[U-Boot] [PATCH 16/18] tpm: add dictionary attack mitigation commands support
Miquel Raynal
miquel.raynal at bootlin.com
Thu Mar 8 15:40:19 UTC 2018
Add support for the TPM2_DictionaryAttackParameters and
TPM2_DictionaryAttackLockReset commands.
Change the command file and the help accordingly.
Signed-off-by: Miquel Raynal <miquel.raynal at bootlin.com>
---
cmd/tpm.c | 69 +++++++++++++++++++++++++++++++++++++++++++++
include/tpm.h | 26 +++++++++++++++++
lib/tpm.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 184 insertions(+)
diff --git a/cmd/tpm.c b/cmd/tpm.c
index 7fcfbf8550..533da2d2ac 100644
--- a/cmd/tpm.c
+++ b/cmd/tpm.c
@@ -480,6 +480,58 @@ static int do_tpm_init(cmd_tbl_t *cmdtp, int flag,
return report_return_code(tpm_init());
}
+static int do_tpm_dam_reset_counter(cmd_tbl_t *cmdtp, int flag,
+ int argc, char *const argv[])
+{
+ const char *pw = (argc < 2) ? NULL : argv[1];
+ const ssize_t pw_sz = pw ? strlen(pw) : 0;
+
+ if (argc > 2)
+ return CMD_RET_USAGE;
+
+ if (pw_sz > TPM2_DIGEST_LENGTH)
+ return -EINVAL;
+
+ return report_return_code(tpm2_dam_reset_counter(pw, pw_sz));
+}
+
+static int do_tpm_dam_set_parameters(cmd_tbl_t *cmdtp, int flag,
+ int argc, char *const argv[])
+{
+ const char *pw = (argc < 5) ? NULL : argv[4];
+ const ssize_t pw_sz = pw ? strlen(pw) : 0;
+ /*
+ * No Dictionary Attack Mitigation (DAM) means:
+ * maxtries = 0xFFFFFFFF, recovery_time = 0, lockout_recovery = 1
+ */
+ unsigned long int max_tries;
+ unsigned long int recovery_time;
+ unsigned long int lockout_recovery;
+
+ if (argc < 4 || argc > 5)
+ return CMD_RET_USAGE;
+
+ if (pw_sz > TPM2_DIGEST_LENGTH)
+ return -EINVAL;
+
+ if (strict_strtoul(argv[1], 0, &max_tries))
+ return CMD_RET_USAGE;
+
+ if (strict_strtoul(argv[2], 0, &recovery_time))
+ return CMD_RET_USAGE;
+
+ if (strict_strtoul(argv[3], 0, &lockout_recovery))
+ return CMD_RET_USAGE;
+
+ debug("Changing dictionary attack parameters:\n");
+ debug("- maxTries: %lu\n- recoveryTime: %lu\n- lockoutRecovery: %lu\n",
+ max_tries, recovery_time, lockout_recovery);
+
+ return report_return_code(tpm2_dam_set_parameters(pw, pw_sz, max_tries,
+ recovery_time,
+ lockout_recovery));
+}
+
static int do_tpm_force_clear(cmd_tbl_t *cmdtp, int flag,
int argc, char * const argv[])
{
@@ -901,6 +953,10 @@ static cmd_tbl_t tpm_commands[] = {
do_tpm_self_test_full, "", ""),
U_BOOT_CMD_MKENT(continue_self_test, 0, 1,
do_tpm_continue_self_test, "", ""),
+ U_BOOT_CMD_MKENT(dam_reset_counter, 0, 1,
+ do_tpm_dam_reset_counter, "", ""),
+ U_BOOT_CMD_MKENT(dam_set_parameters, 0, 1,
+ do_tpm_dam_set_parameters, "", ""),
U_BOOT_CMD_MKENT(force_clear, 0, 1,
do_tpm_force_clear, "", ""),
U_BOOT_CMD_MKENT(physical_enable, 0, 1,
@@ -1010,6 +1066,19 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm,
" get_capability <cap_area|capability> <sub_cap|property> <addr> <count>\n"
" - Read <count> bytes of TPM capability indexed by <cap_area|capability>\n"
" and <sub_cap|property> to memory address <addr>.\n"
+"Lockout/Dictionary attack Commands:\n"
+" dam_reset_counter [<password>]\n"
+" - If the TPM is not in a LOCKOUT state, reset the internal error\n"
+" counter (TPMv2 only)\n"
+" dam_set_parameters <maxTries> <recoveryTime> <lockoutRecovery> [<password>]\n"
+" - If the TPM is not in a LOCKOUT state, set the dictionary attack\n"
+" parameters:\n"
+" * maxTries: maximum number of failures before lockout.\n"
+" 0 means always locking.\n"
+" * recoveryTime: time before decrementation of the error counter,\n"
+" 0 means no lockout.\n"
+" * lockoutRecovery: time of a lockout (before the next try)\n"
+" 0 means a reboot is needed.\n"
#if defined(CONFIG_TPM_FLUSH_RESOURCES) || defined(CONFIG_TPM_LIST_RESOURCES)
"Resource management functions\n"
#endif
diff --git a/include/tpm.h b/include/tpm.h
index 369119fc1b..4d062584f9 100644
--- a/include/tpm.h
+++ b/include/tpm.h
@@ -60,6 +60,8 @@ enum tpm2_command_codes {
TPM2_CC_SELF_TEST = 0x0143,
TPM2_CC_CLEAR = 0x0126,
TPM2_CC_CLEARCONTROL = 0x0127,
+ TPM2_CC_DAM_RESET = 0x0139,
+ TPM2_CC_DAM_PARAMETERS = 0x013A,
TPM2_CC_GET_CAPABILITY = 0x017A,
TPM2_CC_PCR_READ = 0x017E,
TPM2_CC_PCR_EXTEND = 0x0182,
@@ -594,6 +596,30 @@ uint32_t tpm_tsc_physical_presence(uint16_t presence);
*/
uint32_t tpm_read_pubek(void *data, size_t count);
+/**
+ * Issue a TPM2_DictionaryAttackLockReset command.
