Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2024-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include <stdarg.h>
8 : #include <stddef.h>
9 : #include <setjmp.h>
10 : #include <stdint.h>
11 : #include <stdlib.h>
12 : #include <stdio.h>
13 : #include <assert.h>
14 : #include <string.h>
15 :
16 : #include <base.h>
17 : #include "library/memlib.h"
18 : #include "spdm_device_secret_lib_internal.h"
19 : #include "internal/libspdm_common_lib.h"
20 :
21 : #if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
22 :
23 : #define LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK SPDM_KEY_PAIR_ASYM_ALGO_CAP_MASK
24 :
25 : #define LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK ( \
26 : SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_ML_DSA_44 | \
27 : SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_ML_DSA_65 | \
28 : SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_ML_DSA_87)
29 :
30 : typedef struct {
31 : uint16_t capabilities;
32 : uint16_t key_usage_capabilities;
33 : uint16_t current_key_usage;
34 : uint32_t asym_algo_capabilities;
35 : uint32_t current_asym_algo;
36 : uint32_t pqc_asym_algo_capabilities;
37 : uint32_t current_pqc_asym_algo;
38 : uint16_t public_key_info_len;
39 : uint8_t assoc_cert_slot_mask;
40 : uint8_t public_key_info[SPDM_MAX_PUBLIC_KEY_INFO_LEN];
41 : } libspdm_key_pair_info_t;
42 :
43 : #define LIBSPDM_MAX_KEY_PAIR_COUNT (9 + 3)
44 :
45 : libspdm_key_pair_info_t m_key_pair_info[LIBSPDM_MAX_KEY_PAIR_COUNT];
46 :
47 : uint8_t m_total_key_pair_count = 0;
48 :
49 1 : void libspdm_init_key_pair_info() {
50 : #if (LIBSPDM_RSA_SSA_SUPPORT || LIBSPDM_RSA_PSS_SUPPORT)
51 1 : uint8_t public_key_info_rsa[] = {0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
52 : 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00};
53 : #endif
54 : #if LIBSPDM_ECDSA_P256_SUPPORT
55 1 : uint8_t public_key_info_ecp256[] = {0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
56 : 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
57 : 0x03, 0x01, 0x07};
58 : #endif
59 : #if LIBSPDM_ECDSA_P384_SUPPORT
60 1 : uint8_t public_key_info_ecp384[] = {0x30, 0x10, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
61 : 0x02, 0x01, 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22};
62 : #endif
63 : #if LIBSPDM_ECDSA_P521_SUPPORT
64 1 : uint8_t public_key_info_ecp521[] = {0x30, 0x10, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
65 : 0x02, 0x01, 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23};
66 : #endif
67 : #if LIBSPDM_SM2_DSA_P256_SUPPORT
68 : uint8_t public_key_info_sm2[] = {0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
69 : 0x02, 0x01, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55,
70 : 0x01, 0x82, 0x2D};
71 : #endif
72 : #if LIBSPDM_EDDSA_ED25519_SUPPORT
73 : uint8_t public_key_info_ed25519[] = {0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70};
74 : #endif
75 : #if LIBSPDM_EDDSA_ED448_SUPPORT
76 : uint8_t public_key_info_ed448[] = {0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x71};
77 : #endif
78 : #if LIBSPDM_ML_DSA_44_SUPPORT
79 : uint8_t public_key_info_mldsa44[] = {0x30, 0x0A, 0x06, 0x09,
80 : /* 2.16.840.1.101.3.4.3.17 */
81 : 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x11};
82 : #endif
83 : #if LIBSPDM_ML_DSA_65_SUPPORT
84 : uint8_t public_key_info_mldsa65[] = {0x30, 0x0A, 0x06, 0x09,
85 : /* 2.16.840.1.101.3.4.3.18 */
86 : 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x12};
87 : #endif
88 : #if LIBSPDM_ML_DSA_87_SUPPORT
89 : uint8_t public_key_info_mldsa87[] = {0x30, 0x0A, 0x06, 0x09,
90 : /* 2.16.840.1.101.3.4.3.19 */
91 : 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x13};
92 : #endif
93 1 : uint8_t index = 0;
94 : /*provisioned key pair info*/
95 :
96 : #if (LIBSPDM_RSA_SSA_2048_SUPPORT || LIBSPDM_RSA_PSS_2048_SUPPORT)
97 : /*key_pair_id 1*/
98 1 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
99 1 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
100 1 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
101 1 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
102 1 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
103 1 : m_key_pair_info[index].assoc_cert_slot_mask = 0x01;
104 1 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
105 1 : m_key_pair_info[index].current_pqc_asym_algo = 0;
106 1 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_rsa);
107 1 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
108 1 : m_key_pair_info[index].public_key_info_len,
109 1 : public_key_info_rsa, m_key_pair_info[index].public_key_info_len);
110 1 : index++;
111 : #endif
112 :
113 : #if (LIBSPDM_RSA_SSA_3072_SUPPORT || LIBSPDM_RSA_PSS_3072_SUPPORT)
114 : /*key_pair_id 2*/
115 1 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
116 1 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
117 1 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
118 1 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
119 1 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
