Add SPDM 1.3 new feature get_MEL for spdm_emu

Signed-off-by: Wenxing Hou <[email protected]>
DMTF · Jul 1, 2024 · e671fc5 · e671fc5
1 parent 39b5578
commit e671fc5
Show file tree

Hide file tree

Showing 8 changed files with 88 additions and 9 deletions.
diff --git a/doc/spdm_emu.md b/doc/spdm_emu.md
@@ -31,7 +31,7 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b
          [--save_state <NegotiateStateFileName>]
          [--load_state <NegotiateStateFileName>]
          [--exe_mode SHUTDOWN|CONTINUE]
-         [--exe_conn VER_ONLY|DIGEST|CERT|CHAL|MEAS|GET_CSR|SET_CERT]
+         [--exe_conn VER_ONLY|DIGEST|CERT|CHAL|MEAS|MEL|GET_CSR|SET_CERT]
          [--exe_session KEY_EX|PSK|NO_END|KEY_UPDATE|HEARTBEAT|MEAS|DIGEST|CERT|GET_CSR|SET_CERT|APP]
          [--pcap <PcapFileName>]
          [--priv_key_mode PEM|RAW]
@@ -80,7 +80,7 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b
          [--exe_mode] is used to control the execution mode. By default, it is SHUTDOWN.
                  SHUTDOWN means the requester asks the responder to stop.
                  CONTINUE means the requester asks the responder to preserve the current SPDM context.
-         [--exe_conn] is used to control the SPDM connection. By default, it is DIGEST,CERT,CHAL,MEAS,GET_CSR,SET_CERT.
+         [--exe_conn] is used to control the SPDM connection. By default, it is DIGEST,CERT,CHAL,MEAS,MEL,GET_CSR,SET_CERT.
                  VER_ONLY means REQUESTER does not send GET_CAPABILITIES/NEGOTIATE_ALGORITHMS. It is used for quick symmetric authentication with PSK.
                      The version for responder must be provisioned from ver.
                      The capablities for local and peer are from cap|peer_cap.
@@ -89,15 +89,17 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b
                  CERT means send GET_CERTIFICATE command.
                  CHAL means send CHALLENGE command.
                  MEAS means send GET_MEASUREMENT command.
+                 MEL means send GET_MEL command.
                  GET_CSR means send GET_CSR command.
                  SET_CERT means send SET_CERTIFICATE command.
-         [--exe_session] is used to control the SPDM session. By default, it is KEY_EX,PSK,KEY_UPDATE,HEARTBEAT,MEAS,DIGEST,CERT,GET_CSR,SET_CERT,APP.
+         [--exe_session] is used to control the SPDM session. By default, it is KEY_EX,PSK,KEY_UPDATE,HEARTBEAT,MEAS,MEL,DIGEST,CERT,GET_CSR,SET_CERT,APP.
                  KEY_EX means to setup KEY_EXCHANGE session.
                  PSK means to setup PSK_EXCHANGE session.
                  NO_END means to not send END_SESSION.
                  KEY_UPDATE means to send KEY_UPDATE in session.
                  HEARTBEAT means to send HEARTBEAT in session.
                  MEAS means send GET_MEASUREMENT command in session.
+                 MEL means send GET_MEL command in session.
                  DIGEST means send GET_DIGESTS command in session.
                  CERT means send GET_CERTIFICATE command in session.
                  GET_CSR means send GET_CSR command in session.

diff --git a/spdm_emu/spdm_emu_common/key.c b/spdm_emu/spdm_emu_common/key.c
@@ -31,6 +31,7 @@ uint32_t m_use_responder_capability_flags =
      SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP |
      /* SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG |    conflict with SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG   */
      SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG | /* conflict with SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG */
+     SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEL_CAP |
      SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_FRESH_CAP |
      SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP |
      SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP |

diff --git a/spdm_emu/spdm_emu_common/spdm_emu.c b/spdm_emu/spdm_emu_common/spdm_emu.c
@@ -15,13 +15,14 @@ uint32_t m_exe_mode = EXE_MODE_SHUTDOWN;
 uint32_t m_exe_connection = (0 |
                              /* EXE_CONNECTION_VERSION_ONLY |*/
                              EXE_CONNECTION_DIGEST | EXE_CONNECTION_CERT |
-                             EXE_CONNECTION_CHAL | EXE_CONNECTION_MEAS |
+                             EXE_CONNECTION_CHAL | EXE_CONNECTION_MEAS | EXE_CONNECTION_MEL |
                              EXE_CONNECTION_SET_CERT | EXE_CONNECTION_GET_CSR | 0);
 
