From 651920f59e20a78d813d97207a6ca19cd86b1a64 Mon Sep 17 00:00:00 2001 From: Timothy Prinz Date: Fri, 2 Feb 2024 17:29:31 -0800 Subject: [PATCH] Adding null crypto library --- spdmlib/src/crypto/crypto_null/aead_impl.rs | 36 +++++++ .../crypto/crypto_null/asym_verify_impl.rs | 22 +++++ .../crypto/crypto_null/cert_operation_impl.rs | 19 ++++ spdmlib/src/crypto/crypto_null/dhe_impl.rs | 54 +++++++++++ spdmlib/src/crypto/crypto_null/hash_impl.rs | 45 +++++++++ spdmlib/src/crypto/crypto_null/hkdf_impl.rs | 31 ++++++ spdmlib/src/crypto/crypto_null/hmac_impl.rs | 25 +++++ spdmlib/src/crypto/crypto_null/mod.rs | 12 +++ spdmlib/src/crypto/crypto_null/rand_impl.rs | 14 +++ spdmlib/src/crypto/mod.rs | 95 +++---------------- 10 files changed, 272 insertions(+), 81 deletions(-) create mode 100644 spdmlib/src/crypto/crypto_null/aead_impl.rs create mode 100644 spdmlib/src/crypto/crypto_null/asym_verify_impl.rs create mode 100644 spdmlib/src/crypto/crypto_null/cert_operation_impl.rs create mode 100644 spdmlib/src/crypto/crypto_null/dhe_impl.rs create mode 100644 spdmlib/src/crypto/crypto_null/hash_impl.rs create mode 100644 spdmlib/src/crypto/crypto_null/hkdf_impl.rs create mode 100644 spdmlib/src/crypto/crypto_null/hmac_impl.rs create mode 100644 spdmlib/src/crypto/crypto_null/mod.rs create mode 100644 spdmlib/src/crypto/crypto_null/rand_impl.rs diff --git a/spdmlib/src/crypto/crypto_null/aead_impl.rs b/spdmlib/src/crypto/crypto_null/aead_impl.rs new file mode 100644 index 0000000..9a93a1d --- /dev/null +++ b/spdmlib/src/crypto/crypto_null/aead_impl.rs @@ -0,0 +1,36 @@ +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::crypto::SpdmAead; +use crate::error::{SpdmResult}; + +use crate::protocol::{SpdmAeadAlgo, SpdmAeadIvStruct, SpdmAeadKeyStruct}; + +pub static DEFAULT: SpdmAead = SpdmAead { + encrypt_cb: encrypt, + decrypt_cb: decrypt, +}; + +fn encrypt( + aead_algo: SpdmAeadAlgo, + key: &SpdmAeadKeyStruct, + iv: &SpdmAeadIvStruct, + aad: &[u8], + plain_text: &[u8], + tag: &mut [u8], + cipher_text: &mut [u8], +) -> SpdmResult<(usize, usize)> { + unimplemented!() +} + +fn decrypt( + aead_algo: SpdmAeadAlgo, + key: &SpdmAeadKeyStruct, + iv: &SpdmAeadIvStruct, + aad: &[u8], + cipher_text: &[u8], + tag: &[u8], + plain_text: &mut [u8], +) -> SpdmResult { + unimplemented!() +} diff --git a/spdmlib/src/crypto/crypto_null/asym_verify_impl.rs b/spdmlib/src/crypto/crypto_null/asym_verify_impl.rs new file mode 100644 index 0000000..c18cba0 --- /dev/null +++ b/spdmlib/src/crypto/crypto_null/asym_verify_impl.rs @@ -0,0 +1,22 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::crypto::{SpdmAsymVerify}; +use crate::error::{SpdmResult}; +use crate::protocol::{SpdmBaseAsymAlgo, SpdmBaseHashAlgo, SpdmSignatureStruct}; + +pub static DEFAULT: SpdmAsymVerify = SpdmAsymVerify { + verify_cb: asym_verify, +}; + +fn asym_verify( + base_hash_algo: SpdmBaseHashAlgo, + base_asym_algo: SpdmBaseAsymAlgo, + public_cert_der: &[u8], + data: &[u8], + signature: &SpdmSignatureStruct, +) -> SpdmResult { + unimplemented!