sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: add DeviceSecurity support

Browse Source 
This patch implement the SpdmSecurityLib,
which is the core of DeviceSecurity.
And the SpdmSecurityLib include Device Authentication and Measurement.
The other library is to support SpdmSecurityLib.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
Wenxing Hou
2024-04-18 17:28:15 +08:00
committed by mergify[bot]
parent c3f615a1bd
commit 750d763623
32 changed files with 5611 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

970
SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c Normal file
View File

@@ -0,0 +1,970 @@
/** @file
EDKII Device Security library for SPDM device.
It follows the SPDM Specification.
Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/MemoryAllocationLib.h>
#include "hal/base.h"
#include "hal/library/cryptlib.h"
void *
libspdm_sha256_new (
void
)
{
size_t CtxSize;
void *HashCtx;
HashCtx = NULL;
CtxSize = Sha256GetContextSize ();
HashCtx = AllocatePool (CtxSize);
return HashCtx;
}
void
libspdm_sha256_free (
void *Sha256Ctx
)
{
if (Sha256Ctx != NULL) {
FreePool (Sha256Ctx);
Sha256Ctx = NULL;
}
}
bool
libspdm_sha256_init (
void *Sha256Ctx
)
{
return Sha256Init (Sha256Ctx);
}
bool
libspdm_sha256_duplicate (
const void *Sha256Context,
void *NewSha256Context
)
{
return Sha256Duplicate (Sha256Context, NewSha256Context);
}
bool
libspdm_sha256_update (
void *Sha256Context,
const void *Data,
size_t DataSize
)
{
return Sha256Update (Sha256Context, Data, DataSize);
}
bool
libspdm_sha256_final (
void *sha256_context,
uint8_t *hash_value
)
{
return Sha256Final (sha256_context, hash_value);
}
bool
libspdm_sha256_hash_all (
const void *data,
size_t data_size,
uint8_t *hash_value
)
{
return Sha256HashAll (data, data_size, hash_value);
}
void *
libspdm_sha384_new (
void
)
{
size_t CtxSize;
void *HashCtx;
HashCtx = NULL;
CtxSize = Sha384GetContextSize ();
HashCtx = AllocatePool (CtxSize);
return HashCtx;
}
void
libspdm_sha384_free (
void *Sha384Ctx
)
{
if (Sha384Ctx != NULL) {
FreePool (Sha384Ctx);
Sha384Ctx = NULL;
}
}
bool
libspdm_sha384_init (
void *sha384_context
)
{
return Sha384Init (sha384_context);
}
bool
libspdm_sha384_duplicate (
const void *sha384_context,
void *new_sha384_context
)
{
return Sha384Duplicate (sha384_context, new_sha384_context);
}
bool
libspdm_sha384_update (
void *sha384_context,
const void *data,
size_t data_size
)
{
return Sha384Update (sha384_context, data, data_size);
}
bool
libspdm_sha384_final (
void *sha384_context,
uint8_t *hash_value
)
{
return Sha384Final (sha384_context, hash_value);
}
bool
libspdm_sha384_hash_all (
const void *data,
size_t data_size,
uint8_t *hash_value
)
{
return Sha384HashAll (data, data_size, hash_value);
}
void *
libspdm_hmac_sha256_new (
void
)
{
return HmacSha256New ();
}
void
libspdm_hmac_sha256_free (
void *hmac_sha256_ctx
)
{
HmacSha256Free (hmac_sha256_ctx);
}
bool
libspdm_hmac_sha256_set_key (
void *hmac_sha256_ctx,
const uint8_t *key,
size_t key_size
)
{
return HmacSha256SetKey (hmac_sha256_ctx, key, key_size);
}
bool
libspdm_hmac_sha256_duplicate (
const void *hmac_sha256_ctx,
void *new_hmac_sha256_ctx
)
{
return HmacSha256Duplicate (hmac_sha256_ctx, new_hmac_sha256_ctx);
}
bool
libspdm_hmac_sha256_update (
void *hmac_sha256_ctx,
const void *data,
size_t data_size
)
{
return HmacSha256Update (hmac_sha256_ctx, data, data_size);
}
bool
libspdm_hmac_sha256_final (
void *hmac_sha256_ctx,
uint8_t *hmac_value
)
{
return HmacSha256Final (hmac_sha256_ctx, hmac_value);
}
bool
libspdm_hmac_sha256_all (
const void *data,