 uint32_t m_exe_session =
     (0 | EXE_SESSION_KEY_EX | EXE_SESSION_PSK |
      /* EXE_SESSION_NO_END |*/
-     EXE_SESSION_KEY_UPDATE | EXE_SESSION_HEARTBEAT | EXE_SESSION_MEAS |
+     EXE_SESSION_KEY_UPDATE | EXE_SESSION_HEARTBEAT |
+     EXE_SESSION_MEAS | EXE_SESSION_MEL |
      EXE_SESSION_SET_CERT | EXE_SESSION_GET_CSR |
      EXE_SESSION_DIGEST | EXE_SESSION_CERT | EXE_SESSION_APP | 0);
 
@@ -67,8 +68,8 @@ void print_usage(const char *name)
     printf("   [--save_state <NegotiateStateFileName>]\n");
     printf("   [--load_state <NegotiateStateFileName>]\n");
     printf("   [--exe_mode SHUTDOWN|CONTINUE]\n");
-    printf("   [--exe_conn VER_ONLY|DIGEST|CERT|CHAL|MEAS|GET_CSR|SET_CERT]\n");
-    printf("   [--exe_session KEY_EX|PSK|NO_END|KEY_UPDATE|HEARTBEAT|MEAS|DIGEST|CERT|GET_CSR|SET_CERT|APP]\n");
+    printf("   [--exe_conn VER_ONLY|DIGEST|CERT|CHAL|MEAS|MEL|GET_CSR|SET_CERT]\n");
+    printf("   [--exe_session KEY_EX|PSK|NO_END|KEY_UPDATE|HEARTBEAT|MEAS|MEL|DIGEST|CERT|GET_CSR|SET_CERT|APP]\n");
     printf("   [--pcap <pcap_file_name>]\n");
     printf("   [--priv_key_mode PEM|RAW]\n");
     printf("\n");
@@ -148,7 +149,7 @@ void print_usage(const char *name)
     printf(
         "           CONTINUE means the requester asks the responder to preserve the current SPDM context.\n");
     printf(
-        "   [--exe_conn] is used to control the SPDM connection. By default, it is DIGEST,CERT,CHAL,MEAS,GET_CSR,SET_CERT.\n");
+        "   [--exe_conn] is used to control the SPDM connection. By default, it is DIGEST,CERT,CHAL,MEAS,MEL,GET_CSR,SET_CERT.\n");
     printf(
         "           VER_ONLY means REQUESTER does not send GET_CAPABILITIES/NEGOTIATE_ALGORITHMS. It is used for quick symmetric authentication with PSK.\n");
     printf("               The version for responder must be provisioned from ver.\n");
@@ -159,16 +160,18 @@ void print_usage(const char *name)
     printf("           CERT means send GET_CERTIFICATE command.\n");
     printf("           CHAL means send CHALLENGE command.\n");
     printf("           MEAS means send GET_MEASUREMENT command.\n");
+    printf("           MEL means send GET_MEL command.\n");
     printf("           GET_CSR means send GET_CSR command.\n");
     printf("           SET_CERT means send SET_CERTIFICATE command.\n");
     printf(
-        "   [--exe_session] is used to control the SPDM session. By default, it is KEY_EX,PSK,KEY_UPDATE,HEARTBEAT,MEAS,DIGEST,CERT,GET_CSR,SET_CERT,APP.\n");
+        "   [--exe_session] is used to control the SPDM session. By default, it is KEY_EX,PSK,KEY_UPDATE,HEARTBEAT,MEAS,MEL,DIGEST,CERT,GET_CSR,SET_CERT,APP.\n");
     printf("           KEY_EX means to setup KEY_EXCHANGE session.\n");
     printf("           PSK means to setup PSK_EXCHANGE session.\n");
     printf("           NO_END means to not send END_SESSION.\n");
     printf("           KEY_UPDATE means to send KEY_UPDATE in session.\n");
     printf("           HEARTBEAT means to send HEARTBEAT in session.\n");
     printf("           MEAS means send GET_MEASUREMENT command in session.\n");
+    printf("           MEL means send GET_MEL command in session.\n");
     printf("           DIGEST means send GET_DIGESTS command in session.\n");
     printf("           CERT means send GET_CERTIFICATE command in session.\n");
     printf("           GET_CSR means send GET_CSR command in session.\n");
@@ -402,6 +405,7 @@ value_string_entry_t m_exe_connection_string_table[] = {
     { EXE_CONNECTION_CERT, "CERT" },
     { EXE_CONNECTION_CHAL, "CHAL" },
     { EXE_CONNECTION_MEAS, "MEAS" },
+    { EXE_CONNECTION_MEL, "MEL" },
     { EXE_CONNECTION_SET_CERT, "SET_CERT" },
     { EXE_CONNECTION_GET_CSR, "GET_CSR" },
 };
@@ -413,6 +417,7 @@ value_string_entry_t m_exe_session_string_table[] = {
     { EXE_SESSION_KEY_UPDATE, "KEY_UPDATE" },
     { EXE_SESSION_HEARTBEAT, "HEARTBEAT" },
     { EXE_SESSION_MEAS, "MEAS" },
+    { EXE_SESSION_MEL, "MEL" },
     { EXE_SESSION_DIGEST, "DIGEST" },
     { EXE_SESSION_CERT, "CERT" },
     { EXE_SESSION_SET_CERT, "SET_CERT" },

