introduce IDE_KM.

Cargo.toml

@@ -14,6 +14,7 @@ members = [
     "codec",
     "executor",
     "sys_time",
+    "idekm",
     "test/spdm-requester-emu",
     "test/spdm-responder-emu",
     "test/spdmlib-test",

idekm/Cargo.toml

@@ -0,0 +1,23 @@
+[package]
+name = "idekm"
+license = "BSD-2-Clause-Patent"
+version = "0.1.0"
+authors = [
+    "Jiewen Yao <[email protected]>",
+    "Xiaoyu Lu <[email protected]>",
+    "Longlong Yang <[email protected]>"
+    ]
+edition = "2018"
+
+[dev-dependencies]
+
+[build-dependencies]
+
+[dependencies]
+codec = { path = "../codec" }
+zeroize = { version = "1.5.0", features = ["zeroize_derive"]}
+spdmlib = { path = "../spdmlib", default-features = false, features = ["spdm-ring"]}
+conquer-once = { version = "0.3.2", default-features = false }
+
+
+[features]

idekm/src/lib.rs

@@ -0,0 +1,10 @@
+// Copyright (c) 2023 Intel Corporation
+//
+// SPDX-License-Identifier: Apache-2.0
+
+#![forbid(unsafe_code)]
+#![cfg_attr(not(feature = "std"), no_std)]
+
+pub mod pci_ide_km_requester;
+pub mod pci_ide_km_responder;
+pub mod pci_idekm;

idekm/src/pci_ide_km_requester/mod.rs

@@ -0,0 +1,18 @@
+// Copyright (c) 2023 Intel Corporation
+//
+// SPDX-License-Identifier: Apache-2.0
+
+#[derive(Debug, Default, Copy, Clone)]
+pub struct IdekmReqContext;
+
+pub mod pci_ide_km_req_query;
+pub use pci_ide_km_req_query::*;
+
+pub mod pci_ide_km_req_key_prog;
+pub use pci_ide_km_req_key_prog::*;
+
+pub mod pci_ide_km_req_key_set_go;
+pub use pci_ide_km_req_key_set_go::*;
+
+pub mod pci_ide_km_req_key_set_stop;
+pub use pci_ide_km_req_key_set_stop::*;

idekm/src/pci_ide_km_requester/pci_ide_km_req_key_prog.rs

@@ -0,0 +1,86 @@
+// Copyright (c) 2023 Intel Corporation
+//
+// SPDX-License-Identifier: Apache-2.0
+
+use codec::Codec;
+use codec::Writer;
+use spdmlib::error::SpdmResult;
+use spdmlib::error::SPDM_STATUS_BUFFER_FULL;
+use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD;
+use spdmlib::{
+    message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE},
+    requester::RequesterContext,
+};
+
+use crate::pci_idekm::vendor_id;
+use crate::pci_idekm::KpAckDataObject;
+use crate::pci_idekm::STANDARD_ID;
+use crate::pci_idekm::{Aes256GcmKeyBuffer, KeyProgDataObject, KpAckStatus};
+
+use super::IdekmReqContext;
+
+impl IdekmReqContext {
+    #[allow(clippy::too_many_arguments)]
+    pub async fn pci_ide_km_key_prog(
+        &mut self,
+        // IN
+        spdm_requester: &mut RequesterContext,
+        session_id: u32,
+        stream_id: u8,
+        key_set: u8,
+        key_direction: u8,
+        key_sub_stream: u8,
+        port_index: u8,
+        key_iv: Aes256GcmKeyBuffer,
+        // OUT
+        kp_ack_status: &mut KpAckStatus,
+    ) -> SpdmResult {
+        let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct {
+            req_length: 0,
+            vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE],
+        };
+
+        let mut writer =
+            Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload);
+
+        vendor_defined_req_payload_struct.req_length = KeyProgDataObject {
+            stream_id,
+            key_set,
+            key_direction,
+            key_sub_stream,
+            port_index,
+            key_iv,
+        }
+        .encode(&mut writer)
+        .map_err(|_| SPDM_STATUS_BUFFER_FULL)?
+            as u16;
+
+        let vendor_defined_rsp_payload_struct = spdm_requester
+            .send_spdm_vendor_defined_request(
+                Some(session_id),
+                STANDARD_ID,
+                vendor_id(),
+                vendor_defined_req_payload_struct,
+            )
+            .await?;
+
+        let kp_ack_data_object = KpAckDataObject::read_bytes(
+            &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload
+                [..vendor_defined_rsp_payload_struct.rsp_length as usize],
+        )
+        .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?;
+
+        if kp_ack_data_object.stream_id != stream_id
+            || kp_ack_data_object.key_set != key_set
+            || kp_ack_data_object.key_direction != key_direction
+            || kp_ack_data_object.key_sub_stream != key_sub_stream
+            || kp_ack_data_object.port_index != port_index
+        {
+            return Err(SPDM_STATUS_INVALID_MSG_FIELD);
+        } else {
+            *kp_ack_status = kp_ack_data_object.status;
+        }
+
+        Ok(())
+    }
+}

