Add SPDM 1.3 new feature:get_key_pair_info

Refer the issue:#2293

Signed-off-by: Wenxing Hou <[email protected]>

doc/api/common_api.md

@@ -352,6 +352,8 @@ Enumeration value used for the `libspdm_set_data` and/or `libspdm_get_data` func
         - If `false` then Responder does not support multi-key capabilities and only supports a
           single asymmetric key during the connection.
     - Only `LIBSPDM_DATA_LOCATION_CONNECTION` is allowed.
+- `LIBSPDM_DATA_TOTAL_KEY_PAIRS`
+    - the total number of key pairs on the responder.
 
 ### Values that can only be `get`.
 

doc/user_guide.md

@@ -421,6 +421,12 @@ Refer to spdm_server_init() in [spdm_responder.c](https://github.com/DMTF/spdm-e
 
    1.7, if PSK is required, optionally deploy PSK Hint in the call to libspdm_start_session().
 
+   1.8, if Responder sets GET_KEY_PAIR_INFO_CAP then LIBSPDM_DATA_TOTAL_KEY_PAIRS must be set.
+   ```
+   parameter.location = LIBSPDM_DATA_LOCATION_LOCAL;
+   libspdm_set_data (spdm_context, LIBSPDM_DATA_TOTAL_KEY_PAIRS, &parameter, total_key_pairs, total_key_pairs_size);
+   ```
+
 2. Dispatch SPDM messages.
 
    ```

include/hal/library/responder/key_pair_info.h

@@ -0,0 +1,48 @@
+/**
+ *  Copyright Notice:
+ *  Copyright 2024 DMTF. All rights reserved.
+ *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
+ **/
+
+#ifndef RESPONDER_KEY_PAIR_INFO_H
+#define RESPONDER_KEY_PAIR_INFO_H
+
+#include "hal/base.h"
+#include "internal/libspdm_lib_config.h"
+#include "industry_standard/spdm.h"
+
+#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
+
+/**
+ * read the key pair info of the key_pair_id.
+ *
+ * @param  spdm_context               A pointer to the SPDM context.
+ * @param  key_pair_id                Indicate which key pair ID's information to retrieve.
+ *
+ * @param  capabilities               Indicate the capabilities of the requested key pairs.
+ * @param  key_usage_capabilities     Indicate the key usages the responder allows.
+ * @param  current_key_usage          Indicate the currently configured key usage for the requested key pairs ID.
+ * @param  asym_algo_capabilities     Indicate the asymmetric algorithms the Responder supports for this key pair ID.
+ * @param  current_asym_algo          Indicate the currently configured asymmetric algorithm for this key pair ID.
+ * @param  assoc_cert_slot_mask       This field is a bit mask representing the currently associated certificate slots.
+ * @param  public_key_info_len        On input, indicate the size in bytes of the destination buffer to store.
+ *                                    On output, indicate the size in bytes of the public_key_info.
+ * @param  public_key_info            A pointer to a destination buffer to store the public_key_info.
+ *
+ * @retval true  get key pair info successfully.
+ * @retval false get key pair info failed.
+ **/
+extern bool libspdm_read_key_pair_info(
+    void *spdm_context,
+    uint8_t key_pair_id,
+    uint16_t *capabilities,
+    uint16_t *key_usage_capabilities,
+    uint16_t *current_key_usage,
+    uint32_t *asym_algo_capabilities,
+    uint32_t *current_asym_algo,
+    uint8_t *assoc_cert_slot_mask,
+    uint16_t *public_key_info_len,
+    uint8_t *public_key_info);
+#endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */
+
+#endif /* RESPONDER_KEY_PAIR_INFO_H */

include/industry_standard/spdm.h

@@ -57,6 +57,7 @@
 /* SPDM response code (1.3) */
 #define SPDM_SUPPORTED_EVENT_TYPES 0x62
 #define SPDM_MEASUREMENT_EXTENSION_LOG 0x6F
+#define SPDM_KEY_PAIR_INFO 0x7C
 
 /* SPDM request code (1.0) */
 #define SPDM_GET_DIGESTS 0x81
@@ -89,6 +90,7 @@
 /* SPDM request code (1.3) */
 #define SPDM_GET_SUPPORTED_EVENT_TYPES 0xE2
 #define SPDM_GET_MEASUREMENT_EXTENSION_LOG 0xEF
+#define SPDM_GET_KEY_PAIR_INFO 0xFC
 
 /* SPDM message header*/
 typedef struct {
@@ -508,13 +510,21 @@ typedef uint8_t spdm_certificate_info_t;
 #define SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT 0x3
 
 typedef uint16_t spdm_key_usage_bit_mask_t;
-#define SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE 0x1
-#define SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE 0x2
-#define SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE 0x4
-#define SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE 0x8
+#define SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE 0x0001
+#define SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE 0x0002
+#define SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE 0x0004
+#define SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE 0x0008
 #define SPDM_KEY_USAGE_BIT_MASK_STANDARDS_KEY_USE 0x4000
 #define SPDM_KEY_USAGE_BIT_MASK_VENDOR_KEY_USE 0x8000
 
