Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 1 | #include "rakp12.hpp" |
| 2 | |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 3 | #include "comm_module.hpp" |
| 4 | #include "endian.hpp" |
| 5 | #include "guid.hpp" |
| 6 | #include "main.hpp" |
| 7 | |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 8 | #include <openssl/rand.h> |
| 9 | |
| 10 | #include <algorithm> |
Tom Joseph | 56527b9 | 2018-03-21 19:31:58 +0530 | [diff] [blame] | 11 | #include <cstring> |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 12 | #include <iomanip> |
| 13 | #include <iostream> |
| 14 | |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 15 | namespace command |
| 16 | { |
| 17 | |
Tom Joseph | 18a45e9 | 2017-04-11 11:30:44 +0530 | [diff] [blame] | 18 | std::vector<uint8_t> RAKP12(const std::vector<uint8_t>& inPayload, |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 19 | const message::Handler& handler) |
| 20 | { |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 21 | std::vector<uint8_t> outPayload(sizeof(RAKP2response)); |
Tom Joseph | 18a45e9 | 2017-04-11 11:30:44 +0530 | [diff] [blame] | 22 | auto request = reinterpret_cast<const RAKP1request*>(inPayload.data()); |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 23 | auto response = reinterpret_cast<RAKP2response*>(outPayload.data()); |
| 24 | |
| 25 | // Session ID zero is reserved for Session Setup |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 26 | if (endian::from_ipmi(request->managedSystemSessionID) == |
| 27 | session::SESSION_ZERO) |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 28 | { |
| 29 | std::cerr << "RAKP12: BMC invalid Session ID\n"; |
| 30 | response->rmcpStatusCode = |
| 31 | static_cast<uint8_t>(RAKP_ReturnCode::INVALID_SESSION_ID); |
| 32 | return outPayload; |
| 33 | } |
| 34 | |
| 35 | std::shared_ptr<session::Session> session; |
| 36 | try |
| 37 | { |
Vernon Mauery | ae1fda4 | 2018-10-15 12:55:34 -0700 | [diff] [blame] | 38 | session = |
| 39 | std::get<session::Manager&>(singletonPool) |
| 40 | .getSession(endian::from_ipmi(request->managedSystemSessionID)); |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 41 | } |
| 42 | catch (std::exception& e) |
| 43 | { |
| 44 | std::cerr << e.what() << "\n"; |
| 45 | response->rmcpStatusCode = |
| 46 | static_cast<uint8_t>(RAKP_ReturnCode::INVALID_SESSION_ID); |
| 47 | return outPayload; |
| 48 | } |
| 49 | |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 50 | auto rakp1Size = |
| 51 | sizeof(RAKP1request) - (userNameMaxLen - request->user_name_len); |
Tom Joseph | 56527b9 | 2018-03-21 19:31:58 +0530 | [diff] [blame] | 52 | |
| 53 | // Validate user name length in the message |
| 54 | if (request->user_name_len > userNameMaxLen || |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 55 | inPayload.size() != rakp1Size) |
Tom Joseph | 56527b9 | 2018-03-21 19:31:58 +0530 | [diff] [blame] | 56 | { |
| 57 | response->rmcpStatusCode = |
| 58 | static_cast<uint8_t>(RAKP_ReturnCode::INVALID_NAME_LENGTH); |
| 59 | return outPayload; |
| 60 | } |
| 61 | |
| 62 | session->userName.assign(request->user_name, request->user_name_len); |
| 63 | |
| 64 | // Validate the user name if the username is provided |
| 65 | if (request->user_name_len && |
| 66 | (session->userName != cipher::rakp_auth::userName)) |
| 67 | { |
| 68 | response->rmcpStatusCode = |
| 69 | static_cast<uint8_t>(RAKP_ReturnCode::UNAUTH_NAME); |
| 70 | return outPayload; |
| 71 | } |
| 72 | |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 73 | // Update transaction time |
| 74 | session->updateLastTransactionTime(); |
| 75 | |
| 76 | auto rcSessionID = endian::to_ipmi(session->getRCSessionID()); |
| 77 | auto bmcSessionID = endian::to_ipmi(session->getBMCSessionID()); |
| 78 | auto authAlgo = session->getAuthAlgo(); |
| 79 | |
| 80 | /* |
| 81 | * Generate Key Authentication Code - RAKP 2 |
| 82 | * |
| 83 | * 1) Remote Console Session ID - 4 bytes |
| 84 | * 2) Managed System Session ID - 4 bytes |
| 85 | * 3) Remote Console Random Number - 16 bytes |
| 86 | * 4) Managed System Random Number - 16 bytes |
| 87 | * 5) Managed System GUID - 16 bytes |
| 88 | * 6) Requested Privilege Level - 1 byte |
| 89 | * 7) User Name Length Byte - 1 byte (0 for 'null' username) |
| 90 | * 8) User Name - variable (absent for 'null' username) |
| 91 | */ |
| 92 | |
| 93 | std::vector<uint8_t> input; |
| 94 | input.resize(sizeof(rcSessionID) + sizeof(bmcSessionID) + |
| 95 | cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN + |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 96 | cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN + BMC_GUID_LEN + |
| 97 | sizeof(request->req_max_privilege_level) + |
