Blame - command/rakp12.cpp - openbmc/phosphor-net-ipmid

blob: c72611e1e7d85a6ef46e60bc98a3850510d44889 [file] [log] [blame]

Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	1	#include "rakp12.hpp"
				2
Vernon Mauery	9e801a2	2018-10-12 13:20:49 -0700	[diff] [blame]	3	#include "comm_module.hpp"
				4	#include "endian.hpp"
				5	#include "guid.hpp"
Vernon Mauery	2085ae0	2021-06-10 11:51:00 -0700	[diff] [blame]	6	#include "sessions_manager.hpp"
Vernon Mauery	9e801a2	2018-10-12 13:20:49 -0700	[diff] [blame]	7
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	8	#include <openssl/rand.h>
				9
George Liu	bc8958f	2022-07-04 09:29:49 +0800	[diff] [blame]	10	#include <ipmid/types.hpp>
George Liu	7b7f25f	2022-07-04 17:07:32 +0800	[diff] [blame^]	11	#include <phosphor-logging/lg2.hpp>
George Liu	bc8958f	2022-07-04 09:29:49 +0800	[diff] [blame]	12
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	13	#include <algorithm>
Tom Joseph	56527b9	2018-03-21 19:31:58 +0530	[diff] [blame]	14	#include <cstring>
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	15	#include <iomanip>
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	16
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	17	namespace command
				18	{
				19
AppaRao Puli	ecb32fb	2020-07-01 22:55:38 +0530	[diff] [blame]	20	bool isChannelAccessModeEnabled(const uint8_t accessMode)
				21	{
				22	return accessMode !=
				23	static_cast<uint8_t>(ipmi::EChannelAccessMode::disabled);
				24	}
				25
sunitakx	0e0546f	2021-06-15 08:57:10 +0000	[diff] [blame]	26	void logInvalidLoginRedfishEvent(const std::string& journalMsg,
				27	const std::optional<std::string>& messageArgs)
				28	{
				29	static constexpr std::string_view openBMCMessageRegistryVersion = "0.1.";
				30	std::string messageID = "OpenBMC." +
				31	std::string(openBMCMessageRegistryVersion) +
				32	"InvalidLoginAttempted";
George Liu	7b7f25f	2022-07-04 17:07:32 +0800	[diff] [blame^]	33	lg2::error(
				34	"message: {MSG}, id: {REDFISH_MESSAGE_ID}, args: {REDFISH_MESSAGE_ARGS}",
				35	"MSG", journalMsg, "REDFISH_MESSAGE_ID", messageID,
				36	"REDFISH_MESSAGE_ARGS", messageArgs.value());
sunitakx	0e0546f	2021-06-15 08:57:10 +0000	[diff] [blame]	37	}
Tom Joseph	18a45e9	2017-04-11 11:30:44 +0530	[diff] [blame]	38	std::vector<uint8_t> RAKP12(const std::vector<uint8_t>& inPayload,
George Liu	be1470c	2022-07-04 14:33:24 +0800	[diff] [blame]	39	std::shared_ptr<message::Handler>& /* handler */)
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	40	{
Tom Joseph	18a45e9	2017-04-11 11:30:44 +0530	[diff] [blame]	41	auto request = reinterpret_cast<const RAKP1request*>(inPayload.data());
Zhikui Ren	2b1edef	2020-07-24 14:32:13 -0700	[diff] [blame]	42	// verify inPayload minimum size
				43	if (inPayload.size() < (sizeof(*request) - userNameMaxLen))
				44	{
				45	std::vector<uint8_t> errorPayload{IPMI_CC_REQ_DATA_LEN_INVALID};
				46	return errorPayload;
				47	}
				48
				49	std::vector<uint8_t> outPayload(sizeof(RAKP2response));
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	50	auto response = reinterpret_cast<RAKP2response*>(outPayload.data());
				51
				52	// Session ID zero is reserved for Session Setup
Vernon Mauery	9e801a2	2018-10-12 13:20:49 -0700	[diff] [blame]	53	if (endian::from_ipmi(request->managedSystemSessionID) ==
Suryakanth Sekar	f8a34fc	2019-06-12 20:59:18 +0530	[diff] [blame]	54	session::sessionZero)
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	55	{
