diff options
Diffstat (limited to 'SecurityPkg/DeviceSecurity/OsStub')
6 files changed, 1336 insertions, 0 deletions
diff --git a/SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c b/SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c new file mode 100644 index 0000000..64db975 --- /dev/null +++ b/SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.c @@ -0,0 +1,970 @@ +/** @file
+ EDKII Device Security library for SPDM device.
+ It follows the SPDM Specification.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include "hal/base.h"
+#include "hal/library/cryptlib.h"
+
+void *
+libspdm_sha256_new (
+ void
+ )
+{
+ size_t CtxSize;
+ void *HashCtx;
+
+ HashCtx = NULL;
+ CtxSize = Sha256GetContextSize ();
+ HashCtx = AllocatePool (CtxSize);
+
+ return HashCtx;
+}
+
+void
+libspdm_sha256_free (
+ void *Sha256Ctx
+ )
+{
+ if (Sha256Ctx != NULL) {
+ FreePool (Sha256Ctx);
+ Sha256Ctx = NULL;
+ }
+}
+
+bool
+libspdm_sha256_init (
+ void *Sha256Ctx
+ )
+{
+ return Sha256Init (Sha256Ctx);
+}
+
+bool
+libspdm_sha256_duplicate (
+ const void *Sha256Context,
+ void *NewSha256Context
+ )
+{
+ return Sha256Duplicate (Sha256Context, NewSha256Context);
+}
+
+bool
+libspdm_sha256_update (
+ void *Sha256Context,
+ const void *Data,
+ size_t DataSize
+ )
+{
+ return Sha256Update (Sha256Context, Data, DataSize);
+}
+
+bool
+libspdm_sha256_final (
+ void *sha256_context,
+ uint8_t *hash_value
+ )
+{
+ return Sha256Final (sha256_context, hash_value);
+}
+
+bool
+libspdm_sha256_hash_all (
+ const void *data,
+ size_t data_size,
+ uint8_t *hash_value
+ )
+{
+ return Sha256HashAll (data, data_size, hash_value);
+}
+
+void *
+libspdm_sha384_new (
+ void
+ )
+{
+ size_t CtxSize;
+ void *HashCtx;
+
+ HashCtx = NULL;
+ CtxSize = Sha384GetContextSize ();
+ HashCtx = AllocatePool (CtxSize);
+
+ return HashCtx;
+}
+
+void
+libspdm_sha384_free (
+ void *Sha384Ctx
+ )
+{
+ if (Sha384Ctx != NULL) {
+ FreePool (Sha384Ctx);
+ Sha384Ctx = NULL;
+ }
+}
+
+bool
+libspdm_sha384_init (
+ void *sha384_context
+ )
+{
+ return Sha384Init (sha384_context);
+}
+
+bool
+libspdm_sha384_duplicate (
+ const void *sha384_context,
+ void *new_sha384_context
+ )
+{
+ return Sha384Duplicate (sha384_context, new_sha384_context);
+}
+
+bool
+libspdm_sha384_update (
+ void *sha384_context,
+ const void *data,
+ size_t data_size
+ )
+{
+ return Sha384Update (sha384_context, data, data_size);
+}
+
+bool
+libspdm_sha384_final (
+ void *sha384_context,
+ uint8_t *hash_value
+ )
+{
+ return Sha384Final (sha384_context, hash_value);
+}
+
+bool
+libspdm_sha384_hash_all (
+ const void *data,
+ size_t data_size,
+ uint8_t *hash_value
+ )
+{
+ return Sha384HashAll (data, data_size, hash_value);
+}
+
+void *
+libspdm_hmac_sha256_new (
+ void
+ )
+{
+ return HmacSha256New ();
+}
+
+void
+libspdm_hmac_sha256_free (
+ void *hmac_sha256_ctx
+ )
+{
+ HmacSha256Free (hmac_sha256_ctx);
