Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

spdm13 algo support #163

Merged
merged 4 commits into from
Jan 20, 2025
Merged

spdm13 algo support #163

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3e1d7e5
SPDM 1.3 Algorithm - Add definitions for other params support and sel…
IntelCaisui Jan 15, 2025
036b34f
Spdm 1.3 Algorithm - Add multi-key negotiation flow
IntelCaisui Jan 15, 2025
5181744
Spdm 1.3 - Algorithm Multi-key negotiation unit test.
IntelCaisui Jan 15, 2025
6050e5b
Spdm 1.3 Algorithm - MEL specification negotiation.
IntelCaisui Jan 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 9 additions & 5 deletions fuzz-target/requester/key_exchange_req/src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
//
// SPDX-License-Identifier: Apache-2.0 or MIT

use fuzzlib::{common::SpdmOpaqueSupport, *};
use fuzzlib::*;
use spdmlib::common::SpdmConnectionState;
use spdmlib::protocol::*;

Expand Down Expand Up @@ -40,7 +40,8 @@ async fn fuzz_send_receive_spdm_key_exchange(fuzzdata: Arc<Vec<u8>>) {
req_provision_info,
);
requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.other_params_support =
SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM;
requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down Expand Up @@ -81,7 +82,8 @@ async fn fuzz_send_receive_spdm_key_exchange(fuzzdata: Arc<Vec<u8>>) {
req_provision_info,
);
requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.other_params_support =
SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM;
requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down Expand Up @@ -157,7 +159,8 @@ async fn fuzz_send_receive_spdm_key_exchange(fuzzdata: Arc<Vec<u8>>) {
req_provision_info,
);
requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.other_params_support =
SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM;
requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down Expand Up @@ -199,7 +202,8 @@ async fn fuzz_send_receive_spdm_key_exchange(fuzzdata: Arc<Vec<u8>>) {
req_provision_info,
);
requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.other_params_support =
SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_128_GCM;
requester.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down
11 changes: 7 additions & 4 deletions fuzz-target/requester/psk_exchange_req/src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
//
// SPDX-License-Identifier: Apache-2.0 or MIT

use fuzzlib::{common::SpdmOpaqueSupport, *};
use fuzzlib::*;
use spdmlib::common::SpdmConnectionState;
use spdmlib::protocol::*;
use spin::Mutex;
Expand Down Expand Up @@ -38,7 +38,8 @@ async fn fuzz_send_receive_spdm_psk_exchange(fuzzdata: Arc<Vec<u8>>) {
req_provision_info,
);
requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.other_params_support =
SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM;
requester.common.negotiate_info.rsp_capabilities_sel =
Expand Down Expand Up @@ -76,7 +77,8 @@ async fn fuzz_send_receive_spdm_psk_exchange(fuzzdata: Arc<Vec<u8>>) {
req_provision_info,
);
requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.other_params_support =
SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM;
requester.common.negotiate_info.rsp_capabilities_sel =
Expand Down Expand Up @@ -111,7 +113,8 @@ async fn fuzz_send_receive_spdm_psk_exchange(fuzzdata: Arc<Vec<u8>>) {
req_provision_info,
);
requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
requester.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.other_params_support =
SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
requester.common.negotiate_info.aead_sel = SpdmAeadAlgo::AES_256_GCM;
requester.common.negotiate_info.rsp_capabilities_sel =
Expand Down
8 changes: 4 additions & 4 deletions fuzz-target/responder/keyexchange_rsp/src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
//
// SPDX-License-Identifier: Apache-2.0 or MIT

use fuzzlib::{common::SpdmOpaqueSupport, *};
use fuzzlib::*;
use spdmlib::common::SpdmConnectionState;
use spdmlib::protocol::*;
use spin::Mutex;
Expand Down Expand Up @@ -35,7 +35,7 @@ async fn fuzz_handle_spdm_key_exchange(data: Arc<Vec<u8>>) {
provision_info,
);
context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11;
context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
context.common.negotiate_info.other_params_support = SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384;
context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down Expand Up @@ -84,7 +84,7 @@ async fn fuzz_handle_spdm_key_exchange(data: Arc<Vec<u8>>) {
provision_info,
);
context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
context.common.negotiate_info.other_params_support = SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384;
context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down Expand Up @@ -137,7 +137,7 @@ async fn fuzz_handle_spdm_key_exchange(data: Arc<Vec<u8>>) {
provision_info,
);
context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion11;
context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
context.common.negotiate_info.other_params_support = SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384;
context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down
10 changes: 5 additions & 5 deletions fuzz-target/responder/pskexchange_rsp/src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