() +} + diff --git a/spdmlib/src/crypto/crypto_null/cert_operation_impl.rs b/spdmlib/src/crypto/crypto_null/cert_operation_impl.rs new file mode 100644 index 0000000..2399cba --- /dev/null +++ b/spdmlib/src/crypto/crypto_null/cert_operation_impl.rs @@ -0,0 +1,19 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::crypto::SpdmCertOperation; +use crate::error::{SpdmResult}; + +pub static DEFAULT: SpdmCertOperation = SpdmCertOperation { + get_cert_from_cert_chain_cb: get_cert_from_cert_chain, + verify_cert_chain_cb: verify_cert_chain, +}; + +fn get_cert_from_cert_chain(cert_chain: &[u8], index: isize) -> SpdmResult<(usize, usize)> { + unimplemented!() +} + +fn verify_cert_chain(cert_chain: &[u8]) -> SpdmResult { + unimplemented!() +} diff --git a/spdmlib/src/crypto/crypto_null/dhe_impl.rs b/spdmlib/src/crypto/crypto_null/dhe_impl.rs new file mode 100644 index 0000000..fa1262e --- /dev/null +++ b/spdmlib/src/crypto/crypto_null/dhe_impl.rs @@ -0,0 +1,54 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +extern crate alloc; +use alloc::boxed::Box; + +use crate::crypto::{SpdmDhe, SpdmDheKeyExchange}; +use crate::protocol::{SpdmDheAlgo, SpdmDheExchangeStruct, SpdmDheFinalKeyStruct}; +use bytes::{BufMut, BytesMut}; + +pub static DEFAULT: SpdmDhe = SpdmDhe { + generate_key_pair_cb: generate_key_pair, +}; + +fn generate_key_pair( + dhe_algo: SpdmDheAlgo, +) -> Option<(SpdmDheExchangeStruct, Box)> { + unimplemented!() +} + +impl SpdmDheKeyExchange for SpdmDheKeyExchangeP256 { + fn compute_final_key( + self: Box, + peer_pub_key: &SpdmDheExchangeStruct, + ) -> Option { + unimplemented!() + } +} + +struct SpdmDheKeyExchangeP256(); + +impl SpdmDheKeyExchangeP256 { + fn generate_key_pair() -> Option<(SpdmDheExchangeStruct, Box)> { + unimplemented!() + } +} + +struct SpdmDheKeyExchangeP384(); + +impl SpdmDheKeyExchange for SpdmDheKeyExchangeP384 { + fn compute_final_key( + self: Box, + peer_pub_key: &SpdmDheExchangeStruct, + ) -> Option { + unimplemented!() + } +} + +impl SpdmDheKeyExchangeP384 { + fn generate_key_pair() -> Option<(SpdmDheExchangeStruct, Box)> { + unimplemented!() + } +} diff --git a/spdmlib/src/crypto/crypto_null/hash_impl.rs b/spdmlib/src/crypto/crypto_null/hash_impl.rs new file mode 100644 index 0000000..af16602 --- /dev/null +++ b/spdmlib/src/crypto/crypto_null/hash_impl.rs @@ -0,0 +1,45 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + + +use crate::crypto::SpdmHash; +use crate::protocol::{SpdmBaseHashAlgo, SpdmDigestStruct}; + +#[cfg(not(feature = "hashed-transcript-data"))] +pub static DEFAULT: SpdmHash = SpdmHash { + hash_all_cb: hash_all, +}; +#[cfg(feature = "hashed-transcript-data")] +pub static DEFAULT: SpdmHash = SpdmHash { + hash_all_cb: hash_all, + hash_ctx_init_cb: hash_ext::hash_ctx_init, + hash_ctx_update_cb: hash_ext::hash_ctx_update, + hash_ctx_finalize_cb: hash_ext::hash_ctx_finalize, + hash_ctx_dup_cb: hash_ext::hash_ctx_dup, +}; + +fn hash_all(base_hash_algo: SpdmBaseHashAlgo, data: &[u8]) -> Option { + unimplemented!