1 /* 2 // Copyright (c) 2020 Intel Corporation 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 */ 16 #pragma once 17 #include <openssl/evp.h> 18 #include <openssl/hmac.h> 19 #include <openssl/sha.h> 20 21 #include <nlohmann/json.hpp> 22 #include <sdbusplus/asio/object_server.hpp> 23 #include <sdbusplus/server.hpp> 24 #include <xyz/openbmc_project/BIOSConfig/Password/server.hpp> 25 26 #include <filesystem> 27 #include <string> 28 29 namespace bios_config_pwd 30 { 31 static constexpr auto objectPathPwd = 32 "/xyz/openbmc_project/bios_config/password"; 33 constexpr auto biosSeedFile = "seedData"; 34 constexpr uint8_t maxHashSize = 64; 35 constexpr uint8_t maxSeedSize = 32; 36 constexpr uint8_t maxPasswordLen = 32; 37 constexpr int iterValue = 1000; 38 39 using Base = sdbusplus::xyz::openbmc_project::BIOSConfig::server::Password; 40 namespace fs = std::filesystem; 41 42 /** @class Password 43 * 44 * @brief Implements the BIOS Password 45 */ 46 class Password : public Base 47 { 48 public: 49 Password() = delete; 50 ~Password() = default; 51 Password(const Password&) = delete; 52 Password& operator=(const Password&) = delete; 53 Password(Password&&) = delete; 54 Password& operator=(Password&&) = delete; 55 56 /** @brief Constructs Password object. 57 * 58 * @param[in] objectServer - object server 59 * @param[in] systemBus - bus connection 60 */ 61 Password(sdbusplus::asio::object_server& objectServer, 62 std::shared_ptr<sdbusplus::asio::connection>& systemBus, 63 std::string persistPath); 64 65 /** @brief Set the BIOS attribute with a new value, the new value is added 66 * to the PendingAttribute. 67 * 68 * @param[in] userName - User name - user / admin. 69 * @param[in] currentPassword - Current user/ admin Password. 70 * @param[in] newPassword - New user/ admin Password. 71 */ 72 void changePassword(std::string userName, std::string currentPassword, 73 std::string newPassword) override; 74 75 private: 76 void verifyPassword(std::string userName, std::string currentPassword, 77 std::string newPassword); 78 bool compareDigest(const EVP_MD* digestFunc, size_t digestLen, 79 const std::array<uint8_t, maxHashSize>& expected, 80 const std::array<uint8_t, maxSeedSize>& seed, 81 const std::string& rawData); 82 bool isMatch(const std::array<uint8_t, maxHashSize>& expected, 83 const std::array<uint8_t, maxSeedSize>& seed, 84 const std::string& rawData, const std::string& algo); 85 bool getParam(std::array<uint8_t, maxHashSize>& orgUsrPwdHash, 86 std::array<uint8_t, maxHashSize>& orgAdminPwdHash, 87 std::array<uint8_t, maxSeedSize>& seed, 88 std::string& hashAlgo); 89 bool verifyIntegrityCheck(std::string& newPassword, 90 std::array<uint8_t, maxSeedSize>& seed, 91 unsigned int mdLen, const EVP_MD* digestFunc); 92 sdbusplus::asio::object_server& objServer; 93 std::shared_ptr<sdbusplus::asio::connection>& systemBus; 94 std::filesystem::path seedFile; 95 std::array<uint8_t, maxHashSize> mNewPwdHash; 96 }; 97 98 } // namespace bios_config_pwd 99