Skip to content

Commit

Permalink
Spdm 1.3 Algorithm - Add multi-key negotiation flow
Browse files Browse the repository at this point in the history 
This patch still in draft stage.

This patch adds:
1. Multi-key negotiation process.
2. multi_key_conn config to indicate whether to select multi-key
    connection if the other side supports multi-key selection.
3. multi_key_conn_req and multi_key_conn_req in negotiate info
    to indicate multi-key negotiation results and states.
  • Loading branch information
@IntelCaisui
IntelCaisui committed Jan 10, 2025
1 parent d0cea8d commit d6a0e8f
Show file tree
Hide file tree
Showing 3 changed files with 154 additions and 1 deletion.
3 changes: 3 additions & 0 deletions spdmlib/src/common/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1138,6 +1138,7 @@ pub struct SpdmConfigInfo {
pub max_spdm_msg_size: u32,
pub heartbeat_period: u8, // used by responder only
pub secure_spdm_version: [Option<SecuredMessageVersion>; MAX_SECURE_SPDM_VERSION_COUNT],
pub multi_key_conn: bool, // spdm 1.3
}

#[derive(Debug, Default)]
Expand All @@ -1161,6 +1162,8 @@ pub struct SpdmNegotiateInfo {
pub req_max_spdm_msg_size_sel: u32, // spdm 1.2
pub rsp_data_transfer_size_sel: u32, // spdm 1.2
pub rsp_max_spdm_msg_size_sel: u32, // spdm 1.2
pub multi_key_conn_req: bool, // spdm 1.3
pub multi_key_conn_rsp: bool, // spdm 1.3
}

pub const MAX_MANAGED_BUFFER_A_SIZE: usize = 150 + 2 * 255; // for version response, there can be more than MAX_SPDM_VERSION_COUNT versions.
Expand Down
75 changes: 74 additions & 1 deletion spdmlib/src/requester/negotiate_algorithms_req.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,29 @@ impl RequesterContext {

pub fn encode_spdm_algorithm(&mut self, buf: &mut [u8]) -> SpdmResult<usize> {
let mut other_params_support = SpdmAlgoOtherParams::default();
other_params_support.set_opaque_support(self.common.config_info.opaque_support);

if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 {
other_params_support.set_opaque_support(self.common.config_info.opaque_support);
}
if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion13 {
if self
.common
.negotiate_info
.rsp_capabilities_sel
.contains(SpdmResponseCapabilityFlags::MULTI_KEY_CAP_ONLY)
{
other_params_support.insert(SpdmAlgoOtherParams::MULTI_KEY_CONN);
}
if self
.common
.negotiate_info
.rsp_capabilities_sel
.contains(SpdmResponseCapabilityFlags::MULTI_KEY_CAP_CONN_SEL)
&& self.common.config_info.multi_key_conn
{
other_params_support.insert(SpdmAlgoOtherParams::MULTI_KEY_CONN);
}
}

let mut alg_struct_count = 0;
let mut alg_struct: [SpdmAlgStruct; MAX_SUPPORTED_ALG_STRUCTURE_COUNT] =
Expand Down Expand Up @@ -108,6 +130,57 @@ impl RequesterContext {
self.common.negotiate_info.opaque_data_support =
algorithms.other_params_selection.get_opaque_support();

if self.common.negotiate_info.spdm_version_sel
>= SpdmVersion::SpdmVersion13
{
if self
.common
.negotiate_info
.rsp_capabilities_sel
.contains(SpdmResponseCapabilityFlags::MULTI_KEY_CAP_ONLY)
{
self.common.negotiate_info.multi_key_conn_rsp = true;
} else if self
.common
.negotiate_info
.rsp_capabilities_sel
.contains(SpdmResponseCapabilityFlags::MULTI_KEY_CAP_CONN_SEL)
{
self.common.negotiate_info.multi_key_conn_rsp =
self.common.config_info.multi_key_conn;
} else {
self.common.negotiate_info.multi_key_conn_rsp = false;
}

