You've already forked spdm-recordflux
mirror of
https://github.com/AdaCore/spdm-recordflux.git
synced 2026-02-12 13:11:44 -08:00
827 lines
32 KiB
C
827 lines
32 KiB
C
#ifndef __SPDM_PLATFORM_INTERFACE__
|
|
#define __SPDM_PLATFORM_INTERFACE__
|
|
|
|
/**
|
|
* @file spdm_platform_interface.h
|
|
*
|
|
* @brief C based example platform implementation.
|
|
*
|
|
* This implementation provides an example on how to implement
|
|
* a platform in C. It binds with the SPDM_C_Responder SPARK/Ada
|
|
* implementation. Note that for pure SPARK/Ada implementation
|
|
* this file is not required.
|
|
*/
|
|
|
|
/**
|
|
* Boolean type to interact with Ada.
|
|
* ```
|
|
* True => 1
|
|
* False => 0
|
|
* ```
|
|
* All other values are undefined behaviour.
|
|
*/
|
|
typedef unsigned char boolean;
|
|
|
|
/**
|
|
* @struct instance
|
|
*
|
|
* Implementation defined.
|
|
*
|
|
* This struct can be defined freely by the implementer to
|
|
* hold any value required by the platform. Memory management
|
|
* for this struct is also the responsibility of the
|
|
* implementer.
|
|
*/
|
|
struct instance;
|
|
|
|
/**
|
|
* Type name definition for struct instance.
|
|
*/
|
|
typedef struct instance instance_t;
|
|
|
|
/**
|
|
* Ensure initialization of *instance.
|
|
*
|
|
* This function is both imlemented and called by the platform code.
|
|
* It is called before the start of the state machine to ensure that
|
|
* *instance is properly initialized.
|
|
* If a platform implementation has a different implementation or
|
|
* different means of initializing *instance this function can be removed.
|
|
* It does not provide any functionality for the state machine itself.
|
|
* When this function is removed, Plat_Initialize in spdm_c_responder.ads
|
|
* needs to be removed, too.
|
|
*
|
|
* @param instance Pointer to instance pointer.
|
|
*/
|
|
void spdm_platform_initialize(instance_t **instance);
|
|
|
|
/**
|
|
* Return CT exponent (DSP0274_1.1.0 [178]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return CT exponent, 8 bit integer.
|
|
*/
|
|
unsigned char spdm_platform_config_ct_exponent(instance_t *instance);
|
|
|
|
/**
|
|
* Indicate whether measurements without restart are supported (DSP0274_1.1.0 [178]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return True if measurements without restart are supported.
|
|
*/
|
|
boolean spdm_platform_config_cap_meas_fresh(instance_t *instance);
|
|
|
|
/**
|
|
* Check which type of measurements are supported (DSP0274_1.1.0 [178]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return 0 if unsupported, 1 for plain measurements, 2 for signed measurements.
|
|
*/
|
|
unsigned char spdm_platform_config_cap_meas(instance_t *instance);
|
|
|
|
/**
|
|
* Indicate whether challenge authentication is supported (DSP0274_1.1.0 [178]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return True if challenge authentication is supported.
|
|
*/
|
|
boolean spdm_platform_config_cap_chal(instance_t *instance);
|
|
|
|
/**
|
|
* Indicate whether digests and certificate responses are supported (DSP0274_1.1.0 [178]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return True if digests and certificate responses are supported.
|
|
*/
|
|
boolean spdm_platform_config_cap_cert(instance_t *instance);
|
|
|
|
/**
|
|
* Indicate whether responder is able to cache the negotiated state after reset (DSP0274_1.1.0 [178]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return True if caching is supported.
|
|
*/
|
|
boolean spdm_platform_config_cap_cache(instance_t *instance);
|
|
|
|
/**
|
|
* Indicate whether key update is supported (DSP0274_1.1.0 [178]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return True if key update is supported.
|
|
*/
|
|
boolean spdm_platform_config_cap_key_upd(instance_t *instance);
|
|
|
|
/**
|
|
* Indicate whether heartbeat messages are supported (DSP0274_1.1.0 [178]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return True if heartbeat messages are supported.
