blob: 5384ab34e606c3d1c14f8a48df1a6c86ab0b90a6 [file] [log] [blame]
Tom Joseph8bb10b72016-12-06 17:47:56 +05301#include "rakp12.hpp"
2
Vernon Mauery9e801a22018-10-12 13:20:49 -07003#include "comm_module.hpp"
4#include "endian.hpp"
5#include "guid.hpp"
6#include "main.hpp"
7
Tom Joseph8bb10b72016-12-06 17:47:56 +05308#include <openssl/rand.h>
9
10#include <algorithm>
Tom Joseph56527b92018-03-21 19:31:58 +053011#include <cstring>
Tom Joseph8bb10b72016-12-06 17:47:56 +053012#include <iomanip>
13#include <iostream>
Richard Marian Thomaiyar127748a2018-09-06 07:08:51 +053014#include <user_channel/channel_layer.hpp>
15#include <user_channel/user_layer.hpp>
Tom Joseph8bb10b72016-12-06 17:47:56 +053016
Tom Joseph8bb10b72016-12-06 17:47:56 +053017namespace command
18{
19
Tom Joseph18a45e92017-04-11 11:30:44 +053020std::vector<uint8_t> RAKP12(const std::vector<uint8_t>& inPayload,
Tom Joseph8bb10b72016-12-06 17:47:56 +053021 const message::Handler& handler)
22{
Tom Joseph8bb10b72016-12-06 17:47:56 +053023 std::vector<uint8_t> outPayload(sizeof(RAKP2response));
Tom Joseph18a45e92017-04-11 11:30:44 +053024 auto request = reinterpret_cast<const RAKP1request*>(inPayload.data());
Tom Joseph8bb10b72016-12-06 17:47:56 +053025 auto response = reinterpret_cast<RAKP2response*>(outPayload.data());
26
27 // Session ID zero is reserved for Session Setup
Vernon Mauery9e801a22018-10-12 13:20:49 -070028 if (endian::from_ipmi(request->managedSystemSessionID) ==
29 session::SESSION_ZERO)
Tom Joseph8bb10b72016-12-06 17:47:56 +053030 {
31 std::cerr << "RAKP12: BMC invalid Session ID\n";
32 response->rmcpStatusCode =
33 static_cast<uint8_t>(RAKP_ReturnCode::INVALID_SESSION_ID);
34 return outPayload;
35 }
36
37 std::shared_ptr<session::Session> session;
38 try
39 {
Vernon Maueryae1fda42018-10-15 12:55:34 -070040 session =
41 std::get<session::Manager&>(singletonPool)
42 .getSession(endian::from_ipmi(request->managedSystemSessionID));
Tom Joseph8bb10b72016-12-06 17:47:56 +053043 }
44 catch (std::exception& e)
45 {
46 std::cerr << e.what() << "\n";
47 response->rmcpStatusCode =
48 static_cast<uint8_t>(RAKP_ReturnCode::INVALID_SESSION_ID);
49 return outPayload;
50 }
51
Vernon Mauery9e801a22018-10-12 13:20:49 -070052 auto rakp1Size =
53 sizeof(RAKP1request) - (userNameMaxLen - request->user_name_len);
Tom Joseph56527b92018-03-21 19:31:58 +053054
55 // Validate user name length in the message
56 if (request->user_name_len > userNameMaxLen ||
Vernon Mauery9e801a22018-10-12 13:20:49 -070057 inPayload.size() != rakp1Size)
Tom Joseph56527b92018-03-21 19:31:58 +053058 {
59 response->rmcpStatusCode =
60 static_cast<uint8_t>(RAKP_ReturnCode::INVALID_NAME_LENGTH);
61 return outPayload;
62 }
63
64 session->userName.assign(request->user_name, request->user_name_len);
65
Tom Joseph8bb10b72016-12-06 17:47:56 +053066 // Update transaction time
67 session->updateLastTransactionTime();
68
69 auto rcSessionID = endian::to_ipmi(session->getRCSessionID());
70 auto bmcSessionID = endian::to_ipmi(session->getBMCSessionID());
71 auto authAlgo = session->getAuthAlgo();
72
73 /*
74 * Generate Key Authentication Code - RAKP 2
75 *
76 * 1) Remote Console Session ID - 4 bytes
77 * 2) Managed System Session ID - 4 bytes
78 * 3) Remote Console Random Number - 16 bytes
