Skip to content
This repository has been archived by the owner on Jul 22, 2021. It is now read-only.
/ openspdm Public archive

This openspdm is a sample implementation for the DMTF SPDM specification.

License

Notifications You must be signed in to change notification settings

jyao1/openspdm

Repository files navigation

This openspdm is a sample implementation for the DMTF SPDM specification

NOTE

The openspdm is moved to https://github.com/DMTF/libspdm. The temp_master branch is synced. The openspdm issue is also synced. This repo will be achieved as read-only.

Feature

  1. Specification

    The SPDM and secured message follow :

    DSP0274 Security Protocol and Data Model (SPDM) Specification (version 1.0.0 and version 1.1.0)

    DSP0277 Secured Messages using SPDM Specification (version 1.0.0b)

    The MCTP and secured MCTP follow :

    DSP0275 Security Protocol and Data Model (SPDM) over MCTP Binding Specification (version 1.0.0)

    DSP0276 Secured MCTP Messages over MCTP Binding Specification (version 1.0.0a)

    The PCI DOE / IDE follow :

    PCI Data Object Exchange (DOE) ECN

    PCI Component Measurement and Authentication (CMA) ECN

    PCI Integrity and Data Encryption (IDE) ECN

  2. Both SPDM requester and SPDM responder.

  3. Programming Context:

    No heap is required in the SPDM lib. No writable global variable is required in the SPDM lib.

  4. Implemented command and response:

    SPDM 1.0: GET_VERSION, GET_CAPABILITY, NEGOTIATE_ALGORITHM, GET_DIGEST, GET_CERTIFICATE, CHALLENGE, GET_MEASUREMENT.

    SPDM 1.1: KEY_EXCHANGE, FINISH, PSK_EXCHANGE, PSK_FINISH, END_SESSION, HEARTBEAT, KEY_UPDATE, ENCAPSULATED message

  5. Cryptographic algorithm support:

    The SPDM lib requires cryptolib API, including random number, symmetric crypto, asymmetric crypto, hash and message authentication code etc.

    Current support algorithm: SHA-2, RSA-SSA/ECDSA, FFDHE/ECDHE, AES_GCM/ChaCha20Poly1305, HMAC.

    An MbedTls wrapper is included in BaseCryptLibMbedTls.

    An Openssl wrapper is included in BaseCryptLibOpenssl.

  6. Execution context:

    Support to build an OS application for SpdmRequester and SpdmResponder to trace the communication.

    Support to be included in UEFI host environment EDKII, such as SpdmRequester

    Support to be included in OpenBMC. It is in planning, see SPDM Integration.

Document

  1. Presentation

    Open Source Firmware Conference 2020 - openspdm

  2. openspdm library design:

    The detailed design can be found at Design

  3. openspdm user guide:

    The user guide can be found at UserGuide

Prerequisit

Build Tool

  1. Visual Studio (VS2015 or VS2019)

  2. GCC (above GCC5)

  3. LLVM (LLVM9)

    Download and install LLVM9. Ensure LLVM9 executable directory is in PATH environment variable.

  4. cmake. It will be used to replace makefile.

Crypto library

  1. MbedTls as Crypto library

    Please download mbedtls-2.16.6 and unzip it. Rename mbedtls-2.16.6 to mbedtls and put mbedtls under MbedTlsLib

  2. Openssl as crypto library

    Please download openssl-1.1.1g and unzip it. Rename openssl-1.1.1g to openssl and put openssl under OpensslLib

Unit Test framework

  1. cmocka

    Please download cmocka-1.1.5 and unzip it. Rename cmocka-1.1.5 to cmocka and put cmocka under CmockaLib

Build

Windows Build:

  1. Use Visual Studio

    Tool : Visual Studio 2015 (TOOLCHAIN=VS2015)

    Open visual studio 2015 command prompt at openspdm dir and type nmake ARCH=<X64|Ia32> TARGET=<DEBUG|RELEASE> CRYPTO=<MbedTls|Openssl> -e WORKSPACE=<openspdm_root_dir>. (Use x86 command prompt for ARCH=Ia32 and x64 command prompt for ARCH=X64)

    Tool : Visual Studio 2019 (TOOLCHAIN=VS2019)