size_t data_size,
const uint8_t *key,
size_t key_size,
uint8_t *hmac_value
)
{
return HmacSha256All (data, data_size, key, key_size, hmac_value);
}
void *
libspdm_hmac_sha384_new (
void
)
{
return HmacSha384New ();
}
void
libspdm_hmac_sha384_free (
void *hmac_sha384_ctx
)
{
HmacSha384Free (hmac_sha384_ctx);
}
bool
libspdm_hmac_sha384_set_key (
void *hmac_sha384_ctx,
const uint8_t *key,
size_t key_size
)
{
return HmacSha384SetKey (hmac_sha384_ctx, key, key_size);
}
bool
libspdm_hmac_sha384_duplicate (
const void *hmac_sha384_ctx,
void *new_hmac_sha384_ctx
)
{
return HmacSha384Duplicate (hmac_sha384_ctx, new_hmac_sha384_ctx);
}
bool
libspdm_hmac_sha384_update (
void *hmac_sha384_ctx,
const void *data,
size_t data_size
)
{
return HmacSha384Update (hmac_sha384_ctx, data, data_size);
}
bool
libspdm_hmac_sha384_final (
void *hmac_sha384_ctx,
uint8_t *hmac_value
)
{
return HmacSha384Final (hmac_sha384_ctx, hmac_value);
}
bool
libspdm_hmac_sha384_all (
const void *data,
size_t data_size,
const uint8_t *key,
size_t key_size,
uint8_t *hmac_value
)
{
return HmacSha384All (data, data_size, key, key_size, hmac_value);
}
bool
libspdm_aead_aes_gcm_encrypt (
const uint8_t *key,
size_t key_size,
const uint8_t *iv,
size_t iv_size,
const uint8_t *a_data,
size_t a_data_size,
const uint8_t *data_in,
size_t data_in_size,
uint8_t *tag_out,
size_t tag_size,
uint8_t *data_out,
size_t *data_out_size
)
{
return AeadAesGcmEncrypt (
key,
key_size,
iv,
iv_size,
a_data,
a_data_size,
data_in,
data_in_size,
tag_out,
tag_size,
data_out,
data_out_size
);
}
bool
libspdm_aead_aes_gcm_decrypt (
const uint8_t *key,
size_t key_size,
const uint8_t *iv,
size_t iv_size,
const uint8_t *a_data,
size_t a_data_size,
const uint8_t *data_in,
size_t data_in_size,
const uint8_t *tag,
size_t tag_size,
uint8_t *data_out,
size_t *data_out_size
)
{
return AeadAesGcmDecrypt (
key,
key_size,
iv,
iv_size,
a_data,
a_data_size,
data_in,
data_in_size,
tag,
tag_size,
data_out,
data_out_size
);
}
void
libspdm_rsa_free (
void *rsa_context
)
{
RsaFree (rsa_context);
}
bool
libspdm_rsa_pkcs1_sign_with_nid (
void *rsa_context,
size_t hash_nid,
const uint8_t *message_hash,
size_t hash_size,
uint8_t *signature,
size_t *sig_size
)
{
switch (hash_nid) {
case CRYPTO_NID_SHA256:
if (hash_size != SHA256_DIGEST_SIZE) {
return FALSE;
}
break;
case CRYPTO_NID_SHA384:
if (hash_size != SHA384_DIGEST_SIZE) {
return FALSE;
}
break;
case CRYPTO_NID_SHA512:
if (hash_size != SHA512_DIGEST_SIZE) {
return FALSE;
}
break;
default:
return FALSE;
}
return RsaPkcs1Sign (
rsa_context,
message_hash,
hash_size,
signature,
sig_size
);
}
bool
libspdm_rsa_pkcs1_verify_with_nid (
void *rsa_context,
size_t hash_nid,
const uint8_t *message_hash,
size_t hash_size,
const uint8_t *signature,
size_t sig_size
)
{
switch (hash_nid) {
case CRYPTO_NID_SHA256:
if (hash_size != SHA256_DIGEST_SIZE) {
return false;
}
break;
case CRYPTO_NID_SHA384:
if (hash_size != SHA384_DIGEST_SIZE) {
return false;
}
break;
case CRYPTO_NID_SHA512:
if (hash_size != SHA512_DIGEST_SIZE) {
return false;
}
break;
default:
return false;
}
return RsaPkcs1Verify (
rsa_context,
message_hash,
hash_size,
signature,
sig_size
);
}
bool
libspdm_rsa_get_private_key_from_pem (
const uint8_t *pem_data,
size_t pem_size,
const char *password,
void **rsa_context
)
{
return RsaGetPrivateKeyFromPem (pem_data, pem_size, password, rsa_context);
}
bool
libspdm_rsa_get_public_key_from_x509 (
const uint8_t *cert,
size_t cert_size,
void **rsa_context
)
{
return RsaGetPublicKeyFromX509 (cert, cert_size, rsa_context);
}
bool
libspdm_ec_get_public_key_from_der (