+#define SPDM_KEY_USAGE_BIT_MASK ( \
+        SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE | \
+        SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE | \
+        SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE | \
+        SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE | \
+        SPDM_KEY_USAGE_BIT_MASK_STANDARDS_KEY_USE | \
+        SPDM_KEY_USAGE_BIT_MASK_VENDOR_KEY_USE)
+
 /* SPDM GET_CERTIFICATE request */
 typedef struct {
     spdm_message_header_t header;
@@ -1214,6 +1224,76 @@ typedef struct {
     /*uint8_t                mel[portion_length];*/
 } spdm_measurement_extension_log_response_t;
 
+/* Key pair capabilities */
+#define SPDM_KEY_PAIR_CAP_GEN_KEY_CAP 0x00000001
+#define SPDM_KEY_PAIR_CAP_ERASABLE_CAP 0x00000002
+#define SPDM_KEY_PAIR_CAP_CERT_ASSOC_CAP 0x00000004
+#define SPDM_KEY_PAIR_CAP_KEY_USAGE_CAP 0x00000008
+#define SPDM_KEY_PAIR_CAP_ASYM_ALGO_CAP 0x00000010
+#define SPDM_KEY_PAIR_CAP_SHAREABLE_CAP 0x00000020
+#define SPDM_KEY_PAIR_CAP_MASK ( \
+        SPDM_KEY_PAIR_CAP_GEN_KEY_CAP | \
+        SPDM_KEY_PAIR_CAP_ERASABLE_CAP | \
+        SPDM_KEY_PAIR_CAP_CERT_ASSOC_CAP | \
+        SPDM_KEY_PAIR_CAP_KEY_USAGE_CAP | \
+        SPDM_KEY_PAIR_CAP_ASYM_ALGO_CAP | \
+        SPDM_KEY_PAIR_CAP_SHAREABLE_CAP)
+
+/* Key pair asym algorithm capabilities */
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048 0x00000001
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA3072 0x00000002
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA4096 0x00000004
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC256 0x00000008
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC384 0x00000010
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC521 0x00000020
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_SM2 0x00000040
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED25519 0x00000080
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED448 0x00000100
+#define SPDM_KEY_PAIR_ASYM_ALGO_CAP_MASK ( \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048 | \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA3072 | \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA4096 | \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC256 | \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC384 | \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC521 | \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_SM2 | \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED25519 | \
+        SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED448)
+
+/**
+ * The Max len of DER encoding of the AlgorithmIdentifier structure in an X.509 v3 certificate.
+ * The RSA public key info len is 15.
+ * The ecp256 public key info len is 21.
+ * The ecp384 public key info len is 18.
+ * The ecp521 public key info len is 18.
+ * The sm2 public key info len is 21.
+ * The ed25519 public key info len is 7.
+ * The ed448 public key info len is 7.
+ **/
+#define SPDM_MAX_PUBLIC_KEY_INFO_LEN 65535
+
+/* SPDM GET_KEY_PAIR_INFO request */
+typedef struct {
+    spdm_message_header_t header;
+    /* param1 == RSVD
+     * param2 == RSVD*/
+    uint8_t key_pair_id;
+} spdm_get_key_pair_info_request_t;
+
+typedef struct {
+    spdm_message_header_t header;
+    uint8_t total_key_pairs;
+    uint8_t key_pair_id;
+    uint16_t capabilities;
+    uint16_t key_usage_capabilities;
+    uint16_t current_key_usage;
+    uint32_t asym_algo_capabilities;
+    uint32_t current_asym_algo;
+    uint16_t public_key_info_len;
+    uint8_t assoc_cert_slot_mask;
+    /*uint8_t public_key_info[public_key_info_len];*/
+} spdm_key_pair_info_response_t;
+
 #pragma pack()
 
 #define SPDM_VERSION_1_1_BIN_CONCAT_LABEL "spdm1.1 "

include/internal/libspdm_common_lib.h

@@ -18,6 +18,7 @@
 #include "hal/library/responder/asymsignlib.h"
 #include "hal/library/responder/csrlib.h"
 #include "hal/library/responder/measlib.h"
+#include "hal/library/responder/key_pair_info.h"
 #include "hal/library/responder/psklib.h"
 #include "hal/library/responder/setcertlib.h"
 #include "hal/library/eventlib.h"
@@ -113,6 +114,8 @@ typedef struct {
 
     /*The device role*/
     bool is_requester;
+
+    uint8_t total_key_pairs;
 } libspdm_local_context_t;
 
 typedef struct {

include/internal/libspdm_responder_lib.h

@@ -938,4 +938,10 @@ bool libspdm_generate_measurement_signature(libspdm_context_t *spdm_context,
                                             uint8_t *signature);
 #endif /* LIBSPDM_ENABLE_CAPABILITY_MEAS_CAP*/
 