use fuzzlib::config::MAX_SPDM_SESSION_COUNT;
use fuzzlib::spdmlib::common::session::SpdmSession;
use fuzzlib::{common::SpdmConnectionState, common::SpdmOpaqueSupport, *};
use fuzzlib::{common::SpdmConnectionState, *};
use spdmlib::protocol::*;
use spin::Mutex;
extern crate alloc;
Expand Down Expand Up @@ -38,7 +38,7 @@ async fn fuzz_handle_spdm_psk_exchange(data: Arc<Vec<u8>>) {
provision_info,
);
context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
context.common.negotiate_info.other_params_support = SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384;
context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down Expand Up @@ -81,7 +81,7 @@ async fn fuzz_handle_spdm_psk_exchange(data: Arc<Vec<u8>>) {
provision_info,
);
context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
context.common.negotiate_info.other_params_support = SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384;
context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down Expand Up @@ -124,7 +124,7 @@ async fn fuzz_handle_spdm_psk_exchange(data: Arc<Vec<u8>>) {
provision_info,
);
context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
context.common.negotiate_info.other_params_support = SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384;
context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down Expand Up @@ -171,7 +171,7 @@ async fn fuzz_handle_spdm_psk_exchange(data: Arc<Vec<u8>>) {
provision_info,
);
context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
context.common.negotiate_info.opaque_data_support = SpdmOpaqueSupport::OPAQUE_DATA_FMT1;
context.common.negotiate_info.other_params_support = SpdmAlgoOtherParams::OPAQUE_DATA_FMT1;
context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
context.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384;
context.common.negotiate_info.dhe_sel = SpdmDheAlgo::SECP_384_R1;
Expand Down
8 changes: 6 additions & 2 deletions spdmlib/src/common/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1131,13 +1131,14 @@ pub struct SpdmConfigInfo {
pub aead_algo: SpdmAeadAlgo,
pub req_asym_algo: SpdmReqAsymAlgo,
pub key_schedule_algo: SpdmKeyScheduleAlgo,
pub opaque_support: SpdmOpaqueSupport,
pub other_params_support: SpdmAlgoOtherParams,
pub session_policy: u8,
pub runtime_content_change_support: bool,
pub data_transfer_size: u32,
pub max_spdm_msg_size: u32,
pub heartbeat_period: u8, // used by responder only
pub secure_spdm_version: [Option<SecuredMessageVersion>; MAX_SECURE_SPDM_VERSION_COUNT],
pub mel_specification: SpdmMelSpecification, // spdm 1.3
}

#[derive(Debug, Default)]
Expand All @@ -1155,12 +1156,15 @@ pub struct SpdmNegotiateInfo {
pub aead_sel: SpdmAeadAlgo,
pub req_asym_sel: SpdmReqAsymAlgo,
pub key_schedule_sel: SpdmKeyScheduleAlgo,
pub opaque_data_support: SpdmOpaqueSupport,
pub other_params_support: SpdmAlgoOtherParams,
pub termination_policy_set: bool, // used by responder to take action when code or configuration changed.
pub req_data_transfer_size_sel: u32, // spdm 1.2
pub req_max_spdm_msg_size_sel: u32, // spdm 1.2
pub rsp_data_transfer_size_sel: u32, // spdm 1.2
pub rsp_max_spdm_msg_size_sel: u32, // spdm 1.2
pub mel_specification_sel: SpdmMelSpecification, // spdm 1.3
pub multi_key_conn_req: bool, // spdm 1.3
pub multi_key_conn_rsp: bool, // spdm 1.3
}

