Skip to content
This repository has been archived by the owner on Jul 29, 2024. It is now read-only.

Commit

Permalink
change the type of secured spdm version to SecureSpdmVersion.
Browse files Browse the repository at this point in the history 
fix #41

Signed-off-by: Yang, Longlong <[email protected]>
  • Loading branch information
@longlongyang @jyao1
longlongyang authored and jyao1 committed Sep 17, 2023
1 parent 2561347 commit 909d088
Show file tree
Hide file tree
Showing 9 changed files with 114 additions and 62 deletions.
2 changes: 1 addition & 1 deletion spdmlib/src/common/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1107,7 +1107,7 @@ pub struct SpdmConfigInfo {
pub data_transfer_size: u32,
pub max_spdm_msg_size: u32,
pub heartbeat_period: u8, // used by responder only
pub secure_spdm_version: [u8; MAX_SECURE_SPDM_VERSION_COUNT], // used by responder only
pub secure_spdm_version: [SecuredMessageVersion; MAX_SECURE_SPDM_VERSION_COUNT], // used by responder only
}

#[derive(Debug, Default)]
Expand Down
89 changes: 71 additions & 18 deletions spdmlib/src/common/opaque.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,15 @@ use crate::{
};
use codec::{Codec, Reader, Writer};
use config::MAX_OPAQUE_LIST_ELEMENTS_COUNT;
use core::convert::TryFrom;

/// This is used in SpdmOpaqueStruct <- SpdmChallengeAuthResponsePayload / SpdmMeasurementsResponsePayload
/// It should be 1024 according to SPDM spec.
pub const MAX_SPDM_OPAQUE_SIZE: usize = 1024;

pub const MAX_SECURE_SPDM_VERSION_COUNT: usize = 0x02;

pub const DMTF_SPEC_ID: u32 = 0x444D546;
pub const DMTF_SPEC_ID: u32 = 0x444D5446;
pub const DMTF_OPAQUE_VERSION: u8 = 0x01;
pub const SM_DATA_VERSION: u8 = 0x01;
pub const DMTF_ID: u8 = 0x00;
Expand All @@ -29,14 +30,6 @@ pub const SUPPORTED_VERSION_LIST_SM_DATA_ID: u8 = 0x01;
pub const DMTF_SECURE_SPDM_VERSION_10: u8 = 0x10;
pub const DMTF_SECURE_SPDM_VERSION_11: u8 = 0x11;

pub const DMTF_SUPPORTED_SECURE_SPDM_VERSION_LIST: [SecuredMessageVersion;
MAX_SECURE_SPDM_VERSION_COUNT] = [
SecuredMessageVersion::from_secure_spdm_version(DMTF_SECURE_SPDM_VERSION_10),
SecuredMessageVersion::from_secure_spdm_version(DMTF_SECURE_SPDM_VERSION_11),
];
pub const DMTF_SECURE_SPDM_VERSION_SELECTION: SecuredMessageVersion =
SecuredMessageVersion::from_secure_spdm_version(DMTF_SECURE_SPDM_VERSION_10);

pub const REQ_DMTF_OPAQUE_DATA_SUPPORT_VERSION_LIST_DSP0277: [u8; 20] = [
0x46,
0x54,
Expand Down Expand Up @@ -113,14 +106,25 @@ pub const RSP_DMTF_OPAQUE_DATA_VERSION_SELECTION_DSP0274_FMT1: [u8; 12] = [
DMTF_SECURE_SPDM_VERSION_11,
];

#[derive(Clone, Copy, Debug, Default)]
#[derive(Clone, Copy, Debug, Eq)]
pub struct SecuredMessageVersion {
pub major_version: u8,
pub minor_version: u8,
pub update_version_number: u8,
pub alpha: u8,
}

impl Default for SecuredMessageVersion {
fn default() -> Self {
Self {
major_version: 0x1,
minor_version: 0x1,
update_version_number: 0x0,
alpha: 0x0,
}
}
}

impl SpdmCodec for SecuredMessageVersion {
fn spdm_encode(
&self,
Expand Down Expand Up @@ -153,20 +157,69 @@ impl SpdmCodec for SecuredMessageVersion {
}
}

impl SecuredMessageVersion {
pub fn get_secure_spdm_version(self) -> u8 {
(self.major_version << 4) + self.minor_version
impl From<SecuredMessageVersion> for u8 {
fn from(smv: opaque::SecuredMessageVersion) -> Self {
(smv.major_version << 4) + smv.minor_version
}
}

