replace spdm-rs url and upgrading spdm

Signed-off-by: OuyangHang33 <[email protected]>

Author: OuyangHang33

.gitmodules

@@ -1,9 +1,6 @@
 [submodule "deps/td-shim"]
 	path = deps/td-shim
 	url = https://github.com/confidential-containers/td-shim
-[submodule "deps/rust-spdm"]
-	path = deps/rust-spdm
-	url = https://github.com/intel/rust-spdm
 [submodule "deps/rust-tpm-20-ref/ms-tpm-20-ref"]
 	path = deps/rust-tpm-20-ref/ms-tpm-20-ref
 	url = https://github.com/microsoft/ms-tpm-20-ref.git
@@ -16,3 +13,6 @@
 [submodule "deps/linux-sgx"]
 	path = deps/linux-sgx
 	url = https://github.com/intel/linux-sgx.git
+[submodule "deps/spdm-rs"]
+	path = deps/spdm-rs
+	url = https://github.com/ccc-spdm-tools/spdm-rs.git

Cargo.toml

@@ -18,7 +18,7 @@ members = [
 
 exclude = [
     "deps/td-shim",
-    "deps/rust-spdm",
+    "deps/spdm-rs",
     "deps/ring",
     "deps/webpki",
 ]
@@ -33,5 +33,5 @@ panic = "abort"    # disable stack unwinding on panic
 lto = true         # Link-time optimization
 
 [patch.crates-io]
-ring = { path = "deps/rust-spdm/external/ring" }
-webpki = { path = "deps/rust-spdm/external/webpki" }
+ring = { path = "deps/spdm-rs/external/ring" }
+webpki = { path = "deps/spdm-rs/external/webpki" }

README.md

@@ -40,7 +40,7 @@ rust-vtpm-td depends on below projects
 |[ms-tpm-20-ref](https://github.com/microsoft/ms-tpm-20-ref/tree/d638536d0fe01acd5e39ffa1bd100b3da82d92c7)|[deps/rust-tpm-20-ref/ms-tpm-20-ref](./deps/rust-tpm-20-ref/ms-tpm-20-ref/)|An official TCG reference implementation of the TPM 2.0 Specification|
 |[musl](https://git.musl-libc.org/cgit/musl)|[deps/rust-tpm-20-ref/smallc/musl](./deps/rust-tpm-20-ref/smallc/musl/)|An Implementation of the C standard library|
 |[openssl](https://github.com/openssl/openssl/tree/2cf4e90eaaf7402bf038b158dbdacd0a15561fb7)|[deps/rust-tpm-20-ref/openssl](./deps/rust-tpm-20-ref/openssl/)|A full-strength general cryptographic library|
-|[rust-spdm](https://github.com/intel/rust-spdm/tree/4b100862a050a79e9cdacbfbc7ef16b0b0662aca)|[deps/rust-spdm](./deps/rust-spdm/)|A rust version SPDM implementation|
+|[spdm-rs](https://github.com/ccc-spdm-tools/spdm-rs/tree/f42eaf4680da0b0684ec1b9d64b7e417f8ff8160)|[deps/spdm-rs](./deps/spdm-rs/)|A rust version SPDM implementation|
 |[td-shim](https://github.com/confidential-containers/td-shim/tree/abc721e6796bbc723da2aa2c1bdacd3bb2e0f661)|[deps/td-shim](./deps/td-shim/)|A simplified TDX virtual firmware for the simplified kernel for TD container|
 
 ### Prepare source code

deps/rust-spdm

@@ -28,7 +28,7 @@ function clean() {
   cargo clean
   popd
 
-  pushd deps/rust-spdm
+  pushd deps/spdm-rs
   cargo clean
   popd
 

deps/spdm-rs

@@ -11,7 +11,7 @@ function patch_tdshim() {
 }
 
 function patch_rustspdm() {
-  pushd deps/rust-spdm
+  pushd deps/spdm-rs
   sh_script/pre-build.sh
   popd
 }

sh_script/build.sh

@@ -10,7 +10,7 @@ bytes = { version="1", default-features=false }
 der = {version = "0.5.1", features = ["oid", "alloc", "derive"]}
 global = { path = "../global" }
 log = "0.4.13"
-ring = { version = "0.16.20" }
-spdmlib = { path = "../../deps/rust-spdm/spdmlib", default-features = false, features = ["spdm-ring", "mut-auth"]}
+ring = { version = "0.17.6" }
+spdmlib = { path = "../../deps/spdm-rs/spdmlib", default-features = false, features = ["spdm-ring", "mut-auth", "is_sync"]}
 tdx-tdcall = { path = "../../deps/td-shim/tdx-tdcall" }
 zerocopy = { version = "0.7.31", features = ["derive"] }

sh_script/pre-build.sh

@@ -19,8 +19,8 @@ der = {version = "0.5.1", features = ["oid", "alloc", "derive"]}
 path = ".."
 
