TPMCmd/tpm/src/subsystem/Time.c - platform/external/ms-tpm-20-ref - Git at Google

 /* Microsoft Reference Implementation for TPM 2.0
  *
  *  The copyright in this software is being made available under the BSD License,
  *  included below. This software may be subject to other third party and
  *  contributor rights, including patent rights, and no such rights are granted
  *  under this license.
  *
  *  Copyright (c) Microsoft Corporation
  *
  *  All rights reserved.
  *
  *  BSD License
  *
  *  Redistribution and use in source and binary forms, with or without modification,
  *  are permitted provided that the following conditions are met:
  *
  *  Redistributions of source code must retain the above copyright notice, this list
  *  of conditions and the following disclaimer.
  *
  *  Redistributions in binary form must reproduce the above copyright notice, this
  *  list of conditions and the following disclaimer in the documentation and/or
  *  other materials provided with the distribution.
  *
  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
  *  ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  *  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
  *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  *  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 //** Introduction
 // This file contains the functions relating to the TPM's time functions including
 // the interface to the implementation-specific time functions.
 //
 //** Includes
 #include "Tpm.h"
 #include "PlatformClock.h"

 //** Functions

 //*** TimePowerOn()
 // This function initialize time info at _TPM_Init().
 //
 // This function is called at _TPM_Init() so that the TPM time can start counting
 // as soon as the TPM comes out of reset and doesn't have to wait until
 // TPM2_Startup() in order to begin the new time epoch. This could be significant
 // for systems that could get powered up but not run any TPM commands for some
 // period of time.
 //
 void
 TimePowerOn(
     void
     )
 {
     g_time = _plat__TimerRead();
 }

 //*** TimeNewEpoch()
 // This function does the processing to generate a new time epoch nonce and
 // set NV for update. This function is only called when NV is known to be available
 // and the clock is running. The epoch is updated to persistent data.
 static void
 TimeNewEpoch(
     void
     )
 {
 #if CLOCK_STOPS
     CryptRandomGenerate(sizeof(CLOCK_NONCE), (BYTE *)&g_timeEpoch);
 #else
     // if the epoch is kept in NV, update it.
     gp.timeEpoch++;
     NV_SYNC_PERSISTENT(timeEpoch);
 #endif
     // Clean out any lingering state
     _plat__TimerWasStopped();
 }

 //*** TimeStartup()
 // This function updates the resetCount and restartCount components of
 // TPMS_CLOCK_INFO structure at TPM2_Startup().
 //
 // This function will deal with the deferred creation of a new epoch.
 // TimeUpdateToCurrent() will not start a new epoch even if one is due when
 // TPM_Startup() has not been run. This is because the state of NV is not known
 // until startup completes. When Startup is done, then it will create the epoch
 // nonce to complete the initializations by calling this function.
 BOOL
 TimeStartup(
     STARTUP_TYPE     type           // IN: start up type
     )
 {
     NOT_REFERENCED(type);
     // If the previous cycle is orderly shut down, the value of the safe bit
     // the same as previously saved.  Otherwise, it is not safe.
     if(!NV_IS_ORDERLY)
         go.clockSafe = NO;
     return TRUE;
 }

 //*** TimeClockUpdate()
 // This function updates go.clock. If 'newTime' requires an update of NV, then
 // NV is checked for availability. If it is not available or is rate limiting, then
 // go.clock is not updated and the function returns an error. If 'newTime' would
 // not cause an NV write, then go.clock is updated. If an NV write occurs, then
 // go.safe is SET.
 void
 TimeClockUpdate(
     UINT64           newTime    // IN: New time value in mS.
     )
 {
 #define CLOCK_UPDATE_MASK  ((1ULL << NV_CLOCK_UPDATE_INTERVAL)- 1)

     // Check to see if the update will cause a need for an nvClock update
     if((newTime | CLOCK_UPDATE_MASK) > (go.clock | CLOCK_UPDATE_MASK))
     {
         pAssert(g_NvStatus == TPM_RC_SUCCESS);

         // Going to update the NV time state so SET the safe flag
         go.clockSafe = YES;

         // update the time
         go.clock = newTime;

         NvWrite(NV_ORDERLY_DATA, sizeof(go), &go);
     }
     else
         // No NV update needed so just update
         go.clock = newTime;

