1 /* Microsoft Reference Implementation for TPM 2.0 2 * 3 * The copyright in this software is being made available under the BSD License, 4 * included below. This software may be subject to other third party and 5 * contributor rights, including patent rights, and no such rights are granted 6 * under this license. 7 * 8 * Copyright (c) Microsoft Corporation 9 * 10 * All rights reserved. 11 * 12 * BSD License 13 * 14 * Redistribution and use in source and binary forms, with or without modification, 15 * are permitted provided that the following conditions are met: 16 * 17 * Redistributions of source code must retain the above copyright notice, this list 18 * of conditions and the following disclaimer. 19 * 20 * Redistributions in binary form must reproduce the above copyright notice, this 21 * list of conditions and the following disclaimer in the documentation and/or 22 * other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" 25 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 27 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 28 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 29 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 30 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 31 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 //** Introduction 36 // This file is a collection of miscellaneous macros. 37 38 #ifndef GP_MACROS_H 39 #define GP_MACROS_H 40 41 #ifndef NULL 42 #define NULL 0 43 #endif 44 45 #include "swap.h" 46 #include "VendorString.h" 47 48 49 //** For Self-test 50 // These macros are used in CryptUtil to invoke the incremental self test. 51 #if SELF_TEST 52 # define TEST(alg) if(TEST_BIT(alg, g_toTest)) CryptTestAlgorithm(alg, NULL) 53 54 // Use of TPM_ALG_NULL is reserved for RSAEP/RSADP testing. If someone is wanting 55 // to test a hash with that value, don't do it. 56 # define TEST_HASH(alg) \ 57 if(TEST_BIT(alg, g_toTest) \ 58 && (alg != TPM_ALG_NULL)) \ 59 CryptTestAlgorithm(alg, NULL) 60 #else 61 # define TEST(alg) 62 # define TEST_HASH(alg) 63 #endif // SELF_TEST 64 65 //** For Failures 66 #if defined _POSIX_ 67 # define FUNCTION_NAME 0 68 #else 69 # define FUNCTION_NAME __FUNCTION__ 70 #endif 71 72 #if !FAIL_TRACE 73 # define FAIL(errorCode) (TpmFail(errorCode)) 74 # define LOG_FAILURE(errorCode) (TpmLogFailure(errorCode)) 75 #else 76 # define FAIL(errorCode) TpmFail(FUNCTION_NAME, __LINE__, errorCode) 77 # define LOG_FAILURE(errorCode) TpmLogFailure(FUNCTION_NAME, __LINE__, errorCode) 78 #endif 79 80 // If implementation is using longjmp, then the call to TpmFail() does not return 81 // and the compiler will complain about unreachable code that comes after. To allow 82 // for not having longjmp, TpmFail() will return and the subsequent code will be 83 // executed. This macro accounts for the difference. 84 #ifndef NO_LONGJMP 85 # define FAIL_RETURN(returnCode) 86 # define TPM_FAIL_RETURN NORETURN void 87 #else 88 # define FAIL_RETURN(returnCode) return (returnCode) 89 # define TPM_FAIL_RETURN void 90 #endif 91 92 // This macro tests that a condition is TRUE and puts the TPM into failure mode 93 // if it is not. If longjmp is being used, then the FAIL(FATAL_ERROR_) macro makes 94 // a call from which there is no return. Otherwise, it returns and the function 95 // will exit with the appropriate return code. 96 #define REQUIRE(condition, errorCode, returnCode) \ 97 { \ 98 if(!!