George Liu	7b7f25f	2022-07-04 17:07:32 +0800	[diff] [blame^]	56	lg2::info("RAKP12: BMC invalid Session ID");
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	57	response->rmcpStatusCode =
				58	static_cast<uint8_t>(RAKP_ReturnCode::INVALID_SESSION_ID);
				59	return outPayload;
				60	}
				61
				62	std::shared_ptr<session::Session> session;
				63	try
				64	{
Vernon Mauery	2085ae0	2021-06-10 11:51:00 -0700	[diff] [blame]	65	session = session::Manager::get().getSession(
				66	endian::from_ipmi(request->managedSystemSessionID));
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	67	}
Patrick Williams	12d199b	2021-10-06 12:36:48 -0500	[diff] [blame]	68	catch (const std::exception& e)
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	69	{
George Liu	7b7f25f	2022-07-04 17:07:32 +0800	[diff] [blame^]	70	lg2::error("RAKP12 : session not found: {ERROR}", "ERROR", e);
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	71	response->rmcpStatusCode =
				72	static_cast<uint8_t>(RAKP_ReturnCode::INVALID_SESSION_ID);
				73	return outPayload;
				74	}
				75
Vernon Mauery	9e801a2	2018-10-12 13:20:49 -0700	[diff] [blame]	76	auto rakp1Size =
				77	sizeof(RAKP1request) - (userNameMaxLen - request->user_name_len);
Tom Joseph	56527b9	2018-03-21 19:31:58 +0530	[diff] [blame]	78
sunitakx	0e0546f	2021-06-15 08:57:10 +0000	[diff] [blame]	79	std::string message = "Invalid login attempted via RCMPP interface ";
Tom Joseph	56527b9	2018-03-21 19:31:58 +0530	[diff] [blame]	80	// Validate user name length in the message
				81	if (request->user_name_len > userNameMaxLen \|\|
Vernon Mauery	9e801a2	2018-10-12 13:20:49 -0700	[diff] [blame]	82	inPayload.size() != rakp1Size)
Tom Joseph	56527b9	2018-03-21 19:31:58 +0530	[diff] [blame]	83	{
				84	response->rmcpStatusCode =
				85	static_cast<uint8_t>(RAKP_ReturnCode::INVALID_NAME_LENGTH);
sunitakx	0e0546f	2021-06-15 08:57:10 +0000	[diff] [blame]	86	logInvalidLoginRedfishEvent(message);
Tom Joseph	56527b9	2018-03-21 19:31:58 +0530	[diff] [blame]	87	return outPayload;
				88	}
				89
				90	session->userName.assign(request->user_name, request->user_name_len);
				91
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	92	// Update transaction time
				93	session->updateLastTransactionTime();
				94
				95	auto rcSessionID = endian::to_ipmi(session->getRCSessionID());
				96	auto bmcSessionID = endian::to_ipmi(session->getBMCSessionID());
				97	auto authAlgo = session->getAuthAlgo();
				98
				99	/*
				100	* Generate Key Authentication Code - RAKP 2
				101	*
				102	* 1) Remote Console Session ID - 4 bytes
				103	* 2) Managed System Session ID - 4 bytes
				104	* 3) Remote Console Random Number - 16 bytes
				105	* 4) Managed System Random Number - 16 bytes
				106	* 5) Managed System GUID - 16 bytes
				107	* 6) Requested Privilege Level - 1 byte
				108	* 7) User Name Length Byte - 1 byte (0 for 'null' username)
				109	* 8) User Name - variable (absent for 'null' username)
				110	*/
				111
				112	std::vector<uint8_t> input;
				113	input.resize(sizeof(rcSessionID) + sizeof(bmcSessionID) +
				114	cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN +
Vernon Mauery	9e801a2	2018-10-12 13:20:49 -0700	[diff] [blame]	115	cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN + BMC_GUID_LEN +
				116	sizeof(request->req_max_privilege_level) +
				117	sizeof(request->user_name_len) + session->userName.size());
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	118
				119	auto iter = input.begin();
