sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: add DeviceSecurity support

Browse Source 
This patch implement the SpdmSecurityLib,
which is the core of DeviceSecurity.
And the SpdmSecurityLib include Device Authentication and Measurement.
The other library is to support SpdmSecurityLib.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
Wenxing Hou
2024-04-18 17:28:15 +08:00
committed by mergify[bot]
parent c3f615a1bd
commit 750d763623
32 changed files with 5611 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

347
SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h Normal file
View File

@@ -0,0 +1,347 @@
/** @file
Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef __LIBSPDM_STUB_H__
#define __LIBSPDM_STUB_H__
#include <library/spdm_common_lib.h>
#include <library/spdm_return_status.h>
#include <library/spdm_crypt_lib.h>
#include <library/spdm_requester_lib.h>
#include <library/spdm_responder_lib.h>
#include <library/spdm_transport_pcidoe_lib.h>
#pragma pack(1)
/* The layout of SPDM_RETURN is
* [31:28] - Severity
* [27:24] - Reserved
* [23:16] - Source
* [15:00] - Code
*/
typedef UINT32 SPDM_RETURN;
/*Interface of spdm.h*/
/* SPDM message header*/
typedef struct {
UINT8 SPDMVersion;
UINT8 RequestResponseCode;
UINT8 Param1;
UINT8 Param2;
} SPDM_MESSAGE_HEADER;
/* SPDM VERSION structure
* Bit[15:12] MajorVersion
* Bit[11:8] MinorVersion
* Bit[7:4] UpdateVersionNumber
* Bit[3:0] Alpha*/
typedef UINT16 SPDM_VERSION_NUMBER;
typedef struct {
/* Total length of the certificate chain, in bytes,
* including all fields in this table.*/
UINT16 Length;
UINT16 Reserved;
/* digest of the Root Certificate.
* Note that Root Certificate is ASN.1 DER-encoded for this digest.
* The hash size is determined by the SPDM device.*/
/*UINT8 RootHash[HashSize];*/
/* One or more ASN.1 DER-encoded X509v3 certificates where the first certificate is signed by the Root
* Certificate or is the Root Certificate itself and each subsequent certificate is signed by the preceding
* certificate. The last certificate is the Leaf Certificate.*/
/*UINT8 Certificates[length - 4 - HashSize];*/
} SPDM_CERT_CHAIN;
/* SPDM MEASUREMENTS block common header */
typedef struct {
UINT8 Index;
UINT8 MeasurementSpecification;
UINT16 MeasurementSize;
/*UINT8 Measurement[MeasurementSize];*/
} SPDM_MEASUREMENT_BLOCK_COMMON_HEADER;
/* SPDM MEASUREMENTS block DMTF header */
typedef struct {
UINT8 DMTFSpecMeasurementValueType;
UINT16 DMTFSpecMeasurementValueSize;
/*UINT8 DMTFSpecMeasurementValue[DMTFSpecMeasurementValueSize];*/
} SPDM_MEASUREMENT_BLOCK_DMTF_HEADER;
typedef struct {
SPDM_MEASUREMENT_BLOCK_COMMON_HEADER MeasurementBlockCommonHeader;
SPDM_MEASUREMENT_BLOCK_DMTF_HEADER MeasurementBlockDmtfHeader;
/*UINT8 HashValue[HashSize];*/
} SPDM_MEASUREMENT_BLOCK_DMTF;
#define SPDM_DATA_PARAMETER libspdm_data_parameter_t
typedef enum {
//
// SPDM parameter
//
SpdmDataSpdmVersion,
SpdmDataSecuredMessageVersion,
//
// SPDM capability
//
SpdmDataCapabilityFlags,
SpdmDataCapabilityCTExponent,
SpdmDataCapabilityRttUs,
SpdmDataCapabilityDataTransferSize,
SpdmDataCapabilityMaxSpdmMsgSize,
SpdmDataCapabilitySenderDataTransferSize,
//
// SPDM Algorithm setting
//
SpdmDataMeasurementSpec,
SpdmDataMeasurementHashAlgo,
SpdmDataBaseAsymAlgo,
SpdmDataBaseHashAlgo,
SpdmDataDHENameGroup,
SpdmDataAEADCipherSuite,
SpdmDataReqBaseAsymAlg,
SpdmDataKeySchedule,
SpdmDataOtherParamsSupport,
SpdmDataMelSpec,
//
// Connection State
//
SpdmDataConnectionState,
//
// ResponseState
//
SpdmDataResponseState,
//
// Certificate info
//
SpdmDataLocalPublicCertChain,
SpdmDataPeerPublicRootCert,
SpdmDataPeerPublicKey,
SpdmDataLocalPublicKey,
SpdmDataLocalSupportedSlotMask,
SpdmDataLocalKeyPairId,
SpdmDataLocalCertInfo,
SpdmDataLocalKeyUsageBitMask,
SpdmDataBasicMutAuthRequested,
SpdmDataMutAuthRequested,
SpdmDataHeartBeatPeriod,
//
// Negotiated result
//
SpdmDataPeerUsedCertChainBuffer,
SpdmDataPeerSlotMask,
SpdmDataPeerProvisionedSlotMask = SpdmDataPeerSlotMask,
SpdmDataPeerSupportedSlotMask,
SpdmDataPeerTotalDigestBuffer,
SpdmDataPeerKeyPairId,
SpdmDataPeerCertInfo,
SpdmDataPeerKeyUsageBitMask,
//
// Pre-shared Key Hint
// If PSK is present, then PSK_EXCHANGE is used.
// Otherwise, the KEY_EXCHANGE is used.
//
SpdmDataPskHint,
//
// SessionData
//
SpdmDataSessionUsePsk,
SpdmDataSessionMutAuthRequested,
SpdmDataSessionEndSessionAttributes,
SpdmDataSessionPolicy,
SpdmDataAppContextData,
SpdmDataHandleErrorReturnPolicy,
/* VCA cached for CACHE_CAP in 1.2 for transcript.*/
SpdmDataVcaCache,
/* if the context is for a requester. It only needs to be set in VCA cache.*/
SpdmDataIsRequester,
// If the Responder replies with a Busy `ERROR` response to a request
// then the Requester is free to retry sending the request.
// This value specifies the maximum number of times libspdm will retry
// sending the request before returning an error.
// If its value is 0 then libspdm will not send any retry requests.
SpdmDataRequestRetryTimes,
// If the Responder replies with a Busy `ERROR` response to a request
// then the Requester is free to retry sending the request.
// This value specifies the delay time in microseconds between each retry requests.
// If its value is 0 then libspdm will send retry request immediately.
SpdmDataRequestRetryDelayTime,
/* limit the number of DHE session and PSK session separately.*/
SpdmDataMaxDheSessionConut,
SpdmDataMaxPskSessionConut,
SpdmDataSessionSequenceNumberRspDir,
SpdmDataSessionSequenceNumberReqDir,
SpdmDataMaxSessionSequenceNumber,
/* For SPDM 1.0 and 1.1, allow signature verification in big, little, or both endians. */
SpdmDataSpdmVersion1011VerifySigatureEndian,
SpdmDataSequenceNumberEndian,
SpdmDataSessionSequenceNumberEndian,
SpdmDataMultiKeyConnReq,
SpdmDataMultiKeyConnRsp,
//
// MAX
//
SpdmDataMax,
} SPDM_DATA_TYPE;
typedef enum {
SpdmDataLocationLocal,
SpdmDataLocationConnection,
SpdmDataLocationSession,
SpdmDataLocationMax,
} SPDM_DATA_LOCATION;
typedef enum {
//
// Before GET_VERSION/VERSION
//
SpdmConnectionStateNotStarted,
//
// After GET_VERSION/VERSION
//
SpdmConnectionStateAfterVersion,
//
// After GET_CAPABILITIES/CAPABILITIES
//
SpdmConnectionStateAfterCapabilities,
//
// After NEGOTIATE_ALGORITHMS/ALGORITHMS
//
SpdmConnectionStateNegotiated,
//
// After GET_DIGESTS/DIGESTS
//
SpdmConnectionStateAfterDigests,
//
// After GET_CERTIFICATE/CERTIFICATE
//
SpdmConnectionStateAfterCertificate,
//
// After CHALLENGE/CHALLENGE_AUTH, and ENCAP CALLENGE/CHALLENG_AUTH if MUT_AUTH is enabled.
//
SpdmConnectionStateAuthenticated,
//
// MAX
//
SpdmConnectionStateMax,
} SPDM_CONNECTION_STATE;
typedef enum {
//
// Normal response.
//
SpdmResponseStateNormal,
//
// Other component is busy.
//
SpdmResponseStateBusy,
#if LIBSPDM_RESPOND_IF_READY_SUPPORT
//
// Hardware is not ready.
//
SpdmResponseStateNotReady,
#endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
//
// Firmware Update is done. Need resync.
//
SpdmResponseStateNeedResync,
//
// Processing Encapsulated message.
//
SpdmResponseStateProcessingEncap,
//
// MAX
//
SpdmResponseStateMax,
} SPDM_RESPONSE_STATE;
/* DOE header*/
typedef struct {
UINT16 VendorId;
UINT8 DataObjectType;
UINT8 Reserved;
/* length of the data object being transfered in number of DW, including the header (2 DW)
* It only includes bit[0~17], bit[18~31] are reserved.
* A value of 00000h indicate 2^18 DW == 2^20 byte.*/
UINT32 Length;
/*UINT32 DataObjectDw[Length];*/
} PCI_DOE_DATA_OBJECT_HEADER;
#pragma pack()
/* FUNCTION */
#define SpdmSetData libspdm_set_data
#define SpdmGetData libspdm_get_data
#define SpdmInitContext libspdm_init_context
#define SpdmGetContextSize libspdm_get_context_size
#define SpdmRegisterDeviceIoFunc libspdm_register_device_io_func
#define SpdmRegisterTransportLayerFunc libspdm_register_transport_layer_func
#define SpdmGetSizeofRequiredScratchBuffer libspdm_get_sizeof_required_scratch_buffer
#define SpdmRegisterDeviceBufferFunc libspdm_register_device_buffer_func
#define SpdmSetScratchBuffer libspdm_set_scratch_buffer
#define SpdmGetHashSize libspdm_get_hash_size
#define SpdmHashAll libspdm_hash_all
#define SpdmGetMeasurementHashSize libspdm_get_measurement_hash_size
#define SpdmMeasurementHashAll libspdm_measurement_hash_all
#define SpdmHmacAll libspdm_hmac_all
#define SpdmHkdfExpand libspdm_hkdf_expand
#define SpdmAsymFree libspdm_asym_free
#define SpdmAsymGetPrivateKeyFromPem libspdm_asym_get_private_key_from_pem
#define SpdmAsymSign libspdm_asym_sign
#define SpdmAsymSignHash libspdm_asym_sign_hash
#define SpdmInitConnection libspdm_init_connection
#define SpdmGetDigest libspdm_get_digest
#define SpdmGetCertificate libspdm_get_certificate
#define SpdmGetCertificateEx libspdm_get_certificate_ex
#define SpdmChallenge libspdm_challenge
#define SpdmChallengeEx libspdm_challenge_ex
#define SpdmGetMeasurement libspdm_get_measurement
#define SpdmGetMeasurementEx libspdm_get_measurement_ex
#define SpdmStartSession libspdm_start_session
#define SpdmStopSession libspdm_stop_session
#define SpdmSendReceiveData libspdm_send_receive_data
#define SpdmRegisterGetResponseFunc libspdm_register_get_response_func
#define SpdmProcessRequest libspdm_process_request
#define SpdmBuildResponse libspdm_build_response
#define SpdmGenerateErrorResponse libspdm_generate_error_response
#define SpdmTransportPciDoeEncodeMessage libspdm_transport_pci_doe_encode_message
#define SpdmTransportPciDoeDecodeMessage libspdm_transport_pci_doe_decode_message
#define SpdmMeasurementCollectionFunc libspdm_measurement_collection
#define SpdmRequesterDataSignFunc libspdm_requester_data_sign
#define SpdmResponderDataSignFunc libspdm_responder_data_sign
#define SpdmGenerateMeasurementSummaryHash libspdm_generate_measurement_summary_hash
#define SpdmPskMasterSecretHkdfExpandFunc libspdm_psk_master_secret_hkdf_expand
#define SpdmPskHandshakeSecretHkdfExpandFunc libspdm_psk_handshake_secret_hkdf_expand
#define SpdmMeasurementOpaqueData libspdm_measurement_opaque_data
#define SpdmChallengeOpaqueData libspdm_challenge_opaque_data
#endif