(condition)) \ 99 { \ 100 FAIL(FATAL_ERROR_errorCode); \ 101 FAIL_RETURN(returnCode); \ 102 } \ 103 } 104 105 #define PARAMETER_CHECK(condition, returnCode) \ 106 REQUIRE((condition), PARAMETER, returnCode) 107 108 #if (defined EMPTY_ASSERT) && (EMPTY_ASSERT != NO) 109 # define pAssert(a) ((void)0) 110 #else 111 # define pAssert(a) {if(!(a)) FAIL(FATAL_ERROR_PARAMETER);} 112 #endif 113 114 //** Derived from Vendor-specific values 115 // Values derived from vendor specific settings in TpmProfile.h 116 #define PCR_SELECT_MIN ((PLATFORM_PCR+7)/8) 117 #define PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8) 118 #define MAX_ORDERLY_COUNT ((1 << ORDERLY_BITS) - 1) 119 #define RSA_MAX_PRIME (MAX_RSA_KEY_BYTES / 2) 120 #define RSA_PRIVATE_SIZE (RSA_MAX_PRIME * 5) 121 122 123 //** Compile-time Checks 124 // In some cases, the relationship between two values may be dependent 125 // on things that change based on various selections like the chosen cryptographic 126 // libraries. It is possible that these selections will result in incompatible 127 // settings. These are often detectable by the compiler but it is not always 128 // possible to do the check in the preprocessor code. For example, when the 129 // check requires use of "sizeof" then the preprocessor can't do the comparison. 130 // For these cases, we include a special macro that, depending on the compiler 131 // will generate a warning to indicate if the check always passes or always fails 132 // because it involves fixed constants. To run these checks, define COMPILER_CHECKS 133 // in TpmBuildSwitches.h 134 #if COMPILER_CHECKS 135 # define cAssert pAssert 136 #else 137 # define cAssert(value) 138 #endif 139 140 // This is used commonly in the "Crypt" code as a way to keep listings from 141 // getting too long. This is not to save paper but to allow one to see more 142 // useful stuff on the screen at any given time. 143 #define ERROR_RETURN(returnCode) \ 144 { \ 145 retVal = returnCode; \ 146 goto Exit; \ 147 } 148 149 #ifndef MAX 150 # define MAX(a, b) ((a) > (b) ? (a) : (b)) 151 #endif 152 #ifndef MIN 153 # define MIN(a, b) ((a) < (b) ? (a) : (b)) 154 #endif 155 #ifndef IsOdd 156 # define IsOdd(a) (((a) & 1) != 0) 157 #endif 158 159 #ifndef BITS_TO_BYTES 160 # define BITS_TO_BYTES(bits) (((bits) + 7) >> 3) 161 #endif 162 163 // These are defined for use when the size of the vector being checked is known 164 // at compile time. 165 #define TEST_BIT(bit, vector) TestBit((bit), (BYTE *)&(vector), sizeof(vector)) 166 #define SET_BIT(bit, vector) SetBit((bit), (BYTE *)&(vector), sizeof(vector)) 167 #define CLEAR_BIT(bit, vector) ClearBit((bit), (BYTE *)&(vector), sizeof(vector)) 168 169 170 // The following definitions are used if they have not already been defined. The 171 // defaults for these settings are compatible with ISO/IEC 9899:2011 (E) 172 #ifndef LIB_EXPORT 173 # define LIB_EXPORT 174 # define LIB_IMPORT 175 #endif 176 #ifndef NORETURN 177 # define NORETURN _Noreturn 178 #endif 179 #ifndef NOT_REFERENCED 180 # define NOT_REFERENCED(x = x) ((void) (x)) 181 #endif 182 183 #define STD_RESPONSE_HEADER (sizeof(TPM_ST) + sizeof(UINT32) + sizeof(TPM_RC)) 184 185 #define JOIN(x, y) x##y 186 #define JOIN3(x, y, z) x##y##z 187 #define CONCAT(x, y) JOIN(x, y) 188 #define CONCAT3(x, y, z) JOIN3(x,y,z) 189 190 // If CONTEXT_INTEGRITY_HASH_ALG is defined, then the vendor is using the old style 191 // table. Otherwise, pick the "strongest" implemented hash algorithm as the context 192 // hash. 193 #ifndef CONTEXT_HASH_ALGORITHM 194 # if defined ALG_SHA3_512 && ALG_SHA3_512 == YES 