1. Specification

   DSP0274 Security Protocol and Data Model (SPDM) Specification (version 1.0.0 and version 1.1.0c)

   DSP0276 Secured MCTP Messages over MCTP Binding Specification (version 1.0.0a)

2. Both SPDM requester and SPDM responder.

3. Programming Context:

   No heap is required in the SPDM lib. No writable global variable is required in the SPDM lib.

4. Implemented command and response:

   SPDM 1.0: GET_VERSION, GET_CAPABILITY, NEGOTIATE_ALGORITHM, GET_DIGEST, GET_CERTIFICATE, CHALLENGE, GET_MEASUREMENT.

   SPDM 1.1: KEY_EXCHANGE, FINISH, PSK_EXCHANGE, PSK_FINISH, END_SESSION, HEARTBEAT, KEY_UPDATE, ENCAPSULATED message

5. Cryptographic algorithm support:

   The SPDM lib requires cryptolib API, including random number, symmetric crypto, asymmetric crypto, hash and message authentication code etc.

   Current support algorithm: SHA-2, RSA-SSA/ECDSA, FFDHE/ECDHE, AES_GCM/ChaCha20Poly1305, HMAC.

   An MbedTls wrapper is included in BaseCryptLibMbedTls.

   An Openssl wrapper is included in BaseCryptLibOpenssl.

6. Execution context:

   Support to build an OS application for SpdmRequester and SpdmResponder to trace the communication.

   Support to be included in UEFI host environment, such as SpdmRequester

7. openspdm library design:

   The detailed design can be found at Design

1. Visual Studio (VS2015 or VS2019)

2. GCC (above GCC5)

3. LLVM (LLVM9)

   Download and install LLVM9. Ensure LLVM9 executable directory is in PATH environment variable.

1. MbedTls as Crypto library

   Please download mbedtls-2.16.6 and unzip it. Rename mbedtls-2.16.6 to mbedtls and put mbedtls under MbedTlsLib

2. Openssl as crypto library

   Please download openssl-1.1.1g and unzip it. Rename openssl-1.1.1g to openssl and put openssl under OpensslLib

1. cmocka

   Please download cmocka-1.1.5 and unzip it. Rename cmocka-1.1.5 to cmocka and put cmocka under CmockaLib

1. Use Visual Studio

   Tool : Visual Studio 2015 (TOOLCHAIN=VS2015)

   Open visual studio 2015 command prompt at openspdm dir and type nmake ARCH=<X64|Ia32> TARGET=<DEBUG|RELEASE> CRYPTO=<MbedTls|Openssl> -e WORKSPACE=<openspdm_root_dir>. (Use x86 command prompt for ARCH=Ia32 and x64 command prompt for ARCH=X64)

   Tool : Visual Studio 2019 (TOOLCHAIN=VS2019)

   Open visual studio 2019 command prompt at openspdm dir and type nmake ARCH=<X64|Ia32> TOOLCHAIN=VS2019 TARGET=<DEBUG|RELEASE> CRYPTO=<MbedTls|Openssl> -e WORKSPACE=<openspdm_root_dir>. (Use x86 command prompt for ARCH=Ia32 and x64 command prompt for ARCH=X64)

2. Use LLVM

   Tool : LLVM x86_64-pc-windows-msvc (TOOLCHAIN=CLANG)

   Open visual studio 2019 command prompt at openspdm dir and type make ARCH=<X64|Ia32> TOOLCHAIN=CLANG TARGET=<DEBUG|RELEASE> CRYPTO=<MbedTls|Openssl> -e WORKSPACE=<openspdm_root_dir>. (Use x86 command prompt for ARCH=Ia32 and x64 command prompt for ARCH=X64)

1. Use GCC

   Tool : GCC (TOOLCHAIN=GCC)

   Open command prompt at openspdm dir and type make -f GNUmakefile ARCH=<X64|Ia32> TARGET=<DEBUG|RELEASE> CRYPTO=<MbedTls|Openssl> -e WORKSPACE=<openspdm_root_dir>.

2. Use LLVM

   Tool : LLVM (TOOLCHAIN=CLANG)

   Open command prompt at openspdm dir and type make -f GNUmakefile ARCH=<X64|Ia32> TOOLCHAIN=CLANG TARGET=<DEBUG|RELEASE> CRYPTO=<MbedTls|Openssl> -e WORKSPACE=<openspdm_root_dir>.

The OsTest output is at openspdm/Build/<TARGET>_<TOOLCHAIN>/<ARCH>. Open one command prompt at output dir to run SpdmResponderTest and another command prompt to run SpdmRequesterTest.

The UnitTest output is at openspdm/Build/<TARGET>_<TOOLCHAIN>/<ARCH>. Open one command prompt at output dir to run TestSpdmRequester and TestSpdmResponder.

You may see something like:

      [==========] Running 2 test(s).
      [ RUN      ] TestSpdmResponderVersionCase1
      [       OK ] TestSpdmResponderVersionCase1
      [ RUN      ] TestSpdmResponderVersionCase2
      [       OK ] TestSpdmResponderVersionCase2
      [==========] 2 test(s) run.
      [  PASSED  ] 2 test(s).
   

openspdm also supports other test such as code coverage, fuzzing, symbolic execution, model checker. Please refer to Test

1. Other architectures such as Arm, AArch64, RiscV64, or Arc.

2. Please refer to issues for detail

This package is only the sample code to show the concept. It does not have a full validation such as robustness functional test and fuzzing test. It does not meet the production quality yet. Any codes including the API definition, the libary and the drivers are subject to change.