diff --git a/spdm_emu/spdm_emu_common/spdm_emu.h b/spdm_emu/spdm_emu_common/spdm_emu.h
@@ -75,6 +75,7 @@ extern uint32_t m_exe_mode;
 #define EXE_CONNECTION_MEAS 0x10
 #define EXE_CONNECTION_SET_CERT 0x20
 #define EXE_CONNECTION_GET_CSR 0x40
+#define EXE_CONNECTION_MEL 0x80
 extern uint32_t m_exe_connection;
 
 #define EXE_SESSION_KEY_EX 0x1
@@ -88,6 +89,7 @@ extern uint32_t m_exe_connection;
 #define EXE_SESSION_DIGEST 0x100
 #define EXE_SESSION_CERT 0x200
 #define EXE_SESSION_APP 0x400
+#define EXE_SESSION_MEL 0x800
 extern uint32_t m_exe_session;
 
 void libspdm_dump_hex_str(const uint8_t *buffer, size_t buffer_size);

diff --git a/spdm_emu/spdm_requester_emu/spdm_requester_emu.c b/spdm_emu/spdm_requester_emu/spdm_requester_emu.c
@@ -34,6 +34,10 @@ bool communicate_platform_data(SOCKET socket, uint32_t command,
 libspdm_return_t do_measurement_via_spdm(const uint32_t *session_id);
 #endif /*LIBSPDM_ENABLE_CAPABILITY_MEAS_CAP*/
 
+#if LIBSPDM_ENABLE_CAPABILITY_MEL_CAP
+libspdm_return_t do_measurement_mel_via_spdm(const uint32_t *session_id);
+#endif /*LIBSPDM_ENABLE_CAPABILITY_MEL_CAP*/
+
 #if (LIBSPDM_ENABLE_CAPABILITY_CERT_CAP && LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP)
 libspdm_return_t do_authentication_via_spdm(void);
 #endif /*(LIBSPDM_ENABLE_CAPABILITY_CERT_CAP && LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP)*/
@@ -121,6 +125,17 @@ bool platform_client_routine(uint16_t port_number)
         }
     }
 #endif /*LIBSPDM_ENABLE_CAPABILITY_MEAS_CAP*/
+
+#if LIBSPDM_ENABLE_CAPABILITY_MEL_CAP
+    if ((m_exe_connection & EXE_CONNECTION_MEL) != 0) {
+        status = do_measurement_mel_via_spdm(NULL);
+        if (LIBSPDM_STATUS_IS_ERROR(status)) {
+            printf("do_measurement_mel_via_spdm - %x\n",
+                   (uint32_t)status);
+            goto done;
+        }
+    }
+#endif /*LIBSPDM_ENABLE_CAPABILITY_MEL_CAP*/
     /* when use --trans NONE, skip secure session  */
     if (m_use_transport_layer == SOCKET_TRANSPORT_TYPE_NONE) {
         if (m_use_version >= SPDM_MESSAGE_VERSION_12) {

diff --git a/spdm_emu/spdm_requester_emu/spdm_requester_measurement.c b/spdm_emu/spdm_requester_emu/spdm_requester_measurement.c
@@ -183,4 +183,40 @@ libspdm_return_t do_measurement_via_spdm(const uint32_t *session_id)
     return LIBSPDM_STATUS_SUCCESS;
 }
 