195 # define CONTEXT_HASH_ALGORITHM SHA3_512 196 # elif defined ALG_SHA512 && ALG_SHA512 == YES 197 # define CONTEXT_HASH_ALGORITHM SHA512 198 # elif defined ALG_SHA3_384 && ALG_SHA3_384 == YES 199 # define CONTEXT_HASH_ALGORITHM SHA3_384 200 # elif defined ALG_SHA384 && ALG_SHA384 == YES 201 # define CONTEXT_HASH_ALGORITHM SHA384 202 # elif defined ALG_SHA3_256 && ALG_SHA3_256 == YES 203 # define CONTEXT_HASH_ALGORITHM SHA3_256 204 # elif defined ALG_SHA256 && ALG_SHA256 == YES 205 # define CONTEXT_HASH_ALGORITHM SHA256 206 # elif defined ALG_SM3_256 && ALG_SM3_256 == YES 207 # define CONTEXT_HASH_ALGORITHM SM3_256 208 # elif defined ALG_SHA1 && ALG_SHA1 == YES 209 # define CONTEXT_HASH_ALGORITHM SHA1 210 # endif 211 # define CONTEXT_INTEGRITY_HASH_ALG CONCAT(TPM_ALG_, CONTEXT_HASH_ALGORITHM) 212 #endif 213 214 #ifndef CONTEXT_INTEGRITY_HASH_SIZE 215 #define CONTEXT_INTEGRITY_HASH_SIZE CONCAT(CONTEXT_HASH_ALGORITHM, _DIGEST_SIZE) 216 #endif 217 #if ALG_RSA 218 #define RSA_SECURITY_STRENGTH (MAX_RSA_KEY_BITS >= 15360 ? 256 : \ 219 (MAX_RSA_KEY_BITS >= 7680 ? 192 : \ 220 (MAX_RSA_KEY_BITS >= 3072 ? 128 : \ 221 (MAX_RSA_KEY_BITS >= 2048 ? 112 : \ 222 (MAX_RSA_KEY_BITS >= 1024 ? 80 : 0))))) 223 #else 224 #define RSA_SECURITY_STRENGTH 0 225 #endif // ALG_RSA 226 227 #if ALG_ECC 228 #define ECC_SECURITY_STRENGTH (MAX_ECC_KEY_BITS >= 521 ? 256 : \ 229 (MAX_ECC_KEY_BITS >= 384 ? 192 : \ 230 (MAX_ECC_KEY_BITS >= 256 ? 128 : 0))) 231 #else 232 #define ECC_SECURITY_STRENGTH 0 233 #endif // ALG_ECC 234 235 #define MAX_ASYM_SECURITY_STRENGTH \ 236 MAX(RSA_SECURITY_STRENGTH, ECC_SECURITY_STRENGTH) 237 238 #define MAX_HASH_SECURITY_STRENGTH ((CONTEXT_INTEGRITY_HASH_SIZE * 8) / 2) 239 240 // Unless some algorithm is broken... 241 #define MAX_SYM_SECURITY_STRENGTH MAX_SYM_KEY_BITS 242 243 #define MAX_SECURITY_STRENGTH_BITS \ 244 MAX(MAX_ASYM_SECURITY_STRENGTH, \ 245 MAX(MAX_SYM_SECURITY_STRENGTH, \ 246 MAX_HASH_SECURITY_STRENGTH)) 247 248 // This is the size that was used before the 1.38 errata requiring that P1.14.4 be 249 // followed 250 #define PROOF_SIZE CONTEXT_INTEGRITY_HASH_SIZE 251 252 // As required by P1.14.4 253 #define COMPLIANT_PROOF_SIZE \ 254 (MAX(CONTEXT_INTEGRITY_HASH_SIZE, (2 * MAX_SYM_KEY_BYTES))) 255 256 // As required by P1.14.3.1 257 #define COMPLIANT_PRIMARY_SEED_SIZE \ 258 BITS_TO_BYTES(MAX_SECURITY_STRENGTH_BITS * 2) 259 260 // This is the pre-errata version 261 #ifndef PRIMARY_SEED_SIZE 262 # define PRIMARY_SEED_SIZE PROOF_SIZE 263 #endif 264 265 #if USE_SPEC_COMPLIANT_PROOFS 266 # undef PROOF_SIZE 267 # define PROOF_SIZE COMPLIANT_PROOF_SIZE 268 # undef PRIMARY_SEED_SIZE 269 # define PRIMARY_SEED_SIZE COMPLIANT_PRIMARY_SEED_SIZE 270 #endif // USE_SPEC_COMPLIANT_PROOFS 271 272 #if !SKIP_PROOF_ERRORS 273 # if PROOF_SIZE < COMPLIANT_PROOF_SIZE 274 # error "PROOF_SIZE is not compliant with TPM specification" 275 # endif 276 # if PRIMARY_SEED_SIZE < COMPLIANT_PRIMARY_SEED_SIZE 277 # error Non-compliant PRIMARY_SEED_SIZE 278 # endif 279 #endif // !SKIP_PROOF_ERRORS 280 281 // If CONTEXT_ENCRYPT_ALG is defined, then the vendor is using the old style table 282 #if defined CONTEXT_ENCRYPT_ALG 283 # undef CONTEXT_ENCRYPT_ALGORITHM 284 # if CONTEXT_ENCRYPT_ALG == ALG_AES_VALUE 285 # define CONTEXT_ENCRYPT_ALGORITHM AES 286 # elif CONTEXT_ENCRYPT_ALG == ALG_SM4_VALUE 287 # define CONTEXT_ENCRYPT_ALGORITHM SM4 288 # elif CONTEXT_ENCRYPT_ALG == ALG_CAMELLIA_VALUE 289 # define CONTEXT_ENCRYPT_ALGORITHM CAMELLIA 290 # elif CONTEXT_ENCRYPT_ALG == ALG_TDES_VALUE 291 # error Are you kidding? 