+}
+
+bool
+libspdm_hmac_sha256_set_key (
+ void *hmac_sha256_ctx,
+ const uint8_t *key,
+ size_t key_size
+ )
+{
+ return HmacSha256SetKey (hmac_sha256_ctx, key, key_size);
+}
+
+bool
+libspdm_hmac_sha256_duplicate (
+ const void *hmac_sha256_ctx,
+ void *new_hmac_sha256_ctx
+ )
+{
+ return HmacSha256Duplicate (hmac_sha256_ctx, new_hmac_sha256_ctx);
+}
+
+bool
+libspdm_hmac_sha256_update (
+ void *hmac_sha256_ctx,
+ const void *data,
+ size_t data_size
+ )
+{
+ return HmacSha256Update (hmac_sha256_ctx, data, data_size);
+}
+
+bool
+libspdm_hmac_sha256_final (
+ void *hmac_sha256_ctx,
+ uint8_t *hmac_value
+ )
+{
+ return HmacSha256Final (hmac_sha256_ctx, hmac_value);
+}
+
+bool
+libspdm_hmac_sha256_all (
+ const void *data,
+ size_t data_size,
+ const uint8_t *key,
+ size_t key_size,
+ uint8_t *hmac_value
+ )
+{
+ return HmacSha256All (data, data_size, key, key_size, hmac_value);
+}
+
+void *
+libspdm_hmac_sha384_new (
+ void
+ )
+{
+ return HmacSha384New ();
+}
+
+void
+libspdm_hmac_sha384_free (
+ void *hmac_sha384_ctx
+ )
+{
+ HmacSha384Free (hmac_sha384_ctx);
+}
+
+bool
+libspdm_hmac_sha384_set_key (
+ void *hmac_sha384_ctx,
+ const uint8_t *key,
+ size_t key_size
+ )
+{
+ return HmacSha384SetKey (hmac_sha384_ctx, key, key_size);
+}
+
+bool
+libspdm_hmac_sha384_duplicate (
+ const void *hmac_sha384_ctx,
+ void *new_hmac_sha384_ctx
+ )
+{
+ return HmacSha384Duplicate (hmac_sha384_ctx, new_hmac_sha384_ctx);
+}
+
+bool
+libspdm_hmac_sha384_update (
+ void *hmac_sha384_ctx,
+ const void *data,
+ size_t data_size
+ )
+{
+ return HmacSha384Update (hmac_sha384_ctx, data, data_size);
+}
+
+bool
+libspdm_hmac_sha384_final (
+ void *hmac_sha384_ctx,
+ uint8_t *hmac_value
+ )
+{
+ return HmacSha384Final (hmac_sha384_ctx, hmac_value);
+}
+
+bool
+libspdm_hmac_sha384_all (
+ const void *data,
+ size_t data_size,
+ const uint8_t *key,
+ size_t key_size,
+ uint8_t *hmac_value
+ )
+{
+ return HmacSha384All (data, data_size, key, key_size, hmac_value);
+}
+
+bool
+libspdm_aead_aes_gcm_encrypt (
+ const uint8_t *key,
+ size_t key_size,
+ const uint8_t *iv,
+ size_t iv_size,
+ const uint8_t *a_data,
+ size_t a_data_size,
+ const uint8_t *data_in,
+ size_t data_in_size,
+ uint8_t *tag_out,
+ size_t tag_size,
+ uint8_t *data_out,
+ size_t *data_out_size
+ )
+{
+ return AeadAesGcmEncrypt (
+ key,
+ key_size,
+ iv,
+ iv_size,
+ a_data,
+ a_data_size,
+ data_in,
+ data_in_size,
+ tag_out,
+ tag_size,
+ data_out,
+ data_out_size
+ );
+}
+
+bool
+libspdm_aead_aes_gcm_decrypt (
+ const uint8_t *key,
+ size_t key_size,
+ const uint8_t *iv,
+ size_t iv_size,
+ const uint8_t *a_data,
+ size_t a_data_size,
+ const uint8_t *data_in,
+ size_t data_in_size,
+ const uint8_t *tag,
+ size_t tag_size,
+ uint8_t *data_out,
+ size_t *data_out_size
+ )
+{
+ return AeadAesGcmDecrypt (
+ key,
+ key_size,
+ iv,
+ iv_size,
+ a_data,
+ a_data_size,