 }

 //*** TimeUpdate()
 // This function is used to update the time and clock values. If the TPM
 // has run TPM2_Startup(), this function is called at the start of each command.
 // If the TPM has not run TPM2_Startup(), this is called from TPM2_Startup() to
 // get the clock values initialized. It is not called on command entry because, in
 // this implementation, the go structure is not read from NV until TPM2_Startup().
 // The reason for this is that the initialization code (_TPM_Init()) may run before
 // NV is accessible.
 void
 TimeUpdate(
     void
     )
 {
     UINT64          elapsed;
 //
     // Make sure that we consume the current _plat__TimerWasStopped() state.
    if(_plat__TimerWasStopped())
     {
         TimeNewEpoch();
     }
     // Get the difference between this call and the last time we updated the tick
     // timer.
     elapsed = _plat__TimerRead() - g_time;
     // Don't read +
     g_time += elapsed;

     // Don't need to check the result because it has to be success because have
     // already checked that NV is available.
     TimeClockUpdate(go.clock + elapsed);

     // Call self healing logic for dictionary attack parameters
     DASelfHeal();
 }

 //*** TimeUpdateToCurrent()
 // This function updates the 'Time' and 'Clock' in the global
 // TPMS_TIME_INFO structure.
 //
 // In this implementation, 'Time' and 'Clock' are updated at the beginning
 // of each command and the values are unchanged for the duration of the
 // command.
 //
 // Because 'Clock' updates may require a write to NV memory, 'Time' and 'Clock'
 // are not allowed to advance if NV is not available. When clock is not advancing,
 // any function that uses 'Clock' will fail and return TPM_RC_NV_UNAVAILABLE or
 // TPM_RC_NV_RATE.
 //
 // This implementation does not do rate limiting. If the implementation does do
 // rate limiting, then the 'Clock' update should not be inhibited even when doing
 // rate limiting.
 void
 TimeUpdateToCurrent(
     void
 )
 {
     // Can't update time during the dark interval or when rate limiting so don't
     // make any modifications to the internal clock value. Also, defer any clock
     // processing until TPM has run TPM2_Startup()
     if(!NV_IS_AVAILABLE || !TPMIsStarted())
         return;

     TimeUpdate();
 }


 //*** TimeSetAdjustRate()
 // This function is used to perform rate adjustment on 'Time' and 'Clock'.
 void
 TimeSetAdjustRate(
     TPM_CLOCK_ADJUST     adjust         // IN: adjust constant
     )
 {
     switch(adjust)
     {
         case TPM_CLOCK_COARSE_SLOWER:
             _plat__ClockAdjustRate(CLOCK_ADJUST_COARSE);
             break;
         case TPM_CLOCK_COARSE_FASTER:
             _plat__ClockAdjustRate(-CLOCK_ADJUST_COARSE);
             break;
         case TPM_CLOCK_MEDIUM_SLOWER:
             _plat__ClockAdjustRate(CLOCK_ADJUST_MEDIUM);
             break;
         case TPM_CLOCK_MEDIUM_FASTER:
             _plat__ClockAdjustRate(-CLOCK_ADJUST_MEDIUM);
             break;
         case TPM_CLOCK_FINE_SLOWER:
             _plat__ClockAdjustRate(CLOCK_ADJUST_FINE);
             break;
         case TPM_CLOCK_FINE_FASTER:
             _plat__ClockAdjustRate(-CLOCK_ADJUST_FINE);
             break;
         case TPM_CLOCK_NO_CHANGE:
             break;
         default:
             FAIL(FATAL_ERROR_INTERNAL);
             break;
     }

     return;
 }

 //*** TimeGetMarshaled()
 // This function is used to access TPMS_TIME_INFO in canonical form.
 // The function collects the time information and marshals it into 'dataBuffer'
 // and returns the marshaled size
 UINT16
 TimeGetMarshaled(
     TIME_INFO       *dataBuffer     // OUT: result buffer
     )
 {
     TPMS_TIME_INFO      timeInfo;

     // Fill TPMS_TIME_INFO structure
     timeInfo.time = g_time;
     TimeFillInfo(&timeInfo.clockInfo);

     // Marshal TPMS_TIME_INFO to canonical form
     return TPMS_TIME_INFO_Marshal(&timeInfo, (BYTE **)&dataBuffer, NULL);
 }

 //*** TimeFillInfo
 // This function gathers information to fill in a TPMS_CLOCK_INFO structure.
 void
 TimeFillInfo(
     TPMS_CLOCK_INFO     *clockInfo
     )
 {
     clockInfo->clock = go.clock;
     clockInfo->resetCount = gp.resetCount;
     clockInfo->restartCount = gr.restartCount;

