[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2DictionaryAttack.c

/** @file\r
  Implement TPM2 DictionaryAttack related command.\r
\r
Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution.  The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include <IndustryStandard/UefiTcgPlatform.h>\r
#include <Library/Tpm2CommandLib.h>\r
#include <Library/Tpm2DeviceLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/BaseLib.h>\r
#include <Library/DebugLib.h>\r
\r
#pragma pack(1)\r
\r
typedef struct {\r
  TPM2_COMMAND_HEADER       Header;\r
  TPMI_RH_LOCKOUT           LockHandle;\r
  UINT32                    AuthSessionSize;\r
  TPMS_AUTH_COMMAND         AuthSession;\r
} TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND;\r
\r
typedef struct {\r
  TPM2_RESPONSE_HEADER       Header;\r
  UINT32                     AuthSessionSize;\r
  TPMS_AUTH_RESPONSE         AuthSession;\r
} TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE;\r
\r
typedef struct {\r
  TPM2_COMMAND_HEADER       Header;\r
  TPMI_RH_LOCKOUT           LockHandle;\r
  UINT32                    AuthSessionSize;\r
  TPMS_AUTH_COMMAND         AuthSession;\r
  UINT32                    NewMaxTries;\r
  UINT32                    NewRecoveryTime;\r
  UINT32                    LockoutRecovery;\r
} TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND;\r
\r
typedef struct {\r
  TPM2_RESPONSE_HEADER       Header;\r
  UINT32                     AuthSessionSize;\r
  TPMS_AUTH_RESPONSE         AuthSession;\r
} TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE;\r
\r
#pragma pack()\r
\r
/**\r
  This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r
  If this command is properly authorized, the lockout counter is set to zero.\r
\r
  @param[in]  LockHandle            TPM_RH_LOCKOUT\r
  @param[in]  AuthSession           Auth Session context\r
\r
  @retval EFI_SUCCESS      Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2DictionaryAttackLockReset (\r
  IN  TPMI_RH_LOCKOUT           LockHandle,\r
  IN  TPMS_AUTH_COMMAND         *AuthSession\r
  )\r
{\r
  EFI_STATUS                                 Status;\r
  TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND  SendBuffer;\r
  TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE RecvBuffer;\r
  UINT32                                     SendBufferSize;\r
  UINT32                                     RecvBufferSize;\r
  UINT8                                      *Buffer;\r
  UINT32                                     SessionInfoSize;\r
\r
  //\r
  // Construct command\r
  //\r
  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackLockReset);\r
\r
  SendBuffer.LockHandle = SwapBytes32 (LockHandle);\r
\r
  //\r
  // Add in Auth session\r
  //\r
  Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
\r
  // sessionInfoSize\r
  SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
  Buffer += SessionInfoSize;\r
  SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
\r
  SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
\r
  //\r
  // send Tpm command\r
  //\r
  RecvBufferSize = sizeof (RecvBuffer);\r
  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
  if (EFI_ERROR (Status)) {\r
    goto Done;\r
  }\r
\r
  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackLockReset - RecvBufferSize Error - %x\n", RecvBufferSize));\r
    Status = EFI_DEVICE_ERROR;\r
    goto Done;\r
  }\r
  if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
    Status = EFI_DEVICE_ERROR;\r
    goto Done;\r
  }\r
\r
Done:\r
  //\r
  // Clear AuthSession Content\r
  //\r
  ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
  return Status;\r
}\r
\r
/**\r
  This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r
  If this command is properly authorized, the lockout counter is set to zero.\r
\r
  @param[in]  LockHandle            TPM_RH_LOCKOUT\r
  @param[in]  AuthSession           Auth Session context\r
  @param[in]  NewMaxTries           Count of authorization failures before the lockout is imposed\r
  @param[in]  NewRecoveryTime       Time in seconds before the authorization failure count is automatically decremented\r
  @param[in]  LockoutRecovery       Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed\r
\r
  @retval EFI_SUCCESS      Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2DictionaryAttackParameters (\r
  IN  TPMI_RH_LOCKOUT           LockHandle,\r
  IN  TPMS_AUTH_COMMAND         *AuthSession,\r
  IN  UINT32                    NewMaxTries,\r
  IN  UINT32                    NewRecoveryTime,\r
  IN  UINT32                    LockoutRecovery\r
  )\r
{\r
  EFI_STATUS                                 Status;\r
  TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND  SendBuffer;\r
  TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE RecvBuffer;\r
