Skip to content

Commit

Permalink
Add get_key_pair_info feature for spdm_emu
Browse files Browse the repository at this point in the history
Signed-off-by: Wenxing Hou <[email protected]>
  • Loading branch information
Wenxing-hou committed Aug 22, 2024
1 parent 6f90514 commit 4c6e518
Show file tree
Hide file tree
Showing 8 changed files with 111 additions and 8 deletions.
8 changes: 5 additions & 3 deletions doc/spdm_emu.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b
[--save_state <NegotiateStateFileName>]
[--load_state <NegotiateStateFileName>]
[--exe_mode SHUTDOWN|CONTINUE]
[--exe_conn VER_ONLY|DIGEST|CERT|CHAL|MEAS|MEL|GET_CSR|SET_CERT]
[--exe_conn VER_ONLY|DIGEST|CERT|CHAL|MEAS|MEL|GET_CSR|SET_CERT|GET_KEY_PAIR_INFO]
[--exe_session KEY_EX|PSK|NO_END|KEY_UPDATE|HEARTBEAT|MEAS|DIGEST|CERT|GET_CSR|SET_CERT|APP]
[--pcap <PcapFileName>]
[--priv_key_mode PEM|RAW]
Expand Down Expand Up @@ -80,7 +80,7 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b
[--exe_mode] is used to control the execution mode. By default, it is SHUTDOWN.
SHUTDOWN means the requester asks the responder to stop.
CONTINUE means the requester asks the responder to preserve the current SPDM context.
[--exe_conn] is used to control the SPDM connection. By default, it is DIGEST,CERT,CHAL,MEAS,MEL,GET_CSR,SET_CERT.
[--exe_conn] is used to control the SPDM connection. By default, it is DIGEST,CERT,CHAL,MEAS,MEL,GET_CSR,SET_CERT, GET_KEY_PAIR_INFO.
VER_ONLY means REQUESTER does not send GET_CAPABILITIES/NEGOTIATE_ALGORITHMS. It is used for quick symmetric authentication with PSK.
The version for responder must be provisioned from ver.
The capablities for local and peer are from cap|peer_cap.
Expand All @@ -92,7 +92,8 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b
MEL means send GET_MEL command.
GET_CSR means send GET_CSR command.
SET_CERT means send SET_CERTIFICATE command.
[--exe_session] is used to control the SPDM session. By default, it is KEY_EX,PSK,KEY_UPDATE,HEARTBEAT,MEAS,MEL,DIGEST,CERT,GET_CSR,SET_CERT,APP.
GET_KEY_PAIR_INFO means send GET_KEY_PAIR_INFO command.
[--exe_session] is used to control the SPDM session. By default, it is KEY_EX,PSK,KEY_UPDATE,HEARTBEAT,MEAS,MEL,DIGEST,CERT,GET_CSR,SET_CERT,GET_KEY_PAIR_INFO,APP.
KEY_EX means to setup KEY_EXCHANGE session.
PSK means to setup PSK_EXCHANGE session.
NO_END means to not send END_SESSION.
Expand All @@ -104,6 +105,7 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b
CERT means send GET_CERTIFICATE command in session.
GET_CSR means send GET_CSR command in session.
SET_CERT means send SET_CERTIFICATE command in session.
GET_KEY_PAIR_INFO means send GET_KEY_PAIR_INFO command in session.
APP means send vendor defined message or application message in session.
[--pcap] is used to generate PCAP dump file for offline analysis.
[--priv_key_mode] is uesed to confirm private key mode with LIBSPDM_PRIVATE_KEY_USE_PEM.
Expand Down
16 changes: 11 additions & 5 deletions spdm_emu/spdm_emu_common/spdm_emu.c
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,16 @@ uint32_t m_exe_connection = (0 |
/* EXE_CONNECTION_VERSION_ONLY |*/
EXE_CONNECTION_DIGEST | EXE_CONNECTION_CERT |
EXE_CONNECTION_CHAL | EXE_CONNECTION_MEAS | EXE_CONNECTION_MEL |
EXE_CONNECTION_SET_CERT | EXE_CONNECTION_GET_CSR | 0);
EXE_CONNECTION_SET_CERT | EXE_CONNECTION_GET_CSR |
EXE_CONNECTION_GET_KEY_PAIR_INFO | 0);

uint32_t m_exe_session =
(0 | EXE_SESSION_KEY_EX | EXE_SESSION_PSK |
/* EXE_SESSION_NO_END |*/
EXE_SESSION_KEY_UPDATE | EXE_SESSION_HEARTBEAT |
EXE_SESSION_MEAS | EXE_SESSION_MEL |
EXE_SESSION_SET_CERT | EXE_SESSION_GET_CSR |
EXE_SESSION_GET_KEY_PAIR_INFO |
EXE_SESSION_DIGEST | EXE_SESSION_CERT | EXE_SESSION_APP | 0);

