2 Implement TPM2 DictionaryAttack related command.
4 Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include <IndustryStandard/UefiTcgPlatform.h>
16 #include <Library/Tpm2CommandLib.h>
17 #include <Library/Tpm2DeviceLib.h>
18 #include <Library/BaseMemoryLib.h>
19 #include <Library/BaseLib.h>
20 #include <Library/DebugLib.h>
25 TPM2_COMMAND_HEADER Header
;
26 TPMI_RH_LOCKOUT LockHandle
;
27 UINT32 AuthSessionSize
;
28 TPMS_AUTH_COMMAND AuthSession
;
29 } TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND
;
32 TPM2_RESPONSE_HEADER Header
;
33 UINT32 AuthSessionSize
;
34 TPMS_AUTH_RESPONSE AuthSession
;
35 } TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE
;
38 TPM2_COMMAND_HEADER Header
;
39 TPMI_RH_LOCKOUT LockHandle
;
40 UINT32 AuthSessionSize
;
41 TPMS_AUTH_COMMAND AuthSession
;
43 UINT32 NewRecoveryTime
;
44 UINT32 LockoutRecovery
;
45 } TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND
;
48 TPM2_RESPONSE_HEADER Header
;
49 UINT32 AuthSessionSize
;
50 TPMS_AUTH_RESPONSE AuthSession
;
51 } TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE
;
56 This command cancels the effect of a TPM lockout due to a number of successive authorization failures.
57 If this command is properly authorized, the lockout counter is set to zero.
59 @param[in] LockHandle TPM_RH_LOCKOUT
60 @param[in] AuthSession Auth Session context
62 @retval EFI_SUCCESS Operation completed successfully.
63 @retval EFI_DEVICE_ERROR Unexpected device behavior.
67 Tpm2DictionaryAttackLockReset (
68 IN TPMI_RH_LOCKOUT LockHandle
,
69 IN TPMS_AUTH_COMMAND
*AuthSession
73 TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND SendBuffer
;
74 TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE RecvBuffer
;
75 UINT32 SendBufferSize
;
76 UINT32 RecvBufferSize
;
78 UINT32 SessionInfoSize
;
83 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
84 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_DictionaryAttackLockReset
);
86 SendBuffer
.LockHandle
= SwapBytes32 (LockHandle
);
89 // Add in Auth session
91 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
94 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
95 Buffer
+= SessionInfoSize
;
96 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
98 SendBufferSize
= (UINT32
)((UINTN
)Buffer
- (UINTN
)&SendBuffer
);
99 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
104 RecvBufferSize
= sizeof (RecvBuffer
);
105 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
106 if (EFI_ERROR (Status
)) {
110 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
111 DEBUG ((EFI_D_ERROR
, "Tpm2DictionaryAttackLockReset - RecvBufferSize Error - %x\n", RecvBufferSize
));
112 return EFI_DEVICE_ERROR
;
114 if (SwapBytes32(RecvBuffer
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
115 DEBUG ((EFI_D_ERROR
, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
116 return EFI_DEVICE_ERROR
;
123 This command cancels the effect of a TPM lockout due to a number of successive authorization failures.
124 If this command is properly authorized, the lockout counter is set to zero.
126 @param[in] LockHandle TPM_RH_LOCKOUT
127 @param[in] AuthSession Auth Session context
128 @param[in] NewMaxTries Count of authorization failures before the lockout is imposed
129 @param[in] NewRecoveryTime Time in seconds before the authorization failure count is automatically decremented
130 @param[in] LockoutRecovery Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed
132 @retval EFI_SUCCESS Operation completed successfully.
133 @retval EFI_DEVICE_ERROR Unexpected device behavior.
137 Tpm2DictionaryAttackParameters (
138 IN TPMI_RH_LOCKOUT LockHandle
,
139 IN TPMS_AUTH_COMMAND
*AuthSession
,
140 IN UINT32 NewMaxTries
,
141 IN UINT32 NewRecoveryTime
,
142 IN UINT32 LockoutRecovery
146 TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND SendBuffer
;
147 TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE RecvBuffer
;
148 UINT32 SendBufferSize
;
149 UINT32 RecvBufferSize
;
151 UINT32 SessionInfoSize
;
156 SendBuffer
.Header
.tag
= SwapBytes16(TPM_ST_SESSIONS
);
157 SendBuffer
.Header
.commandCode
= SwapBytes32(TPM_CC_DictionaryAttackParameters
);
159 SendBuffer
.LockHandle
= SwapBytes32 (LockHandle
);
162 // Add in Auth session
164 Buffer
= (UINT8
*)&SendBuffer
.AuthSession
;
167 SessionInfoSize
= CopyAuthSessionCommand (AuthSession
, Buffer
);
168 Buffer
+= SessionInfoSize
;
169 SendBuffer
.AuthSessionSize
= SwapBytes32(SessionInfoSize
);
174 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32(NewMaxTries
));
175 Buffer
+= sizeof(UINT32
);
176 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32(NewRecoveryTime
));
177 Buffer
+= sizeof(UINT32
);
178 WriteUnaligned32 ((UINT32
*)Buffer
, SwapBytes32(LockoutRecovery
));
179 Buffer
+= sizeof(UINT32
);
181 SendBufferSize
= (UINT32
)((UINTN
)Buffer
- (UINTN
)&SendBuffer
);
182 SendBuffer
.Header
.paramSize
= SwapBytes32 (SendBufferSize
);
187 RecvBufferSize
= sizeof (RecvBuffer
);
188 Status
= Tpm2SubmitCommand (SendBufferSize
, (UINT8
*)&SendBuffer
, &RecvBufferSize
, (UINT8
*)&RecvBuffer
);
189 if (EFI_ERROR (Status
)) {
193 if (RecvBufferSize
< sizeof (TPM2_RESPONSE_HEADER
)) {
194 DEBUG ((EFI_D_ERROR
, "Tpm2DictionaryAttackParameters - RecvBufferSize Error - %x\n", RecvBufferSize
));
195 return EFI_DEVICE_ERROR
;
197 if (SwapBytes32(RecvBuffer
.Header
.responseCode
) != TPM_RC_SUCCESS
) {
198 DEBUG ((EFI_D_ERROR
, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32(RecvBuffer
.Header
.responseCode
)));
199 return EFI_DEVICE_ERROR
;