1 /* Microsoft Reference Implementation for TPM 2.0
2  *
3  *  The copyright in this software is being made available under the BSD License,
4  *  included below. This software may be subject to other third party and
5  *  contributor rights, including patent rights, and no such rights are granted
6  *  under this license.
7  *
8  *  Copyright (c) Microsoft Corporation
9  *
10  *  All rights reserved.
11  *
12  *  BSD License
13  *
14  *  Redistribution and use in source and binary forms, with or without modification,
15  *  are permitted provided that the following conditions are met:
16  *
17  *  Redistributions of source code must retain the above copyright notice, this list
18  *  of conditions and the following disclaimer.
19  *
20  *  Redistributions in binary form must reproduce the above copyright notice, this
21  *  list of conditions and the following disclaimer in the documentation and/or
22  *  other materials provided with the distribution.
23  *
24  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
25  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27  *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
28  *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
29  *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
30  *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
31  *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32  *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 //** Includes and Local Values
36 
37 #define _CRT_RAND_S
38 #include <stdlib.h>
39 #include <memory.h>
40 #include "PlatformData.h"
41 #include "Platform_fp.h"
42 #include <time.h>
43 
44 #include <tee_internal_api.h>
45 
46 #ifdef _MSC_VER
47 #include <process.h>
48 #else
49 #include <unistd.h>
50 #endif
51 
52 // This is the last 32-bits of hardware entropy produced. We have to check to
53 // see that two consecutive 32-bit values are not the same because
54 // (according to FIPS 140-2, annex C
55 //
56 // 1. If each call to a RNG produces blocks of n bits (where n > 15), the first
57 // n-bit block generated after power-up, initialization, or reset shall not be
58 // used, but shall be saved for comparison with the next n-bit block to be
59 // generated. Each subsequent generation of an n-bit block shall be compared with
60 // the previously generated block. The test shall fail if any two compared n-bit
61 // blocks are equal.
62 extern uint32_t        lastEntropy;
63 
64 //** Functions
65 
66 //*** rand32()
67 // Local function to get a 32-bit random number
68 static uint32_t
rand32(void)69 rand32(
70     void
71 )
72 {
73 
74     uint32_t    rndNum;
75     TEE_GenerateRandom((void *)(&rndNum), sizeof(uint32_t));
76     return rndNum;
77 }
78 
79 
80 //** _plat__GetEntropy()
81 // This function is used to get available hardware entropy. In a hardware
82 // implementation of this function, there would be no call to the system
83 // to get entropy.
84 // return type: int32_t
85 //  < 0        hardware failure of the entropy generator, this is sticky
86 // >= 0        the returned amount of entropy (bytes)
87 //
88 LIB_EXPORT int32_t
_plat__GetEntropy(unsigned char * entropy,uint32_t amount)89 _plat__GetEntropy(
90     unsigned char       *entropy,           // output buffer
91     uint32_t             amount             // amount requested
92 )
93 {
94     uint32_t            rndNum;
95     int32_t             ret;
96 
97     if(amount == 0)
98     {
99         lastEntropy = rand32();
100         ret = 0;
101     }
102     else
103     {
104         rndNum = rand32();
105         if(rndNum == lastEntropy)
106         {
107             ret = -1;
108         }
109         else
110         {
111             lastEntropy = rndNum;
112             // Each process will have its random number generator initialized according
113             // to the process id and the initialization time. This is not a lot of
114             // entropy so, to add a bit more, XOR the current time value into the
115             // returned entropy value.
116             // NOTE: the reason for including the time here rather than have it in
117             // in the value assigned to lastEntropy is that rand() could be broken and
118             // using the time would in the lastEntropy value would hide this.
119             rndNum ^= (uint32_t)_plat__RealTime();
120 
121             // Only provide entropy 32 bits at a time to test the ability
122             // of the caller to deal with partial results.
123             ret = MIN(amount, sizeof(rndNum));
124             memcpy(entropy, &rndNum, ret);
125         }
126     }
127     return ret;
128 }