23
SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdBoolAlt.h Normal file
View File

@@ -0,0 +1,23 @@
/** @file
EDKII Device Security library for SPDM device.
It follows the SPDM Specification.
Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef LIBSPDM_STDBOOL_ALT_H
#define LIBSPDM_STDBOOL_ALT_H
typedef BOOLEAN bool;
#ifndef true
#define true TRUE
#endif
#ifndef false
#define false FALSE
#endif
#endif /* LIBSPDM_STDBOOL_ALT */

16
SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdDefAlt.h Normal file
View File

@@ -0,0 +1,16 @@
/** @file
EDKII Device Security library for SPDM device.
It follows the SPDM Specification.
Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef LIBSPDM_STD_DEF_ALT_H
#define LIBSPDM_STD_DEF_ALT_H
typedef UINTN size_t;
#define offsetof(type, member) OFFSET_OF(type,member)
#endif /* LIBSPDM_STDDEF_ALT */

25
SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/LibspdmStdIntAlt.h Normal file
View File

@@ -0,0 +1,25 @@
/** @file
EDKII Device Security library for SPDM device.
It follows the SPDM Specification.
Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef LIBSPDM_STD_INT_ALT_H
#define LIBSPDM_STD_INT_ALT_H
typedef UINT64 uint64_t;
typedef INT64 int64_t;
typedef UINT32 uint32_t;
typedef INT32 int32_t;
typedef UINT16 uint16_t;
typedef INT16 int16_t;
typedef UINT8 uint8_t;
#ifndef SIZE_MAX
#define SIZE_MAX MAX_UINTN
#endif
#endif /* LIBSPDM_STDINT_ALT */

94
SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/base.h Normal file
View File

@@ -0,0 +1,94 @@
/** @file
EDKII Device Security library for SPDM device.
It follows the SPDM Specification.
Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef BASE_H
#define BASE_H
#define LIBSPDM_STDINT_ALT "hal/LibspdmStdIntAlt.h"
#define LIBSPDM_STDBOOL_ALT "hal/LibspdmStdBoolAlt.h"
#define LIBSPDM_STDDEF_ALT "hal/LibspdmStdDefAlt.h"
#ifndef LIBSPDM_STDINT_ALT
#include <stdint.h>
/* LIBSPDM_OPENSSL_STDINT_WORKAROUND */
/* This is a workaround for OpenSSL compilation problems when used with <stdint.h>
* on Windows platforms built with Visual Studio. Including <stdint.h> pulls in
* <vcruntime.h>, which causes the type size_t to be defined. The size_t type
* depends on if _WIN32 or _WIN64 is defined. The default if neither is defined
* is the 32-bit version of size_t. */
/* Our OpenSSL compilation requires _WIN32 and _WIN64 to NOT be defined.
* This will force the <vcruntime.h> to use the wrong 32-bit definition of size_t
* if we are compiling as 64-bit. This 32-bit definition then does not agree with
* the 64-bit definition defined in libspdm and generates compile errors. */
/* To workaround this issue, LIBSPDM_OPENSSL_STDINT_WORKAROUND was created
* that is only defined for compilation via tha makefile of the OpenSSL library
* portion of libspdm. */
/* This will lead to _WIN32 and _WIN64 to be NOT defined when reaching the OpenSSL
* portions of a compilation unit (header files + c file), thus meeting the
* no Win32/Win64 requirement for OpenSSL, but will still be defined when compiling
* the <vcruntime.h> file in the compilation unit (and getting the right size_t). */
/* In the future libspdm intends to use the Windows native compilation flags and defines,
* in place of the UEFI profile / personality. */
#ifdef LIBSPDM_OPENSSL_STDINT_WORKAROUND
#undef _WIN32
#undef _WIN64
#endif
#else /* LIBSPDM_STDINT_ALT */
#include LIBSPDM_STDINT_ALT
#endif /* LIBSPDM_STDINT_ALT */
#ifndef LIBSPDM_STDBOOL_ALT
#include <stdbool.h>
#else
#include LIBSPDM_STDBOOL_ALT
#endif
#ifndef LIBSPDM_STDDEF_ALT
#include <stddef.h>
#else
#include LIBSPDM_STDDEF_ALT
#endif
/**
* Return the minimum of two operands.
*
* This macro returns the minimal of two operand specified by a and b.
* Both a and b must be the same numerical types, signed or unsigned.
*
* @param a The first operand with any numerical type.
* @param b The second operand. It should be the same any numerical type with a.
*
* @return Minimum of two operands.
*
**/
#define LIBSPDM_MIN(a, b) (((a) < (b)) ? (a) : (b))
/**
* Return the number of elements in an array.
*
* @param array An object of array type. Array is only used as an argument to
* the sizeof operator, therefore Array is never evaluated. The
* caller is responsible for ensuring that Array's type is not
* incomplete; that is, Array must have known constant size.
*
* @return The number of elements in Array. The result has type size_t.
*
**/
#define LIBSPDM_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0]))
#endif /* BASE_H */

