From b15c9637a654d1348028fe38e2d68a9bd3aebc87 Mon Sep 17 00:00:00 2001 From: "Yang, Longlong" Date: Mon, 9 Oct 2023 21:26:36 -0400 Subject: [PATCH] add support to export the full transcript (VCA + message_m). fix #29 Signed-off-by: Yang, Longlong --- .../pass_context/src/pass_requester.rs | 7 +++++- fuzz-target/random_requester/src/main.rs | 3 +++ .../requester/measurement_req/src/main.rs | 15 ++++++++++++ spdmlib/src/requester/context.rs | 12 +++++++--- spdmlib/src/requester/get_measurements_req.rs | 22 ++++++++++++++++++ test/spdm-requester-emu/src/main.rs | 23 +++++++++++++++++-- .../src/requester_tests/context.rs | 6 +++-- .../src/requester_tests/get_digests_req.rs | 3 +++ .../requester_tests/get_measurements_req.rs | 14 +++++++++++ test/spdmlib-test/src/test_client_server.rs | 6 ++++- 10 files changed, 102 insertions(+), 9 deletions(-) diff --git a/fuzz-target/pass_context/src/pass_requester.rs b/fuzz-target/pass_context/src/pass_requester.rs index 01d3237d..4621dfff 100644 --- a/fuzz-target/pass_context/src/pass_requester.rs +++ b/fuzz-target/pass_context/src/pass_requester.rs @@ -46,7 +46,12 @@ pub async fn fuzz_total_requesters() { req_provision_info, ); - if requester.init_connection().await.is_err() { + let mut transcript_vca = None; + if requester + .init_connection(&mut transcript_vca) + .await + .is_err() + { return; } diff --git a/fuzz-target/random_requester/src/main.rs b/fuzz-target/random_requester/src/main.rs index ace3de2f..862f69a6 100644 --- a/fuzz-target/random_requester/src/main.rs +++ b/fuzz-target/random_requester/src/main.rs @@ -99,6 +99,8 @@ async fn run_spdm(spdm: Vec) { let mut total_number = 0; let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut transcript_meas = None; + if requester .send_receive_spdm_measurement( None, @@ -107,6 +109,7 @@ async fn run_spdm(spdm: Vec) { SpdmMeasurementOperation::SpdmMeasurementRequestAll, &mut total_number, &mut spdm_measurement_record_structure, + &mut transcript_meas, ) .await .is_err() diff --git a/fuzz-target/requester/measurement_req/src/main.rs b/fuzz-target/requester/measurement_req/src/main.rs index c9b25e4c..4737becf 100644 --- a/fuzz-target/requester/measurement_req/src/main.rs +++ b/fuzz-target/requester/measurement_req/src/main.rs @@ -67,6 +67,8 @@ async fn fuzz_send_receive_spdm_measurement(fuzzdata: Arc>) { let mut total_number = 0; let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut transcript_meas = None; + let _ = requester .send_receive_spdm_measurement( None, @@ -75,6 +77,7 @@ async fn fuzz_send_receive_spdm_measurement(fuzzdata: Arc>) { SpdmMeasurementOperation::SpdmMeasurementRequestAll, &mut total_number, &mut spdm_measurement_record_structure, + &mut transcript_meas, ) .await; } @@ -120,6 +123,8 @@ async fn fuzz_send_receive_spdm_measurement(fuzzdata: Arc>) { let mut total_number = 0; let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut transcript_meas = None; + let _ = requester .send_receive_spdm_measurement( None, @@ -128,6 +133,7 @@ async fn fuzz_send_receive_spdm_measurement(fuzzdata: Arc>) { SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, &mut total_number, &mut spdm_measurement_record_structure, + &mut transcript_meas, ) .await; } @@ -174,6 +180,8 @@ async fn fuzz_send_receive_spdm_measurement(fuzzdata: Arc>) { let mut total_number = 0; let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut transcript_meas = None; + let _ = requester .send_receive_spdm_measurement( None, @@ -182,6 +190,7 @@ async fn fuzz_send_receive_spdm_measurement(fuzzdata: Arc>) { SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, &mut total_number, &mut spdm_measurement_record_structure, + &mut transcript_meas, ) .await; } @@ -228,6 +237,8 @@ async fn fuzz_send_receive_spdm_measurement(fuzzdata: Arc>) { let mut total_number = 0; let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut transcript_meas = None; + let _ = requester .send_receive_spdm_measurement( None, @@ -236,6 +247,7 @@ async fn fuzz_send_receive_spdm_measurement(fuzzdata: