Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 1 | #include "open_session.hpp" |
| 2 | |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 3 | #include "comm_module.hpp" |
| 4 | #include "endian.hpp" |
Vernon Mauery | 2085ae0 | 2021-06-10 11:51:00 -0700 | [diff] [blame] | 5 | #include "sessions_manager.hpp" |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 6 | |
George Liu | 7b7f25f | 2022-07-04 17:07:32 +0800 | [diff] [blame^] | 7 | #include <phosphor-logging/lg2.hpp> |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 8 | |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 9 | namespace command |
| 10 | { |
| 11 | |
George Liu | be1470c | 2022-07-04 14:33:24 +0800 | [diff] [blame] | 12 | std::vector<uint8_t> |
| 13 | openSession(const std::vector<uint8_t>& inPayload, |
| 14 | std::shared_ptr<message::Handler>& /* handler */) |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 15 | { |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 16 | auto request = |
| 17 | reinterpret_cast<const OpenSessionRequest*>(inPayload.data()); |
Zhikui Ren | 2b1edef | 2020-07-24 14:32:13 -0700 | [diff] [blame] | 18 | if (inPayload.size() != sizeof(*request)) |
| 19 | { |
| 20 | std::vector<uint8_t> errorPayload{IPMI_CC_REQ_DATA_LEN_INVALID}; |
| 21 | return errorPayload; |
| 22 | } |
| 23 | |
| 24 | std::vector<uint8_t> outPayload(sizeof(OpenSessionResponse)); |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 25 | auto response = reinterpret_cast<OpenSessionResponse*>(outPayload.data()); |
| 26 | |
Jason M. Bills | 46bec0f | 2019-12-11 11:01:18 -0800 | [diff] [blame] | 27 | // Per the IPMI Spec, messageTag and remoteConsoleSessionID are always |
| 28 | // returned |
| 29 | response->messageTag = request->messageTag; |
| 30 | response->remoteConsoleSessionID = request->remoteConsoleSessionID; |
| 31 | |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 32 | // Check for valid Authentication Algorithms |
Vernon Mauery | 9b307be | 2017-11-22 09:28:16 -0800 | [diff] [blame] | 33 | if (!cipher::rakp_auth::Interface::isAlgorithmSupported( |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 34 | static_cast<cipher::rakp_auth::Algorithms>(request->authAlgo))) |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 35 | { |
| 36 | response->status_code = |
| 37 | static_cast<uint8_t>(RAKP_ReturnCode::INVALID_AUTH_ALGO); |
| 38 | return outPayload; |
| 39 | } |
| 40 | |
| 41 | // Check for valid Integrity Algorithms |
Vernon Mauery | 9b307be | 2017-11-22 09:28:16 -0800 | [diff] [blame] | 42 | if (!cipher::integrity::Interface::isAlgorithmSupported( |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 43 | static_cast<cipher::integrity::Algorithms>(request->intAlgo))) |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 44 | { |
| 45 | response->status_code = |
| 46 | static_cast<uint8_t>(RAKP_ReturnCode::INVALID_INTEGRITY_ALGO); |
| 47 | return outPayload; |
| 48 | } |
| 49 | |
Tom Joseph | 4021b1f | 2019-02-12 10:10:12 +0530 | [diff] [blame] | 50 | session::Privilege priv; |
| 51 | |
| 52 | // 0h in the requested maximum privilege role field indicates highest level |
| 53 | // matching proposed algorithms. The maximum privilege level the session |
| 54 | // can take is set to Administrator level. In the RAKP12 command sequence |
| 55 | // the session maximum privilege role is set again based on the user's |
| 56 | // permitted privilege level. |
| 57 | if (!request->maxPrivLevel) |
| 58 | { |
| 59 | priv = session::Privilege::ADMIN; |
| 60 | } |
| 61 | else |
| 62 | { |
| 63 | priv = static_cast<session::Privilege>(request->maxPrivLevel); |
| 64 | } |
| 65 | |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 66 | // Check for valid Confidentiality Algorithms |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 67 | if (!cipher::crypt::Interface::isAlgorithmSupported( |
| 68 | static_cast<cipher::crypt::Algorithms>(request->confAlgo))) |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 69 | { |
| 70 | response->status_code = |
| 71 | static_cast<uint8_t>(RAKP_ReturnCode::INVALID_CONF_ALGO); |
| 72 | return outPayload; |
| 73 | } |
| 74 | |
| 75 | std::shared_ptr<session::Session> session; |
| 76 | try |
| 77 | { |
| 78 | // Start an IPMI session |
Vernon Mauery | 2085ae0 | 2021-06-10 11:51:00 -0700 | [diff] [blame] | 79 | session = session::Manager::get().startSession( |
| 80 | endian::from_ipmi<>(request->remoteConsoleSessionID), priv, |
| 81 | static_cast<cipher::rakp_auth::Algorithms>(request->authAlgo), |
| 82 | static_cast<cipher::integrity::Algorithms>(request->intAlgo), |
| 83 | static_cast<cipher::crypt::Algorithms>(request->confAlgo)); |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 84 | } |
Patrick Williams | 12d199b | 2021-10-06 12:36:48 -0500 | [diff] [blame] | 85 | catch (const std::exception& e) |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 86 | { |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 87 | response->status_code = |
| 88 | static_cast<uint8_t>(RAKP_ReturnCode::INSUFFICIENT_RESOURCE); |
George Liu | 7b7f25f | 2022-07-04 17:07:32 +0800 | [diff] [blame^] | 89 | lg2::error("openSession : Problem opening a session: {ERROR}", "ERROR", |
| 90 | e); |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 91 | return outPayload; |
| 92 | } |
| 93 | |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 94 | response->status_code = static_cast<uint8_t>(RAKP_ReturnCode::NO_ERROR); |
Tom Joseph | 4021b1f | 2019-02-12 10:10:12 +0530 | [diff] [blame] | 95 | response->maxPrivLevel = static_cast<uint8_t>(session->reqMaxPrivLevel); |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 96 | response->managedSystemSessionID = |
| 97 | endian::to_ipmi<>(session->getBMCSessionID()); |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 98 | |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 99 | response->authPayload = request->authPayload; |
| 100 | response->authPayloadLen = request->authPayloadLen; |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 101 | response->authAlgo = request->authAlgo; |
| 102 | |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 103 | response->intPayload = request->intPayload; |
| 104 | response->intPayloadLen = request->intPayloadLen; |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 105 | response->intAlgo = request->intAlgo; |
| 106 | |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 107 | response->confPayload = request->confPayload; |
| 108 | response->confPayloadLen = request->confPayloadLen; |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 109 | response->confAlgo = request->confAlgo; |
| 110 | |
| 111 | session->updateLastTransactionTime(); |
| 112 | |
| 113 | // Session state is Setup in progress |
Suryakanth Sekar | f8a34fc | 2019-06-12 20:59:18 +0530 | [diff] [blame] | 114 | session->state(static_cast<uint8_t>(session::State::setupInProgress)); |
Tom Joseph | 8e832ee | 2016-12-06 17:47:08 +0530 | [diff] [blame] | 115 | return outPayload; |
| 116 | } |
| 117 | |
| 118 | } // namespace command |