RAKP 2 HMAC is invalid Error: Unable to establish IPMI v2 / RMCP+ session

Question

RAKP 2 HMAC is invalid Error: Unable to establish IPMI v2 / RMCP+ session

kuatwal opened this issue a year ago · 1 comments

kuatwal commented a year ago

Romulus build in qemu

ipmitool -I lanplus -H 127.0.0.1 -U root -P 0penBMC -p 2623 get channel access 1 -vvv

ipmitool version 1.8.19

Loading IANA PEN Registry...

Sending IPMI command payload
netfn : 0x06
command : 0x38
data : 0x8e 0x04

BUILDING A v1.5 COMMAND

IPMI Request Session Header
Authtype : NONE
Sequence : 0x00000000
Session ID : 0x00000000
IPMI Request Message Header
Rs Addr : 20
NetFn : 06
Rs LUN : 0
Rq Addr : 81
Rq Seq : 00
Rq Lun : 0
Command : 38
<< IPMI Response Session Header
<< Authtype : NONE
<< Payload type : IPMI (0)
<< Session ID : 0x00000000
<< Sequence : 0x00000000
<< IPMI Msg/Payload Length : 16
<< IPMI Response Message Header
<< Rq Addr : 81
<< NetFn : 07
<< Rq LUN : 0
<< Rs Addr : 20
<< Rq Seq : 00
<< Rs Lun : 0
<< Command : 38
<< Compl Code : 0x00

Sending IPMI command payload
netfn : 0x06
command : 0x54
data : 0x0e 0x00 0x80

BUILDING A v2 COMMAND
Local RqAddr 0x20 transit 0:0 target 0x20:0 bridgePossible 0
<< IPMI Response Session Header
<< Authtype : RMCP+
<< Payload type : IPMI (0)
<< Session ID : 0x00000000
<< Sequence : 0x00000000
<< IPMI Msg/Payload Length : 14
<< IPMI Response Message Header
<< Rq Addr : 81
<< NetFn : 07
<< Rq LUN : 0
<< Rs Addr : 20
<< Rq Seq : 01
<< Rs Lun : 0
<< Command : 54
<< Compl Code : 0x00
Using best available cipher suite 17

SENDING AN OPEN SESSION REQUEST

<<OPEN SESSION RESPONSE
<< Message tag : 0x00
<< RMCP+ status : no errors
<< Maximum privilege level : admin
<< Console Session ID : 0xa0a2a3a4
<< BMC Session ID : 0x01fcbd43
<< Negotiated authenticatin algorithm : hmac_sha256
<< Negotiated integrity algorithm : sha256_128
<< Negotiated encryption algorithm : aes_cbc_128

Console generated random number (16 bytes)
b5 e7 d2 83 88 f3 d9 40 ff 1f d9 94 f0 cf 58 cb
SENDING A RAKP 1 MESSAGE

<<RAKP 2 MESSAGE
<< Message tag : 0x00
<< RMCP+ status : no errors
<< Console Session ID : 0xa0a2a3a4
<< BMC random number : 0x83d5b1bfaadaa0fac31464660234319e
<< BMC GUID : 0x0102030405060708090a0b0c0d0e0f10
<< Key exchange auth code [sha256]: 0x406a6602daf4937886ebf7f3205019e186b0fa5ec6fc9e2df355006a29696344

bmc_rand (16 bytes)
83 d5 b1 bf aa da a0 fa c3 14 64 66 02 34 31 9e

rakp2 mac input buffer (62 bytes)
a4 a3 a2 a0 43 bd fc 01 b5 e7 d2 83 88 f3 d9 40
ff 1f d9 94 f0 cf 58 cb 83 d5 b1 bf aa da a0 fa
c3 14 64 66 02 34 31 9e 01 02 03 04 05 06 07 08
09 0a 0b 0c 0d 0e 0f 10 14 04 72 6f 6f 74
rakp2 mac key (20 bytes)
30 70 65 6e 42 4d 43 00 00 00 00 00 00 00 00 00
00 00 00 00
rakp2 mac as computed by the remote console (32 bytes)
6e c8 f0 be 83 ba a3 bb 14 c6 f5 4f 17 1a 52 8e
b2 1b 8b 4c 35 2a 80 b8 5d b8 cd 8e 96 fb a5 59
RAKP 2 HMAC is invalid
Error: Unable to establish IPMI v2 / RMCP+ session

Answer 1 · 2023-06-02T01:51:37.000Z

you have to configure some files to make it work