blob: 2ab9fcd07ab7695981a8eac53d1841a46b870960 [file] [log] [blame]
Tom Joseph8bb10b72016-12-06 17:47:56 +05301#include "rakp12.hpp"
2
Vernon Mauery9e801a22018-10-12 13:20:49 -07003#include "comm_module.hpp"
4#include "endian.hpp"
5#include "guid.hpp"
6#include "main.hpp"
7
Tom Joseph8bb10b72016-12-06 17:47:56 +05308#include <openssl/rand.h>
9
10#include <algorithm>
Tom Joseph56527b92018-03-21 19:31:58 +053011#include <cstring>
Tom Joseph8bb10b72016-12-06 17:47:56 +053012#include <iomanip>
Vernon Maueryfc37e592018-12-19 14:55:15 -080013#include <phosphor-logging/log.hpp>
Tom Joseph8bb10b72016-12-06 17:47:56 +053014
Vernon Maueryfc37e592018-12-19 14:55:15 -080015using namespace phosphor::logging;
16
Tom Joseph8bb10b72016-12-06 17:47:56 +053017namespace command
18{
19
Tom Joseph18a45e92017-04-11 11:30:44 +053020std::vector<uint8_t> RAKP12(const std::vector<uint8_t>& inPayload,
Tom Joseph8bb10b72016-12-06 17:47:56 +053021 const message::Handler& handler)
22{
Tom Joseph8bb10b72016-12-06 17:47:56 +053023 std::vector<uint8_t> outPayload(sizeof(RAKP2response));
Tom Joseph18a45e92017-04-11 11:30:44 +053024 auto request = reinterpret_cast<const RAKP1request*>(inPayload.data());
Tom Joseph8bb10b72016-12-06 17:47:56 +053025 auto response = reinterpret_cast<RAKP2response*>(outPayload.data());
26
27 // Session ID zero is reserved for Session Setup
Vernon Mauery9e801a22018-10-12 13:20:49 -070028 if (endian::from_ipmi(request->managedSystemSessionID) ==
Suryakanth Sekarf8a34fc2019-06-12 20:59:18 +053029 session::sessionZero)
Tom Joseph8bb10b72016-12-06 17:47:56 +053030 {
Vernon Maueryfc37e592018-12-19 14:55:15 -080031 log<level::INFO>("RAKP12: BMC invalid Session ID");
Tom Joseph8bb10b72016-12-06 17:47:56 +053032 response->rmcpStatusCode =
33 static_cast<uint8_t>(RAKP_ReturnCode::INVALID_SESSION_ID);
34 return outPayload;
35 }
36
37 std::shared_ptr<session::Session> session;
38 try
39 {
Vernon Maueryae1fda42018-10-15 12:55:34 -070040 session =
41 std::get<session::Manager&>(singletonPool)
42 .getSession(endian::from_ipmi(request->managedSystemSessionID));
Tom Joseph8bb10b72016-12-06 17:47:56 +053043 }
44 catch (std::exception& e)
45 {
Vernon Maueryfc37e592018-12-19 14:55:15 -080046 log<level::ERR>("RAKP12 : session not found",
47 entry("EXCEPTION=%s", e.what()));
Tom Joseph8bb10b72016-12-06 17:47:56 +053048 response->rmcpStatusCode =
49 static_cast<uint8_t>(RAKP_ReturnCode::INVALID_SESSION_ID);
50 return outPayload;
51 }
52
Vernon Mauery9e801a22018-10-12 13:20:49 -070053 auto rakp1Size =
54 sizeof(RAKP1request) - (userNameMaxLen - request->user_name_len);
Tom Joseph56527b92018-03-21 19:31:58 +053055
56 // Validate user name length in the message
57 if (request->user_name_len > userNameMaxLen ||
Vernon Mauery9e801a22018-10-12 13:20:49 -070058 inPayload.size() != rakp1Size)
Tom Joseph56527b92018-03-21 19:31:58 +053059 {
60 response->rmcpStatusCode =
61 static_cast<uint8_t>(RAKP_ReturnCode::INVALID_NAME_LENGTH);
62 return outPayload;
63 }
64
65 session->userName.assign(request->user_name, request->user_name_len);
66
Tom Joseph8bb10b72016-12-06 17:47:56 +053067 // Update transaction time
68 session->updateLastTransactionTime();
69
70 auto rcSessionID = endian::to_ipmi(session->getRCSessionID());
71 auto bmcSessionID = endian::to_ipmi(session->getBMCSessionID());
72 auto authAlgo = session->getAuthAlgo();
73
74 /*
75 * Generate Key Authentication Code - RAKP 2
76 *
77 * 1) Remote Console Session ID - 4 bytes
78 * 2) Managed System Session ID - 4 bytes
79 * 3) Remote Console Random Number - 16 bytes
80 * 4) Managed System Random Number - 16 bytes
