Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-net-ipmid / 8425624a9046f5a853e8596cc74441e622028494 / . / command / rakp12.cpp
blob: 7a5f198bb69598e501ac3820bc6208de90ce78ed [file] [log] [blame]
Willy Tu2c95dd12023-03-03 16:26:44 -0800[diff] [blame]1#include "config.h"
2
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]3#include "rakp12.hpp"
4
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]5#include "comm_module.hpp"
6#include "endian.hpp"
7#include "guid.hpp"
Vernon Mauery2085ae02021-06-10 11:51:00 -0700[diff] [blame]8#include "sessions_manager.hpp"
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]9
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]10#include <openssl/rand.h>
11
George Liubc8958f2022-07-04 09:29:49 +0800[diff] [blame]12#include <ipmid/types.hpp>
George Liu7b7f25f2022-07-04 17:07:32 +0800[diff] [blame]13#include <phosphor-logging/lg2.hpp>
George Liubc8958f2022-07-04 09:29:49 +0800[diff] [blame]14
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]15#include <algorithm>
Tom Joseph56527b92018-03-21 19:31:58 +0530[diff] [blame]16#include <cstring>
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]17#include <iomanip>
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]18
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]19namespace command
20{
21
AppaRao Puliecb32fb2020-07-01 22:55:38 +0530[diff] [blame]22bool isChannelAccessModeEnabled(const uint8_t accessMode)
23{
24 return accessMode !=
25 static_cast<uint8_t>(ipmi::EChannelAccessMode::disabled);
26}
27
sunitakx0e0546f2021-06-15 08:57:10 +0000[diff] [blame]28void logInvalidLoginRedfishEvent(const std::string& journalMsg,
29 const std::optional<std::string>& messageArgs)
30{
31 static constexpr std::string_view openBMCMessageRegistryVersion = "0.1.";
Patrick Williams84256242024-08-16 15:20:21 -0400[diff] [blame^]32 std::string messageID =
33 "OpenBMC." + std::string(openBMCMessageRegistryVersion) +
34 "InvalidLoginAttempted";
George Liu7b7f25f2022-07-04 17:07:32 +0800[diff] [blame]35 lg2::error(
36 "message: {MSG}, id: {REDFISH_MESSAGE_ID}, args: {REDFISH_MESSAGE_ARGS}",
37 "MSG", journalMsg, "REDFISH_MESSAGE_ID", messageID,
38 "REDFISH_MESSAGE_ARGS", messageArgs.value());
sunitakx0e0546f2021-06-15 08:57:10 +0000[diff] [blame]39}
Tom Joseph18a45e92017-04-11 11:30:44 +0530[diff] [blame]40std::vector<uint8_t> RAKP12(const std::vector<uint8_t>& inPayload,
George Liube1470c2022-07-04 14:33:24 +0800[diff] [blame]41 std::shared_ptr<message::Handler>& /* handler */)
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]42{
Tom Joseph18a45e92017-04-11 11:30:44 +0530[diff] [blame]43 auto request = reinterpret_cast<const RAKP1request*>(inPayload.data());
Zhikui Ren2b1edef2020-07-24 14:32:13 -0700[diff] [blame]44 // verify inPayload minimum size
45 if (inPayload.size() < (sizeof(*request) - userNameMaxLen))
46 {
47 std::vector<uint8_t> errorPayload{IPMI_CC_REQ_DATA_LEN_INVALID};
48 return errorPayload;
49 }
50
51 std::vector<uint8_t> outPayload(sizeof(RAKP2response));
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]52 auto response = reinterpret_cast<RAKP2response*>(outPayload.data());
53
54 // Session ID zero is reserved for Session Setup
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]55 if (endian::from_ipmi(request->managedSystemSessionID) ==
Suryakanth Sekarf8a34fc2019-06-12 20:59:18 +0530[diff] [blame]56 session::sessionZero)
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]57 {
George Liu7b7f25f2022-07-04 17:07:32 +0800[diff] [blame]58 lg2::info("RAKP12: BMC invalid Session ID");
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]59 response->rmcpStatusCode =
60 static_cast<uint8_t>(RAKP_ReturnCode::INVALID_SESSION_ID);
61 return outPayload;
62 }
63
64 std::shared_ptr<session::Session> session;
65 try
66 {
Vernon Mauery2085ae02021-06-10 11:51:00 -0700[diff] [blame]67 session = session::Manager::get().getSession(
68 endian::from_ipmi(request->managedSystemSessionID));
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]69 }
Patrick Williams12d199b2021-10-06 12:36:48 -0500[diff] [blame]70 catch (const std::exception& e)
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]71 {
George Liu7b7f25f2022-07-04 17:07:32 +0800[diff] [blame]72 lg2::error("RAKP12 : session not found: {ERROR}", "ERROR", e);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]73 response->rmcpStatusCode =
