From da9c3392e6cb2f3bf6d9973b1bda3b6881608b8e Mon Sep 17 00:00:00 2001 From: Miquel Raynal Date: Tue, 15 May 2018 11:57:18 +0200 Subject: [PATCH] tpm: add dictionary attack mitigation commands support Add support for the TPM2_DictionaryAttackParameters and TPM2_DictionaryAttackLockReset commands. Change the command file and the help accordingly. Signed-off-by: Miquel Raynal Reviewed-by: Simon Glass Reviewed-by: Tom Rini --- cmd/tpm-v2.c | 67 ++++++++++++++++++++++++++++++++++++++ include/tpm-v2.h | 25 +++++++++++++++ lib/tpm-v2.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 175 insertions(+) diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c index 298669bf84..4a5b40bc7a 100644 --- a/cmd/tpm-v2.c +++ b/cmd/tpm-v2.c @@ -181,6 +181,59 @@ unmap_data: return report_return_code(rc); } +static int do_tpm_dam_reset(cmd_tbl_t *cmdtp, int flag, int argc, + char *const argv[]) +{ + const char *pw = (argc < 2) ? NULL : argv[1]; + const ssize_t pw_sz = pw ? strlen(pw) : 0; + + if (argc > 2) + return CMD_RET_USAGE; + + if (pw_sz > TPM2_DIGEST_LEN) + return -EINVAL; + + return report_return_code(tpm2_dam_reset(pw, pw_sz)); +} + +static int do_tpm_dam_parameters(cmd_tbl_t *cmdtp, int flag, int argc, + char *const argv[]) +{ + const char *pw = (argc < 5) ? NULL : argv[4]; + const ssize_t pw_sz = pw ? strlen(pw) : 0; + /* + * No Dictionary Attack Mitigation (DAM) means: + * maxtries = 0xFFFFFFFF, recovery_time = 1, lockout_recovery = 0 + */ + unsigned long int max_tries; + unsigned long int recovery_time; + unsigned long int lockout_recovery; + + if (argc < 4 || argc > 5) + return CMD_RET_USAGE; + + if (pw_sz > TPM2_DIGEST_LEN) + return -EINVAL; + + if (strict_strtoul(argv[1], 0, &max_tries)) + return CMD_RET_USAGE; + + if (strict_strtoul(argv[2], 0, &recovery_time)) + return CMD_RET_USAGE; + + if (strict_strtoul(argv[3], 0, &lockout_recovery)) + return CMD_RET_USAGE; + + log(LOGC_NONE, LOGL_INFO, "Changing dictionary attack parameters:\n"); + log(LOGC_NONE, LOGL_INFO, "- maxTries: %lu", max_tries); + log(LOGC_NONE, LOGL_INFO, "- recoveryTime: %lu\n", recovery_time); + log(LOGC_NONE, LOGL_INFO, "- lockoutRecovery: %lu\n", lockout_recovery); + + return report_return_code(tpm2_dam_parameters(pw, pw_sz, max_tries, + recovery_time, + lockout_recovery)); +} + static cmd_tbl_t tpm2_commands[] = { U_BOOT_CMD_MKENT(info, 0, 1, do_tpm_info, "", ""), U_BOOT_CMD_MKENT(init, 0, 1, do_tpm_init, "", ""), @@ -190,6 +243,8 @@ static cmd_tbl_t tpm2_commands[] = { U_BOOT_CMD_MKENT(pcr_extend, 0, 1, do_tpm2_pcr_extend, "", ""), U_BOOT_CMD_MKENT(pcr_read, 0, 1, do_tpm_pcr_read, "", ""), U_BOOT_CMD_MKENT(get_capability, 0, 1, do_tpm_get_capability, "", ""), + U_BOOT_CMD_MKENT(dam_reset, 0, 1, do_tpm_dam_reset, "", ""), + U_BOOT_CMD_MKENT(dam_parameters, 0, 1, do_tpm_dam_parameters, "", ""), }; cmd_tbl_t *get_tpm_commands(unsigned int *size) @@ -236,4 +291,16 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command", " : property\n" " : address to store entries of 4 bytes\n" " : number of entries to retrieve\n" +" dam_reset_counter []\n" +" - If the TPM is not in a LOCKOUT state, reset the internal error\n" +" counter (TPMv2 only)\n" +" dam_set_parameters []\n" +" - If the TPM is not in a LOCKOUT state, set the dictionary attack\n" +" parameters:\n" +" * maxTries: maximum number of failures before lockout.\n" +" 0 means always locking.\n" +" * recoveryTime: time before decrementation of the error counter,\n" +" 0 means no lockout.\n" +" * lockoutRecovery: time of a lockout (before the next try)\n" +" 0 means a reboot is needed.