				120
				121	// Remote Console Session ID
Vernon Mauery	9e801a2	2018-10-12 13:20:49 -0700	[diff] [blame]	122	std::copy_n(reinterpret_cast<uint8_t*>(&rcSessionID), sizeof(rcSessionID),
				123	iter);
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	124	std::advance(iter, sizeof(rcSessionID));
				125
				126	// Managed System Session ID
				127	std::copy_n(reinterpret_cast<uint8_t*>(&bmcSessionID), sizeof(bmcSessionID),
				128	iter);
				129	std::advance(iter, sizeof(bmcSessionID));
				130
				131	// Copy the Remote Console Random Number from the RAKP1 request to the
				132	// Authentication Algorithm
Vernon Mauery	9e801a2	2018-10-12 13:20:49 -0700	[diff] [blame]	133	std::copy_n(
				134	reinterpret_cast<const uint8_t*>(request->remote_console_random_number),
				135	cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN,
				136	authAlgo->rcRandomNum.begin());
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	137
Vernon Mauery	9e801a2	2018-10-12 13:20:49 -0700	[diff] [blame]	138	std::copy(authAlgo->rcRandomNum.begin(), authAlgo->rcRandomNum.end(), iter);
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	139	std::advance(iter, cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN);
				140
				141	// Generate the Managed System Random Number
				142	if (!RAND_bytes(input.data() + sizeof(rcSessionID) + sizeof(bmcSessionID) +
Vernon Mauery	9e801a2	2018-10-12 13:20:49 -0700	[diff] [blame]	143	cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN,
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	144	cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN))
				145	{
				146	response->rmcpStatusCode =
				147	static_cast<uint8_t>(RAKP_ReturnCode::INSUFFICIENT_RESOURCE);
				148	return outPayload;
				149	}
Richard Marian Thomaiyar	d5a4f45	2019-01-16 12:15:44 +0530	[diff] [blame]	150	// As stated in Set Session Privilege Level command in IPMI Spec, when
jayaprakash Mutyala	2555e2e	2019-12-24 22:51:46 +0000	[diff] [blame]	151	// creating a session through Activate command / RAKP 1 message, it must
				152	// be established with USER privilege as well as all other sessions are
				153	// initially set to USER privilege, regardless of the requested maximum
				154	// privilege.
				155	if (!(static_cast<session::Privilege>(request->req_max_privilege_level &
				156	session::reqMaxPrivMask) >
				157	session::Privilege::CALLBACK))
Richard Marian Thomaiyar	d5a4f45	2019-01-16 12:15:44 +0530	[diff] [blame]	158	{
jayaprakash Mutyala	2555e2e	2019-12-24 22:51:46 +0000	[diff] [blame]	159	response->rmcpStatusCode =
				160	static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_ROLE_PRIV);
				161	return outPayload;
Richard Marian Thomaiyar	d5a4f45	2019-01-16 12:15:44 +0530	[diff] [blame]	162	}
jayaprakash Mutyala	2555e2e	2019-12-24 22:51:46 +0000	[diff] [blame]	163	session->currentPrivilege(static_cast<uint8_t>(session::Privilege::USER));
				164
Tom Joseph	4021b1f	2019-02-12 10:10:12 +0530	[diff] [blame]	165	session->reqMaxPrivLevel =
				166	static_cast<session::Privilege>(request->req_max_privilege_level);
Richard Marian Thomaiyar	d91fd9d	2018-12-06 12:03:50 +0530	[diff] [blame]	167	if (request->user_name_len == 0)
Richard Marian Thomaiyar	127748a	2018-09-06 07:08:51 +0530	[diff] [blame]	168	{
Richard Marian Thomaiyar	d91fd9d	2018-12-06 12:03:50 +0530	[diff] [blame]	169	// Bail out, if user name is not specified.
				170	// Yes, NULL user name is not supported for security reasons.
