Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2024-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include <stdarg.h>
8 : #include <stddef.h>
9 : #include <setjmp.h>
10 : #include <stdint.h>
11 : #include <stdlib.h>
12 : #include <stdio.h>
13 : #include <assert.h>
14 : #include <string.h>
15 :
16 : #include <base.h>
17 : #include "library/memlib.h"
18 : #include "spdm_device_secret_lib_internal.h"
19 : #include "internal/libspdm_common_lib.h"
20 :
21 : #if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
22 :
23 : #define LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK SPDM_KEY_PAIR_ASYM_ALGO_CAP_MASK
24 :
25 : #define LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK ( \
26 : SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_ML_DSA_44 | \
27 : SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_ML_DSA_65 | \
28 : SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_ML_DSA_87)
29 :
30 : typedef struct {
31 : uint16_t capabilities;
32 : uint16_t key_usage_capabilities;
33 : uint16_t current_key_usage;
34 : uint32_t asym_algo_capabilities;
35 : uint32_t current_asym_algo;
36 : uint32_t pqc_asym_algo_capabilities;
37 : uint32_t current_pqc_asym_algo;
38 : uint16_t public_key_info_len;
39 : uint8_t assoc_cert_slot_mask;
40 : uint8_t public_key_info[SPDM_MAX_PUBLIC_KEY_INFO_LEN];
41 : } libspdm_key_pair_info_t;
42 :
43 : #define LIBSPDM_MAX_KEY_PAIR_COUNT (9 + 3)
44 :
45 : libspdm_key_pair_info_t m_key_pair_info[LIBSPDM_MAX_KEY_PAIR_COUNT];
46 :
47 : uint8_t m_total_key_pair_count = 0;
48 :
49 1 : void libspdm_init_key_pair_info() {
50 : #if (LIBSPDM_RSA_SSA_SUPPORT || LIBSPDM_RSA_PSS_SUPPORT)
51 1 : uint8_t public_key_info_rsa[] = {0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
52 : 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00};
53 : #endif
54 : #if LIBSPDM_ECDSA_P256_SUPPORT
55 1 : uint8_t public_key_info_ecp256[] = {0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
56 : 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
57 : 0x03, 0x01, 0x07};
58 : #endif
59 : #if LIBSPDM_ECDSA_P384_SUPPORT
60 1 : uint8_t public_key_info_ecp384[] = {0x30, 0x10, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
61 : 0x02, 0x01, 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22};
62 : #endif
63 : #if LIBSPDM_ECDSA_P521_SUPPORT
64 1 : uint8_t public_key_info_ecp521[] = {0x30, 0x10, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
65 : 0x02, 0x01, 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23};
66 : #endif
67 : #if LIBSPDM_SM2_DSA_P256_SUPPORT
68 : uint8_t public_key_info_sm2[] = {0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
69 : 0x02, 0x01, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55,
70 : 0x01, 0x82, 0x2D};
71 : #endif
72 : #if LIBSPDM_EDDSA_ED25519_SUPPORT
73 : uint8_t public_key_info_ed25519[] = {0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70};
74 : #endif
75 : #if LIBSPDM_EDDSA_ED448_SUPPORT
76 : uint8_t public_key_info_ed448[] = {0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x71};
77 : #endif
78 : #if LIBSPDM_ML_DSA_44_SUPPORT
79 : uint8_t public_key_info_mldsa44[] = {0x30, 0x0A, 0x06, 0x09,
80 : /* 2.16.840.1.101.3.4.3.17 */
81 : 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x11};
82 : #endif
83 : #if LIBSPDM_ML_DSA_65_SUPPORT
84 : uint8_t public_key_info_mldsa65[] = {0x30, 0x0A, 0x06, 0x09,
85 : /* 2.16.840.1.101.3.4.3.18 */
86 : 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x12};
87 : #endif
88 : #if LIBSPDM_ML_DSA_87_SUPPORT
89 : uint8_t public_key_info_mldsa87[] = {0x30, 0x0A, 0x06, 0x09,
90 : /* 2.16.840.1.101.3.4.3.19 */
91 : 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x13};
92 : #endif
93 1 : uint8_t index = 0;
94 : /*provisioned key pair info*/
95 :
96 : #if (LIBSPDM_RSA_SSA_2048_SUPPORT || LIBSPDM_RSA_PSS_2048_SUPPORT)
97 : /*key_pair_id 1*/
98 1 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
99 1 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
100 1 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
101 1 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
102 1 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
103 1 : m_key_pair_info[index].assoc_cert_slot_mask = 0x01;
104 1 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
105 1 : m_key_pair_info[index].current_pqc_asym_algo = 0;
106 1 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_rsa);
107 1 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
108 1 : m_key_pair_info[index].public_key_info_len,
109 1 : public_key_info_rsa, m_key_pair_info[index].public_key_info_len);
110 1 : index++;
111 : #endif
112 :
113 : #if (LIBSPDM_RSA_SSA_3072_SUPPORT || LIBSPDM_RSA_PSS_3072_SUPPORT)
114 : /*key_pair_id 2*/
115 1 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
116 1 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