79 * 4) Managed System Random Number - 16 bytes
80 * 5) Managed System GUID - 16 bytes
81 * 6) Requested Privilege Level - 1 byte
82 * 7) User Name Length Byte - 1 byte (0 for 'null' username)
83 * 8) User Name - variable (absent for 'null' username)
84 */
85
86 std::vector<uint8_t> input;
87 input.resize(sizeof(rcSessionID) + sizeof(bmcSessionID) +
88 cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN +
Vernon Mauery9e801a22018-10-12 13:20:49 -070089 cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN + BMC_GUID_LEN +
90 sizeof(request->req_max_privilege_level) +
91 sizeof(request->user_name_len) + session->userName.size());
Tom Joseph8bb10b72016-12-06 17:47:56 +053092
93 auto iter = input.begin();
94
95 // Remote Console Session ID
Vernon Mauery9e801a22018-10-12 13:20:49 -070096 std::copy_n(reinterpret_cast<uint8_t*>(&rcSessionID), sizeof(rcSessionID),
97 iter);
Tom Joseph8bb10b72016-12-06 17:47:56 +053098 std::advance(iter, sizeof(rcSessionID));
99
100 // Managed System Session ID
101 std::copy_n(reinterpret_cast<uint8_t*>(&bmcSessionID), sizeof(bmcSessionID),
102 iter);
103 std::advance(iter, sizeof(bmcSessionID));
104
105 // Copy the Remote Console Random Number from the RAKP1 request to the
106 // Authentication Algorithm
Vernon Mauery9e801a22018-10-12 13:20:49 -0700107 std::copy_n(
108 reinterpret_cast<const uint8_t*>(request->remote_console_random_number),
109 cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN,
110 authAlgo->rcRandomNum.begin());
Tom Joseph8bb10b72016-12-06 17:47:56 +0530111
Vernon Mauery9e801a22018-10-12 13:20:49 -0700112 std::copy(authAlgo->rcRandomNum.begin(), authAlgo->rcRandomNum.end(), iter);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530113 std::advance(iter, cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN);
114
115 // Generate the Managed System Random Number
116 if (!RAND_bytes(input.data() + sizeof(rcSessionID) + sizeof(bmcSessionID) +
Vernon Mauery9e801a22018-10-12 13:20:49 -0700117 cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN,
Tom Joseph8bb10b72016-12-06 17:47:56 +0530118 cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN))
119 {
120 response->rmcpStatusCode =
121 static_cast<uint8_t>(RAKP_ReturnCode::INSUFFICIENT_RESOURCE);
122 return outPayload;
123 }
124
Richard Marian Thomaiyar127748a2018-09-06 07:08:51 +0530125 session->reqMaxPrivLevel = request->req_max_privilege_level;
126 session->curPrivLevel = static_cast<session::Privilege>(
127 request->req_max_privilege_level & session::reqMaxPrivMask);
128 if (((request->req_max_privilege_level & userNameOnlyLookupMask) !=
129 userNameOnlyLookup) ||
130 (request->user_name_len == 0))
131 {
132 // Skip privilege based lookup for security purpose
133 response->rmcpStatusCode =
134 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
135 return outPayload;
136 }
137
138 // Perform user name based lookup
139 std::string userName(request->user_name, request->user_name_len);
140 std::string passwd;
141 uint8_t userId = ipmi::ipmiUserGetUserId(userName);
142 if (userId == ipmi::invalidUserId)
143 {
144 response->rmcpStatusCode =
145 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
146 return outPayload;
147 }
148 // check user is enabled before proceeding.
