blob: 59ca9e328e0a2170f96144bbdc0d72379e7512b5 [file] [log] [blame]
Tom Joseph8bb10b72016-12-06 17:47:56 +05301#include "rakp12.hpp"
2
Vernon Mauery9e801a22018-10-12 13:20:49 -07003#include "comm_module.hpp"
4#include "endian.hpp"
5#include "guid.hpp"
6#include "main.hpp"
7
Tom Joseph8bb10b72016-12-06 17:47:56 +05308#include <openssl/rand.h>
9
10#include <algorithm>
Tom Joseph56527b92018-03-21 19:31:58 +053011#include <cstring>
Tom Joseph8bb10b72016-12-06 17:47:56 +053012#include <iomanip>
Vernon Maueryfc37e592018-12-19 14:55:15 -080013#include <phosphor-logging/log.hpp>
Richard Marian Thomaiyar127748a2018-09-06 07:08:51 +053014#include <user_channel/channel_layer.hpp>
15#include <user_channel/user_layer.hpp>
Tom Joseph8bb10b72016-12-06 17:47:56 +053016
Vernon Maueryfc37e592018-12-19 14:55:15 -080017using namespace phosphor::logging;
18
Tom Joseph8bb10b72016-12-06 17:47:56 +053019namespace command
20{
21
Tom Joseph18a45e92017-04-11 11:30:44 +053022std::vector<uint8_t> RAKP12(const std::vector<uint8_t>& inPayload,
Tom Joseph8bb10b72016-12-06 17:47:56 +053023 const message::Handler& handler)
24{
Tom Joseph8bb10b72016-12-06 17:47:56 +053025 std::vector<uint8_t> outPayload(sizeof(RAKP2response));
Tom Joseph18a45e92017-04-11 11:30:44 +053026 auto request = reinterpret_cast<const RAKP1request*>(inPayload.data());
Tom Joseph8bb10b72016-12-06 17:47:56 +053027 auto response = reinterpret_cast<RAKP2response*>(outPayload.data());
28
29 // Session ID zero is reserved for Session Setup
Vernon Mauery9e801a22018-10-12 13:20:49 -070030 if (endian::from_ipmi(request->managedSystemSessionID) ==
31 session::SESSION_ZERO)
Tom Joseph8bb10b72016-12-06 17:47:56 +053032 {
Vernon Maueryfc37e592018-12-19 14:55:15 -080033 log<level::INFO>("RAKP12: BMC invalid Session ID");
Tom Joseph8bb10b72016-12-06 17:47:56 +053034 response->rmcpStatusCode =
35 static_cast<uint8_t>(RAKP_ReturnCode::INVALID_SESSION_ID);
36 return outPayload;
37 }
38
39 std::shared_ptr<session::Session> session;
40 try
41 {
Vernon Maueryae1fda42018-10-15 12:55:34 -070042 session =
43 std::get<session::Manager&>(singletonPool)
44 .getSession(endian::from_ipmi(request->managedSystemSessionID));
Tom Joseph8bb10b72016-12-06 17:47:56 +053045 }
46 catch (std::exception& e)
47 {
Vernon Maueryfc37e592018-12-19 14:55:15 -080048 log<level::ERR>("RAKP12 : session not found",
49 entry("EXCEPTION=%s", e.what()));
Tom Joseph8bb10b72016-12-06 17:47:56 +053050 response->rmcpStatusCode =
51 static_cast<uint8_t>(RAKP_ReturnCode::INVALID_SESSION_ID);
52 return outPayload;
53 }
54
Vernon Mauery9e801a22018-10-12 13:20:49 -070055 auto rakp1Size =
56 sizeof(RAKP1request) - (userNameMaxLen - request->user_name_len);
Tom Joseph56527b92018-03-21 19:31:58 +053057
58 // Validate user name length in the message
59 if (request->user_name_len > userNameMaxLen ||
Vernon Mauery9e801a22018-10-12 13:20:49 -070060 inPayload.size() != rakp1Size)
Tom Joseph56527b92018-03-21 19:31:58 +053061 {
62 response->rmcpStatusCode =
63 static_cast<uint8_t>(RAKP_ReturnCode::INVALID_NAME_LENGTH);
64 return outPayload;
65 }
66
67 session->userName.assign(request->user_name, request->user_name_len);
68
Tom Joseph8bb10b72016-12-06 17:47:56 +053069 // Update transaction time
70 session->updateLastTransactionTime();
71
72 auto rcSessionID = endian::to_ipmi(session->getRCSessionID());
73 auto bmcSessionID = endian::to_ipmi(session->getBMCSessionID());
74 auto authAlgo = session->getAuthAlgo();
75
76 /*
77 * Generate Key Authentication Code - RAKP 2
78 *
79 * 1) Remote Console Session ID - 4 bytes
80 * 2) Managed System Session ID - 4 bytes
81 * 3) Remote Console Random Number - 16 bytes
82 * 4) Managed System Random Number - 16 bytes
83 * 5) Managed System GUID - 16 bytes
84 * 6) Requested Privilege Level - 1 byte
85 * 7) User Name Length Byte - 1 byte (0 for 'null' username)
86 * 8) User Name - variable (absent for 'null' username)
87 */
88
89 std::vector<uint8_t> input;
90 input.resize(sizeof(rcSessionID) + sizeof(bmcSessionID) +
91 cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN +
Vernon Mauery9e801a22018-10-12 13:20:49 -070092 cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN + BMC_GUID_LEN +