     // If NV is not available, clock stopped advancing and the value reported is
     // not "safe".
     if(NV_IS_AVAILABLE)
         clockInfo->safe = go.clockSafe;
     else
         clockInfo->safe = NO;

     return;
 }
	/* Microsoft Reference Implementation for TPM 2.0
	*
	* The copyright in this software is being made available under the BSD License,
	* included below. This software may be subject to other third party and
	* contributor rights, including patent rights, and no such rights are granted
	* under this license.
	*
	* Copyright (c) Microsoft Corporation
	*
	* All rights reserved.
	*
	* BSD License
	*
	* Redistribution and use in source and binary forms, with or without modification,
	* are permitted provided that the following conditions are met:
	*
	* Redistributions of source code must retain the above copyright notice, this list
	* of conditions and the following disclaimer.
	*
	* Redistributions in binary form must reproduce the above copyright notice, this
	* list of conditions and the following disclaimer in the documentation and/or
	* other materials provided with the distribution.
	*
	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
	* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
	* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
	* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
	* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
	* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	*/
	//** Introduction
	// This file contains the functions relating to the TPM's time functions including
	// the interface to the implementation-specific time functions.
	//
	//** Includes
	#include "Tpm.h"
	#include "PlatformClock.h"

	//** Functions

	//*** TimePowerOn()
	// This function initialize time info at _TPM_Init().
	//
	// This function is called at _TPM_Init() so that the TPM time can start counting
	// as soon as the TPM comes out of reset and doesn't have to wait until
	// TPM2_Startup() in order to begin the new time epoch. This could be significant
	// for systems that could get powered up but not run any TPM commands for some
	// period of time.
	//
	void
	TimePowerOn(
	void
	)
	{
	g_time = _plat__TimerRead();
	}

	//*** TimeNewEpoch()
	// This function does the processing to generate a new time epoch nonce and
	// set NV for update. This function is only called when NV is known to be available
	// and the clock is running. The epoch is updated to persistent data.
	static void
	TimeNewEpoch(
	void
	)
	{
	#if CLOCK_STOPS
	CryptRandomGenerate(sizeof(CLOCK_NONCE), (BYTE *)&g_timeEpoch);
	#else
	// if the epoch is kept in NV, update it.
	gp.timeEpoch++;
	NV_SYNC_PERSISTENT(timeEpoch);
	#endif
	// Clean out any lingering state
	_plat__TimerWasStopped();
	}

	//*** TimeStartup()
	// This function updates the resetCount and restartCount components of
	// TPMS_CLOCK_INFO structure at TPM2_Startup().
	//
	// This function will deal with the deferred creation of a new epoch.
	// TimeUpdateToCurrent() will not start a new epoch even if one is due when
	// TPM_Startup() has not been run. This is because the state of NV is not known
	// until startup completes. When Startup is done, then it will create the epoch
	// nonce to complete the initializations by calling this function.
	BOOL
	TimeStartup(
	STARTUP_TYPE type // IN: start up type
	)
	{
	NOT_REFERENCED(type);
	// If the previous cycle is orderly shut down, the value of the safe bit
	// the same as previously saved. Otherwise, it is not safe.
	if(!NV_IS_ORDERLY)
	go.clockSafe = NO;
	return TRUE;
	}

	//*** TimeClockUpdate()
	// This function updates go.clock. If 'newTime' requires an update of NV, then
	// NV is checked for availability. If it is not available or is rate limiting, then
	// go.clock is not updated and the function returns an error. If 'newTime' would
	// not cause an NV write, then go.clock is updated. If an NV write occurs, then
	// go.safe is SET.
	void
	TimeClockUpdate(
	UINT64 newTime // IN: New time value in mS.
	)
	{
	#define CLOCK_UPDATE_MASK ((1ULL << NV_CLOCK_UPDATE_INTERVAL)- 1)

	// Check to see if the update will cause a need for an nvClock update
	if((newTime \| CLOCK_UPDATE_MASK) > (go.clock \| CLOCK_UPDATE_MASK))
	{
	pAssert(g_NvStatus == TPM_RC_SUCCESS);

	// Going to update the NV time state so SET the safe flag
	go.clockSafe = YES;

	// update the time
	go.clock = newTime;

	NvWrite(NV_ORDERLY_DATA, sizeof(go), &go);
	}
	else
	// No NV update needed so just update
	go.clock = newTime;