pub const fn from_secure_spdm_version(secure_spdm_version: u8) -> Self {
let major_version = secure_spdm_version >> 4;
let minor_version = secure_spdm_version & 0x0F;
Self {
impl From<&SecuredMessageVersion> for u8 {
fn from(smv: &opaque::SecuredMessageVersion) -> Self {
u8::from(*smv)
}
}

impl From<SecuredMessageVersion> for u16 {
fn from(smv: opaque::SecuredMessageVersion) -> Self {
(((smv.major_version << 4) as u16 + smv.minor_version as u16) << 8)
+ (smv.update_version_number << 4) as u16
+ smv.alpha as u16
}
}

impl From<&SecuredMessageVersion> for u16 {
fn from(smv: &opaque::SecuredMessageVersion) -> Self {
u16::from(*smv)
}
}

impl TryFrom<u8> for SecuredMessageVersion {
type Error = ();
fn try_from(untrusted_smv: u8) -> Result<Self, <Self as TryFrom<u8>>::Error> {
let major_version = untrusted_smv >> 4;
let minor_version = untrusted_smv & 0x0F;
Ok(Self {
major_version,
minor_version,
update_version_number: 0,
alpha: 0,
}
})
}
}

impl TryFrom<u16> for SecuredMessageVersion {
type Error = ();
fn try_from(untrusted_smv: u16) -> Result<Self, <Self as TryFrom<u8>>::Error> {
let major_minor = (untrusted_smv >> 8) as u8;
let major_version = major_minor >> 4;
let minor_version = major_minor & 0x0F;

let update_alpha = (untrusted_smv & 0xFF) as u8;
let update_version_number = update_alpha >> 4;
let alpha = update_alpha & 0x0F;

Ok(Self {
major_version,
minor_version,
update_version_number,
alpha,
})
}
}

impl PartialEq for SecuredMessageVersion {
fn eq(&self, smv: &SecuredMessageVersion) -> bool {
self.major_version == smv.major_version && self.minor_version == smv.minor_version
}
}

Expand Down
6 changes: 3 additions & 3 deletions spdmlib/src/common/session.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ pub struct SpdmSession {
key_schedule: SpdmKeySchedule,
slot_id: u8,
pub heartbeat_period: u8, // valid only when HEARTBEAT cap set
pub secure_spdm_version_sel: u8,
pub secure_spdm_version_sel: SecuredMessageVersion,
}

impl Default for SpdmSession {
Expand All @@ -152,7 +152,7 @@ impl SpdmSession {
key_schedule: SpdmKeySchedule::new(),
slot_id: 0,
heartbeat_period: 0,
secure_spdm_version_sel: DMTF_SECURE_SPDM_VERSION_11,
secure_spdm_version_sel: SecuredMessageVersion::default(),
mut_auth_requested: SpdmKeyExchangeMutAuthAttributes::default(),
}
}
Expand Down Expand Up @@ -194,7 +194,7 @@ impl SpdmSession {
self.runtime_info = SpdmSessionRuntimeInfo::default();
self.key_schedule = SpdmKeySchedule;
self.heartbeat_period = 0;
self.secure_spdm_version_sel = DMTF_SECURE_SPDM_VERSION_11;
self.secure_spdm_version_sel = SecuredMessageVersion::default();
self.mut_auth_requested = SpdmKeyExchangeMutAuthAttributes::empty();
}

Expand Down
13 changes: 4 additions & 9 deletions spdmlib/src/requester/key_exchange_req.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,15 +202,10 @@ impl RequesterContext {
transport_encap.get_max_random_count()
};

let secure_spdm_version_sel = if let Some(secured_message_version) =
key_exchange_rsp
.opaque
.req_get_dmtf_secure_spdm_version_selection(&mut self.common)
{
secured_message_version.get_secure_spdm_version()
} else {
0
};
let secure_spdm_version_sel = key_exchange_rsp
.opaque
.req_get_dmtf_secure_spdm_version_selection(&mut self.common)
.ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?;

info!(
"secure_spdm_version_sel set to {:02X?}",
Expand Down
13 changes: 4 additions & 9 deletions spdmlib/src/requester/psk_exchange_req.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,15 +166,10 @@ impl RequesterContext {
transport_encap.get_max_random_count()
};

