1 
2 /* Microsoft Reference Implementation for TPM 2.0
3  *
4  *  The copyright in this software is being made available under the BSD License,
5  *  included below. This software may be subject to other third party and
6  *  contributor rights, including patent rights, and no such rights are granted
7  *  under this license.
8  *
9  *  Copyright (c) Microsoft Corporation
10  *
11  *  All rights reserved.
12  *
13  *  BSD License
14  *
15  *  Redistribution and use in source and binary forms, with or without modification,
16  *  are permitted provided that the following conditions are met:
17  *
18  *  Redistributions of source code must retain the above copyright notice, this list
19  *  of conditions and the following disclaimer.
20  *
21  *  Redistributions in binary form must reproduce the above copyright notice, this
22  *  list of conditions and the following disclaimer in the documentation and/or
23  *  other materials provided with the distribution.
24  *
25  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
26  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
28  *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
29  *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
30  *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
31  *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
32  *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33  *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
34  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35  */
36 // This file contains the build switches. This contains switches for multiple
37 // versions of the crypto-library so some may not apply to your environment.
38 //
39 // The switches are guarded so that they can either be set on the command line or
40 // set here. If the switch is listed on the command line (-DSOME_SWITCH) with NO
41 // setting, then the switch will be set to YES. If the switch setting is not on the
42 // command line or if the setting is other than YES or NO, then the switch will be set
43 // to the default value. The default can either be YES or NO as indicated on each line
44 // where the default is selected.
45 //
46 // A caution: do not try to test these macros by inserting #defines in this file. For
47 // some curious reason, a variable set on the command line with no setting will have a
48 // value of 1. An "#if SOME_VARIABLE" will work if the variable is not defined or is
49 // defined on the command line with no initial setting. However, a
50 // "#define SOME_VARIABLE" is a null string and when used in "#if SOME_VARIABLE" will
51 // not be a proper expression If you want to test various switches, either use the
52 // command line or change the default.
53 //
54 #ifndef _TPM_BUILD_SWITCHES_H_
55 #define _TPM_BUILD_SWITCHES_H_
56 
57 #undef YES
58 #define YES 1
59 #undef NO
60 #define NO 0
61 
62 // Allow the command line to specify a "profile" file
63 #ifdef PROFILE
64 #   define PROFILE_QUOTE(a) #a
65 #   define PROFILE_INCLUDE(a) PROFILE_QUOTE(a)
66 #   include PROFILE_INCLUDE(PROFILE)
67 #endif
68 
69 // Need an unambiguous definition for DEBUG. Do not change this
70 #ifndef DEBUG
71 #   ifdef NDEBUG
72 #       define  DEBUG   NO
73 #   else
74 #       define  DEBUG   YES
75 #   endif
76 #elif (DEBUG != NO) && (DEBUG != YES)
77 #   undef   DEBUG
78 #   define  DEBUG                       YES     // Default: Either YES or NO
79 #endif
80 
81 #include "CompilerDependencies.h"
82 
83 // This definition is required for the re-factored code
84 #if (!defined USE_BN_ECC_DATA)                                                      \
85                 || ((USE_BN_ECC_DATA != NO) && (USE_BN_ECC_DATA != YES))
86 #   undef   USE_BN_ECC_DATA
87 #   define  USE_BN_ECC_DATA             YES     // Default: Either YES or NO
88 #endif
89 
90 // The SIMULATION switch allows certain other macros to be enabled. The things that
91 // can be enabled in a simulation include key caching, reproducible "random"
92 // sequences, instrumentation of the RSA key generation process, and certain other
93 // debug code. SIMULATION Needs to be defined as either YES or NO. This grouping of
94 // macros will make sure that it is set correctly. A simulated TPM would include a
95 // Virtual TPM. The interfaces for a Virtual TPM should be modified from the standard
96 // ones in the Simulator project.
97 //
98 // If SIMULATION is in the compile parameters without modifiers,
99 // make SIMULATION == YES
100 #if !(defined SIMULATION) || ((SIMULATION != NO) && (SIMULATION != YES))
101 #   undef   SIMULATION
102 #   define  SIMULATION                  YES     // Default: Either YES or NO
103 #endif
104 
105 // Define this to run the function that checks the compatibility between the
106 // chosen big number math library and the TPM code. Not all ports use this.
