1 /* Microsoft Reference Implementation for TPM 2.0
2 *
3 * The copyright in this software is being made available under the BSD License,
4 * included below. This software may be subject to other third party and
5 * contributor rights, including patent rights, and no such rights are granted
6 * under this license.
7 *
8 * Copyright (c) Microsoft Corporation
9 *
10 * All rights reserved.
11 *
12 * BSD License
13 *
14 * Redistribution and use in source and binary forms, with or without modification,
15 * are permitted provided that the following conditions are met:
16 *
17 * Redistributions of source code must retain the above copyright notice, this list
18 * of conditions and the following disclaimer.
19 *
20 * Redistributions in binary form must reproduce the above copyright notice, this
21 * list of conditions and the following disclaimer in the documentation and/or
22 * other materials provided with the distribution.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
25 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
28 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
29 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
30 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
31 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35 //** Includes and Local Values
36
37 #define _CRT_RAND_S
38 #include <stdlib.h>
39 #include <memory.h>
40 #include <time.h>
41 #include "Platform.h"
42
43 #ifdef _MSC_VER
44 #include <process.h>
45 #else
46 #include <unistd.h>
47 #endif
48
49 // This is the last 32-bits of hardware entropy produced. We have to check to
50 // see that two consecutive 32-bit values are not the same because
51 // according to FIPS 140-2, annex C:
52 //
53 // "If each call to an RNG produces blocks of n bits (where n > 15), the first
54 // n-bit block generated after power-up, initialization, or reset shall not be
55 // used, but shall be saved for comparison with the next n-bit block to be
56 // generated. Each subsequent generation of an n-bit block shall be compared with
57 // the previously generated block. The test shall fail if any two compared n-bit
58 // blocks are equal."
59 extern uint32_t lastEntropy;
60
61 //** Functions
62
63 //*** rand32()
64 // Local function to get a 32-bit random number
65 static uint32_t
rand32(void)66 rand32(
67 void
68 )
69 {
70 uint32_t rndNum = rand();
71 #if RAND_MAX < UINT16_MAX
72 // If the maximum value of the random number is a 15-bit number, then shift it up
73 // 15 bits, get 15 more bits, shift that up 2 and then XOR in another value to get
74 // a full 32 bits.
75 rndNum = (rndNum << 15) ^ rand();
76 rndNum = (rndNum << 2) ^ rand();
77 #elif RAND_MAX == UINT16_MAX
78 // If the maximum size is 16-bits, shift it and add another 16 bits
79 rndNum = (rndNum << 16) ^ rand();
80 #elif RAND_MAX < UINT32_MAX
81 // If 31 bits, then shift 1 and include another random value to get the extra bit
82 rndNum = (rndNum << 1) ^ rand();
83 #endif
84 return rndNum;
85 }
86
87
88 //*** _plat__GetEntropy()
89 // This function is used to get available hardware entropy. In a hardware
90 // implementation of this function, there would be no call to the system
91 // to get entropy.
92 // Return Type: int32_t
93 // < 0 hardware failure of the entropy generator, this is sticky
94 // >= 0 the returned amount of entropy (bytes)
95 //
96 LIB_EXPORT int32_t
_plat__GetEntropy(unsigned char * entropy,uint32_t amount)97 _plat__GetEntropy(
98 unsigned char *entropy, // output buffer
99 uint32_t amount // amount requested
100 )
101 {
102 uint32_t rndNum;
103 int32_t ret;
104 //
105 if(amount == 0)
106 {
107 // Seed the platform entropy source if the entropy source is software. There
108 // is no reason to put a guard macro (#if or #ifdef) around this code because
109 // this code would not be here if someone was changing it for a system with
110 // actual hardware.
111 //
112 // NOTE 1: The following command does not provide proper cryptographic
113 // entropy. Its primary purpose to make sure that different instances of the
114 // simulator, possibly started by a script on the same machine, are seeded
115 // differently. Vendors of the actual TPMs need to ensure availability of
116 // proper entropy using their platform-specific means.
117 //
118 // NOTE 2: In debug builds by default the reference implementation will seed
119 // its RNG deterministically (without using any platform provided randomness).
120 // See the USE_DEBUG_RNG macro and DRBG_GetEntropy() function.
121 #ifdef _MSC_VER
122 srand((unsigned)_plat__RealTime() ^ _getpid());
123 #else
124 srand((unsigned)_plat__RealTime() ^ getpid());
125 #endif
126 lastEntropy = rand32();
127 ret = 0;
128 }
129 else
130 {
131 rndNum = rand32();
132 if(rndNum == lastEntropy)
133 {
134 ret = -1;
135 }
136 else
137 {
138 lastEntropy = rndNum;
139 // Each process will have its random number generator initialized
140 // according to the process id and the initialization time. This is not a
141 // lot of entropy so, to add a bit more, XOR the current time value into
142 // the returned entropy value.
143 // NOTE: the reason for including the time here rather than have it in
144 // in the value assigned to lastEntropy is that rand() could be broken and
145 // using the time would in the lastEntropy value would hide this.
146 rndNum ^= (uint32_t)_plat__RealTime();
147
148 // Only provide entropy 32 bits at a time to test the ability
149 // of the caller to deal with partial results.
150 ret = MIN(amount, sizeof(rndNum));
151 memcpy(entropy, &rndNum, ret);
152 }
153 }
154 return ret;
155 }