commit 8c22d07b2f951d658ca61bd1ac43cbd9ea5f8922
author yes <smriti.ayushi@linux.intel.com> Wed Mar 22 15:11:26 2023 +0530
committer smriti.ayushi <smriti.ayushi@linux.intel.com> Wed Mar 22 09:50:42 2023 +0000
tree accba36cab8a3afb281d1de2e5b795a23d1135f8
parent 8de46ffb8639e0c7931a1836bcef5ad24470842c

Clean up: Function abstraction in password file

Abstracted verifyPassword function in password source file
to make it more readable by creating a new function named
verifyIntegrityCheck.

Tested:
No oob-bios functionality impact.

Change-Id: Id500b824f8d99b28c580ceb244f4a0114060e57e
Signed-off-by: Smriti-Ayushi <smriti.ayushi@linux.intel.com>

include/password.hpp

diff --git a/include/password.hpp b/include/password.hpp
index d79616b..ede47b7 100644
--- a/include/password.hpp
+++ b/include/password.hpp
@@ -84,6 +84,9 @@
     bool isMatch(const std::array<uint8_t, maxHashSize>& expected,
                  const std::array<uint8_t, maxSeedSize>& seed,
                  const std::string& rawData, const std::string& algo);
+    bool verifyIntegrityCheck(std::string& newPassword,
+                              std::array<uint8_t, maxSeedSize>& seed,
+                              unsigned int mdLen, const EVP_MD* digestFunc);
     sdbusplus::asio::object_server& objServer;
     std::shared_ptr<sdbusplus::asio::connection>& systemBus;
     std::filesystem::path seedFile;

src/password.cpp

diff --git a/src/password.cpp b/src/password.cpp
index 724b98f..d942d85 100644
--- a/src/password.cpp
+++ b/src/password.cpp
@@ -81,6 +81,26 @@
     return false;
 }
 
+bool Password::verifyIntegrityCheck(std::string& newPassword,
+                                    std::array<uint8_t, maxSeedSize>& seed,
+                                    unsigned int mdLen,
+                                    const EVP_MD* digestFunc)
+{
+    mNewPwdHash.fill(0);
+
+    if (!PKCS5_PBKDF2_HMAC(reinterpret_cast<const char*>(newPassword.c_str()),
+                           newPassword.length() + 1,
+                           reinterpret_cast<const unsigned char*>(seed.data()),
+                           seed.size(), iterValue, digestFunc, mdLen,
+                           mNewPwdHash.data()))
+    {
+        lg2::error("Verify PKCS5_PBKDF2_HMAC Integrity Check failed");
+        return false;
+    }
+
+    return true;
+}
+
 void Password::verifyPassword(std::string userName, std::string currentPassword,
                               std::string newPassword)
 {
@@ -142,35 +162,15 @@
         }
         if (hashAlgo == "SHA256")
         {
-            unsigned int mdLen = 32;
-            mNewPwdHash.fill(0);
-
-            if (!PKCS5_PBKDF2_HMAC(
-                    reinterpret_cast<const char*>(newPassword.c_str()),
-                    newPassword.length() + 1,
-                    reinterpret_cast<const unsigned char*>(seed.data()),
-                    seed.size(), iterValue, EVP_sha256(), mdLen,
-                    mNewPwdHash.data()))
+            if (!verifyIntegrityCheck(newPassword, seed, 32, EVP_sha256()))
             {
-                lg2::error(
-                    "Verify PKCS5_PBKDF2_HMAC_SHA256 Integrity Check failed");
                 throw InternalFailure();
             }
         }
         if (hashAlgo == "SHA384")
         {
-            unsigned int mdLen = 48;
-            mNewPwdHash.fill(0);
-
-            if (!PKCS5_PBKDF2_HMAC(
-                    reinterpret_cast<const char*>(newPassword.c_str()),
-                    newPassword.length() + 1,
-                    reinterpret_cast<const unsigned char*>(seed.data()),
-                    seed.size(), iterValue, EVP_sha384(), mdLen,
-                    mNewPwdHash.data()))
+            if (!verifyIntegrityCheck(newPassword, seed, 48, EVP_sha384()))
             {
-                lg2::error(
-                    "Verify PKCS5_PBKDF2_HMAC_SHA384 Integrity Check failed");
                 throw InternalFailure();
             }
         }