Skip to content

Commit

Permalink
Add SPDM 1.3 new feature:get_key_pair_info
Browse files Browse the repository at this point in the history
Refer the issue:DMTF#2293

Signed-off-by: Wenxing Hou <[email protected]>
  • Loading branch information
Wenxing-hou committed Jul 29, 2024
1 parent 21d720c commit cd355b4
Show file tree
Hide file tree
Showing 13 changed files with 727 additions and 4 deletions.
51 changes: 51 additions & 0 deletions include/hal/library/responder/key_pair_info.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
/**
* Copyright Notice:
* Copyright 2024 DMTF. All rights reserved.
* License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
**/

#ifndef RESPONDER_KEY_PAIR_INFO_H
#define RESPONDER_KEY_PAIR_INFO_H

#include "hal/base.h"
#include "internal/libspdm_lib_config.h"
#include "library/spdm_return_status.h"
#include "industry_standard/spdm.h"

#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP

/**
* read the key pair info of the key_pair_id.
*
* @param spdm_context A pointer to the SPDM context.
* @param key_pair_id Indicate which key pair ID's information to retrieve.
*
* @param total_key_pairs Indicate the total number of key pairs on the responder.
* @param capabilities Indicate the capabilities of the requested key pairs.
* @param key_usage_capabilities Indicate the key usages the responder allows.
* @param current_key_usage Indicate the currently configured key usage for the requested key pairs ID.
* @param asym_algo_capabilities Indicate the asymmetric algorithms the Responder supports for this key pair ID.
* @param current_asym_algo Indicate the currently configured asymmetric algorithm for this key pair ID..
* @param public_key_info_len On input, indicate the size in bytes of the destination buffer to store.
* On output, indicate the size in bytes of the public_key_info.
* @param assoc_cert_slot_mask This field is a bit mask representing the currently associated certificate slots.
* @param public_key_info A pointer to a destination buffer to store the public_key_info.
*
* @retval true get key pair info successfully.
* @retval false get key pair info failed.
**/
extern bool libspdm_read_key_pair_info(
void *spdm_context,
uint8_t key_pair_id,
uint8_t *total_key_pairs,
uint16_t *capabilities,
uint16_t *key_usage_capabilities,
uint16_t *current_key_usage,
uint32_t *asym_algo_capabilities,
uint32_t *current_asym_algo,
uint16_t *public_key_info_len,
uint8_t *assoc_cert_slot_mask,
uint8_t *public_key_info);
#endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */

#endif /* RESPONDER_KEY_PAIR_INFO_H */
78 changes: 74 additions & 4 deletions include/industry_standard/spdm.h
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@
/* SPDM response code (1.3) */
#define SPDM_SUPPORTED_EVENT_TYPES 0x62
#define SPDM_MEASUREMENT_EXTENSION_LOG 0x6F
#define SPDM_KEY_PAIR_INFO 0x7C

/* SPDM request code (1.0) */
#define SPDM_GET_DIGESTS 0x81
Expand Down Expand Up @@ -89,6 +90,7 @@
/* SPDM request code (1.3) */
#define SPDM_GET_SUPPORTED_EVENT_TYPES 0xE2
#define SPDM_GET_MEASUREMENT_EXTENSION_LOG 0xEF
#define SPDM_GET_KEY_PAIR_INFO 0xFC

/* SPDM message header*/
typedef struct {
Expand Down Expand Up @@ -508,13 +510,21 @@ typedef uint8_t spdm_certificate_info_t;
#define SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT 0x3

typedef uint16_t spdm_key_usage_bit_mask_t;
#define SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE 0x1
#define SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE 0x2
#define SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE 0x4
#define SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE 0x8
#define SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE 0x0001
#define SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE 0x0002
#define SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE 0x0004
#define SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE 0x0008
#define SPDM_KEY_USAGE_BIT_MASK_STANDARDS_KEY_USE 0x4000
#define SPDM_KEY_USAGE_BIT_MASK_VENDOR_KEY_USE 0x8000