74 static_cast<uint8_t>(RAKP_ReturnCode::INVALID_SESSION_ID);
75 return outPayload;
76 }
77
Patrick Williams84256242024-08-16 15:20:21 -0400[diff] [blame^]78 auto rakp1Size =
79 sizeof(RAKP1request) - (userNameMaxLen - request->user_name_len);
Tom Joseph56527b92018-03-21 19:31:58 +0530[diff] [blame]80
sunitakx0e0546f2021-06-15 08:57:10 +0000[diff] [blame]81 std::string message = "Invalid login attempted via RCMPP interface ";
Tom Joseph56527b92018-03-21 19:31:58 +0530[diff] [blame]82 // Validate user name length in the message
83 if (request->user_name_len > userNameMaxLen ||
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]84 inPayload.size() != rakp1Size)
Tom Joseph56527b92018-03-21 19:31:58 +0530[diff] [blame]85 {
86 response->rmcpStatusCode =
87 static_cast<uint8_t>(RAKP_ReturnCode::INVALID_NAME_LENGTH);
sunitakx0e0546f2021-06-15 08:57:10 +0000[diff] [blame]88 logInvalidLoginRedfishEvent(message);
Tom Joseph56527b92018-03-21 19:31:58 +0530[diff] [blame]89 return outPayload;
90 }
91
92 session->userName.assign(request->user_name, request->user_name_len);
93
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]94 // Update transaction time
95 session->updateLastTransactionTime();
96
97 auto rcSessionID = endian::to_ipmi(session->getRCSessionID());
98 auto bmcSessionID = endian::to_ipmi(session->getBMCSessionID());
99 auto authAlgo = session->getAuthAlgo();
100
101 /*
102 * Generate Key Authentication Code - RAKP 2
103 *
104 * 1) Remote Console Session ID - 4 bytes
105 * 2) Managed System Session ID - 4 bytes
106 * 3) Remote Console Random Number - 16 bytes
107 * 4) Managed System Random Number - 16 bytes
108 * 5) Managed System GUID - 16 bytes
109 * 6) Requested Privilege Level - 1 byte
110 * 7) User Name Length Byte - 1 byte (0 for 'null' username)
111 * 8) User Name - variable (absent for 'null' username)
112 */
113
114 std::vector<uint8_t> input;
115 input.resize(sizeof(rcSessionID) + sizeof(bmcSessionID) +
116 cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN +
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]117 cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN + BMC_GUID_LEN +
118 sizeof(request->req_max_privilege_level) +
119 sizeof(request->user_name_len) + session->userName.size());
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]120
121 auto iter = input.begin();
122
123 // Remote Console Session ID
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]124 std::copy_n(reinterpret_cast<uint8_t*>(&rcSessionID), sizeof(rcSessionID),
125 iter);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]126 std::advance(iter, sizeof(rcSessionID));
127
128 // Managed System Session ID
129 std::copy_n(reinterpret_cast<uint8_t*>(&bmcSessionID), sizeof(bmcSessionID),
130 iter);
131 std::advance(iter, sizeof(bmcSessionID));
132
133 // Copy the Remote Console Random Number from the RAKP1 request to the
134 // Authentication Algorithm
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]135 std::copy_n(
136 reinterpret_cast<const uint8_t*>(request->remote_console_random_number),
137 cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN,
138 authAlgo->rcRandomNum.begin());
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]139
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]140 std::copy(authAlgo->rcRandomNum.begin(), authAlgo->rcRandomNum.end(), iter);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]141 std::advance(iter, cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN);
142
143 // Generate the Managed System Random Number
144 if (!RAND_bytes(input.data() + sizeof(rcSessionID) + sizeof(bmcSessionID) +
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]145 cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN,
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]146 cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN))
147 {
148 response->rmcpStatusCode =
149 static_cast<uint8_t>(RAKP_ReturnCode::INSUFFICIENT_RESOURCE);
150 return outPayload;
151 }
Richard Marian Thomaiyard5a4f452019-01-16 12:15:44 +0530[diff] [blame]152 // As stated in Set Session Privilege Level command in IPMI Spec, when
jayaprakash Mutyala2555e2e2019-12-24 22:51:46 +0000[diff] [blame]153 // creating a session through Activate command / RAKP 1 message, it must
154 // be established with USER privilege as well as all other sessions are
155 // initially set to USER privilege, regardless of the requested maximum
156 // privilege.