107 #if !(defined LIBRARY_COMPATIBILITY_CHECK)                                          \
108         || (( LIBRARY_COMPATIBILITY_CHECK != NO)                                    \
109             && (LIBRARY_COMPATIBILITY_CHECK != YES))
110 #   undef   LIBRARY_COMPATIBILITY_CHECK
111 #   define  LIBRARY_COMPATIBILITY_CHECK YES     // Default: Either YES or NO
112 #endif
113 
114 #if !(defined FIPS_COMPLIANT) || ((FIPS_COMPLIANT != NO) && (FIPS_COMPLIANT != YES))
115 #   undef   FIPS_COMPLIANT
116 #   define  FIPS_COMPLIANT              YES     // Default: Either YES or NO
117 #endif
118 
119 // Definition to allow alternate behavior for non-orderly startup. If there is a
120 // chance that the TPM could not update 'failedTries'
121 #if !(defined USE_DA_USED) || ((USE_DA_USED != NO) && (USE_DA_USED != YES))
122 #   undef   USE_DA_USED
123 #   define  USE_DA_USED                 YES     // Default: Either YES or NO
124 #endif
125 
126 // Define TABLE_DRIVEN_DISPATCH to use tables rather than case statements
127 // for command dispatch and handle unmarshaling
128 #if !(defined TABLE_DRIVEN_DISPATCH)                                                \
129         || ((TABLE_DRIVEN_DISPATCH != NO) && (TABLE_DRIVEN_DISPATCH != YES))
130 #   undef   TABLE_DRIVEN_DISPATCH
131 #   define  TABLE_DRIVEN_DISPATCH       YES     // Default: Either YES or NO
132 #endif
133 
134 // This switch is used to enable the self-test capability in AlgorithmTests.c
135 #if !(defined SELF_TEST) || ((SELF_TEST != NO) && (SELF_TEST != YES))
136 #   undef   SELF_TEST
137 #   define  SELF_TEST                   YES     // Default: Either YES or NO
138 #endif
139 
140 // Enable the generation of RSA primes using a sieve.
141 #if !(defined RSA_KEY_SIEVE) || ((RSA_KEY_SIEVE != NO) && (RSA_KEY_SIEVE != YES))
142 #   undef   RSA_KEY_SIEVE
143 #   define  RSA_KEY_SIEVE               YES     // Default: Either YES or NO
144 #endif
145 
146 // Enable the instrumentation of the sieve process. This is used to tune the sieve
147 // variables.
148 #if RSA_KEY_SIEVE && SIMULATION
149 #   if !(defined RSA_INSTRUMENT)                                                    \
150             || ((RSA_INSTRUMENT != NO) && (RSA_INSTRUMENT != YES))
151 #       undef   RSA_INSTRUMENT
152 #       define  RSA_INSTRUMENT          NO      // Default: Either YES or NO
153 #   endif
154 #endif
155 
156 // This switch enables the RNG state save and restore
157 #if !(defined _DRBG_STATE_SAVE)                                                     \
158     || ((_DRBG_STATE_SAVE != NO) && (_DRBG_STATE_SAVE != YES))
159 #   undef   _DRBG_STATE_SAVE
160 #   define  _DRBG_STATE_SAVE            YES     // Default: Either YES or NO
161 #endif
162 
163 // Switch added to support packed lists that leave out space associated with
164 // unimplemented commands. Comment this out to use linear lists.
165 // Note: if vendor specific commands are present, the associated list is always
166 // in compressed form.
167 #if !(defined COMPRESSED_LISTS)                                                     \
168     || ((COMPRESSED_LISTS != NO) && (COMPRESSED_LISTS != YES))
169 #   undef   COMPRESSED_LISTS
170 #   define  COMPRESSED_LISTS            YES     // Default: Either YES or NO
171 #endif
172 
173 // This switch indicates where clock epoch value should be stored. If this value
174 // defined, then it is assumed that the timer will change at any time so the
175 // nonce should be a random number kept in RAM. When it is not defined, then the
176 // timer only stops during power outages.
177 #if !(defined CLOCK_STOPS) || ((CLOCK_STOPS != NO) && (CLOCK_STOPS != YES))
178 #   undef   CLOCK_STOPS
179 #   define  CLOCK_STOPS                 NO      // Default: Either YES or NO
180 #endif
181 
182 // This switch allows use of #defines in place of pass-through marshaling or
183 // unmarshaling code. A pass-through function just calls another function to do
184 // the required function and does no parameter checking of its own. The
185 // table-driven dispatcher calls directly to the lowest level
186 // marshaling/unmarshaling code and by-passes any pass-through functions.