292 # else 293 # error Unknown value for CONTEXT_ENCRYPT_ALG 294 # endif // CONTEXT_ENCRYPT_ALG == ALG_AES_VALUE 295 #else 296 # define CONTEXT_ENCRYPT_ALG \ 297 CONCAT3(ALG_, CONTEXT_ENCRYPT_ALGORITHM, _VALUE) 298 #endif // CONTEXT_ENCRYPT_ALG 299 #define CONTEXT_ENCRYPT_KEY_BITS \ 300 CONCAT(CONTEXT_ENCRYPT_ALGORITHM, _MAX_KEY_SIZE_BITS) 301 #define CONTEXT_ENCRYPT_KEY_BYTES ((CONTEXT_ENCRYPT_KEY_BITS+7)/8) 302 303 // This is updated to follow the requirement of P2 that the label not be larger 304 // than 32 bytes. 305 #ifndef LABEL_MAX_BUFFER 306 #define LABEL_MAX_BUFFER MIN(32, MAX(MAX_ECC_KEY_BYTES, MAX_DIGEST_SIZE)) 307 #endif 308 309 // This bit is used to indicate that an authorization ticket expires on TPM Reset 310 // and TPM Restart. It is added to the timeout value returned by TPM2_PoliySigned() 311 // and TPM2_PolicySecret() and used by TPM2_PolicyTicket(). The timeout value is 312 // relative to Time (g_time). Time is reset whenever the TPM loses power and cannot 313 // be moved forward by the user (as can Clock). 'g_time' is a 64-bit value expressing 314 // time in ms. Stealing the MSb for a flag means that the TPM needs to be reset 315 // at least once every 292,471,208 years rather than once every 584,942,417 years. 316 #define EXPIRATION_BIT ((UINT64)1 << 63) 317 318 // Check for consistency of the bit ordering of bit fields 319 #if BIG_ENDIAN_TPM && MOST_SIGNIFICANT_BIT_0 && USE_BIT_FIELD_STRUCTURES 320 # error "Settings not consistent" 321 #endif 322 323 // These macros are used to handle the variation in handling of bit fields. If 324 #if USE_BIT_FIELD_STRUCTURES // The default, old version, with bit fields 325 # define IS_ATTRIBUTE(a, type, b) ((a.b) != 0) 326 # define SET_ATTRIBUTE(a, type, b) (a.b = SET) 327 # define CLEAR_ATTRIBUTE(a, type, b) (a.b = CLEAR) 328 # define GET_ATTRIBUTE(a, type, b) (a.b) 329 # define TPMA_ZERO_INITIALIZER() {0} 330 #else 331 # define IS_ATTRIBUTE(a, type, b) ((a & type##_##b) != 0) 332 # define SET_ATTRIBUTE(a, type, b) (a |= type##_##b) 333 # define CLEAR_ATTRIBUTE(a, type, b) (a &= ~type##_##b) 334 # define GET_ATTRIBUTE(a, type, b) \ 335 (type)((a & type##_##b) >> type##_##b##_SHIFT) 336 # define TPMA_ZERO_INITIALIZER() (0) 337 #endif 338 339 #define VERIFY(_X) if(!(_X)) goto Error 340 341 // These macros determine if the values in this file are referenced or instanced. 342 // Global.c defines GLOBAL_C so all the values in this file will be instanced in 343 // Global.obj. For all other files that include this file, the values will simply 344 // be external references. For constants, there can be an initializer. 345 #ifdef GLOBAL_C 346 #define EXTERN 347 #define INITIALIZER(_value_) = _value_ 348 #else 349 #define EXTERN extern 350 #define INITIALIZER(_value_) 351 #endif 352 353 // This macro will create an OID. All OIDs are in DER form with a first octet of 354 // 0x06 indicating an OID fallowed by an octet indicating the number of octets in the 355 // rest of the OID. This allows a user of this OID to know how much/little to copy. 356 #define MAKE_OID(NAME) \ 357 EXTERN const BYTE OID##NAME[] INITIALIZER({OID##NAME##_VALUE}) 358 359 // This definition is moved from TpmProfile.h because it is not actually vendor- 360 // specific. It has to be the same size as the 'sequence' parameter of a TPMS_CONTEXT 361 // and that is a UINT64. So, this is an invariant value 362 #define CONTEXT_COUNTER UINT64 363 364 #endif // GP_MACROS_H