.requested_role; in lanplus_rakp2_hmac_matches()
166 buffer[57] = strlen((const char *)intf->ssn_params.username); in lanplus_rakp2_hmac_matches()
170 buffer[58 + i] = intf->ssn_params.username[i]; in lanplus_rakp2_hmac_matches()
174 printbuf((const uint8_t *)buffer, bufferLength, ">> rakp2 mac input buffer"); in lanplus_rakp2_hmac_matches()
175 printbuf((const uint8_t *)session->authcode, IPMI_AUTHCODE_BUFFER_SIZE, ">> rakp2 mac key"); in lanplus_rakp2_hmac_matches()
181 lanplus_HMAC(session->v2_data.auth_alg, in lanplus_rakp2_hmac_matches()
182 session->authcode, in lanplus_rakp2_hmac_matches()
211 * Rm - Remote console random number
212 * SIDc - BMC session ID
213 * GUIDc - BMC guid
237 if (session->v2_data.integrity_alg == IPMI_INTEGRITY_NONE) in lanplus_rakp4_hmac_matches()
241 assert(session->v2_data.integrity_alg == IPMI_INTEGRITY_HMAC_SHA1_96); in lanplus_rakp4_hmac_matches()
243 if (session->v2_data.auth_alg == IPMI_AUTH_RAKP_NONE) in lanplus_rakp4_hmac_matches()
247 assert(session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1); in lanplus_rakp4_hmac_matches()
251 16 + /* Rm */ in lanplus_rakp4_hmac_matches()
253 16; /* GUIDc */ in lanplus_rakp4_hmac_matches()
268 for (i = 0; i < 16; ++i) in lanplus_rakp4_hmac_matches()
269 buffer[i] = session->v2_data.console_rand[16 - 1 - i]; in lanplus_rakp4_hmac_matches()
271 for (i = 0; i < 16; ++i) in lanplus_rakp4_hmac_matches()
272 buffer[i] = session->v2_data.console_rand[i]; in lanplus_rakp4_hmac_matches()
277 SIDc_lsbf = session->v2_data.bmc_id; in lanplus_rakp4_hmac_matches()
281 memcpy(buffer + 16, &SIDc_lsbf, 4); in lanplus_rakp4_hmac_matches()
286 for (i = 0; i < 16; ++i) in lanplus_rakp4_hmac_matches()
287 buffer[i + 20] = session->v2_data.bmc_guid[16 - 1 - i]; in lanplus_rakp4_hmac_matches()
289 for (i = 0; i < 16; ++i) in lanplus_rakp4_hmac_matches()
290 buffer[i + 20] = session->v2_data.bmc_guid[i]; in lanplus_rakp4_hmac_matches()
296 printbuf((const uint8_t *)buffer, bufferLength, ">> rakp4 mac input buffer"); in lanplus_rakp4_hmac_matches()
297 printbuf(session->v2_data.sik, 20l, ">> rakp4 mac key (sik)"); in lanplus_rakp4_hmac_matches()
305 ? session->v2_data.integrity_alg in lanplus_rakp4_hmac_matches()
306 : session->v2_data.auth_alg , in lanplus_rakp4_hmac_matches()
307 session->v2_data.sik, in lanplus_rakp4_hmac_matches()
335 * Rc - BMC random number
336 * SIDm - Console session ID
337 * ROLEm - Requested privilege level (entire byte)
338 * ULENGTHm - Username length
339 * <USERNAME> - Usename (absent for null usernames)
364 if (session->v2_data.auth_alg == IPMI_AUTH_RAKP_NONE) in lanplus_generate_rakp3_authcode()
371 assert(session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1); in lanplus_generate_rakp3_authcode()
374 16 + /* Rc */ in lanplus_generate_rakp3_authcode()
378 strlen((const char *)intf->ssn_params.username); in lanplus_generate_rakp3_authcode()
393 for (i = 0; i < 16; ++i) in lanplus_generate_rakp3_authcode()
394 input_buffer[i] = session->v2_data.bmc_rand[16 - 1 - i]; in lanplus_generate_rakp3_authcode()
396 for (i = 0; i < 16; ++i) in lanplus_generate_rakp3_authcode()
397 input_buffer[i] = session->v2_data.bmc_rand[i]; in lanplus_generate_rakp3_authcode()
401 SIDm_lsbf = session->v2_data.console_id; in lanplus_generate_rakp3_authcode()
405 memcpy(input_buffer + 16, &SIDm_lsbf, 4); in lanplus_generate_rakp3_authcode()
409 input_buffer[20] = intf->ssn_params.privlvl; in lanplus_generate_rakp3_authcode()
411 input_buffer[20] = session->v2_data.requested_role; in lanplus_generate_rakp3_authcode()