120 1 : m_key_pair_info[index].assoc_cert_slot_mask = 0x02;
121 1 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA3072;
122 1 : m_key_pair_info[index].current_pqc_asym_algo = 0;
123 1 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_rsa);
124 1 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
125 1 : m_key_pair_info[index].public_key_info_len,
126 1 : public_key_info_rsa, m_key_pair_info[index].public_key_info_len);
127 1 : index++;
128 : #endif
129 :
130 : #if (LIBSPDM_RSA_SSA_4096_SUPPORT || LIBSPDM_RSA_PSS_4096_SUPPORT)
131 : /*key_pair_id 3*/
132 1 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
133 1 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
134 1 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
135 1 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
136 1 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
137 1 : m_key_pair_info[index].assoc_cert_slot_mask = 0x04;
138 1 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA4096;
139 1 : m_key_pair_info[index].current_pqc_asym_algo = 0;
140 1 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_rsa);
141 1 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
142 1 : m_key_pair_info[index].public_key_info_len,
143 1 : public_key_info_rsa, m_key_pair_info[index].public_key_info_len);
144 1 : index++;
145 : #endif
146 :
147 : #if LIBSPDM_ECDSA_P256_SUPPORT
148 : /*key_pair_id 4*/
149 1 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
150 1 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
151 1 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
152 1 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
153 1 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
154 1 : m_key_pair_info[index].assoc_cert_slot_mask = 0x08;
155 1 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC256;
156 1 : m_key_pair_info[index].current_pqc_asym_algo = 0;
157 1 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_ecp256);
158 1 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
159 1 : m_key_pair_info[index].public_key_info_len,
160 1 : public_key_info_ecp256, m_key_pair_info[index].public_key_info_len);
161 1 : index++;
162 : #endif
163 :
164 : #if LIBSPDM_ECDSA_P384_SUPPORT
165 : /*key_pair_id 5*/
166 1 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
167 1 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
168 1 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
169 1 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
170 1 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
171 1 : m_key_pair_info[index].assoc_cert_slot_mask = 0x10;
172 1 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC384;
173 1 : m_key_pair_info[index].current_pqc_asym_algo = 0;
174 1 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_ecp384);
175 1 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
176 1 : m_key_pair_info[index].public_key_info_len,
177 1 : public_key_info_ecp384, m_key_pair_info[index].public_key_info_len);
178 1 : index++;
179 : #endif
180 :
181 : #if LIBSPDM_ECDSA_P521_SUPPORT
182 : /*key_pair_id 6*/
183 1 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
184 1 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
185 1 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
186 1 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
187 1 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
188 1 : m_key_pair_info[index].assoc_cert_slot_mask = 0x20;
189 1 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC521;
190 1 : m_key_pair_info[index].current_pqc_asym_algo = 0;
191 1 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_ecp521);
192 1 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
193 1 : m_key_pair_info[index].public_key_info_len,
194 1 : public_key_info_ecp521, m_key_pair_info[index].public_key_info_len);
195 1 : index++;
196 : #endif
197 :
198 : #if LIBSPDM_SM2_DSA_P256_SUPPORT
199 : /*key_pair_id 7*/
200 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
201 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
202 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
203 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
204 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
205 : m_key_pair_info[index].assoc_cert_slot_mask = 0x40;
206 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_SM2;
207 : m_key_pair_info[index].current_pqc_asym_algo = 0;
208 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_sm2);
209 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
210 : m_key_pair_info[index].public_key_info_len,
211 : public_key_info_sm2, m_key_pair_info[index].public_key_info_len);
212 : index++;
213 : #endif
214 :
215 : #if LIBSPDM_EDDSA_ED25519_SUPPORT
216 : /*key_pair_id 8*/
217 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
218 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
219 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
220 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
