Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bios-settings-mgr / 2f7ba73a1a63bf1faa20db2a9d58d3722696ed94 / . / src / password.cpp
blob: 3aacc45e0597d0086747734b1a0b253895feccc1 [file] [log] [blame]
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]1/*
2// Copyright (c) 2020 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#include "password.hpp"
17
18#include "xyz/openbmc_project/BIOSConfig/Common/error.hpp"
19#include "xyz/openbmc_project/Common/error.hpp"
20
21#include <boost/algorithm/hex.hpp>
22#include <boost/asio.hpp>
23#include <phosphor-logging/elog-errors.hpp>
24#include <sdbusplus/asio/connection.hpp>
25#include <sdbusplus/asio/object_server.hpp>
26
27#include <fstream>
28#include <iostream>
29
30namespace bios_config_pwd
31{
32using namespace sdbusplus::xyz::openbmc_project::Common::Error;
33using namespace sdbusplus::xyz::openbmc_project::BIOSConfig::Common::Error;
34
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]35bool Password::isMatch(const std::array<uint8_t, maxHashSize>& expected,
36 const std::array<uint8_t, maxSeedSize>& seed,
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]37 const std::string rawData, const std::string algo)
38{
39 phosphor::logging::log<phosphor::logging::level::ERR>("isMatch");
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]40
41 if (algo == "SHA256")
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]42 {
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]43 std::vector<uint8_t> output(SHA256_DIGEST_LENGTH);
Snehalatha Venkatesh2f7ba732021-09-30 10:25:32 +0000[diff] [blame^]44 unsigned int hashLen = SHA256_DIGEST_LENGTH;
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]45
Snehalatha Venkatesh2f7ba732021-09-30 10:25:32 +0000[diff] [blame^]46 if (!PKCS5_PBKDF2_HMAC(
47 reinterpret_cast<const char*>(rawData.c_str()),
48 rawData.length() + 1,
49 reinterpret_cast<const unsigned char*>(seed.data()),
50 seed.size(), iterValue, EVP_sha256(), hashLen, output.data()))
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]51 {
52 phosphor::logging::log<phosphor::logging::level::ERR>(
Snehalatha Venkatesh2f7ba732021-09-30 10:25:32 +0000[diff] [blame^]53 "Generate PKCS5_PBKDF2_HMAC_SHA256 Integrity Check Value "
54 "failed");
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]55 throw InternalFailure();
56 }
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]57
58 int cmp;
59 cmp = std::memcmp(output.data(), expected.data(),
60 output.size() * sizeof(uint8_t));
61 if (cmp == 0)
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]62 {
63 return true;
64 }
65 else
66 {
67 return false;
68 }
69 }
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]70 if (algo == "SHA384")
71 {
72 std::array<uint8_t, SHA384_DIGEST_LENGTH> output;
Snehalatha Venkatesh2f7ba732021-09-30 10:25:32 +0000[diff] [blame^]73 unsigned int hashLen = SHA384_DIGEST_LENGTH;
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]74
Snehalatha Venkatesh2f7ba732021-09-30 10:25:32 +0000[diff] [blame^]75 if (!PKCS5_PBKDF2_HMAC(
76 reinterpret_cast<const char*>(rawData.c_str()),
77 rawData.length() + 1,
78 reinterpret_cast<const unsigned char*>(seed.data()),
79 seed.size(), iterValue, EVP_sha384(), hashLen, output.data()))
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]80 {
81 phosphor::logging::log<phosphor::logging::level::ERR>(
Snehalatha Venkatesh2f7ba732021-09-30 10:25:32 +0000[diff] [blame^]82 "Generate PKCS5_PBKDF2_HMAC_SHA384 Integrity Check Value "
83 "failed");
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]84 throw InternalFailure();
85 }
86
87 int cmp;
88 cmp = std::memcmp(output.data(), expected.data(),
89 output.size() * sizeof(uint8_t));
90 if (cmp == 0)
91 {
92 return true;
93 }
94 else
95 {
96 return false;
97 }
98 }
99
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]100 return false;
101}
102
103void Password::verifyPassword(std::string userName, std::string currentPassword,
104 std::string newPassword)
105{
106 if (fs::exists(seedFile.c_str()))
107 {
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]108 std::array<uint8_t, maxHashSize> orgUsrPwdHash;
109 std::array<uint8_t, maxHashSize> orgAdminPwdHash;
110 std::array<uint8_t, maxSeedSize> seed;
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]111 std::string hashAlgo = "";
112 try
113 {
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]114 nlohmann::json json = nullptr;
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]115 std::ifstream ifs(seedFile.c_str());
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]116 if (ifs.is_open())
117 {
118 try
119 {
120 json = nlohmann::json::parse(ifs, nullptr, false);
121 }
122 catch (const nlohmann::json::parse_error& e)
123 {
124 phosphor::logging::log<phosphor::logging::level::ERR>(
125 e.what());
126 throw InternalFailure();
127 }
128
129 if (json.is_discarded())
130 {
131 return;
132 }
133 orgUsrPwdHash = json["UserPwdHash"];
134 orgAdminPwdHash = json["AdminPwdHash"];
135 seed = json["Seed"];
136 hashAlgo = json["HashAlgo"];
137 }
138 else
139 {
140 return;
141 }
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]142 }
143 catch (nlohmann::detail::exception& e)
144 {
145 phosphor::logging::log<phosphor::logging::level::ERR>(e.what());
146 throw InternalFailure();
147 }
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]148 if (userName == "AdminPassword")
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]149 {
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]150 if (!isMatch(orgAdminPwdHash, seed, currentPassword, hashAlgo))
