Skip to content

Commit

Permalink
Add 1.3 transcript test for multi-key.
Browse files Browse the repository at this point in the history 
Signed-off-by: Jiewen Yao <[email protected]>
  • Loading branch information
@jyao1
jyao1 committed Nov 21, 2023
1 parent 84cea24 commit 0826bfa
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 15 deletions.
14 changes: 7 additions & 7 deletions doc/spdm_emu.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b

```
spdm_requester_emu|spdm_responder_emu [--trans MCTP|PCI_DOE]
[--ver 1.0|1.1|1.2]
[--ver 1.0|1.1|1.2|1.3]
[--sec_ver 1.0|1.1]
[--cap CACHE|CERT|CHAL|MEAS_NO_SIG|MEAS_SIG|MEAS_FRESH|ENCRYPT|MAC|MUT_AUTH|KEY_EX|PSK|PSK_WITH_CONTEXT|ENCAP|HBEAT|KEY_UPD|HANDSHAKE_IN_CLEAR|PUB_KEY_ID|CHUNK|ALIAS_CERT|SET_CERT|CSR|CERT_INSTALL_RESET]
[--cap CACHE|CERT|CHAL|MEAS_NO_SIG|MEAS_SIG|MEAS_FRESH|ENCRYPT|MAC|MUT_AUTH|KEY_EX|PSK|PSK_WITH_CONTEXT|ENCAP|HBEAT|KEY_UPD|HANDSHAKE_IN_CLEAR|PUB_KEY_ID|CHUNK|ALIAS_CERT|SET_CERT|CSR|CERT_INSTALL_RESET|EP_INFO_NO_SIG|EP_INFO_SIG|MEL|EVENT|MULTI_KEY_ONLY|MULTI_KEY_NEG|GET_KEY_PAIR_INFO|SET_KEY_PAIR_INFO]
[--hash SHA_256|SHA_384|SHA_512|SHA3_256|SHA3_384|SHA3_512|SM3_256]
[--meas_spec DMTF]
[--meas_hash RAW_BIT|SHA_256|SHA_384|SHA_512|SHA3_256|SHA3_384|SHA3_512|SM3_256]
Expand All @@ -17,8 +17,8 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b
[--dhe FFDHE_2048|FFDHE_3072|FFDHE_4096|SECP_256_R1|SECP_384_R1|SECP_521_R1|SM2_P256]
[--aead AES_128_GCM|AES_256_GCM|CHACHA20_POLY1305|SM4_128_GCM]
[--key_schedule HMAC_HASH]
[--other_param OPAQUE_FMT_1]
[--peer_cap CACHE|CERT|CHAL|MEAS_NO_SIG|MEAS_SIG|MEAS_FRESH|ENCRYPT|MAC|MUT_AUTH|KEY_EX|PSK|PSK_WITH_CONTEXT|ENCAP|HBEAT|KEY_UPD|HANDSHAKE_IN_CLEAR|PUB_KEY_ID|CHUNK|ALIAS_CERT|SET_CERT|CSR|CERT_INSTALL_RESET]
[--other_param OPAQUE_FMT_1|MULTI_KEY_CONN]
[--peer_cap CACHE|CERT|CHAL|MEAS_NO_SIG|MEAS_SIG|MEAS_FRESH|ENCRYPT|MAC|MUT_AUTH|KEY_EX|PSK|PSK_WITH_CONTEXT|ENCAP|HBEAT|KEY_UPD|HANDSHAKE_IN_CLEAR|PUB_KEY_ID|CHUNK|ALIAS_CERT|SET_CERT|CSR|CERT_INSTALL_RESET|EP_INFO_NO_SIG|EP_INFO_SIG|MEL|EVENT|MULTI_KEY_ONLY|MULTI_KEY_NEG|GET_KEY_PAIR_INFO|SET_KEY_PAIR_INFO]
[--basic_mut_auth NO|BASIC]
[--mut_auth NO|WO_ENCAP|W_ENCAP|DIGESTS]
[--meas_sum NO|TCB|ALL]
Expand All @@ -40,8 +40,8 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b
[--ver] is version. By default, all are used.
[--sec_ver] is secured message version. By default, all are used.
[--cap] is capability flags. Multiple flags can be set together. Please use ',' for them.
