1 2 /* Microsoft Reference Implementation for TPM 2.0 3 * 4 * The copyright in this software is being made available under the BSD License, 5 * included below. This software may be subject to other third party and 6 * contributor rights, including patent rights, and no such rights are granted 7 * under this license. 8 * 9 * Copyright (c) Microsoft Corporation 10 * 11 * All rights reserved. 12 * 13 * BSD License 14 * 15 * Redistribution and use in source and binary forms, with or without modification, 16 * are permitted provided that the following conditions are met: 17 * 18 * Redistributions of source code must retain the above copyright notice, this list 19 * of conditions and the following disclaimer. 20 * 21 * Redistributions in binary form must reproduce the above copyright notice, this 22 * list of conditions and the following disclaimer in the documentation and/or 23 * other materials provided with the distribution. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" 26 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 28 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 29 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 30 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 31 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 32 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 34 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 */ 36 // This file contains the build switches. This contains switches for multiple 37 // versions of the crypto-library so some may not apply to your environment. 38 // 39 // The switches are guarded so that they can either be set on the command line or 40 // set here. If the switch is listed on the command line (-DSOME_SWITCH) with NO 41 // setting, then the switch will be set to YES. If the switch setting is not on the 42 // command line or if the setting is other than YES or NO, then the switch will be set 43 // to the default value. The default can either be YES or NO as indicated on each line 44 // where the default is selected. 45 // 46 // A caution: do not try to test these macros by inserting #defines in this file. For 47 // some curious reason, a variable set on the command line with no setting will have a 48 // value of 1. An "#if SOME_VARIABLE" will work if the variable is not defined or is 49 // defined on the command line with no initial setting. However, a 50 // "#define SOME_VARIABLE" is a null string and when used in "#if SOME_VARIABLE" will 51 // not be a proper expression If you want to test various switches, either use the 52 // command line or change the default. 53 // 54 #ifndef _TPM_BUILD_SWITCHES_H_ 55 #define _TPM_BUILD_SWITCHES_H_ 56 57 #undef YES 58 #define YES 1 59 #undef NO 60 #define NO 0 61 62 // Allow the command line to specify a "profile" file 63 #ifdef PROFILE 64 # define PROFILE_QUOTE(a) #a 65 # define PROFILE_INCLUDE(a) PROFILE_QUOTE(a) 66 # include PROFILE_INCLUDE(PROFILE) 67 #endif 68 69 // Need an unambiguous definition for DEBUG. Do not change this 70 #ifndef DEBUG 71 # ifdef NDEBUG 72 # define DEBUG NO 73 # else 74 # define DEBUG YES 75 # endif 76 #elif (DEBUG != NO) && (DEBUG != YES) 77 # undef DEBUG 78 # define DEBUG YES // Default: Either YES or NO 79 #endif 80 81 #include "CompilerDependencies.h" 82 83 // This definition is required for the re-factored code 84 #if (!defined USE_BN_ECC_DATA) \ 85 || ((USE_BN_ECC_DATA != NO) && (USE_BN_ECC_DATA != YES)) 86 # undef USE_BN_ECC_DATA 87 # define USE_BN_ECC_DATA YES // Default: Either YES or NO 88 #endif 89 90 // The SIMULATION switch allows certain other macros to be enabled. The things that 91 // can be enabled in a simulation include key caching, reproducible "random" 92 // sequences, instrumentation of the RSA key generation process, and certain other 93 // debug code. SIMULATION Needs to be defined as either YES or NO. This grouping of 94 // macros will make sure that it is set correctly. A simulated TPM would include a 95 // Virtual TPM. The interfaces for a Virtual TPM should be modified from the standard 96 // ones in the Simulator project. 