93 sizeof(request->req_max_privilege_level) +
94 sizeof(request->user_name_len) + session->userName.size());
Tom Joseph8bb10b72016-12-06 17:47:56 +053095
96 auto iter = input.begin();
97
98 // Remote Console Session ID
Vernon Mauery9e801a22018-10-12 13:20:49 -070099 std::copy_n(reinterpret_cast<uint8_t*>(&rcSessionID), sizeof(rcSessionID),
100 iter);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530101 std::advance(iter, sizeof(rcSessionID));
102
103 // Managed System Session ID
104 std::copy_n(reinterpret_cast<uint8_t*>(&bmcSessionID), sizeof(bmcSessionID),
105 iter);
106 std::advance(iter, sizeof(bmcSessionID));
107
108 // Copy the Remote Console Random Number from the RAKP1 request to the
109 // Authentication Algorithm
Vernon Mauery9e801a22018-10-12 13:20:49 -0700110 std::copy_n(
111 reinterpret_cast<const uint8_t*>(request->remote_console_random_number),
112 cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN,
113 authAlgo->rcRandomNum.begin());
Tom Joseph8bb10b72016-12-06 17:47:56 +0530114
Vernon Mauery9e801a22018-10-12 13:20:49 -0700115 std::copy(authAlgo->rcRandomNum.begin(), authAlgo->rcRandomNum.end(), iter);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530116 std::advance(iter, cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN);
117
118 // Generate the Managed System Random Number
119 if (!RAND_bytes(input.data() + sizeof(rcSessionID) + sizeof(bmcSessionID) +
Vernon Mauery9e801a22018-10-12 13:20:49 -0700120 cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN,
Tom Joseph8bb10b72016-12-06 17:47:56 +0530121 cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN))
122 {
123 response->rmcpStatusCode =
124 static_cast<uint8_t>(RAKP_ReturnCode::INSUFFICIENT_RESOURCE);
125 return outPayload;
126 }
Richard Marian Thomaiyard5a4f452019-01-16 12:15:44 +0530127 // As stated in Set Session Privilege Level command in IPMI Spec, when
128 // creating a session through Activate command / RAKP 1 message, it must be
129 // established with CALLBACK privilege if requested for callback. All other
130 // sessions are initialy set to USER privilege, regardless of the requested
131 // maximum privilege.
132 session->curPrivLevel = session::Privilege::CALLBACK;
133 if (static_cast<session::Privilege>(request->req_max_privilege_level &
134 session::reqMaxPrivMask) >
135 session::Privilege::CALLBACK)
136 {
137 session->curPrivLevel = session::Privilege::USER;
138 }
Tom Joseph4021b1f2019-02-12 10:10:12 +0530139 session->reqMaxPrivLevel =
140 static_cast<session::Privilege>(request->req_max_privilege_level);
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530141 if (request->user_name_len == 0)
Richard Marian Thomaiyar127748a2018-09-06 07:08:51 +0530142 {
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530143 // Bail out, if user name is not specified.
144 // Yes, NULL user name is not supported for security reasons.
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530145 response->rmcpStatusCode =
146 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
147 return outPayload;
Richard Marian Thomaiyard2563c52018-11-29 11:49:10 +0530148 }
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530149
150 // Perform user name based lookup
151 std::string userName(request->user_name, request->user_name_len);
152 std::string passwd;
153 uint8_t userId = ipmi::ipmiUserGetUserId(userName);
154 if (userId == ipmi::invalidUserId)
155 {
156 response->rmcpStatusCode =
157 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
158 return outPayload;
159 }
160 // check user is enabled before proceeding.
161 bool userEnabled = false;
162 ipmi::ipmiUserCheckEnabled(userId, userEnabled);
163 if (!userEnabled)
164 {
165 response->rmcpStatusCode =
166 static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
167 return outPayload;
168 }
169 // Get the user password for RAKP message authenticate
170 passwd = ipmi::ipmiUserGetPassword(userName);
171 if (passwd.empty())
172 {
173 response->rmcpStatusCode =
174 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
175 return outPayload;
176 }
177 ipmi::PrivAccess userAccess{};
178 ipmi::ChannelAccess chAccess{};
179 // TODO Replace with proper calls.