+ data_in,
+ data_in_size,
+ tag,
+ tag_size,
+ data_out,
+ data_out_size
+ );
+}
+
+void
+libspdm_rsa_free (
+ void *rsa_context
+ )
+{
+ RsaFree (rsa_context);
+}
+
+bool
+libspdm_rsa_pkcs1_sign_with_nid (
+ void *rsa_context,
+ size_t hash_nid,
+ const uint8_t *message_hash,
+ size_t hash_size,
+ uint8_t *signature,
+ size_t *sig_size
+ )
+{
+ switch (hash_nid) {
+ case CRYPTO_NID_SHA256:
+ if (hash_size != SHA256_DIGEST_SIZE) {
+ return FALSE;
+ }
+
+ break;
+
+ case CRYPTO_NID_SHA384:
+ if (hash_size != SHA384_DIGEST_SIZE) {
+ return FALSE;
+ }
+
+ break;
+
+ case CRYPTO_NID_SHA512:
+ if (hash_size != SHA512_DIGEST_SIZE) {
+ return FALSE;
+ }
+
+ break;
+
+ default:
+ return FALSE;
+ }
+
+ return RsaPkcs1Sign (
+ rsa_context,
+ message_hash,
+ hash_size,
+ signature,
+ sig_size
+ );
+}
+
+bool
+libspdm_rsa_pkcs1_verify_with_nid (
+ void *rsa_context,
+ size_t hash_nid,
+ const uint8_t *message_hash,
+ size_t hash_size,
+ const uint8_t *signature,
+ size_t sig_size
+ )
+{
+ switch (hash_nid) {
+ case CRYPTO_NID_SHA256:
+ if (hash_size != SHA256_DIGEST_SIZE) {
+ return false;
+ }
+
+ break;
+
+ case CRYPTO_NID_SHA384:
+ if (hash_size != SHA384_DIGEST_SIZE) {
+ return false;
+ }
+
+ break;
+
+ case CRYPTO_NID_SHA512:
+ if (hash_size != SHA512_DIGEST_SIZE) {
+ return false;
+ }
+
+ break;
+
+ default:
+ return false;
+ }
+
+ return RsaPkcs1Verify (
+ rsa_context,
+ message_hash,
+ hash_size,
+ signature,
+ sig_size
+ );
+}
+
+bool
+libspdm_rsa_get_private_key_from_pem (
+ const uint8_t *pem_data,
+ size_t pem_size,
+ const char *password,
+ void **rsa_context
+ )
+{
+ return RsaGetPrivateKeyFromPem (pem_data, pem_size, password, rsa_context);
+}
+
+bool
+libspdm_rsa_get_public_key_from_x509 (
+ const uint8_t *cert,
+ size_t cert_size,
+ void **rsa_context
+ )
+{
+ return RsaGetPublicKeyFromX509 (cert, cert_size, rsa_context);
+}
+
+bool
+libspdm_ec_get_public_key_from_der (
+ const uint8_t *der_data,
+ size_t der_size,
+ void **ec_context
+ )
+{
+ return false;
+}
+
+bool
+libspdm_rsa_get_public_key_from_der (
+ const uint8_t *der_data,
+ size_t der_size,
+ void **rsa_context
+ )
+{
+ return false;
+}
+
+bool
+libspdm_ec_get_private_key_from_pem (
+ const uint8_t *pem_data,
+ size_t pem_size,
+ const char *password,
+ void **ec_context
+ )
+{
+ return EcGetPrivateKeyFromPem (pem_data, pem_size, password, ec_context);
+}
+
+bool
+libspdm_ec_get_public_key_from_x509 (
+ const uint8_t *cert,
+ size_t cert_size,
+ void **ec_context
+ )
+{
+ return EcGetPublicKeyFromX509 (cert, cert_size, ec_context);
+}
+
+bool
+libspdm_asn1_get_tag (
+ uint8_t **ptr,
+ const uint8_t *end,
+ size_t *length,
+ uint32_t tag
+ )
+{
+ return Asn1GetTag (ptr, end, length, tag);
+}
+
+bool
+libspdm_x509_get_subject_name (
+ const uint8_t *cert,
+ size_t cert_size,
+ uint8_t *cert_subject,
+ size_t *subject_size
+ )
+{