187 #if (defined USE_MARSHALING_DEFINES) && (USE_MARSHALING_DEFINES != NO)
188 #   undef   USE_MARSHALING_DEFINES
189 #   define  USE_MARSHALING_DEFINES      YES
190 #else
191 #   define USE_MARSHALING_DEFINES       YES     // Default: Either YES or NO
192 #endif
193 
194 //**********************************
195 // The switches in this group can only be enabled when doing debug during simulation
196 #if SIMULATION && DEBUG
197 // This forces the use of a smaller context slot size. This reduction reduces the
198 // range of the epoch allowing the tester to force the epoch to occur faster than
199 // the normal defined in TpmProfile.h
200 #   if !(defined CONTEXT_SLOT)
201 #       define CONTEXT_SLOT             UINT8
202 #   endif
203 // Enables use of the key cache. Default is YES
204 #   if !(defined USE_RSA_KEY_CACHE)                                                 \
205     || ((USE_RSA_KEY_CACHE != NO) && (USE_RSA_KEY_CACHE != YES))
206 #       undef   USE_RSA_KEY_CACHE
207 #       define  USE_RSA_KEY_CACHE       YES     // Default: Either YES or NO
208 #   endif
209 
210 // Enables use of a file to store the key cache values so that the TPM will start
211 // faster during debug. Default for this is YES
212 #   if USE_RSA_KEY_CACHE
213 #       if !(defined USE_KEY_CACHE_FILE)                                            \
214             || ((USE_KEY_CACHE_FILE != NO) && (USE_KEY_CACHE_FILE != YES))
215 #           undef   USE_KEY_CACHE_FILE
216 #           define  USE_KEY_CACHE_FILE  YES     // Default: Either YES or NO
217 #       endif
218 #   else
219 #       undef   USE_KEY_CACHE_FILE
220 #       define  USE_KEY_CACHE_FILE      NO
221 #   endif   // USE_RSA_KEY_CACHE
222 
223 // This provides fixed seeding of the RNG when doing debug on a simulator. This
224 // should allow consistent results on test runs as long as the input parameters
225 // to the functions remains the same. There is no default value.
226 #   if !(defined USE_DEBUG_RNG) || ((USE_DEBUG_RNG != NO) && (USE_DEBUG_RNG != YES))
227 #       undef   USE_DEBUG_RNG
228 #       define  USE_DEBUG_RNG           YES     // Default: Either YES or NO
229 #   endif
230 
231 // Do not change these. They are the settings needed when not doing a simulation and
232 // not doing debug. Can't use the key cache except during debug. Otherwise, all of the
233 // key values end up being the same
234 #else
235 #   define USE_RSA_KEY_CACHE            NO
236 #   define USE_RSA_KEY_CACHE_FILE       NO
237 #   define USE_DEBUG_RNG                NO
238 #endif  // DEBUG && SIMULATION
239 
240 #if DEBUG
241 
242 // In some cases, the relationship between two values may be dependent
243 // on things that change based on various selections like the chosen cryptographic
244 // libraries. It is possible that these selections will result in incompatible
245 // settings. These are often detectable by the compiler but it is not always
246 // possible to do the check in the preprocessor code. For example, when the
247 // check requires use of 'sizeof'() then the preprocessor can't do the comparison.
248 // For these cases, we include a special macro that, depending on the compiler
249 // will generate a warning to indicate if the check always passes or always fails
250 // because it involves fixed constants. To run these checks, define COMPILER_CHECKS.
251 #   if !(defined COMPILER_CHECKS)                                                   \
252         || ((COMPILER_CHECKS != NO) && (COMPILER_CHECKS != YES))
253 #       undef   COMPILER_CHECKS
254 #       define  COMPILER_CHECKS         NO      // Default: Either YES or NO
255 #   endif
256 
257 // Some of the values (such as sizes) are the result of different options set in
258 // TpmProfile.h. The combination might not be consistent. A function is defined
259 // (TpmSizeChecks()) that is used to verify the sizes at run time. To enable the
260 // function, define this parameter.
261 #   if !(defined RUNTIME_SIZE_CHECKS)                                               \
262     || ((RUNTIME_SIZE_CHECKS != NO) && (RUNTIME_SIZE_CHECKS != YES))
263 #       undef RUNTIME_SIZE_CHECKS
264 #       define RUNTIME_SIZE_CHECKS      YES      // Default: Either YES or NO
265 #   endif
266 
267 // If doing debug, can set the DRBG to print out the intermediate test values.
