Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-net-ipmid / 665016490f0727eba19eb711cef030bf0c3b7000 / . / command / open_session.cpp
blob: e3453f86c31b81e521304c1007292ad5976a1105 [file] [log] [blame]
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]1#include "open_session.hpp"
2
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]3#include "comm_module.hpp"
4#include "endian.hpp"
5#include "main.hpp"
6
Vernon Maueryfc37e592018-12-19 14:55:15 -0800[diff] [blame]7#include <phosphor-logging/log.hpp>
8
9using namespace phosphor::logging;
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]10
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]11namespace command
12{
13
Tom Joseph18a45e92017-04-11 11:30:44 +0530[diff] [blame]14std::vector<uint8_t> openSession(const std::vector<uint8_t>& inPayload,
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]15 const message::Handler& handler)
16{
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]17
18 std::vector<uint8_t> outPayload(sizeof(OpenSessionResponse));
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]19 auto request =
20 reinterpret_cast<const OpenSessionRequest*>(inPayload.data());
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]21 auto response = reinterpret_cast<OpenSessionResponse*>(outPayload.data());
22
23 // Check for valid Authentication Algorithms
Vernon Mauery9b307be2017-11-22 09:28:16 -0800[diff] [blame]24 if (!cipher::rakp_auth::Interface::isAlgorithmSupported(
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]25 static_cast<cipher::rakp_auth::Algorithms>(request->authAlgo)))
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]26 {
27 response->status_code =
28 static_cast<uint8_t>(RAKP_ReturnCode::INVALID_AUTH_ALGO);
29 return outPayload;
30 }
31
32 // Check for valid Integrity Algorithms
Vernon Mauery9b307be2017-11-22 09:28:16 -0800[diff] [blame]33 if (!cipher::integrity::Interface::isAlgorithmSupported(
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]34 static_cast<cipher::integrity::Algorithms>(request->intAlgo)))
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]35 {
36 response->status_code =
37 static_cast<uint8_t>(RAKP_ReturnCode::INVALID_INTEGRITY_ALGO);
38 return outPayload;
39 }
40
Tom Joseph4021b1f2019-02-12 10:10:12 +0530[diff] [blame]41 session::Privilege priv;
42
43 // 0h in the requested maximum privilege role field indicates highest level
44 // matching proposed algorithms. The maximum privilege level the session
45 // can take is set to Administrator level. In the RAKP12 command sequence
46 // the session maximum privilege role is set again based on the user's
47 // permitted privilege level.
48 if (!request->maxPrivLevel)
49 {
50 priv = session::Privilege::ADMIN;
51 }
52 else
53 {
54 priv = static_cast<session::Privilege>(request->maxPrivLevel);
55 }
56
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]57 // Check for valid Confidentiality Algorithms
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]58 if (!cipher::crypt::Interface::isAlgorithmSupported(
59 static_cast<cipher::crypt::Algorithms>(request->confAlgo)))
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]60 {
61 response->status_code =
62 static_cast<uint8_t>(RAKP_ReturnCode::INVALID_CONF_ALGO);
63 return outPayload;
64 }
65
66 std::shared_ptr<session::Session> session;
67 try
68 {
69 // Start an IPMI session
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]70 session =
Vernon Maueryae1fda42018-10-15 12:55:34 -0700[diff] [blame]71 std::get<session::Manager&>(singletonPool)
72 .startSession(
Tom Joseph4021b1f2019-02-12 10:10:12 +0530[diff] [blame]73 endian::from_ipmi<>(request->remoteConsoleSessionID), priv,
Vernon Maueryae1fda42018-10-15 12:55:34 -0700[diff] [blame]74 static_cast<cipher::rakp_auth::Algorithms>(
75 request->authAlgo),
76 static_cast<cipher::integrity::Algorithms>(
77 request->intAlgo),
78 static_cast<cipher::crypt::Algorithms>(request->confAlgo));
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]79 }
80 catch (std::exception& e)
81 {
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]82 response->status_code =
83 static_cast<uint8_t>(RAKP_ReturnCode::INSUFFICIENT_RESOURCE);
Vernon Maueryfc37e592018-12-19 14:55:15 -0800[diff] [blame]84 log<level::ERR>("openSession : Problem opening a session",
85 entry("EXCEPTION=%s", e.what()));
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]86 return outPayload;
87 }
88
89 response->messageTag = request->messageTag;
90 response->status_code = static_cast<uint8_t>(RAKP_ReturnCode::NO_ERROR);
Tom Joseph4021b1f2019-02-12 10:10:12 +0530[diff] [blame]91 response->maxPrivLevel = static_cast<uint8_t>(session->reqMaxPrivLevel);
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]92 response->remoteConsoleSessionID = request->remoteConsoleSessionID;
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]93 response->managedSystemSessionID =
94 endian::to_ipmi<>(session->getBMCSessionID());
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]95
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]96 response->authPayload = request->authPayload;
97 response->authPayloadLen = request->authPayloadLen;
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]98 response->authAlgo = request->authAlgo;
99
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]100 response->intPayload = request->intPayload;
101 response->intPayloadLen = request->intPayloadLen;
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]102 response->intAlgo = request->intAlgo;
103
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]104 response->confPayload = request->confPayload;
105 response->confPayloadLen = request->confPayloadLen;
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]106 response->confAlgo = request->confAlgo;
107
108 session->updateLastTransactionTime();
109
110 // Session state is Setup in progress
111 session->state = session::State::SETUP_IN_PROGRESS;
Tom Joseph8e832ee2016-12-06 17:47:08 +0530[diff] [blame]112 return outPayload;
113}
114
115} // namespace command