Patrick Williams84256242024-08-16 15:20:21 -0400[diff] [blame^]157 if (!(static_cast<session::Privilege>(
158 request->req_max_privilege_level & session::reqMaxPrivMask) >
jayaprakash Mutyala2555e2e2019-12-24 22:51:46 +0000[diff] [blame]159 session::Privilege::CALLBACK))
Richard Marian Thomaiyard5a4f452019-01-16 12:15:44 +0530[diff] [blame]160 {
jayaprakash Mutyala2555e2e2019-12-24 22:51:46 +0000[diff] [blame]161 response->rmcpStatusCode =
162 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_ROLE_PRIV);
163 return outPayload;
Richard Marian Thomaiyard5a4f452019-01-16 12:15:44 +0530[diff] [blame]164 }
jayaprakash Mutyala2555e2e2019-12-24 22:51:46 +0000[diff] [blame]165 session->currentPrivilege(static_cast<uint8_t>(session::Privilege::USER));
166
Tom Joseph4021b1f2019-02-12 10:10:12 +0530[diff] [blame]167 session->reqMaxPrivLevel =
168 static_cast<session::Privilege>(request->req_max_privilege_level);
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530[diff] [blame]169 if (request->user_name_len == 0)
Richard Marian Thomaiyar127748a2018-09-06 07:08:51 +0530[diff] [blame]170 {
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530[diff] [blame]171 // Bail out, if user name is not specified.
172 // Yes, NULL user name is not supported for security reasons.
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530[diff] [blame]173 response->rmcpStatusCode =
174 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
sunitakx0e0546f2021-06-15 08:57:10 +0000[diff] [blame]175 logInvalidLoginRedfishEvent(message);
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530[diff] [blame]176 return outPayload;
Richard Marian Thomaiyard2563c52018-11-29 11:49:10 +0530[diff] [blame]177 }
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530[diff] [blame]178
179 // Perform user name based lookup
180 std::string userName(request->user_name, request->user_name_len);
Jayaprakash Mutyala05c14472020-10-19 10:26:24 +0000[diff] [blame]181 ipmi::SecureString passwd;
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530[diff] [blame]182 uint8_t userId = ipmi::ipmiUserGetUserId(userName);
183 if (userId == ipmi::invalidUserId)
184 {
185 response->rmcpStatusCode =
186 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
sunitakx0e0546f2021-06-15 08:57:10 +0000[diff] [blame]187 logInvalidLoginRedfishEvent(message);
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530[diff] [blame]188 return outPayload;
189 }
190 // check user is enabled before proceeding.