221 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
222 : m_key_pair_info[index].assoc_cert_slot_mask = 0x80;
223 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED25519;
224 : m_key_pair_info[index].current_pqc_asym_algo = 0;
225 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_ed25519);
226 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
227 : m_key_pair_info[index].public_key_info_len,
228 : public_key_info_ed25519, m_key_pair_info[index].public_key_info_len);
229 : index++;
230 : #endif
231 :
232 : #if LIBSPDM_EDDSA_ED448_SUPPORT
233 : /*key_pair_id 9*/
234 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
235 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
236 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
237 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
238 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
239 : m_key_pair_info[index].assoc_cert_slot_mask = 0x00;
240 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED448;
241 : m_key_pair_info[index].current_pqc_asym_algo = 0;
242 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_ed448);
243 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
244 : m_key_pair_info[index].public_key_info_len,
245 : public_key_info_ed448, m_key_pair_info[index].public_key_info_len);
246 : index++;
247 : #endif
248 :
249 : #if LIBSPDM_ML_DSA_44_SUPPORT
250 : /*key_pair_id 10 (PQC)*/
251 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
252 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
253 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
254 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
255 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
256 : m_key_pair_info[index].assoc_cert_slot_mask = 0x00;
257 : m_key_pair_info[index].current_asym_algo = 0;
258 : m_key_pair_info[index].current_pqc_asym_algo = SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_ML_DSA_44;
259 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_mldsa44);
260 : libspdm_copy_mem(m_key_pair_info[index].public_key_info, m_key_pair_info[index].public_key_info_len,
261 : public_key_info_mldsa44, sizeof(public_key_info_mldsa44));
262 : index++;
263 : #endif
264 :
265 : #if LIBSPDM_ML_DSA_65_SUPPORT
266 : /*key_pair_id 11 (PQC)*/
267 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
268 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
269 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
270 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
271 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
272 : m_key_pair_info[index].assoc_cert_slot_mask = 0x00;
273 : m_key_pair_info[index].current_asym_algo = 0;
274 : m_key_pair_info[index].current_pqc_asym_algo = SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_ML_DSA_65;
275 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_mldsa65);
276 : libspdm_copy_mem(m_key_pair_info[index].public_key_info, m_key_pair_info[index].public_key_info_len,
277 : public_key_info_mldsa65, sizeof(public_key_info_mldsa65));
278 : index++;
279 : #endif
280 :
281 : #if LIBSPDM_ML_DSA_87_SUPPORT
282 : /*key_pair_id 12 (PQC)*/
283 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
284 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
285 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
286 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
287 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
288 : m_key_pair_info[index].assoc_cert_slot_mask = 0x00;
289 : m_key_pair_info[index].current_asym_algo = 0;
290 : m_key_pair_info[index].current_pqc_asym_algo = SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_ML_DSA_87;
291 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_mldsa87);
292 : libspdm_copy_mem(m_key_pair_info[index].public_key_info, m_key_pair_info[index].public_key_info_len,
293 : public_key_info_mldsa87, sizeof(public_key_info_mldsa87));
294 : index++;
295 : #endif
296 :
297 1 : m_total_key_pair_count = index;
298 1 : }
299 :
300 60 : uint8_t libspdm_read_total_key_pairs ()
301 : {
302 60 : if (m_total_key_pair_count == 0) {
303 1 : libspdm_init_key_pair_info();
304 : }
305 60 : return m_total_key_pair_count;
306 : }
307 :
308 : /**
309 : * read the key pair info of the key_pair_id.
310 : *
311 : * @param spdm_context A pointer to the SPDM context.
312 : * @param key_pair_id Indicate which key pair ID's information to retrieve.
313 : *
314 : * @param capabilities Indicate the capabilities of the requested key pairs.
315 : * @param key_usage_capabilities Indicate the key usages the responder allows.
316 : * @param current_key_usage Indicate the currently configured key usage for the requested key pairs ID.
317 : * @param asym_algo_capabilities Indicate the asymmetric algorithms the Responder supports for this key pair ID.
318 : * @param current_asym_algo Indicate the currently configured asymmetric algorithm for this key pair ID.
319 : * @param assoc_cert_slot_mask This field is a bit mask representing the currently associated certificate slots.
