From patchwork Thu Mar 8 15:40:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miquel Raynal X-Patchwork-Id: 883201 X-Patchwork-Delegate: sjg@chromium.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3zxw1M1nDcz9shc for ; Fri, 9 Mar 2018 02:49:27 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id F1300C21ED5; Thu, 8 Mar 2018 15:44:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 80561C21FD9; Thu, 8 Mar 2018 15:41:08 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 0F1CAC21F68; Thu, 8 Mar 2018 15:40:56 +0000 (UTC) Received: from mail.bootlin.com (mail.bootlin.com [62.4.15.54]) by lists.denx.de (Postfix) with ESMTP id B18ECC21FD9 for ; Thu, 8 Mar 2018 15:40:49 +0000 (UTC) Received: by mail.bootlin.com (Postfix, from userid 110) id 293D520732; Thu, 8 Mar 2018 16:40:48 +0100 (CET) Received: from localhost.localdomain (LStLambert-657-1-97-87.w90-63.abo.wanadoo.fr [90.63.216.87]) by mail.bootlin.com (Postfix) with ESMTPSA id F0DB820884; Thu, 8 Mar 2018 16:40:28 +0100 (CET) From: Miquel Raynal To: u-boot@lists.denx.de Date: Thu, 8 Mar 2018 16:40:19 +0100 Message-Id: <20180308154021.25255-17-miquel.raynal@bootlin.com> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20180308154021.25255-1-miquel.raynal@bootlin.com> References: <20180308154021.25255-1-miquel.raynal@bootlin.com> Subject: [U-Boot] [PATCH 16/18] tpm: add dictionary attack mitigation commands support X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Add support for the TPM2_DictionaryAttackParameters and TPM2_DictionaryAttackLockReset commands. Change the command file and the help accordingly. Signed-off-by: Miquel Raynal --- cmd/tpm.c | 69 +++++++++++++++++++++++++++++++++++++++++++++ include/tpm.h | 26 +++++++++++++++++ lib/tpm.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 184 insertions(+) diff --git a/cmd/tpm.c b/cmd/tpm.c index 7fcfbf8550..533da2d2ac 100644 --- a/cmd/tpm.c +++ b/cmd/tpm.c @@ -480,6 +480,58 @@ static int do_tpm_init(cmd_tbl_t *cmdtp, int flag, return report_return_code(tpm_init()); } +static int do_tpm_dam_reset_counter(cmd_tbl_t *cmdtp, int flag, + int argc, char *const argv[]) +{ + const char *pw = (argc < 2) ? NULL : argv[1]; + const ssize_t pw_sz = pw ? strlen(pw) : 0; + + if (argc > 2) + return CMD_RET_USAGE; + + if (pw_sz > TPM2_DIGEST_LENGTH) + return -EINVAL; + + return report_return_code(tpm2_dam_reset_counter(pw, pw_sz)); +} + +static int do_tpm_dam_set_parameters(cmd_tbl_t *cmdtp, int flag, + int argc, char *const argv[]) +{ + const char *pw = (argc < 5) ? NULL : argv[4]; + const ssize_t pw_sz = pw ? strlen(pw) : 0; + /* + * No Dictionary Attack Mitigation (DAM) means: + * maxtries = 0xFFFFFFFF, recovery_time = 0, lockout_recovery = 1 + */ + unsigned long int max_tries; + unsigned long int recovery_time; + unsigned long int lockout_recovery; + + if (argc < 4 || argc > 5) + return CMD_RET_USAGE; + + if (pw_sz > TPM2_DIGEST_LENGTH) + return -EINVAL; + + if (strict_strtoul(argv[1], 0, &max_tries)) + return CMD_RET_USAGE; + + if (strict_strtoul(argv[2], 0, &recovery_time)) + return CMD_RET_USAGE; + + if (strict_strtoul(argv[3], 0, &lockout_recovery)) + return CMD_RET_USAGE; + + debug("Changing dictionary attack parameters:\n"); + debug("- maxTries: %lu\n- recoveryTime: %lu\n- lockoutRecovery: %lu\n", + max_tries, recovery_time, lockout_recovery); + + return report_return_code(tpm2_dam_set_parameters(pw, pw_sz, max_tries, + recovery_time, + lockout_recovery)); +} + static int do_tpm_force_clear(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { @@ -901,6 +953,10 @@ static cmd_tbl_t tpm_commands[] = { do_tpm_self_test_full, "", ""), U_BOOT_CMD_MKENT(continue_self_test, 0, 1, do_tpm_continue_self_test, "", ""), + U_BOOT_CMD_MKENT(dam_reset_counter, 0, 1, + do_tpm_dam_reset_counter, "", ""), + U_BOOT_CMD_MKENT(dam_set_parameters, 0, 1, + do_tpm_dam_set_parameters, "", ""), U_BOOT_CMD_MKENT(force_clear, 0, 1, do_tpm_force_clear, "", ""), U_BOOT_CMD_MKENT(physical_enable, 0, 1, @@ -1010,6 +1066,19 @@ U_BOOT_CMD(tpm, CONFIG_SYS_MAXARGS, 1, do_tpm, " get_capability \n" " - Read bytes of TPM capability indexed by \n" " and to memory address .\n" +"Lockout/Dictionary attack Commands:\n" +" dam_reset_counter []\n" +" - If the TPM is not in a LOCKOUT state, reset the internal error\n" +" counter (TPMv2 only)\n" +" dam_set_parameters []\n" +" - If the TPM is not in a LOCKOUT state, set the dictionary attack\n" +" parameters:\n" +" * maxTries: maximum number of failures before lockout.