]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
UefiCpuPkg: Move AsmRelocateApLoopStart from Mpfuncs.nasm to AmdSev.nasm
[mirror_edk2.git] / SecurityPkg / Library / Tpm2CommandLib / Tpm2DictionaryAttack.c
1 /** @file
2 Implement TPM2 DictionaryAttack related command.
3
4 Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
6
7 **/
8
9 #include <IndustryStandard/UefiTcgPlatform.h>
10 #include <Library/Tpm2CommandLib.h>
11 #include <Library/Tpm2DeviceLib.h>
12 #include <Library/BaseMemoryLib.h>
13 #include <Library/BaseLib.h>
14 #include <Library/DebugLib.h>
15
16 #pragma pack(1)
17
18 typedef struct {
19 TPM2_COMMAND_HEADER Header;
20 TPMI_RH_LOCKOUT LockHandle;
21 UINT32 AuthSessionSize;
22 TPMS_AUTH_COMMAND AuthSession;
23 } TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND;
24
25 typedef struct {
26 TPM2_RESPONSE_HEADER Header;
27 UINT32 AuthSessionSize;
28 TPMS_AUTH_RESPONSE AuthSession;
29 } TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE;
30
31 typedef struct {
32 TPM2_COMMAND_HEADER Header;
33 TPMI_RH_LOCKOUT LockHandle;
34 UINT32 AuthSessionSize;
35 TPMS_AUTH_COMMAND AuthSession;
36 UINT32 NewMaxTries;
37 UINT32 NewRecoveryTime;
38 UINT32 LockoutRecovery;
39 } TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND;
40
41 typedef struct {
42 TPM2_RESPONSE_HEADER Header;
43 UINT32 AuthSessionSize;
44 TPMS_AUTH_RESPONSE AuthSession;
45 } TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE;
46
47 #pragma pack()
48
49 /**
50 This command cancels the effect of a TPM lockout due to a number of successive authorization failures.
51 If this command is properly authorized, the lockout counter is set to zero.
52
53 @param[in] LockHandle TPM_RH_LOCKOUT
54 @param[in] AuthSession Auth Session context
55
56 @retval EFI_SUCCESS Operation completed successfully.
57 @retval EFI_DEVICE_ERROR Unexpected device behavior.
58 **/
59 EFI_STATUS
60 EFIAPI
61 Tpm2DictionaryAttackLockReset (
62 IN TPMI_RH_LOCKOUT LockHandle,
63 IN TPMS_AUTH_COMMAND *AuthSession
64 )
65 {
66 EFI_STATUS Status;
67 TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND SendBuffer;
68 TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE RecvBuffer;
69 UINT32 SendBufferSize;
70 UINT32 RecvBufferSize;
71 UINT8 *Buffer;
72 UINT32 SessionInfoSize;
73
74 //
75 // Construct command
76 //
77 SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
78 SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_DictionaryAttackLockReset);
79
80 SendBuffer.LockHandle = SwapBytes32 (LockHandle);
81
82 //
83 // Add in Auth session
84 //
85 Buffer = (UINT8 *)&SendBuffer.AuthSession;
86
87 // sessionInfoSize
88 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
89 Buffer += SessionInfoSize;
90 SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
91
92 SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
93 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
94
95 //
96 // send Tpm command
97 //
98 RecvBufferSize = sizeof (RecvBuffer);
99 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
100 if (EFI_ERROR (Status)) {
101 goto Done;
102 }
103
104 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
105 DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackLockReset - RecvBufferSize Error - %x\n", RecvBufferSize));
106 Status = EFI_DEVICE_ERROR;
107 goto Done;
108 }
109
110 if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
111 DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
112 Status = EFI_DEVICE_ERROR;
113 goto Done;
114 }
115
116 Done:
117 //
118 // Clear AuthSession Content
119 //
120 ZeroMem (&SendBuffer, sizeof (SendBuffer));
121 ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
122 return Status;
123 }
124
125 /**
126 This command cancels the effect of a TPM lockout due to a number of successive authorization failures.
127 If this command is properly authorized, the lockout counter is set to zero.
128
129 @param[in] LockHandle TPM_RH_LOCKOUT
130 @param[in] AuthSession Auth Session context
131 @param[in] NewMaxTries Count of authorization failures before the lockout is imposed
132 @param[in] NewRecoveryTime Time in seconds before the authorization failure count is automatically decremented
133 @param[in] LockoutRecovery Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed
134
135 @retval EFI_SUCCESS Operation completed successfully.
136 @retval EFI_DEVICE_ERROR Unexpected device behavior.
137 **/
138 EFI_STATUS
139 EFIAPI
140 Tpm2DictionaryAttackParameters (
141 IN TPMI_RH_LOCKOUT LockHandle,
142 IN TPMS_AUTH_COMMAND *AuthSession,
143 IN UINT32 NewMaxTries,
144 IN UINT32 NewRecoveryTime,
145 IN UINT32 LockoutRecovery
146 )
147 {
148 EFI_STATUS Status;
149 TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND SendBuffer;
150 TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE RecvBuffer;
151 UINT32 SendBufferSize;
152 UINT32 RecvBufferSize;
153 UINT8 *Buffer;
154 UINT32 SessionInfoSize;
155
156 //
157 // Construct command
158 //
159 SendBuffer.Header.tag = SwapBytes16 (TPM_ST_SESSIONS);
160 SendBuffer.Header.commandCode = SwapBytes32 (TPM_CC_DictionaryAttackParameters);
161
162 SendBuffer.LockHandle = SwapBytes32 (LockHandle);
163
164 //
165 // Add in Auth session
166 //
167 Buffer = (UINT8 *)&SendBuffer.AuthSession;
168
169 // sessionInfoSize
170 SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
171 Buffer += SessionInfoSize;
172 SendBuffer.AuthSessionSize = SwapBytes32 (SessionInfoSize);
173
174 //
175 // Real data
176 //
177 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NewMaxTries));
178 Buffer += sizeof (UINT32);
179 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NewRecoveryTime));
180 Buffer += sizeof (UINT32);
181 WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (LockoutRecovery));
182 Buffer += sizeof (UINT32);
183
184 SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
185 SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
186
187 //
188 // send Tpm command
189 //
190 RecvBufferSize = sizeof (RecvBuffer);
191 Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
192 if (EFI_ERROR (Status)) {
193 goto Done;
194 }
195
196 if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
197 DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackParameters - RecvBufferSize Error - %x\n", RecvBufferSize));
198 Status = EFI_DEVICE_ERROR;
199 goto Done;
200 }
201
202 if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
203 DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
204 Status = EFI_DEVICE_ERROR;
205 goto Done;
206 }
207
208 Done:
209 //
210 // Clear AuthSession Content
211 //
212 ZeroMem (&SendBufferSize, sizeof (SendBufferSize));
213 ZeroMem (&RecvBuffer, sizeof (RecvBuffer));
214 return Status;
215 }
EFI Development Kit II mirror for PVE