Skip to content

Commit

Permalink
SPDM 1.3 Algorithm - Add definitions for other params support and sel…
Browse files Browse the repository at this point in the history 
…ection

This patch adds:
1. Definitions of OtherParams to add MultiKeyConn in algorithm negotiation
    messages.
2. Integartions of SpdmOpaqueSupport to SpdmAlgoOtherParams.
3. Encode and decode flow to parse the updated definitions, and relative
    unit test.

This patch remains:
Negotiation of multiple asymmetric key support as unsupported.
  • Loading branch information
@IntelCaisui
IntelCaisui committed Jan 15, 2025
1 parent 17550af commit 3e1d7e5
Show file tree
Hide file tree
Showing 17 changed files with 168 additions and 112 deletions.
14 changes: 9 additions & 5 deletions fuzz-target/requester/key_exchange_req/src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
//
// SPDX-License-Identifier: Apache-2.0 or MIT

use fuzzlib::{common::SpdmOpaqueSupport, *};
use fuzzlib::*;
use spdmlib::common::SpdmConnectionState;
use spdmlib::protocol::*;

Expand Down Expand Up @@ -40,7 +40,8 @@ async fn fuzz_send_receive_spdm_key_exchange(fuzzdata: Arc<Vec<u8>>) {
req_provision_info,
);
requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.other_params_support =
SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM;
requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down Expand Up @@ -81,7 +82,8 @@ async fn fuzz_send_receive_spdm_key_exchange(fuzzdata: Arc<Vec<u8>>) {
req_provision_info,
);
requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.other_params_support =
SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM;
requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down Expand Up @@ -157,7 +159,8 @@ async fn fuzz_send_receive_spdm_key_exchange(fuzzdata: Arc<Vec<u8>>) {
req_provision_info,
);
requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.other_params_support =
SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM;
requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down Expand Up @@ -199,7 +202,8 @@ async fn fuzz_send_receive_spdm_key_exchange(fuzzdata: Arc<Vec<u8>>) {
req_provision_info,
);
requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.other_params_support =
SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM;
requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down
11 changes: 7 additions & 4 deletions fuzz-target/requester/psk_exchange_req/src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
//
// SPDX-License-Identifier: Apache-2.0 or MIT

use fuzzlib::{common::SpdmOpaqueSupport, *};
use fuzzlib::*;
use spdmlib::common::SpdmConnectionState;
use spdmlib::protocol::*;
use spin::Mutex;
Expand Down Expand Up @@ -38,7 +38,8 @@ async fn fuzz_send_receive_spdm_psk_exchange(fuzzdata: Arc<Vec<u8>>) {
req_provision_info,
);
requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.other_params_support =
SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM;
requester.common.negotiate_info.rsp_capabilities_sel =
Expand Down Expand Up @@ -76,7 +77,8 @@ async fn fuzz_send_receive_spdm_psk_exchange(fuzzdata: Arc<Vec<u8>>) {
req_provision_info,
);
requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.other_params_support =
SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM;
requester.common.negotiate_info.rsp_capabilities_sel =
Expand Down Expand Up @@ -111,7 +113,8 @@ async fn fuzz_send_receive_spdm_psk_exchange(fuzzdata: Arc<Vec<u8>>) {
req_provision_info,
);
requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.other_params_support =
SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM;
requester.common.negotiate_info.rsp_capabilities_sel =
Expand Down
8 changes: 4 additions & 4 deletions fuzz-target/responder/keyexchange_rsp/src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
//
// SPDX-License-Identifier: Apache-2.0 or MIT