\n" ); diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 7c2f6e91cd..ab8f113d82 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -191,4 +191,29 @@ u32 tpm2_pcr_read(u32 idx, unsigned int idx_min_sz, void *data, u32 tpm2_get_capability(u32 capability, u32 property, void *buf, size_t prop_count); +/** + * Issue a TPM2_DictionaryAttackLockReset command. + * + * @pw Password + * @pw_sz Length of the password + * + * @return code of the operation + */ +u32 tpm2_dam_reset(const char *pw, const ssize_t pw_sz); + +/** + * Issue a TPM2_DictionaryAttackParameters command. + * + * @pw Password + * @pw_sz Length of the password + * @max_tries Count of authorizations before lockout + * @recovery_time Time before decrementation of the failure count + * @lockout_recovery Time to wait after a lockout + * + * @return code of the operation + */ +u32 tpm2_dam_parameters(const char *pw, const ssize_t pw_sz, + unsigned int max_tries, unsigned int recovery_time, + unsigned int lockout_recovery); + #endif /* __TPM_V2_H */ diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 08e3ba7a3c..9a65e7de42 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -190,3 +190,86 @@ u32 tpm2_get_capability(u32 capability, u32 property, void *buf, return 0; } + +u32 tpm2_dam_reset(const char *pw, const ssize_t pw_sz) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + tpm_u16(TPM2_ST_SESSIONS), /* TAG */ + tpm_u32(27 + pw_sz), /* Length */ + tpm_u32(TPM2_CC_DAM_RESET), /* Command code */ + + /* HANDLE */ + tpm_u32(TPM2_RH_LOCKOUT), /* TPM resource handle */ + + /* AUTH_SESSION */ + tpm_u32(9 + pw_sz), /* Authorization size */ + tpm_u32(TPM2_RS_PW), /* Session handle */ + tpm_u16(0), /* Size of */ + /* (if any) */ + 0, /* Attributes: Cont/Excl/Rst */ + tpm_u16(pw_sz), /* Size of */ + /* STRING(pw) (if any) */ + }; + unsigned int offset = 27; + int ret; + + /* + * Fill the command structure starting from the first buffer: + * - the password (if any) + */ + ret = pack_byte_string(command_v2, sizeof(command_v2), "s", + offset, pw, pw_sz); + offset += pw_sz; + if (ret) + return TPM_LIB_ERROR; + + return tpm_sendrecv_command(command_v2, NULL, NULL); +} + +u32 tpm2_dam_parameters(const char *pw, const ssize_t pw_sz, + unsigned int max_tries, unsigned int recovery_time, + unsigned int lockout_recovery) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + tpm_u16(TPM2_ST_SESSIONS), /* TAG */ + tpm_u32(27 + pw_sz + 12), /* Length */ + tpm_u32(TPM2_CC_DAM_PARAMETERS), /* Command code */ + + /* HANDLE */ + tpm_u32(TPM2_RH_LOCKOUT), /* TPM resource handle */ + + /* AUTH_SESSION */ + tpm_u32(9 + pw_sz), /* Authorization size */ + tpm_u32(TPM2_RS_PW), /* Session handle */ + tpm_u16(0), /* Size of */ + /* (if any) */ + 0, /* Attributes: Cont/Excl/Rst */ + tpm_u16(pw_sz), /* Size of */ + /* STRING(pw) (if any) */ + + /* LOCKOUT PARAMETERS */ + /* tpm_u32(max_tries) Max tries (0, always lock) */ + /* tpm_u32(recovery_time) Recovery time (0, no lock) */ + /* tpm_u32(lockout_recovery) Lockout recovery */ + }; + unsigned int offset = 27; + int ret; + + /* + * Fill the command structure starting from the first buffer: + * - the password (if any) + * - max tries + * - recovery time + * - lockout recovery + */ + ret = pack_byte_string(command_v2, sizeof(command_v2), "sddd", + offset, pw, pw_sz, + offset + pw_sz, max_tries, + offset + pw_sz + 4, recovery_time, + offset + pw_sz + 8, lockout_recovery); + offset += pw_sz + 12; + if (ret) + return TPM_LIB_ERROR; + + return tpm_sendrecv_command(command_v2, NULL, NULL); +} -- 2.25.1