97 // 98 // If SIMULATION is in the compile parameters without modifiers, 99 // make SIMULATION == YES 100 #if !(defined SIMULATION) || ((SIMULATION != NO) && (SIMULATION != YES)) 101 # undef SIMULATION 102 # define SIMULATION YES // Default: Either YES or NO 103 #endif 104 105 // Define this to run the function that checks the compatibility between the 106 // chosen big number math library and the TPM code. Not all ports use this. 107 #if !(defined LIBRARY_COMPATIBILITY_CHECK) \ 108 || (( LIBRARY_COMPATIBILITY_CHECK != NO) \ 109 && (LIBRARY_COMPATIBILITY_CHECK != YES)) 110 # undef LIBRARY_COMPATIBILITY_CHECK 111 # define LIBRARY_COMPATIBILITY_CHECK YES // Default: Either YES or NO 112 #endif 113 114 #if !(defined FIPS_COMPLIANT) || ((FIPS_COMPLIANT != NO) && (FIPS_COMPLIANT != YES)) 115 # undef FIPS_COMPLIANT 116 # define FIPS_COMPLIANT YES // Default: Either YES or NO 117 #endif 118 119 // Definition to allow alternate behavior for non-orderly startup. If there is a 120 // chance that the TPM could not update 'failedTries' 121 #if !(defined USE_DA_USED) || ((USE_DA_USED != NO) && (USE_DA_USED != YES)) 122 # undef USE_DA_USED 123 # define USE_DA_USED YES // Default: Either YES or NO 124 #endif 125 126 // Define TABLE_DRIVEN_DISPATCH to use tables rather than case statements 127 // for command dispatch and handle unmarshaling 128 #if !(defined TABLE_DRIVEN_DISPATCH) \ 129 || ((TABLE_DRIVEN_DISPATCH != NO) && (TABLE_DRIVEN_DISPATCH != YES)) 130 # undef TABLE_DRIVEN_DISPATCH 131 # define TABLE_DRIVEN_DISPATCH YES // Default: Either YES or NO 132 #endif 133 134 // This switch is used to enable the self-test capability in AlgorithmTests.c 135 #if !(defined SELF_TEST) || ((SELF_TEST != NO) && (SELF_TEST != YES)) 136 # undef SELF_TEST 137 # define SELF_TEST YES // Default: Either YES or NO 138 #endif 139 140 // Enable the generation of RSA primes using a sieve. 141 #if !(defined RSA_KEY_SIEVE) || ((RSA_KEY_SIEVE != NO) && (RSA_KEY_SIEVE != YES)) 142 # undef RSA_KEY_SIEVE 143 # define RSA_KEY_SIEVE YES // Default: Either YES or NO 144 #endif 145 146 // Enable the instrumentation of the sieve process. This is used to tune the sieve 147 // variables. 148 #if RSA_KEY_SIEVE && SIMULATION 149 # if !(defined RSA_INSTRUMENT) \ 150 || ((RSA_INSTRUMENT != NO) && (RSA_INSTRUMENT != YES)) 151 # undef RSA_INSTRUMENT 152 # define RSA_INSTRUMENT NO // Default: Either YES or NO 153 # endif 154 #endif 155 156 // This switch enables the RNG state save and restore 157 #if !(defined _DRBG_STATE_SAVE) \ 158 || ((_DRBG_STATE_SAVE != NO) && (_DRBG_STATE_SAVE != YES)) 159 # undef _DRBG_STATE_SAVE 160 # define _DRBG_STATE_SAVE YES // Default: Either YES or NO 161 #endif 162 163 // Switch added to support packed lists that leave out space associated with 164 // unimplemented commands. Comment this out to use linear lists. 165 // Note: if vendor specific commands are present, the associated list is always 166 // in compressed form. 167 #if !(defined COMPRESSED_LISTS) \ 168 || ((COMPRESSED_LISTS != NO) && (COMPRESSED_LISTS != YES)) 169 # undef COMPRESSED_LISTS 170 # define COMPRESSED_LISTS YES // Default: Either YES or NO 171 #endif 172 173 // This switch indicates where clock epoch value should be stored. If this value 174 // defined, then it is assumed that the timer will change at any time so the 175 // nonce should be a random number kept in RAM. When it is not defined, then the 176 // timer only stops during power outages. 177 #if !