const uint8_t *der_data,
size_t der_size,
void **ec_context
)
{
return false;
}
bool
libspdm_rsa_get_public_key_from_der (
const uint8_t *der_data,
size_t der_size,
void **rsa_context
)
{
return false;
}
bool
libspdm_ec_get_private_key_from_pem (
const uint8_t *pem_data,
size_t pem_size,
const char *password,
void **ec_context
)
{
return EcGetPrivateKeyFromPem (pem_data, pem_size, password, ec_context);
}
bool
libspdm_ec_get_public_key_from_x509 (
const uint8_t *cert,
size_t cert_size,
void **ec_context
)
{
return EcGetPublicKeyFromX509 (cert, cert_size, ec_context);
}
bool
libspdm_asn1_get_tag (
uint8_t **ptr,
const uint8_t *end,
size_t *length,
uint32_t tag
)
{
return Asn1GetTag (ptr, end, length, tag);
}
bool
libspdm_x509_get_subject_name (
const uint8_t *cert,
size_t cert_size,
uint8_t *cert_subject,
size_t *subject_size
)
{
return X509GetSubjectName (cert, cert_size, cert_subject, subject_size);
}
bool
libspdm_x509_get_common_name (
const uint8_t *cert,
size_t cert_size,
char *common_name,
size_t *common_name_size
)
{
EFI_STATUS Status;
Status = X509GetCommonName (cert, cert_size, common_name, common_name_size);
if (EFI_ERROR (Status)) {
return false;
} else {
return true;
}
}
bool
libspdm_x509_get_organization_name (
const uint8_t *cert,
size_t cert_size,
char *name_buffer,
size_t *name_buffer_size
)
{
EFI_STATUS Status;
Status = X509GetOrganizationName (cert, cert_size, name_buffer, name_buffer_size);
if (EFI_ERROR (Status)) {
return false;
} else {
return true;
}
}
bool
libspdm_x509_get_version (
const uint8_t *cert,
size_t cert_size,
size_t *version
)
{
return X509GetVersion (cert, cert_size, version);
}
bool
libspdm_x509_get_serial_number (
const uint8_t *cert,
size_t cert_size,
uint8_t *serial_number,
size_t *serial_number_size
)
{
return X509GetSerialNumber (cert, cert_size, serial_number, serial_number_size);
}
bool
libspdm_x509_get_issuer_name (
const uint8_t *cert,
size_t cert_size,
uint8_t *cert_issuer,
size_t *issuer_size
)
{
return X509GetIssuerName (cert, cert_size, cert_issuer, issuer_size);
}
bool
libspdm_x509_get_signature_algorithm (
const uint8_t *cert,
size_t cert_size,
uint8_t *oid,
size_t *oid_size
)
{
return X509GetSignatureAlgorithm (cert, cert_size, oid, oid_size);
}
bool
libspdm_x509_get_extension_data (
const uint8_t *cert,
size_t cert_size,
const uint8_t *oid,
size_t oid_size,
uint8_t *extension_data,
size_t *extension_data_size
)
{
return X509GetExtensionData (
cert,
cert_size,
oid,
oid_size,
extension_data,
extension_data_size
);
}
bool
libspdm_x509_get_validity (
const uint8_t *cert,
size_t cert_size,
uint8_t *from,
size_t *from_size,
uint8_t *to,
size_t *to_size
)
{
return X509GetValidity (cert, cert_size, from, from_size, to, to_size);
}
bool
libspdm_x509_set_date_time (
const char *date_time_str,
void *date_time,
size_t *date_time_size
)
{
return X509FormatDateTime (date_time_str, date_time, date_time_size);
}
int32_t
libspdm_x509_compare_date_time (
const void *date_time1,
const void *date_time2
)
{
return X509CompareDateTime (date_time1, date_time2);
}
bool
libspdm_x509_get_key_usage (
const uint8_t *cert,
size_t cert_size,
size_t *usage
)
{
return X509GetKeyUsage (cert, cert_size, usage);
}
bool
libspdm_x509_get_extended_key_usage (
const uint8_t *cert,
size_t cert_size,
uint8_t *usage,
size_t *usage_size
)
{
return X509GetExtendedKeyUsage (cert, cert_size, usage, usage_size);
}
bool
libspdm_x509_verify_cert (
const uint8_t *cert,
size_t cert_size,
const uint8_t *ca_cert,
size_t ca_cert_size
)
{
return X509VerifyCert (cert, cert_size, ca_cert, ca_cert_size);
}
bool
