1 /** @file
2 Implement TPM2 DictionaryAttack related command.
3
4 Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include <IndustryStandard/UefiTcgPlatform.h>
16 #include <Library/Tpm2CommandLib.h>
17 #include <Library/Tpm2DeviceLib.h>
18 #include <Library/BaseMemoryLib.h>
19 #include <Library/BaseLib.h>
20 #include <Library/DebugLib.h>
21
22 #pragma pack(1)
23
24 typedef struct {
25 TPM2_COMMAND_HEADER Header;
26 TPMI_RH_LOCKOUT LockHandle;
27 UINT32 AuthSessionSize;
28 TPMS_AUTH_COMMAND AuthSession;
29 } TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND;
30
31 typedef struct {
32 TPM2_RESPONSE_HEADER Header;
33 UINT32 AuthSessionSize;
34 TPMS_AUTH_RESPONSE AuthSession;
35 } TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE;
36
37 typedef struct {
38 TPM2_COMMAND_HEADER Header;
39 TPMI_RH_LOCKOUT LockHandle;
40 UINT32 AuthSessionSize;
41 TPMS_AUTH_COMMAND AuthSession;
42 UINT32 NewMaxTries;
43 UINT32 NewRecoveryTime;
44 UINT32 LockoutRecovery;
45 } TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND;
46
47 typedef struct {
48 TPM2_RESPONSE_HEADER Header;
49 UINT32 AuthSessionSize;
50 TPMS_AUTH_RESPONSE AuthSession;
51 } TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE;
52
53 #pragma pack()
54
55 /**
56 This command cancels the effect of a TPM lockout due to a number of successive authorization failures.
57 If this command is properly authorized, the lockout counter is set to zero.
58
59 @param[in] LockHandle TPM_RH_LOCKOUT
60 @param[in] AuthSession Auth Session context
61
62 @retval EFI_SUCCESS Operation completed successfully.
63 @retval EFI_DEVICE_ERROR Unexpected device behavior.
64 **/
65 EFI_STATUS
66 EFIAPI
Tpm2DictionaryAttackLockReset(IN TPMI_RH_LOCKOUT LockHandle,IN TPMS_AUTH_COMMAND * AuthSession)67 Tpm2DictionaryAttackLockReset (
68 IN TPMI_RH_LOCKOUT LockHandle,
69 IN TPMS_AUTH_COMMAND *AuthSession
70 )
71 {
72 EFI_STATUS Status;
73 TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND SendBuffer;
74 TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE RecvBuffer;
75 UINT32 SendBufferSize;
76 UINT32 RecvBufferSize;
77 UINT8 *Buffer;
78 UINT32 SessionInfoSize;
79
80 //
81 // Construct command
82 //
83 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
84 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackLockReset);
85
86 SendBuffer.LockHandle = SwapBytes32 (LockHandle);
87
88 //
89 // Add in Auth session
90 //
91 Buffer = (UINT8 *)&SendBuffer.AuthSession;
92
93 // sessionInfoSize
94 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
95 Buffer += SessionInfoSize;
96 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
97
98 SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
99 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
100
101 //
102 // send Tpm command
103 //
104 RecvBufferSize = sizeof (RecvBuffer);
105 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
106 if (EFI_ERROR (Status)) {
107 goto Done;
108 }
109
110 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
111 DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackLockReset - RecvBufferSize Error - %x\n", RecvBufferSize));
112 Status = EFI_DEVICE_ERROR;
113 goto Done;
114 }
115 if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
116 DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
117 Status = EFI_DEVICE_ERROR;
118 goto Done;
119 }
120
121 Done:
122 //
123 // Clear AuthSession Content
124 //
125 ZeroMem (&SendBuffer, sizeof(SendBuffer));
126 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
127 return Status;
128 }
129
130 /**
131 This command cancels the effect of a TPM lockout due to a number of successive authorization failures.
132 If this command is properly authorized, the lockout counter is set to zero.
133
134 @param[in] LockHandle TPM_RH_LOCKOUT
135 @param[in] AuthSession Auth Session context
136 @param[in] NewMaxTries Count of authorization failures before the lockout is imposed
137 @param[in] NewRecoveryTime Time in seconds before the authorization failure count is automatically decremented
138 @param[in] LockoutRecovery Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed
139
140 @retval EFI_SUCCESS Operation completed successfully.
141 @retval EFI_DEVICE_ERROR Unexpected device behavior.
142 **/
143 EFI_STATUS
144 EFIAPI
Tpm2DictionaryAttackParameters(IN TPMI_RH_LOCKOUT LockHandle,IN TPMS_AUTH_COMMAND * AuthSession,IN UINT32 NewMaxTries,IN UINT32 NewRecoveryTime,IN UINT32 LockoutRecovery)145 Tpm2DictionaryAttackParameters (
146 IN TPMI_RH_LOCKOUT LockHandle,
147 IN TPMS_AUTH_COMMAND *AuthSession,
148 IN UINT32 NewMaxTries,
149 IN UINT32 NewRecoveryTime,
150 IN UINT32 LockoutRecovery
151 )
152 {
153 EFI_STATUS Status;
154 TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND SendBuffer;
155 TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE RecvBuffer;
156 UINT32 SendBufferSize;
157 UINT32 RecvBufferSize;
158 UINT8 *Buffer;
159 UINT32 SessionInfoSize;
160
161 //
162 // Construct command
163 //
164 SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
165 SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackParameters);
166
167 SendBuffer.LockHandle = SwapBytes32 (LockHandle);
168
169 //
170 // Add in Auth session
171 //
172 Buffer = (UINT8 *)&SendBuffer.AuthSession;
173
174 // sessionInfoSize
175 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
176 Buffer += SessionInfoSize;
177 SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
178
179 //
180 // Real data
181 //
182 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewMaxTries));
183 Buffer += sizeof(UINT32);
184 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewRecoveryTime));
185 Buffer += sizeof(UINT32);
186 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(LockoutRecovery));
187 Buffer += sizeof(UINT32);
188
189 SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
190 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
191
192 //
193 // send Tpm command
194 //
195 RecvBufferSize = sizeof (RecvBuffer);
196 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
197 if (EFI_ERROR (Status)) {
198 goto Done;
199 }
200
201 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
202 DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackParameters - RecvBufferSize Error - %x\n", RecvBufferSize));
203 Status = EFI_DEVICE_ERROR;
204 goto Done;
205 }
206 if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
207 DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
208 Status = EFI_DEVICE_ERROR;
209 goto Done;
210 }
211
212 Done:
213 //
214 // Clear AuthSession Content
215 //
216 ZeroMem (&SendBufferSize, sizeof(SendBufferSize));
217 ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
218 return Status;
219 }
220