117 1 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
118 1 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
119 1 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
120 1 : m_key_pair_info[index].assoc_cert_slot_mask = 0x02;
121 1 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA3072;
122 1 : m_key_pair_info[index].current_pqc_asym_algo = 0;
123 1 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_rsa);
124 1 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
125 1 : m_key_pair_info[index].public_key_info_len,
126 1 : public_key_info_rsa, m_key_pair_info[index].public_key_info_len);
127 1 : index++;
128 : #endif
129 :
130 : #if (LIBSPDM_RSA_SSA_4096_SUPPORT || LIBSPDM_RSA_PSS_4096_SUPPORT)
131 : /*key_pair_id 3*/
132 1 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
133 1 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
134 1 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
135 1 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
136 1 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
137 1 : m_key_pair_info[index].assoc_cert_slot_mask = 0x04;
138 1 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA4096;
139 1 : m_key_pair_info[index].current_pqc_asym_algo = 0;
140 1 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_rsa);
141 1 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
142 1 : m_key_pair_info[index].public_key_info_len,
143 1 : public_key_info_rsa, m_key_pair_info[index].public_key_info_len);
144 1 : index++;
145 : #endif
146 :
147 : #if LIBSPDM_ECDSA_P256_SUPPORT
148 : /*key_pair_id 4*/
149 1 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
150 1 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
151 1 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
152 1 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
153 1 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
154 1 : m_key_pair_info[index].assoc_cert_slot_mask = 0x08;
155 1 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC256;
156 1 : m_key_pair_info[index].current_pqc_asym_algo = 0;
157 1 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_ecp256);
158 1 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
159 1 : m_key_pair_info[index].public_key_info_len,
160 1 : public_key_info_ecp256, m_key_pair_info[index].public_key_info_len);
161 1 : index++;
162 : #endif
163 :
164 : #if LIBSPDM_ECDSA_P384_SUPPORT
165 : /*key_pair_id 5*/
166 1 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
167 1 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
168 1 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
169 1 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
170 1 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
171 1 : m_key_pair_info[index].assoc_cert_slot_mask = 0x10;
172 1 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC384;
173 1 : m_key_pair_info[index].current_pqc_asym_algo = 0;
174 1 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_ecp384);
175 1 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
176 1 : m_key_pair_info[index].public_key_info_len,
177 1 : public_key_info_ecp384, m_key_pair_info[index].public_key_info_len);
178 1 : index++;
179 : #endif
180 :
181 : #if LIBSPDM_ECDSA_P521_SUPPORT
182 : /*key_pair_id 6*/
183 1 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
184 1 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
185 1 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
186 1 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
187 1 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
188 1 : m_key_pair_info[index].assoc_cert_slot_mask = 0x20;
189 1 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_ECC521;
190 1 : m_key_pair_info[index].current_pqc_asym_algo = 0;
191 1 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_ecp521);
192 1 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
193 1 : m_key_pair_info[index].public_key_info_len,
194 1 : public_key_info_ecp521, m_key_pair_info[index].public_key_info_len);
195 1 : index++;
196 : #endif
197 :
198 : #if LIBSPDM_SM2_DSA_P256_SUPPORT
199 : /*key_pair_id 7*/
200 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
201 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
202 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
203 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
204 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
205 : m_key_pair_info[index].assoc_cert_slot_mask = 0x40;
206 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_SM2;
207 : m_key_pair_info[index].current_pqc_asym_algo = 0;
208 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_sm2);
209 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
210 : m_key_pair_info[index].public_key_info_len,
211 : public_key_info_sm2, m_key_pair_info[index].public_key_info_len);
