freeipmi-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Freeipmi-devel] Patch for SHA256 Support

From: Liebig, Holger
Subject: RE: [Freeipmi-devel] Patch for SHA256 Support
Date: Fri, 30 Jul 2010 08:25:27 +0200 
> 
> Hi Holger,
> 
> Thanks for the patch.  This was on my todo, but w/o a motherboard to
> test on, I just let it linger.  

Freeipmi was a good counterpart for testing the BMC implementation, if only the 
turnaround times for a make cycle would be shorter ;)

> I think you forgot to add the
> appropriate permutation of cipher suite/SHA256 into
> libfreeipmi/src/debug/ and the manpages in common/man/, but no worries,
> I can add that myself.
> 
> Only one question, are cipher suites 15-17 defined in the upcoming DCMI
> 1.1?  ASAIK it hasn't been released publicly.  I have a tiny concern
> about committing something that is not yet finalized.  Or is DCMI 1.1
> finalized and going to be released publicly soon??

As far as I know, it is supposed to be published end of this month if there are 
no major objections from others. There is no need to commit the patch before, I 
just wanted to let you know that most of the work is done and if there is any 
other feedback it's more than welcome.

Only Cipher Suite 17 in the mentioned combination (3/4/1) is mentioned in the 
latest review copy of DCMI 1.1, that's why I skipped the other combinations. 
There seem to be (strong) requests from DCMI customers to add a stronger 
authentication algorithm than HMAC_SHA1, who knows why. 

Too bad Intel forgot to add the Cipher Suite Numbers into the IPMI 2.0 errata 
4. 

Holger

> On Thu, 2010-07-29 at 06:07 -0700, Liebig, Holger wrote:
> > Hi all,
> > please find attached the required modification for SHA256 and Cipher
> > Suite 17 support in freeipmi. SHA256 has been added in IPMI 2.0 Errata
> > 4 and is also one of the recommended Cipher Suites of the upcoming
> > DCMI 1.1 Specification (where the Cipher Suite number is taken from).
> > The modifications itself are straight forward, I just had to find all
> > the places.
> >
> > Comments or feedback is more than welcome, especially if it works with
> > other vendor implementations.
> >
> > Thanks,
> > Holger
> >
> >
> >
> >
> >
> --
> Albert Chu
> address@hidden
> Computer Scientist
> High Performance Systems Division
> Lawrence Livermore National Laboratory
reply via email to
[Prev in Thread] Current Thread [Next in Thread]