Revert "UserAuthenticationDxe: Loosen Password requirements"

This reverts commit f0b7c4a. Signed-off-by: Michał Żygowski <[email protected]>
Dasharo · Dec 9, 2024 · 04ff32a · 04ff32a
1 parent 086c4fc
commit 04ff32a
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxePassword.c b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxePassword.c
@@ -322,6 +322,7 @@ IsPasswordSet (
   Return if the password is strong.
   Criteria:
   1) length >= PASSWORD_MIN_SIZE
+  2) include lower case, upper case, number, symbol.
 
   @param[in]  Password               The user input password.
   @param[in]  PasswordSize           The size of Password in byte.
@@ -345,6 +346,24 @@ IsPasswordStrong (
     return FALSE;
   }
 
+  HasLowerCase = FALSE;
+  HasUpperCase = FALSE;
+  HasNumber = FALSE;
+  HasSymbol = FALSE;
+  for (Index = 0; Index < PasswordSize - 1; Index++) {
+    if (Password[Index] >= 'a' && Password[Index] <= 'z') {
+      HasLowerCase = TRUE;
+    } else if (Password[Index] >= 'A' && Password[Index] <= 'Z') {
+      HasUpperCase = TRUE;
+    } else if (Password[Index] >= '0' && Password[Index] <= '9') {
+      HasNumber = TRUE;
+    } else {
+      HasSymbol = TRUE;
+    }
+  }
+  if ((!HasLowerCase) || (!HasUpperCase) || (!HasNumber) || (!HasSymbol)) {
+    return FALSE;
+  }
   return TRUE;
 }
 

diff --git a/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeStrings.uni b/DasharoModulePkg/UserAuthenticationDxe/UserAuthenticationDxeStrings.uni
@@ -19,8 +19,8 @@
                                        #language fr-FR "Password Management"
 #string STR_ADMIN_PASSWORD_PROMPT      #language en-US "Change Admin Password"
                                        #language fr-FR "Change Admin Password"
-#string STR_ADMIN_PASSWORD_HELP        #language en-US "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars. Input an empty password can clean old admin password, then no need input password to enter UI."
-                                       #language fr-FR "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars. Input an empty password can clean old admin password, then no need input password to enter UI."
+#string STR_ADMIN_PASSWORD_HELP        #language en-US "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, and symbol. Input an empty password can clean old admin password, then no need input password to enter UI."
+                                       #language fr-FR "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, and symbol. Input an empty password can clean old admin password, then no need input password to enter UI."
 #string STR_ADMIN_PASSWORD_STS_HELP    #language en-US "Current Admin Password status: Installed or Not Installed."
                                        #language fr-FR "Current Admin Password status: Installed or Not Installed."
 #string STR_ADMIN_PASSWORD_STS_PROMPT  #language en-US "Admin Password Status"