212 : index++;
213 : #endif
214 :
215 : #if LIBSPDM_EDDSA_ED25519_SUPPORT
216 : /*key_pair_id 8*/
217 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
218 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
219 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
220 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
221 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
222 : m_key_pair_info[index].assoc_cert_slot_mask = 0x80;
223 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED25519;
224 : m_key_pair_info[index].current_pqc_asym_algo = 0;
225 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_ed25519);
226 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
227 : m_key_pair_info[index].public_key_info_len,
228 : public_key_info_ed25519, m_key_pair_info[index].public_key_info_len);
229 : index++;
230 : #endif
231 :
232 : #if LIBSPDM_EDDSA_ED448_SUPPORT
233 : /*key_pair_id 9*/
234 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
235 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
236 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
237 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
238 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
239 : m_key_pair_info[index].assoc_cert_slot_mask = 0x00;
240 : m_key_pair_info[index].current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED448;
241 : m_key_pair_info[index].current_pqc_asym_algo = 0;
242 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_ed448);
243 : libspdm_copy_mem(m_key_pair_info[index].public_key_info,
244 : m_key_pair_info[index].public_key_info_len,
245 : public_key_info_ed448, m_key_pair_info[index].public_key_info_len);
246 : index++;
247 : #endif
248 :
249 : #if LIBSPDM_ML_DSA_44_SUPPORT
250 : /*key_pair_id 10 (PQC)*/
251 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
252 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
253 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
254 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
255 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
256 : m_key_pair_info[index].assoc_cert_slot_mask = 0x00;
257 : m_key_pair_info[index].current_asym_algo = 0;
258 : m_key_pair_info[index].current_pqc_asym_algo = SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_ML_DSA_44;
259 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_mldsa44);
260 : libspdm_copy_mem(m_key_pair_info[index].public_key_info, m_key_pair_info[index].public_key_info_len,
261 : public_key_info_mldsa44, sizeof(public_key_info_mldsa44));
262 : index++;
263 : #endif
264 :
265 : #if LIBSPDM_ML_DSA_65_SUPPORT
266 : /*key_pair_id 11 (PQC)*/
267 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
268 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
269 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
270 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
271 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
272 : m_key_pair_info[index].assoc_cert_slot_mask = 0x00;
273 : m_key_pair_info[index].current_asym_algo = 0;
274 : m_key_pair_info[index].current_pqc_asym_algo = SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_ML_DSA_65;
275 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_mldsa65);
276 : libspdm_copy_mem(m_key_pair_info[index].public_key_info, m_key_pair_info[index].public_key_info_len,
277 : public_key_info_mldsa65, sizeof(public_key_info_mldsa65));
278 : index++;
279 : #endif
280 :
281 : #if LIBSPDM_ML_DSA_87_SUPPORT
282 : /*key_pair_id 12 (PQC)*/
283 : m_key_pair_info[index].capabilities = SPDM_KEY_PAIR_CAP_MASK;
284 : m_key_pair_info[index].key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
285 : m_key_pair_info[index].current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
286 : m_key_pair_info[index].asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_ASYM_ALGO_CAP_MASK;
287 : m_key_pair_info[index].pqc_asym_algo_capabilities = LIBSPDM_SUPPORTED_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
288 : m_key_pair_info[index].assoc_cert_slot_mask = 0x00;
289 : m_key_pair_info[index].current_asym_algo = 0;
290 : m_key_pair_info[index].current_pqc_asym_algo = SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_ML_DSA_87;
291 : m_key_pair_info[index].public_key_info_len = (uint16_t)sizeof(public_key_info_mldsa87);
292 : libspdm_copy_mem(m_key_pair_info[index].public_key_info, m_key_pair_info[index].public_key_info_len,
293 : public_key_info_mldsa87, sizeof(public_key_info_mldsa87));
294 : index++;
295 : #endif
296 :
297 1 : m_total_key_pair_count = index;
298 1 : }
299 :
300 45 : uint8_t libspdm_read_total_key_pairs (void *spdm_context)
301 : {
302 45 : if (m_total_key_pair_count == 0) {
303 1 : libspdm_init_key_pair_info();
304 : }
305 45 : return m_total_key_pair_count;
306 : }
307 :
308 : /**
309 : * read the key pair info of the key_pair_id.