Richard Marian Thomaiyar	99b8784	2018-12-06 21:35:43 +0530	[diff] [blame]	171	response->rmcpStatusCode =
				172	static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
sunitakx	0e0546f	2021-06-15 08:57:10 +0000	[diff] [blame]	173	logInvalidLoginRedfishEvent(message);
Richard Marian Thomaiyar	99b8784	2018-12-06 21:35:43 +0530	[diff] [blame]	174	return outPayload;
Richard Marian Thomaiyar	d2563c5	2018-11-29 11:49:10 +0530	[diff] [blame]	175	}
Richard Marian Thomaiyar	99b8784	2018-12-06 21:35:43 +0530	[diff] [blame]	176
				177	// Perform user name based lookup
				178	std::string userName(request->user_name, request->user_name_len);
Jayaprakash Mutyala	05c1447	2020-10-19 10:26:24 +0000	[diff] [blame]	179	ipmi::SecureString passwd;
Richard Marian Thomaiyar	99b8784	2018-12-06 21:35:43 +0530	[diff] [blame]	180	uint8_t userId = ipmi::ipmiUserGetUserId(userName);
				181	if (userId == ipmi::invalidUserId)
				182	{
				183	response->rmcpStatusCode =
				184	static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
sunitakx	0e0546f	2021-06-15 08:57:10 +0000	[diff] [blame]	185	logInvalidLoginRedfishEvent(message);
Richard Marian Thomaiyar	99b8784	2018-12-06 21:35:43 +0530	[diff] [blame]	186	return outPayload;
				187	}
				188	// check user is enabled before proceeding.
				189	bool userEnabled = false;
				190	ipmi::ipmiUserCheckEnabled(userId, userEnabled);
				191	if (!userEnabled)
				192	{
				193	response->rmcpStatusCode =
				194	static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
sunitakx	0e0546f	2021-06-15 08:57:10 +0000	[diff] [blame]	195	logInvalidLoginRedfishEvent(message);
Richard Marian Thomaiyar	99b8784	2018-12-06 21:35:43 +0530	[diff] [blame]	196	return outPayload;
				197	}
Richard Marian Thomaiyar	4c4694e	2019-06-20 16:36:49 +0530	[diff] [blame]	198	// Get the user password for RAKP message authenticate
				199	passwd = ipmi::ipmiUserGetPassword(userName);
				200	if (passwd.empty())
				201	{
				202	response->rmcpStatusCode =
				203	static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
sunitakx	0e0546f	2021-06-15 08:57:10 +0000	[diff] [blame]	204	logInvalidLoginRedfishEvent(message);
Richard Marian Thomaiyar	4c4694e	2019-06-20 16:36:49 +0530	[diff] [blame]	205	return outPayload;
				206	}
Ayushi Smriti	b31e969	2019-05-15 12:06:51 +0000	[diff] [blame]	207	// Check whether user is already locked for failed attempts
				208	if (!ipmi::ipmiUserPamAuthenticate(userName, passwd))
				209	{
George Liu	7b7f25f	2022-07-04 17:07:32 +0800	[diff] [blame^]	210	lg2::error(
				211	"Authentication failed - user already locked out, user id: {ID}",
				212	"ID", userId);
Ayushi Smriti	b31e969	2019-05-15 12:06:51 +0000	[diff] [blame]	213
				214	response->rmcpStatusCode =
				215	static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
sunitakx	0e0546f	2021-06-15 08:57:10 +0000	[diff] [blame]	216	logInvalidLoginRedfishEvent(message);
Ayushi Smriti	b31e969	2019-05-15 12:06:51 +0000	[diff] [blame]	217	return outPayload;
				218	}
Saravanan Palanisamy	d9c86bb	2019-08-07 17:57:37 +0000	[diff] [blame]	219
				220	uint8_t chNum = static_cast<uint8_t>(getInterfaceIndex());
Richard Marian Thomaiyar	99b8784	2018-12-06 21:35:43 +0530	[diff] [blame]	221	// Get channel based access information
Richard Marian Thomaiyar	992e53c	2019-03-03 13:30:46 +0530	[diff] [blame]	222	if ((ipmi::ipmiUserGetPrivilegeAccess(
				223	userId, chNum, session->sessionUserPrivAccess) != IPMI_CC_OK) \|\|
				224	(ipmi::getChannelAccessData(chNum, session->sessionChannelAccess) !=
				225	IPMI_CC_OK))
Richard Marian Thomaiyar	99b8784	2018-12-06 21:35:43 +0530	[diff] [blame]	226	{
