Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 1 | #include "file_io_type_cert.hpp" |
| 2 | |
George Liu | 6492f52 | 2020-06-16 10:34:05 +0800 | [diff] [blame] | 3 | #include "libpldm/base.h" |
| 4 | #include "oem/ibm/libpldm/file_io.h" |
| 5 | |
Deepak Kodihalli | d130e1a | 2020-06-17 05:55:32 -0500 | [diff] [blame] | 6 | #include "common/utils.hpp" |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 7 | |
| 8 | #include <stdint.h> |
| 9 | |
| 10 | #include <iostream> |
| 11 | |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 12 | namespace pldm |
| 13 | { |
Brad Bishop | 5079ac4 | 2021-08-19 18:35:06 -0400 | [diff] [blame] | 14 | using namespace utils; |
| 15 | |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 16 | namespace responder |
| 17 | { |
Sridevi Ramesh | e3b3f63 | 2022-06-14 05:28:15 -0500 | [diff] [blame^] | 18 | constexpr auto certObjPath = "/xyz/openbmc_project/certs/ca/entry/"; |
| 19 | constexpr auto certEntryIntf = "xyz.openbmc_project.Certs.Entry"; |
Varsha Kaverappa | 219ace9 | 2021-04-01 02:50:11 -0500 | [diff] [blame] | 20 | static constexpr auto certFilePath = "/var/lib/ibm/bmcweb/"; |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 21 | |
| 22 | CertMap CertHandler::certMap; |
| 23 | |
| 24 | int CertHandler::writeFromMemory(uint32_t offset, uint32_t length, |
Sampa Misra | 6950850 | 2020-09-08 00:08:21 -0500 | [diff] [blame] | 25 | uint64_t address, |
| 26 | oem_platform::Handler* /*oemPlatformHandler*/) |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 27 | { |
| 28 | auto it = certMap.find(certType); |
| 29 | if (it == certMap.end()) |
| 30 | { |
Sridevi Ramesh | e3b3f63 | 2022-06-14 05:28:15 -0500 | [diff] [blame^] | 31 | std::cerr << "CertHandler::writeFromMemory:file for type " << certType |
| 32 | << " doesn't exist\n"; |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 33 | return PLDM_ERROR; |
| 34 | } |
| 35 | |
| 36 | auto fd = std::get<0>(it->second); |
| 37 | auto& remSize = std::get<1>(it->second); |
| 38 | auto rc = transferFileData(fd, false, offset, length, address); |
| 39 | if (rc == PLDM_SUCCESS) |
| 40 | { |
| 41 | remSize -= length; |
| 42 | if (!remSize) |
| 43 | { |
| 44 | close(fd); |
| 45 | certMap.erase(it); |
| 46 | } |
| 47 | } |
| 48 | return rc; |
| 49 | } |
| 50 | |
| 51 | int CertHandler::readIntoMemory(uint32_t offset, uint32_t& length, |
Sampa Misra | 6950850 | 2020-09-08 00:08:21 -0500 | [diff] [blame] | 52 | uint64_t address, |
| 53 | oem_platform::Handler* /*oemPlatformHandler*/) |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 54 | { |
Varsha Kaverappa | 219ace9 | 2021-04-01 02:50:11 -0500 | [diff] [blame] | 55 | std::string filePath = certFilePath; |
| 56 | filePath += "CSR_" + std::to_string(fileHandle); |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 57 | if (certType != PLDM_FILE_TYPE_CERT_SIGNING_REQUEST) |
| 58 | { |
| 59 | return PLDM_ERROR_INVALID_DATA; |
| 60 | } |
Varsha Kaverappa | 219ace9 | 2021-04-01 02:50:11 -0500 | [diff] [blame] | 61 | auto rc = transferFileData(filePath.c_str(), true, offset, length, address); |
| 62 | fs::remove(filePath); |
| 63 | if (rc) |
