1 /* 2 // Copyright (c) 2018 Intel Corporation 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 */ 16 #pragma once 17 #include "channel_layer.hpp" 18 19 #include <ipmid/api-types.hpp> 20 #include <ipmid/message/types.hpp> 21 #include <nlohmann/json.hpp> 22 23 #include <map> 24 25 namespace ipmi 26 { 27 static const std::string csPrivDefaultFileName = 28 "/usr/share/ipmi-providers/cs_privilege_levels.json"; 29 30 static const std::string csPrivFileName = 31 "/var/lib/ipmi/cs_privilege_levels.json"; 32 33 static const size_t maxCSRecords = 16; 34 35 using ChannelNumCipherIDPair = std::pair<uint8_t, uint8_t>; 36 using privMap = std::map<ChannelNumCipherIDPair, uint4_t>; 37 38 /** @class CipherConfig 39 * @brief Class to provide cipher suite functionalities 40 */ 41 class CipherConfig 42 { 43 public: 44 ~CipherConfig() = default; 45 explicit CipherConfig(const std::string& csFileName, 46 const std::string& csDefaultFileName); 47 CipherConfig() = delete; 48 49 /** @brief function to get cipher suite privileges from config file 50 * 51 * @param[in] chNum - channel number for which we want to get cipher suite 52 * privilege levels 53 * 54 * @param[in] csPrivilegeLevels - gets filled by cipher suite privilege 55 * levels 56 * 57 * @return 0 for success, non zero value for failure 58 */ 59 ipmi::Cc getCSPrivilegeLevels( 60 uint8_t chNum, std::array<uint4_t, maxCSRecords>& csPrivilegeLevels); 61 62 /** @brief function to set/update cipher suite privileges in config file 63 * 64 * @param[in] chNum - channel number for which we want to update cipher 65 * suite privilege levels 66 * 67 * @param[in] csPrivilegeLevels - cipher suite privilege levels to update 68 * in config file 69 * 70 * @return 0 for success, non zero value for failure 71 */ 72 ipmi::Cc setCSPrivilegeLevels( 73 uint8_t chNum, 74 const std::array<uint4_t, maxCSRecords>& csPrivilegeLevels); 75 76 private: 77 std::string cipherSuitePrivFileName, cipherSuiteDefaultPrivFileName; 78 79 privMap csPrivilegeMap; 80 81 /** @brief function to read json config file 82 * 83 * @return nlohmann::json object 84 */ 85 nlohmann::json readCSPrivilegeLevels(const std::string& csFileName); 86 87 /** @brief function to write json config file 88 * 89 * @param[in] jsonData - json object 90 * 91 * @return 0 for success, -errno for failure. 92 */ 93 int writeCSPrivilegeLevels(const nlohmann::json& jsonData); 94 95 /** @brief convert to cipher suite privilege from string to value 96 * 97 * @param[in] value - privilege value 98 * 99 * @return cipher suite privilege index 100 */ 101 uint4_t convertToPrivLimitIndex(const std::string& value); 102 103 /** @brief function to convert privilege value to string 104 * 105 * @param[in] value - privilege value 106 * 107 * @return privilege in string 108 */ 109 std::string convertToPrivLimitString(const uint4_t& value); 110 111 /** @brief function to load CS Privilege Levels from json file/files to map 112 * 113 */ 114 void loadCSPrivilegesToMap(); 115 116 /** @brief function to update CS privileges map from json object data, 117 * jsonData 118 * 119 */ 120 void updateCSPrivilegesMap(const nlohmann::json& jsonData); 121 }; 122 123 /** @brief function to create static CipherConfig object 124 * 125 * @param[in] csFileName - user setting cipher suite privilege file name 126 * @param[in] csDefaultFileName - default cipher suite privilege file name 127 * 128 * @return static CipherConfig object 129 */ 130 CipherConfig& getCipherConfigObject(const std::string& csFileName, 131 const std::string& csDefaultFileName); 132 } // namespace ipmi 133