81 * 5) Managed System GUID - 16 bytes
82 * 6) Requested Privilege Level - 1 byte
83 * 7) User Name Length Byte - 1 byte (0 for 'null' username)
84 * 8) User Name - variable (absent for 'null' username)
85 */
86
87 std::vector<uint8_t> input;
88 input.resize(sizeof(rcSessionID) + sizeof(bmcSessionID) +
89 cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN +
Vernon Mauery9e801a22018-10-12 13:20:49 -070090 cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN + BMC_GUID_LEN +
91 sizeof(request->req_max_privilege_level) +
92 sizeof(request->user_name_len) + session->userName.size());
Tom Joseph8bb10b72016-12-06 17:47:56 +053093
94 auto iter = input.begin();
95
96 // Remote Console Session ID
Vernon Mauery9e801a22018-10-12 13:20:49 -070097 std::copy_n(reinterpret_cast<uint8_t*>(&rcSessionID), sizeof(rcSessionID),
98 iter);
Tom Joseph8bb10b72016-12-06 17:47:56 +053099 std::advance(iter, sizeof(rcSessionID));
100
101 // Managed System Session ID
102 std::copy_n(reinterpret_cast<uint8_t*>(&bmcSessionID), sizeof(bmcSessionID),
103 iter);
104 std::advance(iter, sizeof(bmcSessionID));
105
106 // Copy the Remote Console Random Number from the RAKP1 request to the
107 // Authentication Algorithm
Vernon Mauery9e801a22018-10-12 13:20:49 -0700108 std::copy_n(
109 reinterpret_cast<const uint8_t*>(request->remote_console_random_number),
110 cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN,
111 authAlgo->rcRandomNum.begin());
Tom Joseph8bb10b72016-12-06 17:47:56 +0530112
Vernon Mauery9e801a22018-10-12 13:20:49 -0700113 std::copy(authAlgo->rcRandomNum.begin(), authAlgo->rcRandomNum.end(), iter);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530114 std::advance(iter, cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN);
115
116 // Generate the Managed System Random Number
117 if (!RAND_bytes(input.data() + sizeof(rcSessionID) + sizeof(bmcSessionID) +
Vernon Mauery9e801a22018-10-12 13:20:49 -0700118 cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN,
Tom Joseph8bb10b72016-12-06 17:47:56 +0530119 cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN))
120 {
121 response->rmcpStatusCode =
122 static_cast<uint8_t>(RAKP_ReturnCode::INSUFFICIENT_RESOURCE);
123 return outPayload;
124 }
Richard Marian Thomaiyard5a4f452019-01-16 12:15:44 +0530125 // As stated in Set Session Privilege Level command in IPMI Spec, when
126 // creating a session through Activate command / RAKP 1 message, it must be
127 // established with CALLBACK privilege if requested for callback. All other
128 // sessions are initialy set to USER privilege, regardless of the requested
129 // maximum privilege.
Suryakanth Sekarf8a34fc2019-06-12 20:59:18 +0530130 session->currentPrivilege(
131 static_cast<uint8_t>(session::Privilege::CALLBACK));
Richard Marian Thomaiyard5a4f452019-01-16 12:15:44 +0530132 if (static_cast<session::Privilege>(request->req_max_privilege_level &
133 session::reqMaxPrivMask) >
134 session::Privilege::CALLBACK)
135 {
Suryakanth Sekarf8a34fc2019-06-12 20:59:18 +0530136 session->currentPrivilege(
137 static_cast<uint8_t>(session::Privilege::USER));
Richard Marian Thomaiyard5a4f452019-01-16 12:15:44 +0530138 }
Tom Joseph4021b1f2019-02-12 10:10:12 +0530139 session->reqMaxPrivLevel =
140 static_cast<session::Privilege>(request->req_max_privilege_level);
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530141 if (request->user_name_len == 0)
Richard Marian Thomaiyar127748a2018-09-06 07:08:51 +0530142 {
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530143 // Bail out, if user name is not specified.
