Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-host-ipmid / f60be6943395f0d9283debc6e5fc558b7fca89ef / . / user_channel / cipher_mgmt.cpp
blob: 01518c63edba6a71dea01ec9b506e05ca4a8c6f8 [file] [log] [blame]
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]1/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#include "cipher_mgmt.hpp"
17
18#include <fcntl.h>
19#include <sys/stat.h>
20#include <sys/types.h>
21#include <unistd.h>
22
George Liu82844ef2024-07-17 17:03:56 +0800[diff] [blame]23#include <phosphor-logging/lg2.hpp>
Patrick Williamsfbc6c9d2023-05-10 07:50:16 -0500[diff] [blame]24
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]25#include <filesystem>
26#include <fstream>
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]27
28namespace ipmi
29{
30
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]31using Json = nlohmann::json;
32namespace fs = std::filesystem;
33
34CipherConfig& getCipherConfigObject(const std::string& csFileName,
35 const std::string& csDefaultFileName)
36{
37 static CipherConfig cipherConfig(csFileName, csDefaultFileName);
38 return cipherConfig;
39}
40
41CipherConfig::CipherConfig(const std::string& csFileName,
42 const std::string& csDefaultFileName) :
43 cipherSuitePrivFileName(csFileName),
44 cipherSuiteDefaultPrivFileName(csDefaultFileName)
45{
46 loadCSPrivilegesToMap();
47}
48
49void CipherConfig::loadCSPrivilegesToMap()
50{
51 if (!fs::exists(cipherSuiteDefaultPrivFileName))
52 {
George Liu82844ef2024-07-17 17:03:56 +0800[diff] [blame]53 lg2::error("CS privilege levels default file does not exist...");
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]54 }
55 else
56 {
57 // read default privileges
58 Json data = readCSPrivilegeLevels(cipherSuiteDefaultPrivFileName);
59
60 // load default privileges
61 updateCSPrivilegesMap(data);
62
63 // check for user-saved privileges
64 if (fs::exists(cipherSuitePrivFileName))
65 {
66 data = readCSPrivilegeLevels(cipherSuitePrivFileName);
67 if (data != nullptr)
68 {
69 // update map with user-saved privileges by merging (overriding)
70 // values from the defaults
71 updateCSPrivilegesMap(data);
72 }
73 }
74 }
75}
76
77void CipherConfig::updateCSPrivilegesMap(const Json& jsonData)
78{
79 for (uint8_t chNum = 0; chNum < ipmi::maxIpmiChannels; chNum++)
80 {
81 std::string chKey = "Channel" + std::to_string(chNum);
82 for (uint8_t csNum = 0; csNum < maxCSRecords; csNum++)
83 {
84 auto csKey = "CipherID" + std::to_string(csNum);
85
86 if (jsonData.find(chKey) != jsonData.end())
87 {
88 csPrivilegeMap[{chNum, csNum}] = convertToPrivLimitIndex(
89 static_cast<std::string>(jsonData[chKey][csKey]));
90 }
91 }
92 }
93}
94
95Json CipherConfig::readCSPrivilegeLevels(const std::string& csFileName)
96{
97 std::ifstream jsonFile(csFileName);
98 if (!jsonFile.good())
99 {
George Liu82844ef2024-07-17 17:03:56 +0800[diff] [blame]100 lg2::error("JSON file not found");
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]101 return nullptr;
102 }
103
104 Json data = nullptr;
105 try
106 {
107 data = Json::parse(jsonFile, nullptr, false);
108 }
Patrick Williamsa2ad2da2021-10-06 12:21:46 -0500[diff] [blame]109 catch (const Json::parse_error& e)
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]110 {
George Liu82844ef2024-07-17 17:03:56 +0800[diff] [blame]111 lg2::error(
112 "Corrupted cipher suite privilege levels config file: {ERROR}",
113 "ERROR", e);
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]114 }
115
116 return data;
117}
118
119int CipherConfig::writeCSPrivilegeLevels(const Json& jsonData)
120{
Patrick Williams1318a5e2024-08-16 15:19:54 -0400[diff] [blame]121 std::string tmpFile =
122 static_cast<std::string>(cipherSuitePrivFileName) + "_tmpXXXXXX";
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]123
Willy Tu11d68892022-01-20 10:37:34 -0800[diff] [blame]124 std::vector<char> tmpRandomFile(tmpFile.length() + 1);
125 strncpy(tmpRandomFile.data(), tmpFile.c_str(), tmpFile.length() + 1);
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]126
Willy Tu11d68892022-01-20 10:37:34 -0800[diff] [blame]127 int fd = mkstemp(tmpRandomFile.data());
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]128 fchmod(fd, 0644);
129
130 if (fd < 0)
131 {
George Liu82844ef2024-07-17 17:03:56 +0800[diff] [blame]132 lg2::error("Error opening CS privilege level config file: {FILE_NAME}",
133 "FILE_NAME", tmpFile);