idekm/src/pci_ide_km_requester/pci_ide_km_req_key_set_go.rs

@@ -0,0 +1,80 @@
+// Copyright (c) 2023 Intel Corporation
+//
+// SPDX-License-Identifier: Apache-2.0
+
+use codec::Codec;
+use codec::Writer;
+use spdmlib::error::SPDM_STATUS_BUFFER_FULL;
+use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD;
+use spdmlib::{
+    error::SpdmResult,
+    message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE},
+    requester::RequesterContext,
+};
+
+use crate::pci_idekm::vendor_id;
+use crate::pci_idekm::KGoStopAckDataObject;
+use crate::pci_idekm::KSetGoDataObject;
+use crate::pci_idekm::STANDARD_ID;
+
+use super::IdekmReqContext;
+
+impl IdekmReqContext {
+    #[allow(clippy::too_many_arguments)]
+    pub async fn pci_ide_km_key_set_go(
+        &mut self,
+        // IN
+        spdm_requester: &mut RequesterContext,
+        session_id: u32,
+        stream_id: u8,
+        key_set: u8,
+        key_direction: u8,
+        key_sub_stream: u8,
+        port_index: u8,
+    ) -> SpdmResult {
+        let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct {
+            req_length: 0,
+            vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE],
+        };
+
+        let mut writer =
+            Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload);
+
+        vendor_defined_req_payload_struct.req_length = KSetGoDataObject {
+            stream_id,
+            key_set,
+            key_direction,
+            key_sub_stream,
+            port_index,
+        }
+        .encode(&mut writer)
+        .map_err(|_| SPDM_STATUS_BUFFER_FULL)?
+            as u16;
+
+        let vendor_defined_rsp_payload_struct = spdm_requester
+            .send_spdm_vendor_defined_request(
+                Some(session_id),
+                STANDARD_ID,
+                vendor_id(),
+                vendor_defined_req_payload_struct,
+            )
+            .await?;
+
+        let kgo_stop_ack_data_object = KGoStopAckDataObject::read_bytes(
+            &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload
+                [..vendor_defined_rsp_payload_struct.rsp_length as usize],
+        )
+        .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?;
+
+        if kgo_stop_ack_data_object.stream_id != stream_id
+            || kgo_stop_ack_data_object.key_set != key_set
+            || kgo_stop_ack_data_object.key_direction != key_direction
+            || kgo_stop_ack_data_object.key_sub_stream != key_sub_stream
+            || kgo_stop_ack_data_object.port_index != port_index
+        {
+            Err(SPDM_STATUS_INVALID_MSG_FIELD)
+        } else {
+            Ok(())
+        }
+    }
+}

idekm/src/pci_ide_km_requester/pci_ide_km_req_key_set_stop.rs

@@ -0,0 +1,80 @@
+// Copyright (c) 2023 Intel Corporation
+//
+// SPDX-License-Identifier: Apache-2.0
+
+use codec::Codec;
+use codec::Writer;
+use spdmlib::error::SPDM_STATUS_BUFFER_FULL;
+use spdmlib::error::SPDM_STATUS_INVALID_MSG_FIELD;
+use spdmlib::{
+    error::SpdmResult,
+    message::{VendorDefinedReqPayloadStruct, MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE},
+    requester::RequesterContext,
+};
+
+use crate::pci_idekm::vendor_id;
+use crate::pci_idekm::KGoStopAckDataObject;
+use crate::pci_idekm::KSetStopDataObject;
+use crate::pci_idekm::STANDARD_ID;
+
+use super::IdekmReqContext;
+
+impl IdekmReqContext {
+    #[allow(clippy::too_many_arguments)]
+    pub async fn pci_ide_km_key_set_stop(
+        &mut self,
+        // IN
+        spdm_requester: &mut RequesterContext,
+        session_id: u32,
+        stream_id: u8,
+        key_set: u8,
+        key_direction: u8,
+        key_sub_stream: u8,
+        port_index: u8,
+    ) -> SpdmResult {
+        let mut vendor_defined_req_payload_struct = VendorDefinedReqPayloadStruct {
+            req_length: 0,
+            vendor_defined_req_payload: [0u8; MAX_SPDM_VENDOR_DEFINED_PAYLOAD_SIZE],
+        };
+
+        let mut writer =
+            Writer::init(&mut vendor_defined_req_payload_struct.vendor_defined_req_payload);
+
+        vendor_defined_req_payload_struct.req_length = KSetStopDataObject {
+            stream_id,
+            key_set,
+            key_direction,
+            key_sub_stream,
+            port_index,
+        }
+        .encode(&mut writer)
+        .map_err(|_| SPDM_STATUS_BUFFER_FULL)?
+            as u16;
+
+        let vendor_defined_rsp_payload_struct = spdm_requester
+            .send_spdm_vendor_defined_request(
+                Some(session_id),
+                STANDARD_ID,
+                vendor_id(),
+                vendor_defined_req_payload_struct,
+            )
+            .await?;
+
+        let kgo_stop_ack_data_object = KGoStopAckDataObject::read_bytes(
+            &vendor_defined_rsp_payload_struct.vendor_defined_rsp_payload
+                [..vendor_defined_rsp_payload_struct.rsp_length as usize],
+        )
+        .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?;
+
+        if kgo_stop_ack_data_object.stream_id != stream_id
+            || kgo_stop_ack_data_object.key_set != key_set
+            || kgo_stop_ack_data_object.key_direction != key_direction
+            || kgo_stop_ack_data_object.key_sub_stream != key_sub_stream
+            || kgo_stop_ack_data_object.port_index != port_index
+        {
+            Err(SPDM_STATUS_INVALID_MSG_FIELD)
+        } else {
+            Ok(())
+        }
+    }
+}