| 64 | { |
| 65 | return PLDM_ERROR; |
| 66 | } |
| 67 | return PLDM_SUCCESS; |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 68 | } |
| 69 | |
Sampa Misra | 6950850 | 2020-09-08 00:08:21 -0500 | [diff] [blame] | 70 | int CertHandler::read(uint32_t offset, uint32_t& length, Response& response, |
| 71 | oem_platform::Handler* /*oemPlatformHandler*/) |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 72 | { |
Sridevi Ramesh | e3b3f63 | 2022-06-14 05:28:15 -0500 | [diff] [blame^] | 73 | std::cout |
| 74 | << "CertHandler::read:Read file response for Sign CSR, file handle: " |
| 75 | << fileHandle << std::endl; |
Varsha Kaverappa | 219ace9 | 2021-04-01 02:50:11 -0500 | [diff] [blame] | 76 | std::string filePath = certFilePath; |
| 77 | filePath += "CSR_" + std::to_string(fileHandle); |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 78 | if (certType != PLDM_FILE_TYPE_CERT_SIGNING_REQUEST) |
| 79 | { |
| 80 | return PLDM_ERROR_INVALID_DATA; |
| 81 | } |
Varsha Kaverappa | 219ace9 | 2021-04-01 02:50:11 -0500 | [diff] [blame] | 82 | auto rc = readFile(filePath.c_str(), offset, length, response); |
| 83 | fs::remove(filePath); |
| 84 | if (rc) |
| 85 | { |
| 86 | return PLDM_ERROR; |
| 87 | } |
| 88 | return PLDM_SUCCESS; |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 89 | } |
| 90 | |
Sampa Misra | 6950850 | 2020-09-08 00:08:21 -0500 | [diff] [blame] | 91 | int CertHandler::write(const char* buffer, uint32_t offset, uint32_t& length, |
| 92 | oem_platform::Handler* /*oemPlatformHandler*/) |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 93 | { |
| 94 | auto it = certMap.find(certType); |
| 95 | if (it == certMap.end()) |
| 96 | { |
Sridevi Ramesh | e3b3f63 | 2022-06-14 05:28:15 -0500 | [diff] [blame^] | 97 | std::cerr << "CertHandler::write:file for type " << certType |
| 98 | << " doesn't exist\n"; |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 99 | return PLDM_ERROR; |
| 100 | } |
| 101 | |
| 102 | auto fd = std::get<0>(it->second); |
| 103 | int rc = lseek(fd, offset, SEEK_SET); |
| 104 | if (rc == -1) |
| 105 | { |
Sridevi Ramesh | e3b3f63 | 2022-06-14 05:28:15 -0500 | [diff] [blame^] | 106 | std::cerr << "CertHandler::write:lseek failed, ERROR=" << errno |
| 107 | << ", OFFSET=" << offset << "\n"; |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 108 | return PLDM_ERROR; |
| 109 | } |
| 110 | rc = ::write(fd, buffer, length); |
| 111 | if (rc == -1) |
| 112 | { |
Sridevi Ramesh | e3b3f63 | 2022-06-14 05:28:15 -0500 | [diff] [blame^] | 113 | std::cerr << "CertHandler::write:file write failed, ERROR=" << errno |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 114 | << ", LENGTH=" << length << ", OFFSET=" << offset << "\n"; |
| 115 | return PLDM_ERROR; |
| 116 | } |
| 117 | length = rc; |
| 118 | auto& remSize = std::get<1>(it->second); |
| 119 | remSize -= length; |
| 120 | if (!remSize) |
| 121 | { |
| 122 | close(fd); |
| 123 | certMap.erase(it); |
| 124 | } |
Varsha Kaverappa | 219ace9 | 2021-04-01 02:50:11 -0500 | [diff] [blame] | 125 | |
| 126 | if (certType == PLDM_FILE_TYPE_SIGNED_CERT) |
| 127 | { |