\n" +" 0 means always locking.\n" +" * recoveryTime: time before decrementation of the error counter,\n" +" 0 means no lockout.\n" +" * lockoutRecovery: time of a lockout (before the next try)\n" +" 0 means a reboot is needed.\n" #if defined(CONFIG_TPM_FLUSH_RESOURCES) || defined(CONFIG_TPM_LIST_RESOURCES) "Resource management functions\n" #endif diff --git a/include/tpm.h b/include/tpm.h index 369119fc1b..4d062584f9 100644 --- a/include/tpm.h +++ b/include/tpm.h @@ -60,6 +60,8 @@ enum tpm2_command_codes { TPM2_CC_SELF_TEST = 0x0143, TPM2_CC_CLEAR = 0x0126, TPM2_CC_CLEARCONTROL = 0x0127, + TPM2_CC_DAM_RESET = 0x0139, + TPM2_CC_DAM_PARAMETERS = 0x013A, TPM2_CC_GET_CAPABILITY = 0x017A, TPM2_CC_PCR_READ = 0x017E, TPM2_CC_PCR_EXTEND = 0x0182, @@ -594,6 +596,30 @@ uint32_t tpm_tsc_physical_presence(uint16_t presence); */ uint32_t tpm_read_pubek(void *data, size_t count); +/** + * Issue a TPM2_DictionaryAttackLockReset command. + * + * @param pw Password + * @param pw_sz Length of the password + * @return return code of the operation + */ +int tpm2_dam_reset_counter(const char *pw, const ssize_t pw_sz); + +/** + * Issue a TPM2_DictionaryAttackLockParameters command. + * + * @param pw Password + * @param pw_sz Length of the password + * @param max_tries Count of authorizations before lockout + * @param recovery_time Time before decrementation of the failure count + * @param lockout_recovery Time to wait after a lockout + * @return return code of the operation + */ +int tpm2_dam_set_parameters(const char *pw, const ssize_t pw_sz, + unsigned int max_tries, + unsigned int recovery_time, + unsigned int lockout_recovery); + /** * Issue a TPM_ForceClear or a TPM2_Clear command. * diff --git a/lib/tpm.c b/lib/tpm.c index 59f6cd6dba..1e064e6ff1 100644 --- a/lib/tpm.c +++ b/lib/tpm.c @@ -703,6 +703,95 @@ uint32_t tpm_read_pubek(void *data, size_t count) return 0; } +int tpm2_dam_reset_counter(const char *pw, const ssize_t pw_sz) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + STRINGIFY16(TPM2_ST_SESSIONS), /* TAG */ + STRINGIFY32(27 + pw_sz), /* Command size */ + STRINGIFY32(TPM2_CC_DAM_RESET), /* Command code */ + + /* HANDLE */ + STRINGIFY32(TPM2_RH_LOCKOUT), /* TPM resource handle */ + + /* AUTH_SESSION */ + STRINGIFY32(9 + pw_sz), /* Authorization size */ + STRINGIFY32(TPM2_RS_PW), /* Session handle */ + STRINGIFY16(0), /* Size of */ + /* (if any) */ + 0, /* Attributes: Cont/Excl/Rst */ + STRINGIFY16(pw_sz), /* Size of */ + /* STRING(pw) (if any) */ + }; + unsigned int offset = 27; + int ret; + + if (!is_tpmv2) + return TPM_LIB_ERROR; + + /* + * Fill the command structure starting from the first buffer: + * - the password (if any) + */ + ret = pack_byte_string(command_v2, sizeof(command_v2), "s", + offset, pw, pw_sz); + offset += pw_sz; + if (ret) + return TPM_LIB_ERROR; + + return tpm_sendrecv_command(command_v2, NULL, NULL); +} + +int tpm2_dam_set_parameters(const char *pw, const ssize_t pw_sz, + unsigned int max_tries, unsigned int recovery_time, + unsigned int lockout_recovery) +{ + u8 command_v2[COMMAND_BUFFER_SIZE] = { + STRINGIFY16(TPM2_ST_SESSIONS), /* TAG */ + STRINGIFY32(27 + pw_sz + 12), /* Command size */ + STRINGIFY32(TPM2_CC_DAM_PARAMETERS), /* Command code */ + + /* HANDLE */ + STRINGIFY32(TPM2_RH_LOCKOUT), /* TPM resource handle */ + + /* AUTH_SESSION */ + STRINGIFY32(9 + pw_sz), /* Authorization size */ + STRINGIFY32(TPM2_RS_PW), /* Session handle */ + STRINGIFY16(0), /* Size of */ + /* (if any) */ + 0, /* Attributes: Cont/Excl/Rst */ + STRINGIFY16(pw_sz), /* Size of */ + /* STRING(pw) (if any) */ + + /* LOCKOUT PARAMETERS */ + /* STRIGIFY32(max_tries) Max tries (0, always lock) */ + /* STRIGIFY32(recovery_time) Recovery time (0, no lock) */ + /* STRIGIFY32(lockout_recovery) Lockout recovery */ + }; + unsigned int offset = 27; + int ret; + + if (!is_tpmv2) + return TPM_LIB_ERROR; + + /* + * Fill the command structure starting from the first buffer: + * - the password (if any) + * - max tries + * - recovery time + * - lockout recovery + */ + ret = pack_byte_string(command_v2, sizeof(command_v2), "sddd", + offset, pw, pw_sz, + offset + pw_sz, max_tries, + offset + pw_sz + 4, recovery_time, + offset + pw_sz + 8, lockout_recovery); + offset += pw_sz + 12; + if (ret) + return TPM_LIB_ERROR; + + return tpm_sendrecv_command(command_v2, NULL, NULL); +} + int tpm_force_clear(u32 handle, const char *pw, const ssize_t pw_sz) { const u8 command_v1[10] = {