				227	response->rmcpStatusCode =
				228	static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
sunitakx	0e0546f	2021-06-15 08:57:10 +0000	[diff] [blame]	229	logInvalidLoginRedfishEvent(message);
Richard Marian Thomaiyar	99b8784	2018-12-06 21:35:43 +0530	[diff] [blame]	230	return outPayload;
				231	}
AppaRao Puli	ecb32fb	2020-07-01 22:55:38 +0530	[diff] [blame]	232	if (!isChannelAccessModeEnabled(session->sessionChannelAccess.accessMode))
				233	{
George Liu	7b7f25f	2022-07-04 17:07:32 +0800	[diff] [blame^]	234	lg2::error("Channel access mode disabled.");
AppaRao Puli	ecb32fb	2020-07-01 22:55:38 +0530	[diff] [blame]	235	response->rmcpStatusCode =
				236	static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
sunitakx	0e0546f	2021-06-15 08:57:10 +0000	[diff] [blame]	237	logInvalidLoginRedfishEvent(message);
AppaRao Puli	ecb32fb	2020-07-01 22:55:38 +0530	[diff] [blame]	238	return outPayload;
				239	}
Richard Marian Thomaiyar	992e53c	2019-03-03 13:30:46 +0530	[diff] [blame]	240	if (session->sessionUserPrivAccess.privilege >
				241	static_cast<uint8_t>(session::Privilege::OEM))
Richard Marian Thomaiyar	7e5d38d	2019-03-02 22:11:41 +0530	[diff] [blame]	242	{
				243	response->rmcpStatusCode =
				244	static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
sunitakx	0e0546f	2021-06-15 08:57:10 +0000	[diff] [blame]	245	logInvalidLoginRedfishEvent(message);
Richard Marian Thomaiyar	7e5d38d	2019-03-02 22:11:41 +0530	[diff] [blame]	246	return outPayload;
				247	}
Suryakanth Sekar	f8a34fc	2019-06-12 20:59:18 +0530	[diff] [blame]	248	session->channelNum(chNum);
				249	session->userID(userId);
jayaprakash Mutyala	2555e2e	2019-12-24 22:51:46 +0000	[diff] [blame]	250	// minimum privilege of Channel / User / session::privilege::USER
Richard Marian Thomaiyar	d5a4f45	2019-01-16 12:15:44 +0530	[diff] [blame]	251	// has to be used as session current privilege level
Richard Marian Thomaiyar	99b8784	2018-12-06 21:35:43 +0530	[diff] [blame]	252	uint8_t minPriv = 0;
Richard Marian Thomaiyar	992e53c	2019-03-03 13:30:46 +0530	[diff] [blame]	253	if (session->sessionChannelAccess.privLimit <
				254	session->sessionUserPrivAccess.privilege)
Richard Marian Thomaiyar	99b8784	2018-12-06 21:35:43 +0530	[diff] [blame]	255	{
Richard Marian Thomaiyar	992e53c	2019-03-03 13:30:46 +0530	[diff] [blame]	256	minPriv = session->sessionChannelAccess.privLimit;
Richard Marian Thomaiyar	99b8784	2018-12-06 21:35:43 +0530	[diff] [blame]	257	}
				258	else
				259	{
Richard Marian Thomaiyar	992e53c	2019-03-03 13:30:46 +0530	[diff] [blame]	260	minPriv = session->sessionUserPrivAccess.privilege;
Richard Marian Thomaiyar	99b8784	2018-12-06 21:35:43 +0530	[diff] [blame]	261	}
Suryakanth Sekar	f8a34fc	2019-06-12 20:59:18 +0530	[diff] [blame]	262	if (session->currentPrivilege() > minPriv)
Richard Marian Thomaiyar	99b8784	2018-12-06 21:35:43 +0530	[diff] [blame]	263	{
Suryakanth Sekar	f8a34fc	2019-06-12 20:59:18 +0530	[diff] [blame]	264	session->currentPrivilege(static_cast<uint8_t>(minPriv));
Richard Marian Thomaiyar	99b8784	2018-12-06 21:35:43 +0530	[diff] [blame]	265	}
Richard Marian Thomaiyar	d91fd9d	2018-12-06 12:03:50 +0530	[diff] [blame]	266	// For username / privilege lookup, fail with UNAUTH_NAME, if requested
Richard Marian Thomaiyar	d8e92fe	2019-01-16 11:56:23 +0530	[diff] [blame]	267	// max privilege does not match user privilege
Richard Marian Thomaiyar	d91fd9d	2018-12-06 12:03:50 +0530	[diff] [blame]	268	if (((request->req_max_privilege_level & userNameOnlyLookupMask) ==
				269	userNamePrivLookup) &&
Richard Marian Thomaiyar	d8e92fe	2019-01-16 11:56:23 +0530	[diff] [blame]	270	((request->req_max_privilege_level & session::reqMaxPrivMask) !=
