[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2DictionaryAttack.c

/** @file\r
  Implement TPM2 DictionaryAttack related command.\r
\r
Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <IndustryStandard/UefiTcgPlatform.h>\r
#include <Library/Tpm2CommandLib.h>\r
#include <Library/Tpm2DeviceLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/BaseLib.h>\r
#include <Library/DebugLib.h>\r
\r
#pragma pack(1)\r
\r
typedef struct {\r
  TPM2_COMMAND_HEADER       Header;\r
  TPMI_RH_LOCKOUT           LockHandle;\r
  UINT32                    AuthSessionSize;\r
  TPMS_AUTH_COMMAND         AuthSession;\r
} TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND;\r
\r
typedef struct {\r
  TPM2_RESPONSE_HEADER       Header;\r
  UINT32                     AuthSessionSize;\r
  TPMS_AUTH_RESPONSE         AuthSession;\r
} TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE;\r
\r
typedef struct {\r
  TPM2_COMMAND_HEADER       Header;\r
  TPMI_RH_LOCKOUT           LockHandle;\r
  UINT32                    AuthSessionSize;\r
  TPMS_AUTH_COMMAND         AuthSession;\r
  UINT32                    NewMaxTries;\r
  UINT32                    NewRecoveryTime;\r
  UINT32                    LockoutRecovery;\r
} TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND;\r
\r
typedef struct {\r
  TPM2_RESPONSE_HEADER       Header;\r
  UINT32                     AuthSessionSize;\r
  TPMS_AUTH_RESPONSE         AuthSession;\r
} TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE;\r
\r
#pragma pack()\r
\r
/**\r
  This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r
  If this command is properly authorized, the lockout counter is set to zero.\r
\r
  @param[in]  LockHandle            TPM_RH_LOCKOUT\r
  @param[in]  AuthSession           Auth Session context\r
\r
  @retval EFI_SUCCESS      Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2DictionaryAttackLockReset (\r
  IN  TPMI_RH_LOCKOUT           LockHandle,\r
  IN  TPMS_AUTH_COMMAND         *AuthSession\r
  )\r
{\r
  EFI_STATUS                                 Status;\r
  TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND  SendBuffer;\r
  TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE RecvBuffer;\r
  UINT32                                     SendBufferSize;\r
  UINT32                                     RecvBufferSize;\r
  UINT8                                      *Buffer;\r
  UINT32                                     SessionInfoSize;\r
\r
  //\r
  // Construct command\r
  //\r
  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackLockReset);\r
\r
  SendBuffer.LockHandle = SwapBytes32 (LockHandle);\r
\r
  //\r
  // Add in Auth session\r
  //\r
  Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
\r
  // sessionInfoSize\r
  SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
  Buffer += SessionInfoSize;\r
  SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
\r
  SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
\r
  //\r
  // send Tpm command\r
  //\r
  RecvBufferSize = sizeof (RecvBuffer);\r
  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
  if (EFI_ERROR (Status)) {\r
    goto Done;\r
  }\r
\r
  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
    DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackLockReset - RecvBufferSize Error - %x\n", RecvBufferSize));\r
    Status = EFI_DEVICE_ERROR;\r
    goto Done;\r
  }\r
  if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
    DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
    Status = EFI_DEVICE_ERROR;\r
    goto Done;\r
  }\r
\r
Done:\r
  //\r
  // Clear AuthSession Content\r
  //\r
  ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
  return Status;\r
}\r
\r
/**\r
  This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r
  If this command is properly authorized, the lockout counter is set to zero.\r
\r
  @param[in]  LockHandle            TPM_RH_LOCKOUT\r
  @param[in]  AuthSession           Auth Session context\r
  @param[in]  NewMaxTries           Count of authorization failures before the lockout is imposed\r
  @param[in]  NewRecoveryTime       Time in seconds before the authorization failure count is automatically decremented\r
  @param[in]  LockoutRecovery       Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed\r
\r
  @retval EFI_SUCCESS      Operation completed successfully.\r
  @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
**/\r
EFI_STATUS\r
EFIAPI\r
Tpm2DictionaryAttackParameters (\r
  IN  TPMI_RH_LOCKOUT           LockHandle,\r
  IN  TPMS_AUTH_COMMAND         *AuthSession,\r
  IN  UINT32                    NewMaxTries,\r
  IN  UINT32                    NewRecoveryTime,\r
  IN  UINT32                    LockoutRecovery\r
  )\r
{\r
  EFI_STATUS                                 Status;\r
  TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND  SendBuffer;\r
  TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE RecvBuffer;\r
  UINT32                                     SendBufferSize;\r
  UINT32                                     RecvBufferSize;\r
  UINT8                                      *Buffer;\r
  UINT32                                     SessionInfoSize;\r
\r
  //\r
  // Construct command\r
  //\r
  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackParameters);\r
\r
  SendBuffer.LockHandle = SwapBytes32 (LockHandle);\r
\r
  //\r
  // Add in Auth session\r
  //\r
  Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
\r
  // sessionInfoSize\r
  SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
  Buffer += SessionInfoSize;\r
  SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
\r
  //\r
  // Real data\r
  //\r
  WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewMaxTries));\r
  Buffer += sizeof(UINT32);\r
  WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewRecoveryTime));\r
  Buffer += sizeof(UINT32);\r
  WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(LockoutRecovery));\r
  Buffer += sizeof(UINT32);\r
\r
  SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
\r
  //\r
  // send Tpm command\r
  //\r
  RecvBufferSize = sizeof (RecvBuffer);\r
  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
  if (EFI_ERROR (Status)) {\r
    goto Done;\r
  }\r
\r
  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
    DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackParameters - RecvBufferSize Error - %x\n", RecvBufferSize));\r
    Status = EFI_DEVICE_ERROR;\r
    goto Done;\r
  }\r
  if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
    DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
    Status = EFI_DEVICE_ERROR;\r
    goto Done;\r
  }\r
\r
Done:\r
  //\r
  // Clear AuthSession Content\r
  //\r
  ZeroMem (&SendBufferSize, sizeof(SendBufferSize));\r
  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
  return Status;\r
}\r
Commit	Line	Data
c1d93242 JY	1	/** @file\r
	2	Implement TPM2 DictionaryAttack related command.\r
	3	\r
7ae130da	4	Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>\r
289b714b	5	SPDX-License-Identifier: BSD-2-Clause-Patent\r
c1d93242 JY	6	\r
	7	**/\r
	8	\r
	9	#include <IndustryStandard/UefiTcgPlatform.h>\r
	10	#include <Library/Tpm2CommandLib.h>\r
	11	#include <Library/Tpm2DeviceLib.h>\r
	12	#include <Library/BaseMemoryLib.h>\r
	13	#include <Library/BaseLib.h>\r
	14	#include <Library/DebugLib.h>\r
	15	\r
	16	#pragma pack(1)\r
	17	\r
	18	typedef struct {\r
	19	TPM2_COMMAND_HEADER Header;\r
	20	TPMI_RH_LOCKOUT LockHandle;\r
	21	UINT32 AuthSessionSize;\r
	22	TPMS_AUTH_COMMAND AuthSession;\r
	23	} TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND;\r
	24	\r
	25	typedef struct {\r
	26	TPM2_RESPONSE_HEADER Header;\r
	27	UINT32 AuthSessionSize;\r
	28	TPMS_AUTH_RESPONSE AuthSession;\r
	29	} TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE;\r
	30	\r
	31	typedef struct {\r
	32	TPM2_COMMAND_HEADER Header;\r
	33	TPMI_RH_LOCKOUT LockHandle;\r
	34	UINT32 AuthSessionSize;\r
	35	TPMS_AUTH_COMMAND AuthSession;\r
	36	UINT32 NewMaxTries;\r
	37	UINT32 NewRecoveryTime;\r
	38	UINT32 LockoutRecovery;\r
	39	} TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND;\r
	40	\r
	41	typedef struct {\r
	42	TPM2_RESPONSE_HEADER Header;\r
	43	UINT32 AuthSessionSize;\r
	44	TPMS_AUTH_RESPONSE AuthSession;\r
	45	} TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE;\r
	46	\r
	47	#pragma pack()\r
	48	\r
	49	/**\r
	50	This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r
	51	If this command is properly authorized, the lockout counter is set to zero.\r
	52	\r
	53	@param[in] LockHandle TPM_RH_LOCKOUT\r
	54	@param[in] AuthSession Auth Session context\r
	55	\r
	56	@retval EFI_SUCCESS Operation completed successfully.\r
	57	@retval EFI_DEVICE_ERROR Unexpected device behavior.\r
	58	**/\r
	59	EFI_STATUS\r
	60	EFIAPI\r
	61	Tpm2DictionaryAttackLockReset (\r
	62	IN TPMI_RH_LOCKOUT LockHandle,\r
	63	IN TPMS_AUTH_COMMAND *AuthSession\r
	64	)\r
	65	{\r
	66	EFI_STATUS Status;\r
	67	TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND SendBuffer;\r
	68	TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE RecvBuffer;\r
	69	UINT32 SendBufferSize;\r
70	UINT32 RecvBufferSize;\r
71	UINT8 *Buffer;\r
72	UINT32 SessionInfoSize;\r
73	\r
74	//\r
75	// Construct command\r
76	//\r
77	SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
78	SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackLockReset);\r
79	\r
80	SendBuffer.LockHandle = SwapBytes32 (LockHandle);\r
81	\r
82	//\r
83	// Add in Auth session\r
84	//\r
85	Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
