1 /** 2 * Copyright Notice: 3 * Copyright 2021-2022 DMTF. All rights reserved. 4 * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md 5 **/ 6 7 /** @file 8 * Definitions of DSP0274 Security Protocol & data Model Specification (SPDM) 9 * version 1.2.0 in Distributed Management Task Force (DMTF). 10 **/ 11 12 #ifndef SPDM_H 13 #define SPDM_H 14 15 #pragma pack(1) 16 17 /* 3 means SPDM spec 1.0, 1.1, 1.2 */ 18 #define SPDM_MAX_VERSION_COUNT 3 19 #define SPDM_MAX_SLOT_COUNT 8 20 #define SPDM_MAX_OPAQUE_DATA_SIZE 1024 21 22 #define SPDM_NONCE_SIZE 32 23 #define SPDM_RANDOM_DATA_SIZE 32 24 25 /* SPDM response code (1.0) */ 26 #define SPDM_DIGESTS 0x01 27 #define SPDM_CERTIFICATE 0x02 28 #define SPDM_CHALLENGE_AUTH 0x03 29 #define SPDM_VERSION 0x04 30 #define SPDM_MEASUREMENTS 0x60 31 #define SPDM_CAPABILITIES 0x61 32 #define SPDM_ALGORITHMS 0x63 33 #define SPDM_VENDOR_DEFINED_RESPONSE 0x7E 34 #define SPDM_ERROR 0x7F 35 36 /* SPDM response code (1.1) */ 37 #define SPDM_KEY_EXCHANGE_RSP 0x64 38 #define SPDM_FINISH_RSP 0x65 39 #define SPDM_PSK_EXCHANGE_RSP 0x66 40 #define SPDM_PSK_FINISH_RSP 0x67 41 #define SPDM_HEARTBEAT_ACK 0x68 42 #define SPDM_KEY_UPDATE_ACK 0x69 43 #define SPDM_ENCAPSULATED_REQUEST 0x6A 44 #define SPDM_ENCAPSULATED_RESPONSE_ACK 0x6B 45 #define SPDM_END_SESSION_ACK 0x6C 46 47 /* SPDM response code (1.2) */ 48 #define SPDM_CSR 0x6D 49 #define SPDM_SET_CERTIFICATE_RSP 0x6E 50 #define SPDM_CHUNK_SEND_ACK 0x05 51 #define SPDM_CHUNK_RESPONSE 0x06 52 53 /* SPDM request code (1.0) */ 54 #define SPDM_GET_DIGESTS 0x81 55 #define SPDM_GET_CERTIFICATE 0x82 56 #define SPDM_CHALLENGE 0x83 57 #define SPDM_GET_VERSION 0x84 58 #define SPDM_GET_MEASUREMENTS 0xE0 59 #define SPDM_GET_CAPABILITIES 0xE1 60 #define SPDM_NEGOTIATE_ALGORITHMS 0xE3 61 #define SPDM_VENDOR_DEFINED_REQUEST 0xFE 62 #define SPDM_RESPOND_IF_READY 0xFF 63 64 /* SPDM request code (1.1) */ 65 #define SPDM_KEY_EXCHANGE 0xE4 66 #define SPDM_FINISH 0xE5 67 #define SPDM_PSK_EXCHANGE 0xE6 68 #define SPDM_PSK_FINISH 0xE7 69 #define SPDM_HEARTBEAT 0xE8 70 #define SPDM_KEY_UPDATE 0xE9 71 #define SPDM_GET_ENCAPSULATED_REQUEST 0xEA 72 #define SPDM_DELIVER_ENCAPSULATED_RESPONSE 0xEB 73 #define SPDM_END_SESSION 0xEC 74 75 /* SPDM request code (1.2) */ 76 #define SPDM_GET_CSR 0xED 77 #define SPDM_SET_CERTIFICATE 0xEE 78 #define SPDM_CHUNK_SEND 0x85 79 #define SPDM_CHUNK_GET 0x86 80 81 /* SPDM message header*/ 82 typedef struct { 83 uint8_t spdm_version; 84 uint8_t request_response_code; 85 uint8_t param1; 86 uint8_t param2; 87 } spdm_message_header_t; 88 89 #define SPDM_MESSAGE_VERSION_10 0x10 90 #define SPDM_MESSAGE_VERSION_11 0x11 91 #define SPDM_MESSAGE_VERSION_12 0x12 92 #define SPDM_MESSAGE_VERSION SPDM_MESSAGE_VERSION_10 93 94 /* SPDM GET_VERSION request */ 95 typedef struct { 96 spdm_message_header_t header; 97 /* param1 == RSVD 98 * param2 == RSVD*/ 99 } spdm_get_version_request_t; 100 101 102 /* SPDM GET_VERSION response */ 103 typedef struct { 104 spdm_message_header_t header; 105 /* param1 == RSVD 106 * param2 == RSVD*/ 107 uint8_t reserved; 108 uint8_t version_number_entry_count; 109 /*spdm_version_number_t version_number_entry[version_number_entry_count];*/ 110 } spdm_version_response_t; 111 112 /* SPDM VERSION structure 113 * bit[15:12] major_version 114 * bit[11:8] minor_version 115 * bit[7:4] update_version_number 116 * bit[3:0] alpha*/ 117 typedef uint16_t spdm_version_number_t; 118 #define SPDM_VERSION_NUMBER_SHIFT_BIT 8 119 120 #define SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT "dmtf-spdm-v1.2.*" 121 #define SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT_SIZE \ 122 (sizeof(SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) - 1) 123 #define SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE 100 124 125 /* SPDM GET_CAPABILITIES request */ 126 typedef struct { 127 spdm_message_header_t header; 128 /* param1 == RSVD 129 * param2 == RSVD 130 * Below field is added in 1.1.*/ 131 uint8_t reserved; 132 uint8_t ct_exponent; 133 uint16_t reserved2; 134 uint32_t flags; 135 /* Below field is added in 1.2.*/ 136 uint32_t data_transfer_size; 137 uint32_t max_spdm_msg_size; 138 } spdm_get_capabilities_request_t; 139 140 /* SPDM GET_CAPABILITIES response*/ 141 142 typedef struct { 143 spdm_message_header_t header; 144 /* param1 == RSVD 145 * param2 == RSVD*/ 146 uint8_t reserved; 147 uint8_t ct_exponent; 148 uint16_t reserved2; 149 uint32_t flags; 150 /* Below field is added in 1.2.*/ 151 uint32_t data_transfer_size; 152 uint32_t max_spdm_msg_size; 153 } spdm_capabilities_response_t; 154 155 #define SPDM_MIN_DATA_TRANSFER_SIZE_VERSION_12 42 156 157 /* SPDM GET_CAPABILITIES request flags (1.1) */ 158 #define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP 0x00000002 159 #define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHAL_CAP 0x00000004 160 #define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP 0x00000040 161 #define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP 0x00000080 162 #define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MUT_AUTH_CAP 0x00000100 163 #define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP 0x00000200 164 #define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP (0x00000400 | 0x00000800) 165 #define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP_REQUESTER 0x00000400 166 #define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCAP_CAP 0x00001000 167 #define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HBEAT_CAP 