320 : * @param public_key_info_len On input, indicate the size in bytes of the destination buffer to store.
321 : * On output, indicate the size in bytes of the public_key_info.
322 : * It can be NULL, if public_key_info is not required.
323 : * @param public_key_info A pointer to a destination buffer to store the public_key_info.
324 : * It can be NULL, if public_key_info is not required.
325 : *
326 : * @retval true get key pair info successfully.
327 : * @retval false get key pair info failed.
328 : **/
329 15 : bool libspdm_read_key_pair_info(
330 : void *spdm_context,
331 : uint8_t key_pair_id,
332 : uint16_t *capabilities,
333 : uint16_t *key_usage_capabilities,
334 : uint16_t *current_key_usage,
335 : uint32_t *asym_algo_capabilities,
336 : uint32_t *current_asym_algo,
337 : uint32_t *pqc_asym_algo_capabilities,
338 : uint32_t *current_pqc_asym_algo,
339 : uint8_t *assoc_cert_slot_mask,
340 : uint16_t *public_key_info_len,
341 : uint8_t *public_key_info)
342 : {
343 15 : LIBSPDM_DEBUG_CODE (
344 : uint8_t total_key_pairs;
345 : libspdm_data_parameter_t parameter;
346 : size_t data_return_size;
347 : libspdm_return_t status;
348 :
349 : parameter.location = LIBSPDM_DATA_LOCATION_LOCAL;
350 : data_return_size = sizeof(uint8_t);
351 : status = libspdm_get_data(spdm_context, LIBSPDM_DATA_TOTAL_KEY_PAIRS,
352 : ¶meter, &total_key_pairs, &data_return_size);
353 : if (status != LIBSPDM_STATUS_SUCCESS) {
354 : return false;
355 : }
356 :
357 : LIBSPDM_ASSERT(total_key_pairs == libspdm_read_total_key_pairs());
358 : );
359 :
360 : /*check*/
361 15 : if (key_pair_id > libspdm_read_total_key_pairs()) {
362 0 : return false;
363 : }
364 :
365 15 : if (public_key_info_len != NULL) {
366 1 : if (*public_key_info_len < m_key_pair_info[key_pair_id - 1].public_key_info_len) {
367 0 : return false;
368 : }
369 : }
370 :
371 : /*output*/
372 15 : *capabilities = m_key_pair_info[key_pair_id - 1].capabilities;
373 15 : *key_usage_capabilities = m_key_pair_info[key_pair_id - 1].key_usage_capabilities;
374 15 : *current_key_usage = m_key_pair_info[key_pair_id - 1].current_key_usage;
375 15 : *asym_algo_capabilities = m_key_pair_info[key_pair_id - 1].asym_algo_capabilities;
376 15 : *current_asym_algo = m_key_pair_info[key_pair_id - 1].current_asym_algo;
377 15 : if (pqc_asym_algo_capabilities != NULL) {
378 15 : *pqc_asym_algo_capabilities = m_key_pair_info[key_pair_id - 1].pqc_asym_algo_capabilities;
379 : }
380 15 : if (current_pqc_asym_algo != NULL) {
381 15 : *current_pqc_asym_algo = m_key_pair_info[key_pair_id - 1].current_pqc_asym_algo;
382 : }
383 15 : *assoc_cert_slot_mask = m_key_pair_info[key_pair_id - 1].assoc_cert_slot_mask;
384 :
385 15 : if (public_key_info_len != NULL) {
386 1 : *public_key_info_len = m_key_pair_info[key_pair_id - 1].public_key_info_len;
387 1 : if (public_key_info != NULL) {
388 1 : libspdm_copy_mem(public_key_info, *public_key_info_len,
389 1 : m_key_pair_info[key_pair_id - 1].public_key_info, *public_key_info_len);
390 : }
391 : }
392 :
393 15 : return true;
394 : }
395 : #endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */
396 :
397 : #if LIBSPDM_ENABLE_CAPABILITY_SET_KEY_PAIR_INFO_CAP
398 :
399 : typedef struct
400 : {
401 : uint8_t key_pair_id;
402 : uint8_t operation;
403 : uint16_t desired_key_usage;
404 : uint32_t desired_asym_algo;
405 : uint32_t desired_pqc_asym_algo;