191 bool userEnabled = false;
192 ipmi::ipmiUserCheckEnabled(userId, userEnabled);
193 if (!userEnabled)
194 {
195 response->rmcpStatusCode =
196 static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
sunitakx0e0546f2021-06-15 08:57:10 +0000[diff] [blame]197 logInvalidLoginRedfishEvent(message);
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530[diff] [blame]198 return outPayload;
199 }
Richard Marian Thomaiyar4c4694e2019-06-20 16:36:49 +0530[diff] [blame]200 // Get the user password for RAKP message authenticate
201 passwd = ipmi::ipmiUserGetPassword(userName);
202 if (passwd.empty())
203 {
204 response->rmcpStatusCode =
205 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
sunitakx0e0546f2021-06-15 08:57:10 +0000[diff] [blame]206 logInvalidLoginRedfishEvent(message);
Richard Marian Thomaiyar4c4694e2019-06-20 16:36:49 +0530[diff] [blame]207 return outPayload;
208 }
Willy Tu2c95dd12023-03-03 16:26:44 -0800[diff] [blame]209#ifdef PAM_AUTHENTICATE
Ayushi Smritib31e9692019-05-15 12:06:51 +0000[diff] [blame]210 // Check whether user is already locked for failed attempts
211 if (!ipmi::ipmiUserPamAuthenticate(userName, passwd))
212 {
George Liu7b7f25f2022-07-04 17:07:32 +0800[diff] [blame]213 lg2::error(
214 "Authentication failed - user already locked out, user id: {ID}",
215 "ID", userId);
Ayushi Smritib31e9692019-05-15 12:06:51 +0000[diff] [blame]216
217 response->rmcpStatusCode =
218 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
sunitakx0e0546f2021-06-15 08:57:10 +0000[diff] [blame]219 logInvalidLoginRedfishEvent(message);
Ayushi Smritib31e9692019-05-15 12:06:51 +0000[diff] [blame]220 return outPayload;
221 }
Willy Tu2c95dd12023-03-03 16:26:44 -0800[diff] [blame]222#endif
Saravanan Palanisamyd9c86bb2019-08-07 17:57:37 +0000[diff] [blame]223
224 uint8_t chNum = static_cast<uint8_t>(getInterfaceIndex());
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530[diff] [blame]225 // Get channel based access information
Richard Marian Thomaiyar992e53c2019-03-03 13:30:46 +0530[diff] [blame]226 if ((ipmi::ipmiUserGetPrivilegeAccess(
227 userId, chNum, session->sessionUserPrivAccess) != IPMI_CC_OK) ||
228 (ipmi::getChannelAccessData(chNum, session->sessionChannelAccess) !=
229 IPMI_CC_OK))
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530[diff] [blame]230 {
231 response->rmcpStatusCode =
232 static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
sunitakx0e0546f2021-06-15 08:57:10 +0000[diff] [blame]233 logInvalidLoginRedfishEvent(message);
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530[diff] [blame]234 return outPayload;
235 }
AppaRao Puliecb32fb2020-07-01 22:55:38 +0530[diff] [blame]236 if (!isChannelAccessModeEnabled(session->sessionChannelAccess.accessMode))
237 {
George Liu7b7f25f2022-07-04 17:07:32 +0800[diff] [blame]238 lg2::error("Channel access mode disabled.");
AppaRao Puliecb32fb2020-07-01 22:55:38 +0530[diff] [blame]239 response->rmcpStatusCode =
240 static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
sunitakx0e0546f2021-06-15 08:57:10 +0000[diff] [blame]241 logInvalidLoginRedfishEvent(message);
AppaRao Puliecb32fb2020-07-01 22:55:38 +0530[diff] [blame]242 return outPayload;
243 }
Richard Marian Thomaiyar992e53c2019-03-03 13:30:46 +0530[diff] [blame]244 if (session->sessionUserPrivAccess.privilege >
245 static_cast<uint8_t>(session::Privilege::OEM))
Richard Marian Thomaiyar7e5d38d2019-03-02 22:11:41 +0530[diff] [blame]246 {
247 response->rmcpStatusCode =
248 static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
sunitakx0e0546f2021-06-15 08:57:10 +0000[diff] [blame]249 logInvalidLoginRedfishEvent(message);
Richard Marian Thomaiyar7e5d38d2019-03-02 22:11:41 +0530[diff] [blame]250 return outPayload;
251 }
Suryakanth Sekarf8a34fc2019-06-12 20:59:18 +0530[diff] [blame]252 session->channelNum(chNum);
253 session->userID(userId);
jayaprakash Mutyala2555e2e2019-12-24 22:51:46 +0000[diff] [blame]254 // minimum privilege of Channel / User / session::privilege::USER
Richard Marian Thomaiyard5a4f452019-01-16 12:15:44 +0530[diff] [blame]255 // has to be used as session current privilege level
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530[diff] [blame]256 uint8_t minPriv = 0;
Richard Marian Thomaiyar992e53c2019-03-03 13:30:46 +0530[diff] [blame]257 if (session->sessionChannelAccess.privLimit <
258 session->sessionUserPrivAccess.privilege)
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530[diff] [blame]259 {
Richard Marian Thomaiyar992e53c2019-03-03 13:30:46 +0530[diff] [blame]260 minPriv = session->sessionChannelAccess.privLimit;