0x00002000 168 #define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP 0x00004000 169 #define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 170 #define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP 0x00010000 171 #define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_11_MASK ( \ 172 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP | \ 173 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHAL_CAP | \ 174 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP | \ 175 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP | \ 176 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MUT_AUTH_CAP | \ 177 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP | \ 178 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP | \ 179 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCAP_CAP | \ 180 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HBEAT_CAP | \ 181 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP | \ 182 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP | \ 183 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP) 184 185 /* SPDM GET_CAPABILITIES request flags (1.2) */ 186 #define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHUNK_CAP 0x00020000 187 #define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_12_MASK ( \ 188 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_11_MASK | \ 189 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHUNK_CAP) 190 191 /* SPDM GET_CAPABILITIES response flags (1.0) */ 192 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CACHE_CAP 0x00000001 193 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP 0x00000002 194 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP 0x00000004 195 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP (0x00000008 | 0x00000010) 196 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_NO_SIG 0x00000008 197 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG 0x00000010 198 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_FRESH_CAP 0x00000020 199 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_10_MASK ( \ 200 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CACHE_CAP | \ 201 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP | \ 202 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP | \ 203 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP | \ 204 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_FRESH_CAP) 205 206 /* SPDM GET_CAPABILITIES response flags (1.1) */ 207 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP 0x00000040 208 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP 0x00000080 209 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MUT_AUTH_CAP 0x00000100 210 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP 0x00000200 211 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP (0x00000400 | 0x00000800) 212 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP_RESPONDER 0x00000400 213 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP_RESPONDER_WITH_CONTEXT 0x00000800 214 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCAP_CAP 0x00001000 215 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HBEAT_CAP 0x00002000 216 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP 0x00004000 217 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 218 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP 0x00010000 219 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_11_MASK ( \ 220 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_10_MASK | \ 221 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP | \ 222 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP | \ 223 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MUT_AUTH_CAP | \ 224 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP | \ 225 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP | \ 226 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCAP_CAP | \ 227 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HBEAT_CAP | \ 228 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP | \ 229 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP | \ 230 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP) 231 232 /* SPDM GET_CAPABILITIES request flags (1.2) */ 233 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHUNK_CAP 0x00020000 234 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP 0x00040000 235 236 /* SPDM GET_CAPABILITIES response flags (1.2.1)*/ 237 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP 0x00080000 238 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CSR_CAP 0x00100000 239 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP 0x00200000 240 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_12_MASK ( \ 241 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_11_MASK | \ 242 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHUNK_CAP | \ 243 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP | \ 244 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP | \ 245 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CSR_CAP | \ 246 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP) 247 248 /* SPDM NEGOTIATE_ALGORITHMS request */ 249 typedef struct { 250 spdm_message_header_t header; 251 /* param1 == Number of Algorithms Structure Tables 252 * param2 == RSVD*/ 253 uint16_t length; 254 uint8_t measurement_specification; 255 /* other_params_support is added in 1.2. 