414 input_buffer[21] = strlen((const char *)intf->ssn_params.username); in lanplus_generate_rakp3_authcode()
418 input_buffer[22 + i] = intf->ssn_params.username[i]; in lanplus_generate_rakp3_authcode()
422 printbuf((const uint8_t *)input_buffer, input_buffer_length, ">> rakp3 mac input buffer"); in lanplus_generate_rakp3_authcode()
423 printbuf((const uint8_t *)session->authcode, IPMI_AUTHCODE_BUFFER_SIZE, ">> rakp3 mac key"); in lanplus_generate_rakp3_authcode()
426 lanplus_HMAC(session->v2_data.auth_alg, in lanplus_generate_rakp3_authcode()
427 session->authcode, in lanplus_generate_rakp3_authcode()
454 * Rm - Console generated random number
455 * Rc - BMC generated random number
456 * ROLEm - Requested privilege level (entire byte)
457 * ULENGTHm - Username length
458 * <USERNAME> - Usename (absent for null usernames)
460 * The key used to generated the SIK is Kg if Kg is not null (two-key logins are
467 * param session [in/out] contains our input and output fields.
481 memset(session->v2_data.sik, 0, IPMI_SIK_BUFFER_SIZE); in lanplus_generate_sik()
483 if (session->v2_data.auth_alg == IPMI_AUTH_RAKP_NONE) in lanplus_generate_sik()
487 assert(session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1); in lanplus_generate_sik()
490 16 + /* Rm */ in lanplus_generate_sik()
491 16 + /* Rc */ in lanplus_generate_sik()
494 strlen((const char *)intf->ssn_params.username); in lanplus_generate_sik()
509 for (i = 0; i < 16; ++i) in lanplus_generate_sik()
510 input_buffer[i] = session->v2_data.console_rand[16 - 1 - i]; in lanplus_generate_sik()
512 for (i = 0; i < 16; ++i) in lanplus_generate_sik()
513 input_buffer[i] = session->v2_data.console_rand[i]; in lanplus_generate_sik()
519 for (i = 0; i < 16; ++i) in lanplus_generate_sik()
520 input_buffer[16 + i] = session->v2_data.bmc_rand[16 - 1 - i]; in lanplus_generate_sik()
522 for (i = 0; i < 16; ++i) in lanplus_generate_sik()
523 input_buffer[16 + i] = session->v2_data.bmc_rand[i]; in lanplus_generate_sik()
527 input_buffer[32] = session->v2_data.requested_role; in lanplus_generate_sik()
539 input_buffer[33] = strlen((const char *)intf->ssn_params.username); in lanplus_generate_sik()
543 input_buffer[34 + i] = intf->ssn_params.username[i]; in lanplus_generate_sik()
545 if (intf->ssn_params.kg[0]) in lanplus_generate_sik()
553 input_key = intf->ssn_params.kg; in lanplus_generate_sik()
558 input_key = session->authcode; in lanplus_generate_sik()
563 printbuf((const uint8_t *)input_buffer, input_buffer_length, "session integrity key input"); in lanplus_generate_sik()
565 lanplus_HMAC(session->v2_data.auth_alg, in lanplus_generate_sik()
570 session->v2_data.sik, in lanplus_generate_sik()
582 printbuf(session->v2_data.sik, 20, "Generated session integrity key"); in lanplus_generate_sik()
611 if (session->v2_data.auth_alg == IPMI_AUTH_RAKP_NONE) in lanplus_generate_k1()
612 memcpy(session->v2_data.k1, CONST_1, 20); in lanplus_generate_k1()
615 lanplus_HMAC(session->v2_data.auth_alg, in lanplus_generate_k1()
616 session->v2_data.sik, in lanplus_generate_k1()
620 session->v2_data.k1, in lanplus_generate_k1()
626 printbuf(session->v2_data.k1, 20, "Generated K1"); in lanplus_generate_k1()
655 if (session->v2_data.auth_alg == IPMI_AUTH_RAKP_NONE) in lanplus_generate_k2()
656 memcpy(session->v2_data.k2, CONST_2, 20); in lanplus_generate_k2()
659 lanplus_HMAC(session->v2_data.auth_alg, in lanplus_generate_k2()
660 session->v2_data.sik, in lanplus_generate_k2()