406 : uint8_t desired_assoc_cert_slot_mask;
407 : } libspdm_cached_key_pair_info_data_t;
408 :
409 :
410 8 : bool libspdm_read_cached_last_set_key_pair_info_request(uint8_t **last_set_key_pair_info_request,
411 : size_t *last_set_key_pair_info_request_len)
412 : {
413 : bool res;
414 8 : char file[] = "cached_last_set_key_pair_info_request";
415 :
416 8 : res = libspdm_read_input_file(file, (void **)last_set_key_pair_info_request,
417 : last_set_key_pair_info_request_len);
418 :
419 8 : return res;
420 : }
421 :
422 5 : bool libspdm_cache_last_set_key_pair_info_request(const uint8_t *last_set_key_pair_info_request,
423 : size_t last_set_key_pair_info_request_len)
424 : {
425 : bool res;
426 5 : char file[] = "cached_last_set_key_pair_info_request";
427 :
428 5 : res = libspdm_write_output_file(file, last_set_key_pair_info_request,
429 : last_set_key_pair_info_request_len);
430 :
431 5 : return res;
432 : }
433 :
434 11 : bool libspdm_write_key_pair_info(
435 : void *spdm_context,
436 : uint8_t key_pair_id,
437 : uint8_t operation,
438 : uint16_t desired_key_usage,
439 : uint32_t desired_asym_algo,
440 : uint32_t desired_pqc_asym_algo,
441 : uint8_t desired_assoc_cert_slot_mask,
442 : bool *need_reset)
443 : {
444 : bool result;
445 : libspdm_cached_key_pair_info_data_t *cached_key_pair_info;
446 : libspdm_cached_key_pair_info_data_t current_key_pair_info;
447 : size_t cached_key_pair_info_len;
448 :
449 11 : LIBSPDM_DEBUG_CODE (
450 : uint8_t total_key_pairs;
451 : libspdm_data_parameter_t parameter;
452 : size_t data_return_size;
453 : libspdm_return_t status;
454 :
455 : parameter.location = LIBSPDM_DATA_LOCATION_LOCAL;
456 : data_return_size = sizeof(uint8_t);
457 : status = libspdm_get_data(spdm_context, LIBSPDM_DATA_TOTAL_KEY_PAIRS,
458 : ¶meter, &total_key_pairs, &data_return_size);
459 : if (status != LIBSPDM_STATUS_SUCCESS) {
460 : return false;
461 : }
462 :
463 : LIBSPDM_ASSERT(total_key_pairs == libspdm_read_total_key_pairs());
464 : );
465 :
466 : /*check*/
467 11 : if (key_pair_id > libspdm_read_total_key_pairs()) {
468 0 : return false;
469 : }
470 :
471 11 : cached_key_pair_info_len = 0;
472 11 : if (*need_reset) {
473 8 : result = libspdm_read_cached_last_set_key_pair_info_request(
474 : (uint8_t **)&cached_key_pair_info,
475 : &cached_key_pair_info_len);
476 :
477 8 : if ((result) &&
478 7 : (cached_key_pair_info_len == sizeof(libspdm_cached_key_pair_info_data_t)) &&
479 7 : (cached_key_pair_info->operation == operation) &&
480 5 : (cached_key_pair_info->key_pair_id == key_pair_id) &&
481 4 : (cached_key_pair_info->desired_key_usage == desired_key_usage) &&
482 3 : (cached_key_pair_info->desired_asym_algo == desired_asym_algo) &&
483 3 : (cached_key_pair_info->desired_assoc_cert_slot_mask == desired_assoc_cert_slot_mask)) {
484 3 : if (operation == SPDM_SET_KEY_PAIR_INFO_ERASE_OPERATION) {
485 1 : m_key_pair_info[key_pair_id - 1].current_key_usage = 0;
486 1 : m_key_pair_info[key_pair_id - 1].current_asym_algo = 0;
487 1 : m_key_pair_info[key_pair_id - 1].current_pqc_asym_algo = 0;
488 1 : m_key_pair_info[key_pair_id - 1].assoc_cert_slot_mask = 0;
489 2 : } else if (operation == SPDM_SET_KEY_PAIR_INFO_GENERATE_OPERATION) {
490 0 : m_key_pair_info[key_pair_id - 1].current_key_usage = desired_key_usage;
491 0 : m_key_pair_info[key_pair_id - 1].current_asym_algo = desired_asym_algo;