if algorithms
.other_params_selection
.contains(SpdmAlgoOtherParams::MULTI_KEY_CONN)
{
if !self
.common
.config_info
.req_capabilities
.contains(SpdmRequestCapabilityFlags::MULTI_KEY_CAP_ONLY)
&& !self.common.config_info.req_capabilities.contains(
SpdmRequestCapabilityFlags::MULTI_KEY_CAP_CONN_SEL,
)
{
return Err(SPDM_STATUS_NEGOTIATION_FAIL);
}
self.common.negotiate_info.multi_key_conn_req = true;
} else {
if self
.common
.config_info
.req_capabilities
.contains(SpdmRequestCapabilityFlags::MULTI_KEY_CAP_ONLY)
{
return Err(SPDM_STATUS_NEGOTIATION_FAIL);
}
self.common.negotiate_info.multi_key_conn_req = false;
}
}

self.common.negotiate_info.measurement_hash_sel =
algorithms.measurement_hash_algo;
if algorithms.base_hash_sel.bits() == 0 {
Expand Down
77 changes: 77 additions & 0 deletions spdmlib/src/responder/algorithm_rsp.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,64 @@ impl ResponderContext {
other_params_support = negotiate_algorithms.other_params_support;
self.common.negotiate_info.measurement_specification_sel =
negotiate_algorithms.measurement_specification;

if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion13 {
if self
.common
.negotiate_info
.req_capabilities_sel
.contains(SpdmRequestCapabilityFlags::MULTI_KEY_CAP_ONLY)
{
self.common.negotiate_info.multi_key_conn_req = true;
} else if self
.common
.negotiate_info
.req_capabilities_sel
.contains(SpdmRequestCapabilityFlags::MULTI_KEY_CAP_CONN_SEL)
{
self.common.negotiate_info.multi_key_conn_req =
self.common.config_info.multi_key_conn;
} else {
self.common.negotiate_info.multi_key_conn_req = false;
}
if negotiate_algorithms
.other_params_support
.contains(SpdmAlgoOtherParams::MULTI_KEY_CONN)
{
if !self
.common
.config_info
.rsp_capabilities
.contains(SpdmResponseCapabilityFlags::MULTI_KEY_CAP_ONLY)
&& !self
.common
.config_info
.rsp_capabilities
.contains(SpdmResponseCapabilityFlags::MULTI_KEY_CAP_CONN_SEL)
{
self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer);
return (
Err(SPDM_STATUS_INVALID_MSG_FIELD),
Some(writer.used_slice()),
);
}
self.common.negotiate_info.multi_key_conn_rsp = true;
} else {
if self
.common
.config_info
.rsp_capabilities
.contains(SpdmResponseCapabilityFlags::MULTI_KEY_CAP_ONLY)
{
self.write_spdm_error(SpdmErrorCode::SpdmErrorInvalidRequest, 0, writer);
return (
Err(SPDM_STATUS_INVALID_MSG_FIELD),
Some(writer.used_slice()),
);
}
self.common.negotiate_info.multi_key_conn_rsp = false;
}
}
self.common.negotiate_info.base_hash_sel = negotiate_algorithms.base_hash_algo;
self.common.negotiate_info.base_asym_sel = negotiate_algorithms.base_asym_algo;
for alg in negotiate_algorithms
Expand Down Expand Up @@ -212,6 +270,25 @@ impl ResponderContext {
self.common.config_info.opaque_support & other_params_support.get_opaque_support();
other_params_support.set_opaque_support(opaque_data_supported);
self.common.negotiate_info.opaque_data_support = opaque_data_supported;
if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion13 {
if self
.common
.negotiate_info
.req_capabilities_sel
.contains(SpdmRequestCapabilityFlags::MULTI_KEY_CAP_ONLY)
{
other_params_support.insert(SpdmAlgoOtherParams::MULTI_KEY_CONN);
}
if self
.common
.negotiate_info
.req_capabilities_sel
.contains(SpdmRequestCapabilityFlags::MULTI_KEY_CAP_CONN_SEL)
&& self.common.config_info.multi_key_conn
{
other_params_support.insert(SpdmAlgoOtherParams::MULTI_KEY_CONN);
}
}

let response = SpdmMessage {
header: SpdmMessageHeader {
Expand Down

0 comments on commit d6a0e8f

Please sign in to comment.