+ return X509GetSubjectName (cert, cert_size, cert_subject, subject_size);
+}
+
+bool
+libspdm_x509_get_common_name (
+ const uint8_t *cert,
+ size_t cert_size,
+ char *common_name,
+ size_t *common_name_size
+ )
+{
+ EFI_STATUS Status;
+
+ Status = X509GetCommonName (cert, cert_size, common_name, common_name_size);
+ if (EFI_ERROR (Status)) {
+ return false;
+ } else {
+ return true;
+ }
+}
+
+bool
+libspdm_x509_get_organization_name (
+ const uint8_t *cert,
+ size_t cert_size,
+ char *name_buffer,
+ size_t *name_buffer_size
+ )
+{
+ EFI_STATUS Status;
+
+ Status = X509GetOrganizationName (cert, cert_size, name_buffer, name_buffer_size);
+ if (EFI_ERROR (Status)) {
+ return false;
+ } else {
+ return true;
+ }
+}
+
+bool
+libspdm_x509_get_version (
+ const uint8_t *cert,
+ size_t cert_size,
+ size_t *version
+ )
+{
+ return X509GetVersion (cert, cert_size, version);
+}
+
+bool
+libspdm_x509_get_serial_number (
+ const uint8_t *cert,
+ size_t cert_size,
+ uint8_t *serial_number,
+ size_t *serial_number_size
+ )
+{
+ return X509GetSerialNumber (cert, cert_size, serial_number, serial_number_size);
+}
+
+bool
+libspdm_x509_get_issuer_name (
+ const uint8_t *cert,
+ size_t cert_size,
+ uint8_t *cert_issuer,
+ size_t *issuer_size
+ )
+{
+ return X509GetIssuerName (cert, cert_size, cert_issuer, issuer_size);
+}
+
+bool
+libspdm_x509_get_signature_algorithm (
+ const uint8_t *cert,
+ size_t cert_size,
+ uint8_t *oid,
+ size_t *oid_size
+ )
+{
+ return X509GetSignatureAlgorithm (cert, cert_size, oid, oid_size);
+}
+
+bool
+libspdm_x509_get_extension_data (
+ const uint8_t *cert,
+ size_t cert_size,
+ const uint8_t *oid,
+ size_t oid_size,
+ uint8_t *extension_data,
+ size_t *extension_data_size
+ )
+{
+ return X509GetExtensionData (
+ cert,
+ cert_size,
+ oid,
+ oid_size,
+ extension_data,
+ extension_data_size
+ );
+}
+
+bool
+libspdm_x509_get_validity (
+ const uint8_t *cert,
+ size_t cert_size,
+ uint8_t *from,
+ size_t *from_size,
+ uint8_t *to,
+ size_t *to_size
+ )
+{
+ return X509GetValidity (cert, cert_size, from, from_size, to, to_size);
+}
+
+bool
+libspdm_x509_set_date_time (
+ const char *date_time_str,
+ void *date_time,
+ size_t *date_time_size
+ )
+{
+ return X509FormatDateTime (date_time_str, date_time, date_time_size);
+}
+
+int32_t
+libspdm_x509_compare_date_time (
+ const void *date_time1,
+ const void *date_time2
+ )
+{
+ return X509CompareDateTime (date_time1, date_time2);
+}
+
+bool
+libspdm_x509_get_key_usage (
+ const uint8_t *cert,
+ size_t cert_size,
+ size_t *usage
+ )
+{
+ return X509GetKeyUsage (cert, cert_size, usage);
+}
+
+bool
+libspdm_x509_get_extended_key_usage (
+ const uint8_t *cert,
+ size_t cert_size,
+ uint8_t *usage,
+ size_t *usage_size
+ )
+{
+ return X509GetExtendedKeyUsage (cert, cert_size, usage, usage_size);
+}
+
+bool
+libspdm_x509_verify_cert (
+ const uint8_t *cert,
+ size_t cert_size,
+ const uint8_t *ca_cert,
