--- /dev/null
+/** @file\r
+ Implement TPM2 DictionaryAttack related command.\r
+\r
+Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include <IndustryStandard/UefiTcgPlatform.h>\r
+#include <Library/Tpm2CommandLib.h>\r
+#include <Library/Tpm2DeviceLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/BaseLib.h>\r
+#include <Library/DebugLib.h>\r
+\r
+#pragma pack(1)\r
+\r
+typedef struct {\r
+ TPM2_COMMAND_HEADER Header;\r
+ TPMI_RH_LOCKOUT LockHandle;\r
+ UINT32 AuthSessionSize;\r
+ TPMS_AUTH_COMMAND AuthSession;\r
+} TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND;\r
+\r
+typedef struct {\r
+ TPM2_RESPONSE_HEADER Header;\r
+ UINT32 AuthSessionSize;\r
+ TPMS_AUTH_RESPONSE AuthSession;\r
+} TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE;\r
+\r
+typedef struct {\r
+ TPM2_COMMAND_HEADER Header;\r
+ TPMI_RH_LOCKOUT LockHandle;\r
+ UINT32 AuthSessionSize;\r
+ TPMS_AUTH_COMMAND AuthSession;\r
+ UINT32 NewMaxTries;\r
+ UINT32 NewRecoveryTime;\r
+ UINT32 LockoutRecovery;\r
+} TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND;\r
+\r
+typedef struct {\r
+ TPM2_RESPONSE_HEADER Header;\r
+ UINT32 AuthSessionSize;\r
+ TPMS_AUTH_RESPONSE AuthSession;\r
+} TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE;\r
+\r
+#pragma pack()\r
+\r
+/**\r
+ This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r
+ If this command is properly authorized, the lockout counter is set to zero.\r
+\r
+ @param[in] LockHandle TPM_RH_LOCKOUT\r
+ @param[in] AuthSession Auth Session context\r
+\r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+ @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tpm2DictionaryAttackLockReset (\r
+ IN TPMI_RH_LOCKOUT LockHandle,\r
+ IN TPMS_AUTH_COMMAND *AuthSession\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND SendBuffer;\r
+ TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE RecvBuffer;\r
+ UINT32 SendBufferSize;\r
+ UINT32 RecvBufferSize;\r
+ UINT8 *Buffer;\r
+ UINT32 SessionInfoSize;\r
+\r
+ //\r
+ // Construct command\r
+ //\r
+ SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
+ SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackLockReset);\r
+\r
+ SendBuffer.LockHandle = SwapBytes32 (LockHandle);\r
+\r
+ //\r
+ // Add in Auth session\r
+ //\r
+ Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
+\r
+ // sessionInfoSize\r
+ SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
+ Buffer += SessionInfoSize;\r
+ SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
+\r
+ SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
+ SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
+\r
+ //\r
+ // send Tpm command\r
+ //\r
+ RecvBufferSize = sizeof (RecvBuffer);\r
+ Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
+ DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackLockReset - RecvBufferSize Error - %x\n", RecvBufferSize));\r
+ return EFI_DEVICE_ERROR;\r
+ }\r
+ if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
+ DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
+ return EFI_DEVICE_ERROR;\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ This command cancels the effect of a TPM lockout due to a number of successive authorization failures.\r
+ If this command is properly authorized, the lockout counter is set to zero.\r
+\r
+ @param[in] LockHandle TPM_RH_LOCKOUT\r
+ @param[in] AuthSession Auth Session context\r
+ @param[in] NewMaxTries Count of authorization failures before the lockout is imposed\r
+ @param[in] NewRecoveryTime Time in seconds before the authorization failure count is automatically decremented\r
+ @param[in] LockoutRecovery Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed\r
+\r
+ @retval EFI_SUCCESS Operation completed successfully.\r
+ @retval EFI_DEVICE_ERROR Unexpected device behavior.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tpm2DictionaryAttackParameters (\r
+ IN TPMI_RH_LOCKOUT LockHandle,\r
+ IN TPMS_AUTH_COMMAND *AuthSession,\r
+ IN UINT32 NewMaxTries,\r
+ IN UINT32 NewRecoveryTime,\r
+ IN UINT32 LockoutRecovery\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND SendBuffer;\r
+ TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE RecvBuffer;\r
+ UINT32 SendBufferSize;\r
+ UINT32 RecvBufferSize;\r
+ UINT8 *Buffer;\r
+ UINT32 SessionInfoSize;\r
+\r
+ //\r
+ // Construct command\r
+ //\r
+ SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);\r
+ SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackParameters);\r
+\r
+ SendBuffer.LockHandle = SwapBytes32 (LockHandle);\r
+\r
+ //\r
+ // Add in Auth session\r
+ //\r
+ Buffer = (UINT8 *)&SendBuffer.AuthSession;\r
+\r
+ // sessionInfoSize\r
+ SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);\r
+ Buffer += SessionInfoSize;\r
+ SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);\r
+\r
+ //\r
+ // Real data\r
+ //\r
+ WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewMaxTries));\r
+ Buffer += sizeof(UINT32);\r
+ WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewRecoveryTime));\r
+ Buffer += sizeof(UINT32);\r
+ WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(LockoutRecovery));\r
+ Buffer += sizeof(UINT32);\r
+\r
+ SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);\r
+ SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);\r
+\r
+ //\r
+ // send Tpm command\r
+ //\r
+ RecvBufferSize = sizeof (RecvBuffer);\r
+ Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {\r
+ DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackParameters - RecvBufferSize Error - %x\n", RecvBufferSize));\r
+ return EFI_DEVICE_ERROR;\r
+ }\r
+ if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {\r
+ DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));\r
+ return EFI_DEVICE_ERROR;\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+}\r
projects / mirror_edk2.git / blobdiff