libspdm_x509_verify_cert_chain (
const uint8_t *root_cert,
size_t root_cert_length,
const uint8_t *cert_chain,
size_t cert_chain_length
)
{
return X509VerifyCertChain (root_cert, root_cert_length, cert_chain, cert_chain_length);
}
bool
libspdm_x509_get_cert_from_cert_chain (
const uint8_t *cert_chain,
size_t cert_chain_length,
const int32_t cert_index,
const uint8_t **cert,
size_t *cert_length
)
{
return X509GetCertFromCertChain (
cert_chain,
cert_chain_length,
cert_index,
cert,
cert_length
);
}
bool
libspdm_x509_construct_certificate (
const uint8_t *cert,
size_t cert_size,
uint8_t **single_x509_cert
)
{
return X509ConstructCertificate (cert, cert_size, single_x509_cert);
}
bool
libspdm_x509_get_extended_basic_constraints (
const uint8_t *cert,
size_t cert_size,
uint8_t *basic_constraints,
size_t *basic_constraints_size
)
{
return X509GetExtendedBasicConstraints (
cert,
cert_size,
basic_constraints,
basic_constraints_size
);
}
void *
libspdm_ec_new_by_nid (
size_t nid
)
{
return EcNewByNid (nid);
}
void
libspdm_ec_free (
void *ec_context
)
{
EcFree (ec_context);
}
bool
libspdm_ec_generate_key (
void *ec_context,
uint8_t *public_data,
size_t *public_size
)
{
return EcGenerateKey (ec_context, public_data, public_size);
}
bool
libspdm_ec_compute_key (
void *ec_context,
const uint8_t *peer_public,
size_t peer_public_size,
uint8_t *key,
size_t *key_size
)
{
return EcDhComputeKey (ec_context, peer_public, peer_public_size, NULL, key, key_size);
}
bool
libspdm_ecdsa_sign (
void *ec_context,
size_t hash_nid,
const uint8_t *message_hash,
size_t hash_size,
uint8_t *signature,
size_t *sig_size
)
{
return EcDsaSign (
ec_context,
hash_nid,
message_hash,
hash_size,
signature,
sig_size
);
}
bool
libspdm_ecdsa_verify (
void *ec_context,
size_t hash_nid,
const uint8_t *message_hash,
size_t hash_size,
const uint8_t *signature,
size_t sig_size
)
{
return EcDsaVerify (
ec_context,
hash_nid,
message_hash,
hash_size,
signature,
sig_size
);
}
bool
libspdm_random_bytes (
uint8_t *output,
size_t size
)
{
return RandomBytes (output, size);
}
bool
libspdm_hkdf_sha256_extract_and_expand (
const uint8_t *key,
size_t key_size,
const uint8_t *salt,
size_t salt_size,
const uint8_t *info,
size_t info_size,
uint8_t *out,
size_t out_size
)
{
return HkdfSha256ExtractAndExpand (
key,
key_size,
salt,
salt_size,
info,
info_size,
out,
out_size
);
}
bool
libspdm_hkdf_sha256_extract (
const uint8_t *key,
size_t key_size,
const uint8_t *salt,
size_t salt_size,
uint8_t *prk_out,
size_t prk_out_size
)
{
return HkdfSha256Extract (
key,
key_size,
salt,
salt_size,
prk_out,
prk_out_size
);
}
bool
libspdm_hkdf_sha256_expand (
const uint8_t *prk,
size_t prk_size,
const uint8_t *info,
size_t info_size,
uint8_t *out,
size_t out_size
)
{
return HkdfSha256Expand (
prk,
prk_size,
info,
info_size,
out,
out_size
);
}
bool
libspdm_hkdf_sha384_extract_and_expand (
const uint8_t *key,
size_t key_size,
const uint8_t *salt,
size_t salt_size,
const uint8_t *info,
size_t info_size,
uint8_t *out,
size_t out_size
)
{
return HkdfSha384ExtractAndExpand (
key,
key_size,
salt,
salt_size,
info,
info_size,
out,
out_size
);
}
bool
libspdm_hkdf_sha384_extract (
const uint8_t *key,
size_t key_size,
const uint8_t *salt,
size_t salt_size,
uint8_t *prk_out,
size_t prk_out_size
)
{
return HkdfSha384Extract (
key,
key_size,
salt,
salt_size,
prk_out,
prk_out_size
);
}
bool
libspdm_hkdf_sha384_expand (
const uint8_t *prk,
size_t prk_size,
const uint8_t *info,
size_t info_size,
uint8_t *out,
size_t out_size
)
{
return HkdfSha384Expand (
prk,
prk_size,
info,
info_size,
out,
out_size
);
}