#define SPDM_KEY_USAGE_BIT_MASK ( \
SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE | \
SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE | \
SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE | \
SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE | \
SPDM_KEY_USAGE_BIT_MASK_STANDARDS_KEY_USE | \
SPDM_KEY_USAGE_BIT_MASK_VENDOR_KEY_USE)

/* SPDM GET_CERTIFICATE request */
typedef struct {
spdm_message_header_t header;
Expand Down Expand Up @@ -1214,6 +1224,66 @@ typedef struct {
/*uint8_t mel[portion_length];*/
} spdm_measurement_extension_log_response_t;

/* Key pair capabilities */
#define SPDM_KEY_PAIR_CAP_GEN_KEY_CAP 0x00000001
#define SPDM_KEY_PAIR_CAP_ERASABLE_CAP 0x00000002
#define SPDM_KEY_PAIR_CAP_CERT_ASSOC_CAP 0x00000004
#define SPDM_KEY_PAIR_CAP_KEY_USAGE_CAP 0x00000008
#define SPDM_KEY_PAIR_CAP_ASYM_ALGO_CAP 0x00000010
#define SPDM_KEY_PAIR_CAP_SHAREABLE_CAP 0x00000020
#define SPDM_KEY_PAIR_CAP_MASK ( \
SPDM_KEY_PAIR_CAP_GEN_KEY_CAP | \
SPDM_KEY_PAIR_CAP_ERASABLE_CAP | \
SPDM_KEY_PAIR_CAP_CERT_ASSOC_CAP | \
SPDM_KEY_PAIR_CAP_KEY_USAGE_CAP | \
SPDM_KEY_PAIR_CAP_ASYM_ALGO_CAP | \
SPDM_KEY_PAIR_CAP_SHAREABLE_CAP)

/* Key pair asym algorithm capabilities */
#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048 0x00000001
#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA3072 0x00000002
#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA4096 0x00000004
#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC256 0x00000008
#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC384 0x00000010
#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC521 0x00000020
#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_SM2 0x00000040
#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED25519 0x00000080
#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED448 0x00000100
#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_MASK ( \
SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048 | \
SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA3072 | \
SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA4096 | \
SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC256 | \
SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC384 | \
SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC521 | \
SPDM_KEY_PAIR_ASYM_ALGO_CAP_SM2 | \
SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED25519 | \
SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED448)

#define SPDM_MAX_PUBLIC_KEY_INFO_LEN 32

/* SPDM GET_KEY_PAIR_INFO request */
typedef struct {
spdm_message_header_t header;
/* param1 == RSVD
* param2 == RSVD*/
uint8_t key_pair_id;
} spdm_get_key_pair_info_request_t;

typedef struct {
spdm_message_header_t header;
uint8_t total_key_pairs;
uint8_t key_pair_id;
uint16_t capabilities;
uint16_t key_usage_capabilities;
uint16_t current_key_usage;
uint32_t asym_algo_capabilities;
uint32_t current_asym_algo;
uint16_t public_key_info_len;
uint8_t assoc_cert_slot_mask;
/*uint8_t public_key_info[public_key_info_len];*/
} spdm_key_pair_info_response_t;

#pragma pack()

#define SPDM_VERSION_1_1_BIN_CONCAT_LABEL "spdm1.1 "
Expand Down
1 change: 1 addition & 0 deletions include/internal/libspdm_common_lib.h
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
#include "hal/library/responder/asymsignlib.h"
#include "hal/library/responder/csrlib.h"
#include "hal/library/responder/measlib.h"
#include "hal/library/responder/key_pair_info.h"
#include "hal/library/responder/psklib.h"
#include "hal/library/responder/setcertlib.h"
#include "hal/library/eventlib.h"
Expand Down
7 changes: 7 additions & 0 deletions include/internal/libspdm_responder_lib.h
Original file line number Diff line number Diff line change
Expand Up @@ -938,4 +938,11 @@ bool libspdm_generate_measurement_signature(libspdm_context_t *spdm_context,
uint8_t *signature);
#endif /* LIBSPDM_ENABLE_CAPABILITY_MEAS_CAP*/

