Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add req_slot_id parameter, besides slot_id. #388

Merged
merged 1 commit into from
Nov 19, 2024
Merged

Add req_slot_id parameter, besides slot_id. #388

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion doc/spdm_emu.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b
[--key_upd REQ|ALL|RSP]
[--slot_id <0~7|0xFF>]
[--slot_count <1~8>]
[--req_slot_id <0~7|0xFF>]
[--save_state <NegotiateStateFileName>]
[--load_state <NegotiateStateFileName>]
[--exe_mode SHUTDOWN|CONTINUE]
Expand Down Expand Up @@ -63,7 +64,8 @@ This document describes spdm_requester_emu and spdm_responder_emu tool. It can b
[--meas_op] is the measurement operation in GET_MEASUREMENT. By default, ONE_BY_ONE is used.
[--meas_att] is the measurement attribute in GET_MEASUREMENT. By default, HASH is used.
[--key_upd] is the key update operation in KEY_UPDATE. By default, ALL is used. RSP will trigger encapsulated KEY_UPDATE.
[--slot_id] is to select the peer slot ID in GET_MEASUREMENT, CHALLENGE_AUTH, KEY_EXCHANGE and FINISH. By default, 0 is used.
[--slot_id] is to select the responder slot ID in GET_MEASUREMENT, CHALLENGE_AUTH and KEY_EXCHANGE. By default, 0 is used.
[--req_slot_id] is to select the requester slot ID in KEY_EXCHANGE_RSP and FINISH. By default, 0 is used.
0xFF can be used to indicate provisioned certificate chain. No GET_CERTIFICATE is needed.
[--slot_count] is to select the local slot count. By default, 3 is used. And the slot store cert chain continuously in emu.
[--save_state] is to save the current negotiated state to a write-only file.
Expand Down
1 change: 1 addition & 0 deletions spdm_emu/spdm_emu_common/key.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ uint8_t m_use_measurement_operation =
uint8_t m_use_measurement_attribute = 0;
uint8_t m_use_slot_id = 0;
uint8_t m_use_slot_count = 3;
uint8_t m_use_req_slot_id = 0;

/*
* LIBSPDM_KEY_UPDATE_ACTION_REQUESTER
Expand Down
28 changes: 27 additions & 1 deletion spdm_emu/spdm_emu_common/spdm_emu.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ void print_usage(const char *name)
printf(" [--key_upd REQ|ALL|RSP]\n");
printf(" [--slot_id <0~7|0xFF>]\n");
printf(" [--slot_count <1~8>]\n");
printf(" [--req_slot_id <0~7|0xFF>]\n");
printf(" [--save_state <NegotiateStateFileName>]\n");
printf(" [--load_state <NegotiateStateFileName>]\n");
printf(" [--exe_mode SHUTDOWN|CONTINUE]\n");
Expand Down Expand Up @@ -119,7 +120,9 @@ void print_usage(const char *name)
printf(
" [--key_upd] is the key update operation in KEY_UPDATE. By default, ALL is used. RSP will trigger encapsulated KEY_UPDATE.\n");
printf(
" [--slot_id] is to select the peer slot ID in GET_MEASUREMENT, CHALLENGE_AUTH, KEY_EXCHANGE and FINISH. By default, 0 is used.\n");
" [--slot_id] is to select the responder slot ID in GET_MEASUREMENT, CHALLENGE_AUTH and KEY_EXCHANGE. By default, 0 is used.\n");
printf(
" [--req_slot_id] is to select the requester slot ID in KEY_EXCHANGE_RSP and FINISH. By default, 0 is used.\n");
printf(
" 0xFF can be used to indicate provisioned certificate chain. No GET_CERTIFICATE is needed.\n");
printf(
Expand Down Expand Up @@ -1124,6 +1127,29 @@ void process_args(char *program_name, int argc, char *argv[])
}
}

if (strcmp(argv[0], "--req_slot_id") == 0) {
if (argc >= 2) {
if (!get_value_from_name(
m_slot_id_string_table,
LIBSPDM_ARRAY_SIZE(m_slot_id_string_table),
argv[1], &data32)) {
printf("invalid --req_slot_id %s\n",
argv[1]);
print_usage(program_name);
exit(0);
}
m_use_req_slot_id = (uint8_t)data32;
printf("req_slot_id - 0x%02x\n", m_use_req_slot_id);
argc -= 2;
argv += 2;
continue;
} else {
printf("invalid --req_slot_id\n");
print_usage(program_name);
exit(0);
}
}

if (strcmp(argv[0], "--save_state") == 0) {
if (argc >= 2) {
m_save_state_file_name = argv[1];
Expand Down
1 change: 1 addition & 0 deletions spdm_emu/spdm_emu_common/spdm_emu.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ extern uint8_t m_use_measurement_operation;
extern uint8_t m_use_measurement_attribute;
extern uint8_t m_use_slot_id;
extern uint8_t m_use_slot_count;
extern uint8_t m_use_req_slot_id;
extern bool g_private_key_mode;