149 bool userEnabled = false;
150 ipmi::ipmiUserCheckEnabled(userId, userEnabled);
151 if (!userEnabled)
152 {
153 response->rmcpStatusCode =
154 static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
155 return outPayload;
156 }
157 // Get the user password for RAKP message authenticate
158 passwd = ipmi::ipmiUserGetPassword(userName);
159 if (passwd.empty())
160 {
161 response->rmcpStatusCode =
162 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
163 return outPayload;
164 }
165 ipmi::PrivAccess userAccess{};
166 ipmi::ChannelAccess chAccess{};
167 // TODO Replace with proper calls.
168 uint8_t chNum = static_cast<uint8_t>(ipmi::EChannelID::chanLan1);
169 // Get channel based access information
170 if ((ipmi::ipmiUserGetPrivilegeAccess(userId, chNum, userAccess) !=
171 IPMI_CC_OK) ||
172 (ipmi::getChannelAccessData(chNum, chAccess) != IPMI_CC_OK))
173 {
174 response->rmcpStatusCode =
175 static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
176 return outPayload;
177 }
178 session->chNum = chNum;
179 // minimum privilege of Channel / User / requested has to be used
180 // as session current privilege level
181 uint8_t minPriv = 0;
182 if (chAccess.privLimit < userAccess.privilege)
183 {
184 minPriv = chAccess.privLimit;
185 }
186 else
187 {
188 minPriv = userAccess.privilege;
189 }
190 if (session->curPrivLevel > static_cast<session::Privilege>(minPriv))
191 {
192 session->curPrivLevel = static_cast<session::Privilege>(minPriv);
193 }
194
195 std::fill(authAlgo->userKey.data(),
196 authAlgo->userKey.data() + authAlgo->userKey.size(), 0);
197 std::copy_n(passwd.c_str(), passwd.size(), authAlgo->userKey.data());
198
Tom Joseph8bb10b72016-12-06 17:47:56 +0530199 // Copy the Managed System Random Number to the Authentication Algorithm
200 std::copy_n(iter, cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN,
201 authAlgo->bmcRandomNum.begin());
202 std::advance(iter, cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN);
203
204 // Managed System GUID
Tom Joseph83029cb2017-09-01 16:37:31 +0530205 std::copy_n(cache::guid.data(), cache::guid.size(), iter);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530206 std::advance(iter, BMC_GUID_LEN);
207
208 // Requested Privilege Level
Tom Joseph8bb10b72016-12-06 17:47:56 +0530209 std::copy_n(&(request->req_max_privilege_level),
210 sizeof(request->req_max_privilege_level), iter);
211 std::advance(iter, sizeof(request->req_max_privilege_level));
212
Tom Joseph8bb10b72016-12-06 17:47:56 +0530213 // User Name Length Byte
214 std::copy_n(&(request->user_name_len), sizeof(request->user_name_len),
215 iter);
Tom Joseph56527b92018-03-21 19:31:58 +0530216 std::advance(iter, sizeof(request->user_name_len));
217
218 std::copy_n(session->userName.data(), session->userName.size(), iter);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530219
220 // Generate Key Exchange Authentication Code - RAKP2
221 auto output = authAlgo->generateHMAC(input);
222
223 response->messageTag = request->messageTag;
224 response->rmcpStatusCode = static_cast<uint8_t>(RAKP_ReturnCode::NO_ERROR);
225 response->reserved = 0;
Vernon Mauery9e801a22018-10-12 13:20:49 -0700226 response->remoteConsoleSessionID = rcSessionID;
Tom Joseph8bb10b72016-12-06 17:47:56 +0530227
228 // Copy Managed System Random Number to the Response
229 std::copy(authAlgo->bmcRandomNum.begin(), authAlgo->bmcRandomNum.end(),
230 response->managed_system_random_number);
231
232 // Copy System GUID to the Response
Vernon Mauery9e801a22018-10-12 13:20:49 -0700233 std::copy_n(cache::guid.data(), cache::guid.size(),
Tom Joseph83029cb2017-09-01 16:37:31 +0530234 response->managed_system_guid);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530235
236 // Insert the HMAC output into the payload
237 outPayload.insert(outPayload.end(), output.begin(), output.end());
Tom Joseph8bb10b72016-12-06 17:47:56 +0530238 return outPayload;
239}
240
241} // namespace command