Add SPDM 1.3 new feature:get_key_pair_info

Refer the issue:#2293

Signed-off-by: Wenxing Hou <[email protected]>

include/industry_standard/spdm.h

@@ -57,6 +57,7 @@
 /* SPDM response code (1.3) */
 #define SPDM_SUPPORTED_EVENT_TYPES 0x62
 #define SPDM_MEASUREMENT_EXTENSION_LOG 0x6F
+#define SPDM_KEY_PAIR_INFO 0x7C
 
 /* SPDM request code (1.0) */
 #define SPDM_GET_DIGESTS 0x81
@@ -89,6 +90,7 @@
 /* SPDM request code (1.3) */
 #define SPDM_GET_SUPPORTED_EVENT_TYPES 0xE2
 #define SPDM_GET_MEASUREMENT_EXTENSION_LOG 0xEF
+#define SPDM_GET_KEY_PAIR_INFO 0xFC
 
 /* SPDM message header*/
 typedef struct {
@@ -515,6 +517,14 @@ typedef uint16_t spdm_key_usage_bit_mask_t;
 #define SPDM_KEY_USAGE_BIT_MASK_STANDARDS_KEY_USE 0x4000
 #define SPDM_KEY_USAGE_BIT_MASK_VENDOR_KEY_USE 0x8000
 
+#define SPDM_KEY_USAGE_BIT_MASK ( \
+        SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE | \
+        SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE | \
+        SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE | \
+        SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE | \
+        SPDM_KEY_USAGE_BIT_MASK_STANDARDS_KEY_USE | \
+        SPDM_KEY_USAGE_BIT_MASK_VENDOR_KEY_USE)
+
 /* SPDM GET_CERTIFICATE request */
 typedef struct {
     spdm_message_header_t header;
@@ -1214,6 +1224,64 @@ typedef struct {
     /*uint8_t                mel[portion_length];*/
 } spdm_measurement_extension_log_response_t;
 
+/* Key pair capabilities */
+#define SPDM_KEY_PAIR_CAP_GEN_KEY_CAP 0x00000001
+#define SPDM_KEY_PAIR_CAP_ERASABLE_CAP 0x00000002
+#define SPDM_KEY_PAIR_CAP_CERT_ASSOC_CAP 0x00000004
+#define SPDM_KEY_PAIR_CAP_KEY_USAGE_CAP 0x00000008
+#define SPDM_KEY_PAIR_CAP_ASYM_ALGO_CAP 0x00000010
+#define SPDM_KEY_PAIR_CAP_SHAREABLE_CAP 0x00000020
+#define SPDM_KEY_PAIR_CAP_MASK ( \
+        SPDM_KEY_PAIR_CAP_GEN_KEY_CAP | \
+        SPDM_KEY_PAIR_CAP_ERASABLE_CAP | \
+        SPDM_KEY_PAIR_CAP_CERT_ASSOC_CAP | \
+        SPDM_KEY_PAIR_CAP_KEY_USAGE_CAP | \
+        SPDM_KEY_PAIR_CAP_ASYM_ALGO_CAP | \
+        SPDM_KEY_PAIR_CAP_SHAREABLE_CAP)
+
+/* Key pair asym algorithm capabilities */
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048 0x00000001
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA3072 0x00000002
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA4096 0x00000004
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC256 0x00000008
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC384 0x00000010
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC521 0x00000020
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_SM2 0x00000040
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED25519 0x00000080
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED448 0x00000100
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_MASK ( \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048 | \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA3072 | \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA4096 | \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC256 | \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC384 | \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC521 | \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_SM2 | \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED25519 | \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED448)
+
+/* SPDM GET_KEY_PAIR_INFO request */
+typedef struct {
+    spdm_message_header_t header;
+    /* param1 == RSVD
+     * param2 == RSVD*/
+    uint8_t key_pair_id;
+} spdm_get_key_pair_info_request_t;
+
+typedef struct {
+    spdm_message_header_t header;
+    uint8_t total_key_pairs;
+    uint8_t key_pair_id;
+    uint16_t capabilities;
+    uint16_t key_usage_capabilities;
+    uint16_t current_key_usage;
+    uint32_t asym_algo_capabilities;
+    uint32_t current_asym_algo;
+    uint16_t public_key_info_len;
+    uint8_t assoc_cert_slot_mask;
+    /*uint8_t public_key_info[public_key_info_len];*/
+} spdm_key_pair_info_response_t;
+
 #pragma pack()
 
 #define SPDM_VERSION_1_1_BIN_CONCAT_LABEL "spdm1.1 "

include/internal/libspdm_common_lib.h

@@ -78,6 +78,17 @@ typedef struct {
 #endif
 } libspdm_peer_used_cert_chain_t;
 