39
SecurityPkg/DeviceSecurity/SpdmLib/Include/hal/library/debuglib.h Normal file
View File

@@ -0,0 +1,39 @@
/** @file
EDKII Device Security library for SPDM device.
It follows the SPDM Specification.
Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
/** @file
Provides services to print debug and assert messages to a debug output device.
The Debug library supports debug print and asserts based on a combination of macros and code.
The debug library can be turned on and off so that the debug code does not increase the size of an image.
Note that a reserved macro named MDEPKG_NDEBUG is introduced for the intention
of size reduction when compiler optimization is disabled. If MDEPKG_NDEBUG is
defined, then debug and assert related macros wrapped by it are the NULL implementations.
**/
#ifndef DEBUG_LIB_H
#define DEBUG_LIB_H
#include <Library/DebugLib.h>
#define LIBSPDM_DEBUG_INFO DEBUG_INFO
#define LIBSPDM_DEBUG_VERBOSE DEBUG_VERBOSE
#define LIBSPDM_DEBUG_ERROR DEBUG_ERROR
#define LIBSPDM_DEBUG DEBUG
#define LIBSPDM_ASSERT ASSERT
#define LIBSPDM_ASSERT_RETURN_ERROR ASSERT_RETURN_ERROR
#define LIBSPDM_DEBUG_CODE_BEGIN DEBUG_CODE_BEGIN
#define LIBSPDM_DEBUG_CODE_END DEBUG_CODE_END
#define LIBSPDM_DEBUG_CODE DEBUG_CODE
#endif /* DEBUG_LIB_H */