| 98 | sizeof(request->user_name_len) + session->userName.size()); |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 99 | |
| 100 | auto iter = input.begin(); |
| 101 | |
| 102 | // Remote Console Session ID |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 103 | std::copy_n(reinterpret_cast<uint8_t*>(&rcSessionID), sizeof(rcSessionID), |
| 104 | iter); |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 105 | std::advance(iter, sizeof(rcSessionID)); |
| 106 | |
| 107 | // Managed System Session ID |
| 108 | std::copy_n(reinterpret_cast<uint8_t*>(&bmcSessionID), sizeof(bmcSessionID), |
| 109 | iter); |
| 110 | std::advance(iter, sizeof(bmcSessionID)); |
| 111 | |
| 112 | // Copy the Remote Console Random Number from the RAKP1 request to the |
| 113 | // Authentication Algorithm |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 114 | std::copy_n( |
| 115 | reinterpret_cast<const uint8_t*>(request->remote_console_random_number), |
| 116 | cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN, |
| 117 | authAlgo->rcRandomNum.begin()); |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 118 | |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 119 | std::copy(authAlgo->rcRandomNum.begin(), authAlgo->rcRandomNum.end(), iter); |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 120 | std::advance(iter, cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN); |
| 121 | |
| 122 | // Generate the Managed System Random Number |
| 123 | if (!RAND_bytes(input.data() + sizeof(rcSessionID) + sizeof(bmcSessionID) + |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 124 | cipher::rakp_auth::REMOTE_CONSOLE_RANDOM_NUMBER_LEN, |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 125 | cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN)) |
| 126 | { |
| 127 | response->rmcpStatusCode = |
| 128 | static_cast<uint8_t>(RAKP_ReturnCode::INSUFFICIENT_RESOURCE); |
| 129 | return outPayload; |
| 130 | } |
| 131 | |
| 132 | // Copy the Managed System Random Number to the Authentication Algorithm |
| 133 | std::copy_n(iter, cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN, |
| 134 | authAlgo->bmcRandomNum.begin()); |
| 135 | std::advance(iter, cipher::rakp_auth::BMC_RANDOM_NUMBER_LEN); |
| 136 | |
| 137 | // Managed System GUID |
Tom Joseph | 83029cb | 2017-09-01 16:37:31 +0530 | [diff] [blame] | 138 | std::copy_n(cache::guid.data(), cache::guid.size(), iter); |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 139 | std::advance(iter, BMC_GUID_LEN); |
| 140 | |
| 141 | // Requested Privilege Level |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 142 | session->curPrivLevel = |
| 143 | static_cast<session::Privilege>(request->req_max_privilege_level); |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 144 | std::copy_n(&(request->req_max_privilege_level), |
| 145 | sizeof(request->req_max_privilege_level), iter); |
| 146 | std::advance(iter, sizeof(request->req_max_privilege_level)); |
| 147 | |
| 148 | // Set Max Privilege to ADMIN |
| 149 | session->maxPrivLevel = session::Privilege::ADMIN; |
| 150 | |
| 151 | // User Name Length Byte |
| 152 | std::copy_n(&(request->user_name_len), sizeof(request->user_name_len), |
| 153 | iter); |
Tom Joseph | 56527b9 | 2018-03-21 19:31:58 +0530 | [diff] [blame] | 154 | std::advance(iter, sizeof(request->user_name_len)); |
| 155 | |
| 156 | std::copy_n(session->userName.data(), session->userName.size(), iter); |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 157 | |
| 158 | // Generate Key Exchange Authentication Code - RAKP2 |
| 159 | auto output = authAlgo->generateHMAC(input); |
| 160 | |
| 161 | response->messageTag = request->messageTag; |
| 162 | response->rmcpStatusCode = static_cast<uint8_t>(RAKP_ReturnCode::NO_ERROR); |
| 163 | response->reserved = 0; |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 164 | response->remoteConsoleSessionID = rcSessionID; |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 165 | |
| 166 | // Copy Managed System Random Number to the Response |
| 167 | std::copy(authAlgo->bmcRandomNum.begin(), authAlgo->bmcRandomNum.end(), |
| 168 | response->managed_system_random_number); |
| 169 | |
| 170 | // Copy System GUID to the Response |
Vernon Mauery | 9e801a2 | 2018-10-12 13:20:49 -0700 | [diff] [blame] | 171 | std::copy_n(cache::guid.data(), cache::guid.size(), |
Tom Joseph | 83029cb | 2017-09-01 16:37:31 +0530 | [diff] [blame] | 172 | response->managed_system_guid); |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 173 | |
| 174 | // Insert the HMAC output into the payload |
| 175 | outPayload.insert(outPayload.end(), output.begin(), output.end()); |
Tom Joseph | 8bb10b7 | 2016-12-06 17:47:56 +0530 | [diff] [blame] | 176 | return outPayload; |
| 177 | } |
| 178 | |
| 179 | } // namespace command |