From 3f8d6a5f423aac1f1b71259378aa1bf3dbb018a3 Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Wed, 31 Jul 2024 14:52:55 +0800 Subject: [PATCH] Add get_key_pair_info feature for spdm_emu Signed-off-by: Wenxing Hou --- doc/spdm_emu.md | 8 ++- spdm_emu/spdm_emu_common/spdm_emu.c | 16 ++++-- spdm_emu/spdm_emu_common/spdm_emu.h | 2 + spdm_emu/spdm_requester_emu/CMakeLists.txt | 1 + .../spdm_requester_emu/spdm_requester_emu.c | 17 ++++++ .../spdm_requester_key_pair_info.c | 56 +++++++++++++++++++ .../spdm_requester_session.c | 15 +++++ .../spdm_requester_emu/spdm_requester_spdm.c | 4 ++ .../spdm_responder_emu/spdm_responder_spdm.c | 5 ++ 9 files changed, 116 insertions(+), 8 deletions(-) create mode 100644 spdm_emu/spdm_requester_emu/spdm_requester_key_pair_info.c diff --git a/doc/spdm_emu.md b/doc/spdm_emu.md index 959e621..a44ef66 100644 --- a/doc/spdm_emu.md +++ b/doc/spdm_emu.md @@ -31,7 +31,7 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b [--save_state ] [--load_state ] [--exe_mode SHUTDOWN|CONTINUE] - [--exe_conn VER_ONLY|DIGEST|CERT|CHAL|MEAS|MEL|GET_CSR|SET_CERT] + [--exe_conn VER_ONLY|DIGEST|CERT|CHAL|MEAS|MEL|GET_CSR|SET_CERT|GET_KEY_PAIR_INFO] [--exe_session KEY_EX|PSK|NO_END|KEY_UPDATE|HEARTBEAT|MEAS|DIGEST|CERT|GET_CSR|SET_CERT|APP] [--pcap ] [--priv_key_mode PEM|RAW] @@ -80,7 +80,7 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b [--exe_mode] is used to control the execution mode. By default, it is SHUTDOWN. SHUTDOWN means the requester asks the responder to stop. CONTINUE means the requester asks the responder to preserve the current SPDM context. - [--exe_conn] is used to control the SPDM connection. By default, it is DIGEST,CERT,CHAL,MEAS,MEL,GET_CSR,SET_CERT. + [--exe_conn] is used to control the SPDM connection. By default, it is DIGEST,CERT,CHAL,MEAS,MEL,GET_CSR,SET_CERT, GET_KEY_PAIR_INFO. VER_ONLY means REQUESTER does not send GET_CAPABILITIES/NEGOTIATE_ALGORITHMS. It is used for quick symmetric authentication with PSK. The version for responder must be provisioned from ver. The capablities for local and peer are from cap|peer_cap. @@ -92,7 +92,8 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b MEL means send GET_MEL command. GET_CSR means send GET_CSR command. SET_CERT means send SET_CERTIFICATE command. - [--exe_session] is used to control the SPDM session. By default, it is KEY_EX,PSK,KEY_UPDATE,HEARTBEAT,MEAS,MEL,DIGEST,CERT,GET_CSR,SET_CERT,APP. + GET_KEY_PAIR_INFO means send GET_KEY_PAIR_INFO command. + [--exe_session] is used to control the SPDM session. By default, it is KEY_EX,PSK,KEY_UPDATE,HEARTBEAT,MEAS,MEL,DIGEST,CERT,GET_CSR,SET_CERT,GET_KEY_PAIR_INFO,APP. KEY_EX means to setup KEY_EXCHANGE session. PSK means to setup PSK_EXCHANGE session. NO_END means to not send END_SESSION. @@ -104,6 +105,7 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b CERT means send GET_CERTIFICATE command in session. GET_CSR means send GET_CSR command in session. SET_CERT means send SET_CERTIFICATE command in