#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
libspdm_return_t libspdm_get_response_key_pair_info(libspdm_context_t *spdm_context,
size_t request_size, const void *request,
size_t *response_size, void *response);

#endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */

#endif /* SPDM_RESPONDER_LIB_INTERNAL_H */
10 changes: 10 additions & 0 deletions include/library/spdm_lib_config.h
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,10 @@
#define LIBSPDM_ENABLE_CAPABILITY_EVENT_CAP 1
#endif

#ifndef LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
#define LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP 1
#endif

/* Includes SPDM 1.3 features for CSR messages. If enabled then LIBSPDM_ENABLE_CAPABILITY_CSR_CAP
* must also be enabled.
*/
Expand Down Expand Up @@ -205,6 +209,12 @@
#define LIBSPDM_MAX_MEL_BLOCK_LEN 1024
#endif

#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
#ifndef LIBSPDM_MAX_KEY_PAIR_COUNT
#define LIBSPDM_MAX_KEY_PAIR_COUNT 16
#endif
#endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */

/* To ensure integrity in communication between the Requester and the Responder libspdm calculates
* cryptographic digests and signatures over multiple requests and responses. This value specifies
* whether libspdm will use a running calculation over the transcript, where requests and responses
Expand Down
34 changes: 34 additions & 0 deletions include/library/spdm_requester_lib.h
Original file line number Diff line number Diff line change
Expand Up @@ -370,6 +370,40 @@ libspdm_return_t libspdm_get_measurement_extension_log(void *spdm_context,
void *measure_exten_log);
#endif /* LIBSPDM_ENABLE_CAPABILITY_MEL_CAP */

#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
/**
* This function sends GET_KEY_PAIR_INFO to get key pair info from device.
*
* @param spdm_context A pointer to the SPDM context.
* @param session_id Indicates if it is a secured message protected via SPDM session.
* If session_id is NULL, it is a normal message.
* If session_id is not NULL, it is a secured message.
* @param key_pair_id Indicate which key pair ID's information to retrieve.
*
* @param total_key_pairs Indicate the total number of key pairs on the responder.
* @param capabilities Indicate the capabilities of the requested key pairs.
* @param key_usage_capabilities Indicate the key usages the responder allows.
* @param current_key_usage Indicate the currently configured key usage for the requested key pairs ID.
* @param asym_algo_capabilities Indicate the asymmetric algorithms the Responder supports for this key pair ID.
* @param current_asym_algo Indicate the currently configured asymmetric algorithm for this key pair ID..
* @param public_key_info_len On input, indicate the size in bytes of the destination buffer to store.
* On output, indicate the size in bytes of the public_key_info.
* @param assoc_cert_slot_mask This field is a bit mask representing the currently associated certificate slots.
* @param public_key_info A pointer to a destination buffer to store the public_key_info.
**/
libspdm_return_t libspdm_get_key_pair_info(void *spdm_context, const uint32_t *session_id,
uint8_t key_pair_id, uint8_t *total_key_pairs,
uint16_t *capabilities,
uint16_t *key_usage_capabilities,
uint16_t *current_key_usage,
uint32_t *asym_algo_capabilities,
uint32_t *current_asym_algo,
uint16_t *public_key_info_len,
uint8_t *assoc_cert_slot_mask,
void *public_key_info
);
#endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */

#if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_CAP)
/**
* This function sends KEY_EXCHANGE/FINISH or PSK_EXCHANGE/PSK_FINISH
Expand Down
1 change: 1 addition & 0 deletions library/spdm_requester_lib/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -38,4 +38,5 @@ target_sources(spdm_requester_lib
libspdm_req_get_csr.c
libspdm_req_vendor_request.c
libspdm_req_get_measurement_extension_log.c
libspdm_req_get_key_pair_info.c
)
Loading

0 comments on commit cd355b4

Please sign in to comment.