Arc>) { SpdmMeasurementOperation::Unknown(4), &mut total_number, &mut spdm_measurement_record_structure, + &mut transcript_meas, ) .await; } @@ -310,6 +322,8 @@ async fn fuzz_send_receive_spdm_measurement(fuzzdata: Arc>) { requester.common.reset_runtime_info(); let mut total_number = 0; let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut transcript_meas = None; + let _ = requester .send_receive_spdm_measurement( Some(4294836221), @@ -318,6 +332,7 @@ async fn fuzz_send_receive_spdm_measurement(fuzzdata: Arc>) { SpdmMeasurementOperation::SpdmMeasurementRequestAll, &mut total_number, &mut spdm_measurement_record_structure, + &mut transcript_meas, ) .await; } diff --git a/spdmlib/src/requester/context.rs b/spdmlib/src/requester/context.rs index fded7df6..f2f2dd46 100644 --- a/spdmlib/src/requester/context.rs +++ b/spdmlib/src/requester/context.rs @@ -2,8 +2,8 @@ // // SPDX-License-Identifier: Apache-2.0 -use crate::common::ST1; use crate::common::{self, SpdmDeviceIo, SpdmTransportEncap}; +use crate::common::{ManagedBufferA, ST1}; use crate::config; use crate::error::{SpdmResult, SPDM_STATUS_RECEIVE_FAIL, SPDM_STATUS_SEND_FAIL}; use crate::protocol::*; @@ -34,10 +34,16 @@ impl RequesterContext { } } - pub async fn init_connection(&mut self) -> SpdmResult { + pub async fn init_connection( + &mut self, + transcript_vca: &mut Option, + ) -> SpdmResult { + *transcript_vca = None; self.send_receive_spdm_version().await?; self.send_receive_spdm_capability().await?; - self.send_receive_spdm_algorithm().await + self.send_receive_spdm_algorithm().await?; + *transcript_vca = Some(self.common.runtime_info.message_a.clone()); + Ok(()) } pub async fn start_session( diff --git a/spdmlib/src/requester/get_measurements_req.rs b/spdmlib/src/requester/get_measurements_req.rs index 990b1516..61e46ad4 100644 --- a/spdmlib/src/requester/get_measurements_req.rs +++ b/spdmlib/src/requester/get_measurements_req.rs @@ -15,20 +15,27 @@ use crate::protocol::*; use crate::requester::*; impl RequesterContext { + #[allow(clippy::too_many_arguments)] async fn send_receive_spdm_measurement_record( &mut self, session_id: Option, measurement_attributes: SpdmMeasurementAttributes, measurement_operation: SpdmMeasurementOperation, spdm_measurement_record_structure: &mut SpdmMeasurementRecordStructure, + transcript_meas: &mut Option, slot_id: u8, ) -> SpdmResult { + if transcript_meas.is_none() { + *transcript_meas = Some(ManagedBufferM::default()); + } + let result = self .delegate_send_receive_spdm_measurement_record( session_id, measurement_attributes, measurement_operation, spdm_measurement_record_structure, + transcript_meas, slot_id, ) .await; @@ -36,6 +43,7 @@ impl RequesterContext { if let Err(e) = result { if e != SPDM_STATUS_NOT_READY_PEER { self.common.reset_message_m(session_id); + *transcript_meas = None; } } @@ -48,6 +56,7 @@ impl RequesterContext { measurement_attributes: SpdmMeasurementAttributes, measurement_operation: SpdmMeasurementOperation, spdm_measurement_record_structure: &mut SpdmMeasurementRecordStructure, + transcript_meas: &mut Option, slot_id: u8, ) -> SpdmResult { info!("send spdm measurement\n"); @@ -85,6 +94,7 @@ impl RequesterContext { spdm_measurement_record_structure, &send_buffer[..send_used], &receive_buffer[..used], + transcript_meas, ) } @@ -126,6 +136,7 @@ impl RequesterContext { spdm_measurement_record_structure: &mut SpdmMeasurementRecordStructure, send_buffer: &[u8], receive_buffer: &[u8], + transcript_meas: &mut Option, ) -> SpdmResult { self.common.runtime_info.need_measurement_signature = measurement_attributes.contains(SpdmMeasurementAttributes::SIGNATURE_REQUESTED); @@ -173,6 +184,14 @@ impl RequesterContext { self.common.append_message_m(session_id, send_buffer)?; self.common .append_message_m(session_id, &receive_buffer[..temp_used])?; + if let Some(ret_message_m) = transcript_meas { + ret_message_m + .append_message(send_buffer) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + ret_message_m + .append_message(&receive_buffer[..temp_used]) + .ok_or(SPDM_STATUS_BUFFER_FULL)?; + } // verify