394
SecurityPkg/DeviceSecurity/SpdmLib/Include/library/spdm_lib_config.h Normal file
View File

@@ -0,0 +1,394 @@
/** @file
EDKII Device Security library for SPDM device.
It follows the SPDM Specification.
Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef SPDM_LIB_CONFIG_H
#define SPDM_LIB_CONFIG_H
/* Enables assertions and debug printing. When `LIBSPDM_DEBUG_ENABLE` is defined it overrides or
* sets the values of `LIBSPDM_DEBUG_PRINT_ENABLE`, `LIBSPDM_DEBUG_ASSERT_ENABLE`, and
* `LIBSPDM_BLOCK_ENABLE` to the value of `LIBSPDM_DEBUG_ENABLE`.
*
* Note that if this file is used with CMake and `DTARGET=Release` is defined, then all debugging
* is disabled.
*/
#ifndef LIBSPDM_DEBUG_ENABLE
#define LIBSPDM_DEBUG_ENABLE 1
#endif
/* The SPDM specification allows a Responder to return up to 256 version entries in the `VERSION`
* response to the Requester, including duplicate entries. For a Requester this value specifies the
* maximum number of entries that libspdm will tolerate in a `VERSION` response before returning an
* error. A similiar macro, `SPDM_MAX_VERSION_COUNT`, exists for the Responder. However this macro
* is not meant to be configured by the integrator.
*/
#ifndef LIBSPDM_MAX_VERSION_COUNT
#define LIBSPDM_MAX_VERSION_COUNT 5
#endif
/* This value specifies the maximum size, in bytes, of the `PSK_EXCHANGE.RequesterContext` and,
* if supported by the Responder, `PSK_EXCHANGE_RSP.ResponderContext` fields. The fields are
* typically random or monotonically increasing numbers.
*/
#ifndef LIBSPDM_PSK_CONTEXT_LENGTH
#define LIBSPDM_PSK_CONTEXT_LENGTH LIBSPDM_MAX_HASH_SIZE
#endif
/* This value specifies the maximum size, in bytes, of the `PSK_EXCHANGE.PSKHint` field.*/
#ifndef LIBSPDM_PSK_MAX_HINT_LENGTH
#define LIBSPDM_PSK_MAX_HINT_LENGTH 16
#endif
/* libspdm allows an integrator to specify multiple root certificates as trust anchors when
* verifying certificate chains from an endpoint. This value specifies the maximum number of root
* certificates that libspdm can support.
*/
#ifndef LIBSPDM_MAX_ROOT_CERT_SUPPORT
#define LIBSPDM_MAX_ROOT_CERT_SUPPORT 10
#endif
/* If the Responder supports it a Requester is allowed to establish multiple secure sessions with
* the Responder. This value specifies the maximum number of sessions libspdm can support.
*/
#ifndef LIBSPDM_MAX_SESSION_COUNT
#define LIBSPDM_MAX_SESSION_COUNT 4
#endif
/* This value specifies the maximum size, in bytes, of a certificate chain that can be stored in a
* libspdm context.
*/
#ifndef LIBSPDM_MAX_CERT_CHAIN_SIZE
#define LIBSPDM_MAX_CERT_CHAIN_SIZE 0x1000
#endif
#ifndef LIBSPDM_MAX_MEASUREMENT_RECORD_SIZE
#define LIBSPDM_MAX_MEASUREMENT_RECORD_SIZE 0x1000
#endif
/* Partial certificates can be retrieved from a Requester or Responder and through multiple messages
* the complete certificate chain can be constructed. This value specifies the maximum size,
* in bytes, of a partial certificate that can be sent or received.
*/
#ifndef LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN
#define LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN 1024
#endif
/* To ensure integrity in communication between the Requester and the Responder libspdm calculates
* cryptographic digests and signatures over multiple requests and responses. This value specifies
* whether libspdm will use a running calculation over the transcript, where requests and responses
* are discarded as they are cryptographically consumed, or whether libspdm will buffer the entire
* transcript before calculating the digest or signature.
*/
#ifndef LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
#define LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 0
#endif
/* Cryptography Configuration
* In each category, at least one should be selected.
* NOTE: Not all combination can be supported. E.g. Don't mix NIST algo with SMx.*/
#ifndef LIBSPDM_RSA_SSA_2048_SUPPORT
#define LIBSPDM_RSA_SSA_2048_SUPPORT 1
#endif
#ifndef LIBSPDM_RSA_SSA_3072_SUPPORT
#define LIBSPDM_RSA_SSA_3072_SUPPORT 1
#endif
#ifndef LIBSPDM_RSA_SSA_4096_SUPPORT
#define LIBSPDM_RSA_SSA_4096_SUPPORT 1
#endif
#ifndef LIBSPDM_RSA_PSS_2048_SUPPORT
#define LIBSPDM_RSA_PSS_2048_SUPPORT 0
#endif
#ifndef LIBSPDM_RSA_PSS_3072_SUPPORT
#define LIBSPDM_RSA_PSS_3072_SUPPORT 0
#endif
#ifndef LIBSPDM_RSA_PSS_4096_SUPPORT
#define LIBSPDM_RSA_PSS_4096_SUPPORT 0
#endif
#ifndef LIBSPDM_ECDSA_P256_SUPPORT
#define LIBSPDM_ECDSA_P256_SUPPORT 1
#endif
#ifndef LIBSPDM_ECDSA_P384_SUPPORT
#define LIBSPDM_ECDSA_P384_SUPPORT 1
#endif
#ifndef LIBSPDM_ECDSA_P521_SUPPORT
#define LIBSPDM_ECDSA_P521_SUPPORT 1
#endif
#ifndef LIBSPDM_SM2_DSA_P256_SUPPORT
#define LIBSPDM_SM2_DSA_P256_SUPPORT 0
#endif
#ifndef LIBSPDM_EDDSA_ED25519_SUPPORT
#define LIBSPDM_EDDSA_ED25519_SUPPORT 0
#endif
#ifndef LIBSPDM_EDDSA_ED448_SUPPORT
#define LIBSPDM_EDDSA_ED448_SUPPORT 0
#endif
#ifndef LIBSPDM_FFDHE_2048_SUPPORT
#define LIBSPDM_FFDHE_2048_SUPPORT 0
#endif
#ifndef LIBSPDM_FFDHE_3072_SUPPORT
#define LIBSPDM_FFDHE_3072_SUPPORT 0
#endif
#ifndef LIBSPDM_FFDHE_4096_SUPPORT