let secure_spdm_version_sel = if let Some(secured_message_version) =
psk_exchange_rsp
.opaque
.req_get_dmtf_secure_spdm_version_selection(&mut self.common)
{
secured_message_version.get_secure_spdm_version()
} else {
0
};
let secure_spdm_version_sel = psk_exchange_rsp
.opaque
.req_get_dmtf_secure_spdm_version_selection(&mut self.common)
.ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?;

let session_id = ((psk_exchange_rsp.rsp_session_id as u32) << 16)
+ half_session_id as u32;
Expand Down
17 changes: 9 additions & 8 deletions spdmlib/src/responder/key_exchange_rsp.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
use crate::common::session::SpdmSession;
#[cfg(feature = "hashed-transcript-data")]
use crate::common::ManagedBuffer12Sign;
use crate::common::SecuredMessageVersion;
use crate::common::SpdmCodec;
use crate::common::SpdmConnectionState;
use crate::common::SpdmOpaqueSupport;
Expand All @@ -21,6 +22,7 @@ use crate::common::opaque::SpdmOpaqueStruct;
use crate::message::*;
use crate::secret;
use alloc::boxed::Box;
use core::convert::TryFrom;
use core::ops::DerefMut;

impl ResponderContext {
Expand Down Expand Up @@ -117,10 +119,7 @@ impl ResponderContext {
}
for index in 0..secured_message_version_list.version_count as usize {
for local_version in self.common.config_info.secure_spdm_version {
if secured_message_version_list.versions_list[index]
.get_secure_spdm_version()
== local_version
{
if secured_message_version_list.versions_list[index] == local_version {
if self.common.negotiate_info.spdm_version_sel
< SpdmVersion::SpdmVersion12
{
Expand All @@ -133,7 +132,7 @@ impl ResponderContext {
.as_ref(),
);
return_opaque.data[return_opaque.data_size as usize - 1] =
local_version;
u8::from(local_version);
} else if self.common.negotiate_info.opaque_data_support
== SpdmOpaqueSupport::OPAQUE_DATA_FMT1
{
Expand All @@ -146,7 +145,7 @@ impl ResponderContext {
.as_ref(),
);
return_opaque.data[return_opaque.data_size as usize - 1] =
local_version;
u8::from(local_version);
} else {
self.write_spdm_error(
SpdmErrorCode::SpdmErrorUnsupportedRequest,
Expand Down Expand Up @@ -431,8 +430,10 @@ impl ResponderContext {

session.heartbeat_period = heartbeat_period;
if return_opaque.data_size != 0 {
session.secure_spdm_version_sel =
return_opaque.data[return_opaque.data_size as usize - 1];
session.secure_spdm_version_sel = SecuredMessageVersion::try_from(
return_opaque.data[return_opaque.data_size as usize - 1],
)
.unwrap();
}

session.set_session_state(crate::common::session::SpdmSessionState::SpdmSessionHandshaking);
Expand Down
17 changes: 9 additions & 8 deletions spdmlib/src/responder/psk_exchange_rsp.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
// SPDX-License-Identifier: Apache-2.0

use crate::common::opaque::SpdmOpaqueStruct;
use crate::common::SecuredMessageVersion;
use crate::common::SpdmCodec;
use crate::common::SpdmConnectionState;
use crate::common::SpdmOpaqueSupport;
Expand All @@ -21,6 +22,7 @@ use config::MAX_SPDM_PSK_CONTEXT_SIZE;
extern crate alloc;
use crate::secret;
use alloc::boxed::Box;
use core::convert::TryFrom;
use core::ops::DerefMut;