144 // Yes, NULL user name is not supported for security reasons.
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530145 response->rmcpStatusCode =
146 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
147 return outPayload;
Richard Marian Thomaiyard2563c52018-11-29 11:49:10 +0530148 }
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530149
150 // Perform user name based lookup
151 std::string userName(request->user_name, request->user_name_len);
152 std::string passwd;
153 uint8_t userId = ipmi::ipmiUserGetUserId(userName);
154 if (userId == ipmi::invalidUserId)
155 {
156 response->rmcpStatusCode =
157 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
158 return outPayload;
159 }
160 // check user is enabled before proceeding.
161 bool userEnabled = false;
162 ipmi::ipmiUserCheckEnabled(userId, userEnabled);
163 if (!userEnabled)
164 {
165 response->rmcpStatusCode =
166 static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
167 return outPayload;
168 }
Richard Marian Thomaiyar4c4694e2019-06-20 16:36:49 +0530169 // Get the user password for RAKP message authenticate
170 passwd = ipmi::ipmiUserGetPassword(userName);
171 if (passwd.empty())
172 {
173 response->rmcpStatusCode =
174 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
175 return outPayload;
176 }
Ayushi Smritib31e9692019-05-15 12:06:51 +0000177 // Check whether user is already locked for failed attempts
178 if (!ipmi::ipmiUserPamAuthenticate(userName, passwd))
179 {
180 log<level::ERR>("Authentication failed - user already locked out",
181 entry("USER-ID=%d", static_cast<uint8_t>(userId)));
182
183 response->rmcpStatusCode =
184 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
185 return outPayload;
186 }
Saravanan Palanisamyd9c86bb2019-08-07 17:57:37 +0000187
188 uint8_t chNum = static_cast<uint8_t>(getInterfaceIndex());
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530189 // Get channel based access information
Richard Marian Thomaiyar992e53c2019-03-03 13:30:46 +0530190 if ((ipmi::ipmiUserGetPrivilegeAccess(
191 userId, chNum, session->sessionUserPrivAccess) != IPMI_CC_OK) ||
192 (ipmi::getChannelAccessData(chNum, session->sessionChannelAccess) !=
193 IPMI_CC_OK))
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530194 {
195 response->rmcpStatusCode =
196 static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
197 return outPayload;
198 }
Richard Marian Thomaiyar992e53c2019-03-03 13:30:46 +0530199 if (session->sessionUserPrivAccess.privilege >
200 static_cast<uint8_t>(session::Privilege::OEM))
Richard Marian Thomaiyar7e5d38d2019-03-02 22:11:41 +0530201 {
202 response->rmcpStatusCode =
203 static_cast<uint8_t>(RAKP_ReturnCode::INACTIVE_ROLE);
204 return outPayload;
205 }
Suryakanth Sekarf8a34fc2019-06-12 20:59:18 +0530206 session->channelNum(chNum);
207 session->userID(userId);
Richard Marian Thomaiyard5a4f452019-01-16 12:15:44 +0530208 // minimum privilege of Channel / User / session::privilege::USER/CALLBACK /
209 // has to be used as session current privilege level
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530210 uint8_t minPriv = 0;
Richard Marian Thomaiyar992e53c2019-03-03 13:30:46 +0530211 if (session->sessionChannelAccess.privLimit <
212 session->sessionUserPrivAccess.privilege)
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530213 {
Richard Marian Thomaiyar992e53c2019-03-03 13:30:46 +0530214 minPriv = session->sessionChannelAccess.privLimit;
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530215 }
216 else
217 {
Richard Marian Thomaiyar992e53c2019-03-03 13:30:46 +0530218 minPriv = session->sessionUserPrivAccess.privilege;
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530219 }
Suryakanth Sekarf8a34fc2019-06-12 20:59:18 +0530220 if (session->currentPrivilege() > minPriv)