664 session->v2_data.k2, in lanplus_generate_k2()
670 printbuf(session->v2_data.k2, 20, "Generated K2"); in lanplus_generate_k2()
680 * Perform the appropriate encryption on the input data. Output the encrypted
682 * If the crypt_alg is IPMI_CRYPT_NONE, simply copy the input to the output and
685 * param crypt_alg specifies the encryption algorithm (from table 13-19 of the
687 * param key is the used as input to the encryption algorithmf
688 * param input is the input data to be encrypted
689 * param input_length is the length of the input data to be encrypted
699 const uint8_t * key, const uint8_t * input, in lanplus_encrypt_payload() argument
709 /* Just copy the input to the output */ in lanplus_encrypt_payload()
720 * The input to the AES encryption algorithm has to be a multiple of the in lanplus_encrypt_payload()
721 * block size (16 bytes). The extra byte we are adding is the pad length in lanplus_encrypt_payload()
726 pad_length = IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE - mod; in lanplus_encrypt_payload()
733 memcpy(padded_input, input, input_length); in lanplus_encrypt_payload()
761 input_length + pad_length + 1, /* Input length */ in lanplus_encrypt_payload()
783 * - this is not an IPMIv2 packet
784 * - the session is not yet active
785 * - the packet specifies that it is not authenticated
786 * - the integrity algorithm agreed upon during session creation is "none"
808 if ((rs->session.authtype != IPMI_SESSION_AUTHTYPE_RMCP_PLUS) || in lanplus_has_valid_auth_code()
809 (session->v2_data.session_state != LANPLUS_STATE_ACTIVE) || in lanplus_has_valid_auth_code()
810 (! rs->session.bAuthenticated) || in lanplus_has_valid_auth_code()
811 (session->v2_data.integrity_alg == IPMI_INTEGRITY_NONE)) in lanplus_has_valid_auth_code()
814 /* We only support SHA1-96 now */ in lanplus_has_valid_auth_code()
815 assert(session->v2_data.integrity_alg == IPMI_INTEGRITY_HMAC_SHA1_96); in lanplus_has_valid_auth_code()
818 * For SHA1-96, the authcode will be the last 12 bytes in the packet in lanplus_has_valid_auth_code()
820 bmc_authcode = rs->data + (rs->data_len - IPMI_SHA1_AUTHCODE_SIZE); in lanplus_has_valid_auth_code()
822 lanplus_HMAC(session->v2_data.integrity_alg, in lanplus_has_valid_auth_code()
823 session->v2_data.k1, in lanplus_has_valid_auth_code()
825 rs->data + IPMI_LANPLUS_OFFSET_AUTHTYPE, in lanplus_has_valid_auth_code()
826 rs->data_len - IPMI_LANPLUS_OFFSET_AUTHTYPE - IPMI_SHA1_AUTHCODE_SIZE, in lanplus_has_valid_auth_code()
833 printbuf(session->v2_data.k1, 20, "K1"); in lanplus_has_valid_auth_code()
834 printbuf(rs->data + IPMI_LANPLUS_OFFSET_AUTHTYPE, in lanplus_has_valid_auth_code()
835 rs->data_len - IPMI_LANPLUS_OFFSET_AUTHTYPE - IPMI_SHA1_AUTHCODE_SIZE, in lanplus_has_valid_auth_code()
836 "Authcode Input Data"); in lanplus_has_valid_auth_code()
852 * param input points to the beginning of the payload (which will be the IV if
862 const uint8_t * input, uint32_t input_length, in lanplus_decrypt_payload() argument
872 memmove(output, input, input_length); in lanplus_decrypt_payload()
886 lanplus_decrypt_aes_cbc_128(input, /* IV */ in lanplus_decrypt_payload()
888 input + in lanplus_decrypt_payload()
890 input_length - in lanplus_decrypt_payload()
891 IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE, /* Input length */ in lanplus_decrypt_payload()
909 conf_pad_length = decrypted_payload[bytes_decrypted - 1]; in lanplus_decrypt_payload()
910 *payload_size = bytes_decrypted - conf_pad_length - 1; in lanplus_decrypt_payload()