1// 2// Copyright (C) 2015 The Android Open Source Project 3// 4// Licensed under the Apache License, Version 2.0 (the "License"); 5// you may not use this file except in compliance with the License. 6// You may obtain a copy of the License at 7// 8// http://www.apache.org/licenses/LICENSE-2.0 9// 10// Unless required by applicable law or agreed to in writing, software 11// distributed under the License is distributed on an "AS IS" BASIS, 12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13// See the License for the specific language governing permissions and 14// limitations under the License. 15// 16 17#include "tpm_manager/server/tpm_status_impl.h" 18 19#include <vector> 20 21#include <base/logging.h> 22#include <trousers/tss.h> 23#include <trousers/trousers.h> // NOLINT(build/include_alpha) 24 25namespace tpm_manager { 26 27// Minimum size of TPM_DA_INFO struct. 28const size_t kMinimumDaInfoSize = 21; 29 30bool TpmStatusImpl::IsTpmEnabled() { 31 if (!is_enable_initialized_) { 32 RefreshOwnedEnabledInfo(); 33 } 34 return is_enabled_; 35} 36 37bool TpmStatusImpl::IsTpmOwned() { 38 if (!is_owned_) { 39 RefreshOwnedEnabledInfo(); 40 } 41 return is_owned_; 42} 43 44bool TpmStatusImpl::GetDictionaryAttackInfo(int* counter, 45 int* threshold, 46 bool* lockout, 47 int* seconds_remaining) { 48 std::string capability_data; 49 if (!GetCapability(TSS_TPMCAP_DA_LOGIC, TPM_ET_KEYHANDLE, 50 &capability_data, nullptr) || 51 capability_data.size() < kMinimumDaInfoSize) { 52 LOG(ERROR) << "Error getting tpm capability data."; 53 return false; 54 } 55 if (static_cast<uint16_t>(capability_data[1]) == TPM_TAG_DA_INFO) { 56 TPM_DA_INFO da_info; 57 uint64_t offset = 0; 58 std::vector<BYTE> bytes(capability_data.begin(), capability_data.end()); 59 Trspi_UnloadBlob_DA_INFO(&offset, bytes.data(), &da_info); 60 if (counter) { *counter = da_info.currentCount; } 61 if (threshold) { *threshold = da_info.thresholdCount; } 62 if (lockout) { *lockout = (da_info.state == TPM_DA_STATE_ACTIVE); } 63 if (seconds_remaining) { *seconds_remaining = da_info.actionDependValue; } 64 } 65 return true; 66} 67 68void TpmStatusImpl::RefreshOwnedEnabledInfo() { 69 TSS_RESULT result; 70 std::string capability_data; 71 if (!GetCapability(TSS_TPMCAP_PROPERTY, TSS_TPMCAP_PROP_OWNER, 72 &capability_data, &result)) { 73 if (ERROR_CODE(result) == TPM_E_DISABLED) { 74 is_enable_initialized_ = true; 75 is_enabled_ = false; 76 } 77 } else { 78 is_enable_initialized_ = true; 79 is_enabled_ = true; 80 // |capability_data| should be populated with a TSS_BOOL which is true iff 81 // the Tpm is owned. 82 if (capability_data.size() != sizeof(TSS_BOOL)) { 83 LOG(ERROR) << "Error refreshing Tpm ownership information."; 84 return; 85 } 86 is_owned_ = (capability_data[0] != 0); 87 } 88} 89 90bool TpmStatusImpl::GetCapability(uint32_t capability, 91 uint32_t sub_capability, 92 std::string* data, 93 TSS_RESULT* tpm_result) { 94 CHECK(data); 95 TSS_HTPM tpm_handle = tpm_connection_.GetTpm(); 96 if (tpm_handle == 0) { 97 return false; 98 } 99 uint32_t length = 0; 100 trousers::ScopedTssMemory buf(tpm_connection_.GetContext()); 101 TSS_RESULT result = Tspi_TPM_GetCapability( 102 tpm_handle, capability, sizeof(uint32_t), 103 reinterpret_cast<BYTE*>(&sub_capability), 104 &length, buf.ptr()); 105 if (tpm_result) { 106 *tpm_result = result; 107 } 108 if (TPM_ERROR(result)) { 109 LOG(ERROR) << "Error getting TPM capability data."; 110 return false; 111 } 112 data->assign(buf.value(), buf.value() + length); 113 return true; 114} 115 116} // namespace tpm_manager 117