Interfaces for the Confidentiality Algorithm
This patch defines the interfaces for the confidentaility
algorithm. It provides API to decrypt the cipher payload
and encrypt the plain text payload.
Change-Id: I0c47ee14d5d5574c4d4996e437dffcaa2aa62f9a
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
diff --git a/Makefile.am b/Makefile.am
index 8050126..f4d7856 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -37,7 +37,9 @@
integrity_algo.hpp \
integrity_algo.cpp \
provider_registration.hpp \
- provider_registration.cpp
+ provider_registration.cpp \
+ crypt_algo.hpp \
+ crypt_algo.cpp
netipmid_CPPFLAGS = -DNET_IPMID_LIB_PATH=\"/usr/lib/net-ipmid/\"
netipmid_LDFLAGS = $(SYSTEMD_LIBS) $(CRYPTO_LIBS) $(libmapper_LIBS) $(LIBADD_DLOPEN) -export-dynamic
diff --git a/crypt_algo.cpp b/crypt_algo.cpp
new file mode 100644
index 0000000..6bd5d94
--- /dev/null
+++ b/crypt_algo.cpp
@@ -0,0 +1,32 @@
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <numeric>
+#include "crypt_algo.hpp"
+#include "message_parsers.hpp"
+
+namespace cipher
+{
+
+namespace crypt
+{
+
+Interface::Interface(const buffer& sik, const key& addKey)
+{
+ unsigned int mdLen = 0;
+
+ // Generated K2 for the confidentiality algorithm with the additional key
+ // keyed with SIK.
+ if (HMAC(EVP_sha1(), sik.data(), sik.size(), addKey.data(),
+ addKey.size(), k2.data(), &mdLen) == NULL)
+ {
+ throw std::runtime_error("Generating K2 for confidentiality algorithm"
+ "failed");
+ }
+}
+
+}// namespace crypt
+
+}// namespace cipher
+
+
diff --git a/crypt_algo.hpp b/crypt_algo.hpp
new file mode 100644
index 0000000..deabf53
--- /dev/null
+++ b/crypt_algo.hpp
@@ -0,0 +1,92 @@
+#pragma once
+
+#include <openssl/sha.h>
+#include <array>
+#include <vector>
+
+namespace cipher
+{
+
+namespace crypt
+{
+
+using buffer = std::vector<uint8_t>;
+using key = std::array<uint8_t, SHA_DIGEST_LENGTH>;
+
+/**
+ * @enum Confidentiality Algorithms
+ *
+ * The Confidentiality Algorithm Number specifies the encryption/decryption
+ * algorithm field that is used for encrypted payload data under the session.
+ * The ‘encrypted’ bit in the payload type field being set identifies packets
+ * with payloads that include data that is encrypted per this specification.
+ * When payload data is encrypted, there may be additional “Confidentiality
+ * Header” and/or “Confidentiality Trailer” fields that are included within the
+ * payload. The size and definition of those fields is specific to the
+ * particular confidentiality algorithm.
+ */
+enum class Algorithms : uint8_t
+{
+ NONE, /**< No encryption (mandatory option) */
+ AES_CBC_128, /**< AES-CBC-128 Algorithm (mandatory option) */
+ xRC4_128, /**< xRC4-128 Algorithm (optional option) */
+ xRC4_40, /**< xRC4-40 Algorithm (optional option) */
+};
+
+/**
+ * @class Interface
+ *
+ * Interface is the base class for the Confidentiality Algorithms.
+ */
+class Interface
+{
+ public:
+ /**
+ * @brief Constructor for Interface
+ *
+ * @param[in] - Session Integrity key to generate K2
+ * @param[in] - Additional keying material to generate K2
+ */
+ explicit Interface(const buffer& sik, const key& addKey);
+
+ Interface() = delete;
+ virtual ~Interface() = default;
+ Interface(const Interface&) = default;
+ Interface& operator=(const Interface&) = default;
+ Interface(Interface&&) = default;
+ Interface& operator=(Interface&&) = default;
+
+ /**
+ * @brief Decrypt the incoming payload
+ *
+ * @param[in] packet - Incoming IPMI packet
+ * @param[in] sessHeaderLen - Length of the IPMI Session Header
+ * @param[in] payloadLen - Length of the encrypted IPMI payload
+ *
+ * @return decrypted payload if the operation is successful
+ */
+ virtual buffer decryptPayload(
+ const buffer& packet,
+ const size_t sessHeaderLen,
+ const size_t payloadLen) const = 0;
+
+ /**
+ * @brief Encrypt the outgoing payload
+ *
+ * @param[in] payload - plain payload for the outgoing IPMI packet
+ *
+ * @return encrypted payload if the operation is successful
+ *
+ */
+ virtual buffer encryptPayload(buffer& payload) const = 0;
+
+ protected:
+
+ /** @brief K2 is the key used for encrypting data */
+ key k2;
+};
+
+}// namespace crypt
+
+}// namespace cipher
+