diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3bf764af36a..ada6a9274c5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,30 +28,30 @@ jobs: fail-fast: false matrix: os: - - ubuntu-latest + # - ubuntu-latest - windows-latest crypto: - mbedtls - - openssl + # - openssl arch: - - x64 + # - x64 - ia32 - - aarch64 + # - aarch64 target: - Debug - - Release + # - Release toolchain: - - GCC + # - GCC - VS2019 - - LIBFUZZER - - CLANG - - ARM_GNU + # - LIBFUZZER + # - CLANG + # - ARM_GNU configurations: - - "-DLIBSPDM_ENABLE_CAPABILITY_CERT_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_CHAL_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_MEAS_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_PSK_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_CSR_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_EVENT_CAP=1 -DLIBSPDM_RESPOND_IF_READY_SUPPORT=1 -DLIBSPDM_SEND_GET_CERTIFICATE_SUPPORT=1 -DLIBSPDM_SEND_CHALLENGE_SUPPORT=1 -DLIBSPDM_EVENT_RECIPIENT_SUPPORT=1 -DLIBSPDM_HAL_PASS_SPDM_CONTEXT=1" - - "-DLIBSPDM_ENABLE_CAPABILITY_CERT_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_CHAL_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_MEAS_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_PSK_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_CSR_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_EVENT_CAP=0 -DLIBSPDM_RESPOND_IF_READY_SUPPORT=0 -DLIBSPDM_SEND_GET_CERTIFICATE_SUPPORT=0 -DLIBSPDM_SEND_CHALLENGE_SUPPORT=0 -DLIBSPDM_EVENT_RECIPIENT_SUPPORT=0 -DLIBSPDM_HAL_PASS_SPDM_CONTEXT=0" - - "-DLIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT=0 -DLIBSPDM_FIPS_MODE=0 -DLIBSPDM_ENABLE_CAPABILITY_CSR_CAP_EX=0" + # - "-DLIBSPDM_ENABLE_CAPABILITY_CERT_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_CHAL_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_MEAS_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_PSK_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_CSR_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_EVENT_CAP=1 -DLIBSPDM_RESPOND_IF_READY_SUPPORT=1 -DLIBSPDM_SEND_GET_CERTIFICATE_SUPPORT=1 -DLIBSPDM_SEND_CHALLENGE_SUPPORT=1 -DLIBSPDM_EVENT_RECIPIENT_SUPPORT=1 -DLIBSPDM_HAL_PASS_SPDM_CONTEXT=1" + # - "-DLIBSPDM_ENABLE_CAPABILITY_CERT_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_CHAL_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_MEAS_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_PSK_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_CSR_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_EVENT_CAP=0 -DLIBSPDM_RESPOND_IF_READY_SUPPORT=0 -DLIBSPDM_SEND_GET_CERTIFICATE_SUPPORT=0 -DLIBSPDM_SEND_CHALLENGE_SUPPORT=0 -DLIBSPDM_EVENT_RECIPIENT_SUPPORT=0 -DLIBSPDM_HAL_PASS_SPDM_CONTEXT=0" + # - "-DLIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT=0 -DLIBSPDM_FIPS_MODE=0 -DLIBSPDM_ENABLE_CAPABILITY_CSR_CAP_EX=0" - "-DLIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT=1 -DLIBSPDM_FIPS_MODE=1 -DLIBSPDM_ENABLE_CAPABILITY_CSR_CAP_EX=1" - - "-DDISABLE_TESTS=1" + # - "-DDISABLE_TESTS=1" exclude: - os: ubuntu-latest toolchain: VS2019 diff --git a/include/industry_standard/spdm.h b/include/industry_standard/spdm.h index ae7a0c617c3..1393fa724c3 100644 --- a/include/industry_standard/spdm.h +++ b/include/industry_standard/spdm.h @@ -57,6 +57,7 @@ /* SPDM response code (1.3) */ #define SPDM_SUPPORTED_EVENT_TYPES 0x62 #define SPDM_MEASUREMENT_EXTENSION_LOG 0x6F +#define SPDM_KEY_PAIR_INFO 0x7C /* SPDM request code (1.0) */ #define SPDM_GET_DIGESTS 0x81 @@ -89,6 +90,7 @@ /* SPDM request code (1.3) */ #define SPDM_GET_SUPPORTED_EVENT_TYPES 0xE2 #define SPDM_GET_MEASUREMENT_EXTENSION_LOG 0xEF +#define SPDM_GET_KEY_PAIR_INFO 0xFC /* SPDM message header*/ typedef struct { @@ -508,13 +510,21 @@ typedef uint8_t spdm_certificate_info_t; #define SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT 0x3 typedef uint16_t spdm_key_usage_bit_mask_t; -#define SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE 0x1 -#define SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE 0x2 -#define SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE 0x4 -#define SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE 0x8 +#define SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE 0x0001 +#define SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE 