Skip to content

Commit

Permalink
Add req_slot_id parameter, besides slot_id.
Browse files Browse the repository at this point in the history 
Current code only has slot-id controlling both local provision and peer provision.
It causes confusing because a platform may support cert chain for local and pub key for peer.
It is legal to set slot_id to be 0x0, and req_slot_id to be 0xFF.

Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
  • Loading branch information
@jyao1
jyao1 committed Nov 15, 2024
1 parent 16d9bab commit 214c07a
Show file tree
Hide file tree
Showing 6 changed files with 168 additions and 112 deletions.
4 changes: 3 additions & 1 deletion doc/spdm_emu.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b
[--key_upd REQ|ALL|RSP]
[--slot_id <0~7|0xFF>]
[--slot_count <1~8>]
[--req_slot_id <0~7|0xFF>]
[--save_state <NegotiateStateFileName>]
[--load_state <NegotiateStateFileName>]
[--exe_mode SHUTDOWN|CONTINUE]
Expand Down Expand Up @@ -63,7 +64,8 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b
[--meas_op] is the measurement operation in GET_MEASUREMENT. By default, ONE_BY_ONE is used.
[--meas_att] is the measurement attribute in GET_MEASUREMENT. By default, HASH is used.
[--key_upd] is the key update operation in KEY_UPDATE. By default, ALL is used. RSP will trigger encapsulated KEY_UPDATE.
[--slot_id] is to select the peer slot ID in GET_MEASUREMENT, CHALLENGE_AUTH, KEY_EXCHANGE and FINISH. By default, 0 is used.
[--slot_id] is to select the responder slot ID in GET_MEASUREMENT, CHALLENGE_AUTH and KEY_EXCHANGE. By default, 0 is used.
[--req_slot_id] is to select the requester slot ID in KEY_EXCHANGE_RSP and FINISH. By default, 0 is used.
0xFF can be used to indicate provisioned certificate chain. No GET_CERTIFICATE is needed.
[--slot_count] is to select the local slot count. By default, 3 is used. And the slot store cert chain continuously in emu.
[--save_state] is to save the current negotiated state to a write-only file.
Expand Down
1 change: 1 addition & 0 deletions spdm_emu/spdm_emu_common/key.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ uint8_t m_use_measurement_operation =
uint8_t m_use_measurement_attribute = 0;
uint8_t m_use_slot_id = 0;
uint8_t m_use_slot_count = 3;
uint8_t m_use_req_slot_id = 0;

/*
* LIBSPDM_KEY_UPDATE_ACTION_REQUESTER
Expand Down
28 changes: 27 additions & 1 deletion spdm_emu/spdm_emu_common/spdm_emu.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ void print_usage(const char *name)
printf(" [--key_upd REQ|ALL|RSP]\n");
printf(" [--slot_id <0~7|0xFF>]\n");
printf(" [--slot_count <1~8>]\n");
printf(" [--req_slot_id <0~7|0xFF>]\n");
printf(" [--save_state <NegotiateStateFileName>]\n");
printf(" [--load_state <NegotiateStateFileName>]\n");
printf(" [--exe_mode SHUTDOWN|CONTINUE]\n");
Expand Down Expand Up @@ -119,7 +120,9 @@ void print_usage(const char *name)
printf(
" [--key_upd] is the key update operation in KEY_UPDATE. By default, ALL is used. RSP will trigger encapsulated KEY_UPDATE.\n");
printf(
" [--slot_id] is to select the peer slot ID in GET_MEASUREMENT, CHALLENGE_AUTH, KEY_EXCHANGE and FINISH. By default, 0 is used.\n");
" [--slot_id] is to select the responder slot ID in GET_MEASUREMENT, CHALLENGE_AUTH and KEY_EXCHANGE. By default, 0 is used.\n");
printf(
" [--req_slot_id] is to select the requester slot ID in KEY_EXCHANGE_RSP and FINISH. By default, 0 is used.\n");
printf(
" 0xFF can be used to indicate provisioned certificate chain. No GET_CERTIFICATE is needed.\n");
printf(
Expand Down Expand Up @@ -1124,6 +1127,29 @@ void process_args(char *program_name, int argc, char *argv[])
}
}

if (strcmp(argv[0], "--req_slot_id") == 0) {
if (argc >= 2) {
if (!get_value_from_name(
m_slot_id_string_table,
LIBSPDM_ARRAY_SIZE(m_slot_id_string_table),
argv[1], &data32)) {
printf("invalid --req_slot_id %s\n",
argv[1]);
print_usage(program_name);
exit(0);
}
m_use_req_slot_id = (uint8_t)data32;
printf("req_slot_id - 0x%02x\n", m_use_req_slot_id);
argc -= 2;
argv += 2;
continue;
} else {
printf("invalid --req_slot_id\n");
print_usage(program_name);
exit(0);
}
}

if (strcmp(argv[0], "--save_state") == 0) {
if (argc >= 2) {
m_save_state_file_name = argv[1];
Expand Down
1 change: 1 addition & 0 deletions spdm_emu/spdm_emu_common/spdm_emu.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ extern uint8_t m_use_measurement_operation;
extern uint8_t m_use_measurement_attribute;
extern uint8_t m_use_slot_id;
extern uint8_t m_use_slot_count;
extern uint8_t m_use_req_slot_id;
extern bool g_private_key_mode;

