Skip to content
This repository has been archived by the owner on Jul 29, 2024. It is now read-only.

Commit

Permalink
introduce IDE_KM.
Browse files Browse the repository at this point in the history
fix #19

Signed-off-by: Yang, Longlong <[email protected]>
  • Loading branch information
longlongyang committed Oct 13, 2023
1 parent e154fab commit ad2c641
Show file tree
Hide file tree
Showing 21 changed files with 2,275 additions and 1 deletion.
12 changes: 12 additions & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ members = [
"codec",
"executor",
"sys_time",
"idekm",
"test/spdm-requester-emu",
"test/spdm-responder-emu",
"test/spdmlib-test",
Expand Down
23 changes: 23 additions & 0 deletions idekm/Cargo.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
[package]
name = "idekm"
license = "BSD-2-Clause-Patent"
version = "0.1.0"
authors = [
"Jiewen Yao <[email protected]>",
"Xiaoyu Lu <[email protected]>",
"Longlong Yang <[email protected]>"
]
edition = "2018"

[dev-dependencies]

[build-dependencies]

[dependencies]
codec = { path = "../codec" }
zeroize = { version = "1.5.0", features = ["zeroize_derive"]}
spdmlib = { path = "../spdmlib", default-features = false, features = ["spdm-ring"]}
conquer-once = { version = "0.3.2", default-features = false }


[features]
10 changes: 10 additions & 0 deletions idekm/src/lib.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
// Copyright (c) 2023 Intel Corporation
//
// SPDX-License-Identifier: Apache-2.0

#![forbid(unsafe_code)]
#![cfg_attr(not(feature = "std"), no_std)]

pub mod pci_ide_km_requester;
pub mod pci_ide_km_responder;
pub mod pci_idekm;
18 changes: 18 additions & 0 deletions idekm/src/pci_ide_km_requester/mod.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
// Copyright (c) 2023 Intel Corporation
//
// SPDX-License-Identifier: Apache-2.0

#[derive(Debug, Default, Copy, Clone)]
pub struct IdekmReqContext;

pub mod pci_ide_km_req_query;
pub use pci_ide_km_req_query::*;

pub mod pci_ide_km_req_key_prog;
pub use pci_ide_km_req_key_prog::*;

pub mod pci_ide_km_req_key_set_go;
pub use pci_ide_km_req_key_set_go::*;

pub mod pci_ide_km_req_key_set_stop;
pub use pci_ide_km_req_key_set_stop::*;
86 changes: 86 additions & 0 deletions idekm/src/pci_ide_km_requester/pci_ide_km_req_key_prog.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
// Copyright (c) 2023 Intel Corporation
//
// SPDX-License-Identifier: Apache-2.0

use codec::Codec;
use codec::Writer;
use spdmlib::error::SpdmResult;
use spdmlib::error::SPDM_STATUS_BUFFER_FULL;
use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD;
use spdmlib::{
message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE},
requester::RequesterContext,
};

use crate::pci_idekm::vendor_id;
use crate::pci_idekm::KpAckDataObject;
use crate::pci_idekm::STANDARD_ID;
use crate::pci_idekm::{Aes256GcmKeyBuffer, KeyProgDataObject, KpAckStatus};

use super::IdekmReqContext;

impl IdekmReqContext {
#[allow(clippy::too_many_arguments)]
pub async fn pci_ide_km_key_prog(
&mut self,
// IN
spdm_requester: &mut RequesterContext,
session_id: u32,
stream_id: u8,
key_set: u8,
key_direction: u8,
key_sub_stream: u8,
port_index: u8,
key_iv: Aes256GcmKeyBuffer,
// OUT
kp_ack_status: &mut KpAckStatus,
) -> SpdmResult {
let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct {
req_length: 0,
vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE],
};

let mut writer =
Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload);

vendor_defined_req_payload_struct.req_length = KeyProgDataObject {
stream_id,
key_set,
key_direction,
key_sub_stream,
port_index,
key_iv,
}
.encode(&mut writer)
.map_err(|_| SPDM_STATUS_BUFFER_FULL)?
as u16;

let vendor_defined_rsp_payload_struct = spdm_requester
.send_spdm_vendor_defined_request(
Some(session_id),
STANDARD_ID,
vendor_id(),
vendor_defined_req_payload_struct,
)
.await?;

let kp_ack_data_object = KpAckDataObject::read_bytes(
&vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload
[..vendor_defined_rsp_payload_struct.rsp_length as usize],
)
.ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?;

if kp_ack_data_object.stream_id != stream_id
|| kp_ack_data_object.key_set != key_set
|| kp_ack_data_object.key_direction != key_direction
|| kp_ack_data_object.key_sub_stream != key_sub_stream
|| kp_ack_data_object.port_index != port_index
{
return Err(SPDM_STATUS_INVALID_MSG_FIELD);
} else {
*kp_ack_status = kp_ack_data_object.status;
}

