Unfortunately I have to correct myself again, I have mixed up different commands: It is not the Get Channel Cipher Suite command which has a limitation of 16 cipher suite ids, it is the Get LAN Configuration Parameter, parameter #23 (RMCP+ Messaging Cipher Suite Entries) and parameter 24 (RMCP+ Messaging Cipher Suite Privilege Levels).
Sorry, Holger From: Liebig, Holger [mailto:holger.lie...@ts.fujitsu.com] Sent: Wednesday, January 16, 2013 2:02 PM To: ipmitool-devel@lists.sourceforge.net Subject: Re: [Ipmitool-devel] cipher suite decoding Hi, Hank Bruning pointed out correctly that my side note is not correct since 0-14 plus 17 would fit exactly into the Get Channel Cipher Suite response. But to some point it is still valid - at least if there would be any addition OEM cipher suite(s) involved. If the HMAC-SHA256 authentication algorithm / HMAC-SHA256-128 integrity algorithm would be combined with the other confidentiality algorithms following the typical definition schema from table 22-19 (None/AES/RC4-128/RC4-40), this would result in the additional cipher suites: Id Authentication Integrity Confidentiality Confirmed 15 HMAC-SHA256 None None No 16 HMAC-SHA256 HMAC-SHA256-128 None No 17 HMAC-SHA256 HMAC-SHA256-128 AES-CBC-128 Yes (DCMI 1.1) 18 HMAC-SHA256 HMAC-SHA256-128 xRC4-128 No 19 HMAC-SHA256 HMAC-SHA256-128 xRC4-40 No Since the Get Channel Cipher Suites Command only defines exactly 16 bytes for Cipher Suite Record Data and if a BMC would have complete support for all possible cipher suites and additional OEM cipher suites (0x80-0xBF), this would be insufficient to host all this information. Holger From: Liebig, Holger [mailto:holger.lie...@ts.fujitsu.com] Sent: Thursday, January 10, 2013 8:28 AM To: '^..^'; ipmitool-devel@lists.sourceforge.net<mailto:ipmitool-devel@lists.sourceforge.net> Subject: Re: [Ipmitool-devel] cipher suite decoding On a side note: If a BMC would implement/support/enable all possible cipher suites (0-15 and 17), the get channel cipher suite command could not report all of them, since the response defines only 16 bytes for the cipher suite record data. Holger
------------------------------------------------------------------------------ Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery and much more. Keep your Java skills current with LearnJavaNow - 200+ hours of step-by-step video tutorials by Java experts. SALE $49.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122612
_______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