|
|
*/
|
|
boolean spdm_platform_config_cap_hbeat(instance_t *instance);
|
|
|
|
/**
|
|
* Indicate whether encapsulated messages are supported (DSP0274_1.1.0 [178]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return True if encapsulated messages are supported.
|
|
*/
|
|
boolean spdm_platform_config_cap_encap(instance_t *instance);
|
|
|
|
/**
|
|
* Indicate whether mutual authentication is supported (DSP0274_1.1.0 [178]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return True if mutual authentication is supported.
|
|
*/
|
|
boolean spdm_platform_config_cap_mut_auth(instance_t *instance);
|
|
|
|
/**
|
|
* Indicate whether the public key of the responder was provisioned to the requester (DSP0274_1.1.0 [178]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return True if the public key was provisioned.
|
|
*/
|
|
boolean spdm_platform_config_cap_pub_key_id(instance_t *instance);
|
|
#ifdef FEATURE_KEY_EXCHANGE
|
|
|
|
/**
|
|
* Indicate whether message authentication is supported (DSP0274_1.1.0 [178]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return True if message authentication is supported.
|
|
*/
|
|
boolean spdm_platform_config_cap_mac(instance_t *instance);
|
|
|
|
/**
|
|
* Indicate whether message encryption is supported (DSP0274_1.1.0 [178]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return True if message encryption is supported.
|
|
*/
|
|
boolean spdm_platform_config_cap_encrypt(instance_t *instance);
|
|
|
|
/**
|
|
* Indicate whether pre-shared keys are supported (DSP0274_1.1.0 [178]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return True if pre-shared keys are supported.
|
|
*/
|
|
boolean spdm_platform_config_cap_psk(instance_t *instance);
|
|
|
|
/**
|
|
* Indicate whether key exchange is supported (DSP0274_1.1.0 [178]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return True if key exchange is supported.
|
|
*/
|
|
boolean spdm_platform_config_cap_key_ex(instance_t *instance);
|
|
|
|
/**
|
|
* Indicate whether handshake without encryption or authentication is supported (DSP0274_1.1.0 [178]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return True if handshake in the clear is supported.
|
|
*/
|
|
boolean spdm_platform_config_cap_handshake_in_the_clear(instance_t *instance);
|
|
#endif
|
|
|
|
/**
|
|
* Select measurement hash algorithm (DSP0274_1.1.0 [185]).
|
|
*
|
|
* The arguments describe the hash algorithms supported by the requester.
|
|
* This function must select one of the provided algorithms or return 0.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param tpm_alg_sha_256 SHA-256 supported and requested.
|
|
* @param tpm_alg_sha_384 SHA-384 supported and requested.
|
|
* @param tpm_alg_sha_512 SHA-512 supported and requested.
|
|
* @param tpm_alg_sha3_256 SHA3-256 supported and requested.
|
|
* @param tpm_alg_sha3_384 SHA3-384 supported and requested.
|
|
* @param tpm_alg_sha3_512 SHA3-512 supported and requested.
|
|
* @param raw_bit_streams_only Raw bit streams supported and requested.
|
|
* @return Enum with the following values:
|
|
* ```
|
|
* not supported => 0
|
|
* raw_bit_streams_only => 1
|
|
* tpm_alg_sha_256 => 2
|
|
* tpm_alg_sha_384 => 4
|
|
* tpm_alg_sha_512 => 8
|
|
* tpm_alg_sha3_256 => 16
|
|
* tpm_alg_sha3_384 => 32
|
|
* tpm_alg_sha3_512 => 64
|
|
*```
|
|
*/
|
|
unsigned char spdm_platform_select_measurement_hash_algo(instance_t *instance,
|
|
boolean tpm_alg_sha_256,
|
|
boolean tpm_alg_sha_384,
|
|
boolean tpm_alg_sha_512,
|
|
boolean tpm_alg_sha3_256,
|
|
boolean tpm_alg_sha3_384,
|
|
boolean tpm_alg_sha3_512,
|
|
boolean raw_bit_streams_only);
|
|
|
|
/**
|
|
* Select base asymmetric algorithm (DSP0274_1.1.0 [185]).
