| /* |
| Copyright (c) 2020 Intel Corporation |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http:www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| */ |
| |
| #pragma once |
| #include <openssl/evp.h> |
| #include <openssl/hmac.h> |
| #include <openssl/sha.h> |
| |
| #include <nlohmann/json.hpp> |
| #include <sdbusplus/asio/object_server.hpp> |
| #include <sdbusplus/server.hpp> |
| #include <xyz/openbmc_project/BIOSConfig/Password/server.hpp> |
| |
| #include <filesystem> |
| #include <string> |
| |
| namespace bios_config_pwd |
| { |
| static constexpr auto objectPathPwd = |
| "/xyz/openbmc_project/bios_config/password"; |
| constexpr auto biosSeedFile = "seedData"; |
| constexpr uint8_t maxHashSize = 64; |
| constexpr uint8_t maxSeedSize = 32; |
| constexpr uint8_t maxPasswordLen = 32; |
| constexpr int iterValue = 1000; |
| |
| using Base = sdbusplus::xyz::openbmc_project::BIOSConfig::server::Password; |
| namespace fs = std::filesystem; |
| |
| /** @class Password |
| * |
| * @brief Implements the BIOS Password |
| */ |
| class Password : public Base |
| { |
| public: |
| Password() = delete; |
| ~Password() = default; |
| Password(const Password&) = delete; |
| Password& operator=(const Password&) = delete; |
| Password(Password&&) = delete; |
| Password& operator=(Password&&) = delete; |
| |
| /** @brief Constructs Password object. |
| * |
| * @param[in] objectServer - object server |
| * @param[in] systemBus - bus connection |
| */ |
| Password(sdbusplus::asio::object_server& objectServer, |
| std::shared_ptr<sdbusplus::asio::connection>& systemBus, |
| std::string persistPath); |
| |
| /** @brief Set the BIOS attribute with a new value, the new value is added |
| * to the PendingAttribute. |
| * |
| * @param[in] userName - User name - user / admin. |
| * @param[in] currentPassword - Current user/ admin Password. |
| * @param[in] newPassword - New user/ admin Password. |
| */ |
| void changePassword(std::string userName, std::string currentPassword, |
| std::string newPassword) override; |
| |
| private: |
| void verifyPassword(std::string userName, std::string currentPassword, |
| std::string newPassword); |
| bool compareDigest(const EVP_MD* digestFunc, size_t digestLen, |
| const std::array<uint8_t, maxHashSize>& expected, |
| const std::array<uint8_t, maxSeedSize>& seed, |
| const std::string& rawData); |
| bool isMatch(const std::array<uint8_t, maxHashSize>& expected, |
| const std::array<uint8_t, maxSeedSize>& seed, |
| const std::string& rawData, const std::string& algo); |
| bool getParam(std::array<uint8_t, maxHashSize>& orgUsrPwdHash, |
| std::array<uint8_t, maxHashSize>& orgAdminPwdHash, |
| std::array<uint8_t, maxSeedSize>& seed, |
| std::string& hashAlgo); |
| bool verifyIntegrityCheck(std::string& newPassword, |
| std::array<uint8_t, maxSeedSize>& seed, |
| unsigned int mdLen, const EVP_MD* digestFunc); |
| sdbusplus::asio::object_server& objServer; |
| std::shared_ptr<sdbusplus::asio::connection>& systemBus; |
| std::filesystem::path seedFile; |
| std::array<uint8_t, maxHashSize> mNewPwdHash; |
| }; |
| |
| } // namespace bios_config_pwd |