+ size_t ca_cert_size
+ )
+{
+ return X509VerifyCert (cert, cert_size, ca_cert, ca_cert_size);
+}
+
+bool
+libspdm_x509_verify_cert_chain (
+ const uint8_t *root_cert,
+ size_t root_cert_length,
+ const uint8_t *cert_chain,
+ size_t cert_chain_length
+ )
+{
+ return X509VerifyCertChain (root_cert, root_cert_length, cert_chain, cert_chain_length);
+}
+
+bool
+libspdm_x509_get_cert_from_cert_chain (
+ const uint8_t *cert_chain,
+ size_t cert_chain_length,
+ const int32_t cert_index,
+ const uint8_t **cert,
+ size_t *cert_length
+ )
+{
+ return X509GetCertFromCertChain (
+ cert_chain,
+ cert_chain_length,
+ cert_index,
+ cert,
+ cert_length
+ );
+}
+
+bool
+libspdm_x509_construct_certificate (
+ const uint8_t *cert,
+ size_t cert_size,
+ uint8_t **single_x509_cert
+ )
+{
+ return X509ConstructCertificate (cert, cert_size, single_x509_cert);
+}
+
+bool
+libspdm_x509_get_extended_basic_constraints (
+ const uint8_t *cert,
+ size_t cert_size,
+ uint8_t *basic_constraints,
+ size_t *basic_constraints_size
+ )
+{
+ return X509GetExtendedBasicConstraints (
+ cert,
+ cert_size,
+ basic_constraints,
+ basic_constraints_size
+ );
+}
+
+void *
+libspdm_ec_new_by_nid (
+ size_t nid
+ )
+{
+ return EcNewByNid (nid);
+}
+
+void
+libspdm_ec_free (
+ void *ec_context
+ )
+{
+ EcFree (ec_context);
+}
+
+bool
+libspdm_ec_generate_key (
+ void *ec_context,
+ uint8_t *public_data,
+ size_t *public_size
+ )
+{
+ return EcGenerateKey (ec_context, public_data, public_size);
+}
+
+bool
+libspdm_ec_compute_key (
+ void *ec_context,
+ const uint8_t *peer_public,
+ size_t peer_public_size,
+ uint8_t *key,
+ size_t *key_size
+ )
+{
+ return EcDhComputeKey (ec_context, peer_public, peer_public_size, NULL, key, key_size);
+}
+
+bool
+libspdm_ecdsa_sign (
+ void *ec_context,
+ size_t hash_nid,
+ const uint8_t *message_hash,
+ size_t hash_size,
+ uint8_t *signature,
+ size_t *sig_size
+ )
+{
+ return EcDsaSign (
+ ec_context,
+ hash_nid,
+ message_hash,
+ hash_size,
+ signature,
+ sig_size
+ );
+}
+
+bool
+libspdm_ecdsa_verify (
+ void *ec_context,
+ size_t hash_nid,
+ const uint8_t *message_hash,
+ size_t hash_size,
+ const uint8_t *signature,
+ size_t sig_size
+ )
+{
+ return EcDsaVerify (
+ ec_context,
+ hash_nid,
+ message_hash,
+ hash_size,
+ signature,
+ sig_size
+ );
+}
+
+bool
+libspdm_random_bytes (
+ uint8_t *output,
+ size_t size
+ )
+{
+ return RandomBytes (output, size);
+}
+
+bool
+libspdm_hkdf_sha256_extract_and_expand (
+ const uint8_t *key,
+ size_t key_size,
+ const uint8_t *salt,
+ size_t salt_size,
+ const uint8_t *info,
+ size_t info_size,
+ uint8_t *out,
+ size_t out_size
+ )
+{
+ return HkdfSha256ExtractAndExpand (
+ key,
+ key_size,
+ salt,
+ salt_size,
+ info,
+ info_size,
+ out,
+ out_size
+ );
+}
+
+bool
+libspdm_hkdf_sha256_extract (
+ const uint8_t *key,
+ size_t key_size,
+ const uint8_t *salt,
+ size_t salt_size,