| 128 | constexpr auto certObjPath = "/xyz/openbmc_project/certs/ca/entry/"; |
| 129 | constexpr auto certEntryIntf = "xyz.openbmc_project.Certs.Entry"; |
| 130 | |
| 131 | std::string filePath = certFilePath; |
| 132 | filePath += "ClientCert_" + std::to_string(fileHandle); |
| 133 | |
| 134 | std::ifstream inFile; |
| 135 | inFile.open(filePath); |
| 136 | std::stringstream strStream; |
| 137 | strStream << inFile.rdbuf(); |
| 138 | std::string str = strStream.str(); |
| 139 | inFile.close(); |
| 140 | |
| 141 | if (!str.empty()) |
| 142 | { |
| 143 | PropertyValue value{str}; |
| 144 | |
| 145 | DBusMapping dbusMapping{certObjPath + std::to_string(fileHandle), |
| 146 | certEntryIntf, "ClientCertificate", |
| 147 | "string"}; |
| 148 | try |
| 149 | { |
| 150 | pldm::utils::DBusHandler().setDbusProperty(dbusMapping, value); |
| 151 | } |
| 152 | catch (const std::exception& e) |
| 153 | { |
Sridevi Ramesh | e3b3f63 | 2022-06-14 05:28:15 -0500 | [diff] [blame^] | 154 | std::cerr |
| 155 | << "CertHandler::write:failed to set Client certificate, " |
| 156 | "ERROR=" |
| 157 | << e.what() << "\n"; |
Varsha Kaverappa | 219ace9 | 2021-04-01 02:50:11 -0500 | [diff] [blame] | 158 | return PLDM_ERROR; |
| 159 | } |
| 160 | PropertyValue valueStatus{ |
| 161 | "xyz.openbmc_project.Certs.Entry.State.Complete"}; |
| 162 | DBusMapping dbusMappingStatus{certObjPath + |
| 163 | std::to_string(fileHandle), |
| 164 | certEntryIntf, "Status", "string"}; |
| 165 | try |
| 166 | { |
Sridevi Ramesh | e3b3f63 | 2022-06-14 05:28:15 -0500 | [diff] [blame^] | 167 | std::cout |
| 168 | << "CertHandler::write:Client cert write, status: complete. File handle: " |
| 169 | << fileHandle << std::endl; |
Varsha Kaverappa | 219ace9 | 2021-04-01 02:50:11 -0500 | [diff] [blame] | 170 | pldm::utils::DBusHandler().setDbusProperty(dbusMappingStatus, |
| 171 | valueStatus); |
| 172 | } |
| 173 | catch (const std::exception& e) |
| 174 | { |
| 175 | std::cerr |
Sridevi Ramesh | e3b3f63 | 2022-06-14 05:28:15 -0500 | [diff] [blame^] | 176 | << "CertHandler::write:failed to set status property of certicate entry, " |
Varsha Kaverappa | 219ace9 | 2021-04-01 02:50:11 -0500 | [diff] [blame] | 177 | "ERROR=" |
| 178 | << e.what() << "\n"; |
| 179 | return PLDM_ERROR; |
| 180 | } |
| 181 | fs::remove(filePath); |
| 182 | } |
| 183 | else |
| 184 | { |
| 185 | PropertyValue value{"xyz.openbmc_project.Certs.Entry.State.BadCSR"}; |
| 186 | DBusMapping dbusMapping{certObjPath + std::to_string(fileHandle), |
| 187 | certEntryIntf, "Status", "string"}; |
| 188 | try |
| 189 | { |
Sridevi Ramesh | e3b3f63 | 2022-06-14 05:28:15 -0500 | [diff] [blame^] | 190 | std::cout |
| 191 | << "CertHandler::write:Client cert write, status: Bad CSR. File handle: " |
| 192 | << fileHandle << std::endl; |
Varsha Kaverappa | 219ace9 | 2021-04-01 02:50:11 -0500 | [diff] [blame] | 193 | pldm::utils::DBusHandler().setDbusProperty(dbusMapping, value); |
| 194 | } |
| 195 | catch (const std::exception& e) |
| 196 | { |
| 197 | std::cerr |
Sridevi Ramesh | e3b3f63 | 2022-06-14 05:28:15 -0500 | [diff] [blame^] | 198 | << "CertHandler::write:failed to set status property of certicate entry, " |
