1 /* 2 * SPDX-FileCopyrightText: Copyright (c) 2022-2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 * SPDX-License-Identifier: MIT 4 * 5 * Permission is hereby granted, free of charge, to any person obtaining a 6 * copy of this software and associated documentation files (the "Software"), 7 * to deal in the Software without restriction, including without limitation 8 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 9 * and/or sell copies of the Software, and to permit persons to whom the 10 * Software is furnished to do so, subject to the following conditions: 11 * 12 * The above copyright notice and this permission notice shall be included in 13 * all copies or substantial portions of the Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 18 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 21 * DEALINGS IN THE SOFTWARE. 22 */ 23 24 #ifndef _NVSPDM_RMCONFIG_H_ 25 #define _NVSPDM_RMCONFIG_H_ 26 27 // 28 // RM's configuration values for libspdm. Replaces default values in spdm_lib_config.h. 29 // Must define LIBSPDM_CONFIG in CFLAGS during build in order to successfully replace. 30 // 31 // NOTE: Any updates to macros must first test a local build with LIBSPDM_CHECK_MACRO 32 // set to 1! This ensures the macro combination is valid. Kept at 0 since adds 33 // overhead to build otherwise. 34 // 35 #define LIBSPDM_CHECK_MACRO 1 36 37 // Enable FIPS 140-3 mode. 38 #define LIBSPDM_FIPS_MODE 1 39 40 // 41 // We want debug asserts enabled, but we don't care about debug prints or the debug blocks. 42 // Don't define LIBSPDM_DEBUG_ENABLE, as it will override these settings below. 43 // 44 #define LIBSPDM_DEBUG_ASSERT_ENABLE 1 45 #define LIBSPDM_DEBUG_PRINT_ENABLE 1 46 #define LIBSPDM_DEBUG_BLOCK_ENABLE 0 47 48 // These settings are all libspdm default. 49 #define LIBSPDM_MAX_VERSION_COUNT 5 50 #define LIBSPDM_PSK_CONTEXT_LENGTH LIBSPDM_MAX_HASH_SIZE 51 #define LIBSPDM_PSK_MAX_HINT_LENGTH 16 52 #define LIBSPDM_MAX_ROOT_CERT_SUPPORT 1 53 54 // Limit to one session at a time. 55 #define LIBSPDM_MAX_SESSION_COUNT 1 56 57 #define LIBSPDM_MAX_CERT_CHAIN_SIZE 0x1000 58 #define LIBSPDM_MAX_MEASUREMENT_RECORD_SIZE 0x1000 59 #define LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN LIBSPDM_MAX_CERT_CHAIN_SIZE 60 61 // Use running hash rather than recording all transcript data. 62 #define LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 0 63 64 #define LIBSPDM_ECDSA_P384_SUPPORT 1 65 #define LIBSPDM_RSA_SSA_2048_SUPPORT 0 66 #define LIBSPDM_RSA_SSA_3072_SUPPORT 0 67 #define LIBSPDM_RSA_SSA_4096_SUPPORT 0 68 #define LIBSPDM_RSA_PSS_2048_SUPPORT 0 69 #define LIBSPDM_RSA_PSS_4096_SUPPORT 0 70 #define LIBSPDM_ECDSA_P256_SUPPORT 0 71 #define LIBSPDM_ECDSA_P521_SUPPORT 0 72 #define LIBSPDM_SM2_DSA_P256_SUPPORT 0 73 #define LIBSPDM_EDDSA_ED25519_SUPPORT 0 74 #define LIBSPDM_EDDSA_ED448_SUPPORT 0 75 76 #define LIBSPDM_ECDHE_P384_SUPPORT 1 77 #define LIBSPDM_FFDHE_2048_SUPPORT 0 78 #define LIBSPDM_FFDHE_3072_SUPPORT 0 79 #define LIBSPDM_FFDHE_4096_SUPPORT 0 80 #define LIBSPDM_ECDHE_P256_SUPPORT 0 81 #define LIBSPDM_ECDHE_P521_SUPPORT 0 82 #define LIBSPDM_SM2_KEY_EXCHANGE_P256_SUPPORT 0 83 84 #define LIBSPDM_AEAD_AES_256_GCM_SUPPORT 1 85 #define LIBSPDM_AEAD_AES_128_GCM_SUPPORT 0 86 #define LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT 0 87 #define LIBSPDM_AEAD_SM4_128_GCM_SUPPORT 0 88 89 #define LIBSPDM_SHA256_SUPPORT 1 90 #define LIBSPDM_SHA384_SUPPORT 1 91 #define LIBSPDM_SHA512_SUPPORT 0 92 #define LIBSPDM_SHA3_256_SUPPORT 0 93 #define LIBSPDM_SHA3_384_SUPPORT 0 94 #define LIBSPDM_SHA3_512_SUPPORT 0 95 #define LIBSPDM_SM3_256_SUPPORT 0 96 97 #define LIBSPDM_CERT_PARSE_SUPPORT 1 98 99 #define LIBSPDM_ENABLE_CAPABILITY_CERT_CAP 1 100 #define LIBSPDM_ENABLE_CAPABILITY_MEAS_CAP 1 101 #define LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP 1 102 #define LIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP 1 103 #define LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP 0 104 #define LIBSPDM_ENABLE_CAPABILITY_PSK_CAP 0 105 #define LIBSPDM_ENABLE_CAPABILITY_CSR_CAP 0 106 #define LIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP 0 107 #define LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP 0 108 109 #define LIBSPDM_SEND_GET_CERTIFICATE_SUPPORT 1 110 #define LIBSPDM_SEND_CHALLENGE_SUPPORT 0 111 #define LIBSPDM_RESPOND_IF_READY_SUPPORT 0 112 113 // Enable message log to simplify Attestation Report retrieval. 114 #define LIBSPDM_ENABLE_MSG_LOG 1 115 116 // Enable runtime checks to ensure SPDM context validity. 117 #define LIBSPDM_CHECK_SPDM_CONTEXT 1 118 119 #include <rmconfig.h> 120 // Enable mutual authentication and encapsulated process both. 121 #define LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP 1 122 #define LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP 1 123 #define LIBSPDM_RSA_PSS_3072_SUPPORT 1 124 125 #define LIBSPDM_RSA_PSS_SUPPORT ((LIBSPDM_RSA_PSS_2048_SUPPORT) || \ 126 (LIBSPDM_RSA_PSS_3072_SUPPORT) || \ 127 (LIBSPDM_RSA_PSS_4096_SUPPORT)) 128 129 #endif // _NVSPDM_RMCONFIG_H_ 130