crypt_algo.hpp - openbmc/phosphor-net-ipmid - Gitiles

 #pragma once

 #include <openssl/sha.h>
 #include <array>
 #include <vector>

 namespace cipher
 {

 namespace crypt
 {

 using buffer = std::vector<uint8_t>;
 using key = std::array<uint8_t, SHA_DIGEST_LENGTH>;

 /**
  * @enum Confidentiality Algorithms
  *
  * The Confidentiality Algorithm Number specifies the encryption/decryption
  * algorithm field that is used for encrypted payload data under the session.
  * The ‘encrypted’ bit in the payload type field being set identifies packets
  * with payloads that include data that is encrypted per this specification.
  * When payload data is encrypted, there may be additional “Confidentiality
  * Header” and/or “Confidentiality Trailer” fields that are included within the
  * payload. The size and definition of those fields is specific to the
  * particular confidentiality algorithm.
  */
 enum class Algorithms : uint8_t
 {
     NONE,               /**< No encryption (mandatory option) */
     AES_CBC_128,        /**< AES-CBC-128 Algorithm (mandatory option) */
     xRC4_128,           /**< xRC4-128 Algorithm (optional option) */
     xRC4_40,            /**< xRC4-40 Algorithm (optional option) */
 };

 /**
  * @class Interface
  *
  * Interface is the base class for the Confidentiality Algorithms.
  */
 class Interface
 {
     public:
         /**
          * @brief Constructor for Interface
          *
          * @param[in] - Session Integrity key to generate K2
          * @param[in] - Additional keying material to generate K2
          */
         explicit Interface(const buffer& sik, const key& addKey);

         Interface() = delete;
         virtual ~Interface() = default;
         Interface(const Interface&) = default;
         Interface& operator=(const Interface&) = default;
         Interface(Interface&&) = default;
         Interface& operator=(Interface&&) = default;

         /**
          * @brief Decrypt the incoming payload
          *
          * @param[in] packet - Incoming IPMI packet
          * @param[in] sessHeaderLen - Length of the IPMI Session Header
          * @param[in] payloadLen - Length of the encrypted IPMI payload
          *
          * @return decrypted payload if the operation is successful
          */
         virtual buffer decryptPayload(
                 const buffer& packet,
                 const size_t sessHeaderLen,
                 const size_t payloadLen) const = 0;

         /**
          * @brief Encrypt the outgoing payload
          *
          * @param[in] payload - plain payload for the outgoing IPMI packet
          *
          * @return encrypted payload if the operation is successful
          *
          */
         virtual buffer encryptPayload(buffer& payload) const = 0;

     protected:

         /** @brief K2 is the key used for encrypting data */
         key k2;
 };

 }// namespace crypt

 }// namespace cipher
	#pragma once

	#include <openssl/sha.h>
	#include <array>
	#include <vector>

	namespace cipher
	{

	namespace crypt
	{

	using buffer = std::vector<uint8_t>;
	using key = std::array<uint8_t, SHA_DIGEST_LENGTH>;

	/**
	* @enum Confidentiality Algorithms
	*
	* The Confidentiality Algorithm Number specifies the encryption/decryption
	* algorithm field that is used for encrypted payload data under the session.
	* The ‘encrypted’ bit in the payload type field being set identifies packets
	* with payloads that include data that is encrypted per this specification.
	* When payload data is encrypted, there may be additional “Confidentiality
	* Header” and/or “Confidentiality Trailer” fields that are included within the
	* payload. The size and definition of those fields is specific to the
	* particular confidentiality algorithm.
	*/
	enum class Algorithms : uint8_t
	{
	NONE, /*< No encryption (mandatory option) /
	AES_CBC_128, /*< AES-CBC-128 Algorithm (mandatory option) /
	xRC4_128, /*< xRC4-128 Algorithm (optional option) /
	xRC4_40, /*< xRC4-40 Algorithm (optional option) /
	};

	/**
	* @class Interface
	*
	* Interface is the base class for the Confidentiality Algorithms.
	*/
	class Interface
	{
	public:
	/**
	* @brief Constructor for Interface
	*
	* @param[in] - Session Integrity key to generate K2
	* @param[in] - Additional keying material to generate K2
	*/
	explicit Interface(const buffer& sik, const key& addKey);

	Interface() = delete;
	virtual ~Interface() = default;
	Interface(const Interface&) = default;
	Interface& operator=(const Interface&) = default;
	Interface(Interface&&) = default;
	Interface& operator=(Interface&&) = default;

	/**
	* @brief Decrypt the incoming payload
	*
	* @param[in] packet - Incoming IPMI packet
	* @param[in] sessHeaderLen - Length of the IPMI Session Header
	* @param[in] payloadLen - Length of the encrypted IPMI payload
	*
	* @return decrypted payload if the operation is successful
	*/
	virtual buffer decryptPayload(
	const buffer& packet,
	const size_t sessHeaderLen,
	const size_t payloadLen) const = 0;

	/**
	* @brief Encrypt the outgoing payload
	*
	* @param[in] payload - plain payload for the outgoing IPMI packet
	*
	* @return encrypted payload if the operation is successful
	*
	*/
	virtual buffer encryptPayload(buffer& payload) const = 0;

	protected:

	/** @brief K2 is the key used for encrypting data */
	key k2;
	};

	}// namespace crypt

	}// namespace cipher