	}

	//*** TimeUpdate()
	// This function is used to update the time and clock values. If the TPM
	// has run TPM2_Startup(), this function is called at the start of each command.
	// If the TPM has not run TPM2_Startup(), this is called from TPM2_Startup() to
	// get the clock values initialized. It is not called on command entry because, in
	// this implementation, the go structure is not read from NV until TPM2_Startup().
	// The reason for this is that the initialization code (_TPM_Init()) may run before
	// NV is accessible.
	void
	TimeUpdate(
	void
	)
	{
	UINT64 elapsed;
	//
	// Make sure that we consume the current _plat__TimerWasStopped() state.
	if(_plat__TimerWasStopped())
	{
	TimeNewEpoch();
	}
	// Get the difference between this call and the last time we updated the tick
	// timer.
	elapsed = _plat__TimerRead() - g_time;
	// Don't read +
	g_time += elapsed;

	// Don't need to check the result because it has to be success because have
	// already checked that NV is available.
	TimeClockUpdate(go.clock + elapsed);

	// Call self healing logic for dictionary attack parameters
	DASelfHeal();
	}

	//*** TimeUpdateToCurrent()
	// This function updates the 'Time' and 'Clock' in the global
	// TPMS_TIME_INFO structure.
	//
	// In this implementation, 'Time' and 'Clock' are updated at the beginning
	// of each command and the values are unchanged for the duration of the
	// command.
	//
	// Because 'Clock' updates may require a write to NV memory, 'Time' and 'Clock'
	// are not allowed to advance if NV is not available. When clock is not advancing,
	// any function that uses 'Clock' will fail and return TPM_RC_NV_UNAVAILABLE or
	// TPM_RC_NV_RATE.
	//
	// This implementation does not do rate limiting. If the implementation does do
	// rate limiting, then the 'Clock' update should not be inhibited even when doing
	// rate limiting.
	void
	TimeUpdateToCurrent(
	void
	)
	{
	// Can't update time during the dark interval or when rate limiting so don't
	// make any modifications to the internal clock value. Also, defer any clock
	// processing until TPM has run TPM2_Startup()
	if(!NV_IS_AVAILABLE \|\| !TPMIsStarted())
	return;

	TimeUpdate();
	}


	//*** TimeSetAdjustRate()
	// This function is used to perform rate adjustment on 'Time' and 'Clock'.
	void
	TimeSetAdjustRate(
	TPM_CLOCK_ADJUST adjust // IN: adjust constant
	)
	{
	switch(adjust)
	{
	case TPM_CLOCK_COARSE_SLOWER:
	_plat__ClockAdjustRate(CLOCK_ADJUST_COARSE);
	break;
	case TPM_CLOCK_COARSE_FASTER:
	_plat__ClockAdjustRate(-CLOCK_ADJUST_COARSE);
	break;
	case TPM_CLOCK_MEDIUM_SLOWER:
	_plat__ClockAdjustRate(CLOCK_ADJUST_MEDIUM);
	break;
	case TPM_CLOCK_MEDIUM_FASTER:
	_plat__ClockAdjustRate(-CLOCK_ADJUST_MEDIUM);
	break;
	case TPM_CLOCK_FINE_SLOWER:
	_plat__ClockAdjustRate(CLOCK_ADJUST_FINE);
	break;
	case TPM_CLOCK_FINE_FASTER:
	_plat__ClockAdjustRate(-CLOCK_ADJUST_FINE);
	break;
	case TPM_CLOCK_NO_CHANGE:
	break;
	default:
	FAIL(FATAL_ERROR_INTERNAL);
	break;
	}

	return;
	}

	//*** TimeGetMarshaled()
	// This function is used to access TPMS_TIME_INFO in canonical form.
	// The function collects the time information and marshals it into 'dataBuffer'
	// and returns the marshaled size
	UINT16
	TimeGetMarshaled(
	TIME_INFO *dataBuffer // OUT: result buffer
	)
	{
	TPMS_TIME_INFO timeInfo;

	// Fill TPMS_TIME_INFO structure
	timeInfo.time = g_time;
	TimeFillInfo(&timeInfo.clockInfo);

	// Marshal TPMS_TIME_INFO to canonical form
	return TPMS_TIME_INFO_Marshal(&timeInfo, (BYTE **)&dataBuffer, NULL);
	}

	//*** TimeFillInfo
	// This function gathers information to fill in a TPMS_CLOCK_INFO structure.
	void
	TimeFillInfo(
	TPMS_CLOCK_INFO *clockInfo
	)
	{
	clockInfo->clock = go.clock;
	clockInfo->resetCount = gp.resetCount;
	clockInfo->restartCount = gr.restartCount;

	// If NV is not available, clock stopped advancing and the value reported is
	// not "safe".
	if(NV_IS_AVAILABLE)
	clockInfo->safe = go.clockSafe;
	else
	clockInfo->safe = NO;

	return;
	}