A few weeks ago I asked for information on using the increasingly prevalent built-in TPM chips in computers (especially laptops) as a random number source. I got some good advice and want to summarize the information for the benefit of others.
The TPM chip as spec'd by the Trusted Computing Group (www.trustedcomputinggroup.org) is a complex and controversial device. Despite (or perhaps because of) all the fuss over it when the technology was introduced, nothing much has happened with it and they are mostly used to add a bit of security to encrypted files and such. TPMs do have hardware RNGs and I wanted to find out how to access this capability. On Windows, there are several APIs available which can work. The "native" API for the TPM is the Trusted Software Stack (TSS). https://www.trustedcomputinggroup.org/groups/software/ This provides a wide range of TPM-specific functions, including ones to access the RNG. Another alternative is Microsoft's Crypto API (MS-CAPI). CAPI uses a plug-in architecture where Crypto Service Providers (CSPs) provide the required functionality. TPM-based CSPs allow access to TPM functions via CAPI. Third, the PKCS-11 (Cryptoki) API is designed for access to smart cards, but TPM manufacturers often deliver PKCS-11 compatible libraries for access to the chips. Both CAPI and PKCS-11 have random number functionality which can be used to access the TPM RNG. The main problem in practice with using this functionality on Windows is that there is as yet no standard for naming or locating the DLL's which supply the necessary functions. I am testing on an IBM Thinkpad with an Atmel TPM, and it comes with DLL's that provide TSS, CAPI and PKCS-11 interfaces. But all are supplied with non-standard names and located in non-standard places. Software to use these functions has to know where the DLLs are and what they are called in order to load them explicitly. The exception is MS-CAPI. CAPI provides an interface to enumerate all the CSPs, so if you can figure out which one is the TPM CSP you can then use that one to generate random numbers. One of the CAPI functions lets you query to see if the CSP has hardware RNG support. On my system, this returns TRUE for the TPM CSP. However, a colleague has a Dell system with a different TPM and different software, and that TPM's CSP does not set this bit. So I don't have a foolproof method of figuring out which CSP to use in order to access the TPM. It might be possible to hard-code the names of all known TPM CSPs but that would not be very flexible going forward. At this point MS-CAPI still looks like the best choice for machine-independent access to the TPM RNG on Windows. The ability to reliably enumerate all the CSPs is much easier than hunting through the disk to try to find a DLL to implement the TSS or PKCS-11 APIs. OTOH if you are building the software for a particular system and can build in the location of the necessary DLL, one of the other APIs could work too. On Linux systems, as I mentioned earlier, the standard appears to be an open-source TSS implementation called Trousers, at http://trousers.sourceforge.net . This requires the Linux kernel to have a TPM device driver built-in or as a loadable module. This has been available in the kernel since 2.6.12, but many distributions do not enable it, even as a module, so some work is needed to make a kernel with TPM support. Then the Trousers software builds a daemon process, tcsd, which opens /dev/tpm exclusively, and a library, libtspi, for remote access to tcsd and the TPM. If you want a cross-platform solution, TSS is probably the best approach going forward. As noted, at present the software support is a little immature and some local configuration will be necessary - locating the TSS DLL on Windows, and installing the TPM kernel support and Trousers software on Linux. Once this is done, the TSS API should provide for cross-platform capability. And of course it has additional functionality if you want to use the TPM for more than just random number generation. Intel Macs have TPM chips as well but I don't know of any software yet that can access them. Eventually I would expect a TSS solution to be available on that platform as well. Thanks again to the people who provided me information about these various solutions! Hal Finney --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]