xref: /openbmc/bios-settings-mgr/include/password.hpp (revision 96e72ec579ea3c19ddbde4151d9f26d988c47fa6) 
1 /*
2 // Copyright (c) 2020 Intel Corporation
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 */
16 #pragma once
17 #include "config.h"
18 
19 #include <openssl/evp.h>
20 #include <openssl/hmac.h>
21 #include <openssl/sha.h>
22 
23 #include <nlohmann/json.hpp>
24 #include <sdbusplus/asio/object_server.hpp>
25 #include <sdbusplus/server.hpp>
26 #include <xyz/openbmc_project/BIOSConfig/Password/server.hpp>
27 
28 #include <filesystem>
29 #include <string>
30 
31 namespace bios_config_pwd
32 {
33 
34 static constexpr auto servicePwd = "xyz.openbmc_project.BIOSConfigPassword";
35 static constexpr auto objectPathPwd =
36     "/xyz/openbmc_project/bios_config/password";
37 constexpr auto biosPasswordFile = "passwordData";
38 constexpr auto biosSeedFile = "seedData";
39 constexpr uint8_t maxHashSize = 64;
40 constexpr uint8_t maxSeedSize = 32;
41 constexpr uint8_t maxPasswordLen = 32;
42 
43 using Base = sdbusplus::xyz::openbmc_project::BIOSConfig::server::Password;
44 namespace fs = std::filesystem;
45 
46 /** @class Password
47  *
48  *  @brief Implements the BIOS Password
49  */
50 class Password : public Base
51 {
52   public:
53     Password() = delete;
54     ~Password() = default;
55     Password(const Password&) = delete;
56     Password& operator=(const Password&) = delete;
57     Password(Password&&) = delete;
58     Password& operator=(Password&&) = delete;
59 
60     /** @brief Constructs Password object.
61      *
62      *  @param[in] objectServer  - object server
63      *  @param[in] systemBus - bus connection
64      */
65     Password(sdbusplus::asio::object_server& objectServer,
66              std::shared_ptr<sdbusplus::asio::connection>& systemBus);
67 
68     /** @brief Set the BIOS attribute with a new value, the new value is added
69      *         to the PendingAttribute.
70      *
71      *  @param[in] userName - User name - user / admin.
72      *  @param[in] currentPassword - Current user/ admin Password.
73      *  @param[in] newPassword - New user/ admin Password.
74      */
75     void changePassword(std::string userName, std::string currentPassword,
76                         std::string newPassword) override;
77 
78   private:
79     uint8_t convertUnicode(const std::string& pwd,
80                            std::array<uint16_t, maxPasswordLen>& unicodePwd);
81     void verifyPassword(std::string userName, std::string currentPassword,
82                         std::string newPassword);
83     bool isMatch(const std::array<uint8_t, maxHashSize>& expected,
84                  const std::array<uint8_t, maxSeedSize>& seed,
85                  const std::string rawData, const std::string algo);
86     sdbusplus::asio::object_server& objServer;
87     std::shared_ptr<sdbusplus::asio::connection>& systemBus;
88     std::filesystem::path seedFile;
89     std::array<uint8_t, maxHashSize> mNewPwdHash;
90 };
91 
92 } // namespace bios_config_pwd
93