|
|
*
|
|
* The arguments describe the signature algorithms supported by the requester.
|
|
* This function must select one of the provided algorithms or return 0.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param tpm_alg_ecdsa_ecc_nist_p384 ECDSA-ECC-384 supported and requested.
|
|
* @param tpm_alg_rsapss_4096 RSAPSS-4096 supported and requested.
|
|
* @param tpm_alg_rsassa_4096 RSASSA-4096 supported and requested.
|
|
* @param tpm_alg_ecdsa_ecc_nist_p256 ECDSA-ECC-256 supported and requested.
|
|
* @param tpm_alg_rsapss_3072 RSAPSS-3072 supported and requested.
|
|
* @param tpm_alg_rsassa_3072 RSASSA-3072 supported and requested.
|
|
* @param tpm_alg_rsapss_2048 RSAPSS-2048 supported and requested.
|
|
* @param tpm_alg_rsassa_2048 RSASSA-2048 supported and requested.
|
|
* @param tpm_alg_ecdsa_ecc_nist_p521 ECDSA-ECC-521 supported and requested.
|
|
* @return Enum with the following values:
|
|
* ```
|
|
* not supported => 0
|
|
* tpm_alg_rsassa_2048 => 1
|
|
* tpm_alg_rsapss_2048 => 2
|
|
* tpm_alg_rsassa_3072 => 4
|
|
* tpm_alg_rsapss_3072 => 8
|
|
* tpm_alg_ecdsa_ecc_nist_p256 => 16
|
|
* tpm_alg_rsassa_4096 => 32
|
|
* tpm_alg_rsapss_4096 => 64
|
|
* tpm_alg_ecdsa_ecc_nist_p384 => 128
|
|
* tpm_alg_ecdsa_ecc_nist_p521 => 256
|
|
* ```
|
|
*/
|
|
long spdm_platform_select_base_asym_algo(instance_t *instance,
|
|
boolean tpm_alg_ecdsa_ecc_nist_p384,
|
|
boolean tpm_alg_rsapss_4096,
|
|
boolean tpm_alg_rsassa_4096,
|
|
boolean tpm_alg_ecdsa_ecc_nist_p256,
|
|
boolean tpm_alg_rsapss_3072,
|
|
boolean tpm_alg_rsassa_3072,
|
|
boolean tpm_alg_rsapss_2048,
|
|
boolean tpm_alg_rsassa_2048,
|
|
boolean tpm_alg_ecdsa_ecc_nist_p521);
|
|
|
|
/**
|
|
* Select base hash algorithm (DSP0274_1.1.0 [185]).
|
|
*
|
|
* The arguments describe the hash algorithms supported by the requester.
|
|
* This function must select one of the provided algorithms or return 0.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param tpm_alg_sha_256 SHA-256 supported and requested.
|
|
* @param tpm_alg_sha_384 SHA-384 supported and requested.
|
|
* @param tpm_alg_sha_512 SHA-512 supported and requested.
|
|
* @param tpm_alg_sha3_256 SHA3-256 supported and requested.
|
|
* @param tpm_alg_sha3_384 SHA3-384 supported and requested.
|
|
* @param tpm_alg_sha3_512 SHA3-512 supported and requested.
|
|
* @return Enum with the following values:
|
|
* ```
|
|
* not supported => 0
|
|
* tpm_alg_sha_256 => 1
|
|
* tpm_alg_sha_384 => 2
|
|
* tpm_alg_sha_512 => 4
|
|
* tpm_alg_sha3_256 => 8
|
|
* tpm_alg_sha3_384 => 16
|
|
* tpm_alg_sha3_512 => 32
|
|
* ```
|
|
*/
|
|
unsigned char spdm_platform_select_base_hash_algo(instance_t *instance,
|
|
boolean tpm_alg_sha_256,
|
|
boolean tpm_alg_sha_384,
|
|
boolean tpm_alg_sha_512,
|
|
boolean tpm_alg_sha3_256,
|
|
boolean tpm_alg_sha3_384,
|
|
boolean tpm_alg_sha3_512);
|
|
#ifdef FEATURE_KEY_EXCHANGE
|
|
|
|
/**
|
|
* Select the Diffie-Hellman Ephemeral group (DSP0274_1.1.0 [189]).
