1 /*
2  Copyright (c) 2020 Intel Corporation
3 
4  Licensed under the Apache License, Version 2.0 (the "License");
5  you may not use this file except in compliance with the License.
6  You may obtain a copy of the License at
7 
8       http:www.apache.org/licenses/LICENSE-2.0
9 
10  Unless required by applicable law or agreed to in writing, software
11  distributed under the License is distributed on an "AS IS" BASIS,
12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  See the License for the specific language governing permissions and
14  limitations under the License.
15 */
16 
17 #pragma once
18 #include <openssl/evp.h>
19 #include <openssl/hmac.h>
20 #include <openssl/sha.h>
21 
22 #include <nlohmann/json.hpp>
23 #include <sdbusplus/asio/object_server.hpp>
24 #include <sdbusplus/server.hpp>
25 #include <xyz/openbmc_project/BIOSConfig/Password/server.hpp>
26 
27 #include <filesystem>
28 #include <string>
29 
30 namespace bios_config_pwd
31 {
32 static constexpr auto objectPathPwd =
33     "/xyz/openbmc_project/bios_config/password";
34 constexpr auto biosSeedFile = "seedData";
35 constexpr uint8_t maxHashSize = 64;
36 constexpr uint8_t maxSeedSize = 32;
37 constexpr uint8_t maxPasswordLen = 32;
38 constexpr int iterValue = 1000;
39 
40 using Base = sdbusplus::xyz::openbmc_project::BIOSConfig::server::Password;
41 namespace fs = std::filesystem;
42 
43 /** @class Password
44  *
45  *  @brief Implements the BIOS Password
46  */
47 class Password : public Base
48 {
49   public:
50     Password() = delete;
51     ~Password() = default;
52     Password(const Password&) = delete;
53     Password& operator=(const Password&) = delete;
54     Password(Password&&) = delete;
55     Password& operator=(Password&&) = delete;
56 
57     /** @brief Constructs Password object.
58      *
59      *  @param[in] objectServer  - object server
60      *  @param[in] systemBus - bus connection
61      */
62     Password(sdbusplus::asio::object_server& objectServer,
63              std::shared_ptr<sdbusplus::asio::connection>& systemBus,
64              std::string persistPath);
65 
66     /** @brief Set the BIOS attribute with a new value, the new value is added
67      *         to the PendingAttribute.
68      *
69      *  @param[in] userName - User name - user / admin.
70      *  @param[in] currentPassword - Current user/ admin Password.
71      *  @param[in] newPassword - New user/ admin Password.
72      */
73     void changePassword(std::string userName, std::string currentPassword,
74                         std::string newPassword) override;
75 
76   private:
77     void verifyPassword(std::string userName, std::string currentPassword,
78                         std::string newPassword);
79     bool compareDigest(const EVP_MD* digestFunc, size_t digestLen,
80                        const std::array<uint8_t, maxHashSize>& expected,
81                        const std::array<uint8_t, maxSeedSize>& seed,
82                        const std::string& rawData);
83     bool isMatch(const std::array<uint8_t, maxHashSize>& expected,
84                  const std::array<uint8_t, maxSeedSize>& seed,
85                  const std::string& rawData, const std::string& algo);
86     bool getParam(std::array<uint8_t, maxHashSize>& orgUsrPwdHash,
87                   std::array<uint8_t, maxHashSize>& orgAdminPwdHash,
88                   std::array<uint8_t, maxSeedSize>& seed,
89                   std::string& hashAlgo);
90     bool verifyIntegrityCheck(std::string& newPassword,
91                               std::array<uint8_t, maxSeedSize>& seed,
92                               unsigned int mdLen, const EVP_MD* digestFunc);
93     sdbusplus::asio::object_server& objServer;
94     std::shared_ptr<sdbusplus::asio::connection>& systemBus;
95     std::filesystem::path seedFile;
96     std::array<uint8_t, maxHashSize> mNewPwdHash;
97 };
98 
99 } // namespace bios_config_pwd
100