256 * BIT[0:3]=opaque_data_format support, BIT[4:7]=reserved*/ 257 uint8_t other_params_support; 258 uint32_t base_asym_algo; 259 uint32_t base_hash_algo; 260 uint8_t reserved2[12]; 261 uint8_t ext_asym_count; 262 uint8_t ext_hash_count; 263 uint16_t reserved3; 264 /*spdm_extended_algorithm_t ext_asym[ext_asym_count]; 265 * spdm_extended_algorithm_t ext_hash[ext_hash_count]; 266 * Below field is added in 1.1. 267 * spdm_negotiate_algorithms_struct_table_t alg_struct[param1];*/ 268 } spdm_negotiate_algorithms_request_t; 269 270 #define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_LENGTH_VERSION_10 0x40 271 #define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_LENGTH_VERSION_11 0x80 272 #define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_LENGTH_VERSION_12 0x80 273 #define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_EXT_ALG_COUNT_VERSION_10 0x08 274 #define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_EXT_ALG_COUNT_VERSION_11 0x14 275 #define SPDM_NEGOTIATE_ALGORITHMS_REQUEST_MAX_EXT_ALG_COUNT_VERSION_12 0x14 276 277 typedef struct { 278 uint8_t alg_type; 279 uint8_t alg_count; /* BIT[0:3]=ext_alg_count, BIT[4:7]=fixed_alg_byte_count*/ 280 /*uint8_t alg_supported[fixed_alg_byte_count]; 281 * uint32_t alg_external[ext_alg_count];*/ 282 } spdm_negotiate_algorithms_struct_table_t; 283 284 #define SPDM_NEGOTIATE_ALGORITHMS_MAX_NUM_STRUCT_TABLE_ALG 4 285 #define SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_TYPE_DHE 2 286 #define SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_TYPE_AEAD 3 287 #define SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_TYPE_REQ_BASE_ASYM_ALG 4 288 #define SPDM_NEGOTIATE_ALGORITHMS_STRUCT_TABLE_ALG_TYPE_KEY_SCHEDULE 5 289 290 typedef struct { 291 uint8_t alg_type; 292 uint8_t alg_count; 293 uint16_t alg_supported; 294 } spdm_negotiate_algorithms_common_struct_table_t; 295 296 297 /* SPDM NEGOTIATE_ALGORITHMS request base_asym_algo/REQ_BASE_ASYM_ALG */ 298 #define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 0x00000001 299 #define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 0x00000002 300 #define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 0x00000004 301 #define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072 0x00000008 302 #define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 0x00000010 303 #define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 0x00000020 304 #define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096 0x00000040 305 #define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 0x00000080 306 #define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 0x00000100 307 308 /* SPDM NEGOTIATE_ALGORITHMS request base_asym_algo/REQ_BASE_ASYM_ALG (1.2) */ 309 #define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 0x00000200 310 #define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 0x00000400 311 #define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 0x00000800 312 313 /* SPDM NEGOTIATE_ALGORITHMS request base_hash_algo */ 314 #define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 0x00000001 315 #define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 0x00000002 316 #define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512 0x00000004 317 #define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 0x00000008 318 #define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 0x00000010 319 #define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 0x00000020 320 321 /* SPDM NEGOTIATE_ALGORITHMS request base_hash_algo (1.2) */ 322 #define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256 0x00000040 323 324 /* SPDM NEGOTIATE_ALGORITHMS request DHE */ 325 #define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_2048 0x00000001 326 #define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_3072 0x00000002 327 #define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_4096 0x00000004 328 #define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_256_R1 0x00000008 329 #define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_384_R1 0x00000010 330 #define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_521_R1 0x00000020 331 332 /* SPDM NEGOTIATE_ALGORITHMS request DHE (1.2) */ 333 #define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SM2_P256 0x00000040 334 335 /* SPDM NEGOTIATE_ALGORITHMS request AEAD */ 336 #define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM 0x00000001 337 #define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM 0x00000002 338 #define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305 0x00000004 339 340 /* SPDM NEGOTIATE_ALGORITHMS request AEAD (1.2) */ 341 #define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM 0x00000008 342 343 /* SPDM NEGOTIATE_ALGORITHMS request KEY_SCHEDULE */ 344 #define SPDM_ALGORITHMS_KEY_SCHEDULE_HMAC_HASH 0x00000001 345 346 /* SPDM NEGOTIATE_ALGORITHMS response */ 347 typedef struct { 348 spdm_message_header_t header; 349 /* param1 == Number of Algorithms Structure Tables 350 * param2 == RSVD*/ 351 uint16_t length; 352 uint8_t measurement_specification_sel; 353 /* other_params_selection is added in 1.2. 354 * BIT[0:3]=opaque_data_format select, BIT[4:7]=reserved*/ 355 uint8_t other_params_selection; 356 uint32_t measurement_hash_algo; 357 uint32_t base_asym_sel; 358 uint32_t base_hash_sel; 359 uint8_t reserved2[12]; 360 uint8_t ext_asym_sel_count; 361 uint8_t ext_hash_sel_count; 362 uint16_t reserved3; 363 /*spdm_extended_algorithm_t ext_asym_sel[ext_asym_sel_count]; 364 * spdm_extended_algorithm_t ext_hash_sel[ext_hash_sel_count]; 365 * Below field is added in 1.1. 