  UINT32                                     SendBufferSize;\r
  UINT32                                     RecvBufferSize;\r
  UINT8                                      *Buffer;\r
  UINT32                                     SessionInfoSize;\r
\r
  //\r
  // Construct command\r
  //\r
  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackParameters);\r
\r
  SendBuffer.LockHandle = SwapBytes32 (LockHandle);\r
\r
  //\r
  // Add in Auth session\r
  //\r
  Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
\r
  // sessionInfoSize\r
  SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
  Buffer += SessionInfoSize;\r
  SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
\r
  //\r
  // Real data\r
  //\r
  WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewMaxTries));\r
  Buffer += sizeof(UINT32);\r
  WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewRecoveryTime));\r
  Buffer += sizeof(UINT32);\r
  WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(LockoutRecovery));\r
  Buffer += sizeof(UINT32);\r
\r
  SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
\r
  //\r
  // send Tpm command\r
  //\r
  RecvBufferSize = sizeof (RecvBuffer);\r
  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
  if (EFI_ERROR (Status)) {\r
    goto Done;\r
  }\r
\r
  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackParameters - RecvBufferSize Error - %x\n", RecvBufferSize));\r
    Status = EFI_DEVICE_ERROR;\r
    goto Done;\r
  }\r
  if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
    DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
    Status = EFI_DEVICE_ERROR;\r
    goto Done;\r
  }\r
\r
Done:\r
  //\r
  // Clear AuthSession Content\r
  //\r
  ZeroMem (&SendBufferSize, sizeof(SendBufferSize));\r
  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
  return Status;\r
}\r
Commit	Line	Data
c1d93242 JY	1	/** @file\r
	2	Implement TPM2 DictionaryAttack related command.\r
	3	\r
7ae130da	4	Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>\r
c1d93242 JY	5	This program and the accompanying materials\r
	6	are licensed and made available under the terms and conditions of the BSD License\r
	7	which accompanies this distribution. The full text of the license may be found at\r
	8	http://opensource.org/licenses/bsd-license.php\r
	9	\r
	10	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	11	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	12	\r
	13	**/\r
	14	\r
	15	#include <IndustryStandard/UefiTcgPlatform.h>\r
	16	#include <Library/Tpm2CommandLib.h>\r
	17	#include <Library/Tpm2DeviceLib.h>\r
	18	#include <Library/BaseMemoryLib.h>\r
	19	#include <Library/BaseLib.h>\r
	20	#include <Library/DebugLib.h>\r
	21	\r
	22	#pragma pack(1)\r
	23	\r
	24	typedef struct {\r
	25	TPM2_COMMAND_HEADER Header;\r
	26	TPMI_RH_LOCKOUT LockHandle;\r
	27	UINT32 AuthSessionSize;\r
	28	TPMS_AUTH_COMMAND AuthSession;\r
	29	} TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND;\r
	30	\r
	31	typedef struct {\r
	32	TPM2_RESPONSE_HEADER Header;\r
	33	UINT32 AuthSessionSize;\r
	34	TPMS_AUTH_RESPONSE AuthSession;\r
	35	} TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE;\r
	36	\r
	37	typedef struct {\r
	38	TPM2_COMMAND_HEADER Header;\r
	39	TPMI_RH_LOCKOUT LockHandle;\r
	40	UINT32 AuthSessionSize;\r
	41	TPMS_AUTH_COMMAND AuthSession;\r
	42	UINT32 NewMaxTries;\r
	43	UINT32 NewRecoveryTime;\r
	44	UINT32 LockoutRecovery;\r
	45	} TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND;\r
	46	\r
	47	typedef struct {\r
	48	TPM2_RESPONSE_HEADER Header;\r
	49	UINT32 AuthSessionSize;\r
	50	TPMS_AUTH_RESPONSE AuthSession;\r
	51	} TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE;\r
	52	\r
	53	#pragma pack()\r
	54	\r
	55	/**\r
	56	This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r
	57	If this command is properly authorized, the lockout counter is set to zero.\r
	58	\r
	59	@param[in] LockHandle TPM_RH_LOCKOUT\r
	60	@param[in] AuthSession Auth Session context\r
	61	\r
	62	@retval EFI_SUCCESS Operation completed successfully.\r
	63	@retval EFI_DEVICE_ERROR Unexpected device behavior.\r
	64	**/\r
	65	EFI_STATUS\r
	66	EFIAPI\r
	67	Tpm2DictionaryAttackLockReset (\r
	68	IN TPMI_RH_LOCKOUT LockHandle,\r
69	IN TPMS_AUTH_COMMAND *AuthSession\r
70	)\r
71	{\r
72	EFI_STATUS Status;\r
73	TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND SendBuffer;\r
74	TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE RecvBuffer;\r
75	UINT32 SendBufferSize;\r
76	UINT32 RecvBufferSize;\r
77	UINT8 *Buffer;\r
78	UINT32 SessionInfoSize;\r
79	\r
80	//\r
81	// Construct command\r
82	//\r
83	SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
84	SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackLockReset);\r
85	\r
86	SendBuffer.LockHandle = SwapBytes32 (LockHandle);\r
87	\r
88	//\r
89	// Add in Auth session\r