38
SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf Normal file
View File

@@ -0,0 +1,38 @@
## @file
# SPDM library.
#
# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = CryptlibWrapper
FILE_GUID = 156C1B1B-6C2F-496a-496A-0548D1A9ED5B
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = CryptlibWrapper
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources]
CryptlibWrapper.c
[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses]
BaseLib
BaseMemoryLib
MemoryAllocationLib
DebugLib
BaseCryptLib
RngLib

177
SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c Normal file
View File

@@ -0,0 +1,177 @@
/** @file
EDKII Device Security library for SPDM device.
It follows the SPDM Specification.
Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
#include "hal/base.h"
#include "hal/library/memlib.h"
/**
* Copies bytes from a source buffer to a destination buffer.
*
* This function copies "src_len" bytes from "src_buf" to "dst_buf".
*
* Asserts and returns a non-zero value if any of the following are true:
* 1) "src_buf" or "dst_buf" are NULL.
* 2) "src_len" or "dst_len" is greater than (SIZE_MAX >> 1).
* 3) "src_len" is greater than "dst_len".
* 4) "src_buf" and "dst_buf" overlap.
*
* If any of these cases fail, a non-zero value is returned. Additionally if
* "dst_buf" points to a non-NULL value and "dst_len" is valid, then "dst_len"
* bytes of "dst_buf" are zeroed.
*
* This function follows the C11 cppreference description of memcpy_s.
* https://en.cppreference.com/w/c/string/byte/memcpy
* The cppreferece description does NOT allow the source or destination
* buffers to be NULL.
*
* This function differs from the Microsoft and Safeclib memcpy_s implementations
* in that the Microsoft and Safeclib implementations allow for NULL source and
* destinations pointers when the number of bytes to copy (src_len) is zero.
*
* In addition the Microsoft and Safeclib memcpy_s functions return different
* negative values on error. For best support, clients should generally check
* against zero for success or failure.
*
* @param dst_buf Destination buffer to copy to.
* @param dst_len Maximum length in bytes of the destination buffer.
* @param src_buf Source buffer to copy from.
* @param src_len The number of bytes to copy from the source buffer.
*
* @return 0 on success. non-zero on error.
*
**/
void
libspdm_copy_mem (
void *dst_buf,
size_t dst_len,
const void *src_buf,
size_t src_len
)
{
volatile uint8_t *dst;
const volatile uint8_t *src;
dst = (volatile uint8_t *)dst_buf;
src = (const volatile uint8_t *)src_buf;
/* Check for case where "dst" or "dst_len" may be invalid.
* Do not zero "dst" in this case. */
if ((dst == NULL) || (dst_len > (SIZE_MAX >> 1))) {
ASSERT (0);
}
/* Gaurd against invalid source. Zero "dst" in this case. */
if (src == NULL) {
ZeroMem (dst_buf, dst_len);
ASSERT (0);
}
/* Guard against overlap case. Zero "dst" in these cases. */
if (((src < dst) && (src + src_len > dst)) || ((dst < src) && (dst + src_len > src))) {
ZeroMem (dst_buf, dst_len);
ASSERT (0);
}
/* Guard against invalid lengths. Zero "dst" in these cases. */
if ((src_len > dst_len) ||
(src_len > (SIZE_MAX >> 1)))
{
ZeroMem (dst_buf, dst_len);
ASSERT (0);
}
while (src_len-- != 0) {
*(dst++) = *(src++);
}
}
/**
* Fills a target buffer with a byte value, and returns the target buffer.
*
* This function fills length bytes of buffer with value, and returns buffer.
*
* If length is greater than (MAX_ADDRESS - buffer + 1), then ASSERT().
*
* @param buffer The memory to set.
* @param length The number of bytes to set.
* @param value The value with which to fill length bytes of buffer.
*
* @return buffer.
*
**/
void
libspdm_set_mem (
void *buffer,
size_t length,
uint8_t value
)
{
SetMem (buffer, length, value);
}
/**
* Fills a target buffer with zeros, and returns the target buffer.
*
* This function fills length bytes of buffer with zeros, and returns buffer.
*
* If length > 0 and buffer is NULL, then ASSERT().
* If length is greater than (MAX_ADDRESS - buffer + 1), then ASSERT().
*
* @param buffer The pointer to the target buffer to fill with zeros.
* @param length The number of bytes in buffer to fill with zeros.
*
* @return buffer.
*
**/
void
libspdm_zero_mem (
void *buffer,
size_t length
)
{
ZeroMem (buffer, length);
}
/**
* Compares the contents of two buffers in const time.
*
* This function compares length bytes of source_buffer to length bytes of destination_buffer.
* If all length bytes of the two buffers are identical, then 0 is returned. Otherwise, the
* value returned is the first mismatched byte in source_buffer subtracted from the first
* mismatched byte in destination_buffer.
*
* If length > 0 and destination_buffer is NULL, then ASSERT().
* If length > 0 and source_buffer is NULL, then ASSERT().
* If length is greater than (MAX_ADDRESS - destination_buffer + 1), then ASSERT().
* If length is greater than (MAX_ADDRESS - source_buffer + 1), then ASSERT().
*
* @param destination_buffer A pointer to the destination buffer to compare.
* @param source_buffer A pointer to the source buffer to compare.
* @param length The number of bytes to compare.
*
* @return 0 All length bytes of the two buffers are identical.
* @retval Non-zero There is mismatched between source_buffer and destination_buffer.
*
**/
bool
libspdm_consttime_is_mem_equal (
const void *destination_buffer,
const void *source_buffer,
size_t length
)
{
if (CompareMem (destination_buffer, source_buffer, length) == 0) {
return true;
} else {
return false;
}
}