366 * spdm_negotiate_algorithms_struct_table_t alg_struct[param1];*/ 367 } spdm_algorithms_response_t; 368 369 /* SPDM NEGOTIATE_ALGORITHMS response measurement_hash_algo */ 370 #define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_RAW_BIT_STREAM_ONLY 0x00000001 371 #define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_256 0x00000002 372 #define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_384 0x00000004 373 #define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA_512 0x00000008 374 #define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA3_256 0x00000010 375 #define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA3_384 0x00000020 376 #define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SHA3_512 0x00000040 377 378 /* SPDM NEGOTIATE_ALGORITHMS response measurement_hash_algo (1.2) */ 379 #define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SM3_256 0x00000080 380 381 /* SPDM Opaque Data Format (1.2) */ 382 #define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_NONE 0x0 383 #define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_0 0x1 384 #define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1 0x2 385 #define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK 0xF 386 387 /* SPDM Opaque Data Format 1 (1.2) */ 388 typedef struct { 389 uint8_t total_elements; 390 uint8_t reserved[3]; 391 /*opaque_element_table_t opaque_list[];*/ 392 } spdm_general_opaque_data_table_header_t; 393 394 /* SPDM extended algorithm */ 395 typedef struct { 396 uint8_t registry_id; 397 uint8_t reserved; 398 uint16_t algorithm_id; 399 } spdm_extended_algorithm_t; 400 401 /* SPDM registry_id */ 402 #define SPDM_REGISTRY_ID_DMTF 0x0 403 #define SPDM_REGISTRY_ID_TCG 0x1 404 #define SPDM_REGISTRY_ID_USB 0x2 405 #define SPDM_REGISTRY_ID_PCISIG 0x3 406 #define SPDM_REGISTRY_ID_IANA 0x4 407 #define SPDM_REGISTRY_ID_HDBASET 0x5 408 #define SPDM_REGISTRY_ID_MIPI 0x6 409 #define SPDM_REGISTRY_ID_CXL 0x7 410 #define SPDM_REGISTRY_ID_JEDEC 0x8 411 #define SPDM_REGISTRY_ID_VESA 0x9 412 #define SPDM_REGISTRY_ID_IANA_CBOR 0xa 413 #define SPDM_REGISTRY_ID_MAX 0xa 414 415 /* SPDM GET_DIGESTS request */ 416 typedef struct { 417 spdm_message_header_t header; 418 /* param1 == RSVD 419 * param2 == RSVD*/ 420 } spdm_get_digest_request_t; 421 422 /* SPDM GET_DIGESTS response */ 423 typedef struct { 424 spdm_message_header_t header; 425 /* param1 == RSVD 426 * param2 == slot_mask 427 * uint8_t digest[digest_size][slot_count];*/ 428 } spdm_digest_response_t; 429 430 431 /* SPDM GET_CERTIFICATE request */ 432 typedef struct { 433 spdm_message_header_t header; 434 /* param1 == BIT[0:3]=slot_id, BIT[4:7]=RSVD 435 * param2 == RSVD*/ 436 uint16_t offset; 437 uint16_t length; 438 } spdm_get_certificate_request_t; 439 440 #define SPDM_GET_CERTIFICATE_REQUEST_SLOT_ID_MASK 0xF 441 442 /* SPDM GET_CERTIFICATE response */ 443 typedef struct { 444 spdm_message_header_t header; 445 /* param1 == BIT[0:3]=slot_id, BIT[4:7]=RSVD 446 * param2 == RSVD*/ 447 uint16_t portion_length; 448 uint16_t remainder_length; 449 /*uint8_t cert_chain[portion_length];*/ 450 } spdm_certificate_response_t; 451 452 #define SPDM_CERTIFICATE_RESPONSE_SLOT_ID_MASK 0xF 453 typedef struct { 454 /* Total length of the certificate chain, in bytes, 455 * including all fields in this table.*/ 456 457 uint16_t length; 458 uint16_t reserved; 459 460 /* digest of the Root Certificate. 461 * Note that Root Certificate is ASN.1 DER-encoded for this digest. 462 * The hash size is determined by the SPDM device.*/ 463 464 /*uint8_t root_hash[hash_size];*/ 465 466 /* One or more ASN.1 DER-encoded X509v3 certificates where the first certificate is signed by the Root 467 * Certificate or is the Root Certificate itself and each subsequent certificate is signed by the preceding 468 * certificate. The last certificate is the Leaf Certificate.*/ 469 470 /*uint8_t certificates[length - 4 - hash_size];*/ 471 } spdm_cert_chain_t; 472 473 /* Maximum size, in bytes, of a certificate chain. */ 474 #define SPDM_MAX_CERTIFICATE_CHAIN_SIZE 65535 475 476 /* SPDM CHALLENGE request */ 477 typedef struct { 478 spdm_message_header_t header; 479 /* param1 == slot_id 480 * param2 == HashType*/ 481 uint8_t nonce[32]; 482 } spdm_challenge_request_t; 483 484 /* SPDM CHALLENGE response */ 485 typedef struct { 486 spdm_message_header_t header; 487 /* param1 == ResponseAttribute, BIT[0:3]=slot_id, BIT[4:6]=RSVD, BIT[7]=basic_mut_auth(deprecated in 1.2) 488 * param2 == slot_mask 489 * uint8_t cert_chain_hash[digest_size]; 490 * uint8_t nonce[32]; 491 * uint8_t measurement_summary_hash[digest_size]; 492 * uint16_t opaque_length; 493 * uint8_t opaque_data[opaque_length]; 494 * uint8_t signature[key_size];*/ 495 } spdm_challenge_auth_response_t; 496 497 /* SPDM generic request measurement summary HashType */ 498 #define SPDM_REQUEST_NO_MEASUREMENT_SUMMARY_HASH 0 499 #define SPDM_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH 1 500 #define SPDM_REQUEST_ALL_MEASUREMENTS_HASH 0xFF 501 502 /* SPDM CHALLENGE request measurement summary HashType */ 503 #define SPDM_CHALLENGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH SPDM_REQUEST_NO_MEASUREMENT_SUMMARY_HASH 504 #define SPDM_CHALLENGE_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH \ 505 SPDM_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH 506 #define SPDM_CHALLENGE_REQUEST_ALL_MEASUREMENTS_HASH SPDM_REQUEST_ALL_MEASUREMENTS_HASH 507 508 #define SPDM_CHALLENGE_AUTH_RESPONSE_ATTRIBUTE_SLOT_ID_MASK 0xF 509 #define SPDM_CHALLENGE_AUTH_RESPONSE_ATTRIBUTE_BASIC_MUT_AUTH_REQ 0x00000080 /* Deprecated in SPDM 1.2*/ 510 511 #define SPDM_CHALLENGE_AUTH_SIGN_CONTEXT "responder-challenge_auth signing" 512 #define SPDM_CHALLENGE_AUTH_SIGN_CONTEXT_SIZE (sizeof(SPDM_CHALLENGE_AUTH_SIGN_CONTEXT) - 1) 513 #define SPDM_MUT_CHALLENGE_AUTH_SIGN_CONTEXT "requester-challenge_auth signing" 514 #define SPDM_MUT_CHALLENGE_AUTH_SIGN_CONTEXT_SIZE (sizeof(SPDM_MUT_CHALLENGE_AUTH_SIGN_CONTEXT) - 1) 515 516 /* SPDM GET_MEASUREMENTS request */ 517 typedef struct { 518 spdm_message_header_t header; 519 /* param1 == Attributes 520 * param2 == measurement_operation*/ 521 uint8_t nonce[32]; 522 /* Below field is added in 1.1.*/ 523 uint8_t slot_id_param; /* BIT[0:3]=slot_id, BIT[4:7]=RSVD*/ 524 } spdm_get_measurements_request_t; 525 526 #define SPDM_GET_MEASUREMENTS_REQUEST_SLOT_ID_MASK 0xF 527 528 /* SPDM GET_MEASUREMENTS request Attributes */ 529 #define SPDM_GET_MEASUREMENTS_REQUEST_ATTRIBUTES_GENERATE_SIGNATURE 0x00000001 530 #define SPDM_GET_MEASUREMENTS_REQUEST_ATTRIBUTES_RAW_BIT_STREAM_REQUESTED 0x00000002 531 532 /* SPDM GET_MEASUREMENTS request measurement_operation */ 533 #define SPDM_GET_MEASUREMENTS_REQUEST_MEASUREMENT_OPERATION_TOTAL_NUMBER_OF_MEASUREMENTS 0 534 535 /*SPDM_GET_MEASUREMENTS_REQUEST_MEASUREMENT_OPERATION_INDEX */ 536 #define SPDM_GET_MEASUREMENTS_REQUEST_MEASUREMENT_OPERATION_ALL_MEASUREMENTS 0xFF 537 538 539 /* SPDM MEASUREMENTS block common header */ 540 typedef struct { 541 uint8_t index; 542 uint8_t measurement_specification; 543 uint16_t measurement_size; 544 /*uint8_t measurement[measurement_size];*/ 545 } spdm_measurement_block_common_header_t; 546 547 #define SPDM_MEASUREMENT_SPECIFICATION_DMTF 0x01 548 549 /* SPDM MEASUREMENTS block DMTF header */ 550 typedef struct { 551 uint8_t dmtf_spec_measurement_value_type; 552 uint16_t dmtf_spec_measurement_value_size; 553 /*uint8_t Dmtf_spec_measurement_value[dmtf_spec_measurement_value_size];*/ 554 } spdm_measurement_block_dmtf_header_t; 555 556 typedef struct { 557 spdm_measurement_block_common_header_t measurement_block_common_header; 558 spdm_measurement_block_dmtf_header_t measurement_block_dmtf_header; 559 /*uint8_t hash_value[hash_size];*/ 560 } spdm_measurement_block_dmtf_t; 561 562 /* SPDM MEASUREMENTS block MeasurementValueType */ 563 #define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_IMMUTABLE_ROM 0 564 #define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MUTABLE_FIRMWARE 1 565 #define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_HARDWARE_CONFIGURATION 2 566 #define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_FIRMWARE_CONFIGURATION 3 567 #define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MEASUREMENT_MANIFEST 4 568 #define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_DEVICE_MODE 5 569 #define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_VERSION 6 570 #define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_SECURE_VERSION_NUMBER 7 571 #define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MASK 0x7 572 #define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_RAW_BIT_STREAM 0x00000080 573 574 /* SPDM MEASUREMENTS block index */ 575 #define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_INDEX_MEASUREMENT_MANIFEST 0xFD 576 #define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_INDEX_DEVICE_MODE 0xFE 577 578 /* SPDM MEASUREMENTS device mode */ 579 typedef struct { 580 uint32_t operational_mode_capabilities; 581 uint32_t operational_mode_state; 582 uint32_t device_mode_capabilities; 583 uint32_t device_mode_state; 584 } spdm_measurements_device_mode_t; 585 586 #define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_MANUFACTURING_MODE 0x00000001 587 #define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_VALIDATION_MODE 0x00000002 588 #define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_NORMAL_MODE 0x00000004 589 #define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_RECOVERY_MODE 0x00000008 590 #define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_RMA_MODE 0x00000010 591 #define SPDM_MEASUREMENT_DEVICE_OPERATION_MODE_DECOMMISSIONED_MODE 0x00000020 592 593 #define SPDM_MEASUREMENT_DEVICE_MODE_NON_INVASIVE_DEBUG_MODE_IS_ACTIVE 0x00000001 594 #define SPDM_MEASUREMENT_DEVICE_MODE_INVASIVE_DEBUG_MODE_IS_ACTIVE 0x00000002 595 #define SPDM_MEASUREMENT_DEVICE_MODE_NON_INVASIVE_DEBUG_MODE_HAS_BEEN_ACTIVE 0x00000004 596 #define SPDM_MEASUREMENT_DEVICE_MODE_INVASIVE_DEBUG_MODE_HAS_BEEN_ACTIVE 0x00000008 597 #define SPDM_MEASUREMENT_DEVICE_MODE_INVASIVE_DEBUG_MODE_HAS_BEEN_ACTIVE_AFTER_MFG 0x00000010 598 599 /* SPDM MEASUREMENTS SVN */ 600 typedef uint64_t spdm_measurements_secure_version_number_t; 601 602 /* SPDM GET_MEASUREMENTS response */ 603 typedef struct { 604 spdm_message_header_t header; 605 /* param1 == TotalNumberOfMeasurement/RSVD 606 * param2 == BIT[0:3]=slot_id, BIT[4:5]=content changed, BIT[6:7]=RSVD*/ 607 uint8_t number_of_blocks; 608 uint8_t measurement_record_length[3]; 609 /*uint8_t measurement_record[measurement_record_length]; 610 * uint8_t nonce[32]; 611 * uint16_t opaque_length; 612 * uint8_t opaque_data[opaque_length]; 613 * uint8_t signature[key_size];*/ 