session. + GET_KEY_PAIR_INFO means send GET_KEY_PAIR_INFO command in session. APP means send vendor defined message or application message in session. [--pcap] is used to generate PCAP dump file for offline analysis. [--priv_key_mode] is uesed to confirm private key mode with LIBSPDM_PRIVATE_KEY_USE_PEM. diff --git a/spdm_emu/spdm_emu_common/spdm_emu.c b/spdm_emu/spdm_emu_common/spdm_emu.c index 32af35c..25a46b1 100644 --- a/spdm_emu/spdm_emu_common/spdm_emu.c +++ b/spdm_emu/spdm_emu_common/spdm_emu.c @@ -16,7 +16,8 @@ uint32_t m_exe_connection = (0 | /* EXE_CONNECTION_VERSION_ONLY |*/ EXE_CONNECTION_DIGEST | EXE_CONNECTION_CERT | EXE_CONNECTION_CHAL | EXE_CONNECTION_MEAS | EXE_CONNECTION_MEL | - EXE_CONNECTION_SET_CERT | EXE_CONNECTION_GET_CSR | 0); + EXE_CONNECTION_SET_CERT | EXE_CONNECTION_GET_CSR | + EXE_CONNECTION_GET_KEY_PAIR_INFO | 0); uint32_t m_exe_session = (0 | EXE_SESSION_KEY_EX | EXE_SESSION_PSK | @@ -24,6 +25,7 @@ uint32_t m_exe_session = EXE_SESSION_KEY_UPDATE | EXE_SESSION_HEARTBEAT | EXE_SESSION_MEAS | EXE_SESSION_MEL | EXE_SESSION_SET_CERT | EXE_SESSION_GET_CSR | + EXE_SESSION_GET_KEY_PAIR_INFO | EXE_SESSION_DIGEST | EXE_SESSION_CERT | EXE_SESSION_APP | 0); #define IP_ADDRESS "127.0.0.1" @@ -68,8 +70,8 @@ void print_usage(const char *name) printf(" [--save_state ]\n"); printf(" [--load_state ]\n"); printf(" [--exe_mode SHUTDOWN|CONTINUE]\n"); - printf(" [--exe_conn VER_ONLY|DIGEST|CERT|CHAL|MEAS|MEL|GET_CSR|SET_CERT]\n"); - printf(" [--exe_session KEY_EX|PSK|NO_END|KEY_UPDATE|HEARTBEAT|MEAS|MEL|DIGEST|CERT|GET_CSR|SET_CERT|APP]\n"); + printf(" [--exe_conn VER_ONLY|DIGEST|CERT|CHAL|MEAS|MEL|GET_CSR|SET_CERT|GET_KEY_PAIR_INFO]\n"); + printf(" [--exe_session KEY_EX|PSK|NO_END|KEY_UPDATE|HEARTBEAT|MEAS|MEL|DIGEST|CERT|GET_CSR|SET_CERT|GET_KEY_PAIR_INFO|APP]\n"); printf(" [--pcap ]\n"); printf(" [--priv_key_mode PEM|RAW]\n"); printf("\n"); @@ -149,7 +151,7 @@ void print_usage(const char *name) printf( " CONTINUE means the requester asks the responder to preserve the current SPDM context.\n"); printf( - " [--exe_conn] is used to control the SPDM connection. By default, it is DIGEST,CERT,CHAL,MEAS,MEL,GET_CSR,SET_CERT.\n"); + " [--exe_conn] is used to control the SPDM connection. By default, it is DIGEST,CERT,CHAL,MEAS,MEL,GET_CSR,SET_CERT,GET_KEY_PAIR_INFO.\n"); printf( " VER_ONLY means REQUESTER does not send GET_CAPABILITIES/NEGOTIATE_ALGORITHMS. It is used for quick symmetric authentication with PSK.\n"); printf(" The version for responder must be provisioned from ver.\n"); @@ -163,8 +165,9 @@ void print_usage(const char *name) printf(" MEL means send GET_MEL command.\n"); printf(" GET_CSR means send GET_CSR command.\n"); printf(" SET_CERT means send SET_CERTIFICATE command.\n"); + printf(" GET_KEY_PAIR_INFO means send GET_KEY_PAIR_INFO command.\n"); printf( - " [--exe_session] is used to control the SPDM session. By default, it is KEY_EX,PSK,KEY_UPDATE,HEARTBEAT,MEAS,MEL,DIGEST,CERT,GET_CSR,SET_CERT,APP.