By default, CERT,CHAL,ENCRYPT,MAC,MUT_AUTH,KEY_EX,PSK,ENCAP,HBEAT,KEY_UPD,HANDSHAKE_IN_CLEAR is used for Requester.
By default, CACHE,CERT,CHAL,MEAS_SIG,MEAS_FRESH,ENCRYPT,MAC,MUT_AUTH,KEY_EX,PSK_WITH_CONTEXT,ENCAP,HBEAT,KEY_UPD,HANDSHAKE_IN_CLEAR,SET_CERT,CSR is used for Responder.
By default, CERT,CHAL,ENCRYPT,MAC,MUT_AUTH,KEY_EX,PSK,ENCAP,HBEAT,KEY_UPD,HANDSHAKE_IN_CLEAR,MULTI_KEY_NEG is used for Requester.
By default, CACHE,CERT,CHAL,MEAS_SIG,MEAS_FRESH,ENCRYPT,MAC,MUT_AUTH,KEY_EX,PSK_WITH_CONTEXT,ENCAP,HBEAT,KEY_UPD,HANDSHAKE_IN_CLEAR,SET_CERT,CSR,MULTI_KEY_NEG,GET_KEY_PAIR_INFO is used for Responder.
[--hash] is hash algorithm. By default, SHA_384,SHA_256 is used.
[--meas_spec] is measurement hash spec. By default, DMTF is used.
[--meas_hash] is measurement hash algorithm. By default, SHA_512,SHA_384,SHA_256 is used.
Expand All @@ -50,7 +50,7 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b
[--dhe] is DHE algorithm. By default, SECP_384_R1,SECP_256_R1,FFDHE_3072,FFDHE_2048 is used.
[--aead] is AEAD algorithm. By default, AES_256_GCM,CHACHA20_POLY1305 is used.
[--key_schedule] is key schedule algorithm. By default, HMAC_HASH is used.
[--other_param] is other parameter support. By default, OPAQUE_FMT_1 is used.
[--other_param] is other parameter support. By default, OPAQUE_FMT_1,MULTI_KEY_CONN is used.
Above algorithms also support multiple flags. Please use ',' for them.
Not all the algorithms are supported, especially SHA3, EDDSA, and SMx.
Please don't mix NIST algo with SMx algo.
Expand Down
6 changes: 5 additions & 1 deletion spdm_emu/spdm_emu_common/key.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ uint32_t m_use_requester_capability_flags =
SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP |
SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHUNK_CAP |
/* SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP | conflict with SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP */
SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP_NEG |
0);
uint32_t m_use_responder_capability_flags =
(0 | SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CACHE_CAP |
Expand All @@ -47,6 +48,8 @@ uint32_t m_use_responder_capability_flags =
SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP | /* conflict with SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP */
SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CSR_CAP | /* conflict with SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP */
/* SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP | conflict with SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP */
SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MULTI_KEY_CAP_NEG |
SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_GET_KEY_PAIR_INFO_CAP |
0);

uint32_t m_use_capability_flags = 0;
Expand Down Expand Up @@ -180,7 +183,8 @@ uint16_t m_support_key_schedule_algo = SPDM_ALGORITHMS_KEY_SCHEDULE_HMAC_HASH;
* SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1,
*/
uint8_t m_support_other_params_support =
SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1;
SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1 |
SPDM_ALGORITHMS_MULTI_KEY_CONN;

uint8_t m_session_policy =
SPDM_KEY_EXCHANGE_REQUEST_SESSION_POLICY_TERMINATION_POLICY_RUNTIME_UPDATE;
