// // Copyright (C) 2015 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // #include "tpm_manager/server/tpm_status_impl.h" #include #include #include #include // NOLINT(build/include_alpha) namespace tpm_manager { // Minimum size of TPM_DA_INFO struct. const size_t kMinimumDaInfoSize = 21; bool TpmStatusImpl::IsTpmEnabled() { if (!is_enable_initialized_) { RefreshOwnedEnabledInfo(); } return is_enabled_; } bool TpmStatusImpl::IsTpmOwned() { if (!is_owned_) { RefreshOwnedEnabledInfo(); } return is_owned_; } bool TpmStatusImpl::GetDictionaryAttackInfo(int* counter, int* threshold, bool* lockout, int* seconds_remaining) { std::string capability_data; if (!GetCapability(TSS_TPMCAP_DA_LOGIC, TPM_ET_KEYHANDLE, &capability_data, nullptr) || capability_data.size() < kMinimumDaInfoSize) { LOG(ERROR) << "Error getting tpm capability data."; return false; } if (static_cast(capability_data[1]) == TPM_TAG_DA_INFO) { TPM_DA_INFO da_info; uint64_t offset = 0; std::vector bytes(capability_data.begin(), capability_data.end()); Trspi_UnloadBlob_DA_INFO(&offset, bytes.data(), &da_info); if (counter) { *counter = da_info.currentCount; } if (threshold) { *threshold = da_info.thresholdCount; } if (lockout) { *lockout = (da_info.state == TPM_DA_STATE_ACTIVE); } if (seconds_remaining) { *seconds_remaining = da_info.actionDependValue; } } return true; } void TpmStatusImpl::RefreshOwnedEnabledInfo() { TSS_RESULT result; std::string capability_data; if (!GetCapability(TSS_TPMCAP_PROPERTY, TSS_TPMCAP_PROP_OWNER, &capability_data, &result)) { if (ERROR_CODE(result) == TPM_E_DISABLED) { is_enable_initialized_ = true; is_enabled_ = false; } } else { is_enable_initialized_ = true; is_enabled_ = true; // |capability_data| should be populated with a TSS_BOOL which is true iff // the Tpm is owned. if (capability_data.size() != sizeof(TSS_BOOL)) { LOG(ERROR) << "Error refreshing Tpm ownership information."; return; } is_owned_ = (capability_data[0] != 0); } } bool TpmStatusImpl::GetCapability(uint32_t capability, uint32_t sub_capability, std::string* data, TSS_RESULT* tpm_result) { CHECK(data); TSS_HTPM tpm_handle = tpm_connection_.GetTpm(); if (tpm_handle == 0) { return false; } uint32_t length = 0; trousers::ScopedTssMemory buf(tpm_connection_.GetContext()); TSS_RESULT result = Tspi_TPM_GetCapability( tpm_handle, capability, sizeof(uint32_t), reinterpret_cast(&sub_capability), &length, buf.ptr()); if (tpm_result) { *tpm_result = result; } if (TPM_ERROR(result)) { LOG(ERROR) << "Error getting TPM capability data."; return false; } data->assign(buf.value(), buf.value() + length); return true; } } // namespace tpm_manager