+ *
+ * @param pw Password
+ * @param pw_sz Length of the password
+ * @return return code of the operation
+ */
+int tpm2_dam_reset_counter(const char *pw, const ssize_t pw_sz);
+
+/**
+ * Issue a TPM2_DictionaryAttackLockParameters command.
+ *
+ * @param pw Password
+ * @param pw_sz Length of the password
+ * @param max_tries Count of authorizations before lockout
+ * @param recovery_time Time before decrementation of the failure count
+ * @param lockout_recovery Time to wait after a lockout
+ * @return return code of the operation
+ */
+int tpm2_dam_set_parameters(const char *pw, const ssize_t pw_sz,
+ unsigned int max_tries,
+ unsigned int recovery_time,
+ unsigned int lockout_recovery);
+
/**
* Issue a TPM_ForceClear or a TPM2_Clear command.
*
diff --git a/lib/tpm.c b/lib/tpm.c
index 59f6cd6dba..1e064e6ff1 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -703,6 +703,95 @@ uint32_t tpm_read_pubek(void *data, size_t count)
return 0;
}
+int tpm2_dam_reset_counter(const char *pw, const ssize_t pw_sz)
+{
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ STRINGIFY16(TPM2_ST_SESSIONS), /* TAG */
+ STRINGIFY32(27 + pw_sz), /* Command size */
+ STRINGIFY32(TPM2_CC_DAM_RESET), /* Command code */
+
+ /* HANDLE */
+ STRINGIFY32(TPM2_RH_LOCKOUT), /* TPM resource handle */
+
+ /* AUTH_SESSION */
+ STRINGIFY32(9 + pw_sz), /* Authorization size */
+ STRINGIFY32(TPM2_RS_PW), /* Session handle */
+ STRINGIFY16(0), /* Size of <nonce> */
+ /* <nonce> (if any) */
+ 0, /* Attributes: Cont/Excl/Rst */
+ STRINGIFY16(pw_sz), /* Size of <hmac/password> */
+ /* STRING(pw) <hmac/password> (if any) */
+ };
+ unsigned int offset = 27;
+ int ret;
+
+ if (!is_tpmv2)
+ return TPM_LIB_ERROR;
+
+ /*
+ * Fill the command structure starting from the first buffer:
+ * - the password (if any)
+ */
+ ret = pack_byte_string(command_v2, sizeof(command_v2), "s",
+ offset, pw, pw_sz);
+ offset += pw_sz;
+ if (ret)
+ return TPM_LIB_ERROR;
+
+ return tpm_sendrecv_command(command_v2, NULL, NULL);
+}
+
+int tpm2_dam_set_parameters(const char *pw, const ssize_t pw_sz,
+ unsigned int max_tries, unsigned int recovery_time,
+ unsigned int lockout_recovery)
+{
+ u8 command_v2[COMMAND_BUFFER_SIZE] = {
+ STRINGIFY16(TPM2_ST_SESSIONS), /* TAG */
+ STRINGIFY32(27 + pw_sz + 12), /* Command size */
+ STRINGIFY32(TPM2_CC_DAM_PARAMETERS), /* Command code */
+
+ /* HANDLE */
+ STRINGIFY32(TPM2_RH_LOCKOUT), /* TPM resource handle */
+
+ /* AUTH_SESSION */
+ STRINGIFY32(9 + pw_sz), /* Authorization size */
+ STRINGIFY32(TPM2_RS_PW), /* Session handle */
+ STRINGIFY16(0), /* Size of <nonce> */
+ /* <nonce> (if any) */
+ 0, /* Attributes: Cont/Excl/Rst */
+ STRINGIFY16(pw_sz), /* Size of <hmac/password> */
+ /* STRING(pw) <hmac/password> (if any) */
+
+ /* LOCKOUT PARAMETERS */
+ /* STRIGIFY32(max_tries) Max tries (0, always lock) */
+ /* STRIGIFY32(recovery_time) Recovery time (0, no lock) */
+ /* STRIGIFY32(lockout_recovery) Lockout recovery */
+ };
+ unsigned int offset = 27;
+ int ret;
+
+ if (!is_tpmv2)
+ return TPM_LIB_ERROR;
+
+ /*
+ * Fill the command structure starting from the first buffer:
+ * - the password (if any)
+ * - max tries
+ * - recovery time
+ * - lockout recovery
+ */
+ ret = pack_byte_string(command_v2, sizeof(command_v2), "sddd",
+ offset, pw, pw_sz,
+ offset + pw_sz, max_tries,
+ offset + pw_sz + 4, recovery_time,
+ offset + pw_sz + 8, lockout_recovery);
+ offset += pw_sz + 12;
+ if (ret)
+ return TPM_LIB_ERROR;
+
+ return tpm_sendrecv_command(command_v2, NULL, NULL);
+}
+
int tpm_force_clear(u32 handle, const char *pw, const ssize_t pw_sz)
{
const u8 command_v1[10] = {
--
2.14.1
More information about the U-Boot
mailing list