 [patch.crates-io]
-ring = { path = "../../../deps/rust-spdm/external/ring" }
-webpki = { path = "../../../deps/rust-spdm/external/webpki" }
+ring = { path = "../../../deps/spdm-rs/external/ring" }
+webpki = { path = "../../../deps/spdm-rs/external/webpki" }
 
 # Prevent this from interfering with workspaces
 [workspace]

src/crypto/Cargo.toml

@@ -10,15 +10,16 @@ global = { path = "../global" }
 log = "0.4.13"
 paste = "1.0"
 
-ring = { version = "0.16.20" }
+ring = { version = "0.17.6" }
 spin = "0.9.2"
 x86 = "0.47.0"
 x86_64 = "0.14.9"
 
-codec = { path = "../../deps/rust-spdm/codec" }
+codec = { path = "../../deps/spdm-rs/codec" }
 protocol = { path = "../protocol" }
 tdtunnel = { path = "../tdtunnel" }
-spdmlib = { path = "../../deps/rust-spdm/spdmlib", default-features = false, features = ["spdm-ring", "mut-auth"]}
+spdmlib = { path = "../../deps/spdm-rs/spdmlib", default-features = false, features = ["spdm-ring", "mut-auth", "is_sync"]}
 td-exception = { path = "../../deps/td-shim/td-exception", features = ["tdx"]}
 tdx-tdcall = { path = "../../deps/td-shim/tdx-tdcall" }
-td-payload = { path = "../../deps/td-shim/td-payload", features = ["tdx"] }
+td-payload = { path = "../../deps/td-shim/td-payload", features = ["tdx"] }
+maybe-async = {version = "0.2.7", features = ["is_sync"] }

src/crypto/fuzz/Cargo.toml

@@ -38,7 +38,8 @@ fn sign_ecdsa_asym_algo(
     let binding = GLOBAL_SPDM_DATA.lock();
     let mut pkcs8 = binding.pkcs8()?;
 
-    let key_pair = ring::signature::EcdsaKeyPair::from_pkcs8(algorithm, pkcs8);
+    let rng = ring::rand::SystemRandom::new();
+    let key_pair = ring::signature::EcdsaKeyPair::from_pkcs8(algorithm, pkcs8, &rng);
     if key_pair.is_err() {
         return None;
     }

src/spdm/Cargo.toml

@@ -3,6 +3,11 @@
 // SPDX-License-Identifier: Apache-2.0
 
 use core::convert::TryFrom;
+use core::ops::DerefMut;
+
+extern crate alloc;
+use alloc::sync::Arc;
+use spin::Mutex;
 
 use global::{TdVtpmOperation, GLOBAL_SPDM_DATA};
 use spdmlib::common::SpdmDeviceIo;
@@ -25,23 +30,29 @@ impl VtpmIoTransport {
     }
 }
 
+#[maybe_async::maybe_async]
 impl SpdmDeviceIo for VtpmIoTransport {
     /// Send the payload out.
     /// The payload follows the format in Table 5-14/15/16
-    fn send(&mut self, buffer: &[u8]) -> SpdmResult {
-        let res =
-            self.tunnel
-                .report_status(buffer, self.vtpm_id, TdVtpmOperation::Communicate as u8, 0);
+    fn send(&mut self, buffer: Arc<&[u8]>) -> SpdmResult {
+        let res = self.tunnel.report_status(
+            &buffer.clone(),
+            self.vtpm_id,
+            TdVtpmOperation::Communicate as u8,
+            0,
+        );
         if res.is_err() {
             Err(SPDM_STATUS_SEND_FAIL)
         } else {
             Ok(())
         }
     }
 
-    fn receive(&mut self, buffer: &mut [u8], _timeout: usize) -> Result<usize, usize> {
+    fn receive(&mut self, buffer: Arc<Mutex<&mut [u8]>>, _timeout: usize) -> Result<usize, usize> {
         let mut tmp_buf: [u8; 0x1000] = [0; 0x1000];
 
+        let mut buffer = buffer.lock();
+        let buffer = buffer.deref_mut();
         GLOBAL_SPDM_DATA.lock().clear_data();
         let res = self.tunnel.wait_for_request(buffer, self.vtpm_id);
         if res.is_err() {
@@ -127,7 +138,8 @@ mod test {
     fn test_vtpmio_transport_send() {
         let mut vtpmio = VtpmIoTransport::new(101);
         let buffer = [1u8; 100];
-        let res = vtpmio.send(&buffer);
+        let buffer = Arc::new(&buffer[..]);
+        let res = vtpmio.send(buffer);
         assert!(res.is_err());
     }
 
@@ -136,7 +148,8 @@ mod test {
     fn test_vtpmio_transport_recive() {
         let mut vtpmio = VtpmIoTransport::new(101);
         let mut buffer = [1u8; 100];
-        let res = vtpmio.receive(&mut buffer, 0);
+        let buffer = Arc::new(Mutex::new(&mut buffer[..]));
+        let res = vtpmio.receive(buffer, 0);
         assert!(res.is_err());
     }