use fuzzlib::{common::SpdmOpaqueSupport, *};
use fuzzlib::*;
use spdmlib::common::SpdmConnectionState;
use spdmlib::protocol::*;
use spin::Mutex;
Expand Down Expand Up @@ -35,7 +35,7 @@ async fn fuzz_handle_spdm_key_exchange(data: Arc<Vec<u8>>) {
provision_info,
);
context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11;
context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
context.common.negotiate_info.other_params_support = SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384;
context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down Expand Up @@ -84,7 +84,7 @@ async fn fuzz_handle_spdm_key_exchange(data: Arc<Vec<u8>>) {
provision_info,
);
context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
context.common.negotiate_info.other_params_support = SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384;
context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down Expand Up @@ -137,7 +137,7 @@ async fn fuzz_handle_spdm_key_exchange(data: Arc<Vec<u8>>) {
provision_info,
);
context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11;
context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
context.common.negotiate_info.other_params_support = SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384;
context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down
10 changes: 5 additions & 5 deletions fuzz-target/responder/pskexchange_rsp/src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

use fuzzlib::config::MAX_SPDM_SESSION_COUNT;
use fuzzlib::spdmlib::common::session::SpdmSession;
use fuzzlib::{common::SpdmConnectionState, common::SpdmOpaqueSupport, *};
use fuzzlib::{common::SpdmConnectionState, *};
use spdmlib::protocol::*;
use spin::Mutex;
extern crate alloc;
Expand Down Expand Up @@ -38,7 +38,7 @@ async fn fuzz_handle_spdm_psk_exchange(data: Arc<Vec<u8>>) {
provision_info,
);
context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
context.common.negotiate_info.other_params_support = SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384;
context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down Expand Up @@ -81,7 +81,7 @@ async fn fuzz_handle_spdm_psk_exchange(data: Arc<Vec<u8>>) {
provision_info,
);
context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
context.common.negotiate_info.other_params_support = SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384;
context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down Expand Up @@ -124,7 +124,7 @@ async fn fuzz_handle_spdm_psk_exchange(data: Arc<Vec<u8>>) {
provision_info,
);
context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
context.common.negotiate_info.other_params_support = SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384;
context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down Expand Up @@ -171,7 +171,7 @@ async fn fuzz_handle_spdm_psk_exchange(data: Arc<Vec<u8>>) {
provision_info,
);
context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
context.common.negotiate_info.other_params_support = SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384;
context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down
6 changes: 4 additions & 2 deletions spdmlib/src/common/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1131,7 +1131,7 @@ pub struct SpdmConfigInfo {
pub aead_algo: SpdmAeadAlgo,
pub req_asym_algo: SpdmReqAsymAlgo,
pub key_schedule_algo: SpdmKeyScheduleAlgo,
pub opaque_support: SpdmOpaqueSupport,
pub other_params_support: SpdmAlgoOtherParams,
pub session_policy: u8,
pub runtime_content_change_support: bool,
pub data_transfer_size: u32,
Expand All @@ -1155,12 +1155,14 @@ pub struct SpdmNegotiateInfo {
pub aead_sel: SpdmAeadAlgo,
pub req_asym_sel: SpdmReqAsymAlgo,
pub key_schedule_sel: SpdmKeyScheduleAlgo,
pub opaque_data_support: SpdmOpaqueSupport,
pub other_params_support: SpdmAlgoOtherParams,
pub termination_policy_set: bool, // used by responder to take action when code or configuration changed.
pub req_data_transfer_size_sel: u32, // spdm 1.2
pub req_max_spdm_msg_size_sel: u32, // spdm 1.2
pub rsp_data_transfer_size_sel: u32, // spdm 1.2
pub rsp_max_spdm_msg_size_sel: u32, // spdm 1.2
pub multi_key_conn_req: bool, // spdm 1.3
pub multi_key_conn_rsp: bool, // spdm 1.3
}

