Standalone SPDM 1.2/1.3/1.4 requester

.github/workflows/README.md

@@ -2,11 +2,11 @@
 
 | Workflow | File | Description |
 |----------|------|-------------|
-| Build and Test | `build-test.yml` | Matrix build across OS (ubuntu-latest, 22.04) and configure options (debug, nuvoton, dynamic-mem). Runs unit tests for each combination. |
+| Build and Test | `build-test.yml` | Matrix build across OS (ubuntu-latest, 22.04) and configure options (debug, dynamic-mem). Runs unit tests for each combination. |
 | Multiple Compilers | `multi-compiler.yml` | Builds and tests with GCC 11-13 and Clang 14-17 using `-Wall -Wextra -Werror`. |
 | Compiler Warnings | `compiler-warnings.yml` | GCC strict warnings (`-Wpedantic -Wconversion -Wshadow -Werror`) and Clang `-Werror` build. |
 | Static Analysis | `static-analysis.yml` | Runs cppcheck (style, performance, portability) and Clang Static Analyzer (scan-build). |
 | Memory Check | `memory-check.yml` | Valgrind leak check with `--leak-check=full` for both static and dynamic memory modes. |
 | CodeQL Security | `codeql.yml` | GitHub CodeQL security-and-quality analysis. Runs on PRs and weekly (Monday 6 AM UTC). |
 | Codespell | `codespell.yml` | Spell-checks source files. |
-| SPDM Emulator Test | `spdm-emu-test.yml` | End-to-end integration test against the DMTF libspdm emulator via wolfTPM. Runs 6 tests: session establishment, signed/unsigned measurements, challenge authentication, heartbeat, and key update. Dependencies (wolfSSL, spdm-emu, wolfTPM) are cached and refreshed every ~15 days. |
+| SPDM Emulator Test | `spdm-emu-test.yml` | End-to-end integration test against the DMTF libspdm emulator. Runs 18 tests (6 scenarios x SPDM 1.2/1.3/1.4): session establishment, signed/unsigned measurements, challenge authentication, heartbeat, key update. Matrix across ubuntu-22.04 (x64), ubuntu-24.04 (x64), ubuntu-24.04-arm (aarch64). |

.github/workflows/build-test.yml

@@ -8,14 +8,13 @@ on:
 
 jobs:
   build:
-    name: ${{ matrix.os }} / debug=${{ matrix.debug }} / nuvoton=${{ matrix.nuvoton }} / dynamic-mem=${{ matrix.dynamic-mem }}
+    name: ${{ matrix.os }} / debug=${{ matrix.debug }} / dynamic-mem=${{ matrix.dynamic-mem }}
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
         os: [ubuntu-latest, ubuntu-22.04]
         debug: [yes, no]
-        nuvoton: [yes, no]
         dynamic-mem: [yes, no]
 
     steps:
@@ -53,7 +52,6 @@ jobs:
       run: |
         ./configure --with-wolfssl=$HOME/wolfssl-install \
                     ${{ matrix.debug == 'yes' && '--enable-debug' || '' }} \
-                    ${{ matrix.nuvoton == 'yes' && '--enable-nuvoton' || '' }} \
                     ${{ matrix.dynamic-mem == 'yes' && '--enable-dynamic-mem' || '' }}
 
     - name: Build
@@ -68,7 +66,7 @@ jobs:
       if: failure()
       uses: actions/upload-artifact@v4
       with:
-        name: test-logs-${{ matrix.os }}-debug-${{ matrix.debug }}-nuvoton-${{ matrix.nuvoton }}-dynmem-${{ matrix.dynamic-mem }}
+        name: test-logs-${{ matrix.os }}-debug-${{ matrix.debug }}-dynmem-${{ matrix.dynamic-mem }}
         path: |
           test/*.log
           config.log