#define ENCAP_KEY_UPDATE 0x8000
Expand Down
107 changes: 58 additions & 49 deletions spdm_emu/spdm_requester_emu/spdm_requester_spdm.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -272,7 +272,7 @@ void *spdm_client_init(void)
libspdm_set_data(spdm_context, LIBSPDM_DATA_CAPABILITY_CT_EXPONENT,
&parameter, &data8, sizeof(data8));
data32 = m_use_requester_capability_flags;
if (m_use_slot_id == 0xFF) {
if (m_use_req_slot_id == 0xFF) {
data32 |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP;
data32 &= ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP;
data32 &= ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP;
Expand Down Expand Up @@ -435,14 +435,18 @@ void *spdm_client_init(void)

if ((m_use_requester_capability_flags &
SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP) != 0) {
m_use_slot_id = 0xFF;
m_use_req_slot_id = 0xFF;
}
if (((m_exe_connection & EXE_CONNECTION_CERT) == 0) && (m_use_slot_id != 0xFF)) {
m_exe_connection &= ~EXE_CONNECTION_CHAL;
m_exe_connection &= ~EXE_CONNECTION_MEAS;
m_exe_session &= ~EXE_SESSION_KEY_EX;
m_exe_session &= ~EXE_SESSION_MEAS;
}

printf("slot_id - %x\n", m_use_slot_id);
printf("req_slot_id - %x\n", m_use_req_slot_id);

if (m_use_slot_id == 0xFF) {
res = libspdm_read_responder_public_key(m_use_asym_algo, &data, &data_size);
if (res) {
Expand All @@ -458,20 +462,6 @@ void *spdm_client_init(void)
m_spdm_context = NULL;
return NULL;
}
res = libspdm_read_requester_public_key(m_use_req_asym_algo, &data, &data_size);
if (res) {
libspdm_zero_mem(&parameter, sizeof(parameter));
parameter.location = LIBSPDM_DATA_LOCATION_LOCAL;
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_PUBLIC_KEY,
&parameter, data, data_size);
/* Do not free it.*/
} else {
printf("read_requester_public_key fail!\n");
free(m_spdm_context);
m_spdm_context = NULL;
return NULL;
}
} else {
res = libspdm_read_responder_root_public_certificate(m_use_hash_algo,
m_use_asym_algo,
Expand Down Expand Up @@ -518,42 +508,61 @@ void *spdm_client_init(void)
}
}

if (m_use_req_asym_algo != 0) {
res = libspdm_read_requester_public_certificate_chain(m_use_hash_algo,
m_use_req_asym_algo,
&data, &data_size, NULL,
NULL);
if (res) {
libspdm_zero_mem(&parameter, sizeof(parameter));
parameter.location = LIBSPDM_DATA_LOCATION_LOCAL;

for (index = 0; index < m_use_slot_count; index++) {
parameter.additional_data[0] = index;
if (m_use_req_slot_id == 0xFF) {
if (m_use_req_asym_algo != 0) {
res = libspdm_read_requester_public_key(m_use_req_asym_algo, &data, &data_size);
if (res) {
libspdm_zero_mem(&parameter, sizeof(parameter));
parameter.location = LIBSPDM_DATA_LOCATION_LOCAL;
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_PUBLIC_CERT_CHAIN,
LIBSPDM_DATA_LOCAL_PUBLIC_KEY,
&parameter, data, data_size);
data8 = (uint8_t)(0xB0 + index);
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_KEY_PAIR_ID,
&parameter, &data8, sizeof(data8));
data8 = SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT;
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_CERT_INFO,
&parameter, &data8, sizeof(data8));
data16 = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE |
SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE |
SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE |
SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE;
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_KEY_USAGE_BIT_MASK,
&parameter, &data16, sizeof(data16));
/* Do not free it.*/
} else {
printf("read_requester_public_key fail!\n");
free(m_spdm_context);
m_spdm_context = NULL;
return NULL;
}
}
} else {
if (m_use_req_asym_algo != 0) {
res = libspdm_read_requester_public_certificate_chain(m_use_hash_algo,
m_use_req_asym_algo,
&data, &data_size, NULL,
NULL);
if (res) {
libspdm_zero_mem(&parameter, sizeof(parameter));
parameter.location = LIBSPDM_DATA_LOCATION_LOCAL;

for (index = 0; index < m_use_slot_count; index++) {
parameter.additional_data[0] = index;
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_PUBLIC_CERT_CHAIN,
&parameter, data, data_size);
data8 = (uint8_t)(0xB0 + index);
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_KEY_PAIR_ID,
&parameter, &data8, sizeof(data8));
data8 = SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT;
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_CERT_INFO,
&parameter, &data8, sizeof(data8));
data16 = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE |
SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE |
SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE |
SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE;
libspdm_set_data(spdm_context,
LIBSPDM_DATA_LOCAL_KEY_USAGE_BIT_MASK,
&parameter, &data16, sizeof(data16));
}
/* do not free it*/
} else {
printf("read_requester_public_certificate_chain fail!\n");
free(m_spdm_context);
m_spdm_context = NULL;
return NULL;
}
/* do not free it*/
} else {
printf("read_requester_public_certificate_chain fail!\n");
free(m_spdm_context);
m_spdm_context = NULL;
return NULL;
}
}

Expand Down
Loading
Loading