From 6701b862aa96775609a7d42662ae4a98e43071bb Mon Sep 17 00:00:00 2001 From: kavsrf Date: Sun, 4 Dec 2016 13:46:48 +0300 Subject: TPM12 support --- Library/VeraCryptLib/DcsVeraCrypt.c | 176 ++++++++++++++++++++++++++-------- Library/VeraCryptLib/DcsVeraCrypt.h | 3 + Library/VeraCryptLib/VeraCryptLib.inf | 2 + Library/VeraCryptLib/llmath.c | 4 +- 4 files changed, 144 insertions(+), 41 deletions(-) (limited to 'Library/VeraCryptLib') diff --git a/Library/VeraCryptLib/DcsVeraCrypt.c b/Library/VeraCryptLib/DcsVeraCrypt.c index 1b6cd35..02128df 100644 --- a/Library/VeraCryptLib/DcsVeraCrypt.c +++ b/Library/VeraCryptLib/DcsVeraCrypt.c @@ -26,24 +26,25 @@ https://opensource.org/licenses/Apache-2.0 #include "common/Xml.h" #include "common/Crc.h" #include "BootCommon.h" +#include "Library/DcsTpmLib.h" ////////////////////////////////////////////////////////////////////////// // Config ////////////////////////////////////////////////////////////////////////// -char *ConfigBuffer = NULL; -UINTN ConfigBufferSize = 0; +char *gConfigBuffer = NULL; +UINTN gConfigBufferSize = 0; BOOL ConfigRead(char *configKey, char *configValue, int maxValueSize) { char *xml; - if (ConfigBuffer == NULL) { - if (FileLoad(NULL, L"\\EFI\\VeraCrypt\\DcsProp", &ConfigBuffer, &ConfigBufferSize) != EFI_SUCCESS) { - return FALSE; - } - } + if (gConfigBuffer == NULL) { + if (FileLoad(NULL, L"\\EFI\\VeraCrypt\\DcsProp", &gConfigBuffer, &gConfigBufferSize) != EFI_SUCCESS) { + return FALSE; + } + } - xml = ConfigBuffer; + xml = gConfigBuffer; if (xml != NULL) { xml = XmlFindElementByAttributeValue(xml, "config", "key", configKey); @@ -246,48 +247,145 @@ VCAuthLoadConfig() } +////////////////////////////////////////////////////////////////////////// +// Configuration menu +////////////////////////////////////////////////////////////////////////// +PMENU_ITEM gCfgMenu = NULL; +BOOLEAN gCfgMenuContinue = TRUE; + +EFI_STATUS +ActionCfgReboot(IN VOID *ctx) { + gST->RuntimeServices->ResetSystem(EfiResetCold, EFI_SUCCESS, 0, NULL); + return EFI_DEVICE_ERROR; +} + +EFI_STATUS +ActionCfgTpm(IN VOID *ctx) { + return gTpm->Configure(gTpm); +} + +EFI_STATUS +ActionBoot(IN VOID *ctx) { + gCfgMenuContinue = FALSE; + gAuthPwdCode = AskPwdRetCancel; + return EFI_SUCCESS; +} + +EFI_STATUS +ActionNewPassword(IN VOID *ctx) { + gCfgMenuContinue = FALSE; + gAuthPwdCode = AskPwdRetLogin; + return EFI_SUCCESS; +} + +VOID +CfgMenuCreate() { + PMENU_ITEM item = NULL; + item = DcsMenuAppend(item, L"Boot", 'b', ActionBoot, NULL); + gCfgMenu = item; + item = DcsMenuAppend(item, L"Hard reset", 'r', ActionCfgReboot, NULL); + item = DcsMenuAppend(item, L"New password", 'n', ActionNewPassword, NULL); + if (gTpm != NULL) { + item = DcsMenuAppend(item, L"Configure TPM", 't', ActionCfgTpm, NULL); + } +} + VOID VCAskPwd( IN UINTN pwdType, OUT Password* vcPwd) { + BOOL pwdReady; if (gAuthPasswordMsg == NULL) VCAuthLoadConfig(); - if (gAuthPasswordType == 1 && - gGraphOut != NULL && - ((gTouchPointer != NULL) || (gTouchSimulate != 0))) { - AskPictPwdInt(pwdType, sizeof(vcPwd->Text), vcPwd->Text, &vcPwd->Length, &gAuthPwdCode); - } else { - switch (pwdType) { - case AskPwdNew: - OUT_PRINT(L"New password:"); - break; - case AskPwdConfirm: - OUT_PRINT(L"Confirm password:"); - break; - case AskPwdLogin: - default: - OUT_PRINT(L"%a", gAuthPasswordMsg); - break; + do { + pwdReady = TRUE; + if (pwdType == AskPwdNew) { + EFI_INPUT_KEY key; + key = KeyWait(L"Press 'c' to configure, others to skip %1d\r", 9, 0, 0); + if (key.UnicodeChar == 'c') { + PMENU_ITEM item = NULL; + EFI_STATUS res; + OUT_PRINT(L"\n%V%a %a configuration%N\n", TC_APP_NAME, VERSION_STRING); + if (gCfgMenu == NULL) CfgMenuCreate(); + do { + DcsMenuPrint(gCfgMenu); + item = NULL; + key.UnicodeChar = 0; + while (item == NULL) { + item = gCfgMenu; + key = GetKey(); + while (item != NULL) { + if (item->Select == key.UnicodeChar) break; + item = item->Next; + } + } + OUT_PRINT(L"%c\n", key.UnicodeChar); + res = item->Action(item->Context); + if (EFI_ERROR(res)) { + ERR_PRINT(L"%r\n", res); + } + } while (gCfgMenuContinue); + if (gAuthPwdCode == AskPwdRetCancel) { + return; + } + } } - AskConsolePwdInt(&vcPwd->Length, vcPwd->Text, &gAuthPwdCode, sizeof(vcPwd->Text), gPasswordVisible); - } - if (gAuthPwdCode == AskPwdRetCancel) { - return; - } + if (gAuthPasswordType == 1 && + gGraphOut != NULL && + ((gTouchPointer != NULL) || (gTouchSimulate != 0))) { + AskPictPwdInt(pwdType, sizeof(vcPwd->Text), vcPwd->Text, &vcPwd->Length, &gAuthPwdCode); + } + else { + switch (pwdType) { + case AskPwdNew: + OUT_PRINT(L"New password:"); + break; + case AskPwdConfirm: + OUT_PRINT(L"Confirm password:"); + break; + case AskPwdLogin: + default: + OUT_PRINT(L"%a", gAuthPasswordMsg); + break; + } + AskConsolePwdInt(&vcPwd->Length, vcPwd->Text, &gAuthPwdCode, sizeof(vcPwd->Text), gPasswordVisible); + } - if (gPlatformLocked) { - if (gPlatformKeyFile == NULL) { - ERR_PRINT(L"Platform key file absent\n"); - } else { - ApplyKeyFile(vcPwd, gPlatformKeyFile, gPlatformKeyFileSize); + if (gAuthPwdCode == AskPwdRetCancel) { + return; } - } - if (gTPMLocked) { - // TO DO - ERR_PRINT(L"TPM lock is not implemented\n"); - } + if (gSCLocked) { + ERR_PRINT(L"Smart card is not configured\n"); + } + + if (gPlatformLocked) { + if (gPlatformKeyFile == NULL) { + ERR_PRINT(L"Platform key file is absent\n"); + } + else { + ApplyKeyFile(vcPwd, gPlatformKeyFile, gPlatformKeyFileSize); + } + } + + if (gTPMLocked) { + if (gTpm != NULL) { + pwdReady = !EFI_ERROR(gTpm->Apply(gTpm, vcPwd)); + if (!pwdReady) { + ERR_PRINT(L"TPM error: DCS configuration "); + if (!gTpm->IsConfigured(gTpm)) { + ERR_PRINT(L"absent\n"); + } + else { + ERR_PRINT(L"locked\n"); + } + } + } else { + ERR_PRINT(L"No TPM found\n"); + } + } + } while (!pwdReady); } VOID diff --git a/Library/VeraCryptLib/DcsVeraCrypt.h b/Library/VeraCryptLib/DcsVeraCrypt.h index aae0152..fffe67c 100644 --- a/Library/VeraCryptLib/DcsVeraCrypt.h +++ b/Library/VeraCryptLib/DcsVeraCrypt.h @@ -19,6 +19,9 @@ https://opensource.org/licenses/Apache-2.0 #include #include +extern char *gConfigBuffer; +extern UINTN gConfigBufferSize; + ////////////////////////////////////////////////////////////////////////// // Auth ////////////////////////////////////////////////////////////////////////// diff --git a/Library/VeraCryptLib/VeraCryptLib.inf b/Library/VeraCryptLib/VeraCryptLib.inf index 04eedf5..529043f 100644 --- a/Library/VeraCryptLib/VeraCryptLib.inf +++ b/Library/VeraCryptLib/VeraCryptLib.inf @@ -79,11 +79,13 @@ LIB|Twofish_x64.obj|* [Packages] MdePkg/MdePkg.dec DcsPkg/DcsPkg.dec + CryptoPkg/CryptoPkg.dec [LibraryClasses] MemoryAllocationLib UefiLib RngLib + BaseCryptLib [Protocols] diff --git a/Library/VeraCryptLib/llmath.c b/Library/VeraCryptLib/llmath.c index 6b4360c..7d79657 100644 --- a/Library/VeraCryptLib/llmath.c +++ b/Library/VeraCryptLib/llmath.c @@ -227,7 +227,7 @@ __declspec(naked) void __cdecl _aulldiv() ////////////////////////////////////////////////////////////////////////// // Shifts ////////////////////////////////////////////////////////////////////////// -__declspec(naked) void __cdecl _aullshr() { +__declspec(naked) void __cdecl _aullshr1() { _asm { ; ; Checking: Only handle 64bit shifting or more @@ -264,7 +264,7 @@ _Exit: } } -__declspec(naked) void __cdecl _allshl() { +__declspec(naked) void __cdecl _allshl1() { _asm { ; ; Handle shifting of 64 or more bits (return 0) -- cgit v1.2.3