1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
|
#pragma once
#include <openssl/sha.h>
#include <array>
#include <vector>
namespace cipher
{
namespace crypt
{
using buffer = std::vector<uint8_t>;
using key = std::array<uint8_t, SHA_DIGEST_LENGTH>;
/**
* @enum Confidentiality Algorithms
*
* The Confidentiality Algorithm Number specifies the encryption/decryption
* algorithm field that is used for encrypted payload data under the session.
* The ‘encrypted’ bit in the payload type field being set identifies packets
* with payloads that include data that is encrypted per this specification.
* When payload data is encrypted, there may be additional “Confidentiality
* Header” and/or “Confidentiality Trailer” fields that are included within the
* payload. The size and definition of those fields is specific to the
* particular confidentiality algorithm.
*/
enum class Algorithms : uint8_t
{
NONE, /**< No encryption (mandatory option) */
AES_CBC_128, /**< AES-CBC-128 Algorithm (mandatory option) */
xRC4_128, /**< xRC4-128 Algorithm (optional option) */
xRC4_40, /**< xRC4-40 Algorithm (optional option) */
};
/**
* @class Interface
*
* Interface is the base class for the Confidentiality Algorithms.
*/
class Interface
{
public:
/**
* @brief Constructor for Interface
*
* @param[in] - Session Integrity key to generate K2
* @param[in] - Additional keying material to generate K2
*/
explicit Interface(const buffer& sik, const key& addKey);
Interface() = delete;
virtual ~Interface() = default;
Interface(const Interface&) = default;
Interface& operator=(const Interface&) = default;
Interface(Interface&&) = default;
Interface& operator=(Interface&&) = default;
/**
* @brief Decrypt the incoming payload
*
* @param[in] packet - Incoming IPMI packet
* @param[in] sessHeaderLen - Length of the IPMI Session Header
* @param[in] payloadLen - Length of the encrypted IPMI payload
*
* @return decrypted payload if the operation is successful
*/
virtual buffer decryptPayload(
const buffer& packet,
const size_t sessHeaderLen,
const size_t payloadLen) const = 0;
/**
* @brief Encrypt the outgoing payload
*
* @param[in] payload - plain payload for the outgoing IPMI packet
*
* @return encrypted payload if the operation is successful
*
*/
virtual buffer encryptPayload(buffer& payload) const = 0;
/**
* @brief Check if the Confidentiality algorithm is supported
*
* @param[in] algo - confidentiality algorithm
*
* @return true if algorithm is supported else false
*
*/
static bool isAlgorithmSupported(Algorithms algo)
{
if (algo == Algorithms::NONE || algo == Algorithms::AES_CBC_128)
{
return true;
}
else
{
return false;
}
}
protected:
/**
* @brief The Cipher Key is the first 128-bits of key “K2”, K2 is
* generated by processing a pre-defined constant keyed by Session
* Integrity Key (SIK) that was created during session activation.
*/
key k2;
};
/**
* @class AlgoAES128
*
* @brief Implementation of the AES-CBC-128 Confidentiality algorithm
*
* AES-128 uses a 128-bit Cipher Key. The Cipher Key is the first 128-bits of
* key “K2”.Once the Cipher Key has been generated it is used to encrypt
* the payload data. The payload data is padded to make it an integral numbers
* of blocks in length (a block is 16 bytes for AES). The payload is then
* encrypted one block at a time from the lowest data offset to the highest
* using Cipher_Key as specified in AES.
*/
class AlgoAES128 final : public Interface
{
public:
static constexpr size_t AESCBC128ConfHeader = 16;
static constexpr size_t AESCBC128BlockSize = 16;
/**
* RSP needs more keying material than can be provided by session
* integrity key alone. As a result all keying material for the RSP
* confidentiality algorithms will be generated by processing a
* pre-defined set of constants using HMAC per [RFC2104], keyed by SIK.
* These constants are constructed using a hexadecimal octet value
* repeated up to the HMAC block size in length starting with the
* constant 01h. This mechanism can be used to derive up to 255
* HMAC-block-length pieces of keying material from a single SIK.For the
* mandatory confidentiality algorithm AES-CBC-128, processing the
* following constant will generate the required amount of keying
* material.
*/
static constexpr key const2 = { 0x02, 0x02, 0x02, 0x02, 0x02,
0x02, 0x02, 0x02, 0x02, 0x02,
0x02, 0x02, 0x02, 0x02, 0x02,
0x02, 0x02, 0x02, 0x02, 0x02
};
/**
* If confidentiality bytes are present, the value of the first byte is
* one (01h). and all subsequent bytes shall have a monotonically
* increasing value (e.g., 02h, 03h, 04h, etc). The receiver, as an
* additional check for proper decryption, shall check the value of each
* byte of Confidentiality Pad. For AES algorithm, the pad bytes will
* range from 0 to 15 bytes. This predefined array would help in
* doing the additional check.
*/
static constexpr std::array<uint8_t, AESCBC128BlockSize -1>
confPadBytes =
{ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };
/**
* @brief Constructor for AlgoAES128
*
* @param[in] - Session Integrity key
*/
explicit AlgoAES128(const buffer& sik) : Interface(sik, const2) {}
AlgoAES128() = delete;
~AlgoAES128() = default;
AlgoAES128(const AlgoAES128&) = default;
AlgoAES128& operator=(const AlgoAES128&) = default;
AlgoAES128(AlgoAES128&&) = default;
AlgoAES128& operator=(AlgoAES128&&) = default;
/**
* @brief Decrypt the incoming payload
*
* @param[in] packet - Incoming IPMI packet
* @param[in] sessHeaderLen - Length of the IPMI Session Header
* @param[in] payloadLen - Length of the encrypted IPMI payload
*
* @return decrypted payload if the operation is successful
*/
buffer decryptPayload(
const buffer& packet,
const size_t sessHeaderLen,
const size_t payloadLen) const override;
/**
* @brief Encrypt the outgoing payload
*
* @param[in] payload - plain payload for the outgoing IPMI packet
*
* @return encrypted payload if the operation is successful
*
*/
buffer encryptPayload(buffer& payload) const override;
private:
/**
* @brief Decrypt the passed data
*
* @param[in] iv - Initialization vector
* @param[in] input - Pointer to input data
* @param[in] inputLen - Length of input data
*
* @return decrypted data if the operation is successful
*/
buffer decryptData(const uint8_t* iv,
const uint8_t* input,
const int inputLen) const;
/**
* @brief Encrypt the passed data
*
* @param[in] input - Pointer to input data
* @param[in] inputLen - Length of input data
*
* @return encrypted data if the operation is successful
*/
buffer encryptData(const uint8_t* input,
const int inputLen) const;
};
}// namespace crypt
}// namespace cipher
|