180 uint8_t chNum = static_cast<uint8_t>(ipmi::EChannelID::chanLan1);
181 // Get channel based access information
182 if ((ipmi::ipmiUserGetPrivilegeAccess(userId, chNum, userAccess) !=
183 IPMI_CC_OK) ||
184 (ipmi::getChannelAccessData(chNum, chAccess) != IPMI_CC_OK))
185 {
186 response->rmcpStatusCode =
187 static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
188 return outPayload;
189 }
190 session->chNum = chNum;
Richard Marian Thomaiyard5a4f452019-01-16 12:15:44 +0530191 // minimum privilege of Channel / User / session::privilege::USER/CALLBACK /
192 // has to be used as session current privilege level
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530193 uint8_t minPriv = 0;
194 if (chAccess.privLimit < userAccess.privilege)
195 {
196 minPriv = chAccess.privLimit;
197 }
198 else
199 {
200 minPriv = userAccess.privilege;
201 }
202 if (session->curPrivLevel > static_cast<session::Privilege>(minPriv))
203 {
204 session->curPrivLevel = static_cast<session::Privilege>(minPriv);
205 }
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530206 // For username / privilege lookup, fail with UNAUTH_NAME, if requested
Richard Marian Thomaiyard8e92fe2019-01-16 11:56:23 +0530207 // max privilege does not match user privilege
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530208 if (((request->req_max_privilege_level & userNameOnlyLookupMask) ==
209 userNamePrivLookup) &&
Richard Marian Thomaiyard8e92fe2019-01-16 11:56:23 +0530210 ((request->req_max_privilege_level & session::reqMaxPrivMask) !=
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530211 userAccess.privilege))
212 {
Vernon Maueryfc37e592018-12-19 14:55:15 -0800213 log<level::INFO>(
214 "Username/Privilege lookup failed for requested privilege");
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530215 response->rmcpStatusCode =
216 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
217 return outPayload;
218 }
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530219
220 std::fill(authAlgo->userKey.data(),
221 authAlgo->userKey.data() + authAlgo->userKey.size(), 0);
222 std::copy_n(passwd.c_str(), passwd.size(), authAlgo->userKey.data());
223
Tom Joseph8bb10b72016-12-06 17:47:56 +0530224 // Copy the Managed System Random Number to the Authentication Algorithm
225 std::copy_n(iter, cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN,
226 authAlgo->bmcRandomNum.begin());
227 std::advance(iter, cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN);
228
229 // Managed System GUID
Tom Joseph83029cb2017-09-01 16:37:31 +0530230 std::copy_n(cache::guid.data(), cache::guid.size(), iter);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530231 std::advance(iter, BMC_GUID_LEN);
232
233 // Requested Privilege Level
Tom Joseph8bb10b72016-12-06 17:47:56 +0530234 std::copy_n(&(request->req_max_privilege_level),
235 sizeof(request->req_max_privilege_level), iter);
236 std::advance(iter, sizeof(request->req_max_privilege_level));
237
Tom Joseph8bb10b72016-12-06 17:47:56 +0530238 // User Name Length Byte
239 std::copy_n(&(request->user_name_len), sizeof(request->user_name_len),
240 iter);
Tom Joseph56527b92018-03-21 19:31:58 +0530241 std::advance(iter, sizeof(request->user_name_len));
242
243 std::copy_n(session->userName.data(), session->userName.size(), iter);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530244
245 // Generate Key Exchange Authentication Code - RAKP2
246 auto output = authAlgo->generateHMAC(input);
247
248 response->messageTag = request->messageTag;
249 response->rmcpStatusCode = static_cast<uint8_t>(RAKP_ReturnCode::NO_ERROR);
250 response->reserved = 0;
Vernon Mauery9e801a22018-10-12 13:20:49 -0700251 response->remoteConsoleSessionID = rcSessionID;
Tom Joseph8bb10b72016-12-06 17:47:56 +0530252
253 // Copy Managed System Random Number to the Response
254 std::copy(authAlgo->bmcRandomNum.begin(), authAlgo->bmcRandomNum.end(),
255 response->managed_system_random_number);
256
257 // Copy System GUID to the Response
Vernon Mauery9e801a22018-10-12 13:20:49 -0700258 std::copy_n(cache::guid.data(), cache::guid.size(),
Tom Joseph83029cb2017-09-01 16:37:31 +0530259 response->managed_system_guid);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530260
261 // Insert the HMAC output into the payload
262 outPayload.insert(outPayload.end(), output.begin(), output.end());
Tom Joseph8bb10b72016-12-06 17:47:56 +0530263 return outPayload;
264}
265
266} // namespace command