0x0002 +#define SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE 0x0004 +#define SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE 0x0008 #define SPDM_KEY_USAGE_BIT_MASK_STANDARDS_KEY_USE 0x4000 #define SPDM_KEY_USAGE_BIT_MASK_VENDOR_KEY_USE 0x8000 +#define SPDM_KEY_USAGE_BIT_MASK ( \ + SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE | \ + SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE | \ + SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE | \ + SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE | \ + SPDM_KEY_USAGE_BIT_MASK_STANDARDS_KEY_USE | \ + SPDM_KEY_USAGE_BIT_MASK_VENDOR_KEY_USE) + /* SPDM GET_CERTIFICATE request */ typedef struct { spdm_message_header_t header; @@ -1214,6 +1224,66 @@ typedef struct { /*uint8_t mel[portion_length];*/ } spdm_measurement_extension_log_response_t; +/* Key pair capabilities */ +#define SPDM_KEY_PAIR_CAP_GEN_KEY_CAP 0x00000001 +#define SPDM_KEY_PAIR_CAP_ERASABLE_CAP 0x00000002 +#define SPDM_KEY_PAIR_CAP_CERT_ASSOC_CAP 0x00000004 +#define SPDM_KEY_PAIR_CAP_KEY_USAGE_CAP 0x00000008 +#define SPDM_KEY_PAIR_CAP_ASYM_ALGO_CAP 0x00000010 +#define SPDM_KEY_PAIR_CAP_SHAREABLE_CAP 0x00000020 +#define SPDM_KEY_PAIR_CAP_MASK ( \ + SPDM_KEY_PAIR_CAP_GEN_KEY_CAP | \ + SPDM_KEY_PAIR_CAP_ERASABLE_CAP | \ + SPDM_KEY_PAIR_CAP_CERT_ASSOC_CAP | \ + SPDM_KEY_PAIR_CAP_KEY_USAGE_CAP | \ + SPDM_KEY_PAIR_CAP_ASYM_ALGO_CAP | \ + SPDM_KEY_PAIR_CAP_SHAREABLE_CAP) + +/* Key pair asym algorithm capabilities */ +#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048 0x00000001 +#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA3072 0x00000002 +#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA4096 0x00000004 +#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC256 0x00000008 +#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC384 0x00000010 +#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC521 0x00000020 +#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_SM2 0x00000040 +#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED25519 0x00000080 +#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED448 0x00000100 +#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_MASK ( \ + SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048 | \ + SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA3072 | \ + SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA4096 | \ + SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC256 | \ + SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC384 | \ + SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC521 | \ + SPDM_KEY_PAIR_ASYM_ALGO_CAP_SM2 | \ + SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED25519 | \ + SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED448) + +#define SPDM_MAX_PUBLIC_KEY_INFO_LEN 32 + +/* SPDM GET_KEY_PAIR_INFO request */ +typedef struct { + spdm_message_header_t header; + /* param1 == RSVD + * param2 == RSVD*/ + uint8_t key_pair_id; +} spdm_get_key_pair_info_request_t; + +typedef struct { + spdm_message_header_t header; + uint8_t total_key_pairs; + uint8_t key_pair_id; + uint16_t capabilities; + uint16_t key_usage_capabilities; + uint16_t current_key_usage; + uint32_t asym_algo_capabilities; + uint32_t current_asym_algo; + uint16_t public_key_info_len; + uint8_t assoc_cert_slot_mask; + /*uint8_t public_key_info[public_key_info_len];*/ +} spdm_key_pair_info_response_t; + #pragma pack() #define SPDM_VERSION_1_1_BIN_CONCAT_LABEL "spdm1.1 " diff --git a/include/internal/libspdm_responder_lib.h b/include/internal/libspdm_responder_lib.h index 5b9032e3da5..8f05051cfb6 100644 --- a/include/internal/libspdm_responder_lib.h +++ b/include/internal/libspdm_responder_lib.h @@ -938,4 +938,11 @@ bool libspdm_generate_measurement_signature(libspdm_context_t *spdm_context, uint8_t *signature); #endif /* LIBSPDM_ENABLE_CAPABILITY_MEAS_CAP*/ +#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP +libspdm_return_t libspdm_get_response_key_pair_info(libspdm_context_t *spdm_context, + size_t request_size, const void *request, + size_t *response_size, void *response); + +#endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */ + #endif /* SPDM_RESPONDER_LIB_INTERNAL_H */ diff --git a/include/library/spdm_lib_config.h b/include/library/spdm_lib_config.h index 