33
SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf Normal file
View File

@@ -0,0 +1,33 @@
## @file
# SPDM library.
#
# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = MemLibWrapper
FILE_GUID = d97bb726-6640-47dc-ae00-0cf2fbfb60f0
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = MemLibWrapper
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources]
MemLibWrapper.c
[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
BaseLib
DebugLib

85
SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c Normal file
View File

@@ -0,0 +1,85 @@
/** @file
EDKII Device Security library for SPDM device.
It follows the SPDM Specification.
Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
#include "hal/base.h"
/**
* Suspends the execution of the current thread until the time-out interval elapses.
*
* @param milliseconds The time interval for which execution is to be suspended, in milliseconds.
*
**/
void
libspdm_sleep (
uint64_t milliseconds
)
{
return;
}
/**
* Suspends the execution of the current thread until the time-out interval elapses.
*
* @param microseconds The time interval for which execution is to be suspended, in milliseconds.
*
**/
void
libspdm_sleep_in_us (
uint64_t microseconds
)
{
return;
}
/**
* If no heartbeat arrives in seconds, the watchdog timeout event
* should terminate the session.
*
* @param session_id Indicate the SPDM session ID.
* @param seconds heartbeat period, in seconds.
*
**/
bool
libspdm_start_watchdog (
uint32_t session_id,
uint16_t seconds
)
{
return true;
}
/**
* stop watchdog.
*
* @param session_id Indicate the SPDM session ID.
*
**/
bool
libspdm_stop_watchdog (
uint32_t session_id
)
{
return true;
}
/**
* Reset the watchdog in heartbeat response.
*
* @param session_id Indicate the SPDM session ID.
*
**/
bool
libspdm_reset_watchdog (
uint32_t session_id
)
{
return true;
}

33
SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf Normal file
View File

@@ -0,0 +1,33 @@
## @file
# SPDM library.
#
# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = PlatformLibWrapper
FILE_GUID = 2f8979d1-f9f0-4d51-9cbd-4f41dee59057
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = PlatformLibWrapper
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources]
PlatformLibWrapper.c
[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
BaseLib
DebugLib