+ uint8_t *prk_out,
+ size_t prk_out_size
+ )
+{
+ return HkdfSha256Extract (
+ key,
+ key_size,
+ salt,
+ salt_size,
+ prk_out,
+ prk_out_size
+ );
+}
+
+bool
+libspdm_hkdf_sha256_expand (
+ const uint8_t *prk,
+ size_t prk_size,
+ const uint8_t *info,
+ size_t info_size,
+ uint8_t *out,
+ size_t out_size
+ )
+{
+ return HkdfSha256Expand (
+ prk,
+ prk_size,
+ info,
+ info_size,
+ out,
+ out_size
+ );
+}
+
+bool
+libspdm_hkdf_sha384_extract_and_expand (
+ const uint8_t *key,
+ size_t key_size,
+ const uint8_t *salt,
+ size_t salt_size,
+ const uint8_t *info,
+ size_t info_size,
+ uint8_t *out,
+ size_t out_size
+ )
+{
+ return HkdfSha384ExtractAndExpand (
+ key,
+ key_size,
+ salt,
+ salt_size,
+ info,
+ info_size,
+ out,
+ out_size
+ );
+}
+
+bool
+libspdm_hkdf_sha384_extract (
+ const uint8_t *key,
+ size_t key_size,
+ const uint8_t *salt,
+ size_t salt_size,
+ uint8_t *prk_out,
+ size_t prk_out_size
+ )
+{
+ return HkdfSha384Extract (
+ key,
+ key_size,
+ salt,
+ salt_size,
+ prk_out,
+ prk_out_size
+ );
+}
+
+bool
+libspdm_hkdf_sha384_expand (
+ const uint8_t *prk,
+ size_t prk_size,
+ const uint8_t *info,
+ size_t info_size,
+ uint8_t *out,
+ size_t out_size
+ )
+{
+ return HkdfSha384Expand (
+ prk,
+ prk_size,
+ info,
+ info_size,
+ out,
+ out_size
+ );
+}
diff --git a/SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf b/SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf new file mode 100644 index 0000000..0b64ab0 --- /dev/null +++ b/SecurityPkg/DeviceSecurity/OsStub/CryptlibWrapper/CryptlibWrapper.inf @@ -0,0 +1,38 @@ +## @file
+# SPDM library.
+#
+# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = CryptlibWrapper
+ FILE_GUID = 156C1B1B-6C2F-496a-496A-0548D1A9ED5B
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = CryptlibWrapper
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
+#
+
+[Sources]
+ CryptlibWrapper.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ MemoryAllocationLib
+ DebugLib
+ BaseCryptLib
+ RngLib
diff --git a/SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c b/SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c new file mode 100644 index 0000000..42eeecd --- /dev/null +++ b/SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.c @@ -0,0 +1,177 @@ +/** @file
+ EDKII Device Security library for SPDM device.
+ It follows the SPDM Specification.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include "hal/base.h"
+#include "hal/library/memlib.h"
+
+/**
+ * Copies bytes from a source buffer to a destination buffer.
+ *
+ * This function copies "src_len" bytes from "src_buf" to "dst_buf".
+ *
+ * Asserts and returns a non-zero value if any of the following are true:
+ * 1) "src_buf" or "dst_buf" are NULL.
+ * 2) "src_len" or "dst_len" is greater than (SIZE_MAX >> 1).
+ * 3) "src_len" is greater than "dst_len".
+ * 4) "src_buf" and "dst_buf" overlap.