492 0 : m_key_pair_info[key_pair_id - 1].current_pqc_asym_algo = desired_pqc_asym_algo;
493 0 : m_key_pair_info[key_pair_id - 1].assoc_cert_slot_mask =
494 : desired_assoc_cert_slot_mask;
495 2 : } else if (operation == SPDM_SET_KEY_PAIR_INFO_CHANGE_OPERATION) {
496 2 : if (desired_key_usage != 0) {
497 1 : m_key_pair_info[key_pair_id - 1].current_key_usage = desired_key_usage;
498 : }
499 2 : if (desired_asym_algo != 0) {
500 1 : m_key_pair_info[key_pair_id - 1].current_asym_algo = desired_asym_algo;
501 : }
502 2 : if (desired_pqc_asym_algo != 0) {
503 0 : m_key_pair_info[key_pair_id - 1].current_pqc_asym_algo = desired_pqc_asym_algo;
504 : }
505 2 : m_key_pair_info[key_pair_id - 1].assoc_cert_slot_mask =
506 : desired_assoc_cert_slot_mask;
507 : } else {
508 0 : return false;
509 : }
510 :
511 : /*device don't need reset this time*/
512 3 : *need_reset = false;
513 3 : free(cached_key_pair_info);
514 3 : return true;
515 : } else {
516 5 : if (cached_key_pair_info != NULL) {
517 4 : free(cached_key_pair_info);
518 : }
519 :
520 5 : current_key_pair_info.operation = operation;
521 5 : current_key_pair_info.key_pair_id = key_pair_id;
522 5 : current_key_pair_info.desired_key_usage = desired_key_usage;
523 5 : current_key_pair_info.desired_asym_algo = desired_asym_algo;
524 5 : current_key_pair_info.desired_pqc_asym_algo = desired_pqc_asym_algo;
525 5 : current_key_pair_info.desired_assoc_cert_slot_mask = desired_assoc_cert_slot_mask;
526 : /*device need reset this time: cache the last_set_key_pair_info_request */
527 5 : result = libspdm_cache_last_set_key_pair_info_request(
528 : (const uint8_t *)¤t_key_pair_info,
529 : sizeof(libspdm_cached_key_pair_info_data_t));
530 5 : if (!result) {
531 0 : return result;
532 : }
533 :
534 : /*device need reset this time*/
535 5 : *need_reset = true;
536 5 : return true;
537 : }
538 : } else {
539 3 : if (operation == SPDM_SET_KEY_PAIR_INFO_ERASE_OPERATION) {
540 1 : m_key_pair_info[key_pair_id - 1].current_key_usage = 0;
541 1 : m_key_pair_info[key_pair_id - 1].current_asym_algo = 0;
542 1 : m_key_pair_info[key_pair_id - 1].current_pqc_asym_algo = 0;
543 1 : m_key_pair_info[key_pair_id - 1].assoc_cert_slot_mask = 0;
544 2 : } else if (operation == SPDM_SET_KEY_PAIR_INFO_GENERATE_OPERATION) {
545 0 : m_key_pair_info[key_pair_id - 1].current_key_usage = desired_key_usage;
546 0 : m_key_pair_info[key_pair_id - 1].current_asym_algo = desired_asym_algo;
547 0 : m_key_pair_info[key_pair_id - 1].current_pqc_asym_algo = desired_pqc_asym_algo;
548 0 : m_key_pair_info[key_pair_id - 1].assoc_cert_slot_mask = desired_assoc_cert_slot_mask;
549 2 : } else if (operation == SPDM_SET_KEY_PAIR_INFO_CHANGE_OPERATION) {
550 2 : if (desired_key_usage != 0) {
551 1 : m_key_pair_info[key_pair_id - 1].current_key_usage = desired_key_usage;
552 : }
553 2 : if (desired_asym_algo != 0) {
554 1 : m_key_pair_info[key_pair_id - 1].current_asym_algo = desired_asym_algo;
555 : }
556 2 : if (desired_pqc_asym_algo != 0) {
557 0 : m_key_pair_info[key_pair_id - 1].current_pqc_asym_algo = desired_pqc_asym_algo;
558 : }
559 2 : m_key_pair_info[key_pair_id - 1].assoc_cert_slot_mask = desired_assoc_cert_slot_mask;
560 : } else {
561 0 : return false;
562 : }
563 :
564 3 : return true;
565 : }
566 : }
567 : #endif /* #if LIBSPDM_ENABLE_CAPABILITY_SET_KEY_PAIR_INFO_CAP */
|