310 : *
311 : * @param spdm_context A pointer to the SPDM context.
312 : * @param key_pair_id Indicate which key pair ID's information to retrieve.
313 : *
314 : * @param capabilities Indicate the capabilities of the requested key pairs.
315 : * @param key_usage_capabilities Indicate the key usages the responder allows.
316 : * @param current_key_usage Indicate the currently configured key usage for the requested key pairs ID.
317 : * @param asym_algo_capabilities Indicate the asymmetric algorithms the Responder supports for this key pair ID.
318 : * @param current_asym_algo Indicate the currently configured asymmetric algorithm for this key pair ID.
319 : * @param assoc_cert_slot_mask This field is a bit mask representing the currently associated certificate slots.
320 : * @param public_key_info_len On input, indicate the size in bytes of the destination buffer to store.
321 : * On output, indicate the size in bytes of the public_key_info.
322 : * It can be NULL, if public_key_info is not required.
323 : * @param public_key_info A pointer to a destination buffer to store the public_key_info.
324 : * It can be NULL, if public_key_info is not required.
325 : *
326 : * @retval true get key pair info successfully.
327 : * @retval false get key pair info failed.
328 : **/
329 15 : bool libspdm_read_key_pair_info(
330 : void *spdm_context,
331 : uint8_t key_pair_id,
332 : uint16_t *capabilities,
333 : uint16_t *key_usage_capabilities,
334 : uint16_t *current_key_usage,
335 : uint32_t *asym_algo_capabilities,
336 : uint32_t *current_asym_algo,
337 : uint32_t *pqc_asym_algo_capabilities,
338 : uint32_t *current_pqc_asym_algo,
339 : uint8_t *assoc_cert_slot_mask,
340 : uint16_t *public_key_info_len,
341 : uint8_t *public_key_info)
342 : {
343 : /*check*/
344 15 : if (key_pair_id > libspdm_read_total_key_pairs(spdm_context)) {
345 0 : return false;
346 : }
347 :
348 15 : if (public_key_info_len != NULL) {
349 1 : if (*public_key_info_len < m_key_pair_info[key_pair_id - 1].public_key_info_len) {
350 0 : return false;
351 : }
352 : }
353 :
354 : /*output*/
355 15 : *capabilities = m_key_pair_info[key_pair_id - 1].capabilities;
356 15 : *key_usage_capabilities = m_key_pair_info[key_pair_id - 1].key_usage_capabilities;
357 15 : *current_key_usage = m_key_pair_info[key_pair_id - 1].current_key_usage;
358 15 : *asym_algo_capabilities = m_key_pair_info[key_pair_id - 1].asym_algo_capabilities;
359 15 : *current_asym_algo = m_key_pair_info[key_pair_id - 1].current_asym_algo;
360 15 : if (pqc_asym_algo_capabilities != NULL) {
361 15 : *pqc_asym_algo_capabilities = m_key_pair_info[key_pair_id - 1].pqc_asym_algo_capabilities;
362 : }
363 15 : if (current_pqc_asym_algo != NULL) {
364 15 : *current_pqc_asym_algo = m_key_pair_info[key_pair_id - 1].current_pqc_asym_algo;
365 : }
366 15 : *assoc_cert_slot_mask = m_key_pair_info[key_pair_id - 1].assoc_cert_slot_mask;
367 :
368 15 : if (public_key_info_len != NULL) {
369 1 : *public_key_info_len = m_key_pair_info[key_pair_id - 1].public_key_info_len;
370 1 : if (public_key_info != NULL) {
371 1 : libspdm_copy_mem(public_key_info, *public_key_info_len,
372 1 : m_key_pair_info[key_pair_id - 1].public_key_info, *public_key_info_len);
373 : }
374 : }
375 :