#define IP_ADDRESS "127.0.0.1"
Expand Down Expand Up @@ -68,8 +70,8 @@ void print_usage(const char *name)
printf(" [--save_state <NegotiateStateFileName>]\n");
printf(" [--load_state <NegotiateStateFileName>]\n");
printf(" [--exe_mode SHUTDOWN|CONTINUE]\n");
printf(" [--exe_conn VER_ONLY|DIGEST|CERT|CHAL|MEAS|MEL|GET_CSR|SET_CERT]\n");
printf(" [--exe_session KEY_EX|PSK|NO_END|KEY_UPDATE|HEARTBEAT|MEAS|MEL|DIGEST|CERT|GET_CSR|SET_CERT|APP]\n");
printf(" [--exe_conn VER_ONLY|DIGEST|CERT|CHAL|MEAS|MEL|GET_CSR|SET_CERT|GET_KEY_PAIR_INFO]\n");
printf(" [--exe_session KEY_EX|PSK|NO_END|KEY_UPDATE|HEARTBEAT|MEAS|MEL|DIGEST|CERT|GET_CSR|SET_CERT|GET_KEY_PAIR_INFO|APP]\n");
printf(" [--pcap <pcap_file_name>]\n");
printf(" [--priv_key_mode PEM|RAW]\n");
printf("\n");
Expand Down Expand Up @@ -149,7 +151,7 @@ void print_usage(const char *name)
printf(
" CONTINUE means the requester asks the responder to preserve the current SPDM context.\n");
printf(
" [--exe_conn] is used to control the SPDM connection. By default, it is DIGEST,CERT,CHAL,MEAS,MEL,GET_CSR,SET_CERT.\n");
" [--exe_conn] is used to control the SPDM connection. By default, it is DIGEST,CERT,CHAL,MEAS,MEL,GET_CSR,SET_CERT,GET_KEY_PAIR_INFO.\n");
printf(
" VER_ONLY means REQUESTER does not send GET_CAPABILITIES/NEGOTIATE_ALGORITHMS. It is used for quick symmetric authentication with PSK.\n");
printf(" The version for responder must be provisioned from ver.\n");
Expand All @@ -163,8 +165,9 @@ void print_usage(const char *name)
printf(" MEL means send GET_MEL command.\n");
printf(" GET_CSR means send GET_CSR command.\n");
printf(" SET_CERT means send SET_CERTIFICATE command.\n");
printf(" GET_KEY_PAIR_INFO means send GET_KEY_PAIR_INFO command.\n");
printf(
" [--exe_session] is used to control the SPDM session. By default, it is KEY_EX,PSK,KEY_UPDATE,HEARTBEAT,MEAS,MEL,DIGEST,CERT,GET_CSR,SET_CERT,APP.\n");
" [--exe_session] is used to control the SPDM session. By default, it is KEY_EX,PSK,KEY_UPDATE,HEARTBEAT,MEAS,MEL,DIGEST,CERT,GET_CSR,SET_CERT,GET_KEY_PAIR_INFO,APP.\n");
printf(" KEY_EX means to setup KEY_EXCHANGE session.\n");
printf(" PSK means to setup PSK_EXCHANGE session.\n");
printf(" NO_END means to not send END_SESSION.\n");
Expand All @@ -176,6 +179,7 @@ void print_usage(const char *name)
printf(" CERT means send GET_CERTIFICATE command in session.\n");
printf(" GET_CSR means send GET_CSR command in session.\n");
printf(" SET_CERT means send SET_CERTIFICATE command in session.\n");
printf(" GET_KEY_PAIR_INFO means send GET_KEY_PAIR_INFO command in session.\n");
printf(" APP means send vendor defined message or application message in session.\n");
printf(" [--pcap] is used to generate PCAP dump file for offline analysis.\n");
printf(
Expand Down Expand Up @@ -409,6 +413,7 @@ value_string_entry_t m_exe_connection_string_table[] = {
{ EXE_CONNECTION_MEL, "MEL" },
{ EXE_CONNECTION_SET_CERT, "SET_CERT" },
{ EXE_CONNECTION_GET_CSR, "GET_CSR" },
{ EXE_CONNECTION_GET_KEY_PAIR_INFO, "GET_KEY_PAIR_INFO" },
};