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]134 return -EIO;
135 }
George Liua37edf12025-09-19 14:28:26 +0800[diff] [blame]136 const auto& writeData = jsonData.dump(4);
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]137 if (write(fd, writeData.c_str(), writeData.size()) !=
138 static_cast<ssize_t>(writeData.size()))
139 {
140 close(fd);
George Liu82844ef2024-07-17 17:03:56 +0800[diff] [blame]141 lg2::error("Error writing CS privilege level config file: {FILE_NAME}",
142 "FILE_NAME", tmpFile);
Willy Tu11d68892022-01-20 10:37:34 -0800[diff] [blame]143 unlink(tmpRandomFile.data());
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]144 return -EIO;
145 }
146 close(fd);
147
Willy Tu11d68892022-01-20 10:37:34 -0800[diff] [blame]148 if (std::rename(tmpRandomFile.data(), cipherSuitePrivFileName.c_str()))
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]149 {
George Liu82844ef2024-07-17 17:03:56 +0800[diff] [blame]150 lg2::error("Error renaming CS privilege level config file: {FILE_NAME}",
151 "FILE_NAME", tmpFile);
Willy Tu11d68892022-01-20 10:37:34 -0800[diff] [blame]152 unlink(tmpRandomFile.data());
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]153 return -EIO;
154 }
155
156 return 0;
157}
158
159uint4_t CipherConfig::convertToPrivLimitIndex(const std::string& value)
160{
161 auto iter = std::find(ipmi::privList.begin(), ipmi::privList.end(), value);
162 if (iter == privList.end())
163 {
George Liu82844ef2024-07-17 17:03:56 +0800[diff] [blame]164 lg2::error("Invalid privilege: {PRIV_STR}", "PRIV_STR", value);
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]165 return ccUnspecifiedError;
166 }
167
168 return static_cast<uint4_t>(std::distance(ipmi::privList.begin(), iter));
169}
170
171std::string CipherConfig::convertToPrivLimitString(const uint4_t& value)
172{
173 return ipmi::privList.at(static_cast<size_t>(value));
174}
175
jayaprakash Mutyalab741b992019-12-02 17:29:09 +0000[diff] [blame]176ipmi::Cc CipherConfig::getCSPrivilegeLevels(
177 uint8_t chNum, std::array<uint4_t, maxCSRecords>& csPrivilegeLevels)
178{
179 if (!isValidChannel(chNum))
180 {
George Liua0e545d2025-01-24 09:50:22 +0800[diff] [blame]181 lg2::error(
182 "Get CS Privilege levels - Invalid channel number: {CHANNEL}",
183 "CHANNEL", chNum);
jayaprakash Mutyalab741b992019-12-02 17:29:09 +0000[diff] [blame]184 return ccInvalidFieldRequest;
185 }
186
187 for (size_t csNum = 0; csNum < maxCSRecords; ++csNum)
188 {
189 csPrivilegeLevels[csNum] = csPrivilegeMap[{chNum, csNum}];
190 }
191 return ccSuccess;
192}
193
194ipmi::Cc CipherConfig::setCSPrivilegeLevels(
195 uint8_t chNum, const std::array<uint4_t, maxCSRecords>& requestData)
196{
197 if (!isValidChannel(chNum))
198 {
George Liua0e545d2025-01-24 09:50:22 +0800[diff] [blame]199 lg2::error(
200 "Set CS Privilege levels - Invalid channel number: {CHANNEL}",
201 "CHANNEL", chNum);
jayaprakash Mutyalab741b992019-12-02 17:29:09 +0000[diff] [blame]202 return ccInvalidFieldRequest;
203 }
204
205 Json jsonData;
206 if (!fs::exists(cipherSuitePrivFileName))
207 {
George Liu82844ef2024-07-17 17:03:56 +0800[diff] [blame]208 lg2::info("CS privilege levels user settings file does not "
209 "exist. Creating...");
jayaprakash Mutyalab741b992019-12-02 17:29:09 +0000[diff] [blame]210 }
211 else
212 {
213 jsonData = readCSPrivilegeLevels(cipherSuitePrivFileName);
214 if (jsonData == nullptr)
215 {
216 return ccUnspecifiedError;
217 }
218 }
219
220 Json privData;
221 std::string csKey;
222 constexpr auto privMaxValue = static_cast<uint8_t>(ipmi::Privilege::Oem);
223 for (size_t csNum = 0; csNum < maxCSRecords; ++csNum)
224 {
225 csKey = "CipherID" + std::to_string(csNum);
226 auto priv = static_cast<uint8_t>(requestData[csNum]);
227
228 if (priv > privMaxValue)
229 {
230 return ccInvalidFieldRequest;
231 }
232 privData[csKey] = convertToPrivLimitString(priv);
233 }
234
235 std::string chKey = "Channel" + std::to_string(chNum);
236 jsonData[chKey] = privData;
237
238 if (writeCSPrivilegeLevels(jsonData))
239 {
George Liu82844ef2024-07-17 17:03:56 +0800[diff] [blame]240 lg2::error("Error in setting CS Privilege Levels.");
jayaprakash Mutyalab741b992019-12-02 17:29:09 +0000[diff] [blame]241 return ccUnspecifiedError;
242 }
243
244 updateCSPrivilegesMap(jsonData);
245 return ccSuccess;
246}
247
Sumanth Bhate4e633e2019-05-14 12:13:57 +0000[diff] [blame]248} // namespace ipmi