Ok(())
}
}
80 changes: 80 additions & 0 deletions idekm/src/pci_ide_km_requester/pci_ide_km_req_key_set_go.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
// Copyright (c) 2023 Intel Corporation
//
// SPDX-License-Identifier: Apache-2.0

use codec::Codec;
use codec::Writer;
use spdmlib::error::SPDM_STATUS_BUFFER_FULL;
use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD;
use spdmlib::{
error::SpdmResult,
message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE},
requester::RequesterContext,
};

use crate::pci_idekm::vendor_id;
use crate::pci_idekm::KGoStopAckDataObject;
use crate::pci_idekm::KSetGoDataObject;
use crate::pci_idekm::STANDARD_ID;

use super::IdekmReqContext;

impl IdekmReqContext {
#[allow(clippy::too_many_arguments)]
pub async fn pci_ide_km_key_set_go(
&mut self,
// IN
spdm_requester: &mut RequesterContext,
session_id: u32,
stream_id: u8,
key_set: u8,
key_direction: u8,
key_sub_stream: u8,
port_index: u8,
) -> SpdmResult {
let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct {
req_length: 0,
vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE],
};

let mut writer =
Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload);

vendor_defined_req_payload_struct.req_length = KSetGoDataObject {
stream_id,
key_set,
key_direction,
key_sub_stream,
port_index,
}
.encode(&mut writer)
.map_err(|_| SPDM_STATUS_BUFFER_FULL)?
as u16;

let vendor_defined_rsp_payload_struct = spdm_requester
.send_spdm_vendor_defined_request(
Some(session_id),
STANDARD_ID,
vendor_id(),
vendor_defined_req_payload_struct,
)
.await?;

let kgo_stop_ack_data_object = KGoStopAckDataObject::read_bytes(
&vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload
[..vendor_defined_rsp_payload_struct.rsp_length as usize],
)
.ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?;

if kgo_stop_ack_data_object.stream_id != stream_id
|| kgo_stop_ack_data_object.key_set != key_set
|| kgo_stop_ack_data_object.key_direction != key_direction
|| kgo_stop_ack_data_object.key_sub_stream != key_sub_stream
|| kgo_stop_ack_data_object.port_index != port_index
{
Err(SPDM_STATUS_INVALID_MSG_FIELD)
} else {
Ok(())
}
}
}
80 changes: 80 additions & 0 deletions idekm/src/pci_ide_km_requester/pci_ide_km_req_key_set_stop.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
// Copyright (c) 2023 Intel Corporation
//
// SPDX-License-Identifier: Apache-2.0

use codec::Codec;
use codec::Writer;
use spdmlib::error::SPDM_STATUS_BUFFER_FULL;
use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD;
use spdmlib::{
error::SpdmResult,
message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE},
requester::RequesterContext,
};

use crate::pci_idekm::vendor_id;
use crate::pci_idekm::KGoStopAckDataObject;
use crate::pci_idekm::KSetStopDataObject;
use crate::pci_idekm::STANDARD_ID;

use super::IdekmReqContext;

impl IdekmReqContext {
#[allow(clippy::too_many_arguments)]
pub async fn pci_ide_km_key_set_stop(
&mut self,
// IN
spdm_requester: &mut RequesterContext,
session_id: u32,
stream_id: u8,
key_set: u8,
key_direction: u8,
key_sub_stream: u8,
port_index: u8,
) -> SpdmResult {
let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct {
req_length: 0,
vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE],
};

let mut writer =
Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload);

vendor_defined_req_payload_struct.req_length = KSetStopDataObject {
stream_id,
key_set,
key_direction,
key_sub_stream,
port_index,
}
.encode(&mut writer)
.map_err(|_| SPDM_STATUS_BUFFER_FULL)?
as u16;

let vendor_defined_rsp_payload_struct = spdm_requester
.send_spdm_vendor_defined_request(
Some(session_id),
STANDARD_ID,
vendor_id(),
vendor_defined_req_payload_struct,
)
.await?;

let kgo_stop_ack_data_object = KGoStopAckDataObject::read_bytes(
&vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload
[..vendor_defined_rsp_payload_struct.rsp_length as usize],
)
.ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?;

if kgo_stop_ack_data_object.stream_id != stream_id
|| kgo_stop_ack_data_object.key_set != key_set
|| kgo_stop_ack_data_object.key_direction != key_direction
|| kgo_stop_ack_data_object.key_sub_stream != key_sub_stream
|| kgo_stop_ack_data_object.port_index != port_index
{
Err(SPDM_STATUS_INVALID_MSG_FIELD)
} else {
Ok(())
}
}
}
Loading

0 comments on commit ad2c641

Please sign in to comment.