376 15 : return true;
377 : }
378 : #endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */
379 :
380 : #if LIBSPDM_ENABLE_CAPABILITY_SET_KEY_PAIR_INFO_CAP
381 :
382 : typedef struct
383 : {
384 : uint8_t key_pair_id;
385 : uint8_t operation;
386 : uint16_t desired_key_usage;
387 : uint32_t desired_asym_algo;
388 : uint32_t desired_pqc_asym_algo;
389 : uint8_t desired_assoc_cert_slot_mask;
390 : } libspdm_cached_key_pair_info_data_t;
391 :
392 :
393 8 : bool libspdm_read_cached_last_set_key_pair_info_request(uint8_t **last_set_key_pair_info_request,
394 : size_t *last_set_key_pair_info_request_len)
395 : {
396 : bool res;
397 8 : char file[] = "cached_last_set_key_pair_info_request";
398 :
399 8 : res = libspdm_read_input_file(file, (void **)last_set_key_pair_info_request,
400 : last_set_key_pair_info_request_len);
401 :
402 8 : return res;
403 : }
404 :
405 5 : bool libspdm_cache_last_set_key_pair_info_request(const uint8_t *last_set_key_pair_info_request,
406 : size_t last_set_key_pair_info_request_len)
407 : {
408 : bool res;
409 5 : char file[] = "cached_last_set_key_pair_info_request";
410 :
411 5 : res = libspdm_write_output_file(file, last_set_key_pair_info_request,
412 : last_set_key_pair_info_request_len);
413 :
414 5 : return res;
415 : }
416 :
417 11 : bool libspdm_write_key_pair_info(
418 : void *spdm_context,
419 : uint8_t key_pair_id,
420 : uint8_t operation,
421 : uint16_t desired_key_usage,
422 : uint32_t desired_asym_algo,
423 : uint32_t desired_pqc_asym_algo,
424 : uint8_t desired_assoc_cert_slot_mask,
425 : bool *need_reset)
426 : {
427 : bool result;
428 : libspdm_cached_key_pair_info_data_t *cached_key_pair_info;
429 : libspdm_cached_key_pair_info_data_t current_key_pair_info;
430 : size_t cached_key_pair_info_len;
431 :
432 : /*check*/
433 11 : if (key_pair_id > libspdm_read_total_key_pairs(spdm_context)) {
434 0 : return false;
435 : }
436 :
437 11 : cached_key_pair_info_len = 0;
438 11 : if (*need_reset) {
439 8 : result = libspdm_read_cached_last_set_key_pair_info_request(
440 : (uint8_t **)&cached_key_pair_info,
441 : &cached_key_pair_info_len);
442 :
443 8 : if ((result) &&
444 7 : (cached_key_pair_info_len == sizeof(libspdm_cached_key_pair_info_data_t)) &&
445 7 : (cached_key_pair_info->operation == operation) &&
446 5 : (cached_key_pair_info->key_pair_id == key_pair_id) &&
447 3 : (cached_key_pair_info->desired_key_usage == desired_key_usage) &&
448 3 : (cached_key_pair_info->desired_asym_algo == desired_asym_algo) &&
449 3 : (cached_key_pair_info->desired_assoc_cert_slot_mask == desired_assoc_cert_slot_mask)) {
450 3 : if (operation == SPDM_SET_KEY_PAIR_INFO_ERASE_OPERATION) {
451 1 : m_key_pair_info[key_pair_id - 1].current_key_usage = 0;
452 1 : m_key_pair_info[key_pair_id - 1].current_asym_algo = 0;
453 1 : m_key_pair_info[key_pair_id - 1].current_pqc_asym_algo = 0;
454 1 : m_key_pair_info[key_pair_id - 1].assoc_cert_slot_mask = 0;
455 2 : } else if (operation == SPDM_SET_KEY_PAIR_INFO_GENERATE_OPERATION) {
456 0 : m_key_pair_info[key_pair_id - 1].current_key_usage = desired_key_usage;
457 0 : m_key_pair_info[key_pair_id - 1].current_asym_algo = desired_asym_algo;
458 0 : m_key_pair_info[key_pair_id - 1].current_pqc_asym_algo = desired_pqc_asym_algo;