() +} + +#[cfg(feature = "hashed-transcript-data")] +mod hash_ext { + use crate::error::{SpdmResult}; + + pub fn hash_ctx_update(handle: usize, data: &[u8]) -> SpdmResult { + unimplemented!() + } + + pub fn hash_ctx_finalize(handle: usize) -> Option { + unimplemented!() + } + + pub fn hash_ctx_dup(handle: usize) -> Option { + unimplemented!() + } + + pub fn hash_ctx_init(base_hash_algo: SpdmBaseHashAlgo) -> Option { + unimplemented!() + } +} diff --git a/spdmlib/src/crypto/crypto_null/hkdf_impl.rs b/spdmlib/src/crypto/crypto_null/hkdf_impl.rs new file mode 100644 index 0000000..ced91e0 --- /dev/null +++ b/spdmlib/src/crypto/crypto_null/hkdf_impl.rs @@ -0,0 +1,31 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::crypto::SpdmHkdf; +use crate::protocol::{ + SpdmBaseHashAlgo, SpdmHkdfInputKeyingMaterial, SpdmHkdfOutputKeyingMaterial, + SpdmHkdfPseudoRandomKey +}; + +pub static DEFAULT: SpdmHkdf = SpdmHkdf { + hkdf_extract_cb: hkdf_extract, + hkdf_expand_cb: hkdf_expand, +}; + +fn hkdf_extract( + hash_algo: SpdmBaseHashAlgo, + salt: &[u8], + ikm: &SpdmHkdfInputKeyingMaterial, +) -> Option { + unimplemented!() +} + +fn hkdf_expand( + hash_algo: SpdmBaseHashAlgo, + prk: &SpdmHkdfPseudoRandomKey, + info: &[u8], + out_size: u16, +) -> Option { + unimplemented!() +} diff --git a/spdmlib/src/crypto/crypto_null/hmac_impl.rs b/spdmlib/src/crypto/crypto_null/hmac_impl.rs new file mode 100644 index 0000000..de60780 --- /dev/null +++ b/spdmlib/src/crypto/crypto_null/hmac_impl.rs @@ -0,0 +1,25 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::crypto::SpdmHmac; +use crate::error::{SpdmResult}; +use crate::protocol::{SpdmBaseHashAlgo, SpdmDigestStruct}; + +pub static DEFAULT: SpdmHmac = SpdmHmac { + hmac_cb: hmac, + hmac_verify_cb: hmac_verify, +}; + +fn hmac(base_hash_algo: SpdmBaseHashAlgo, key: &[u8], data: &[u8]) -> Option { + unimplemented!() +} + +fn hmac_verify( + base_hash_algo: SpdmBaseHashAlgo, + key: &[u8], + data: &[u8], + hmac: &SpdmDigestStruct, +) -> SpdmResult { + unimplemented!() +} diff --git a/spdmlib/src/crypto/crypto_null/mod.rs b/spdmlib/src/crypto/crypto_null/mod.rs new file mode 100644 index 0000000..36530ef --- /dev/null +++ b/spdmlib/src/crypto/crypto_null/mod.rs @@ -0,0 +1,12 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +pub mod aead_impl; +pub mod asym_verify_impl; +pub mod cert_operation_impl; +pub mod dhe_impl; +pub mod hash_impl; +pub mod hkdf_impl; +pub mod hmac_impl; +pub mod rand_impl; diff --git a/spdmlib/src/crypto/crypto_null/rand_impl.rs b/spdmlib/src/crypto/crypto_null/rand_impl.rs