#define LIBSPDM_FFDHE_4096_SUPPORT 0
#endif
#ifndef LIBSPDM_ECDHE_P256_SUPPORT
#define LIBSPDM_ECDHE_P256_SUPPORT 1
#endif
#ifndef LIBSPDM_ECDHE_P384_SUPPORT
#define LIBSPDM_ECDHE_P384_SUPPORT 1
#endif
#ifndef LIBSPDM_ECDHE_P521_SUPPORT
#define LIBSPDM_ECDHE_P521_SUPPORT 1
#endif
#ifndef LIBSPDM_SM2_KEY_EXCHANGE_P256_SUPPORT
#define LIBSPDM_SM2_KEY_EXCHANGE_P256_SUPPORT 0
#endif
#ifndef LIBSPDM_AEAD_AES_128_GCM_SUPPORT
#define LIBSPDM_AEAD_AES_128_GCM_SUPPORT 1
#endif
#ifndef LIBSPDM_AEAD_AES_256_GCM_SUPPORT
#define LIBSPDM_AEAD_AES_256_GCM_SUPPORT 1
#endif
#ifndef LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT
#define LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT 0
#endif
#ifndef LIBSPDM_AEAD_SM4_128_GCM_SUPPORT
#define LIBSPDM_AEAD_SM4_128_GCM_SUPPORT 0
#endif
#ifndef LIBSPDM_SHA256_SUPPORT
#define LIBSPDM_SHA256_SUPPORT 1
#endif
#ifndef LIBSPDM_SHA384_SUPPORT
#define LIBSPDM_SHA384_SUPPORT 1
#endif
#ifndef LIBSPDM_SHA512_SUPPORT
#define LIBSPDM_SHA512_SUPPORT 0
#endif
#ifndef LIBSPDM_SHA3_256_SUPPORT
#define LIBSPDM_SHA3_256_SUPPORT 0
#endif
#ifndef LIBSPDM_SHA3_384_SUPPORT
#define LIBSPDM_SHA3_384_SUPPORT 0
#endif
#ifndef LIBSPDM_SHA3_512_SUPPORT
#define LIBSPDM_SHA3_512_SUPPORT 0
#endif
#ifndef LIBSPDM_SM3_256_SUPPORT
#define LIBSPDM_SM3_256_SUPPORT 0
#endif
/* This can be set to 0 for the device which does not need X509 parser.*/
#ifndef LIBSPDM_CERT_PARSE_SUPPORT
#define LIBSPDM_CERT_PARSE_SUPPORT 1
#endif
/* Code space optimization for Optional request/response messages.*/
/* Consumers of libspdm may wish to not fully implement all of the optional
* SPDM request/response messages. Therefore we have provided these
* SPDM_ENABLE_CAPABILITY_***_CAP compile time switches as an optimization
* disable the code (#if 0) related to said optional capability, thereby
* reducing the code space used in the image.*/
/* A single switch may enable/disable a single capability or group of related
* capabilities.*/
/* LIBSPDM_ENABLE_CAPABILITY_CERT_CAP - Enable/Disable single CERT capability.
* LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP - Enable/Disable single CHAL capability.
* LIBSPDM_ENABLE_CAPABILITY_MEAS_CAP - Enable/Disables multiple MEAS capabilities:
* (MEAS_CAP_NO_SIG, MEAS_CAP_SIG, MEAS_FRESH_CAP)*/
/* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP - Enable/Disable single Key Exchange capability.
* LIBSPDM_ENABLE_CAPABILITY_PSK_EX_CAP - Enable/Disable PSK_EX and PSK_FINISH.*/
/* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP - Enable/Disable mutual authentication.
* LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP - Enable/Disable encapsulated message.*/
/* LIBSPDM_ENABLE_CAPABILITY_CSR_CAP - Enable/Disable get csr capability.
* LIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP - Enable/Disable set certificate capability. */
#ifndef LIBSPDM_ENABLE_CAPABILITY_CERT_CAP
#define LIBSPDM_ENABLE_CAPABILITY_CERT_CAP 1
#endif
#ifndef LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP
#define LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP 1
#endif
#ifndef LIBSPDM_ENABLE_CAPABILITY_MEAS_CAP
#define LIBSPDM_ENABLE_CAPABILITY_MEAS_CAP 1
#endif
#ifndef LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP
#define LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP 0
#endif
#ifndef LIBSPDM_ENABLE_CAPABILITY_PSK_EX_CAP
#define LIBSPDM_ENABLE_CAPABILITY_PSK_EX_CAP 0
#endif
#ifndef LIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP
#define LIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP 0
#endif
#ifndef LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
#define LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP 0
#endif
#ifndef LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP
#define LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP 0
#endif
#ifndef LIBSPDM_ENABLE_CAPABILITY_CSR_CAP
#define LIBSPDM_ENABLE_CAPABILITY_CSR_CAP 0
#endif
#ifndef LIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP
#define LIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP 0
#endif
#ifndef LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP
#define LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP 0
#endif
/* If 1 then endpoint supports sending GET_CERTIFICATE and GET_DIGESTS requests.
* If enabled and endpoint is a Responder then LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP
* must also be enabled.
*/
#ifndef LIBSPDM_SEND_GET_CERTIFICATE_SUPPORT
#define LIBSPDM_SEND_GET_CERTIFICATE_SUPPORT 1
#endif
/* If 1 then endpoint supports sending CHALLENGE request.
* If enabled and endpoint is a Responder then LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP
* must also be enabled.
*/
#ifndef LIBSPDM_SEND_CHALLENGE_SUPPORT
#define LIBSPDM_SEND_CHALLENGE_SUPPORT 1
#endif
/* When LIBSPDM_RESPOND_IF_READY_SUPPORT is 0 then
* - For a Requester, if the Responder sends a ResponseNotReady ERROR response then the error
* is immediately returned to the Integrator. The Requester cannot send a RESPOND_IF_READY
* request.