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]151 {
152 throw InvalidCurrentPassword();
153 }
154 }
155 else
156 {
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]157 if (!isMatch(orgUsrPwdHash, seed, currentPassword, hashAlgo))
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]158 {
159 throw InvalidCurrentPassword();
160 }
161 }
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]162 if (hashAlgo == "SHA256")
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]163 {
Snehalatha Venkatesh2f7ba732021-09-30 10:25:32 +0000[diff] [blame^]164 unsigned int mdLen = 32;
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]165 mNewPwdHash.fill(0);
166
Snehalatha Venkatesh2f7ba732021-09-30 10:25:32 +0000[diff] [blame^]167 if (!PKCS5_PBKDF2_HMAC(
168 reinterpret_cast<const char*>(newPassword.c_str()),
169 newPassword.length() + 1,
170 reinterpret_cast<const unsigned char*>(seed.data()),
171 seed.size(), iterValue, EVP_sha256(), mdLen,
172 mNewPwdHash.data()))
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]173 {
Snehalatha Venkatesh2f7ba732021-09-30 10:25:32 +0000[diff] [blame^]174 phosphor::logging::log<phosphor::logging::level::ERR>(
175 "Verify PKCS5_PBKDF2_HMAC_SHA256 Integrity Check failed");
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]176 throw InternalFailure();
177 }
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]178 }
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]179 if (hashAlgo == "SHA384")
180 {
Snehalatha Venkatesh2f7ba732021-09-30 10:25:32 +0000[diff] [blame^]181 unsigned int mdLen = 48;
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]182 mNewPwdHash.fill(0);
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]183
Snehalatha Venkatesh2f7ba732021-09-30 10:25:32 +0000[diff] [blame^]184 if (!PKCS5_PBKDF2_HMAC(
185 reinterpret_cast<const char*>(newPassword.c_str()),
186 newPassword.length() + 1,
187 reinterpret_cast<const unsigned char*>(seed.data()),
188 seed.size(), iterValue, EVP_sha384(), mdLen,
189 mNewPwdHash.data()))
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]190 {
Snehalatha Venkatesh2f7ba732021-09-30 10:25:32 +0000[diff] [blame^]191 phosphor::logging::log<phosphor::logging::level::ERR>(
192 "Verify PKCS5_PBKDF2_HMAC_SHA384 Integrity Check failed");
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]193 throw InternalFailure();
194 }
195 }
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]196 return;
197 }
198 throw InternalFailure();
199}
200void Password::changePassword(std::string userName, std::string currentPassword,
201 std::string newPassword)
202{
203 phosphor::logging::log<phosphor::logging::level::DEBUG>(
204 "BIOS config changePassword");
205 verifyPassword(userName, currentPassword, newPassword);
206
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]207 std::ifstream fs(seedFile.c_str());
208 nlohmann::json json = nullptr;
209
210 if (fs.is_open())
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]211 {
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]212 try
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]213 {
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]214 json = nlohmann::json::parse(fs, nullptr, false);
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]215 }
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]216 catch (const nlohmann::json::parse_error& e)
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]217 {
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]218 phosphor::logging::log<phosphor::logging::level::ERR>(e.what());
219 throw InternalFailure();
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]220 }
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]221
222 if (json.is_discarded())
223 {
224 throw InternalFailure();
225 }
226 json["AdminPwdHash"] = mNewPwdHash;
227 json["IsAdminPwdChanged"] = true;
228
229 std::ofstream ofs(seedFile.c_str(), std::ios::out);
230 const auto& writeData = json.dump();
231 ofs << writeData;
232 ofs.close();
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]233 }
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]234 else
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]235 {
Ayushi Smriti96e72ec2021-05-20 13:44:12 +0530[diff] [blame]236 phosphor::logging::log<phosphor::logging::level::DEBUG>(
237 "Cannot open file stream");
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]238 throw InternalFailure();
239 }
240}
241Password::Password(sdbusplus::asio::object_server& objectServer,
242 std::shared_ptr<sdbusplus::asio::connection>& systemBus) :
243 sdbusplus::xyz::openbmc_project::BIOSConfig::server::Password(
244 *systemBus, objectPathPwd),
245 objServer(objectServer), systemBus(systemBus)
246{
247 phosphor::logging::log<phosphor::logging::level::DEBUG>(
248 "BIOS config password is runing");
249 try
250 {
251 fs::path biosDir(BIOS_PERSIST_PATH);
252 fs::create_directories(biosDir);
Kuiying Wang8f706212020-12-16 18:59:24 +0800[diff] [blame]253 seedFile = biosDir / biosSeedFile;
254 }
255 catch (const fs::filesystem_error& e)
256 {
257 phosphor::logging::log<phosphor::logging::level::ERR>(e.what());
258 throw InternalFailure();
259 }
260}
261
262} // namespace bios_config_pwd
263
264int main()
265{
266 boost::asio::io_service io;
267 auto systemBus = std::make_shared<sdbusplus::asio::connection>(io);
268
269 systemBus->request_name(bios_config_pwd::servicePwd);
270 sdbusplus::asio::object_server objectServer(systemBus);
271 bios_config_pwd::Password password(objectServer, systemBus);
272
273 io.run();
274 return 0;
275}