new file mode 100644 index 0000000..c97eb06 --- /dev/null +++ b/spdmlib/src/crypto/crypto_null/rand_impl.rs @@ -0,0 +1,14 @@ +// Copyright (c) 2021 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 or MIT + +use crate::crypto::SpdmCryptoRandom; +use crate::error::{SpdmResult}; + +pub static DEFAULT: SpdmCryptoRandom = SpdmCryptoRandom { + get_random_cb: get_random, +}; + +fn get_random(data: &mut [u8]) -> SpdmResult { + unimplemented!() +} diff --git a/spdmlib/src/crypto/mod.rs b/spdmlib/src/crypto/mod.rs index ccc368e..4a609b1 100644 --- a/spdmlib/src/crypto/mod.rs +++ b/spdmlib/src/crypto/mod.rs @@ -7,6 +7,9 @@ mod crypto_callbacks; mod x509v3; pub use x509v3::*; +#[cfg(not(feature = "spdm-ring"))] +mod crypto_null; + #[cfg(feature = "spdm-ring")] mod spdm_ring; @@ -39,11 +42,8 @@ pub mod hash { not(any(feature = "spdm-ring")), not(feature = "hashed-transcript-data") ))] - static DEFAULT: SpdmHash = SpdmHash { - hash_all_cb: |_base_hash_algo: SpdmBaseHashAlgo, - _data: &[u8]| - -> Option { unimplemented!() }, - }; + use super::crypto_null::hash_impl::DEFAULT; + // +ring -transcript #[cfg(all(feature = "spdm-ring", not(feature = "hashed-transcript-data")))] use super::spdm_ring::hash_impl::DEFAULT; @@ -120,19 +120,7 @@ pub mod hash { // - ring +transcript #[cfg(not(feature = "spdm-ring"))] - use super::SpdmHash; - #[cfg(not(feature = "spdm-ring"))] - pub static DEFAULT: SpdmHash = SpdmHash { - hash_all_cb: |_base_hash_algo: SpdmBaseHashAlgo, - _data: &[u8]| - -> Option { unimplemented!() }, - hash_ctx_init_cb: |_base_hash_algo: SpdmBaseHashAlgo| -> Option { - unimplemented!() - }, - hash_ctx_update_cb: |_handle: usize, _data: &[u8]| -> SpdmResult { unimplemented!() }, - hash_ctx_finalize_cb: |_handle: usize| -> Option { unimplemented!() }, - hash_ctx_dup_cb: |_handle: usize| -> Option { unimplemented!() }, - }; + pub use crate::crypto::crypto_null::hash_impl::DEFAULT; // + ring +transcript #[cfg(feature = "spdm-ring")] @@ -152,17 +140,7 @@ pub mod hmac { use crate::protocol::{SpdmBaseHashAlgo, SpdmDigestStruct}; #[cfg(not(any(feature = "spdm-ring")))] - static DEFAULT: SpdmHmac = SpdmHmac { - hmac_cb: |_base_hash_algo: SpdmBaseHashAlgo, - _key: &[u8], - _data: &[u8]| - -> Option { unimplemented!() }, - hmac_verify_cb: |_base_hash_algo: SpdmBaseHashAlgo, - _key: &[u8], - _data: &[u8], - _hmac: &SpdmDigestStruct| - -> SpdmResult { unimplemented!() }, - }; + use super::crypto_null::hmac_impl::DEFAULT; #[cfg(feature = "spdm-ring")] use super::spdm_ring::hmac_impl::DEFAULT; @@ -202,14 +180,7 @@ pub mod asym_verify { use crate::protocol::{SpdmBaseAsymAlgo, SpdmBaseHashAlgo, SpdmSignatureStruct}; #[cfg(not(any(feature = "spdm-ring")))] - static DEFAULT: SpdmAsymVerify = SpdmAsymVerify { - verify_cb: |_base_hash_algo: SpdmBaseHashAlgo, - _base_asym_algo: SpdmBaseAsymAlgo, - _public_cert_der: &[u8], - _data: &[u8], - _signature: &SpdmSignatureStruct| - -> SpdmResult { unimplemented!