268 // Before enabling this, make sure that the dbgDumpMemBlock() function
269 // has been added someplace (preferably, somewhere in CryptRand.c)
270 #   if !(defined DRBG_DEBUG_PRINT)                                                  \
271     || ((DRBG_DEBUG_PRINT != NO) && (DRBG_DEBUG_PRINT != YES))
272 #       undef   DRBG_DEBUG_PRINT
273 #       define  DRBG_DEBUG_PRINT        NO      // Default: Either YES or NO
274 #   endif
275 
276 // If an assertion event it not going to produce any trace information (function and
277 // line number) then make FAIL_TRACE == NO
278 #   if !(defined FAIL_TRACE) || ((FAIL_TRACE != NO) && (FAIL_TRACE != YES))
279 #       undef   FAIL_TRACE
280 #       define  FAIL_TRACE              YES     // Default: Either YES or NO
281 #   endif
282 
283 #endif // DEBUG
284 
285 // Indicate if the implementation is going to give lockout time credit for time up to
286 // the last orderly shutdown.
287 #if !(defined ACCUMULATE_SELF_HEAL_TIMER)                                           \
288     || ((ACCUMULATE_SELF_HEAL_TIMER != NO) && (ACCUMULATE_SELF_HEAL_TIMER != YES))
289 #   undef   ACCUMULATE_SELF_HEAL_TIMER
290 #   define  ACCUMULATE_SELF_HEAL_TIMER  YES     // Default: Either YES or NO
291 #endif
292 
293 // Indicates if the implementation is to compute the sizes of the proof and primary
294 // seed size values based on the implemented algorithms.
295 #if !(defined USE_SPEC_COMPLIANT_PROOFS)                                            \
296     || ((USE_SPEC_COMPLIANT_PROOFS != NO) && (USE_SPEC_COMPLIANT_PROOFS != YES))
297 #   undef   USE_SPEC_COMPLIANT_PROOFS
298 #   define  USE_SPEC_COMPLIANT_PROOFS   YES     // Default: Either YES or NO
299 #endif
300 
301 // Comment this out to allow compile to continue even though the chosen proof values
302 // do not match the compliant values. This is written so that someone would
303 // have to proactively ignore errors.
304 #if !(defined SKIP_PROOF_ERRORS)                                                    \
305     || ((SKIP_PROOF_ERRORS != NO) && (SKIP_PROOF_ERRORS != YES))
306 #   undef   SKIP_PROOF_ERRORS
307 #   define  SKIP_PROOF_ERRORS           NO      // Default: Either YES or NO
308 #endif
309 
310 // This define is used to eliminate the use of bit-fields. It can be enabled for big-
311 // or little-endian machines. For big-endian architectures that numbers bits in
312 // registers from left to right (MSb0) this must be enabled. Little-endian machines
313 // number from right to left with the least significant bit having assigned a bit
314 // number of 0. These are LSb0 machines (they are also little-endian so they are also
315 // least-significant byte 0 (LSB0) machines. Big-endian (MSB0) machines may number in
316 // either direction (MSb0 or LSb0). For an MSB0+MSb0 machine this value is required to
317 // be 'NO'
318 #if !(defined USE_BIT_FIELD_STRUCTURES)                                             \
319     || ((USE_BIT_FIELD_STRUCTURES != NO) && (USE_BIT_FIELD_STRUCTURES != YES))
320 #   undef   USE_BIT_FIELD_STRUCTURES
321 #   define  USE_BIT_FIELD_STRUCTURES    NO        // Default: Either YES or NO
322 #endif
323 
324 // This define is used to control the debug for the CertifyX509 command.
325 #if !(defined CERTIFYX509_DEBUG)                                                    \
326     || ((CERTIFYX509_DEBUG != NO) && (CERTIFYX509_DEBUG != YES))
327 #   undef   CERTIFYX509_DEBUG
328 #   define  CERTIFYX509_DEBUG YES               // Default: Either YES or NO
329 #endif
330 
331 // This define is used to enable the new table-driven marshaling code.
332 #if !(defined TABLE_DRIVEN_MARSHAL)                                                 \
333     || ((TABLE_DRIVEN_MARSHAL != NO) && (TABLE_DRIVEN_MARSHAL != YES))
334 #   undef   TABLE_DRIVEN_MARSHAL
335 #   define  TABLE_DRIVEN_MARSHAL NO  // Default: Either YES or NO
336 #endif
337 
338 // Change these definitions to turn all algorithms or commands ON or OFF. That is,
339 // to turn all algorithms on, set ALG_NO to YES. This is mostly useful as a debug
340 // feature.
341 #define      ALG_YES      YES
342 #define      ALG_NO       NO
343 #define      CC_YES       YES
344 #define      CC_NO        NO
345 
346 #endif // _TPM_BUILD_SWITCHES_H_