1 /*
2  * SPDX-FileCopyrightText: Copyright (c) 2022-2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
3  * SPDX-License-Identifier: MIT
4  *
5  * Permission is hereby granted, free of charge, to any person obtaining a
6  * copy of this software and associated documentation files (the "Software"),
7  * to deal in the Software without restriction, including without limitation
8  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
9  * and/or sell copies of the Software, and to permit persons to whom the
10  * Software is furnished to do so, subject to the following conditions:
11  *
12  * The above copyright notice and this permission notice shall be included in
13  * all copies or substantial portions of the Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
18  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
21  * DEALINGS IN THE SOFTWARE.
22  */
23 
24 #ifndef _NVSPDM_RMCONFIG_H_
25 #define _NVSPDM_RMCONFIG_H_
26 
27 //
28 // RM's configuration values for libspdm. Replaces default values in spdm_lib_config.h.
29 // Must define LIBSPDM_CONFIG in CFLAGS during build in order to successfully replace.
30 //
31 // NOTE: Any updates to macros must first test a local build with LIBSPDM_CHECK_MACRO
32 // set to 1! This ensures the macro combination is valid. Kept at 0 since adds
33 // overhead to build otherwise.
34 //
35 #define LIBSPDM_CHECK_MACRO                       1
36 
37 // Enable FIPS 140-3 mode.
38 #define LIBSPDM_FIPS_MODE                         1
39 
40 //
41 // We want debug asserts enabled, but we don't care about debug prints or the debug blocks.
42 // Don't define LIBSPDM_DEBUG_ENABLE, as it will override these settings below.
43 //
44 #define LIBSPDM_DEBUG_ASSERT_ENABLE               1
45 #define LIBSPDM_DEBUG_PRINT_ENABLE                1
46 #define LIBSPDM_DEBUG_BLOCK_ENABLE                0
47 
48 // These settings are all libspdm default.
49 #define LIBSPDM_MAX_VERSION_COUNT                 5
50 #define LIBSPDM_PSK_CONTEXT_LENGTH                LIBSPDM_MAX_HASH_SIZE
51 #define LIBSPDM_PSK_MAX_HINT_LENGTH               16
52 #define LIBSPDM_MAX_ROOT_CERT_SUPPORT             1
53 
54 // Limit to one session at a time.
55 #define LIBSPDM_MAX_SESSION_COUNT                 1
56 
57 #define LIBSPDM_MAX_CERT_CHAIN_SIZE               0x1000
58 #define LIBSPDM_MAX_MEASUREMENT_RECORD_SIZE       0x1000
59 #define LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN          LIBSPDM_MAX_CERT_CHAIN_SIZE
60 
61 // Use running hash rather than recording all transcript data.
62 #define LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT    0
63 
64 #define LIBSPDM_ECDSA_P384_SUPPORT                1
65 #define LIBSPDM_RSA_SSA_2048_SUPPORT              0
66 #define LIBSPDM_RSA_SSA_3072_SUPPORT              0
67 #define LIBSPDM_RSA_SSA_4096_SUPPORT              0
68 #define LIBSPDM_RSA_PSS_2048_SUPPORT              0
69 #define LIBSPDM_RSA_PSS_4096_SUPPORT              0
70 #define LIBSPDM_ECDSA_P256_SUPPORT                0
71 #define LIBSPDM_ECDSA_P521_SUPPORT                0
72 #define LIBSPDM_SM2_DSA_P256_SUPPORT              0
73 #define LIBSPDM_EDDSA_ED25519_SUPPORT             0
74 #define LIBSPDM_EDDSA_ED448_SUPPORT               0
75 
76 #define LIBSPDM_ECDHE_P384_SUPPORT                1
77 #define LIBSPDM_FFDHE_2048_SUPPORT                0
78 #define LIBSPDM_FFDHE_3072_SUPPORT                0
79 #define LIBSPDM_FFDHE_4096_SUPPORT                0
80 #define LIBSPDM_ECDHE_P256_SUPPORT                0
81 #define LIBSPDM_ECDHE_P521_SUPPORT                0
82 #define LIBSPDM_SM2_KEY_EXCHANGE_P256_SUPPORT     0
83 
84 #define LIBSPDM_AEAD_AES_256_GCM_SUPPORT          1
85 #define LIBSPDM_AEAD_AES_128_GCM_SUPPORT          0
86 #define LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT    0
87 #define LIBSPDM_AEAD_SM4_128_GCM_SUPPORT          0
88 
89 #define LIBSPDM_SHA256_SUPPORT                    1
90 #define LIBSPDM_SHA384_SUPPORT                    1
91 #define LIBSPDM_SHA512_SUPPORT                    0
92 #define LIBSPDM_SHA3_256_SUPPORT                  0
93 #define LIBSPDM_SHA3_384_SUPPORT                  0
94 #define LIBSPDM_SHA3_512_SUPPORT                  0
95 #define LIBSPDM_SM3_256_SUPPORT                   0
96 
97 #define LIBSPDM_CERT_PARSE_SUPPORT                1
98 
99 #define LIBSPDM_ENABLE_CAPABILITY_CERT_CAP        1
100 #define LIBSPDM_ENABLE_CAPABILITY_MEAS_CAP        1
101 #define LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP      1
102 #define LIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP       1
103 #define LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP        0
104 #define LIBSPDM_ENABLE_CAPABILITY_PSK_CAP         0
105 #define LIBSPDM_ENABLE_CAPABILITY_CSR_CAP         0
106 #define LIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP    0
107 #define LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP       0
108 
109 #define LIBSPDM_SEND_GET_CERTIFICATE_SUPPORT      1
110 #define LIBSPDM_SEND_CHALLENGE_SUPPORT            0
111 #define LIBSPDM_RESPOND_IF_READY_SUPPORT          0
112 
113 // Enable message log to simplify Attestation Report retrieval.
114 #define LIBSPDM_ENABLE_MSG_LOG                    1
115 
116 // Enable runtime checks to ensure SPDM context validity.
117 #define LIBSPDM_CHECK_SPDM_CONTEXT                1
118 
119 #include <rmconfig.h>
120 // Enable mutual authentication and encapsulated process both.
121 #define LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP        1
122 #define LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP           1
123 #define LIBSPDM_RSA_PSS_3072_SUPPORT                  1
124 
125 #define LIBSPDM_RSA_PSS_SUPPORT ((LIBSPDM_RSA_PSS_2048_SUPPORT) || \
126                                  (LIBSPDM_RSA_PSS_3072_SUPPORT) || \
127                                  (LIBSPDM_RSA_PSS_4096_SUPPORT))
128 
129 #endif // _NVSPDM_RMCONFIG_H_
130