.github/workflows/codeql.yml

@@ -54,7 +54,7 @@ jobs:
     - name: Build
       run: |
         ./autogen.sh
-        ./configure --with-wolfssl=$HOME/wolfssl-install --enable-nuvoton
+        ./configure --with-wolfssl=$HOME/wolfssl-install
         make -j$(nproc)
 
     - name: Perform CodeQL Analysis

.github/workflows/compiler-warnings.yml

@@ -42,7 +42,7 @@ jobs:
     - name: Build with strict warnings
       run: |
         ./autogen.sh
-        ./configure --with-wolfssl=$HOME/wolfssl-install --enable-nuvoton
+        ./configure --with-wolfssl=$HOME/wolfssl-install
         make -j$(nproc) CFLAGS="-Wall -Wextra -Wpedantic -Werror -Wconversion -Wshadow"
 
   clang:
@@ -80,7 +80,7 @@ jobs:
     - name: Build with clang
       run: |
         ./autogen.sh
-        CC=clang ./configure --with-wolfssl=$HOME/wolfssl-install --enable-nuvoton
+        CC=clang ./configure --with-wolfssl=$HOME/wolfssl-install
         make -j$(nproc) CFLAGS="-Wall -Wextra -Werror"
 
     - name: Run unit tests

.github/workflows/multi-compiler.yml

@@ -57,8 +57,7 @@ jobs:
     - name: Build wolfSPDM with ${{ matrix.cc }}
       run: |
         ./autogen.sh
-        CC=${{ matrix.cc }} ./configure --with-wolfssl=$HOME/wolfssl-install \
-                                        --enable-nuvoton
+        CC=${{ matrix.cc }} ./configure --with-wolfssl=$HOME/wolfssl-install
         make -j$(nproc) CFLAGS="-Wall -Wextra -Werror"
 
     - name: Run unit tests

.github/workflows/spdm-emu-test.yml

@@ -8,105 +8,137 @@ on:
 
 jobs:
   spdm-emu-test:
-    name: SPDM emulator integration test
-    runs-on: ubuntu-latest
-
+    name: ${{ matrix.os }} (${{ matrix.arch }}) / dynamic-mem=${{ matrix.dynamic-mem }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-22.04
+            arch: x64
+            dynamic-mem: 'no'
+          - os: ubuntu-22.04
+            arch: x64
+            dynamic-mem: 'yes'
+          - os: ubuntu-24.04
+            arch: x64
+            dynamic-mem: 'no'
+          - os: ubuntu-24.04
+            arch: x64
+            dynamic-mem: 'yes'
+          - os: ubuntu-24.04-arm
+            arch: aarch64
+            dynamic-mem: 'no'
+          - os: ubuntu-24.04-arm
+            arch: aarch64
+            dynamic-mem: 'yes'
+    runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y autoconf automake libtool cmake libmbedtls-dev
 
-    - name: Install dependencies
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y autoconf automake libtool cmake libmbedtls-dev
+      # Cache period rotates every ~15 days so dependencies stay fresh
+      - name: Compute cache period
+        id: cache-period
+        run: echo "biweekly=$(( $(date +%s) / 1296000 ))" >> $GITHUB_OUTPUT
 
-    # Cache period rotates every ~15 days so dependencies stay fresh
-    - name: Compute cache period
-      id: cache-period
-      run: |
-        echo "biweekly=$(( $(date +%s) / 1296000 ))" >> $GITHUB_OUTPUT
+      # --- wolfSSL (cached) ---
+      - name: Cache wolfSSL
+        id: cache-wolfssl
+        uses: actions/cache@v4
+        with:
+          path: ~/wolfssl-install
+          key: wolfssl-spdm-${{ matrix.os }}-${{ steps.cache-period.outputs.biweekly }}
 