614 } spdm_measurements_response_t; 615 616 #define SPDM_MEASUREMENTS_RESPONSE_SLOT_ID_MASK 0xF 617 618 /* SPDM MEASUREMENTS content changed */ 619 #define SPDM_MEASUREMENTS_RESPONSE_CONTENT_CHANGE_MASK 0x30 620 #define SPDM_MEASUREMENTS_RESPONSE_CONTENT_CHANGE_NO_DETECTION 0x00 621 #define SPDM_MEASUREMENTS_RESPONSE_CONTENT_CHANGE_DETECTED 0x10 622 #define SPDM_MEASUREMENTS_RESPONSE_CONTENT_NO_CHANGE_DETECTED 0x20 623 624 #define SPDM_MEASUREMENTS_SIGN_CONTEXT "responder-measurements signing" 625 #define SPDM_MEASUREMENTS_SIGN_CONTEXT_SIZE (sizeof(SPDM_MEASUREMENTS_SIGN_CONTEXT) - 1) 626 627 /* SPDM ERROR response */ 628 typedef struct { 629 spdm_message_header_t header; 630 /* param1 == Error Code 631 * param2 == Error data 632 * uint8_t extended_error_data[32];*/ 633 } spdm_error_response_t; 634 635 #define SPDM_EXTENDED_ERROR_DATA_MAX_SIZE 32 636 637 /* SPDM error code */ 638 #define SPDM_ERROR_CODE_INVALID_REQUEST 0x01 639 #define SPDM_ERROR_CODE_BUSY 0x03 640 #define SPDM_ERROR_CODE_UNEXPECTED_REQUEST 0x04 641 #define SPDM_ERROR_CODE_UNSPECIFIED 0x05 642 #define SPDM_ERROR_CODE_UNSUPPORTED_REQUEST 0x07 643 #define SPDM_ERROR_CODE_VERSION_MISMATCH 0x41 644 #define SPDM_ERROR_CODE_RESPONSE_NOT_READY 0x42 645 #define SPDM_ERROR_CODE_REQUEST_RESYNCH 0x43 646 #define SPDM_ERROR_CODE_VENDOR_DEFINED 0xFF 647 648 /* SPDM error code (1.1) */ 649 #define SPDM_ERROR_CODE_DECRYPT_ERROR 0x06 650 #define SPDM_ERROR_CODE_REQUEST_IN_FLIGHT 0x08 651 #define SPDM_ERROR_CODE_INVALID_RESPONSE_CODE 0x09 652 #define SPDM_ERROR_CODE_SESSION_LIMIT_EXCEEDED 0x0A 653 654 /* SPDM error code (1.2) */ 655 #define SPDM_ERROR_CODE_SESSION_REQUIRED 0x0B 656 #define SPDM_ERROR_CODE_RESET_REQUIRED 0x0C 657 #define SPDM_ERROR_CODE_RESPONSE_TOO_LARGE 0x0D 658 #define SPDM_ERROR_CODE_REQUEST_TOO_LARGE 0x0E 659 #define SPDM_ERROR_CODE_LARGE_RESPONSE 0x0F 660 #define SPDM_ERROR_CODE_MESSAGE_LOST 0x10 661 662 /* SPDM ResponseNotReady extended data */ 663 typedef struct { 664 uint8_t rd_exponent; 665 uint8_t request_code; 666 uint8_t token; 667 uint8_t rd_tm; 668 } spdm_error_data_response_not_ready_t; 669 670 typedef struct { 671 spdm_message_header_t header; 672 /* param1 == Error Code 673 * param2 == Error data*/ 674 spdm_error_data_response_not_ready_t extend_error_data; 675 } spdm_error_response_data_response_not_ready_t; 676 677 /* SPDM LargeResponse extended data */ 678 typedef struct { 679 uint8_t handle; 680 } spdm_error_data_large_response_t; 681 682 typedef struct { 683 spdm_message_header_t header; 684 /* param1 == Error Code 685 * param2 == Error data*/ 686 spdm_error_data_large_response_t extend_error_data; 687 } spdm_error_response_large_response_t; 688 689 /* SPDM RESPONSE_IF_READY request */ 690 typedef struct { 691 spdm_message_header_t header; 692 /* param1 == request_code 693 * param2 == token*/ 694 } spdm_response_if_ready_request_t; 695 696 /* SPDM VENDOR_DEFINED request */ 697 typedef struct { 698 spdm_message_header_t header; 699 /* param1 == RSVD 700 * param2 == RSVD*/ 701 uint16_t standard_id; 702 uint8_t len; 703 /*uint8_t vendor_id[len]; 704 * uint16_t payload_length; 705 * uint8_t vendor_defined_payload[payload_length];*/ 706 } spdm_vendor_defined_request_msg_t; 707 708 /* SPDM VENDOR_DEFINED response */ 709 typedef struct { 710 spdm_message_header_t header; 711 /* param1 == RSVD 712 * param2 == RSVD*/ 713 uint16_t standard_id; 714 uint8_t len; 715 /*uint8_t vendor_id[len]; 716 * uint16_t payload_length; 717 * uint8_t vendor_defined_payload[payload_length];*/ 718 } spdm_vendor_defined_response_msg_t; 719 720 /* Below command is defined in SPDM 1.1 */ 721 722 /* SPDM KEY_EXCHANGE request */ 723 typedef struct { 724 spdm_message_header_t header; 725 /* param1 == HashType 726 * param2 == slot_id*/ 727 uint16_t req_session_id; 728 /* session_policy is added in 1.2.*/ 729 uint8_t session_policy; 730 uint8_t reserved; 731 uint8_t random_data[32]; 732 /*uint8_t exchange_data[D]; 733 * uint16_t opaque_length; 734 * uint8_t opaque_data[opaque_length];*/ 735 } spdm_key_exchange_request_t; 736 737 /* SPDM KEY_EXCHANGE request session_policy */ 738 #define SPDM_KEY_EXCHANGE_REQUEST_SESSION_POLICY_TERMINATION_POLICY_RUNTIME_UPDATE 0x00000001 739 740 /* SPDM KEY_EXCHANGE request measurement summary HashType */ 741 #define SPDM_KEY_EXCHANGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH \ 742 SPDM_REQUEST_NO_MEASUREMENT_SUMMARY_HASH 743 #define SPDM_KEY_EXCHANGE_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH \ 744 SPDM_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH 745 #define SPDM_KEY_EXCHANGE_REQUEST_ALL_MEASUREMENTS_HASH SPDM_REQUEST_ALL_MEASUREMENTS_HASH 746 747 /* SPDM KEY_EXCHANGE response */ 748 typedef struct { 749 spdm_message_header_t header; 750 /* param1 == heartbeat_period 751 * param2 == RSVD*/ 752 uint16_t rsp_session_id; 753 uint8_t mut_auth_requested; 754 uint8_t req_slot_id_param; 755 uint8_t random_data[32]; 756 /*uint8_t exchange_data[D]; 757 * uint8_t measurement_summary_hash[digest_size]; 758 * uint16_t opaque_length; 759 * uint8_t opaque_data[opaque_length]; 760 * uint8_t signature[S]; 761 * uint8_t verify_data[H];*/ 762 } spdm_key_exchange_response_t; 763 764 /* SPDM KEY_EXCHANGE response mut_auth_requested */ 765 #define SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED 0x00000001 766 #define SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST 0x00000002 767 #define SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_GET_DIGESTS 