|
|
*
|
|
* The arguments describe the group supported by the requester.
|
|
* This function must select one of the provided groups or return 0.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param secp521r1 SECP521R1 supported and requested.
|
|
* @param secp384r1 SECP384R1 supported and requested.
|
|
* @param secp256r1 SECP256R1 supported and requested.
|
|
* @param ffdhe4096 FFDHE4092 supported and requested.
|
|
* @param ffdhe3072 FFDHE3072 supported and requested.
|
|
* @param ffdhe2048 FFDHE2048 supported and requested.
|
|
* @return Enum with the following values:
|
|
* ```
|
|
* not supported => 0
|
|
* ffdhe2048 => 1
|
|
* ffdhe3072 => 2
|
|
* ffdhe4096 => 4
|
|
* secp256r1 => 8
|
|
* secp384r1 => 16
|
|
* secp521r1 => 32
|
|
* ```
|
|
*/
|
|
unsigned char spdm_platform_select_dhe(instance_t *instance,
|
|
boolean secp521r1,
|
|
boolean secp384r1,
|
|
boolean secp256r1,
|
|
boolean ffdhe4096,
|
|
boolean ffdhe3072,
|
|
boolean ffdhe2048);
|
|
|
|
/**
|
|
* Select the AEAD algorithm (DSP0274_1.1.0 [190]).
|
|
*
|
|
* The arguments describe the algorithm supported by the requester.
|
|
* This function must select one of the provided algorithms or return 0.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param chacha20_poly1305 CHACHA20-POLY135 supported and requested.
|
|
* @param aes_256_gcm AES-256-GCM supported and requested.
|
|
* @param aes_128_gcm AES-128-GCM supported and requested.
|
|
* @return Enum with the following values:
|
|
* ```
|
|
* not supported => 0
|
|
* aes_128_gcm => 1
|
|
* aes_256_gcm => 2
|
|
* chacha20_poly1305 => 4
|
|
* ```
|
|
*/
|
|
unsigned char spdm_platform_select_aead(instance_t *instance,
|
|
boolean chacha20_poly1305,
|
|
boolean aes_256_gcm,
|
|
boolean aes_128_gcm);
|
|
#endif
|
|
/**
|
|
* Select base asymmetric algorithm (DSP0274_1.1.0 [191]).
|
|
*
|
|
* The arguments describe the key signature algorithms supported by the requester.
|
|
* This function must select one of the provided algorithms or return 0.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param ra_tpm_alg_ecdsa_ecc_nist_p384 ECDSA-ECC-384 supported and requested.
|
|
* @param ra_tpm_alg_rsapss_4096 RSAPSS-4096 supported and requested.
|
|
* @param ra_tpm_alg_rsassa_4096 RSASSA-4096 supported and requested.
|
|
* @param ra_tpm_alg_ecdsa_ecc_nist_p256 ECDSA-ECC-256 supported and requested.
|
|
* @param ra_tpm_alg_rsapss_3072 RSAPSS-3072 supported and requested.
|
|
* @param ra_tpm_alg_rsassa_3072 RSASSA-3072 supported and requested.
|
|
* @param ra_tpm_alg_rsapss_2048 RSAPSS-2048 supported and requested.
|
|
* @param ra_tpm_alg_rsassa_2048 RSASSA-2048 supported and requested.
|
|
* @param ra_tpm_alg_ecdsa_ecc_nist_p521 ECDSA-ECC-521 supported and requested.
