CAPABILITIES: Add SupportedAlgorithms #2968
Conversation
ShitalJumbad
force-pushed
the
fix-2279
branch
2 times, most recently
from
7f6a24b to
a061ee9
Compare
fix DMTF#2279 Signed-off-by: Shital Jumbad <sjumbad@nvidia.com>
ShitalJumbad
force-pushed
the
fix-2279
branch
from
a061ee9 to
c0d1cd5
Compare
| /* Followed by dynamic arrays for ext_asym and ext_hash, if needed | ||
| * spdm_extended_algorithm_t ext_asym[ext_asym_count]; | ||
| * spdm_extended_algorithm_t ext_hash[ext_hash_count]; */ | ||
| spdm_negotiate_algorithms_common_struct_table_t struct_table[ |
There was a problem hiding this comment.
ext_asym and/or ext_hash may exist and so struct_table should be commented out in this struct.
| @@ -43,6 +43,7 @@ typedef struct { | |||
| } libspdm_device_version_t; | |||
|
|
|||
| typedef struct { | |||
| uint8_t param1; | |||
There was a problem hiding this comment.
Probably need a new function libspdm_get_resp_algo or something in https://github.com/DMTF/libspdm/blob/main/include/library/spdm_requester_lib.h. This would execute GET_VERSION and GET_CAPABILITIES with GET_CAPABILITIES.Param1[0] set. If they want to continue on with the connection they can call libspdm_init_connection and start anew.
There was a problem hiding this comment.
Actually the function should be called libspdm_get_supported_algorithms since that's the field name.
| @@ -251,6 +251,10 @@ static libspdm_return_t libspdm_try_get_capabilities(libspdm_context_t *spdm_con | |||
| } | |||
| spdm_request->header.request_response_code = SPDM_GET_CAPABILITIES; | |||
| spdm_request->header.param1 = 0; | |||
| if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13 && | |||
There was a problem hiding this comment.
The check for Requester's CHUNK_CAP should be a LIBSPDM_ASSERT done near the top of this function.
| status = LIBSPDM_STATUS_INVALID_MSG_SIZE; | ||
| goto receive_done; | ||
| } | ||
| } | ||
| if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_12) { | ||
|
|
There was a problem hiding this comment.
In addition to size checks there are some checks that can be performed based on the Responder's algorithms and capabilities. For example if Responder's KEY_EX_CAP is set then it needs DHE algorithms. See #2947 for more information.
| if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13 && | ||
| (spdm_request->header.param1 & 0x01) && | ||
| ((spdm_request->flags & | ||
| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHUNK_CAP) == 0)) { |
There was a problem hiding this comment.
Both the Requester and Responder's CHUNK_CAP needs to be set for this to occur.
| @@ -55,6 +56,7 @@ typedef struct { | |||
| } libspdm_device_capability_t; | |||
|
|
|||
| typedef struct { | |||
| uint8_t param1; | |||
There was a problem hiding this comment.
This is not needed.
| *response_size = sizeof(spdm_capabilities_response_t); | ||
|
|
||
| spdm_response->supported_algorithms.param1 = spdm_context->local_context.algorithm.param1; |
There was a problem hiding this comment.
Need to check if dhe_named_group, aead_cipher_suite, etc, is non-zero to populate this.
| spdm_response->supported_algorithms.length += | ||
| spdm_response->supported_algorithms.param1* | ||
| sizeof(spdm_negotiate_algorithms_common_struct_table_t); | ||
| if (spdm_context->local_context.algorithm.dhe_named_group) { |
fix #2279