+ *
+ * If any of these cases fail, a non-zero value is returned. Additionally if
+ * "dst_buf" points to a non-NULL value and "dst_len" is valid, then "dst_len"
+ * bytes of "dst_buf" are zeroed.
+ *
+ * This function follows the C11 cppreference description of memcpy_s.
+ * https://en.cppreference.com/w/c/string/byte/memcpy
+ * The cppreferece description does NOT allow the source or destination
+ * buffers to be NULL.
+ *
+ * This function differs from the Microsoft and Safeclib memcpy_s implementations
+ * in that the Microsoft and Safeclib implementations allow for NULL source and
+ * destinations pointers when the number of bytes to copy (src_len) is zero.
+ *
+ * In addition the Microsoft and Safeclib memcpy_s functions return different
+ * negative values on error. For best support, clients should generally check
+ * against zero for success or failure.
+ *
+ * @param dst_buf Destination buffer to copy to.
+ * @param dst_len Maximum length in bytes of the destination buffer.
+ * @param src_buf Source buffer to copy from.
+ * @param src_len The number of bytes to copy from the source buffer.
+ *
+ * @return 0 on success. non-zero on error.
+ *
+ **/
+void
+libspdm_copy_mem (
+ void *dst_buf,
+ size_t dst_len,
+ const void *src_buf,
+ size_t src_len
+ )
+{
+ volatile uint8_t *dst;
+ const volatile uint8_t *src;
+
+ dst = (volatile uint8_t *)dst_buf;
+ src = (const volatile uint8_t *)src_buf;
+
+ /* Check for case where "dst" or "dst_len" may be invalid.
+ * Do not zero "dst" in this case. */
+ if ((dst == NULL) || (dst_len > (SIZE_MAX >> 1))) {
+ ASSERT (0);
+ }
+
+ /* Gaurd against invalid source. Zero "dst" in this case. */
+ if (src == NULL) {
+ ZeroMem (dst_buf, dst_len);
+ ASSERT (0);
+ }
+
+ /* Guard against overlap case. Zero "dst" in these cases. */
+ if (((src < dst) && (src + src_len > dst)) || ((dst < src) && (dst + src_len > src))) {
+ ZeroMem (dst_buf, dst_len);
+ ASSERT (0);
+ }
+
+ /* Guard against invalid lengths. Zero "dst" in these cases. */
+ if ((src_len > dst_len) ||
+ (src_len > (SIZE_MAX >> 1)))
+ {
+ ZeroMem (dst_buf, dst_len);
+ ASSERT (0);
+ }
+
+ while (src_len-- != 0) {
+ *(dst++) = *(src++);
+ }
+}
+
+/**
+ * Fills a target buffer with a byte value, and returns the target buffer.
+ *
+ * This function fills length bytes of buffer with value, and returns buffer.
+ *
+ * If length is greater than (MAX_ADDRESS - buffer + 1), then ASSERT().
+ *
+ * @param buffer The memory to set.
+ * @param length The number of bytes to set.
+ * @param value The value with which to fill length bytes of buffer.
+ *
+ * @return buffer.
+ *
+ **/
+void
+libspdm_set_mem (
+ void *buffer,
+ size_t length,
+ uint8_t value
+ )
+{
+ SetMem (buffer, length, value);
+}
+
+/**
+ * Fills a target buffer with zeros, and returns the target buffer.
+ *
+ * This function fills length bytes of buffer with zeros, and returns buffer.
+ *
+ * If length > 0 and buffer is NULL, then ASSERT().
+ * If length is greater than (MAX_ADDRESS - buffer + 1), then ASSERT().
+ *
+ * @param buffer The pointer to the target buffer to fill with zeros.
+ * @param length The number of bytes in buffer to fill with zeros.
+ *
+ * @return buffer.
+ *
+ **/
+void
+libspdm_zero_mem (
+ void *buffer,
+ size_t length
+ )
+{
+ ZeroMem (buffer, length);
+}
+
+/**
+ * Compares the contents of two buffers in const time.