* - For a Responder, it cannot send a RESPOND_IF_READY ERROR response and does not support
* RESPOND_IF_READY.
* When LIBSPDM_RESPOND_IF_READY_SUPPORT is 1 then
* - For a Requester, if the Responder sends a ResponseNotReady ERROR response then libspdm
* waits an amount of time, as specified by the RDTExponent parameter, before sending
* RESPOND_IF_READY.
* - For a Responder, if its response state is NOT_READY then it will send a ResponseNotReady
* ERROR response to the Requester, and will accept a subsequent RESPOND_IF_READY request.
*/
#ifndef LIBSPDM_RESPOND_IF_READY_SUPPORT
#define LIBSPDM_RESPOND_IF_READY_SUPPORT 1
#endif
/*
* MinDataTransferSize = 42
*
* H = HashLen = HmacLen = [32, 64]
* S = SigLen = [64, 512]
* D = ExchangeDataLen = [64, 512]
* R = RequesterContextLen >= 32
* R = ResponderContextLen >= 0
* O = OpaqueDataLen <= 1024
*
* Max Chunk No = 1, if (message size <= 42)
* Max Chunk No = [(message size + 4) / 30] roundup, if (message size > 42)
*
* +==========================+==========================================+=========+
* | Command | Size |MaxChunk |
* +==========================+==========================================+=========+
* | GET_VERSION | 4 | 1 |
* | VERSION {1.0, 1.1, 1.2} | 6 + 2 * 3 = 12 | 1 |
* +--------------------------+------------------------------------------+---------+
* | GET_CAPABILITIES 1.2 | 20 | 1 |
* | CAPABILITIES 1.2 | 20 | 1 |
* +--------------------------+------------------------------------------+---------+
* | ERROR | 4 | 1 |
* | ERROR(ResponseTooLarge) | 4 + 4 = 8 | 1 |
* | ERROR(LargeResponse) | 4 + 1 = 5 | 1 |
* | ERROR(ResponseNotReady) | 4 + 4 = 8 | 1 |
* +--------------------------+------------------------------------------+---------+
* | CHUNK_SEND header | 12 + L0 (0 or 4) | 1 |
* | CHUNK_RESPONSE header | 12 + L0 (0 or 4) | 1 |
* +==========================+==========================================+=========+
* | NEGOTIATE_ALGORITHMS 1.2 | 32 + 4 * 4 = 48 | 2 |
* | ALGORITHMS 1.2 | 36 + 4 * 4 = 52 | 2 |
* +--------------------------+------------------------------------------+---------+
* | GET_DIGESTS 1.2 | 4 | 1 |
* | DIGESTS 1.2 | 4 + H * SlotNum = [36, 516] | [1, 18] |
* +--------------------------+------------------------------------------+---------+
* | GET_CERTIFICATE 1.2 | 8 | 1 |
* | CERTIFICATE 1.2 | 8 + PortionLen | [1, ] |
* +--------------------------+------------------------------------------+---------+
* | CHALLENGE 1.2 | 40 | 1 |
* | CHALLENGE_AUTH 1.2 | 38 + H * 2 + S [+ O] = [166, 678] | [6, 23] |
* +--------------------------+------------------------------------------+---------+
* | GET_MEASUREMENTS 1.2 | 5 + Nonce (0 or 32) | 1 |
* | MEASUREMENTS 1.2 | 42 + MeasRecLen (+ S) [+ O] = [106, 554] | [4, 19] |
* +--------------------------+------------------------------------------+---------+
* | KEY_EXCHANGE 1.2 | 42 + D [+ O] = [106, 554] | [4, 19] |
* | KEY_EXCHANGE_RSP 1.2 | 42 + D + H + S (+ H) [+ O] = [234, 1194] | [8, 40] |
* +--------------------------+------------------------------------------+---------+
* | FINISH 1.2 | 4 (+ S) + H = [100, 580] | [4, 20] |
* | FINISH_RSP 1.2 | 4 (+ H) = [36, 69] | [1, 3] |
* +--------------------------+------------------------------------------+---------+
* | PSK_EXCHANGE 1.2 | 12 [+ PSKHint] + R [+ O] = 44 | 2 |
* | PSK_EXCHANGE_RSP 1.2 | 12 + R + H (+ H) [+ O] = [108, 172] | [4, 6] |
* +--------------------------+------------------------------------------+---------+
* | PSK_FINISH 1.2 | 4 + H = [36, 68] | [1, 3] |
* | PSK_FINISH_RSP 1.2 | 4 | 1 |
* +--------------------------+------------------------------------------+---------+
* | GET_CSR 1.2 | 8 + RequesterInfoLen [+ O] | [1, ] |
* | CSR 1.2 | 8 + CSRLength | [1, ] |
* +--------------------------+------------------------------------------+---------+
* | SET_CERTIFICATE 1.2 | 4 + CertChainLen | [1, ] |
* | SET_CERTIFICATE_RSP 1.2 | 4 | 1 |
* +==========================+==========================================+=========+
*/
/* Required sender/receive buffer in device io.
* NOTE: This is transport specific. Below configuration is just an example.
* +-------+--------+---------------------------+------+--+------+---+--------+-----+
* | TYPE |TransHdr| EncryptionHeader |AppHdr| |Random|MAC|AlignPad|FINAL|
* | | |SessionId|SeqNum|Len|AppLen| | | | | | |
* +-------+--------+---------------------------+------+ +------+---+--------+-----+
* | MCTP | 1 | 4 | 2 | 2 | 2 | 1 | | 32 | 12| 0 | 56 |
* |PCI_DOE| 8 | 4 | 0 | 2 | 2 | 0 | | 0 | 12| 3 | 31 |
* +-------+--------+---------------------------+------+--+------+---+--------+-----+
*/
/* Enable message logging.
* See https://github.com/DMTF/libspdm/blob/main/doc/user_guide.md#message-logging
* for more information */
#ifndef LIBSPDM_ENABLE_MSG_LOG
#define LIBSPDM_ENABLE_MSG_LOG 1
#endif
/* Enable macro checking during compilation. */
#ifndef LIBSPDM_CHECK_MACRO
#define LIBSPDM_CHECK_MACRO 0
#endif
/* Enable checks to the SPDM context during runtime. */
#ifndef LIBSPDM_CHECK_SPDM_CONTEXT
#define LIBSPDM_CHECK_SPDM_CONTEXT 1
#endif
#endif /* SPDM_LIB_CONFIG_H */