Expand Down
29 changes: 22 additions & 7 deletions spdm_emu/spdm_emu_common/spdm_emu.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,10 @@ void print_usage(const char *name)
{
printf("\n%s [--trans MCTP|PCI_DOE|TCP|NONE]\n", name);
printf(" [--tcp_sub HS|NO_HS]\n");
printf(" [--ver 1.0|1.1|1.2]\n");
printf(" [--ver 1.0|1.1|1.2|1.3]\n");
printf(" [--sec_ver 1.0|1.1]\n");
printf(
" [--cap CACHE|CERT|CHAL|MEAS_NO_SIG|MEAS_SIG|MEAS_FRESH|ENCRYPT|MAC|MUT_AUTH|KEY_EX|PSK|PSK_WITH_CONTEXT|ENCAP|HBEAT|KEY_UPD|HANDSHAKE_IN_CLEAR|PUB_KEY_ID|CHUNK|ALIAS_CERT|SET_CERT|CSR|CERT_INSTALL_RESET]\n");
" [--cap CACHE|CERT|CHAL|MEAS_NO_SIG|MEAS_SIG|MEAS_FRESH|ENCRYPT|MAC|MUT_AUTH|KEY_EX|PSK|PSK_WITH_CONTEXT|ENCAP|HBEAT|KEY_UPD|HANDSHAKE_IN_CLEAR|PUB_KEY_ID|CHUNK|ALIAS_CERT|SET_CERT|CSR|CERT_INSTALL_RESET|EP_INFO_NO_SIG|EP_INFO_SIG|MEL|EVENT|MULTI_KEY_ONLY|MULTI_KEY_NEG|GET_KEY_PAIR_INFO|SET_KEY_PAIR_INFO]\n");
printf(" [--hash SHA_256|SHA_384|SHA_512|SHA3_256|SHA3_384|SHA3_512|SM3_256]\n");
printf(" [--meas_spec DMTF]\n");
printf(" [--meas_hash RAW_BIT|SHA_256|SHA_384|SHA_512|SHA3_256|SHA3_384|SHA3_512|SM3_256]\n");
Expand All @@ -52,9 +52,9 @@ void print_usage(const char *name)
" [--dhe FFDHE_2048|FFDHE_3072|FFDHE_4096|SECP_256_R1|SECP_384_R1|SECP_521_R1|SM2_P256]\n");
printf(" [--aead AES_128_GCM|AES_256_GCM|CHACHA20_POLY1305|SM4_128_GCM]\n");
printf(" [--key_schedule HMAC_HASH]\n");
printf(" [--other_param OPAQUE_FMT_1]\n");
printf(" [--other_param OPAQUE_FMT_1|MULTI_KEY_CONN]\n");
printf(
" [--peer_cap CACHE|CERT|CHAL|MEAS_NO_SIG|MEAS_SIG|MEAS_FRESH|ENCRYPT|MAC|MUT_AUTH|KEY_EX|PSK|PSK_WITH_CONTEXT|ENCAP|HBEAT|KEY_UPD|HANDSHAKE_IN_CLEAR|PUB_KEY_ID|CHUNK|ALIAS_CERT|SET_CERT|CSR|CERT_INSTALL_RESET]\n");
" [--peer_cap CACHE|CERT|CHAL|MEAS_NO_SIG|MEAS_SIG|MEAS_FRESH|ENCRYPT|MAC|MUT_AUTH|KEY_EX|PSK|PSK_WITH_CONTEXT|ENCAP|HBEAT|KEY_UPD|HANDSHAKE_IN_CLEAR|PUB_KEY_ID|CHUNK|ALIAS_CERT|SET_CERT|CSR|CERT_INSTALL_RESET|EP_INFO_NO_SIG|EP_INFO_SIG|MEL|EVENT|MULTI_KEY_ONLY|MULTI_KEY_NEG|GET_KEY_PAIR_INFO|SET_KEY_PAIR_INFO]\n");
printf(" [--basic_mut_auth NO|BASIC]\n");
printf(" [--mut_auth NO|WO_ENCAP|W_ENCAP|DIGESTS]\n");
printf(" [--meas_sum NO|TCB|ALL]\n");
Expand All @@ -81,9 +81,9 @@ void print_usage(const char *name)
printf(
" [--cap] is capability flags. Multiple flags can be set together. Please use ',' for them.\n");
printf(
" By default, CERT,CHAL,ENCRYPT,MAC,MUT_AUTH,KEY_EX,PSK,ENCAP,HBEAT,KEY_UPD,HANDSHAKE_IN_CLEAR is used for Requester.\n");
" By default, CERT,CHAL,ENCRYPT,MAC,MUT_AUTH,KEY_EX,PSK,ENCAP,HBEAT,KEY_UPD,HANDSHAKE_IN_CLEAR,MULTI_KEY_NEG is used for Requester.\n");
printf(
" By default, CACHE,CERT,CHAL,MEAS_SIG,MEAS_FRESH,ENCRYPT,MAC,MUT_AUTH,KEY_EX,PSK_WITH_CONTEXT,ENCAP,HBEAT,KEY_UPD,HANDSHAKE_IN_CLEAR,SET_CERT,CSR is used for Responder.\n");
" By default, CACHE,CERT,CHAL,MEAS_SIG,MEAS_FRESH,ENCRYPT,MAC,MUT_AUTH,KEY_EX,PSK_WITH_CONTEXT,ENCAP,HBEAT,KEY_UPD,HANDSHAKE_IN_CLEAR,SET_CERT,CSR,MULTI_KEY_NEG,GET_KEY_PAIR_INFO is used for Responder.\n");
printf(" [--hash] is hash algorithm. By default, SHA_384,SHA_256 is used.\n");
printf(" [--meas_spec] is measurement hash spec. By default, DMTF is used.\n");
printf(
Expand All @@ -95,7 +95,7 @@ void print_usage(const char *name)