\n"); + " [--exe_session] is used to control the SPDM session. By default, it is KEY_EX,PSK,KEY_UPDATE,HEARTBEAT,MEAS,MEL,DIGEST,CERT,GET_CSR,SET_CERT,GET_KEY_PAIR_INFO,APP.\n"); printf(" KEY_EX means to setup KEY_EXCHANGE session.\n"); printf(" PSK means to setup PSK_EXCHANGE session.\n"); printf(" NO_END means to not send END_SESSION.\n"); @@ -176,6 +179,7 @@ void print_usage(const char *name) printf(" CERT means send GET_CERTIFICATE command in session.\n"); printf(" GET_CSR means send GET_CSR command in session.\n"); printf(" SET_CERT means send SET_CERTIFICATE command in session.\n"); + printf(" GET_KEY_PAIR_INFO means send GET_KEY_PAIR_INFO command in session.\n"); printf(" APP means send vendor defined message or application message in session.\n"); printf(" [--pcap] is used to generate PCAP dump file for offline analysis.\n"); printf( @@ -409,6 +413,7 @@ value_string_entry_t m_exe_connection_string_table[] = { { EXE_CONNECTION_MEL, "MEL" }, { EXE_CONNECTION_SET_CERT, "SET_CERT" }, { EXE_CONNECTION_GET_CSR, "GET_CSR" }, + { EXE_CONNECTION_GET_KEY_PAIR_INFO, "GET_KEY_PAIR_INFO" }, }; value_string_entry_t m_exe_session_string_table[] = { @@ -419,6 +424,7 @@ value_string_entry_t m_exe_session_string_table[] = { { EXE_SESSION_HEARTBEAT, "HEARTBEAT" }, { EXE_SESSION_MEAS, "MEAS" }, { EXE_SESSION_MEL, "MEL" }, + { EXE_SESSION_GET_KEY_PAIR_INFO, "GET_KEY_PAIR_INFO" }, { EXE_SESSION_DIGEST, "DIGEST" }, { EXE_SESSION_CERT, "CERT" }, { EXE_SESSION_SET_CERT, "SET_CERT" }, diff --git a/spdm_emu/spdm_emu_common/spdm_emu.h b/spdm_emu/spdm_emu_common/spdm_emu.h index 109973e..23b614b 100644 --- a/spdm_emu/spdm_emu_common/spdm_emu.h +++ b/spdm_emu/spdm_emu_common/spdm_emu.h @@ -76,6 +76,7 @@ extern uint32_t m_exe_mode; #define EXE_CONNECTION_SET_CERT 0x20 #define EXE_CONNECTION_GET_CSR 0x40 #define EXE_CONNECTION_MEL 0x80 +#define EXE_CONNECTION_GET_KEY_PAIR_INFO 0x100 extern uint32_t m_exe_connection; #define EXE_SESSION_KEY_EX 0x1 @@ -90,6 +91,7 @@ extern uint32_t m_exe_connection; #define EXE_SESSION_CERT 0x200 #define EXE_SESSION_APP 0x400 #define EXE_SESSION_MEL 0x800 +#define EXE_SESSION_GET_KEY_PAIR_INFO 0x1000 extern uint32_t m_exe_session; void libspdm_dump_hex_str(const uint8_t *buffer, size_t buffer_size); diff --git a/spdm_emu/spdm_requester_emu/CMakeLists.txt b/spdm_emu/spdm_requester_emu/CMakeLists.txt index 436230e..5396cb9 100644 --- a/spdm_emu/spdm_requester_emu/CMakeLists.txt +++ b/spdm_emu/spdm_requester_emu/CMakeLists.txt @@ -13,6 +13,7 @@ set(src_spdm_requester_emu spdm_requester_spdm.c spdm_requester_authentication.c spdm_requester_measurement.c + spdm_requester_key_pair_info.c spdm_requester_session.c spdm_requester_pci_doe.c spdm_requester_mctp.c diff --git a/spdm_emu/spdm_requester_emu/spdm_requester_emu.c b/spdm_emu/spdm_requester_emu/spdm_requester_emu.c index f818998..5ed6c8e 100644 --- a/spdm_emu/spdm_requester_emu/spdm_requester_emu.c +++ b/spdm_emu/spdm_requester_emu/spdm_requester_emu.c @@ -38,6 +38,10 @@ libspdm_return_t do_measurement_via_spdm(const uint32_t *session_id); libspdm_return_t do_measurement_mel_via_spdm(const uint32_t *session_id); #endif /*LIBSPDM_ENABLE_CAPABILITY_MEL_CAP*/ +#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP +libspdm_return_t do_get_key_pair_info_via_spdm(const uint32_t *session_id); +#endif /*LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP*/ + #if (LIBSPDM_ENABLE_CAPABILITY_CERT_CAP && LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP) libspdm_return_t do_authentication_via_spdm(void); #endif /*(LIBSPDM_ENABLE_CAPABILITY_CERT_CAP && LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP)*/ @@ -136,6 +140,19 @@ bool platform_client_routine(uint16_t port_number) } } #endif /*LIBSPDM_ENABLE_CAPABILITY_MEL_CAP*/ + +#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP + if (((m_exe_connection & EXE_CONNECTION_GET_KEY_PAIR_INFO) != 0) && + (m_use_version >= SPDM_MESSAGE_VERSION_13)) { + status = do_get_key_pair_info_via_spdm(NULL); + if (LIBSPDM_STATUS_IS_ERROR(status)) { + printf("do_get_key_pair_info_via_spdm - %x\n", + (uint32_t)status); + goto done; + } + } +#endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */ + /* when use --trans NONE, skip secure session */ if (m_use_transport_layer == SOCKET_TRANSPORT_TYPE_NONE) { if (m_use_version >= SPDM_MESSAGE_VERSION_12) { diff --git a/spdm_emu/spdm_requester_emu/spdm_requester_key_pair_info.c b/spdm_emu/spdm_requester_emu/spdm_requester_key_pair_info.c new file mode 100644 index 0000000..6398873 --- /dev/null +++ b/spdm_emu/spdm_requester_emu/spdm_requester_key_pair_info.c @@ -0,0 +1,56 @@ +/** + * Copyright Notice: + * Copyright 2024 DMTF. All rights reserved. + * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/spdm-emu/blob/main/LICENSE.md + **/ + +#include "spdm_requester_emu.h" + +#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP + +extern void *m_spdm_context; + +/** + * This function executes SPDM get_key_pair_info. + * + * @param[in] spdm_context The SPDM context for the device. + **/ +libspdm_return_t do_get_key_pair_info_via_spdm(const uint32_t *session_id) +{ + libspdm_return_t status; + void *spdm_context; + + uint8_t key_pair_id; + uint8_t total_key_pairs; + uint16_t capabilities; + uint16_t key_usage_capabilities; + uint16_t current_key_usage; + uint32_t asym_algo_capabilities; + uint32_t current_asym_algo; + uint16_t public_key_info_len; + uint8_t assoc_cert_slot_mask; + uint8_t public_key_info[SPDM_MAX_PUBLIC_KEY_INFO_LEN]; + + spdm_context = m_spdm_context; + + key_pair_id = 1; + public_key_info_len = SPDM_MAX_PUBLIC_KEY_INFO_LEN; + + status = libspdm_get_key_pair_info(spdm_context, session_id, + key_pair_id, &total_key_pairs, + &capabilities, + &key_usage_capabilities, + ¤t_key_usage, + &asym_algo_capabilities, + ¤t_asym_algo, + &assoc_cert_slot_mask, + &public_key_info_len, + public_key_info); + if (LIBSPDM_STATUS_IS_ERROR(status)) { + return status; + } + + return LIBSPDM_STATUS_SUCCESS; +} + +#endif /*LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP*/ diff --git