+/**
+ * This function executes SPDM measurement MEL.
+ *
+ * @param[in]  spdm_context            The SPDM context for the device.
+ **/
+libspdm_return_t do_measurement_mel_via_spdm(const uint32_t *session_id)
+{
+    libspdm_return_t status;
+    void *spdm_context;
+    size_t spdm_mel_size;
+    uint8_t spdm_mel[LIBSPDM_MAX_MEASUREMENT_EXTENSION_LOG_SIZE];
+    libspdm_data_parameter_t parameter;
+    uint32_t measurement_hash_algo;
+    size_t data_size;
+
+    spdm_context = m_spdm_context;
+    spdm_mel_size = sizeof(spdm_mel);
+    libspdm_zero_mem(spdm_mel, sizeof(spdm_mel));
+
+    /* get setting from connection*/
+    libspdm_zero_mem(&parameter, sizeof(parameter));
+    parameter.location = LIBSPDM_DATA_LOCATION_CONNECTION;
+
+    data_size = sizeof(measurement_hash_algo);
+    libspdm_get_data(spdm_context, LIBSPDM_DATA_MEASUREMENT_HASH_ALGO, &parameter,
+                     &measurement_hash_algo, &data_size);
+
+    status = libspdm_get_measurement_extension_log(spdm_context, session_id, &spdm_mel_size,
+                                                   spdm_mel);
+    if (LIBSPDM_STATUS_IS_ERROR(status)) {
+        return status;
+    }
+
+    return LIBSPDM_STATUS_SUCCESS;
+}
+
 #endif /*LIBSPDM_ENABLE_CAPABILITY_MEAS_CAP*/
diff --git a/spdm_emu/spdm_requester_emu/spdm_requester_session.c b/spdm_emu/spdm_requester_emu/spdm_requester_session.c
@@ -22,6 +22,10 @@ bool communicate_platform_data(SOCKET socket, uint32_t command,
 libspdm_return_t do_measurement_via_spdm(const uint32_t *session_id);
 #endif /*LIBSPDM_ENABLE_CAPABILITY_MEAS_CAP*/
 
+#if LIBSPDM_ENABLE_CAPABILITY_MEL_CAP
+libspdm_return_t do_measurement_mel_via_spdm(const uint32_t *session_id);
+#endif /*LIBSPDM_ENABLE_CAPABILITY_MEL_CAP*/
+
 libspdm_return_t pci_doe_process_session_message(void *spdm_context, uint32_t session_id);
 libspdm_return_t mctp_process_session_message(void *spdm_context, uint32_t session_id);
 libspdm_return_t do_certificate_provising_via_spdm(uint32_t* session_id);
@@ -172,6 +176,16 @@ libspdm_return_t do_session_via_spdm(bool use_psk)
     }
 #endif /*LIBSPDM_ENABLE_CAPABILITY_MEAS_CAP*/
 
+#if LIBSPDM_ENABLE_CAPABILITY_MEL_CAP
+    if ((m_exe_session & EXE_SESSION_MEL) != 0) {
+        status = do_measurement_mel_via_spdm(&session_id);
+        if (LIBSPDM_STATUS_IS_ERROR(status)) {
+            printf("do_measurement_mel_via_spdm - %x\n",
+                   (uint32_t)status);
+        }
+    }
+#endif /*LIBSPDM_ENABLE_CAPABILITY_MEL_CAP*/
+
 #if (LIBSPDM_ENABLE_CAPABILITY_CERT_CAP && LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP)
     status = get_digest_cert_in_session(&session_id);
     if (LIBSPDM_STATUS_IS_ERROR(status)) {

diff --git a/spdm_emu/spdm_requester_emu/spdm_requester_spdm.c b/spdm_emu/spdm_requester_emu/spdm_requester_spdm.c
@@ -373,6 +373,10 @@ void *spdm_client_init(void)
         m_exe_connection &= ~EXE_CONNECTION_MEAS;
         m_exe_session &= ~EXE_SESSION_MEAS;
     }
+    if ((SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEL_CAP & responder_capabilities_flag) == 0) {
+        m_exe_connection &= ~EXE_CONNECTION_MEL;
+        m_exe_session &= ~EXE_SESSION_MEL;
+    }
 
     if (((SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP & requester_capabilities_flag) == 0) ||
         ((SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP & responder_capabilities_flag) == 0)) {