#define ENCAP_KEY_UPDATE 0x8000
Expand Down
107 changes: 58 additions & 49 deletions spdm_emu/spdm_requester_emu/spdm_requester_spdm.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -272,7 +272,7 @@ void *spdm_client_init(void)
libspdm_set_data(spdm_context, LIBSPDM_DATA_CAPABILITY_CT_EXPONENT,
&parameter, &data8, sizeof(data8));
data32 = m_use_requester_capability_flags;
if (m_use_slot_id == 0xFF) {
if (m_use_req_slot_id == 0xFF) {
data32 |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP;
data32 &= ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP;
data32 &= ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP;
Expand Down Expand Up @@ -435,14 +435,18 @@ void *spdm_client_init(void)

if ((m_use_requester_capability_flags &
SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP) != 0) {
m_use_slot_id = 0xFF;
m_use_req_slot_id = 0xFF;
}
if (((m_exe_connection & EXE_CONNECTION_CERT) == 0) && (m_use_slot_id != 0xFF)) {
m_exe_connection &= ~EXE_CONNECTION_CHAL;
m_exe_connection &= ~EXE_CONNECTION_MEAS;
m_exe_session &= ~EXE_SESSION_KEY_EX;
m_exe_session &= ~EXE_SESSION_MEAS;
}

printf("slot_id - %x\n", m_use_slot_id);
printf("req_slot_id - %x\n", m_use_req_slot_id);

if (m_use_slot_id == 0xFF) {
res = libspdm_read_responder_public_key(m_use_asym_algo, &data, &data_size);
if (res) {
Expand All @@ -458,20 +462,6 @@ void *spdm_client_init(void)
m_spdm_context = NULL;
return NULL;
}
res = libspdm_read_requester_public_key(m_use_req_asym_algo, &data, &data_size);
if (res) {
libspdm_zero_mem(&parameter, sizeof(parameter));
parameter.location = LIBSPDM_DATA_LOCATION_LOCAL;
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_PUBLIC_KEY,
&parameter, data, data_size);
/* Do not free it.*/
} else {
printf("read_requester_public_key fail!\n");
free(m_spdm_context);
m_spdm_context = NULL;
return NULL;
}
} else {
res = libspdm_read_responder_root_public_certificate(m_use_hash_algo,
m_use_asym_algo,
Expand Down Expand Up @@ -518,42 +508,61 @@ void *spdm_client_init(void)
}
}

if (m_use_req_asym_algo != 0) {
res = libspdm_read_requester_public_certificate_chain(m_use_hash_algo,
m_use_req_asym_algo,
&data, &data_size, NULL,
NULL);
if (res) {
libspdm_zero_mem(&parameter, sizeof(parameter));
parameter.location = LIBSPDM_DATA_LOCATION_LOCAL;

for (index = 0; index < m_use_slot_count; index++) {
parameter.additional_data[0] = index;
if (m_use_req_slot_id == 0xFF) {
if (m_use_req_asym_algo != 0) {
res = libspdm_read_requester_public_key(m_use_req_asym_algo, &data, &data_size);
if (res) {
libspdm_zero_mem(&parameter, sizeof(parameter));
parameter.location = LIBSPDM_DATA_LOCATION_LOCAL;
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_PUBLIC_CERT_CHAIN,
LIBSPDM_DATA_LOCAL_PUBLIC_KEY,
&parameter, data, data_size);
data8 = (uint8_t)(0xB0 + index);
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_KEY_PAIR_ID,
&parameter, &data8, sizeof(data8));
data8 = SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT;
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_CERT_INFO,
&parameter, &data8, sizeof(data8));
data16 = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE |
SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE |
SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE |
SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE;
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_KEY_USAGE_BIT_MASK,
&parameter, &data16, sizeof(data16));
/* Do not free it.*/
} else {
printf("read_requester_public_key fail!\n");
free(m_spdm_context);
m_spdm_context = NULL;
return NULL;
}
}
} else {
if (m_use_req_asym_algo != 0) {
res = libspdm_read_requester_public_certificate_chain(m_use_hash_algo,
m_use_req_asym_algo,
&data, &data_size, NULL,
NULL);
if (res) {
libspdm_zero_mem(&parameter, sizeof(parameter));
parameter.location = LIBSPDM_DATA_LOCATION_LOCAL;

for (index = 0; index < m_use_slot_count; index++) {
parameter.additional_data[0] = index;
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_PUBLIC_CERT_CHAIN,
&parameter, data, data_size);
data8 = (uint8_t)(0xB0 + index);
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_KEY_PAIR_ID,
&parameter, &data8, sizeof(data8));
data8 = SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT;
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_CERT_INFO,
&parameter, &data8, sizeof(data8));
data16 = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE |
SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE |
SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE |
SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE;
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_KEY_USAGE_BIT_MASK,
&parameter, &data16, sizeof(data16));
}
/* do not free it*/
} else {
printf("read_requester_public_certificate_chain fail!\n");
free(m_spdm_context);
m_spdm_context = NULL;
return NULL;
}
/* do not free it*/
} else {
printf("read_requester_public_certificate_chain fail!\n");
free(m_spdm_context);
m_spdm_context = NULL;
return NULL;
}
}

Expand Down
Loading

0 comments on commit 214c07a

Please sign in to comment.