a/spdm_emu/spdm_requester_emu/spdm_requester_session.c b/spdm_emu/spdm_requester_emu/spdm_requester_session.c index a404785..5a1a2a0 100644 --- a/spdm_emu/spdm_requester_emu/spdm_requester_session.c +++ b/spdm_emu/spdm_requester_emu/spdm_requester_session.c @@ -26,6 +26,10 @@ libspdm_return_t do_measurement_via_spdm(const uint32_t *session_id); libspdm_return_t do_measurement_mel_via_spdm(const uint32_t *session_id); #endif /*LIBSPDM_ENABLE_CAPABILITY_MEL_CAP*/ +#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP +libspdm_return_t do_get_key_pair_info_via_spdm(const uint32_t *session_id); +#endif /*LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP*/ + libspdm_return_t pci_doe_process_session_message(void *spdm_context, uint32_t session_id); libspdm_return_t mctp_process_session_message(void *spdm_context, uint32_t session_id); libspdm_return_t do_certificate_provising_via_spdm(uint32_t* session_id); @@ -186,6 +190,17 @@ libspdm_return_t do_session_via_spdm(bool use_psk) } #endif /*LIBSPDM_ENABLE_CAPABILITY_MEL_CAP*/ +#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP + if (((m_exe_session & EXE_SESSION_GET_KEY_PAIR_INFO) != 0) && + (m_use_version >= SPDM_MESSAGE_VERSION_13)) { + status = do_get_key_pair_info_via_spdm(&session_id); + if (LIBSPDM_STATUS_IS_ERROR(status)) { + printf("do_get_key_pair_info_via_spdm - %x\n", + (uint32_t)status); + } + } +#endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */ + #if (LIBSPDM_ENABLE_CAPABILITY_CERT_CAP && LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP) status = get_digest_cert_in_session(&session_id); if (LIBSPDM_STATUS_IS_ERROR(status)) { diff --git a/spdm_emu/spdm_requester_emu/spdm_requester_spdm.c b/spdm_emu/spdm_requester_emu/spdm_requester_spdm.c index 05dd8d7..4556230 100644 --- a/spdm_emu/spdm_requester_emu/spdm_requester_spdm.c +++ b/spdm_emu/spdm_requester_emu/spdm_requester_spdm.c @@ -402,6 +402,10 @@ void *spdm_client_init(void) m_exe_connection &= ~EXE_CONNECTION_GET_CSR; m_exe_session &= ~EXE_SESSION_GET_CSR; } + if ((SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_GET_KEY_PAIR_INFO_CAP & responder_capabilities_flag) == 0) { + m_exe_connection &= ~EXE_CONNECTION_GET_KEY_PAIR_INFO; + m_exe_session &= ~EXE_SESSION_GET_KEY_PAIR_INFO; + } data_size = sizeof(data32); libspdm_get_data(spdm_context, LIBSPDM_DATA_CONNECTION_STATE, ¶meter, diff --git a/spdm_emu/spdm_responder_emu/spdm_responder_spdm.c b/spdm_emu/spdm_responder_emu/spdm_responder_spdm.c index aa11469..80e4236 100644 --- a/spdm_emu/spdm_responder_emu/spdm_responder_spdm.c +++ b/spdm_emu/spdm_responder_emu/spdm_responder_spdm.c @@ -296,6 +296,11 @@ void *spdm_server_init(void) libspdm_set_data(spdm_context, LIBSPDM_DATA_HEARTBEAT_PERIOD, ¶meter, &data8, sizeof(data8)); + /*total key pair info number*/ + data8 = 16; + libspdm_set_data(spdm_context, LIBSPDM_DATA_TOTAL_KEY_PAIRS, ¶meter, + &data8, sizeof(data8)); + libspdm_register_get_response_func( spdm_context, spdm_get_response_vendor_defined_request);