" [--dhe] is DHE algorithm. By default, SECP_384_R1,SECP_256_R1,FFDHE_3072,FFDHE_2048 is used.\n");
printf(" [--aead] is AEAD algorithm. By default, AES_256_GCM,CHACHA20_POLY1305 is used.\n");
printf(" [--key_schedule] is key schedule algorithm. By default, HMAC_HASH is used.\n");
printf(" [--other_param] is other parameter support. By default, OPAQUE_FMT_1 is used.\n");
printf(" [--other_param] is other parameter support. By default, OPAQUE_FMT_1,MULTI_KEY_CONN is used.\n");
printf(" Above algorithms also support multiple flags. Please use ',' for them.\n");
printf(" Not all the algorithms are supported, especially SHA3, EDDSA, and SMx.\n");
printf(" Please don't mix NIST algo with SMx algo.\n");
Expand Down Expand Up @@ -198,6 +198,7 @@ value_string_entry_t m_version_value_string_table[] = {
{ SPDM_MESSAGE_VERSION_10, "1.0" },
{ SPDM_MESSAGE_VERSION_11, "1.1" },
{ SPDM_MESSAGE_VERSION_12, "1.2" },
{ SPDM_MESSAGE_VERSION_13, "1.3" },
};

value_string_entry_t m_secured_message_version_value_string_table[] = {
Expand All @@ -220,6 +221,11 @@ value_string_entry_t m_spdm_requester_capabilities_string_table[] = {
"HANDSHAKE_IN_CLEAR" },
{ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP, "PUB_KEY_ID" },
{ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHUNK_CAP, "CHUNK" },
{ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_EP_INFO_CAP_NO_SIG, "EP_INFO_NO_SIG" },
{ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_EP_INFO_CAP_SIG, "EP_INFO_SIG" },
{ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_EVENT_CAP, "EVENT" },
{ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP_ONLY, "MULTI_KEY_ONLY" },
{ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP_NEG, "MULTI_KEY_NEG" },
};

value_string_entry_t m_spdm_responder_capabilities_string_table[] = {
Expand Down Expand Up @@ -247,6 +253,14 @@ value_string_entry_t m_spdm_responder_capabilities_string_table[] = {
{ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP, "SET_CERT" },
{ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CSR_CAP, "CSR" },
{ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP, "CERT_INSTALL_RESET" },
{ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP_NO_SIG, "EP_INFO_NO_SIG" },
{ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP_SIG, "EP_INFO_SIG" },
{ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEL_CAP, "MEL" },
{ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EVENT_CAP, "EVENT" },
{ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MULTI_KEY_CAP_ONLY, "MULTI_KEY_ONLY" },
{ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MULTI_KEY_CAP_NEG, "MULTI_KEY_NEG" },
{ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_GET_KEY_PAIR_INFO_CAP, "GET_KEY_PAIR_INFO" },
{ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_INFO_CAP, "SET_KEY_PAIR_INFO" },
};

value_string_entry_t m_hash_value_string_table[] = {
Expand Down Expand Up @@ -317,6 +331,7 @@ value_string_entry_t m_key_schedule_value_string_table[] = {

value_string_entry_t m_other_param_value_string_table[] = {
{ SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1, "OPAQUE_FMT_1" },
{ SPDM_ALGORITHMS_MULTI_KEY_CONN, "MULTI_KEY_CONN" },
};

value_string_entry_t m_basic_mut_auth_policy_string_table[] = {
Expand Down

0 comments on commit 0826bfa

Please sign in to comment.