diff options
author | Tom Joseph <tomjoseph@in.ibm.com> | 2017-01-24 18:15:39 +0530 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2017-02-22 22:12:42 +0000 |
commit | d08b5235d65d2d358c7df5eef8fbd946ff9ac18b (patch) | |
tree | 3102410542375681deafad179ab501ab129e59b1 | |
parent | 5a2d3ce26dad527e822759d1350580f8c807af33 (diff) | |
download | phosphor-net-ipmid-d08b5235d65d2d358c7df5eef8fbd946ff9ac18b.tar.gz phosphor-net-ipmid-d08b5235d65d2d358c7df5eef8fbd946ff9ac18b.zip |
Interfaces for the Confidentiality Algorithm
This patch defines the interfaces for the confidentaility
algorithm. It provides API to decrypt the cipher payload
and encrypt the plain text payload.
Change-Id: I0c47ee14d5d5574c4d4996e437dffcaa2aa62f9a
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
-rw-r--r-- | Makefile.am | 4 | ||||
-rw-r--r-- | crypt_algo.cpp | 32 | ||||
-rw-r--r-- | crypt_algo.hpp | 92 |
3 files changed, 127 insertions, 1 deletions
diff --git a/Makefile.am b/Makefile.am index 8050126..f4d7856 100644 --- a/Makefile.am +++ b/Makefile.am @@ -37,7 +37,9 @@ netipmid_SOURCES = \ integrity_algo.hpp \ integrity_algo.cpp \ provider_registration.hpp \ - provider_registration.cpp + provider_registration.cpp \ + crypt_algo.hpp \ + crypt_algo.cpp netipmid_CPPFLAGS = -DNET_IPMID_LIB_PATH=\"/usr/lib/net-ipmid/\" netipmid_LDFLAGS = $(SYSTEMD_LIBS) $(CRYPTO_LIBS) $(libmapper_LIBS) $(LIBADD_DLOPEN) -export-dynamic diff --git a/crypt_algo.cpp b/crypt_algo.cpp new file mode 100644 index 0000000..6bd5d94 --- /dev/null +++ b/crypt_algo.cpp @@ -0,0 +1,32 @@ +#include <openssl/evp.h> +#include <openssl/hmac.h> +#include <openssl/rand.h> +#include <numeric> +#include "crypt_algo.hpp" +#include "message_parsers.hpp" + +namespace cipher +{ + +namespace crypt +{ + +Interface::Interface(const buffer& sik, const key& addKey) +{ + unsigned int mdLen = 0; + + // Generated K2 for the confidentiality algorithm with the additional key + // keyed with SIK. + if (HMAC(EVP_sha1(), sik.data(), sik.size(), addKey.data(), + addKey.size(), k2.data(), &mdLen) == NULL) + { + throw std::runtime_error("Generating K2 for confidentiality algorithm" + "failed"); + } +} + +}// namespace crypt + +}// namespace cipher + + diff --git a/crypt_algo.hpp b/crypt_algo.hpp new file mode 100644 index 0000000..deabf53 --- /dev/null +++ b/crypt_algo.hpp @@ -0,0 +1,92 @@ +#pragma once + +#include <openssl/sha.h> +#include <array> +#include <vector> + +namespace cipher +{ + +namespace crypt +{ + +using buffer = std::vector<uint8_t>; +using key = std::array<uint8_t, SHA_DIGEST_LENGTH>; + +/** + * @enum Confidentiality Algorithms + * + * The Confidentiality Algorithm Number specifies the encryption/decryption + * algorithm field that is used for encrypted payload data under the session. + * The ‘encrypted’ bit in the payload type field being set identifies packets + * with payloads that include data that is encrypted per this specification. + * When payload data is encrypted, there may be additional “Confidentiality + * Header” and/or “Confidentiality Trailer” fields that are included within the + * payload. The size and definition of those fields is specific to the + * particular confidentiality algorithm. + */ +enum class Algorithms : uint8_t +{ + NONE, /**< No encryption (mandatory option) */ + AES_CBC_128, /**< AES-CBC-128 Algorithm (mandatory option) */ + xRC4_128, /**< xRC4-128 Algorithm (optional option) */ + xRC4_40, /**< xRC4-40 Algorithm (optional option) */ +}; + +/** + * @class Interface + * + * Interface is the base class for the Confidentiality Algorithms. + */ +class Interface +{ + public: + /** + * @brief Constructor for Interface + * + * @param[in] - Session Integrity key to generate K2 + * @param[in] - Additional keying material to generate K2 + */ + explicit Interface(const buffer& sik, const key& addKey); + + Interface() = delete; + virtual ~Interface() = default; + Interface(const Interface&) = default; + Interface& operator=(const Interface&) = default; + Interface(Interface&&) = default; + Interface& operator=(Interface&&) = default; + + /** + * @brief Decrypt the incoming payload + * + * @param[in] packet - Incoming IPMI packet + * @param[in] sessHeaderLen - Length of the IPMI Session Header + * @param[in] payloadLen - Length of the encrypted IPMI payload + * + * @return decrypted payload if the operation is successful + */ + virtual buffer decryptPayload( + const buffer& packet, + const size_t sessHeaderLen, + const size_t payloadLen) const = 0; + + /** + * @brief Encrypt the outgoing payload + * + * @param[in] payload - plain payload for the outgoing IPMI packet + * + * @return encrypted payload if the operation is successful + * + */ + virtual buffer encryptPayload(buffer& payload) const = 0; + + protected: + + /** @brief K2 is the key used for encrypting data */ + key k2; +}; + +}// namespace crypt + +}// namespace cipher + |