-    # --- Build wolfSSL (cached) ---
-    - name: Cache wolfSSL
-      id: cache-wolfssl
-      uses: actions/cache@v4
-      with:
-        path: ~/wolfssl-install
-        key: wolfssl-${{ steps.cache-period.outputs.biweekly }}
+      - name: Build wolfSSL
+        if: steps.cache-wolfssl.outputs.cache-hit != 'true'
+        run: |
+          cd ~
+          git clone --depth 1 https://github.com/wolfSSL/wolfssl.git
+          cd wolfssl
+          ./autogen.sh
+          ./configure --enable-wolftpm --enable-ecc --enable-sha384 \
+                      --enable-aesgcm --enable-hkdf --enable-sp \
+                      --prefix=$HOME/wolfssl-install
+          make -j$(nproc)
+          make install
 
-    - name: Build wolfSSL
-      if: steps.cache-wolfssl.outputs.cache-hit != 'true'
-      run: |
-        cd ~
-        git clone --depth 1 https://github.com/wolfSSL/wolfssl.git
-        cd wolfssl
-        ./autogen.sh
-        ./configure --enable-wolftpm --enable-all \
-                    --prefix=$HOME/wolfssl-install
-        make -j$(nproc)
-        make install
+      # --- wolfSPDM (always rebuilt - this is what we're testing) ---
+      - name: Build and install wolfSPDM
+        run: |
+          ./autogen.sh
+          ./configure --with-wolfssl=$HOME/wolfssl-install \
+                      --prefix=$HOME/wolfspdm-install \
+                      ${{ matrix.dynamic-mem == 'yes' && '--enable-dynamic-mem' || '' }}
+          make -j$(nproc)
+          make install
 
-    # --- Build wolfSPDM (always, this is what we're testing) ---
-    - name: Build and install wolfSPDM
-      run: |
-        ./autogen.sh
-        ./configure --with-wolfssl=$HOME/wolfssl-install \
-                    --prefix=$HOME/wolfspdm-install
-        make -j$(nproc)
-        make install
+      - name: Run unit tests
+        run: make check
+        env:
+          LD_LIBRARY_PATH: ${{ github.workspace }}/.libs:${{ github.workspace }}/src/.libs:${{ env.HOME }}/wolfssl-install/lib
 
-    # --- Build spdm-emu (cached) ---
-    - name: Cache spdm-emu
-      id: cache-spdm-emu
-      uses: actions/cache@v4
-      with:
-        path: ~/spdm-emu
-        key: spdm-emu-${{ steps.cache-period.outputs.biweekly }}
+      # --- spdm-emu (cached) ---
+      - name: Cache spdm-emu
+        id: cache-spdm-emu
+        uses: actions/cache@v4
+        with:
+          path: ~/spdm-emu/build/bin
+          key: spdm-emu-${{ matrix.os }}-${{ steps.cache-period.outputs.biweekly }}
 
-    - name: Build spdm-emu
-      if: steps.cache-spdm-emu.outputs.cache-hit != 'true'
-      run: |
-        cd ~
-        git clone --depth 1 --recursive https://github.com/DMTF/spdm-emu.git
-        cd spdm-emu
-        mkdir build && cd build
-        cmake -DARCH=x64 -DTOOLCHAIN=GCC -DTARGET=Release -DCRYPTO=mbedtls ..
-        make copy_sample_key && make -j$(nproc)
+      - name: Build spdm-emu
+        if: steps.cache-spdm-emu.outputs.cache-hit != 'true'
+        run: |
+          cd ~
+          git clone --depth 1 --recursive https://github.com/DMTF/spdm-emu.git
+          cd spdm-emu
+          mkdir build && cd build
+          cmake -DARCH=${{ matrix.arch }} -DTOOLCHAIN=GCC \
+                -DTARGET=Release -DCRYPTO=mbedtls ..
+          make copy_sample_key
+          make -j$(nproc)
 
-    # --- Build wolfTPM (cached, dynamically links wolfspdm at runtime) ---
-    - name: Cache wolfTPM
-      id: cache-wolftpm
-      uses: actions/cache@v4
-      with:
-        path: ~/wolfTPM
-        key: wolftpm-${{ steps.cache-period.outputs.biweekly }}
+      # --- Demo smoke (help text / arg parsing, no emulator) ---
+      - name: spdm_demo CLI smoke (no emulator)
+        run: |
+          export LD_LIBRARY_PATH=$HOME/wolfspdm-install/lib:$HOME/wolfssl-install/lib
+          ./examples/spdm_demo --help 2>&1 | head -20 || true
 
