2 Implement TPM2 DictionaryAttack related command.
4 Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include <IndustryStandard/UefiTcgPlatform.h>
16 #include <Library/Tpm2CommandLib.h>
17 #include <Library/Tpm2DeviceLib.h>
18 #include <Library/BaseMemoryLib.h>
19 #include <Library/BaseLib.h>
20 #include <Library/DebugLib.h>
25 TPM2_COMMAND_HEADER Header
;
26 TPMI_RH_LOCKOUT LockHandle
;
27 UINT32 AuthSessionSize
;
28 TPMS_AUTH_COMMAND AuthSession
;
29 } TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND
;
32 TPM2_RESPONSE_HEADER Header
;
33 UINT32 AuthSessionSize
;
34 TPMS_AUTH_RESPONSE AuthSession
;
35 } TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE
;
38 TPM2_COMMAND_HEADER Header
;
39 TPMI_RH_LOCKOUT LockHandle
;
40 UINT32 AuthSessionSize
;
41 TPMS_AUTH_COMMAND AuthSession
;
43 UINT32 NewRecoveryTime
;
44 UINT32 LockoutRecovery
;
45 } TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND
;
48 TPM2_RESPONSE_HEADER Header
;
49 UINT32 AuthSessionSize
;
50 TPMS_AUTH_RESPONSE AuthSession
;
51 } TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE
;
56 This command cancels the effect of a TPM lockout due to a number of successive authorization failures.
57 If this command is properly authorized, the lockout counter is set to zero.
59 @param[in] LockHandle TPM_RH_LOCKOUT
60 @param[in] AuthSession Auth Session context
62 @retval EFI_SUCCESS Operation completed successfully.
63 @retval EFI_DEVICE_ERROR Unexpected device behavior.
67 Tpm2DictionaryAttackLockReset (
68 IN TPMI_RH_LOCKOUT LockHandle
,
69 IN TPMS_AUTH_COMMAND
*AuthSession
73 TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND SendBuffer
;
74 TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE RecvBuffer
;
75 UINT32 SendBufferSize
;
76 UINT32 RecvBufferSize
;
78 UINT32 SessionInfoSize
;
83 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
84 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_DictionaryAttackLockReset
);
86 SendBuffer
.LockHandle
= SwapBytes32 (LockHandle
);
89 // Add in Auth session
91 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
94 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
95 Buffer
+= SessionInfoSize
;
96 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
98 SendBufferSize
= (UINT32
)((UINTN
)Buffer
- (UINTN
)&SendBuffer
);
99 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
104 RecvBufferSize
= sizeof (RecvBuffer
);
105 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
106 if (EFI_ERROR (Status
)) {
110 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
111 DEBUG ((EFI_D_ERROR
, "Tpm2DictionaryAttackLockReset - RecvBufferSize Error - %x\n", RecvBufferSize
));
112 Status
= EFI_DEVICE_ERROR
;
115 if (SwapBytes32(RecvBuffer
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
116 DEBUG ((EFI_D_ERROR
, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
117 Status
= EFI_DEVICE_ERROR
;
123 // Clear AuthSession Content
125 ZeroMem (&SendBuffer
, sizeof(SendBuffer
));
126 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));
131 This command cancels the effect of a TPM lockout due to a number of successive authorization failures.
132 If this command is properly authorized, the lockout counter is set to zero.
134 @param[in] LockHandle TPM_RH_LOCKOUT
135 @param[in] AuthSession Auth Session context
136 @param[in] NewMaxTries Count of authorization failures before the lockout is imposed
137 @param[in] NewRecoveryTime Time in seconds before the authorization failure count is automatically decremented
138 @param[in] LockoutRecovery Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed
140 @retval EFI_SUCCESS Operation completed successfully.
141 @retval EFI_DEVICE_ERROR Unexpected device behavior.
145 Tpm2DictionaryAttackParameters (
146 IN TPMI_RH_LOCKOUT LockHandle
,
147 IN TPMS_AUTH_COMMAND
*AuthSession
,
148 IN UINT32 NewMaxTries
,
149 IN UINT32 NewRecoveryTime
,
150 IN UINT32 LockoutRecovery
154 TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND SendBuffer
;
155 TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE RecvBuffer
;
156 UINT32 SendBufferSize
;
157 UINT32 RecvBufferSize
;
159 UINT32 SessionInfoSize
;
164 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
165 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_DictionaryAttackParameters
);
167 SendBuffer
.LockHandle
= SwapBytes32 (LockHandle
);
170 // Add in Auth session
172 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
175 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
176 Buffer
+= SessionInfoSize
;
177 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
182 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32(NewMaxTries
));
183 Buffer
+= sizeof(UINT32
);
184 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32(NewRecoveryTime
));
185 Buffer
+= sizeof(UINT32
);
186 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32(LockoutRecovery
));
187 Buffer
+= sizeof(UINT32
);
189 SendBufferSize
= (UINT32
)((UINTN
)Buffer
- (UINTN
)&SendBuffer
);
190 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
195 RecvBufferSize
= sizeof (RecvBuffer
);
196 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
197 if (EFI_ERROR (Status
)) {
201 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
202 DEBUG ((EFI_D_ERROR
, "Tpm2DictionaryAttackParameters - RecvBufferSize Error - %x\n", RecvBufferSize
));
203 Status
= EFI_DEVICE_ERROR
;
206 if (SwapBytes32(RecvBuffer
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
207 DEBUG ((EFI_D_ERROR
, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
208 Status
= EFI_DEVICE_ERROR
;
214 // Clear AuthSession Content
216 ZeroMem (&SendBufferSize
, sizeof(SendBufferSize
));
217 ZeroMem (&RecvBuffer
, sizeof(RecvBuffer
));