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530221 {
Suryakanth Sekarf8a34fc2019-06-12 20:59:18 +0530222 session->currentPrivilege(static_cast<uint8_t>(minPriv));
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530223 }
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530224 // For username / privilege lookup, fail with UNAUTH_NAME, if requested
Richard Marian Thomaiyard8e92fe2019-01-16 11:56:23 +0530225 // max privilege does not match user privilege
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530226 if (((request->req_max_privilege_level & userNameOnlyLookupMask) ==
227 userNamePrivLookup) &&
Richard Marian Thomaiyard8e92fe2019-01-16 11:56:23 +0530228 ((request->req_max_privilege_level & session::reqMaxPrivMask) !=
Richard Marian Thomaiyar992e53c2019-03-03 13:30:46 +0530229 session->sessionUserPrivAccess.privilege))
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530230 {
Vernon Maueryfc37e592018-12-19 14:55:15 -0800231 log<level::INFO>(
232 "Username/Privilege lookup failed for requested privilege");
Richard Marian Thomaiyard91fd9d2018-12-06 12:03:50 +0530233 response->rmcpStatusCode =
234 static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME);
235 return outPayload;
236 }
Richard Marian Thomaiyar99b87842018-12-06 21:35:43 +0530237
238 std::fill(authAlgo->userKey.data(),
239 authAlgo->userKey.data() + authAlgo->userKey.size(), 0);
240 std::copy_n(passwd.c_str(), passwd.size(), authAlgo->userKey.data());
241
Tom Joseph8bb10b72016-12-06 17:47:56 +0530242 // Copy the Managed System Random Number to the Authentication Algorithm
243 std::copy_n(iter, cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN,
244 authAlgo->bmcRandomNum.begin());
245 std::advance(iter, cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN);
246
247 // Managed System GUID
Tom Joseph83029cb2017-09-01 16:37:31 +0530248 std::copy_n(cache::guid.data(), cache::guid.size(), iter);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530249 std::advance(iter, BMC_GUID_LEN);
250
251 // Requested Privilege Level
Tom Joseph8bb10b72016-12-06 17:47:56 +0530252 std::copy_n(&(request->req_max_privilege_level),
253 sizeof(request->req_max_privilege_level), iter);
254 std::advance(iter, sizeof(request->req_max_privilege_level));
255
Tom Joseph8bb10b72016-12-06 17:47:56 +0530256 // User Name Length Byte
257 std::copy_n(&(request->user_name_len), sizeof(request->user_name_len),
258 iter);
Tom Joseph56527b92018-03-21 19:31:58 +0530259 std::advance(iter, sizeof(request->user_name_len));
260
261 std::copy_n(session->userName.data(), session->userName.size(), iter);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530262
263 // Generate Key Exchange Authentication Code - RAKP2
264 auto output = authAlgo->generateHMAC(input);
265
266 response->messageTag = request->messageTag;
267 response->rmcpStatusCode = static_cast<uint8_t>(RAKP_ReturnCode::NO_ERROR);
268 response->reserved = 0;
Vernon Mauery9e801a22018-10-12 13:20:49 -0700269 response->remoteConsoleSessionID = rcSessionID;
Tom Joseph8bb10b72016-12-06 17:47:56 +0530270
271 // Copy Managed System Random Number to the Response
272 std::copy(authAlgo->bmcRandomNum.begin(), authAlgo->bmcRandomNum.end(),
273 response->managed_system_random_number);
274
275 // Copy System GUID to the Response
Vernon Mauery9e801a22018-10-12 13:20:49 -0700276 std::copy_n(cache::guid.data(), cache::guid.size(),
Tom Joseph83029cb2017-09-01 16:37:31 +0530277 response->managed_system_guid);
Tom Joseph8bb10b72016-12-06 17:47:56 +0530278
279 // Insert the HMAC output into the payload
280 outPayload.insert(outPayload.end(), output.begin(), output.end());
Tom Joseph8bb10b72016-12-06 17:47:56 +0530281 return outPayload;
282}
283
284} // namespace command