(defined CLOCK_STOPS) || ((CLOCK_STOPS != NO) && (CLOCK_STOPS != YES)) 178 # undef CLOCK_STOPS 179 # define CLOCK_STOPS NO // Default: Either YES or NO 180 #endif 181 182 // This switch allows use of #defines in place of pass-through marshaling or 183 // unmarshaling code. A pass-through function just calls another function to do 184 // the required function and does no parameter checking of its own. The 185 // table-driven dispatcher calls directly to the lowest level 186 // marshaling/unmarshaling code and by-passes any pass-through functions. 187 #if (defined USE_MARSHALING_DEFINES) && (USE_MARSHALING_DEFINES != NO) 188 # undef USE_MARSHALING_DEFINES 189 # define USE_MARSHALING_DEFINES YES 190 #else 191 # define USE_MARSHALING_DEFINES YES // Default: Either YES or NO 192 #endif 193 194 //********************************** 195 // The switches in this group can only be enabled when doing debug during simulation 196 #if SIMULATION && DEBUG 197 // This forces the use of a smaller context slot size. This reduction reduces the 198 // range of the epoch allowing the tester to force the epoch to occur faster than 199 // the normal defined in TpmProfile.h 200 # if !(defined CONTEXT_SLOT) 201 # define CONTEXT_SLOT UINT8 202 # endif 203 // Enables use of the key cache. Default is YES 204 # if !(defined USE_RSA_KEY_CACHE) \ 205 || ((USE_RSA_KEY_CACHE != NO) && (USE_RSA_KEY_CACHE != YES)) 206 # undef USE_RSA_KEY_CACHE 207 # define USE_RSA_KEY_CACHE YES // Default: Either YES or NO 208 # endif 209 210 // Enables use of a file to store the key cache values so that the TPM will start 211 // faster during debug. Default for this is YES 212 # if USE_RSA_KEY_CACHE 213 # if !(defined USE_KEY_CACHE_FILE) \ 214 || ((USE_KEY_CACHE_FILE != NO) && (USE_KEY_CACHE_FILE != YES)) 215 # undef USE_KEY_CACHE_FILE 216 # define USE_KEY_CACHE_FILE YES // Default: Either YES or NO 217 # endif 218 # else 219 # undef USE_KEY_CACHE_FILE 220 # define USE_KEY_CACHE_FILE NO 221 # endif // USE_RSA_KEY_CACHE 222 223 // This provides fixed seeding of the RNG when doing debug on a simulator. This 224 // should allow consistent results on test runs as long as the input parameters 225 // to the functions remains the same. There is no default value. 226 # if !(defined USE_DEBUG_RNG) || ((USE_DEBUG_RNG != NO) && (USE_DEBUG_RNG != YES)) 227 # undef USE_DEBUG_RNG 228 # define USE_DEBUG_RNG YES // Default: Either YES or NO 229 # endif 230 231 // Do not change these. They are the settings needed when not doing a simulation and 232 // not doing debug. Can't use the key cache except during debug. Otherwise, all of the 233 // key values end up being the same 234 #else 235 # define USE_RSA_KEY_CACHE NO 236 # define USE_RSA_KEY_CACHE_FILE NO 237 # define USE_DEBUG_RNG NO 238 #endif // DEBUG && SIMULATION 239 240 #if DEBUG 241 242 // In some cases, the relationship between two values may be dependent 243 // on things that change based on various selections like the chosen cryptographic 244 // libraries. It is possible that these selections will result in incompatible 245 // settings. These are often detectable by the compiler but it is not always 246 // possible to do the check in the preprocessor code. For example, when the 247 // check requires use of 'sizeof'() then the preprocessor can't do the comparison. 248 // For these cases, we include a special macro that, depending on the compiler 249 // will generate a warning to indicate if the check always passes or always fails 250 // because it involves fixed constants. To run these checks, define COMPILER_CHECKS. 251 # if !(defined COMPILER_CHECKS) \ 252 || ((COMPILER_CHECKS != NO) && (COMPILER_CHECKS != YES)) 253 # undef COMPILER_CHECKS 254 # define COMPILER_CHECKS NO // Default: Either YES or NO 255 # endif 256 257 // Some of the values (such as sizes) are the result of different options set in 258 // TpmProfile.h. The combination might not be consistent. A function is defined 259 // (TpmSizeChecks()) that is used to verify the sizes at run time. To enable the 260 // function, define this parameter. 261 # if !