86	\r
87	// sessionInfoSize\r
88	SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
89	Buffer += SessionInfoSize;\r
90	SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
91	\r
92	SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
93	SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
94	\r
95	//\r
96	// send Tpm command\r
97	//\r
98	RecvBufferSize = sizeof (RecvBuffer);\r
99	Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 )&SendBuffer, &RecvBufferSize, (UINT8 )&RecvBuffer);\r
100	if (EFI_ERROR (Status)) {\r
7ae130da	101	goto Done;\r
c1d93242 JY	102	}\r
	103	\r
	104	if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0	105	DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackLockReset - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da JY	106	Status = EFI_DEVICE_ERROR;\r
7ae130da JY	107	goto Done;\r
c1d93242 JY	108	}\r
c1d93242 JY	109	if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
e905fbb0	110	DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
7ae130da JY	111	Status = EFI_DEVICE_ERROR;\r
7ae130da JY	112	goto Done;\r
c1d93242 JY	113	}\r
c1d93242 JY	114	\r
7ae130da JY	115	Done:\r
	116	//\r
	117	// Clear AuthSession Content\r
	118	//\r
	119	ZeroMem (&SendBuffer, sizeof(SendBuffer));\r
	120	ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
	121	return Status;\r
c1d93242 JY	122	}\r
	123	\r
	124	/**\r
	125	This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r
	126	If this command is properly authorized, the lockout counter is set to zero.\r
	127	\r
	128	@param[in] LockHandle TPM_RH_LOCKOUT\r
	129	@param[in] AuthSession Auth Session context\r
	130	@param[in] NewMaxTries Count of authorization failures before the lockout is imposed\r
	131	@param[in] NewRecoveryTime Time in seconds before the authorization failure count is automatically decremented\r
	132	@param[in] LockoutRecovery Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed\r
	133	\r
	134	@retval EFI_SUCCESS Operation completed successfully.\r
	135	@retval EFI_DEVICE_ERROR Unexpected device behavior.\r
	136	**/\r
	137	EFI_STATUS\r
	138	EFIAPI\r
	139	Tpm2DictionaryAttackParameters (\r
	140	IN TPMI_RH_LOCKOUT LockHandle,\r
	141	IN TPMS_AUTH_COMMAND *AuthSession,\r
	142	IN UINT32 NewMaxTries,\r
	143	IN UINT32 NewRecoveryTime,\r
	144	IN UINT32 LockoutRecovery\r
	145	)\r
	146	{\r
	147	EFI_STATUS Status;\r
	148	TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND SendBuffer;\r
	149	TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE RecvBuffer;\r
	150	UINT32 SendBufferSize;\r
	151	UINT32 RecvBufferSize;\r
	152	UINT8 *Buffer;\r
	153	UINT32 SessionInfoSize;\r
	154	\r
	155	//\r
	156	// Construct command\r
	157	//\r
	158	SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
	159	SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackParameters);\r
	160	\r
	161	SendBuffer.LockHandle = SwapBytes32 (LockHandle);\r
	162	\r
	163	//\r
	164	// Add in Auth session\r
	165	//\r
	166	Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
	167	\r
	168	// sessionInfoSize\r
	169	SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
	170	Buffer += SessionInfoSize;\r
	171	SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
	172	\r
	173	//\r
	174	// Real data\r
	175	//\r
	176	WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewMaxTries));\r
	177	Buffer += sizeof(UINT32);\r
	178	WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewRecoveryTime));\r
	179	Buffer += sizeof(UINT32);\r
	180	WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(LockoutRecovery));\r
	181	Buffer += sizeof(UINT32);\r
	182	\r
	183	SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
	184	SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
	185	\r
186	//\r
187	// send Tpm command\r
188	//\r
189	RecvBufferSize = sizeof (RecvBuffer);\r
190	Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 )&SendBuffer, &RecvBufferSize, (UINT8 )&RecvBuffer);\r
191	if (EFI_ERROR (Status)) {\r
7ae130da	192	goto Done;\r
c1d93242 JY	193	}\r
	194	\r
	195	if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
e905fbb0	196	DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackParameters - RecvBufferSize Error - %x\n", RecvBufferSize));\r
7ae130da JY	197	Status = EFI_DEVICE_ERROR;\r
7ae130da JY	198	goto Done;\r
c1d93242 JY	199	}\r
c1d93242 JY	200	if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
e905fbb0	201	DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
7ae130da JY	202	Status = EFI_DEVICE_ERROR;\r
7ae130da JY	203	goto Done;\r
c1d93242 JY	204	}\r
c1d93242 JY	205	\r
7ae130da JY	206	Done:\r
	207	//\r
	208	// Clear AuthSession Content\r
	209	//\r
	210	ZeroMem (&SendBufferSize, sizeof(SendBufferSize));\r
	211	ZeroMem (&RecvBuffer, sizeof(RecvBuffer));\r
	212	return Status;\r
c1d93242	213	}\r