826cc0bd574..17921b405ea 100644 --- a/include/library/spdm_lib_config.h +++ b/include/library/spdm_lib_config.h @@ -74,6 +74,10 @@ #define LIBSPDM_ENABLE_CAPABILITY_EVENT_CAP 1 #endif +#ifndef LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP +#define LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP 1 +#endif + /* Includes SPDM 1.3 features for CSR messages. If enabled then LIBSPDM_ENABLE_CAPABILITY_CSR_CAP * must also be enabled. */ @@ -205,6 +209,12 @@ #define LIBSPDM_MAX_MEL_BLOCK_LEN 1024 #endif +#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP +#ifndef LIBSPDM_MAX_KEY_PAIR_COUNT +#define LIBSPDM_MAX_KEY_PAIR_COUNT 16 +#endif +#endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */ + /* To ensure integrity in communication between the Requester and the Responder libspdm calculates * cryptographic digests and signatures over multiple requests and responses. This value specifies * whether libspdm will use a running calculation over the transcript, where requests and responses diff --git a/include/library/spdm_requester_lib.h b/include/library/spdm_requester_lib.h index 83c8f66d715..e61329cee22 100644 --- a/include/library/spdm_requester_lib.h +++ b/include/library/spdm_requester_lib.h @@ -370,6 +370,40 @@ libspdm_return_t libspdm_get_measurement_extension_log(void *spdm_context, void *measure_exten_log); #endif /* LIBSPDM_ENABLE_CAPABILITY_MEL_CAP */ +#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP +/** + * This function sends GET_KEY_PAIR_INFO to get key pair info from device. + * + * @param spdm_context A pointer to the SPDM context. + * @param session_id Indicates if it is a secured message protected via SPDM session. + * If session_id is NULL, it is a normal message. + * If session_id is not NULL, it is a secured message. + * @param key_pair_id Indicate which key pair ID's information to retrieve. + * + * @param total_key_pairs Indicate the total number of key pairs on the responder. + * @param capabilities Indicate the capabilities of the requested key pairs. + * @param key_usage_capabilities Indicate the key usages the responder allows. + * @param current_key_usage Indicate the currently configured key usage for the requested key pairs ID. + * @param asym_algo_capabilities Indicate the asymmetric algorithms the Responder supports for this key pair ID. + * @param current_asym_algo Indicate the currently configured asymmetric algorithm for this key pair ID.. + * @param public_key_info_len On input, indicate the size in bytes of the destination buffer to store. + * On output, indicate the size in bytes of the public_key_info. + * @param assoc_cert_slot_mask This field is a bit mask representing the currently associated certificate slots. + * @param public_key_info A pointer to a destination buffer to store the public_key_info. + **/ +libspdm_return_t libspdm_get_key_pair_info(void *spdm_context, const uint32_t *session_id, + uint8_t key_pair_id, uint8_t *total_key_pairs, + uint16_t *capabilities, + uint16_t *key_usage_capabilities, + uint16_t *current_key_usage, + uint32_t *asym_algo_capabilities, + uint32_t *current_asym_algo, + uint16_t *public_key_info_len, + uint8_t *assoc_cert_slot_mask, + void *public_key_info + ); +#endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */ + #if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_CAP) /** * This function sends KEY_EXCHANGE/FINISH or PSK_EXCHANGE/PSK_FINISH diff --git a/library/spdm_requester_lib/CMakeLists.txt b/library/spdm_requester_lib/CMakeLists.txt index a49ad514053..21ceab9f6fb 100644 --- a/library/spdm_requester_lib/CMakeLists.txt +++ b/library/spdm_requester_lib/CMakeLists.txt @@ -38,4 +38,5 @@ target_sources(spdm_requester_lib libspdm_req_get_csr.c libspdm_req_vendor_request.c libspdm_req_get_measurement_extension_log.c + # libspdm_req_get_key_pair_info.c ) \ No newline at end of file diff --git a/library/spdm_responder_lib/CMakeLists.txt b/library/spdm_responder_lib/CMakeLists.txt index 03880eddc1d..2b4863d454e 100644 --- a/library/spdm_responder_lib/CMakeLists.txt +++ b/library/spdm_responder_lib/CMakeLists.txt @@ -42,4 +42,5 @@ target_sources(spdm_responder_lib libspdm_rsp_chunk_get.c libspdm_rsp_vendor_response.c libspdm_rsp_measurement_extension_log.c + # libspdm_rsp_key_pair_info.c ) \ No newline at end of file