include/password.hpp

/*
 Copyright (c) 2020 Intel Corporation

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at

      http:www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
*/

#pragma once
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/sha.h>

#include <nlohmann/json.hpp>
#include <sdbusplus/asio/object_server.hpp>
#include <sdbusplus/server.hpp>
#include <xyz/openbmc_project/BIOSConfig/Password/server.hpp>

#include <filesystem>
#include <string>

namespace bios_config_pwd
{
static constexpr auto objectPathPwd =
    "/xyz/openbmc_project/bios_config/password";
constexpr auto biosSeedFile = "seedData";
constexpr uint8_t maxHashSize = 64;
constexpr uint8_t maxSeedSize = 32;
constexpr uint8_t maxPasswordLen = 32;
constexpr int iterValue = 1000;

using Base = sdbusplus::xyz::openbmc_project::BIOSConfig::server::Password;
namespace fs = std::filesystem;

/** @class Password
 *
 *  @brief Implements the BIOS Password
 */
class Password : public Base
{
  public:
    Password() = delete;
    ~Password() = default;
    Password(const Password&) = delete;
    Password& operator=(const Password&) = delete;
    Password(Password&&) = delete;
    Password& operator=(Password&&) = delete;

    /** @brief Constructs Password object.
     *
     *  @param[in] objectServer  - object server
     *  @param[in] systemBus - bus connection
     */
    Password(sdbusplus::asio::object_server& objectServer,
             std::shared_ptr<sdbusplus::asio::connection>& systemBus,
             std::string persistPath);

    /** @brief Set the BIOS attribute with a new value, the new value is added
     *         to the PendingAttribute.
     *
     *  @param[in] userName - User name - user / admin.
     *  @param[in] currentPassword - Current user/ admin Password.
     *  @param[in] newPassword - New user/ admin Password.
     */
    void changePassword(std::string userName, std::string currentPassword,
                        std::string newPassword) override;

  private:
    void verifyPassword(std::string userName, std::string currentPassword,
                        std::string newPassword);
    bool compareDigest(const EVP_MD* digestFunc, size_t digestLen,
                       const std::array<uint8_t, maxHashSize>& expected,
                       const std::array<uint8_t, maxSeedSize>& seed,
                       const std::string& rawData);
    bool isMatch(const std::array<uint8_t, maxHashSize>& expected,
                 const std::array<uint8_t, maxSeedSize>& seed,
                 const std::string& rawData, const std::string& algo);
    bool getParam(std::array<uint8_t, maxHashSize>& orgUsrPwdHash,
                  std::array<uint8_t, maxHashSize>& orgAdminPwdHash,
                  std::array<uint8_t, maxSeedSize>& seed,
                  std::string& hashAlgo);
    bool verifyIntegrityCheck(std::string& newPassword,
                              std::array<uint8_t, maxSeedSize>& seed,
                              unsigned int mdLen, const EVP_MD* digestFunc);
    sdbusplus::asio::object_server& objServer;
    std::shared_ptr<sdbusplus::asio::connection>& systemBus;
    std::filesystem::path seedFile;
    std::array<uint8_t, maxHashSize> mNewPwdHash;
};

} // namespace bios_config_pwd