+#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
+libspdm_return_t libspdm_get_response_key_pair_info(libspdm_context_t *spdm_context,
+                                                    size_t request_size, const void *request,
+                                                    size_t *response_size, void *response);
+#endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */
+
 #endif /* SPDM_RESPONDER_LIB_INTERNAL_H */

include/library/spdm_common_lib.h

@@ -154,6 +154,8 @@ typedef enum {
     LIBSPDM_DATA_MULTI_KEY_CONN_REQ,
     LIBSPDM_DATA_MULTI_KEY_CONN_RSP,
 
+    LIBSPDM_DATA_TOTAL_KEY_PAIRS,
+
     /* MAX */
     LIBSPDM_DATA_MAX
 } libspdm_data_type_t;

include/library/spdm_lib_config.h

@@ -74,6 +74,10 @@
 #define LIBSPDM_ENABLE_CAPABILITY_EVENT_CAP 1
 #endif
 
+#ifndef LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
+#define LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP 1
+#endif
+
 /* Includes SPDM 1.3 features for CSR messages. If enabled then LIBSPDM_ENABLE_CAPABILITY_CSR_CAP
  * must also be enabled.
  */

include/library/spdm_requester_lib.h

@@ -370,6 +370,40 @@ libspdm_return_t libspdm_get_measurement_extension_log(void *spdm_context,
                                                        void *measure_exten_log);
 #endif /* LIBSPDM_ENABLE_CAPABILITY_MEL_CAP */
 
+#if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
+/**
+ * This function sends GET_KEY_PAIR_INFO to get key pair info from device.
+ *
+ * @param  spdm_context               A pointer to the SPDM context.
+ * @param  session_id                 Indicates if it is a secured message protected via SPDM session.
+ *                                    If session_id is NULL, it is a normal message.
+ *                                    If session_id is not NULL, it is a secured message.
+ * @param  key_pair_id                Indicate which key pair ID's information to retrieve.
+ *
+ * @param  total_key_pairs            Indicate the total number of key pairs on the responder.
+ * @param  capabilities               Indicate the capabilities of the requested key pairs.
+ * @param  key_usage_capabilities     Indicate the key usages the responder allows.
+ * @param  current_key_usage          Indicate the currently configured key usage for the requested key pairs ID.
+ * @param  asym_algo_capabilities     Indicate the asymmetric algorithms the Responder supports for this key pair ID.
+ * @param  current_asym_algo          Indicate the currently configured asymmetric algorithm for this key pair ID.
+ * @param  assoc_cert_slot_mask       This field is a bit mask representing the currently associated certificate slots.
+ * @param  public_key_info_len        On input, indicate the size in bytes of the destination buffer to store.
+ *                                    On output, indicate the size in bytes of the public_key_info.
+ * @param  public_key_info            A pointer to a destination buffer to store the public_key_info.
+ **/
+libspdm_return_t libspdm_get_key_pair_info(void *spdm_context, const uint32_t *session_id,
+                                           uint8_t key_pair_id, uint8_t *total_key_pairs,
+                                           uint16_t *capabilities,
+                                           uint16_t *key_usage_capabilities,
+                                           uint16_t *current_key_usage,
+                                           uint32_t *asym_algo_capabilities,
+                                           uint32_t *current_asym_algo,
+                                           uint8_t *assoc_cert_slot_mask,
+                                           uint16_t *public_key_info_len,
+                                           void *public_key_info
+                                           );
+#endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */
+
 #if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_CAP)
 /**
  * This function sends KEY_EXCHANGE/FINISH or PSK_EXCHANGE/PSK_FINISH

library/spdm_common_lib/libspdm_com_context_data.c

@@ -790,6 +790,15 @@ libspdm_return_t libspdm_set_data(void *spdm_context, libspdm_data_type_t data_t
         }
         context->connection_info.multi_key_conn_rsp = *(bool *)data;
         break;
+    case LIBSPDM_DATA_TOTAL_KEY_PAIRS:
+        if (data_size != sizeof(uint8_t)) {
+            return LIBSPDM_STATUS_INVALID_PARAMETER;
+        }
+        if (parameter->location != LIBSPDM_DATA_LOCATION_LOCAL) {
+            return LIBSPDM_STATUS_INVALID_PARAMETER;
+        }
+        context->local_context.total_key_pairs = *(uint8_t *)data;
+        break;
     default:
         return LIBSPDM_STATUS_UNSUPPORTED_CAP;
         break;
@@ -1146,6 +1155,13 @@ libspdm_return_t libspdm_get_data(void *spdm_context, libspdm_data_type_t data_t
         target_data_size = sizeof(bool);
         target_data = &context->connection_info.multi_key_conn_rsp;
         break;
+    case LIBSPDM_DATA_TOTAL_KEY_PAIRS:
+        if (parameter->location != LIBSPDM_DATA_LOCATION_LOCAL) {
+            return LIBSPDM_STATUS_INVALID_PARAMETER;
+        }
+        target_data_size = sizeof(uint8_t);
+        target_data = &context->local_context.total_key_pairs;
+        break;
     default:
         return LIBSPDM_STATUS_UNSUPPORTED_CAP;
         break;

library/spdm_requester_lib/CMakeLists.txt

@@ -38,4 +38,5 @@ target_sources(spdm_requester_lib
         libspdm_req_get_csr.c
         libspdm_req_vendor_request.c
         libspdm_req_get_measurement_extension_log.c
+        libspdm_req_get_key_pair_info.c
 )