() }, - }; + use super::crypto_null::asym_verify_impl::DEFAULT; #[cfg(feature = "spdm-ring")] use super::spdm_ring::asym_verify_impl::DEFAULT; @@ -247,12 +218,8 @@ pub mod dhe { use crate::protocol::{SpdmDheAlgo, SpdmDheExchangeStruct}; #[cfg(not(any(feature = "spdm-ring")))] - static DEFAULT: SpdmDhe = SpdmDhe { - generate_key_pair_cb: |_dhe_algo: SpdmDheAlgo| -> Option<( - SpdmDheExchangeStruct, - Box, - )> { unimplemented!() }, - }; + use super::crypto_null::dhe_impl::DEFAULT; + #[cfg(feature = "spdm-ring")] use super::spdm_ring::dhe_impl::DEFAULT; @@ -276,12 +243,7 @@ pub mod cert_operation { use crate::error::{SpdmResult, SPDM_STATUS_INVALID_STATE_LOCAL}; #[cfg(not(any(feature = "spdm-ring")))] - static DEFAULT: SpdmCertOperation = SpdmCertOperation { - get_cert_from_cert_chain_cb: |_cert_chain: &[u8], - _index: isize| - -> SpdmResult<(usize, usize)> { unimplemented!() }, - verify_cert_chain_cb: |_cert_chain: &[u8]| -> SpdmResult { unimplemented!() }, - }; + use super::crypto_null::cert_operation_impl::DEFAULT; #[cfg(feature = "spdm-ring")] use super::spdm_ring::cert_operation_impl::DEFAULT; @@ -314,17 +276,7 @@ pub mod hkdf { }; #[cfg(not(any(feature = "spdm-ring")))] - static DEFAULT: SpdmHkdf = SpdmHkdf { - hkdf_extract_cb: |_hash_algo: SpdmBaseHashAlgo, - _salt: &[u8], - _ikm: &SpdmHkdfInputKeyingMaterial| - -> Option { unimplemented!() }, - hkdf_expand_cb: |_hash_algo: SpdmBaseHashAlgo, - _prk: &SpdmHkdfPseudoRandomKey, - _info: &[u8], - _out_size: u16| - -> Option { unimplemented!() }, - }; + use super::crypto_null::hkdf_impl::DEFAULT; #[cfg(feature = "spdm-ring")] use super::spdm_ring::hkdf_impl::DEFAULT; @@ -364,24 +316,7 @@ pub mod aead { use crate::protocol::{SpdmAeadAlgo, SpdmAeadIvStruct, SpdmAeadKeyStruct}; #[cfg(not(any(feature = "spdm-ring")))] - static DEFAULT: SpdmAead = SpdmAead { - encrypt_cb: |_aead_algo: SpdmAeadAlgo, - _key: &SpdmAeadKeyStruct, - _iv: &SpdmAeadIvStruct, - _aad: &[u8], - _plain_text: &[u8], - _tag: &mut [u8], - _cipher_text: &mut [u8]| - -> SpdmResult<(usize, usize)> { unimplemented!() }, - decrypt_cb: |_aead_algo: SpdmAeadAlgo, - _key: &SpdmAeadKeyStruct, - _iv: &SpdmAeadIvStruct, - _aad: &[u8], - _cipher_text: &[u8], - _tag: &[u8], - _plain_text: &mut [u8]| - -> SpdmResult { unimplemented!() }, - }; + use super::crypto_null::aead_impl::DEFAULT; #[cfg(feature = "spdm-ring")] use super::spdm_ring::aead_impl::DEFAULT; @@ -427,9 +362,7 @@ pub mod rand { use crate::error::{SpdmResult, SPDM_STATUS_INVALID_STATE_LOCAL}; #[cfg(not(any(feature = "spdm-ring")))] - static DEFAULT: SpdmCryptoRandom = SpdmCryptoRandom { - get_random_cb: |_data: &mut [u8]| -> SpdmResult { unimplemented!() }, - }; + use super::crypto_null::rand_impl::DEFAULT; #[cfg(feature = "spdm-ring")] use super::spdm_ring::rand_impl::DEFAULT;