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530[diff] [blame]261 }
262 else
263 {
Richard Marian Thomaiyar992e53c2019-03-03 13:30:46 +0530[diff] [blame]264 minPriv = session->sessionUserPrivAccess.privilege;
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530[diff] [blame]265 }
Suryakanth Sekarf8a34fc2019-06-12 20:59:18 +0530[diff] [blame]266 if (session->currentPrivilege() > minPriv)
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530[diff] [blame]267 {
Suryakanth Sekarf8a34fc2019-06-12 20:59:18 +0530[diff] [blame]268 session->currentPrivilege(static_cast<uint8_t>(minPriv));
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530[diff] [blame]269 }
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530[diff] [blame]270 // For username / privilege lookup, fail with UNAUTH_NAME, if requested
Richard Marian Thomaiyard8e92fe2019-01-16 11:56:23 +0530[diff] [blame]271 // max privilege does not match user privilege
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530[diff] [blame]272 if (((request->req_max_privilege_level & userNameOnlyLookupMask) ==
273 userNamePrivLookup) &&
Richard Marian Thomaiyard8e92fe2019-01-16 11:56:23 +0530[diff] [blame]274 ((request->req_max_privilege_level & session::reqMaxPrivMask) !=
Richard Marian Thomaiyar992e53c2019-03-03 13:30:46 +0530[diff] [blame]275 session->sessionUserPrivAccess.privilege))
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530[diff] [blame]276 {
George Liu7b7f25f2022-07-04 17:07:32 +0800[diff] [blame]277 lg2::info("Username/Privilege lookup failed for requested privilege");
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530[diff] [blame]278 response->rmcpStatusCode =
279 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
sunitakx0e0546f2021-06-15 08:57:10 +0000[diff] [blame]280
281 logInvalidLoginRedfishEvent(message);
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530[diff] [blame]282 return outPayload;
283 }
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530[diff] [blame]284
285 std::fill(authAlgo->userKey.data(),
286 authAlgo->userKey.data() + authAlgo->userKey.size(), 0);
287 std::copy_n(passwd.c_str(), passwd.size(), authAlgo->userKey.data());
288
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]289 // Copy the Managed System Random Number to the Authentication Algorithm
290 std::copy_n(iter, cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN,
291 authAlgo->bmcRandomNum.begin());
292 std::advance(iter, cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN);
293
294 // Managed System GUID
Vernon Mauery36e3c532023-07-31 19:28:18 -0700[diff] [blame]295 const Guid& guid = command::getSystemGUID();
296 std::copy_n(guid.data(), guid.size(), iter);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]297 std::advance(iter, BMC_GUID_LEN);
298
299 // Requested Privilege Level
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]300 std::copy_n(&(request->req_max_privilege_level),
301 sizeof(request->req_max_privilege_level), iter);
302 std::advance(iter, sizeof(request->req_max_privilege_level));
303
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]304 // User Name Length Byte
305 std::copy_n(&(request->user_name_len), sizeof(request->user_name_len),
306 iter);
Tom Joseph56527b92018-03-21 19:31:58 +0530[diff] [blame]307 std::advance(iter, sizeof(request->user_name_len));
308
309 std::copy_n(session->userName.data(), session->userName.size(), iter);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]310
311 // Generate Key Exchange Authentication Code - RAKP2
312 auto output = authAlgo->generateHMAC(input);
313
314 response->messageTag = request->messageTag;
315 response->rmcpStatusCode = static_cast<uint8_t>(RAKP_ReturnCode::NO_ERROR);
316 response->reserved = 0;
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]317 response->remoteConsoleSessionID = rcSessionID;
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]318
319 // Copy Managed System Random Number to the Response
320 std::copy(authAlgo->bmcRandomNum.begin(), authAlgo->bmcRandomNum.end(),
321 response->managed_system_random_number);
322
323 // Copy System GUID to the Response
Vernon Mauery36e3c532023-07-31 19:28:18 -0700[diff] [blame]324 std::copy_n(guid.data(), guid.size(), response->managed_system_guid);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]325
326 // Insert the HMAC output into the payload
327 outPayload.insert(outPayload.end(), output.begin(), output.end());
Tom Joseph8bb10b72016-12-06 17:47:56 +0530[diff] [blame]328 return outPayload;
329}
330
331} // namespace command