|
|
* @return Enum with the following values:
|
|
* ```
|
|
* not supported => 0
|
|
* ra_tpm_alg_rsassa_2048 => 1
|
|
* ra_tpm_alg_rsapss_2048 => 2
|
|
* ra_tpm_alg_rsassa_3072 => 4
|
|
* ra_tpm_alg_rsapss_3072 => 8
|
|
* ra_tpm_alg_ecdsa_ecc_nist_p256 => 16
|
|
* ra_tpm_alg_rsassa_4096 => 32
|
|
* ra_tpm_alg_rsapss_4096 => 64
|
|
* ra_tpm_alg_ecdsa_ecc_nist_p384 => 128
|
|
* ra_tpm_alg_ecdsa_ecc_nist_p521 => 256
|
|
* ```
|
|
*/
|
|
long spdm_platform_select_rbaa(instance_t *instance,
|
|
boolean ra_tpm_alg_ecdsa_ecc_nist_p384,
|
|
boolean ra_tpm_alg_rsapss_4096,
|
|
boolean ra_tpm_alg_rsassa_4096,
|
|
boolean ra_tpm_alg_ecdsa_ecc_nist_p256,
|
|
boolean ra_tpm_alg_rsapss_3072,
|
|
boolean ra_tpm_alg_rsassa_3072,
|
|
boolean ra_tpm_alg_rsapss_2048,
|
|
boolean ra_tpm_alg_rsassa_2048,
|
|
boolean ra_tpm_alg_ecdsa_ecc_nist_p521);
|
|
|
|
/**
|
|
* Get digests for digests response (DSP0274_1.1.0 [232]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param data Target buffer, its maximum size is given by the initial value of *length.
|
|
* @param length Contains a pointer to the maximum size of data. On return the size must
|
|
* be changed to the actual size of the data copied to data.
|
|
* @param slot_mask Bit mask that contains one bit for each slot. If a slot contains a
|
|
* certificate chain the according bit needs to be set. This parameter
|
|
* is not initialized when this function is called.
|
|
*/
|
|
void spdm_platform_get_digests_data(instance_t *instance,
|
|
char *data,
|
|
long *length,
|
|
unsigned char *slot_mask);
|
|
|
|
/**
|
|
* Validate an incoming certificate request (DSP0274_1.1.0 [238]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param slot Certificate slot number.
|
|
* @param offset Certificate portion offset.
|
|
* @param length Certificate portion length.
|
|
* @return Success.
|
|
*/
|
|
boolean spdm_platform_validate_certificate_request(instance_t *instance,
|
|
unsigned char slot,
|
|
unsigned short offset,
|
|
unsigned short length);
|
|
|
|
/**
|
|
* Provide requested certificate chain.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param data Target buffer, its maximum size is given by the initial value of length.
|
|
* @param slot Requested certificate slot.
|
|
* @param offset Offset in the certificate chain.
|
|
* @param length Contains a pointer to the maximum size of data. On return the size
|
|
* must be changed to the actual size of the data copied to data.
|
|
* @param total_length Pointer to the total length of the requested certificate.
|
|
* Must be filled by that function and must be greater or
|
|
* equal to offset plus the final value of *length.
|
|
*/
|
|
void spdm_platform_get_certificate_data (instance_t *instance,
|
|
char *data,
|
|
unsigned char slot,
|
|
unsigned short offset,
|
|
unsigned short *length,
|
|
unsigned short *total_length);
|
|
|
|
/**
|
|
* Get the number of measurement indices (DSP0274_1.1.0 [327]).
|
|
*
|
|
* Returns the number of indices available from the responder. This
|
|
* may be zero if none are available and up to 254.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return Number of measurements.
|
|
*/
|
|
unsigned char spdm_platform_get_number_of_indices (instance_t *instance);
|
|
#ifdef FEATURE_KEY_EXCHANGE
|
|
|
|
/**
|
|
* Get the number of measurement indices that include the trusted computing base (DSP0274_1.1.0 [422]).
|
|
*
|
|
* Otherwise it has the same behaviour as spdm_platform_get_number_of_indices.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return Number of measurements in TCB.
|
|
*/
|
|
unsigned char spdm_platform_get_number_of_indices_tcb (instance_t *instance);
|
|
#endif
|
|
|
|
/**
|
|
* Generate a nonce for cryptographic operations.
|
|
*
|
|
* The platform must always keep the latest generated nonce and shall
|
|
* add it to the transcript when spdm_platform_update_transcript_nonce
|
|
* is called. Only after this function is called the nonce can be marked
|
|
* as valid.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param nonce 32 byte long nonce buffer.