-    - name: Build wolfTPM
-      if: steps.cache-wolftpm.outputs.cache-hit != 'true'
-      run: |
-        cd ~
-        # TODO: Switch to wolfSSL/wolfTPM once PR #453 is merged
-        git clone --depth 1 -b add-wolfspdm-backend \
-          https://github.com/aidangarske/wolfTPM.git wolfTPM
-        cd wolfTPM
-        ./autogen.sh
-        ./configure --enable-spdm --enable-swtpm \
-                    --with-wolfspdm=$HOME/wolfspdm-install \
-                    --with-wolfcrypt=$HOME/wolfssl-install
-        make -j$(nproc)
+      # --- Legacy smoke test (test/test_spdm) — single session against emu ---
+      - name: test/test_spdm smoke (one session)
+        run: |
+          export LD_LIBRARY_PATH=$HOME/wolfspdm-install/lib:$HOME/wolfssl-install/lib
+          export SPDM_EMU_PATH=$HOME/spdm-emu/build/bin
+          # Start emulator in background, run the legacy smoke, then kill it
+          (cd "$SPDM_EMU_PATH" && ./spdm_responder_emu --ver 1.2 \
+              --hash SHA_384 --asym ECDSA_P384 \
+              --dhe SECP_384_R1 --aead AES_256_GCM \
+              >/tmp/test_spdm_emu.log 2>&1) &
+          EMU_PID=$!
+          sleep 2
+          ./test/test_spdm
+          RC=$?
+          kill $EMU_PID 2>/dev/null || true
+          wait $EMU_PID 2>/dev/null || true
+          exit $RC
 
-    # --- Run integration tests ---
-    - name: Run SPDM emulator tests
-      run: |
-        cd ~/wolfTPM
-        export LD_LIBRARY_PATH=$HOME/wolfspdm-install/lib:$HOME/wolfssl-install/lib
-        export SPDM_EMU_PATH=$HOME/spdm-emu/build/bin
-        ./examples/spdm/spdm_test.sh --emu
+      # --- Full integration matrix (18 tests: 6 scenarios x SPDM 1.2/1.3/1.4) ---
+      - name: Run SPDM emulator tests (18-test matrix)
+        run: |
+          export LD_LIBRARY_PATH=$HOME/wolfspdm-install/lib:$HOME/wolfssl-install/lib
+          export SPDM_EMU_PATH=$HOME/spdm-emu/build/bin
+          ./examples/spdm_test.sh
 
-    - name: Upload logs on failure
-      if: failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: spdm-emu-test-logs
-        path: |
-          config.log
-          ~/wolfTPM/config.log
+      - name: Upload logs on failure
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: spdm-emu-test-logs-${{ matrix.os }}-${{ matrix.arch }}-dynmem-${{ matrix.dynamic-mem }}
+          path: |
+            config.log
+            test/*.log
+            /tmp/spdm_emu_*.log
+            /tmp/test_spdm_emu.log

.github/workflows/static-analysis.yml

@@ -86,7 +86,7 @@ jobs:
     - name: Configure
       run: |
         ./autogen.sh
-        ./configure --with-wolfssl=$HOME/wolfssl-install --enable-nuvoton
+        ./configure --with-wolfssl=$HOME/wolfssl-install
 
     - name: Run scan-build
       run: scan-build --status-bugs -o scan-results make -j$(nproc)

.gitignore

@@ -34,6 +34,10 @@ test/.libs/
 test/*.o
 test/unit_test
 test/test_spdm
+examples/.libs/
+examples/*.o
+examples/.dirstamp
+examples/spdm_demo
 
 # pkg-config generated
 wolfspdm.pc