| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 1 | #include "open_session.hpp" |
| 2 | |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 3 | #include "comm_module.hpp" |
| 4 | #include "endian.hpp" |
| Vernon Mauery | 2085ae0 | 2021-06-10 11:51:00 -0700 | [diff] [blame] | 5 | #include "sessions_manager.hpp" |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 6 | |
| Vernon Mauery | fc37e59 | 2018-12-19 14:55:15 -0800 | [diff] [blame] | 7 | #include <phosphor-logging/log.hpp> |
| 8 | |
| 9 | using namespace phosphor::logging; |
| Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 10 | |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 11 | namespace command |
| 12 | { |
| 13 | |
| George Liu | be1470c | 2022-07-04 14:33:24 +0800 | [diff] [blame] | 14 | std::vector<uint8_t> |
| 15 | openSession(const std::vector<uint8_t>& inPayload, |
| 16 | std::shared_ptr<message::Handler>& /* handler */) |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 17 | { |
| Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 18 | auto request = |
| 19 | reinterpret_cast<const OpenSessionRequest*>(inPayload.data()); |
| Zhikui Ren | 2b1edef | 2020-07-24 14:32:13 -0700 | [diff] [blame] | 20 | if (inPayload.size() != sizeof(*request)) |
| 21 | { |
| 22 | std::vector<uint8_t> errorPayload{IPMI_CC_REQ_DATA_LEN_INVALID}; |
| 23 | return errorPayload; |
| 24 | } |
| 25 | |
| 26 | std::vector<uint8_t> outPayload(sizeof(OpenSessionResponse)); |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 27 | auto response = reinterpret_cast<OpenSessionResponse*>(outPayload.data()); |
| 28 | |
| Jason M. Bills | 46bec0f | 2019-12-11 11:01:18 -0800 | [diff] [blame] | 29 | // Per the IPMI Spec, messageTag and remoteConsoleSessionID are always |
| 30 | // returned |
| 31 | response->messageTag = request->messageTag; |
| 32 | response->remoteConsoleSessionID = request->remoteConsoleSessionID; |
| 33 | |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 34 | // Check for valid Authentication Algorithms |
| Vernon Mauery | 9b307be | 2017-11-22 09:28:16 -0800 | [diff] [blame] | 35 | if (!cipher::rakp_auth::Interface::isAlgorithmSupported( |
| Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 36 | static_cast<cipher::rakp_auth::Algorithms>(request->authAlgo))) |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 37 | { |
| 38 | response->status_code = |
| 39 | static_cast<uint8_t>(RAKP_ReturnCode::INVALID_AUTH_ALGO); |
| 40 | return outPayload; |
| 41 | } |
| 42 | |
| 43 | // Check for valid Integrity Algorithms |
| Vernon Mauery | 9b307be | 2017-11-22 09:28:16 -0800 | [diff] [blame] | 44 | if (!cipher::integrity::Interface::isAlgorithmSupported( |
| Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 45 | static_cast<cipher::integrity::Algorithms>(request->intAlgo))) |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 46 | { |
| 47 | response->status_code = |
| 48 | static_cast<uint8_t>(RAKP_ReturnCode::INVALID_INTEGRITY_ALGO); |
| 49 | return outPayload; |
| 50 | } |
| 51 | |
| Tom Joseph | 4021b1f | 2019-02-12 10:10:12 +0530 | [diff] [blame] | 52 | session::Privilege priv; |
| 53 | |
| 54 | // 0h in the requested maximum privilege role field indicates highest level |
| 55 | // matching proposed algorithms. The maximum privilege level the session |
| 56 | // can take is set to Administrator level. In the RAKP12 command sequence |
| 57 | // the session maximum privilege role is set again based on the user's |
| 58 | // permitted privilege level. |
| 59 | if (!request->maxPrivLevel) |
| 60 | { |
| 61 | priv = session::Privilege::ADMIN; |
| 62 | } |
| 63 | else |
| 64 | { |
| 65 | priv = static_cast<session::Privilege>(request->maxPrivLevel); |
| 66 | } |
| 67 | |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 68 | // Check for valid Confidentiality Algorithms |
| Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 69 | if (!cipher::crypt::Interface::isAlgorithmSupported( |
| 70 | static_cast<cipher::crypt::Algorithms>(request->confAlgo))) |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 71 | { |
| 72 | response->status_code = |
| 73 | static_cast<uint8_t>(RAKP_ReturnCode::INVALID_CONF_ALGO); |
| 74 | return outPayload; |
| 75 | } |
| 76 | |
| 77 | std::shared_ptr<session::Session> session; |
| 78 | try |
| 79 | { |
| 80 | // Start an IPMI session |
| Vernon Mauery | 2085ae0 | 2021-06-10 11:51:00 -0700 | [diff] [blame] | 81 | session = session::Manager::get().startSession( |
| 82 | endian::from_ipmi<>(request->remoteConsoleSessionID), priv, |
| 83 | static_cast<cipher::rakp_auth::Algorithms>(request->authAlgo), |
| 84 | static_cast<cipher::integrity::Algorithms>(request->intAlgo), |
| 85 | static_cast<cipher::crypt::Algorithms>(request->confAlgo)); |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 86 | } |
| Patrick Williams | 12d199b | 2021-10-06 12:36:48 -0500 | [diff] [blame] | 87 | catch (const std::exception& e) |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 88 | { |
| Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 89 | response->status_code = |
| 90 | static_cast<uint8_t>(RAKP_ReturnCode::INSUFFICIENT_RESOURCE); |
| Vernon Mauery | fc37e59 | 2018-12-19 14:55:15 -0800 | [diff] [blame] | 91 | log<level::ERR>("openSession : Problem opening a session", |
| 92 | entry("EXCEPTION=%s", e.what())); |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 93 | return outPayload; |
| 94 | } |
| 95 | |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 96 | response->status_code = static_cast<uint8_t>(RAKP_ReturnCode::NO_ERROR); |
| Tom Joseph | 4021b1f | 2019-02-12 10:10:12 +0530 | [diff] [blame] | 97 | response->maxPrivLevel = static_cast<uint8_t>(session->reqMaxPrivLevel); |
| Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 98 | response->managedSystemSessionID = |
| 99 | endian::to_ipmi<>(session->getBMCSessionID()); |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 100 | |
| Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 101 | response->authPayload = request->authPayload; |
| 102 | response->authPayloadLen = request->authPayloadLen; |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 103 | response->authAlgo = request->authAlgo; |
| 104 | |
| Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 105 | response->intPayload = request->intPayload; |
| 106 | response->intPayloadLen = request->intPayloadLen; |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 107 | response->intAlgo = request->intAlgo; |
| 108 | |
| Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 109 | response->confPayload = request->confPayload; |
| 110 | response->confPayloadLen = request->confPayloadLen; |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 111 | response->confAlgo = request->confAlgo; |
| 112 | |
| 113 | session->updateLastTransactionTime(); |
| 114 | |
| 115 | // Session state is Setup in progress |
| Suryakanth Sekar | f8a34fc | 2019-06-12 20:59:18 +0530 | [diff] [blame] | 116 | session->state(static_cast<uint8_t>(session::State::setupInProgress)); |
| Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 117 | return outPayload; |
| 118 | } |
| 119 | |
| 120 | } // namespace command |