Richard Marian Thomaiyar	992e53c	2019-03-03 13:30:46 +0530	[diff] [blame]	271	session->sessionUserPrivAccess.privilege))
Richard Marian Thomaiyar	d91fd9d	2018-12-06 12:03:50 +0530	[diff] [blame]	272	{
George Liu	7b7f25f	2022-07-04 17:07:32 +0800	[diff] [blame^]	273	lg2::info("Username/Privilege lookup failed for requested privilege");
Richard Marian Thomaiyar	d91fd9d	2018-12-06 12:03:50 +0530	[diff] [blame]	274	response->rmcpStatusCode =
				275	static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
sunitakx	0e0546f	2021-06-15 08:57:10 +0000	[diff] [blame]	276
				277	logInvalidLoginRedfishEvent(message);
Richard Marian Thomaiyar	d91fd9d	2018-12-06 12:03:50 +0530	[diff] [blame]	278	return outPayload;
				279	}
Richard Marian Thomaiyar	99b8784	2018-12-06 21:35:43 +0530	[diff] [blame]	280
				281	std::fill(authAlgo->userKey.data(),
				282	authAlgo->userKey.data() + authAlgo->userKey.size(), 0);
				283	std::copy_n(passwd.c_str(), passwd.size(), authAlgo->userKey.data());
				284
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	285	// Copy the Managed System Random Number to the Authentication Algorithm
				286	std::copy_n(iter, cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN,
				287	authAlgo->bmcRandomNum.begin());
				288	std::advance(iter, cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN);
				289
				290	// Managed System GUID
Tom Joseph	83029cb	2017-09-01 16:37:31 +0530	[diff] [blame]	291	std::copy_n(cache::guid.data(), cache::guid.size(), iter);
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	292	std::advance(iter, BMC_GUID_LEN);
				293
				294	// Requested Privilege Level
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	295	std::copy_n(&(request->req_max_privilege_level),
				296	sizeof(request->req_max_privilege_level), iter);
				297	std::advance(iter, sizeof(request->req_max_privilege_level));
				298
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	299	// User Name Length Byte
				300	std::copy_n(&(request->user_name_len), sizeof(request->user_name_len),
				301	iter);
Tom Joseph	56527b9	2018-03-21 19:31:58 +0530	[diff] [blame]	302	std::advance(iter, sizeof(request->user_name_len));
				303
				304	std::copy_n(session->userName.data(), session->userName.size(), iter);
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	305
				306	// Generate Key Exchange Authentication Code - RAKP2
				307	auto output = authAlgo->generateHMAC(input);
				308
				309	response->messageTag = request->messageTag;
				310	response->rmcpStatusCode = static_cast<uint8_t>(RAKP_ReturnCode::NO_ERROR);
				311	response->reserved = 0;
Vernon Mauery	9e801a2	2018-10-12 13:20:49 -0700	[diff] [blame]	312	response->remoteConsoleSessionID = rcSessionID;
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	313
				314	// Copy Managed System Random Number to the Response
				315	std::copy(authAlgo->bmcRandomNum.begin(), authAlgo->bmcRandomNum.end(),
				316	response->managed_system_random_number);
				317
				318	// Copy System GUID to the Response
Vernon Mauery	9e801a2	2018-10-12 13:20:49 -0700	[diff] [blame]	319	std::copy_n(cache::guid.data(), cache::guid.size(),
Tom Joseph	83029cb	2017-09-01 16:37:31 +0530	[diff] [blame]	320	response->managed_system_guid);
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	321
				322	// Insert the HMAC output into the payload
				323	outPayload.insert(outPayload.end(), output.begin(), output.end());
Tom Joseph	8bb10b7	2016-12-06 17:47:56 +0530	[diff] [blame]	324	return outPayload;
				325	}
				326
				327	} // namespace command