90	//\r
91	Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
92	\r
93	// sessionInfoSize\r
94	SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
95	Buffer += SessionInfoSize;\r
96	SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
97	\r
98	SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
99	SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
100	\r
101	//\r
102	// send Tpm command\r
103	//\r
104	RecvBufferSize = sizeof (RecvBuffer);\r
105	Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 )&SendBuffer, &RecvBufferSize, (UINT8 )&RecvBuffer);\r
106	if (EFI_ERROR (Status)) {\r
7ae130da	107	goto Done;\r
c1d93242 JY	108	}\r
	109	\r
	110	if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
	111	DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackLockReset - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da JY	112	Status = EFI_DEVICE_ERROR;\r
7ae130da JY	113	goto Done;\r
c1d93242 JY	114	}\r
	115	if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
	116	DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
7ae130da JY	117	Status = EFI_DEVICE_ERROR;\r
7ae130da JY	118	goto Done;\r
c1d93242 JY	119	}\r
c1d93242 JY	120	\r
7ae130da JY	121	Done:\r
	122	//\r
	123	// Clear AuthSession Content\r
	124	//\r
	125	ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
	126	ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
	127	return Status;\r
c1d93242 JY	128	}\r
	129	\r
	130	/**\r
	131	This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r
	132	If this command is properly authorized, the lockout counter is set to zero.\r
	133	\r
	134	@param[in] LockHandle TPM_RH_LOCKOUT\r
	135	@param[in] AuthSession Auth Session context\r
	136	@param[in] NewMaxTries Count of authorization failures before the lockout is imposed\r
	137	@param[in] NewRecoveryTime Time in seconds before the authorization failure count is automatically decremented\r
	138	@param[in] LockoutRecovery Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed\r
	139	\r
	140	@retval EFI_SUCCESS Operation completed successfully.\r
	141	@retval EFI_DEVICE_ERROR Unexpected device behavior.\r
	142	**/\r
	143	EFI_STATUS\r
	144	EFIAPI\r
	145	Tpm2DictionaryAttackParameters (\r
	146	IN TPMI_RH_LOCKOUT LockHandle,\r
	147	IN TPMS_AUTH_COMMAND *AuthSession,\r
	148	IN UINT32 NewMaxTries,\r
	149	IN UINT32 NewRecoveryTime,\r
	150	IN UINT32 LockoutRecovery\r
	151	)\r
	152	{\r
	153	EFI_STATUS Status;\r
	154	TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND SendBuffer;\r
	155	TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE RecvBuffer;\r
	156	UINT32 SendBufferSize;\r
	157	UINT32 RecvBufferSize;\r
	158	UINT8 *Buffer;\r
	159	UINT32 SessionInfoSize;\r
	160	\r
	161	//\r
	162	// Construct command\r
	163	//\r
	164	SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
	165	SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackParameters);\r
	166	\r
	167	SendBuffer.LockHandle = SwapBytes32 (LockHandle);\r
	168	\r
	169	//\r
	170	// Add in Auth session\r
	171	//\r
	172	Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
	173	\r
	174	// sessionInfoSize\r
	175	SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
	176	Buffer += SessionInfoSize;\r
	177	SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
	178	\r
	179	//\r
	180	// Real data\r
	181	//\r
	182	WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewMaxTries));\r
	183	Buffer += sizeof(UINT32);\r
	184	WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewRecoveryTime));\r
	185	Buffer += sizeof(UINT32);\r
	186	WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(LockoutRecovery));\r
	187	Buffer += sizeof(UINT32);\r
	188	\r
	189	SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
	190	SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
	191	\r
192	//\r
193	// send Tpm command\r
194	//\r
195	RecvBufferSize = sizeof (RecvBuffer);\r
196	Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 )&SendBuffer, &RecvBufferSize, (UINT8 )&RecvBuffer);\r
197	if (EFI_ERROR (Status)) {\r
7ae130da	198	goto Done;\r
c1d93242 JY	199	}\r
	200	\r
	201	if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
	202	DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackParameters - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da JY	203	Status = EFI_DEVICE_ERROR;\r
7ae130da JY	204	goto Done;\r
c1d93242 JY	205	}\r
	206	if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
	207	DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
7ae130da JY	208	Status = EFI_DEVICE_ERROR;\r
7ae130da JY	209	goto Done;\r
c1d93242 JY	210	}\r
c1d93242 JY	211	\r
7ae130da JY	212	Done:\r
	213	//\r
	214	// Clear AuthSession Content\r
	215	//\r
	216	ZeroMem (&SendBufferSize, sizeof(SendBufferSize));\r
	217	ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
	218	return Status;\r
c1d93242	219	}\r