459 0 : m_key_pair_info[key_pair_id - 1].assoc_cert_slot_mask =
460 : desired_assoc_cert_slot_mask;
461 2 : } else if (operation == SPDM_SET_KEY_PAIR_INFO_CHANGE_OPERATION) {
462 2 : if (desired_key_usage != 0) {
463 1 : m_key_pair_info[key_pair_id - 1].current_key_usage = desired_key_usage;
464 : }
465 2 : if (desired_asym_algo != 0) {
466 1 : m_key_pair_info[key_pair_id - 1].current_asym_algo = desired_asym_algo;
467 : }
468 2 : if (desired_pqc_asym_algo != 0) {
469 0 : m_key_pair_info[key_pair_id - 1].current_pqc_asym_algo = desired_pqc_asym_algo;
470 : }
471 2 : m_key_pair_info[key_pair_id - 1].assoc_cert_slot_mask =
472 : desired_assoc_cert_slot_mask;
473 : } else {
474 0 : return false;
475 : }
476 :
477 : /*device don't need reset this time*/
478 3 : *need_reset = false;
479 3 : free(cached_key_pair_info);
480 3 : return true;
481 : } else {
482 5 : if (cached_key_pair_info != NULL) {
483 4 : free(cached_key_pair_info);
484 : }
485 :
486 5 : current_key_pair_info.operation = operation;
487 5 : current_key_pair_info.key_pair_id = key_pair_id;
488 5 : current_key_pair_info.desired_key_usage = desired_key_usage;
489 5 : current_key_pair_info.desired_asym_algo = desired_asym_algo;
490 5 : current_key_pair_info.desired_pqc_asym_algo = desired_pqc_asym_algo;
491 5 : current_key_pair_info.desired_assoc_cert_slot_mask = desired_assoc_cert_slot_mask;
492 : /*device need reset this time: cache the last_set_key_pair_info_request */
493 5 : result = libspdm_cache_last_set_key_pair_info_request(
494 : (const uint8_t *)¤t_key_pair_info,
495 : sizeof(libspdm_cached_key_pair_info_data_t));
496 5 : if (!result) {
497 0 : return result;
498 : }
499 :
500 : /*device need reset this time*/
501 5 : *need_reset = true;
502 5 : return true;
503 : }
504 : } else {
505 3 : if (operation == SPDM_SET_KEY_PAIR_INFO_ERASE_OPERATION) {
506 1 : m_key_pair_info[key_pair_id - 1].current_key_usage = 0;
507 1 : m_key_pair_info[key_pair_id - 1].current_asym_algo = 0;
508 1 : m_key_pair_info[key_pair_id - 1].current_pqc_asym_algo = 0;
509 1 : m_key_pair_info[key_pair_id - 1].assoc_cert_slot_mask = 0;
510 2 : } else if (operation == SPDM_SET_KEY_PAIR_INFO_GENERATE_OPERATION) {
511 0 : m_key_pair_info[key_pair_id - 1].current_key_usage = desired_key_usage;
512 0 : m_key_pair_info[key_pair_id - 1].current_asym_algo = desired_asym_algo;
513 0 : m_key_pair_info[key_pair_id - 1].current_pqc_asym_algo = desired_pqc_asym_algo;
514 0 : m_key_pair_info[key_pair_id - 1].assoc_cert_slot_mask = desired_assoc_cert_slot_mask;
515 2 : } else if (operation == SPDM_SET_KEY_PAIR_INFO_CHANGE_OPERATION) {
516 2 : if (desired_key_usage != 0) {
517 1 : m_key_pair_info[key_pair_id - 1].current_key_usage = desired_key_usage;
518 : }
519 2 : if (desired_asym_algo != 0) {
520 1 : m_key_pair_info[key_pair_id - 1].current_asym_algo = desired_asym_algo;
521 : }
522 2 : if (desired_pqc_asym_algo != 0) {
523 0 : m_key_pair_info[key_pair_id - 1].current_pqc_asym_algo = desired_pqc_asym_algo;
524 : }
525 2 : m_key_pair_info[key_pair_id - 1].assoc_cert_slot_mask = desired_assoc_cert_slot_mask;
526 : } else {
527 0 : return false;
528 : }
529 :
530 3 : return true;
531 : }
532 : }
533 : #endif /* #if LIBSPDM_ENABLE_CAPABILITY_SET_KEY_PAIR_INFO_CAP */
|