+ *
+ * This function compares length bytes of source_buffer to length bytes of destination_buffer.
+ * If all length bytes of the two buffers are identical, then 0 is returned. Otherwise, the
+ * value returned is the first mismatched byte in source_buffer subtracted from the first
+ * mismatched byte in destination_buffer.
+ *
+ * If length > 0 and destination_buffer is NULL, then ASSERT().
+ * If length > 0 and source_buffer is NULL, then ASSERT().
+ * If length is greater than (MAX_ADDRESS - destination_buffer + 1), then ASSERT().
+ * If length is greater than (MAX_ADDRESS - source_buffer + 1), then ASSERT().
+ *
+ * @param destination_buffer A pointer to the destination buffer to compare.
+ * @param source_buffer A pointer to the source buffer to compare.
+ * @param length The number of bytes to compare.
+ *
+ * @return 0 All length bytes of the two buffers are identical.
+ * @retval Non-zero There is mismatched between source_buffer and destination_buffer.
+ *
+ **/
+bool
+libspdm_consttime_is_mem_equal (
+ const void *destination_buffer,
+ const void *source_buffer,
+ size_t length
+ )
+{
+ if (CompareMem (destination_buffer, source_buffer, length) == 0) {
+ return true;
+ } else {
+ return false;
+ }
+}
diff --git a/SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf b/SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf new file mode 100644 index 0000000..f5b92aa --- /dev/null +++ b/SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf @@ -0,0 +1,33 @@ +## @file
+# SPDM library.
+#
+# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = MemLibWrapper
+ FILE_GUID = d97bb726-6640-47dc-ae00-0cf2fbfb60f0
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = MemLibWrapper
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
+#
+
+[Sources]
+ MemLibWrapper.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ DebugLib
diff --git a/SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c b/SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c new file mode 100644 index 0000000..6e9256e --- /dev/null +++ b/SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.c @@ -0,0 +1,85 @@ +/** @file
+ EDKII Device Security library for SPDM device.
+ It follows the SPDM Specification.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include "hal/base.h"
+
+/**
+ * Suspends the execution of the current thread until the time-out interval elapses.
+ *
+ * @param milliseconds The time interval for which execution is to be suspended, in milliseconds.
+ *
+ **/
+void
+libspdm_sleep (
+ uint64_t milliseconds
+ )
+{
+ return;
+}
+
+/**
+ * Suspends the execution of the current thread until the time-out interval elapses.
+ *
+ * @param microseconds The time interval for which execution is to be suspended, in milliseconds.
+ *
+ **/
+void
+libspdm_sleep_in_us (
+ uint64_t microseconds
+ )
+{
+ return;
+}
+
+/**
+ * If no heartbeat arrives in seconds, the watchdog timeout event
+ * should terminate the session.
+ *
+ * @param session_id Indicate the SPDM session ID.
+ * @param seconds heartbeat period, in seconds.
+ *
+ **/
+bool
+libspdm_start_watchdog (
+ uint32_t session_id,
+ uint16_t seconds
+ )
+{
+ return true;
+}
+
+/**
+ * stop watchdog.
+ *
+ * @param session_id Indicate the SPDM session ID.
+ *
+ **/
+bool
+libspdm_stop_watchdog (
+ uint32_t session_id
+ )
+{
+ return true;
+}
+
+/**
+ * Reset the watchdog in heartbeat response.
+ *
+ * @param session_id Indicate the SPDM session ID.
+ *
+ **/
+bool
+libspdm_reset_watchdog (
+ uint32_t session_id
+ )
+{
+ return true;
+}
diff --git a/SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf b/SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf new file mode 100644 index 0000000..269b4bf --- /dev/null +++ b/SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf @@ -0,0 +1,33 @@ +## @file
+# SPDM library.
+#
+# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = PlatformLibWrapper
+ FILE_GUID = 2f8979d1-f9f0-4d51-9cbd-4f41dee59057
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = PlatformLibWrapper
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
+#
+
+[Sources]
+ PlatformLibWrapper.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ DebugLib
|