    Open visual studio 2019 command prompt at openspdm dir and type nmake ARCH=<X64|Ia32> TOOLCHAIN=VS2019 TARGET=<DEBUG|RELEASE> CRYPTO=<MbedTls|Openssl> -e WORKSPACE=<openspdm_root_dir>. (Use x86 command prompt for ARCH=Ia32 and x64 command prompt for ARCH=X64)

  2. Use LLVM

    Tool : LLVM x86_64-pc-windows-msvc (TOOLCHAIN=CLANG)

    Open visual studio 2019 command prompt at openspdm dir and type make ARCH=<X64|Ia32> TOOLCHAIN=CLANG TARGET=<DEBUG|RELEASE> CRYPTO=<MbedTls|Openssl> -e WORKSPACE=<openspdm_root_dir>. (Use x86 command prompt for ARCH=Ia32 and x64 command prompt for ARCH=X64)

Linux Build:

  1. Use GCC

    Tool : GCC (TOOLCHAIN=GCC)

    Open command prompt at openspdm dir and type make -f GNUmakefile ARCH=<X64|Ia32> TARGET=<DEBUG|RELEASE> CRYPTO=<MbedTls|Openssl> -e WORKSPACE=<openspdm_root_dir>.

  2. Use LLVM

    Tool : LLVM (TOOLCHAIN=CLANG)

    Open command prompt at openspdm dir and type make -f GNUmakefile ARCH=<X64|Ia32> TOOLCHAIN=CLANG TARGET=<DEBUG|RELEASE> CRYPTO=<MbedTls|Openssl> -e WORKSPACE=<openspdm_root_dir>.

Build with CMake

We will use CMake to replace makefile in the future, after all features are enabled. Currently, only SpdmEmu and UnitTest are enabled with VS2019 and GCC.

  1. Use CMake in Linux (Toolchain=GCC|CLANG)

    cd openspdm
    mkdir build
    cd build
    cmake -DARCH=<X64|Ia32> -DTOOLCHAIN=<Toolchain> -DTARGET=<Debug|Release> -DCRYPTO=<MbedTls|Openssl> -DTESTTYPE=<SpdmEmu|UnitTest> ..
    make CopyTestKey
    make
    
  2. Use CMake in Windows (Toolchain=VS2019|VS2015|CLANG)

    Use x86 command prompt for ARCH=Ia32 and x64 command prompt for ARCH=X64.

    cd openspdm
    mkdir build
    cd build
    cmake -G"NMake Makefiles" -DARCH=<X64|Ia32> -DTOOLCHAIN=<Toolchain> -DTARGET=<Debug|Release> -DCRYPTO=<MbedTls|Openssl> -DTESTTYPE=<SpdmEmu|UnitTest> ..
    nmake CopyTestKey
    nmake
    

Run Test

The SpdmEmu output is at openspdm/Build/<TARGET>_<TOOLCHAIN>/<ARCH>. Open one command prompt at output dir to run SpdmResponderEmu and another command prompt to run SpdmRequesterEmu.

Please refer to SpdmEmu for detail.

The UnitTest output is at openspdm/Build/<TARGET>_<TOOLCHAIN>/<ARCH>. Open one command prompt at output dir to run TestSpdmRequester > NUL and TestSpdmResponder > NUL.

You may see something like:

      [==========] Running 2 test(s).
      [ RUN      ] TestSpdmResponderVersionCase1
      [       OK ] TestSpdmResponderVersionCase1
      [ RUN      ] TestSpdmResponderVersionCase2
      [       OK ] TestSpdmResponderVersionCase2
      [==========] 2 test(s) run.
      [  PASSED  ] 2 test(s).
   

The tool output is at openspdm/Build/<TARGET>_<TOOLCHAIN>/<ARCH>. It can be used to parse the pcap file for offline analysis.

Please refer to SpdmDump for detail.

Other Test

openspdm also supports other test such as code coverage, fuzzing, symbolic execution, model checker.

Please refer to Test for detail.

Feature not implemented yet

  1. Please refer to issues for detail

Contribution

  1. Please refer to contribution for detail

Known limitation

This package is only the sample code to show the concept. It does not have a full validation such as robustness functional test and fuzzing test. It does not meet the production quality yet. Any codes including the API definition, the libary and the drivers are subject to change.

About

This openspdm is a sample implementation for the DMTF SPDM specification.

Resources

License

Stars

Watchers

Forks

Packages

No packages published