47
SecurityPkg/DeviceSecurity/SpdmLib/SpdmCommonLib.inf Normal file
View File

@@ -0,0 +1,47 @@
## @file
# SPDM library.
#
# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = SpdmCommonLib
FILE_GUID = 4D42800D-2197-46EC-8E04-6B41BFD60687
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = SpdmCommonLib
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources]
libspdm/library/spdm_common_lib/libspdm_com_context_data.c
libspdm/library/spdm_common_lib/libspdm_com_context_data_session.c
libspdm/library/spdm_common_lib/libspdm_com_crypto_service.c
libspdm/library/spdm_common_lib/libspdm_com_crypto_service_session.c
libspdm/library/spdm_common_lib/libspdm_com_opaque_data.c
libspdm/library/spdm_common_lib/libspdm_com_support.c
libspdm/library/spdm_common_lib/libspdm_com_msg_log.c
[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses]
BaseLib
BaseMemoryLib
DebugLib
BaseCryptLib
RngLib
SpdmCryptLib
SpdmDeviceSecretLib
MemLibWrapper
CryptlibWrapper

45
SecurityPkg/DeviceSecurity/SpdmLib/SpdmCryptLib.inf Normal file
View File

@@ -0,0 +1,45 @@
## @file
# SPDM library.
#
# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = SpdmCryptLib
FILE_GUID = 2FF3E7F6-D95A-48A2-B418-9B6D585C1D7E
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = SpdmCryptLib
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources]
libspdm/library/spdm_crypt_lib/libspdm_crypt_aead.c
libspdm/library/spdm_crypt_lib/libspdm_crypt_asym.c
libspdm/library/spdm_crypt_lib/libspdm_crypt_cert.c
libspdm/library/spdm_crypt_lib/libspdm_crypt_dhe.c
libspdm/library/spdm_crypt_lib/libspdm_crypt_hash.c
libspdm/library/spdm_crypt_lib/libspdm_crypt_hkdf.c
libspdm/library/spdm_crypt_lib/libspdm_crypt_hmac.c
libspdm/library/spdm_crypt_lib/libspdm_crypt_rng.c
[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses]
BaseLib
BaseMemoryLib
DebugLib
BaseCryptLib
RngLib
MemLibWrapper

36
SecurityPkg/DeviceSecurity/SpdmLib/SpdmDeviceSecretLibNull.inf Normal file
View File

@@ -0,0 +1,36 @@
## @file
# SPDM library.
#
# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = SpdmDeviceSecretLibNull
FILE_GUID = E2FFA5F9-CD19-4B63-AE3E-7EA288243EED
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = SpdmDeviceSecretLib
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources]
libspdm/os_stub/spdm_device_secret_lib_null/lib.c
[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses]
BaseLib
BaseMemoryLib
DebugLib
MemLibWrapper

59
SecurityPkg/DeviceSecurity/SpdmLib/SpdmRequesterLib.inf Normal file
View File

@@ -0,0 +1,59 @@
## @file
# SPDM library.
#
# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = SpdmRequesterLib
FILE_GUID = 8B6024A3-270A-410F-91AB-9E99F05C2A58
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = SpdmRequesterLib
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources]
libspdm/library/spdm_requester_lib/libspdm_req_challenge.c
libspdm/library/spdm_requester_lib/libspdm_req_common.c
libspdm/library/spdm_requester_lib/libspdm_req_communication.c
libspdm/library/spdm_requester_lib/libspdm_req_encap_certificate.c
libspdm/library/spdm_requester_lib/libspdm_req_encap_challenge_auth.c
libspdm/library/spdm_requester_lib/libspdm_req_encap_digests.c
libspdm/library/spdm_requester_lib/libspdm_req_encap_error.c
libspdm/library/spdm_requester_lib/libspdm_req_encap_key_update.c
libspdm/library/spdm_requester_lib/libspdm_req_encap_request.c
libspdm/library/spdm_requester_lib/libspdm_req_end_session.c
libspdm/library/spdm_requester_lib/libspdm_req_finish.c
libspdm/library/spdm_requester_lib/libspdm_req_get_capabilities.c
libspdm/library/spdm_requester_lib/libspdm_req_get_certificate.c
libspdm/library/spdm_requester_lib/libspdm_req_get_digests.c
libspdm/library/spdm_requester_lib/libspdm_req_get_measurements.c
libspdm/library/spdm_requester_lib/libspdm_req_get_version.c
libspdm/library/spdm_requester_lib/libspdm_req_handle_error_response.c
libspdm/library/spdm_requester_lib/libspdm_req_heartbeat.c
libspdm/library/spdm_requester_lib/libspdm_req_key_exchange.c
libspdm/library/spdm_requester_lib/libspdm_req_key_update.c
libspdm/library/spdm_requester_lib/libspdm_req_negotiate_algorithms.c
libspdm/library/spdm_requester_lib/libspdm_req_psk_exchange.c
libspdm/library/spdm_requester_lib/libspdm_req_psk_finish.c
libspdm/library/spdm_requester_lib/libspdm_req_send_receive.c
[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses]
SpdmCommonLib
SpdmSecuredMessageLib
PlatformLibWrapper
MemLibWrapper