0x00000004 768 769 #define SPDM_KEY_EXCHANGE_RESPONSE_SIGN_CONTEXT "responder-key_exchange_rsp signing" 770 #define SPDM_KEY_EXCHANGE_RESPONSE_SIGN_CONTEXT_SIZE \ 771 (sizeof(SPDM_KEY_EXCHANGE_RESPONSE_SIGN_CONTEXT) - 1) 772 773 #define SPDM_VERSION_1_2_KEY_EXCHANGE_REQUESTER_CONTEXT "Requester-KEP-dmtf-spdm-v1.2" 774 #define SPDM_VERSION_1_2_KEY_EXCHANGE_REQUESTER_CONTEXT_SIZE \ 775 (sizeof(SPDM_VERSION_1_2_KEY_EXCHANGE_REQUESTER_CONTEXT) - 1) 776 777 #define SPDM_VERSION_1_2_KEY_EXCHANGE_RESPONDER_CONTEXT "Responder-KEP-dmtf-spdm-v1.2" 778 #define SPDM_VERSION_1_2_KEY_EXCHANGE_RESPONDER_CONTEXT_SIZE \ 779 (sizeof(SPDM_VERSION_1_2_KEY_EXCHANGE_RESPONDER_CONTEXT) - 1) 780 781 /* SPDM FINISH request */ 782 typedef struct { 783 spdm_message_header_t header; 784 /* param1 == signature_included 785 * param2 == req_slot_id 786 * uint8_t signature[S]; 787 * uint8_t verify_data[H];*/ 788 } spdm_finish_request_t; 789 790 /* SPDM FINISH request signature_included */ 791 #define SPDM_FINISH_REQUEST_ATTRIBUTES_SIGNATURE_INCLUDED 0x00000001 792 793 /* SPDM FINISH response */ 794 typedef struct { 795 spdm_message_header_t header; 796 /* param1 == RSVD 797 * param2 == RSVD 798 * uint8_t verify_data[H];*/ 799 } spdm_finish_response_t; 800 801 #define SPDM_FINISH_SIGN_CONTEXT "requester-finish signing" 802 #define SPDM_FINISH_SIGN_CONTEXT_SIZE (sizeof(SPDM_FINISH_SIGN_CONTEXT) - 1) 803 804 /* SPDM PSK_EXCHANGE request */ 805 typedef struct { 806 spdm_message_header_t header; 807 /* param1 == HashType 808 * param2 == RSVD/session_policy (1.2)*/ 809 uint16_t req_session_id; 810 uint16_t psk_hint_length; 811 uint16_t context_length; 812 uint16_t opaque_length; 813 /*uint8_t psk_hint[psk_hint_length]; 814 * uint8_t context[context_length]; 815 * uint8_t opaque_data[opaque_length];*/ 816 } spdm_psk_exchange_request_t; 817 818 /* SPDM PSK_EXCHANGE request measurement summary HashType */ 819 #define SPDM_PSK_EXCHANGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH \ 820 SPDM_REQUEST_NO_MEASUREMENT_SUMMARY_HASH 821 #define SPDM_PSK_EXCHANGE_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH \ 822 SPDM_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH 823 #define SPDM_PSK_EXCHANGE_REQUEST_ALL_MEASUREMENTS_HASH SPDM_REQUEST_ALL_MEASUREMENTS_HASH 824 825 /* SPDM PSK_EXCHANGE response */ 826 typedef struct { 827 spdm_message_header_t header; 828 /* param1 == heartbeat_period 829 * param2 == RSVD*/ 830 uint16_t rsp_session_id; 831 uint16_t reserved; 832 uint16_t context_length; 833 uint16_t opaque_length; 834 /*uint8_t measurement_summary_hash[digest_size]; 835 * uint8_t context[context_length]; 836 * uint8_t opaque_data[opaque_length]; 837 * uint8_t verify_data[H];*/ 838 } spdm_psk_exchange_response_t; 839 840 /* SPDM PSK_FINISH request */ 841 typedef struct { 842 spdm_message_header_t header; 843 /* param1 == RSVD 844 * param2 == RSVD 845 * uint8_t verify_data[H];*/ 846 } spdm_psk_finish_request_t; 847 848 /* SPDM PSK_FINISH response */ 849 typedef struct { 850 spdm_message_header_t header; 851 /* param1 == RSVD 852 * param2 == RSVD*/ 853 } spdm_psk_finish_response_t; 854 855 856 /* SPDM HEARTBEAT request */ 857 typedef struct { 858 spdm_message_header_t header; 859 /* param1 == RSVD 860 * param2 == RSVD*/ 861 } spdm_heartbeat_request_t; 862 863 /* SPDM HEARTBEAT response */ 864 typedef struct { 865 spdm_message_header_t header; 866 /* param1 == RSVD 867 * param2 == RSVD*/ 868 } spdm_heartbeat_response_t; 869 870 /* SPDM KEY_UPDATE request */ 871 typedef struct { 872 spdm_message_header_t header; 873 /* param1 == key_operation 874 * param2 == tag*/ 875 } spdm_key_update_request_t; 876 877 /* SPDM KEY_UPDATE Operations table */ 878 #define SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY 1 879 #define SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS 2 880 #define SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY 3 881 882 /* SPDM KEY_UPDATE response */ 883 typedef struct { 884 spdm_message_header_t header; 885 /* param1 == key_operation 886 * param2 == tag*/ 887 } spdm_key_update_response_t; 888 889 /* SPDM GET_ENCAPSULATED_REQUEST request */ 890 typedef struct { 891 spdm_message_header_t header; 892 /* param1 == RSVD 893 * param2 == RSVD*/ 894 } spdm_get_encapsulated_request_request_t; 895 896 /* SPDM ENCAPSULATED_REQUEST response */ 897 typedef struct { 898 spdm_message_header_t header; 899 /* param1 == request_id 900 * param2 == RSVD 901 * uint8_t encapsulated_request[];*/ 902 } spdm_encapsulated_request_response_t; 903 904 /* SPDM DELIVER_ENCAPSULATED_RESPONSE request */ 905 typedef struct { 906 spdm_message_header_t header; 907 /* param1 == request_id 908 * param2 == RSVD 909 * uint8_t encapsulated_response[];*/ 910 } spdm_deliver_encapsulated_response_request_t; 911 912 /* SPDM ENCAPSULATED_RESPONSE_ACK response */ 913 typedef struct { 914 spdm_message_header_t header; 915 /* param1 == request_id 916 * param2 == payload_type*/ 917 918 /* below 4 bytes are added in 1.2.