value_string_entry_t m_exe_session_string_table[] = {
Expand All @@ -419,6 +424,7 @@ value_string_entry_t m_exe_session_string_table[] = {
{ EXE_SESSION_HEARTBEAT, "HEARTBEAT" },
{ EXE_SESSION_MEAS, "MEAS" },
{ EXE_SESSION_MEL, "MEL" },
{ EXE_SESSION_GET_KEY_PAIR_INFO, "GET_KEY_PAIR_INFO" },
{ EXE_SESSION_DIGEST, "DIGEST" },
{ EXE_SESSION_CERT, "CERT" },
{ EXE_SESSION_SET_CERT, "SET_CERT" },
Expand Down
2 changes: 2 additions & 0 deletions spdm_emu/spdm_emu_common/spdm_emu.h
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ extern uint32_t m_exe_mode;
#define EXE_CONNECTION_SET_CERT 0x20
#define EXE_CONNECTION_GET_CSR 0x40
#define EXE_CONNECTION_MEL 0x80
#define EXE_CONNECTION_GET_KEY_PAIR_INFO 0x100
extern uint32_t m_exe_connection;

#define EXE_SESSION_KEY_EX 0x1
Expand All @@ -90,6 +91,7 @@ extern uint32_t m_exe_connection;
#define EXE_SESSION_CERT 0x200
#define EXE_SESSION_APP 0x400
#define EXE_SESSION_MEL 0x800
#define EXE_SESSION_GET_KEY_PAIR_INFO 0x1000
extern uint32_t m_exe_session;

void libspdm_dump_hex_str(const uint8_t *buffer, size_t buffer_size);
Expand Down
1 change: 1 addition & 0 deletions spdm_emu/spdm_requester_emu/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ set(src_spdm_requester_emu
spdm_requester_spdm.c
spdm_requester_authentication.c
spdm_requester_measurement.c
spdm_requester_key_pair_info.c
spdm_requester_session.c
spdm_requester_pci_doe.c
spdm_requester_mctp.c
Expand Down
17 changes: 17 additions & 0 deletions spdm_emu/spdm_requester_emu/spdm_requester_emu.c
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,10 @@ libspdm_return_t do_measurement_via_spdm(const uint32_t *session_id);
libspdm_return_t do_measurement_mel_via_spdm(const uint32_t *session_id);
#endif /*LIBSPDM_ENABLE_CAPABILITY_MEL_CAP*/

#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
libspdm_return_t do_get_key_pair_info_via_spdm(const uint32_t *session_id);
#endif /*LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP*/

#if (LIBSPDM_ENABLE_CAPABILITY_CERT_CAP && LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP)
libspdm_return_t do_authentication_via_spdm(void);
#endif /*(LIBSPDM_ENABLE_CAPABILITY_CERT_CAP && LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP)*/
Expand Down Expand Up @@ -136,6 +140,19 @@ bool platform_client_routine(uint16_t port_number)
}
}
#endif /*LIBSPDM_ENABLE_CAPABILITY_MEL_CAP*/

#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
if (((m_exe_connection & EXE_CONNECTION_GET_KEY_PAIR_INFO) != 0) &&
(m_use_version >= SPDM_MESSAGE_VERSION_13)) {
status = do_get_key_pair_info_via_spdm(NULL);
if (LIBSPDM_STATUS_IS_ERROR(status)) {
printf("do_get_key_pair_info_via_spdm - %x\n",
(uint32_t)status);
goto done;
}
}
#endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */

/* when use --trans NONE, skip secure session */
if (m_use_transport_layer == SOCKET_TRANSPORT_TYPE_NONE) {
if (m_use_version >= SPDM_MESSAGE_VERSION_12) {
Expand Down
56 changes: 56 additions & 0 deletions spdm_emu/spdm_requester_emu/spdm_requester_key_pair_info.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
/**
* Copyright Notice:
* Copyright 2024 DMTF. All rights reserved.
* License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/spdm-emu/blob/main/LICENSE.md
**/