Varsha Kaverappa | 219ace9 | 2021-04-01 02:50:11 -0500 | [diff] [blame] | 199 | "ERROR=" |
| 200 | << e.what() << "\n"; |
| 201 | return PLDM_ERROR; |
| 202 | } |
| 203 | } |
| 204 | } |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 205 | return PLDM_SUCCESS; |
| 206 | } |
| 207 | |
| 208 | int CertHandler::newFileAvailable(uint64_t length) |
| 209 | { |
Varsha Kaverappa | 219ace9 | 2021-04-01 02:50:11 -0500 | [diff] [blame] | 210 | fs::create_directories(certFilePath); |
| 211 | fs::permissions(certFilePath, |
| 212 | fs::perms::others_read | fs::perms::owner_write); |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 213 | int fileFd = -1; |
| 214 | int flags = O_WRONLY | O_CREAT | O_TRUNC; |
Varsha Kaverappa | 219ace9 | 2021-04-01 02:50:11 -0500 | [diff] [blame] | 215 | std::string filePath = certFilePath; |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 216 | |
| 217 | if (certType == PLDM_FILE_TYPE_CERT_SIGNING_REQUEST) |
| 218 | { |
| 219 | return PLDM_ERROR_INVALID_DATA; |
| 220 | } |
| 221 | if (certType == PLDM_FILE_TYPE_SIGNED_CERT) |
| 222 | { |
Sridevi Ramesh | e3b3f63 | 2022-06-14 05:28:15 -0500 | [diff] [blame^] | 223 | std::cout |
| 224 | << "CertHandler::newFileAvailable:new file available client cert file, file handle: " |
| 225 | << fileHandle << std::endl; |
Varsha Kaverappa | 219ace9 | 2021-04-01 02:50:11 -0500 | [diff] [blame] | 226 | fileFd = open( |
| 227 | (filePath + "ClientCert_" + std::to_string(fileHandle)).c_str(), |
| 228 | flags, S_IRUSR | S_IWUSR); |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 229 | } |
| 230 | else if (certType == PLDM_FILE_TYPE_ROOT_CERT) |
| 231 | { |
Varsha Kaverappa | 219ace9 | 2021-04-01 02:50:11 -0500 | [diff] [blame] | 232 | fileFd = |
| 233 | open((filePath + "RootCert").c_str(), flags, S_IRUSR | S_IWUSR); |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 234 | } |
| 235 | if (fileFd == -1) |
| 236 | { |
Sridevi Ramesh | e3b3f63 | 2022-06-14 05:28:15 -0500 | [diff] [blame^] | 237 | std::cerr |
| 238 | << "CertHandler::newFileAvailable:failed to open file for type " |
| 239 | << certType << " ERROR=" << errno << "\n"; |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 240 | return PLDM_ERROR; |
| 241 | } |
| 242 | certMap.emplace(certType, std::tuple(fileFd, length)); |
| 243 | return PLDM_SUCCESS; |
| 244 | } |
| 245 | |
Sridevi Ramesh | e3b3f63 | 2022-06-14 05:28:15 -0500 | [diff] [blame^] | 246 | int CertHandler::newFileAvailableWithMetaData(uint64_t length, |
| 247 | uint32_t metaDataValue1, |
| 248 | uint32_t /*metaDataValue2*/, |
| 249 | uint32_t /*metaDataValue3*/, |
| 250 | uint32_t /*metaDataValue4*/) |
| 251 | { |
| 252 | fs::create_directories(certFilePath); |
| 253 | fs::permissions(certFilePath, |
| 254 | fs::perms::others_read | fs::perms::owner_write); |
| 255 | int fileFd = -1; |
| 256 | int flags = O_WRONLY | O_CREAT | O_TRUNC; |
| 257 | std::string filePath = certFilePath; |
| 258 | |
| 259 | if (certType == PLDM_FILE_TYPE_CERT_SIGNING_REQUEST) |
| 260 | { |
| 261 | return PLDM_ERROR_INVALID_DATA; |
| 262 | } |
| 263 | if (certType == PLDM_FILE_TYPE_SIGNED_CERT) |