*/ 919 uint8_t ack_request_id; 920 uint8_t reserved[3]; 921 922 /*uint8_t encapsulated_request[];*/ 923 } spdm_encapsulated_response_ack_response_t; 924 925 /* SPDM ENCAPSULATED_RESPONSE_ACK_RESPONSE payload Type */ 926 #define SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE_PAYLOAD_TYPE_ABSENT 0 927 #define SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE_PAYLOAD_TYPE_PRESENT 1 928 #define SPDM_ENCAPSULATED_RESPONSE_ACK_RESPONSE_PAYLOAD_TYPE_REQ_SLOT_NUMBER 2 929 930 /* SPDM END_SESSION request */ 931 typedef struct { 932 spdm_message_header_t header; 933 /* param1 == end_session_request_attributes 934 * param2 == RSVD*/ 935 } spdm_end_session_request_t; 936 937 /* SPDM END_SESSION request Attributes */ 938 #define SPDM_END_SESSION_REQUEST_ATTRIBUTES_PRESERVE_NEGOTIATED_STATE_CLEAR 0x00000001 939 940 /* SPDM END_SESSION response */ 941 typedef struct { 942 spdm_message_header_t header; 943 /* param1 == RSVD 944 * param2 == RSVD*/ 945 } spdm_end_session_response_t; 946 947 /* SPDM SET_CERTIFICATE request */ 948 typedef struct { 949 spdm_message_header_t header; 950 /* param1 == BIT[0:3]=slot_id, BIT[4:7]=RSVD 951 * param2 == RSVD 952 * void * cert_chain*/ 953 } spdm_set_certificate_request_t; 954 955 /* SPDM SET_CERTIFICATE_RSP response */ 956 typedef struct { 957 spdm_message_header_t header; 958 /* param1 == BIT[0:3]=slot_id, BIT[4:7]=RSVD 959 * param2 == RSVD*/ 960 } spdm_set_certificate_response_t; 961 962 /* SPDM GET_CSR request */ 963 typedef struct { 964 spdm_message_header_t header; 965 /* param1 == RSVD 966 * param2 == RSVD*/ 967 uint16_t requester_info_length; 968 uint16_t opaque_data_length; 969 /* uint8_t RequesterInfo[requester_info_length]; 970 * uint8_t opaque_data[opaque_data_length]; */ 971 } spdm_get_csr_request_t; 972 973 /* Maximum size, in bytes, of a CSR. */ 974 #define SPDM_MAX_CSR_SIZE 65535 975 976 /* SPDM CSR response */ 977 typedef struct { 978 spdm_message_header_t header; 979 /* param1 == RSVD 980 * param2 == RSVD*/ 981 uint16_t csr_length; 982 uint16_t reserved; 983 } spdm_csr_response_t; 984 985 /* SPDM CHUNK_SEND request */ 986 typedef struct { 987 spdm_message_header_t header; 988 /* param1 - Request Attributes 989 * param2 - Handle */ 990 uint16_t chunk_seq_no; 991 uint16_t reserved; 992 uint32_t chunk_size; 993 994 /* uint32_t large_message_size; 995 * uint8_t spdm_chunk[chunk_size]; */ 996 } spdm_chunk_send_request_t; 997 998 #define SPDM_CHUNK_SEND_REQUEST_ATTRIBUTE_LAST_CHUNK (1 << 0) 999 1000 /* SPDM CHUNK_SEND_ACK response */ 1001 typedef struct { 1002 spdm_message_header_t header; 1003 /* param1 - Response Attributes 1004 * param2 - Handle */ 1005 uint16_t chunk_seq_no; 1006 /* uint8_t response_to_large_request[variable] */ 1007 } spdm_chunk_send_ack_response_t; 1008 1009 #define SPDM_CHUNK_SEND_ACK_RESPONSE_ATTRIBUTE_EARLY_ERROR_DETECTED (1 << 0) 1010 1011 /* SPDM CHUNK_GET request */ 1012 typedef struct { 1013 spdm_message_header_t header; 1014 /* param1 - Reserved 1015 * param2 - Handle */ 1016 uint16_t chunk_seq_no; 1017 } spdm_chunk_get_request_t; 1018 1019 /* SPDM CHUNK_RESPONSE response */ 1020 typedef struct { 1021 spdm_message_header_t header; 1022 /* param1 - Response Attributes 1023 * param2 - Handle */ 1024 uint16_t chunk_seq_no; 1025 uint16_t reserved; 1026 uint32_t chunk_size; 1027 1028 /* uint32_t large_message_size; 1029 * uint8_t spdm_chunk[chunk_size]; */ 1030 } spdm_chunk_response_response_t; 1031 1032 #define SPDM_CHUNK_GET_RESPONSE_ATTRIBUTE_LAST_CHUNK (1 << 0) 1033 1034 #pragma pack() 1035 1036 #define SPDM_VERSION_1_1_BIN_CONCAT_LABEL "spdm1.1 " 1037 #define SPDM_VERSION_1_2_BIN_CONCAT_LABEL "spdm1.2 " 1038 #define SPDM_BIN_STR_0_LABEL "derived" 1039 #define SPDM_BIN_STR_1_LABEL "req hs data" 1040 #define SPDM_BIN_STR_2_LABEL "rsp hs data" 1041 #define SPDM_BIN_STR_3_LABEL "req app data" 1042 #define SPDM_BIN_STR_4_LABEL "rsp app data" 1043 #define SPDM_BIN_STR_5_LABEL "key" 1044 #define SPDM_BIN_STR_6_LABEL "iv" 1045 #define SPDM_BIN_STR_7_LABEL "finished" 1046 #define SPDM_BIN_STR_8_LABEL "exp master" 1047 #define SPDM_BIN_STR_9_LABEL "traffic upd" 1048 1049 /** 1050 * The maximum amount of time in microseconds the Responder has to provide a response 1051 * to requests that do not require cryptographic processing. 1052 **/ 1053 #define SPDM_ST1_VALUE_US 100000 1054 1055 /* id-DMTF 1.3.6.1.4.1.412 */ 1056 #define SPDM_OID_DMTF \ 1057 { /*0x06, 0x07,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C } 1058 /* id-DMTF-spdm, { id-DMTF 274 }, 1.3.6.1.4.1.412.274 */ 1059 #define SPDM_OID_DMTF_SPDM \ 1060 { /*0x06, 0x09,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12 } 1061 /* id-DMTF-device-info, { id-DMTF-spdm 1 }, 1.3.6.1.4.1.412.274.1 */ 1062 #define SPDM_OID_DMTF_DEVICE_INFO \ 1063 { /*0x06, 0x0A,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x01 } 1064 /* id-DMTF-hardware-identity, { id-DMTF-spdm 2 }, 1.3.6.1.4.1.412.274.2 */ 1065 #define SPDM_OID_DMTF_HARDWARE_IDENTITY \ 1066 { /*0x06, 0x0A,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x02 } 1067 /* id-DMTF-eku-responder-auth, { id-DMTF-spdm 3 }, 1.3.6.1.4.1.412.274.3 */ 1068 #define SPDM_OID_DMTF_EKU_RESPONDER_AUTH \ 1069 { /*0x06, 0x0A,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x03 } 1070 /* id-DMTF-eku-requester-auth, { id-DMTF-spdm 4 }, 1.3.6.1.4.1.412.274.4 */ 1071 #define SPDM_OID_DMTF_EKU_REQUESTER_AUTH \ 1072 { /*0x06, 0x0A,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x04 } 1073 /* id-DMTF-mutable-certificate, { id-DMTF-spdm 5 }, 1.3.6.1.4.1.412.274.5 */ 1074 #define SPDM_OID_DMTF_MUTABLE_CERTIFICATE \ 1075 { /*0x06, 0x0A,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x05 } 1076 /* id-DMTF-SPDM-extension, { id-DMTF-spdm 6 }, 1.3.6.1.4.1.412.274.6 */ 1077 #define SPDM_OID_DMTF_SPDM_EXTENSION \ 1078 { /*0x06, 0x0A,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x06 } 1079 1080 #endif /* SPDM_H */ 1081