impl ResponderContext {
Expand Down Expand Up @@ -116,10 +118,7 @@ impl ResponderContext {
}
for index in 0..secured_message_version_list.version_count as usize {
for local_version in self.common.config_info.secure_spdm_version {
if secured_message_version_list.versions_list[index]
.get_secure_spdm_version()
== local_version
{
if secured_message_version_list.versions_list[index] == local_version {
if self.common.negotiate_info.spdm_version_sel
< SpdmVersion::SpdmVersion12
{
Expand All @@ -132,7 +131,7 @@ impl ResponderContext {
.as_ref(),
);
return_opaque.data[return_opaque.data_size as usize - 1] =
local_version;
u8::from(local_version);
} else if self.common.negotiate_info.opaque_data_support
== SpdmOpaqueSupport::OPAQUE_DATA_FMT1
{
Expand All @@ -145,7 +144,7 @@ impl ResponderContext {
.as_ref(),
);
return_opaque.data[return_opaque.data_size as usize - 1] =
local_version;
u8::from(local_version);
} else {
self.write_spdm_error(
SpdmErrorCode::SpdmErrorUnsupportedRequest,
Expand Down Expand Up @@ -372,8 +371,10 @@ impl ResponderContext {
let session = self.common.get_session_via_id(session_id).unwrap();
session.heartbeat_period = heartbeat_period;
if return_opaque.data_size != 0 {
session.secure_spdm_version_sel =
return_opaque.data[return_opaque.data_size as usize - 1];
session.secure_spdm_version_sel = SecuredMessageVersion::try_from(
return_opaque.data[return_opaque.data_size as usize - 1],
)
.unwrap();
}

Ok(())
Expand Down
9 changes: 6 additions & 3 deletions test/spdm-responder-emu/src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,15 @@

use log::LevelFilter;
use simple_logger::SimpleLogger;
use spdmlib::common::SpdmOpaqueSupport;
use spdmlib::common::{DMTF_SECURE_SPDM_VERSION_10, DMTF_SECURE_SPDM_VERSION_11};
use spdmlib::common::{SecuredMessageVersion, SpdmOpaqueSupport};
use spdmlib::config::RECEIVER_BUFFER_SIZE;

use std::net::{TcpListener, TcpStream};
use std::u32;

use codec::{Codec, Reader, Writer};
use common::SpdmTransportEncap;
use core::convert::TryFrom;
use mctp_transport::MctpTransportEncap;
use pcidoe_transport::{
PciDoeDataObjectType, PciDoeMessageHeader, PciDoeTransportEncap, PciDoeVendorId,
Expand Down Expand Up @@ -196,7 +196,10 @@ async fn handle_message(
data_transfer_size: config::MAX_SPDM_MSG_SIZE as u32,
max_spdm_msg_size: config::MAX_SPDM_MSG_SIZE as u32,
heartbeat_period: config::HEARTBEAT_PERIOD,
secure_spdm_version: [DMTF_SECURE_SPDM_VERSION_10, DMTF_SECURE_SPDM_VERSION_11],
secure_spdm_version: [
SecuredMessageVersion::try_from(0x10u8).unwrap(),
SecuredMessageVersion::try_from(0x11u8).unwrap(),
],
..Default::default()
};

Expand Down
10 changes: 7 additions & 3 deletions test/spdmlib-test/src/common/util.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,9 @@ use crate::common::secret_callback::SECRET_ASYM_IMPL_INSTANCE;
use crate::common::transport::PciDoeTransportEncap;
use codec::{Codec, Reader, Writer};
use spdmlib::common::{
SpdmCodec, SpdmConfigInfo, SpdmContext, SpdmDeviceIo, SpdmOpaqueSupport, SpdmProvisionInfo,
SpdmTransportEncap, DMTF_SECURE_SPDM_VERSION_10, DMTF_SECURE_SPDM_VERSION_11, ST1,
SecuredMessageVersion, SpdmCodec, SpdmConfigInfo, SpdmContext, SpdmDeviceIo, SpdmOpaqueSupport,
SpdmProvisionInfo, SpdmTransportEncap, DMTF_SECURE_SPDM_VERSION_10,
DMTF_SECURE_SPDM_VERSION_11, MAX_SECURE_SPDM_VERSION_COUNT, ST1,
};
use spdmlib::config::MAX_SPDM_MSG_SIZE;
use spdmlib::crypto;
Expand Down Expand Up @@ -313,7 +314,10 @@ pub fn rsp_create_info() -> (SpdmConfigInfo, SpdmProvisionInfo) {
data_transfer_size: config::MAX_SPDM_MSG_SIZE as u32,
max_spdm_msg_size: config::MAX_SPDM_MSG_SIZE as u32,
heartbeat_period: config::HEARTBEAT_PERIOD,
secure_spdm_version: [DMTF_SECURE_SPDM_VERSION_10, DMTF_SECURE_SPDM_VERSION_11],
secure_spdm_version: [
SecuredMessageVersion::try_from(0x10u8).unwrap(),
SecuredMessageVersion::try_from(0x11u8).unwrap(),
],
..Default::default()
};

Expand Down

0 comments on commit 909d088

Please sign in to comment.