|
|
*/
|
|
void spdm_platform_get_nonce(instance_t *instance, void *nonce);
|
|
|
|
/**
|
|
* Return a DMTF measurement field (DSP0274_1.1.0 [335]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param index Requested measurement index.
|
|
* @param representation Representation enum with the following values:
|
|
* Digest => 0
|
|
* Raw bit stream => 1
|
|
* @param type DMTF value type enum with the following values:
|
|
* Immutable_ROM => 0
|
|
* Mutable_Firmware => 1
|
|
* Hardware_Configuration => 2
|
|
* Firmware_Configuration => 3
|
|
* Measured_Manifest => 4
|
|
* @param length Length of the target buffer. The initial value marks the
|
|
* maximum size of the buffer. On return it must be set to
|
|
* the actual size of the data copied into the buffer.
|
|
* @param buffer Measurement data buffer.
|
|
*/
|
|
void spdm_platform_get_dmtf_measurement_field (instance_t *instance,
|
|
unsigned index,
|
|
unsigned *representation,
|
|
unsigned *type,
|
|
unsigned *length,
|
|
void *buffer);
|
|
|
|
/**
|
|
* Provide opaque data for the measurement response (DSP0274_1.1.0 [327]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param data Opaque data buffer.
|
|
* @param length Opaque data buffer length. The initial value is the maximum size of
|
|
* the buffer. On return length must be set to the size of the data
|
|
* copied to that buffer. It must not exceed 1024.
|
|
*/
|
|
void spdm_platform_get_meas_opaque_data(instance_t *instance,
|
|
void *data,
|
|
unsigned *length);
|
|
|
|
/**
|
|
* Register a new transcript with the platform.
|
|
*
|
|
* The returned ID must be used on all subsequent operations on the same transcript.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param kind Transcript kind enum with the following values:
|
|
* Session transcript => 0
|
|
* Measurement transcript => 1
|
|
* @return 32 bit transcript ID. On success spdm_platform_valid_transcript_id
|
|
* must return true on this ID.
|
|
*/
|
|
unsigned spdm_platform_get_new_transcript(instance_t *instance,
|
|
unsigned char kind);
|
|
|
|
/**
|
|
* Indicate whether a transcript ID is valid.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param transcript Transcript ID.
|
|
* @return True if transcript ID is valid.
|
|
*/
|
|
boolean spdm_platform_valid_transcript_id(instance_t *instance,
|
|
unsigned transcript);
|
|
|
|
/**
|
|
* Reset an already registered transcript.
|
|
*
|
|
* This operation may change the transcript kind, too. The returned transcript ID
|
|
* may be different from the provided one. It has the same behaviour as
|
|
* spdm_platform_get_new_transcript except that it allows reusing an existing resource.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param transcript Old transcript ID.
|
|
* @param kind Transcript kind for the new transcript.
|
|
* @return New 32 bit transcript ID.
|
|
*/
|
|
unsigned spdm_platform_reset_transcript(instance_t *instance,
|
|
unsigned transcript,
|
|
unsigned char kind);
|
|
|
|
/**
|
|
* Append a chunk of data to the transcript.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param transcript Transcript ID.
|
|
* @param data Transcript data to be appended.
|
|
* @param offset Offset in data.
|
|
* @param length Length of data to be appended to the transcript,
|
|
* length + offset is less or equal to the size of data.
|
|
* @return Success.
|
|
*/
|
|
boolean spdm_platform_update_transcript(instance_t *instance,
|
|
unsigned transcript,
|
|
const void *data,
|
|
unsigned offset,
|
|
unsigned length);
|
|
|
|
/**
|
|
* Append the latest generated nonce to the transcript.
|
|
*
|
|
* Append the latest nonce generated by spdm_platform_get_nonce to the
|
|
* transcript. The nonce must be marked as invalid after this operation.
|
|
* If the nonce is already marked as invalid when this function is called
|
|
* the operation must fail.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param transcript Transcript ID.
|
|
* @return Success.
|
|
*/
|
|
boolean spdm_platform_update_transcript_nonce(instance_t *instance,
|
|
unsigned transcript);
|
|
|
|
/**
|
|
* Generate signature from current transcript.