signature if measurement_attributes @@ -228,6 +247,7 @@ impl RequesterContext { } } + #[allow(clippy::too_many_arguments)] pub async fn send_receive_spdm_measurement( &mut self, session_id: Option, @@ -237,6 +257,7 @@ impl RequesterContext { out_total_number: &mut u8, // out, total number when measurement_operation = SpdmMeasurementQueryTotalNumber // number of blocks got measured. spdm_measurement_record_structure: &mut SpdmMeasurementRecordStructure, // out + transcript_meas: &mut Option, // out ) -> SpdmResult { *out_total_number = self .send_receive_spdm_measurement_record( @@ -244,6 +265,7 @@ impl RequesterContext { spdm_measuremente_attributes, measurement_operation, spdm_measurement_record_structure, + transcript_meas, slot_id, ) .await?; diff --git a/test/spdm-requester-emu/src/main.rs b/test/spdm-requester-emu/src/main.rs index 86fcf8ba..2763c64a 100644 --- a/test/spdm-requester-emu/src/main.rs +++ b/test/spdm-requester-emu/src/main.rs @@ -239,7 +239,8 @@ async fn test_spdm( provision_info, ); - if context.init_connection().await.is_err() { + let mut transcript_vca = None; + if context.init_connection(&mut transcript_vca).await.is_err() { panic!("init_connection failed!"); } @@ -268,6 +269,8 @@ async fn test_spdm( let mut total_number: u8 = 0; let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut transcript_meas = None; + if context .send_receive_spdm_measurement( None, @@ -276,6 +279,7 @@ async fn test_spdm( SpdmMeasurementOperation::SpdmMeasurementRequestAll, &mut total_number, &mut spdm_measurement_record_structure, + &mut transcript_meas, ) .await .is_err() @@ -283,6 +287,10 @@ async fn test_spdm( panic!("send_receive_spdm_measurement failed!"); } + if transcript_meas.is_none() { + panic!("get message_m from send_receive_spdm_measurement failed!"); + } + let result = context .start_session( false, @@ -329,6 +337,8 @@ async fn test_spdm( panic!("send_receive_spdm_key_update failed"); } + let mut transcript_meas = None; + if context .send_receive_spdm_measurement( Some(session_id), @@ -337,6 +347,7 @@ async fn test_spdm( SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber, &mut total_number, &mut spdm_measurement_record_structure, + &mut transcript_meas, ) .await .is_err() @@ -344,6 +355,10 @@ async fn test_spdm( panic!("send_receive_spdm_measurement failed"); } + if transcript_vca.is_none() || transcript_meas.is_none() { + panic!("get VCA + message_m from send_receive_spdm_measurement failed!"); + } + if context .send_receive_spdm_digest(Some(session_id)) .await @@ -513,7 +528,8 @@ async fn test_idekm( provision_info, ); - if context.init_connection().await.is_err() { + let mut transcript_vca = None; + if context.init_connection(&mut transcript_vca).await.is_err() { panic!("init_connection failed!"); } @@ -542,6 +558,8 @@ async fn test_idekm( let mut total_number: u8 = 0; let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut transcript_meas = None; + if context .send_receive_spdm_measurement( None, @@ -550,6 +568,7 @@ async fn test_idekm( SpdmMeasurementOperation::SpdmMeasurementRequestAll, &mut total_number, &mut spdm_measurement_record_structure, + &mut transcript_meas, ) .await .is_err() diff --git a/test/spdmlib-test/src/requester_tests/context.rs b/test/spdmlib-test/src/requester_tests/context.rs index 3022ff2b..77f8e95c 100644 --- a/test/spdmlib-test/src/requester_tests/context.rs +++ b/test/spdmlib-test/src/requester_tests/context.rs @@ -56,7 +56,8 @@ fn test_case0_start_session() { req_provision_info, ); - let status = requester.init_connection().await.is_ok(); + let mut transcript_vca = None; + let status = requester.init_connection(&mut transcript_vca).await.is_ok(); assert!(status); let status = requester.send_receive_spdm_digest(None).await.is_ok(); @@ -142,7 +143,8 @@ fn test_case0_get_next_half_session() { req_provision_info, ); - let status = requester.init_connection().await.is_ok(); + let mut transcript_vca = None; + let status = requester.init_connection(&mut transcript_vca).await.is_ok(); assert!