(defined RUNTIME_SIZE_CHECKS) \ 262 || ((RUNTIME_SIZE_CHECKS != NO) && (RUNTIME_SIZE_CHECKS != YES)) 263 # undef RUNTIME_SIZE_CHECKS 264 # define RUNTIME_SIZE_CHECKS YES // Default: Either YES or NO 265 # endif 266 267 // If doing debug, can set the DRBG to print out the intermediate test values. 268 // Before enabling this, make sure that the dbgDumpMemBlock() function 269 // has been added someplace (preferably, somewhere in CryptRand.c) 270 # if !(defined DRBG_DEBUG_PRINT) \ 271 || ((DRBG_DEBUG_PRINT != NO) && (DRBG_DEBUG_PRINT != YES)) 272 # undef DRBG_DEBUG_PRINT 273 # define DRBG_DEBUG_PRINT NO // Default: Either YES or NO 274 # endif 275 276 // If an assertion event it not going to produce any trace information (function and 277 // line number) then make FAIL_TRACE == NO 278 # if !(defined FAIL_TRACE) || ((FAIL_TRACE != NO) && (FAIL_TRACE != YES)) 279 # undef FAIL_TRACE 280 # define FAIL_TRACE YES // Default: Either YES or NO 281 # endif 282 283 #endif // DEBUG 284 285 // Indicate if the implementation is going to give lockout time credit for time up to 286 // the last orderly shutdown. 287 #if !(defined ACCUMULATE_SELF_HEAL_TIMER) \ 288 || ((ACCUMULATE_SELF_HEAL_TIMER != NO) && (ACCUMULATE_SELF_HEAL_TIMER != YES)) 289 # undef ACCUMULATE_SELF_HEAL_TIMER 290 # define ACCUMULATE_SELF_HEAL_TIMER YES // Default: Either YES or NO 291 #endif 292 293 // Indicates if the implementation is to compute the sizes of the proof and primary 294 // seed size values based on the implemented algorithms. 295 #if !(defined USE_SPEC_COMPLIANT_PROOFS) \ 296 || ((USE_SPEC_COMPLIANT_PROOFS != NO) && (USE_SPEC_COMPLIANT_PROOFS != YES)) 297 # undef USE_SPEC_COMPLIANT_PROOFS 298 # define USE_SPEC_COMPLIANT_PROOFS YES // Default: Either YES or NO 299 #endif 300 301 // Comment this out to allow compile to continue even though the chosen proof values 302 // do not match the compliant values. This is written so that someone would 303 // have to proactively ignore errors. 304 #if !(defined SKIP_PROOF_ERRORS) \ 305 || ((SKIP_PROOF_ERRORS != NO) && (SKIP_PROOF_ERRORS != YES)) 306 # undef SKIP_PROOF_ERRORS 307 # define SKIP_PROOF_ERRORS NO // Default: Either YES or NO 308 #endif 309 310 // This define is used to eliminate the use of bit-fields. It can be enabled for big- 311 // or little-endian machines. For big-endian architectures that numbers bits in 312 // registers from left to right (MSb0) this must be enabled. Little-endian machines 313 // number from right to left with the least significant bit having assigned a bit 314 // number of 0. These are LSb0 machines (they are also little-endian so they are also 315 // least-significant byte 0 (LSB0) machines. Big-endian (MSB0) machines may number in 316 // either direction (MSb0 or LSb0). For an MSB0+MSb0 machine this value is required to 317 // be 'NO' 318 #if !(defined USE_BIT_FIELD_STRUCTURES) \ 319 || ((USE_BIT_FIELD_STRUCTURES != NO) && (USE_BIT_FIELD_STRUCTURES != YES)) 320 # undef USE_BIT_FIELD_STRUCTURES 321 # define USE_BIT_FIELD_STRUCTURES NO // Default: Either YES or NO 322 #endif 323 324 // This define is used to control the debug for the CertifyX509 command. 325 #if !(defined CERTIFYX509_DEBUG) \ 326 || ((CERTIFYX509_DEBUG != NO) && (CERTIFYX509_DEBUG != YES)) 327 # undef CERTIFYX509_DEBUG 328 # define CERTIFYX509_DEBUG YES // Default: Either YES or NO 329 #endif 330 331 // This define is used to enable the new table-driven marshaling code. 332 #if !(defined TABLE_DRIVEN_MARSHAL) \ 333 || ((TABLE_DRIVEN_MARSHAL != NO) && (TABLE_DRIVEN_MARSHAL != YES)) 334 # undef TABLE_DRIVEN_MARSHAL 335 # define TABLE_DRIVEN_MARSHAL NO // Default: Either YES or NO 336 #endif 337 338 // Change these definitions to turn all algorithms or commands ON or OFF. That is, 339 // to turn all algorithms on, set ALG_NO to YES. This is mostly useful as a debug 340 // feature. 341 #define ALG_YES YES 342 #define ALG_NO NO 343 #define CC_YES YES 344 #define CC_NO NO 345 346 #endif // _TPM_BUILD_SWITCHES_H_