|
|
*
|
|
* Generate the signature from the current state of the transcript. This
|
|
* does not invalidate or reset the transcript.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param transcript Transcript ID.
|
|
* @param slot Slot ID of the signing key.
|
|
* @param signature Signature buffer.
|
|
* @param length Signature buffer length. The initial value contains the maximum length
|
|
* of the signature buffer. On return the value shall be the correct
|
|
* length for the signature algorithm selected in Negotiate_Algorithms.
|
|
* On error length can be set to 0.
|
|
*/
|
|
void spdm_platform_get_signature(instance_t *instance,
|
|
unsigned transcript,
|
|
unsigned char slot,
|
|
void *signature,
|
|
unsigned *length);
|
|
|
|
#ifdef FEATURE_KEY_EXCHANGE
|
|
/**
|
|
* Generate responder exchange data from requester exchange data (DSP0274_1.1.0 [421]).
|
|
*
|
|
* Process the exchange data sent with the key exchange request
|
|
* and generate the appropriate response exchange data.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param data Exchange data buffer. Initially contains the exchange
|
|
* request data. Must be filled with the response exchange data.
|
|
* @param length Length of the request exchange data and the data buffer.
|
|
*/
|
|
void spdm_platform_get_exchange_data (instance_t *instance,
|
|
void *data,
|
|
unsigned length);
|
|
|
|
/**
|
|
* Get heartbeat period (DSP0274_1.1.0 [422]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return Heartbeat period.
|
|
*/
|
|
unsigned char spdm_platform_get_heartbeat_period (instance_t *instance);
|
|
|
|
/**
|
|
* Check session ID sent by the requester for validity (DSP0274_1.1.0 [421]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param session_id Session ID.
|
|
* @return ID valid.
|
|
*/
|
|
boolean spdm_platform_valid_session_id (instance_t *instance,
|
|
unsigned short session_id);
|
|
|
|
/**
|
|
* Get session ID for key exchange response (DSP0274_1.1.0 [422]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param session_id Request session ID
|
|
* @return Response session ID.
|
|
*/
|
|
unsigned short spdm_platform_get_session_id (instance_t *instance,
|
|
unsigned short session_id);
|
|
|
|
/**
|
|
* Request mutual authentication in key exchange response (DSP0274_1.1.0 [422]).
|
|
*
|
|
* Returning true only enables regular mutual authentication. Encapsulated
|
|
* and implicit mutual authentication are not supported.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return Mutual auth requested.
|
|
*/
|
|
boolean spdm_platform_use_mutual_auth (instance_t *instance);
|
|
|
|
/**
|
|
* Get the hash over the measurement summary (DSP0274_1.1.0 [422]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param summary Measurement summary.
|
|
* @param summary_length Length of the measurement_hash summary.
|
|
* @param hash Target buffer for the generated hash.
|
|
* @param hash_length Length of the hash buffer. The initial value
|
|
* is the maximum length of this buffer. On return
|
|
* this value shall be set to the size required by
|
|
* the hash algorithm.
|
|
*/
|
|
void spdm_platform_get_summary_hash(instance_t *instance,
|
|
const void *summary,
|
|
unsigned summary_length,
|
|
void *hash,
|
|
unsigned *hash_length);
|
|
|
|
/**
|
|
* Append the selected certificate chain to the transcript.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param transcript Transcript ID.
|
|
* @param slot Slot ID for certificate selection.
|
|
* @return Success, Boolean.
|
|
*/
|
|
unsigned char spdm_platform_update_transcript_cert(instance_t *instance,
|
|
unsigned transcript,
|
|
unsigned char slot);
|
|
|
|
/**
|
|
* Handle key exchange opaque data (DSP0274_1.1.0 [422]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param req_data Buffer containing the request opaque data.
|
|
* @param req_length Length of the data sent by the requester.
|
|
* @param data Buffer for the response opaque data.
|
|
* @param length Initial value is the maximum length of data. Shall be
|
|
* set to the size of the opaque data for the response.
