IPMI 通道安全套件相关表项详情
更新时间:2025/06/26
在Gitcode上查看源码修订记录
| openUBMC版本号 | 修订日期 | 修订人 | 修订内容 |
|---|---|---|---|
| 25.06 | 2025/06/26 | pengqiang-gs | 初稿,新增 |
Cipher Suite Record Format
| size | Tag bits [7:6] | Tag bits[5:0] |
|---|---|---|
| 2 or 5 | -- | This field starts off with either a C0h or C1h "Start of Record" byte, depending on whether the Cipher Suite is a standard Cipher Suite ID or an OEM Cipher Suite, respectively Byte 1: [7:0] = 1100_0000b. Start of Record, Standard Cipher Suite Data following C0h (1100_0000b) start of record byte: Byte 2 - Cipher Suite ID This value is used a numeric way of identifying the Cipher Suite on the platform. It’s used in commands and configuration parameters that enable and disable Cipher Suites. See Cipher Suite IDs. [5:0] = 1100_0001b. Start or Record, OEM Cipher Suite Data following C1h (1100_0001) start of record byte: Byte 2 - OEM Cipher Suite ID. See Cipher Suite IDs. Byte 3:5 - OEM IANA Least significant byte first. 3-byte IANA for the OEM or body that defined the Cipher Suite. |
| 1 | 00b | [5:0] = Authentication Algorithm Number. A Cipher Suite is only allowed to utilize one Authentication algorithm. See Authentication Algorithm Numbers |
| var | 01b | [5:0] = Integrity Algorithm Number(s). See Integrity Algorithm Numbers |
| var | 10b | [5:0] = Confidentiality Algorithm Number(s). See Confidentiality Algorithm Numbers |
Cipher Suite IDs
| ID | characteristics | Cipher Suite | Authentication Algorithm | Integrity Algorithm(s) | Confidentiality Algorithm(s) |
|---|---|---|---|---|---|
| 0 | "no password" | 00h, 00h, 00h | RAKP-none | None | None |
| 1 | S | 01h, 00h, 00h | RAKP-HMAC-SHA1 | None | None |
| 2 | S, A | 01h, 01h, 00h | RAKP-HMAC-SHA1 | HMAC-SHA1-96 | None |
| 3 | S, A, E | 01h, 01h, 01h | RAKP-HMAC-SHA1 | HMAC-SHA1-96 | AES-CBC-128 |
| 4 | S, A, E | 01h, 01h, 02h | RAKP-HMAC-SHA1 | HMAC-SHA1-96 | xRC4-128 |
| 5 | S, A, E | 01h, 01h, 03h | RAKP-HMAC-SHA1 | HMAC-SHA1-96 | xRC4-40 |
| 6 | S | 02h, 00h, 00h | RAKP-HMAC-MD5 | None | None |
| 7 | S, A | 02h, 02h, 00h | RAKP-HMAC-MD5 | HMAC-MD5-128 | None |
| 8 | S, A, E | 02h, 02h, 01h | RAKP-HMAC-MD5 | HMAC-MD5-128 | AES-CBC-128 |
| 9 | S, A, E | 02h, 02h, 02h | RAKP-HMAC-MD5 | HMAC-MD5-128 | xRC4-128 |
| 10 | S, A, E | 02h, 02h, 03h | RAKP-HMAC-MD5 | HMAC-MD5-128 | xRC4-40 |
| 11 | S, A | 02h, 03h, 00h | RAKP-HMAC-MD5 | MD5-128 | None |
| 12 | S, A, E | 02h, 03h, 01h | RAKP-HMAC-MD5 | MD5-128 | AES-CBC-128 |
| 13 | S, A, E | 02h, 03h, 02h | RAKP-HMAC-MD5 | MD5-128 | xRC4-128 |
| 14 | S, A, E | 02h, 03h, 03h | RAKP-HMAC-MD5 | MD5-128 | xRC4-40 |
| 15 | S | 03h, 00h, 00h | RAKP-HMAC-SHA256 | None | None |
| 16 | S, A | 03h, 04h, 00h | RAKP-HMAC-SHA256 | HMAC-SHA256-128 | None |
| 17 | S, A, E | 03h, 04h, 01h | RAKP-HMAC-SHA256 | HMAC-SHA256-128 | AES-CBC-128 |
| 18 | S, A, E | 03h, 04h, 02h | RAKP-HMAC-SHA256 | HMAC-SHA256-128 | xRC4-128 |
| 19 | S, A, E | 03h, 04h, 03h | RAKP-HMAC-SHA256 | HMAC-SHA256-128 | xRC4-40 |
| 80h - BFh | OEM specified | OEM specified | OEM specified | OEM specified | OEM specified |
| C0h - FFh | reserved | -- | -- | -- | -- |
Authentication Algorithm Numbers
| number | type | Mandatory /Optional |
|---|---|---|
| 00h | RAKP-none | M |
| 01h | RAKP-HMAC-SHA1 | M |
| 02h | RAKP-HMAC-MD5 | O |
| 03h | RAKP-HMAC-SHA256 | O |
| C0h - FFh | OEM | O |
| all other | reserved | -- |
Integrity Algorithm Numbers
| number | type | Mandatory /Optional |
|---|---|---|
| 00h | none | M |
| 01h | HMAC-SHA1-96 | M |
| 02h | HMAC-MD5-128 | O |
| 03h | MD5-128 | O |
| 04h | HMAC-SHA256-128 | O |
| C0h - FFh | OEM | O |
| all other | reserved | -- |
Confidentiality Algorithm Numbers
| number | type | Mandatory /Optional |
|---|---|---|
| 00h | none | M |
| 01h | AES-CBC-128 | M |
| 02h | xRC4-128 | O |
| 03h | xRC4-40 | O |
| 30h - 3Fh | OEM | O |
| all other | reserved | -- |