pub const MAX_MANAGED_BUFFER_A_SIZE: usize = 150 + 2 * 255; // for version response, there can be more than MAX_SPDM_VERSION_COUNT versions.
Expand Down
60 changes: 20 additions & 40 deletions spdmlib/src/common/opaque.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -360,7 +360,11 @@ impl SpdmCodec for SMVersionSelOpaque {
fn spdm_encode(&self, context: &mut SpdmContext, bytes: &mut Writer) -> SpdmResult<usize> {
let mut cnt = 0;
if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 {
if context.negotiate_info.opaque_data_support == SpdmOpaqueSupport::OPAQUE_DATA_FMT1 {
if context
.negotiate_info
.other_params_support
.contains(SpdmAlgoOtherParams::OPAQUE_DATA_FMT1)
{
cnt += FM1OpaqueDataHeader
.encode(bytes)
.map_err(|_| SPDM_STATUS_BUFFER_FULL)?;
Expand All @@ -379,7 +383,11 @@ impl SpdmCodec for SMVersionSelOpaque {

fn spdm_read(context: &mut SpdmContext, r: &mut Reader) -> Option<Self> {
if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 {
if context.negotiate_info.opaque_data_support == SpdmOpaqueSupport::OPAQUE_DATA_FMT1 {
if context
.negotiate_info
.other_params_support
.contains(SpdmAlgoOtherParams::OPAQUE_DATA_FMT1)
{
FM1OpaqueDataHeader::read(r)?;
} else {
return None;
Expand Down Expand Up @@ -456,7 +464,11 @@ impl SpdmCodec for SMSupportedVerListOpaque {
fn spdm_encode(&self, context: &mut SpdmContext, bytes: &mut Writer) -> SpdmResult<usize> {
let mut cnt = 0;
if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 {
if context.negotiate_info.opaque_data_support == SpdmOpaqueSupport::OPAQUE_DATA_FMT1 {
if context
.negotiate_info
.other_params_support
.contains(SpdmAlgoOtherParams::OPAQUE_DATA_FMT1)
{
cnt += FM1OpaqueDataHeader
.encode(bytes)
.map_err(|_| SPDM_STATUS_BUFFER_FULL)?;
Expand All @@ -475,7 +487,11 @@ impl SpdmCodec for SMSupportedVerListOpaque {

fn spdm_read(context: &mut SpdmContext, r: &mut Reader) -> Option<Self> {
if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 {
if context.negotiate_info.opaque_data_support == SpdmOpaqueSupport::OPAQUE_DATA_FMT1 {
if context
.negotiate_info
.other_params_support
.contains(SpdmAlgoOtherParams::OPAQUE_DATA_FMT1)
{
FM1OpaqueDataHeader::read(r)?;
} else {
return None;
Expand Down Expand Up @@ -594,39 +610,3 @@ impl SpdmOpaqueStruct {
Some(smversion_sel_opaque.secured_message_version)
}
}

bitflags! {
#[derive(Default)]
pub struct SpdmOpaqueSupport: u8 {
const OPAQUE_DATA_FMT1 = 0b0000_0010;
const VALID_MASK = Self::OPAQUE_DATA_FMT1.bits;
}
}

impl Codec for SpdmOpaqueSupport {
fn encode(&self, bytes: &mut Writer) -> Result<usize, codec::EncodeErr> {
self.bits().encode(bytes)
}

fn read(r: &mut Reader) -> Option<SpdmOpaqueSupport> {
let bits = u8::read(r)?;

SpdmOpaqueSupport::from_bits(bits & SpdmOpaqueSupport::VALID_MASK.bits)
}
}

impl SpdmOpaqueSupport {
/// return true if no more than one is selected
/// return false if two or more is selected
pub fn is_no_more_than_one_selected(&self) -> bool {
self.bits() == 0 || self.bits() & (self.bits() - 1) == 0
}

pub fn is_valid(&self) -> bool {
(self.bits & Self::VALID_MASK.bits) != 0
}

pub fn is_valid_one_select(&self) -> bool {
self.is_no_more_than_one_selected() && self.is_valid()
}
}
Loading

0 comments on commit 3e1d7e5

Please sign in to comment.