|
|
*/
|
|
void spdm_platform_get_key_ex_opaque_data(instance_t *instance,
|
|
const void *req_data,
|
|
unsigned req_length,
|
|
void *data,
|
|
unsigned *length);
|
|
|
|
/**
|
|
* Generate the responder verify data for key exchange (DSP0274_1.1.0 [422]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param transcript Transcript ID.
|
|
* @param slot Slot ID of the signing key.
|
|
* @param data Verify data buffer.
|
|
* @param length Length of the verify data buffer. The initial value is
|
|
* is the maximum length of that buffer. It shall be set to
|
|
* the length of the negotiated hash algorithm.
|
|
*/
|
|
void spdm_platform_get_key_ex_verify_data(instance_t *instance,
|
|
unsigned transcript,
|
|
unsigned char slot,
|
|
void *data,
|
|
unsigned *length);
|
|
|
|
/**
|
|
* Validate the finish signature sent by the requester (DSP0274_1.1.0 [432]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param transcript Transcript ID.
|
|
* @param signature Signature sent by the requester.
|
|
* @param length Length of the signature.
|
|
* @param slot Slot ID of the signing key.
|
|
* @return Success.
|
|
*/
|
|
boolean spdm_platform_validate_finish_signature(instance_t *instance,
|
|
unsigned transcript,
|
|
const void *signature,
|
|
unsigned length,
|
|
unsigned char slot);
|
|
|
|
/**
|
|
* Validate the finish HMAC sent by the requester (DSP0274_1.1.0 [432]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param transcript Transcript ID.
|
|
* @param hmac HMAC sent by the requester.
|
|
* @param length Length of the HMAC.
|
|
* @param slot Slot ID used for the HMAC generation.
|
|
* @return Success.
|
|
*/
|
|
boolean spdm_platform_validate_finish_hmac(instance_t *instance,
|
|
unsigned transcript,
|
|
const void *hmac,
|
|
unsigned length,
|
|
unsigned char slot);
|
|
|
|
/**
|
|
* Generate the responder verify data for the finish response (DSP0274_1.1.0 [433]).
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param transcript Transcript ID.
|
|
* @param slot Slot ID for the used key.
|
|
* @param data Verify data buffer.
|
|
* @param length Length of the verify data buffer. The initial value is
|
|
* is the maximum length of that buffer. It shall be set to
|
|
* the length of the negotiated hash algorithm.
|
|
*/
|
|
void spdm_platform_get_finish_verify_data(instance_t *instance,
|
|
unsigned transcript,
|
|
unsigned char slot,
|
|
void *data,
|
|
unsigned *length);
|
|
|
|
/**
|
|
* Set the current session phase.
|
|
*
|
|
* Set the current session phase to the phase passed as argument. If
|
|
* an error occurs the session phase is set to the error value, otherwise
|
|
* it's set to the requested phase.
|
|
*
|
|
* The allowed values for the requested and returned session phase are
|
|
* Error => 0
|
|
* No session => 1
|
|
* Handshake => 2
|
|
* Secure session => 3
|
|
* For the values 0 and 1 this function should behave identically to
|
|
* spdm_platform_reset_session_phase.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param phase Requested session phase.
|
|
* @return Updated session phase.
|
|
*/
|
|
unsigned char spdm_platform_set_session_phase(instance_t *instance,
|
|
unsigned char phase,
|
|
unsigned transcript,
|
|
unsigned char slot);
|
|
|
|
/**
|
|
* Reset the current session.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @return Updated session phase. Return 0 if an error occurred otherwise 1.
|
|
*/
|
|
unsigned char spdm_platform_reset_session_phase(instance_t *instance);
|
|
|
|
/**
|
|
* Perform a key update operation.
|
|
*
|
|
* @param instance Platform instance.
|
|
* @param operation Key update operation, enum with the following values:
|
|
* Update key => 1
|
|
* Update all keys => 2
|
|
* Verifiy new key => 3
|
|
* @param tag Key update tag.
|
|
* @result Success.
|
|
*/
|
|
boolean spdm_platform_key_update(instance_t *instance,
|
|
unsigned operation,
|
|
unsigned tag);
|
|
#endif
|
|
#endif // __SPDM_PLATFORM_INTERFACE__
|