+typedef struct {
+    uint16_t capabilities;
+    uint16_t key_usage_capabilities;
+    uint16_t current_key_usage;
+    uint32_t asym_algo_capabilities;
+    uint32_t current_asym_algo;
+    uint16_t public_key_info_len;
+    uint8_t assoc_cert_slot_mask;
+    uint8_t public_key_info[LIBSPDM_MAX_PUBLIC_KEY_INFO_LEN];
+} libspdm_key_pair_info_t;
+
 typedef struct {
     /* Local device info */
     libspdm_device_version_t version;
@@ -113,6 +124,10 @@ typedef struct {
 
     /*The device role*/
     bool is_requester;
+
+    /*responder key pair info*/
+    libspdm_key_pair_info_t key_pair_info[LIBSPDM_MAX_KEY_PAIR_COUNT];
+    uint8_t total_key_pairs;
 } libspdm_local_context_t;
 
 typedef struct {
@@ -150,6 +165,10 @@ typedef struct {
     /* multi-key negotiated result */
     bool multi_key_conn_req;
     bool multi_key_conn_rsp;
+
+    /*responder key pair info*/
+    libspdm_key_pair_info_t key_pair_info[LIBSPDM_MAX_KEY_PAIR_COUNT];
+    uint8_t total_key_pairs;
 } libspdm_connection_info_t;
 
 typedef struct {

include/internal/libspdm_responder_lib.h

@@ -938,4 +938,11 @@ bool libspdm_generate_measurement_signature(libspdm_context_t *spdm_context,
                                             uint8_t *signature);
 #endif /* LIBSPDM_ENABLE_CAPABILITY_MEAS_CAP*/
 
+#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
+libspdm_return_t libspdm_get_response_key_pair_info(libspdm_context_t *spdm_context,
+                                                    size_t request_size, const void *request,
+                                                    size_t *response_size, void *response);
+
+#endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */
+
 #endif /* SPDM_RESPONDER_LIB_INTERNAL_H */

include/library/spdm_lib_config.h

@@ -74,6 +74,10 @@
 #define LIBSPDM_ENABLE_CAPABILITY_EVENT_CAP 1
 #endif
 
+#ifndef LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
+#define LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP 1
+#endif
+
 /* Includes SPDM 1.3 features for CSR messages. If enabled then LIBSPDM_ENABLE_CAPABILITY_CSR_CAP
  * must also be enabled.
  */
@@ -205,6 +209,14 @@
 #define LIBSPDM_MAX_MEL_BLOCK_LEN 1024
 #endif
 
+#ifndef LIBSPDM_MAX_KEY_PAIR_COUNT
+#define LIBSPDM_MAX_KEY_PAIR_COUNT 16
+#endif
+
+#ifndef LIBSPDM_MAX_PUBLIC_KEY_INFO_LEN
+#define LIBSPDM_MAX_PUBLIC_KEY_INFO_LEN 32
+#endif
+
 /* To ensure integrity in communication between the Requester and the Responder libspdm calculates
  * cryptographic digests and signatures over multiple requests and responses. This value specifies
  * whether libspdm will use a running calculation over the transcript, where requests and responses
@@ -333,8 +345,6 @@
 #define LIBSPDM_CERT_PARSE_SUPPORT 1
 #endif
 
-
-
 /*
  * MinDataTransferSize = 42
  *

include/library/spdm_requester_lib.h

@@ -370,6 +370,11 @@ libspdm_return_t libspdm_get_measurement_extension_log(void *spdm_context,
                                                        void *measure_exten_log);
 #endif /* LIBSPDM_ENABLE_CAPABILITY_MEL_CAP */
 
+#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
+libspdm_return_t libspdm_get_key_pair_info(void *spdm_context, const uint32_t *session_id,
+                                           uint8_t key_pair_id);
+#endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */
+
 #if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_CAP)
 /**
  * This function sends KEY_EXCHANGE/FINISH or PSK_EXCHANGE/PSK_FINISH

library/spdm_common_lib/libspdm_com_context_data.c

@@ -503,6 +503,7 @@ libspdm_return_t libspdm_set_data(void *spdm_context, libspdm_data_type_t data_t
             return LIBSPDM_STATUS_INVALID_PARAMETER;
         }
         context->local_context.local_key_pair_id[slot_id] = *(spdm_key_pair_id_t *)data;
+        context->local_context.total_key_pairs++;
         break;
     case LIBSPDM_DATA_LOCAL_CERT_INFO:
         if (parameter->location != LIBSPDM_DATA_LOCATION_LOCAL) {

library/spdm_requester_lib/CMakeLists.txt

@@ -38,4 +38,5 @@ target_sources(spdm_requester_lib
         libspdm_req_get_csr.c
         libspdm_req_vendor_request.c
         libspdm_req_get_measurement_extension_log.c
+        libspdm_req_get_key_pair_info.c
 )