#include "spdm_requester_emu.h"

#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP

extern void *m_spdm_context;

/**
* This function executes SPDM get_key_pair_info.
*
* @param[in] spdm_context The SPDM context for the device.
**/
libspdm_return_t do_get_key_pair_info_via_spdm(const uint32_t *session_id)
{
libspdm_return_t status;
void *spdm_context;

uint8_t key_pair_id;
uint8_t total_key_pairs;
uint16_t capabilities;
uint16_t key_usage_capabilities;
uint16_t current_key_usage;
uint32_t asym_algo_capabilities;
uint32_t current_asym_algo;
uint16_t public_key_info_len;
uint8_t assoc_cert_slot_mask;
uint8_t public_key_info[SPDM_MAX_PUBLIC_KEY_INFO_LEN];

spdm_context = m_spdm_context;

key_pair_id = 1;
public_key_info_len = SPDM_MAX_PUBLIC_KEY_INFO_LEN;

status = libspdm_get_key_pair_info(spdm_context, session_id,
key_pair_id, &total_key_pairs,
&capabilities,
&key_usage_capabilities,
&current_key_usage,
&asym_algo_capabilities,
&current_asym_algo,
&public_key_info_len,
&assoc_cert_slot_mask,
public_key_info);
if (LIBSPDM_STATUS_IS_ERROR(status)) {
return status;
}

return LIBSPDM_STATUS_SUCCESS;
}

#endif /*LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP*/
15 changes: 15 additions & 0 deletions spdm_emu/spdm_requester_emu/spdm_requester_session.c
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,10 @@ libspdm_return_t do_measurement_via_spdm(const uint32_t *session_id);
libspdm_return_t do_measurement_mel_via_spdm(const uint32_t *session_id);
#endif /*LIBSPDM_ENABLE_CAPABILITY_MEL_CAP*/

#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
libspdm_return_t do_get_key_pair_info_via_spdm(const uint32_t *session_id);
#endif /*LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP*/

libspdm_return_t pci_doe_process_session_message(void *spdm_context, uint32_t session_id);
libspdm_return_t mctp_process_session_message(void *spdm_context, uint32_t session_id);
libspdm_return_t do_certificate_provising_via_spdm(uint32_t* session_id);
Expand Down Expand Up @@ -186,6 +190,17 @@ libspdm_return_t do_session_via_spdm(bool use_psk)
}
#endif /*LIBSPDM_ENABLE_CAPABILITY_MEL_CAP*/

#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
if (((m_exe_session & EXE_SESSION_GET_KEY_PAIR_INFO) != 0) &&
(m_use_version >= SPDM_MESSAGE_VERSION_13)) {
status = do_get_key_pair_info_via_spdm(&session_id);
if (LIBSPDM_STATUS_IS_ERROR(status)) {
printf("do_get_key_pair_info_via_spdm - %x\n",
(uint32_t)status);
}
}
#endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */

#if (LIBSPDM_ENABLE_CAPABILITY_CERT_CAP && LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP)
status = get_digest_cert_in_session(&session_id);
if (LIBSPDM_STATUS_IS_ERROR(status)) {
Expand Down
4 changes: 4 additions & 0 deletions spdm_emu/spdm_requester_emu/spdm_requester_spdm.c
Original file line number Diff line number Diff line change
Expand Up @@ -402,6 +402,10 @@ void *spdm_client_init(void)
m_exe_connection &= ~EXE_CONNECTION_GET_CSR;
m_exe_session &= ~EXE_SESSION_GET_CSR;
}
if ((SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_GET_KEY_PAIR_INFO_CAP & responder_capabilities_flag) == 0) {
m_exe_connection &= ~EXE_CONNECTION_GET_KEY_PAIR_INFO;
m_exe_session &= ~EXE_SESSION_GET_KEY_PAIR_INFO;
}

data_size = sizeof(data32);
libspdm_get_data(spdm_context, LIBSPDM_DATA_CONNECTION_STATE, &parameter,
Expand Down

0 comments on commit 4c6e518

Please sign in to comment.