| 264 | { |
| 265 | if (metaDataValue1 == PLDM_SUCCESS) |
| 266 | { |
| 267 | std::cerr |
| 268 | << "CertHandler::newFileAvailableWithMetaData:new file available client cert file, file handle: " |
| 269 | << fileHandle << std::endl; |
| 270 | fileFd = open( |
| 271 | (filePath + "ClientCert_" + std::to_string(fileHandle)).c_str(), |
| 272 | flags, S_IRUSR | S_IWUSR); |
| 273 | } |
| 274 | else if (metaDataValue1 == PLDM_INVALID_CERT_DATA) |
| 275 | { |
| 276 | std::cerr |
| 277 | << "newFileAvailableWithMetaData:client cert file Invalid data, file handle: " |
| 278 | << fileHandle << std::endl; |
| 279 | DBusMapping dbusMapping{certObjPath + std::to_string(fileHandle), |
| 280 | certEntryIntf, "Status", "string"}; |
| 281 | std::string status = "xyz.openbmc_project.Certs.Entry.State.BadCSR"; |
| 282 | PropertyValue value{status}; |
| 283 | try |
| 284 | { |
| 285 | pldm::utils::DBusHandler().setDbusProperty(dbusMapping, value); |
| 286 | } |
| 287 | catch (const std::exception& e) |
| 288 | { |
| 289 | std::cerr |
| 290 | << "newFileAvailableWithMetaData:Failed to set status property of certicate entry, " |
| 291 | "ERROR=" |
| 292 | << e.what() << "\n"; |
| 293 | return PLDM_ERROR; |
| 294 | } |
| 295 | } |
| 296 | } |
| 297 | else if (certType == PLDM_FILE_TYPE_ROOT_CERT) |
| 298 | { |
| 299 | fileFd = |
| 300 | open((filePath + "RootCert").c_str(), flags, S_IRUSR | S_IWUSR); |
| 301 | } |
| 302 | if (fileFd == -1) |
| 303 | { |
| 304 | std::cerr |
| 305 | << "newFileAvailableWithMetaData:failed to open file for type " |
| 306 | << certType << " ERROR=" << errno << "\n"; |
| 307 | return PLDM_ERROR; |
| 308 | } |
| 309 | certMap.emplace(certType, std::tuple(fileFd, length)); |
| 310 | return PLDM_SUCCESS; |
| 311 | } |
| 312 | |
| 313 | int CertHandler::fileAckWithMetaData(uint8_t fileStatus, |
| 314 | uint32_t /*metaDataValue1*/, |
| 315 | uint32_t /*metaDataValue2*/, |
| 316 | uint32_t /*metaDataValue3*/, |
| 317 | uint32_t /*metaDataValue4*/) |
| 318 | { |
| 319 | if (certType == PLDM_FILE_TYPE_CERT_SIGNING_REQUEST) |
| 320 | { |
| 321 | DBusMapping dbusMapping{certObjPath + std::to_string(fileHandle), |
| 322 | certEntryIntf, "Status", "string"}; |
| 323 | PropertyValue value = "xyz.openbmc_project.Certs.Entry.State.Pending"; |
| 324 | if (fileStatus == PLDM_ERROR_INVALID_DATA) |
| 325 | { |
| 326 | value = "xyz.openbmc_project.Certs.Entry.State.BadCSR"; |
| 327 | } |
| 328 | else if (fileStatus == PLDM_ERROR_NOT_READY) |
| 329 | { |
| 330 | value = "xyz.openbmc_project.Certs.Entry.State.Pending"; |
| 331 | } |
| 332 | try |
| 333 | { |
| 334 | pldm::utils::DBusHandler().setDbusProperty(dbusMapping, value); |
| 335 | } |
| 336 | catch (const std::exception& e) |
| 337 | { |
| 338 | std::cerr |
| 339 | << "CertHandler::fileAckWithMetaData:Failed to set status property of certicate entry, " |
| 340 | "ERROR=" |
| 341 | << e.what() << "\n"; |
| 342 | return PLDM_ERROR; |
| 343 | } |
| 344 | } |
| 345 | return PLDM_SUCCESS; |
| 346 | } |
| 347 | |
Sampa Misra | d823cc0 | 2020-03-24 04:53:20 -0500 | [diff] [blame] | 348 | } // namespace responder |
| 349 | } // namespace pldm |