61
SecurityPkg/DeviceSecurity/SpdmLib/SpdmResponderLib.inf Normal file
View File

@@ -0,0 +1,61 @@
## @file
# SPDM library.
#
# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = SpdmResponderLib
FILE_GUID = 9005B3A3-45F1-4DE9-93FF-2512D4B9CCFA
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = SpdmResponderLib
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources]
libspdm/library/spdm_responder_lib/libspdm_rsp_algorithms.c
libspdm/library/spdm_responder_lib/libspdm_rsp_capabilities.c
libspdm/library/spdm_responder_lib/libspdm_rsp_certificate.c
libspdm/library/spdm_responder_lib/libspdm_rsp_challenge_auth.c
libspdm/library/spdm_responder_lib/libspdm_rsp_common.c
libspdm/library/spdm_responder_lib/libspdm_rsp_communication.c
libspdm/library/spdm_responder_lib/libspdm_rsp_digests.c
libspdm/library/spdm_responder_lib/libspdm_rsp_encap_challenge.c
libspdm/library/spdm_responder_lib/libspdm_rsp_encap_get_certificate.c
libspdm/library/spdm_responder_lib/libspdm_rsp_encap_get_digests.c
libspdm/library/spdm_responder_lib/libspdm_rsp_encap_key_update.c
libspdm/library/spdm_responder_lib/libspdm_rsp_encap_response.c
libspdm/library/spdm_responder_lib/libspdm_rsp_end_session.c
libspdm/library/spdm_responder_lib/libspdm_rsp_error.c
libspdm/library/spdm_responder_lib/libspdm_rsp_finish.c
libspdm/library/spdm_responder_lib/libspdm_rsp_handle_response_state.c
libspdm/library/spdm_responder_lib/libspdm_rsp_heartbeat.c
libspdm/library/spdm_responder_lib/libspdm_rsp_key_exchange.c
libspdm/library/spdm_responder_lib/libspdm_rsp_key_update.c
libspdm/library/spdm_responder_lib/libspdm_rsp_measurements.c
libspdm/library/spdm_responder_lib/libspdm_rsp_psk_exchange.c
libspdm/library/spdm_responder_lib/libspdm_rsp_psk_finish.c
libspdm/library/spdm_responder_lib/libspdm_rsp_receive_send.c
libspdm/library/spdm_responder_lib/libspdm_rsp_respond_if_ready.c
libspdm/library/spdm_responder_lib/libspdm_rsp_version.c
libspdm/library/spdm_responder_lib/libspdm_rsp_csr.c
[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses]
SpdmCommonLib
SpdmSecuredMessageLib
PlatformLibWrapper
MemLibWrapper

44
SecurityPkg/DeviceSecurity/SpdmLib/SpdmSecuredMessageLib.inf Normal file
View File

@@ -0,0 +1,44 @@
## @file
# SPDM library.
#
# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = SpdmSecuredMessageLib
FILE_GUID = C5E91542-9B57-4BC4-988C-2DEB0B17D381
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = SpdmSecuredMessageLib
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources]
libspdm/library/spdm_secured_message_lib/libspdm_secmes_context_data.c
libspdm/library/spdm_secured_message_lib/libspdm_secmes_encode_decode.c
libspdm/library/spdm_secured_message_lib/libspdm_secmes_encode_decode.c
libspdm/library/spdm_secured_message_lib/libspdm_secmes_key_exchange.c
libspdm/library/spdm_secured_message_lib/libspdm_secmes_session.c
[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses]
BaseLib
BaseMemoryLib
DebugLib
BaseCryptLib
RngLib
SpdmCryptLib
SpdmDeviceSecretLib
MemLibWrapper

38
SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportMctpLib.inf Normal file
View File

@@ -0,0 +1,38 @@
## @file
# SPDM library.
#
# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = SpdmTransportMctpLib
FILE_GUID = C6ED3DB8-852A-40A8-8099-9D87D93669C4
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = SpdmTransportMctpLib
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources]
libspdm/library/spdm_transport_mctp_lib/libspdm_mctp_common.c
libspdm/library/spdm_transport_mctp_lib/libspdm_mctp_mctp.c
[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses]
BaseLib
BaseMemoryLib
DebugLib
SpdmSecuredMessageLib
MemLibWrapper

38
SecurityPkg/DeviceSecurity/SpdmLib/SpdmTransportPciDoeLib.inf Normal file
View File

@@ -0,0 +1,38 @@
## @file
# SPDM library.
#
# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = SpdmTransportPciDoeLib
FILE_GUID = 21094151-1A91-4261-8EB7-C94453491FF8
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = SpdmTransportPciDoeLib
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources]
libspdm/library/spdm_transport_pcidoe_lib/libspdm_doe_common.c
libspdm/library/spdm_transport_pcidoe_lib/libspdm_doe_pcidoe.c
[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses]
BaseLib
BaseMemoryLib
DebugLib
SpdmSecuredMessageLib
MemLibWrapper