(status); let status = requester.send_receive_spdm_digest(None).await.is_ok(); diff --git a/test/spdmlib-test/src/requester_tests/get_digests_req.rs b/test/spdmlib-test/src/requester_tests/get_digests_req.rs index 0ddaeab3..a83a4a8a 100644 --- a/test/spdmlib-test/src/requester_tests/get_digests_req.rs +++ b/test/spdmlib-test/src/requester_tests/get_digests_req.rs @@ -287,6 +287,8 @@ fn issue_other_request_before_vca_negotiated() { let measurement_operation = SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber; let mut total_number: u8 = 0; let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut transcript_meas = None; + let result = requester .send_receive_spdm_measurement( None, @@ -295,6 +297,7 @@ fn issue_other_request_before_vca_negotiated() { measurement_operation, &mut total_number, &mut spdm_measurement_record_structure, + &mut transcript_meas, ) .await; assert!( diff --git a/test/spdmlib-test/src/requester_tests/get_measurements_req.rs b/test/spdmlib-test/src/requester_tests/get_measurements_req.rs index 87a7f2b9..bbd19d55 100644 --- a/test/spdmlib-test/src/requester_tests/get_measurements_req.rs +++ b/test/spdmlib-test/src/requester_tests/get_measurements_req.rs @@ -120,6 +120,8 @@ fn test_case0_send_receive_spdm_measurement() { let measurement_operation = SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber; let mut total_number: u8 = 0; let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); + let mut transcript_meas = None; + let status = requester .send_receive_spdm_measurement( None, @@ -128,12 +130,15 @@ fn test_case0_send_receive_spdm_measurement() { measurement_operation, &mut total_number, &mut spdm_measurement_record_structure, + &mut transcript_meas, ) .await .is_ok(); assert!(status); let measurement_operation = SpdmMeasurementOperation::SpdmMeasurementRequestAll; + let mut transcript_meas = None; + let status = requester .send_receive_spdm_measurement( None, @@ -142,12 +147,15 @@ fn test_case0_send_receive_spdm_measurement() { measurement_operation, &mut total_number, &mut spdm_measurement_record_structure, + &mut transcript_meas, ) .await .is_ok(); assert!(status); let measurement_operation = SpdmMeasurementOperation::Unknown(1); + let mut transcript_meas = None; + let status = requester .send_receive_spdm_measurement( None, @@ -156,12 +164,15 @@ fn test_case0_send_receive_spdm_measurement() { measurement_operation, &mut total_number, &mut spdm_measurement_record_structure, + &mut transcript_meas, ) .await .is_ok(); assert!(status); let measurement_operation = SpdmMeasurementOperation::Unknown(5); + let mut transcript_meas = None; + let status = requester .send_receive_spdm_measurement( None, @@ -170,6 +181,7 @@ fn test_case0_send_receive_spdm_measurement() { measurement_operation, &mut total_number, &mut spdm_measurement_record_structure, + &mut transcript_meas, ) .await .is_err(); @@ -352,6 +364,7 @@ fn test_handle_spdm_measurement_record_response() { let session_id = None; let mut spdm_measurement_record_structure = SpdmMeasurementRecordStructure::default(); let send_buffer = [0u8; MAX_SPDM_MSG_SIZE]; + let mut transcript_meas = None; let result = requester.handle_spdm_measurement_record_response( session_id, tc.request_slot_id, @@ -360,6 +373,7 @@ fn test_handle_spdm_measurement_record_response() { &mut spdm_measurement_record_structure, &send_buffer, &*tc.receive_buffer, + &mut transcript_meas, ); assert!( result == tc.expected_result, diff --git a/test/spdmlib-test/src/test_client_server.rs b/test/spdmlib-test/src/test_client_server.rs index ad12914f..06fd54ea 100644 --- a/test/spdmlib-test/src/test_client_server.rs +++ b/test/spdmlib-test/src/test_client_server.rs @@ -60,7 +60,11 @@ fn intergration_client_server() { provision_info, ); - assert!(!requester_context.init_connection().await.is_err()); + let mut transcript_vca = None; + assert!(!requester_context + .init_connection(&mut transcript_vca) + .await + .is_err()); assert!(!requester_context .send_receive_spdm_digest(None)