pub const MAX_MANAGED_BUFFER_A_SIZE: usize = 150 + 2 * 255; // for version response, there can be more than MAX_SPDM_VERSION_COUNT versions.
Expand Down
60 changes: 20 additions & 40 deletions spdmlib/src/common/opaque.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -360,7 +360,11 @@ impl SpdmCodec for SMVersionSelOpaque {
fn spdm_encode(&self, context: &mut SpdmContext, bytes: &mut Writer) -> SpdmResult<usize> {
let mut cnt = 0;
if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 {
if context.negotiate_info.opaque_data_support == SpdmOpaqueSupport::OPAQUE_DATA_FMT1 {
if context
.negotiate_info
.other_params_support
.contains(SpdmAlgoOtherParams::OPAQUE_DATA_FMT1)
{
cnt += FM1OpaqueDataHeader
.encode(bytes)
.map_err(|_| SPDM_STATUS_BUFFER_FULL)?;
Expand All @@ -379,7 +383,11 @@ impl SpdmCodec for SMVersionSelOpaque {

fn spdm_read(context: &mut SpdmContext, r: &mut Reader) -> Option<Self> {
if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 {
if context.negotiate_info.opaque_data_support == SpdmOpaqueSupport::OPAQUE_DATA_FMT1 {
if context
.negotiate_info
.other_params_support
.contains(SpdmAlgoOtherParams::OPAQUE_DATA_FMT1)
{
FM1OpaqueDataHeader::read(r)?;
} else {
return None;
Expand Down Expand Up @@ -456,7 +464,11 @@ impl SpdmCodec for SMSupportedVerListOpaque {
fn spdm_encode(&self, context: &mut SpdmContext, bytes: &mut Writer) -> SpdmResult<usize> {
let mut cnt = 0;
if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 {
if context.negotiate_info.opaque_data_support == SpdmOpaqueSupport::OPAQUE_DATA_FMT1 {
if context
.negotiate_info
.other_params_support
.contains(SpdmAlgoOtherParams::OPAQUE_DATA_FMT1)
{
cnt += FM1OpaqueDataHeader
.encode(bytes)
.map_err(|_| SPDM_STATUS_BUFFER_FULL)?;
Expand All @@ -475,7 +487,11 @@ impl SpdmCodec for SMSupportedVerListOpaque {

fn spdm_read(context: &mut SpdmContext, r: &mut Reader) -> Option<Self> {
if context.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 {
if context.negotiate_info.opaque_data_support == SpdmOpaqueSupport::OPAQUE_DATA_FMT1 {
if context
.negotiate_info
.other_params_support
.contains(SpdmAlgoOtherParams::OPAQUE_DATA_FMT1)
{
FM1OpaqueDataHeader::read(r)?;
} else {
return None;
Expand Down Expand Up @@ -594,39 +610,3 @@ impl SpdmOpaqueStruct {
Some(smversion_sel_opaque.secured_message_version)
}
}

bitflags! {
#[derive(Default)]
pub struct SpdmOpaqueSupport: u8 {
const OPAQUE_DATA_FMT1 = 0b0000_0010;
const VALID_MASK = Self::OPAQUE_DATA_FMT1.bits;
}
}

impl Codec for SpdmOpaqueSupport {
fn encode(&self, bytes: &mut Writer) -> Result<usize, codec::EncodeErr> {
self.bits().encode(bytes)
}

fn read(r: &mut Reader) -> Option<SpdmOpaqueSupport> {
let bits = u8::read(r)?;

SpdmOpaqueSupport::from_bits(bits & SpdmOpaqueSupport::VALID_MASK.bits)
}
}

impl SpdmOpaqueSupport {
/// return true if no more than one is selected
/// return false if two or more is selected
pub fn is_no_more_than_one_selected(&self) -> bool {
self.bits() == 0 || self.bits() & (self.bits() - 1) == 0
}

pub fn is_valid(&self) -> bool {
(self.bits & Self::VALID_MASK.bits) != 0
}

pub fn is_valid_one_select(&self) -> bool {
self.is_no_more_than_one_selected() && self.is_valid()
}
}
Loading
Loading