Interfaces for the Confidentiality Algorithm
This patch defines the interfaces for the confidentaility
algorithm. It provides API to decrypt the cipher payload
and encrypt the plain text payload.
Change-Id: I0c47ee14d5d5574c4d4996e437dffcaa2aa62f9a
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
diff --git a/crypt_algo.hpp b/crypt_algo.hpp
new file mode 100644
index 0000000..deabf53
--- /dev/null
+++ b/crypt_algo.hpp
@@ -0,0 +1,92 @@
+#pragma once
+
+#include <openssl/sha.h>
+#include <array>
+#include <vector>
+
+namespace cipher
+{
+
+namespace crypt
+{
+
+using buffer = std::vector<uint8_t>;
+using key = std::array<uint8_t, SHA_DIGEST_LENGTH>;
+
+/**
+ * @enum Confidentiality Algorithms
+ *
+ * The Confidentiality Algorithm Number specifies the encryption/decryption
+ * algorithm field that is used for encrypted payload data under the session.
+ * The ‘encrypted’ bit in the payload type field being set identifies packets
+ * with payloads that include data that is encrypted per this specification.
+ * When payload data is encrypted, there may be additional “Confidentiality
+ * Header” and/or “Confidentiality Trailer” fields that are included within the
+ * payload. The size and definition of those fields is specific to the
+ * particular confidentiality algorithm.
+ */
+enum class Algorithms : uint8_t
+{
+ NONE, /**< No encryption (mandatory option) */
+ AES_CBC_128, /**< AES-CBC-128 Algorithm (mandatory option) */
+ xRC4_128, /**< xRC4-128 Algorithm (optional option) */
+ xRC4_40, /**< xRC4-40 Algorithm (optional option) */
+};
+
+/**
+ * @class Interface
+ *
+ * Interface is the base class for the Confidentiality Algorithms.
+ */
+class Interface
+{
+ public:
+ /**
+ * @brief Constructor for Interface
+ *
+ * @param[in] - Session Integrity key to generate K2
+ * @param[in] - Additional keying material to generate K2
+ */
+ explicit Interface(const buffer& sik, const key& addKey);
+
+ Interface() = delete;
+ virtual ~Interface() = default;
+ Interface(const Interface&) = default;
+ Interface& operator=(const Interface&) = default;
+ Interface(Interface&&) = default;
+ Interface& operator=(Interface&&) = default;
+
+ /**
+ * @brief Decrypt the incoming payload
+ *
+ * @param[in] packet - Incoming IPMI packet
+ * @param[in] sessHeaderLen - Length of the IPMI Session Header
+ * @param[in] payloadLen - Length of the encrypted IPMI payload
+ *
+ * @return decrypted payload if the operation is successful
+ */
+ virtual buffer decryptPayload(
+ const buffer& packet,
+ const size_t sessHeaderLen,
+ const size_t payloadLen) const = 0;
+
+ /**
+ * @brief Encrypt the outgoing payload
+ *
+ * @param[in] payload - plain payload for the outgoing IPMI packet
+ *
+ * @return encrypted payload if the operation is successful
+ *
+ */
+ virtual buffer encryptPayload(buffer& payload) const = 0;
+
+ protected:
+
+ /** @brief K2 is the key used for encrypting data */
+ key k2;
+};
+
+}// namespace crypt
+
+}// namespace cipher
+