From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com []) by mx.groups.io with SMTP id smtpd.web11.5225.1572525022600146608 for ; Thu, 31 Oct 2019 05:30:23 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: jiewen.yao@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Oct 2019 05:30:23 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,250,1569308400"; d="scan'208";a="283875122" Received: from jyao1-mobl2.ccr.corp.intel.com ([10.254.211.198]) by orsmga001.jf.intel.com with ESMTP; 31 Oct 2019 05:30:22 -0700 From: "Yao, Jiewen" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Yun Lou Subject: [PATCH V2 1/4] MdePkg/Include: Add DMTF SPDM definition. Date: Thu, 31 Oct 2019 20:30:09 +0800 Message-Id: <20191031123012.16020-2-jiewen.yao@intel.com> X-Mailer: git-send-email 2.19.2.windows.1 In-Reply-To: <20191031123012.16020-1-jiewen.yao@intel.com> References: <20191031123012.16020-1-jiewen.yao@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2303 Cc: Michael D Kinney Cc: Liming Gao Cc: Yun Lou Signed-off-by: Jiewen Yao --- MdePkg/Include/IndustryStandard/Spdm.h | 203 ++++++++++++++++++++ 1 file changed, 203 insertions(+) diff --git a/MdePkg/Include/IndustryStandard/Spdm.h b/MdePkg/Include/IndustryStandard/Spdm.h new file mode 100644 index 0000000000..d62b24e9ef --- /dev/null +++ b/MdePkg/Include/IndustryStandard/Spdm.h @@ -0,0 +1,203 @@ +/** @file + Definitions of Security Protocol & Data Model Specification (SPDM) + in Distributed Management Task Force (DMTF). + +Copyright (c) 2019, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#ifndef __SPDM_H__ +#define __SPDM_H__ + +#pragma pack(1) + +#define SPDM_DIGESTS 0x01 +#define SPDM_CERTIFICATE 0x02 +#define SPDM_CHALLENGE_AUTH 0x03 +#define SPDM_MEASUREMENTS 0x60 +#define SPDM_CAPABILITIES 0x61 +#define SPDM_SET_CERT_RESPONSE 0x62 +#define SPDM_ALGORITHMS 0x63 +#define SPDM_ERROR 0x7F +#define SPDM_GET_DIGESTS 0x81 +#define SPDM_GET_CERTIFICATE 0x82 +#define SPDM_CHALLENGE 0x83 +#define SPDM_GET_MEASUREMENTS 0xE0 +#define SPDM_GET_CAPABILITIES 0xE1 +#define SPDM_SET_CERTIFICATE 0xE2 +#define SPDM_NEGOTIATE_ALGORITHMS 0xE3 +#define SPDM_RESPOND_IF_READY 0xFF + +typedef struct { + UINT8 SPDMVersion; + UINT8 RequestResponseCode; + UINT8 Param1; + UINT8 Param2; +} SPDM_MESSAGE_HEADER; + +#define SPDM_VERSION 0x10 + +typedef struct { + SPDM_MESSAGE_HEADER Header; +} SPDM_GET_CAPABILITIES_REQUEST; + +typedef struct { + SPDM_MESSAGE_HEADER Header; + UINT8 DetailedVersion; + UINT8 CryptographicTimeout; + UINT16 Reserved; + UINT32 Flags; + UINT16 SPDMMajorVersions; + UINT16 Reserved2; +} SPDM_CAPABILITIES_RESPONSE; + +#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_AUTH_CAP BIT1 +#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP BIT3 +#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_FRESH_CAP BIT4 + +typedef struct { + SPDM_MESSAGE_HEADER Header; + UINT16 Length; + UINT8 MeasurementSpecification; + UINT8 Reserved; + UINT32 BaseAsymAlgo; + UINT32 BaseHashAlgo; + UINT64 Reserved2; + UINT8 ExtAsymCount; + UINT8 ExtHashCount; + UINT16 Reserved3; +//UINT32 ExtAsym[ExtAsymCount]; +//UINT32 ExtHash[ExtHashCount]; +} SPDM_NEGOTIATE_ALGORITHMS_REQUEST; + +#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 BIT0 +#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 BIT1 +#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 BIT2 +#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 BIT3 +#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 BIT4 +#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 BIT5 + +#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA2_256 BIT0 +#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 BIT1 +#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA2_384 BIT2 +#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 BIT3 +#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA2_512 BIT4 +#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 BIT5 + +typedef struct { + SPDM_MESSAGE_HEADER Header; + UINT16 Length; + UINT8 MeasurementSpecification; + UINT8 MeasurementHashAlgo; + UINT32 BaseAsymSel; + UINT32 BaseHashSel; + UINT64 Reserved; + UINT8 ExtAsymSelCount; + UINT8 ExtHashSelCount; + UINT16 Reserved2; +//UINT32 ExtAsymSel[ExtAsymSelCount]; +//UINT32 ExtHashSel[ExtHashSelCount]; +} SPDM_ALGORITHMS_RESPONSE; + +typedef struct { + SPDM_MESSAGE_HEADER Header; +} SPDM_GET_DIGESTS_REQUEST; + +typedef struct { + SPDM_MESSAGE_HEADER Header; +//UINT8 Digest[DigestSize]; +} SPDM_DIGESTS_RESPONSE; + +typedef struct { + SPDM_MESSAGE_HEADER Header; + UINT16 Offset; + UINT16 Length; +} SPDM_GET_CERTIFICATE_REQUEST; + +typedef struct { + SPDM_MESSAGE_HEADER Header; +//UINT8 CertChain[CertChainSize]; +} SPDM_CERTIFICATE_RESPONSE; + +typedef struct { + SPDM_MESSAGE_HEADER Header; +//UINT8 Nonce[DigestSize]; +} SPDM_CHALLENGE_REQUEST; + +typedef struct { + SPDM_MESSAGE_HEADER Header; + UINT8 MinSPDMVersion; + UINT8 MaxSPDMVersion; + UINT8 Capabilities; + UINT8 Reserved; +//UINT8 CertChainHash[DigestSize]; +//UINT8 Salt[DigestSize]; +//UINT8 ContextHash[DigestSize]; + // + // M1 = Concatenate( + // GET_CAPABILITIES_REQUEST1, CAPABILITIES_RESPONSE1, + // NEGOTIATE_ALGORITHMS_REQUEST1, ALGORITHMS_RESPONSE1, CHALLENGE_REQUEST1, + // CHALLENGE_AUTH_RESPONSE_WITHOUT_SIGNATURE1) + // Signature = Sign(SK, Hash1(M1)) + // +//UINT8 Signature[KeySize]; +} SPDM_CHALLENGE_AUTH_RESPONSE; + +typedef struct { + SPDM_MESSAGE_HEADER Header; + // Param1 == Request Type + // Param2 == Measurement Index (0xFF == all) +//UINT8 Nonce[DigestSize]; +} SPDM_GET_MEASUREMENTS_REQUEST; + +typedef struct { + UINT8 Index; + UINT8 MeasurementType; + UINT8 MeasurementSpecification; + UINT8 Reserved; +} SPDM_MEASUREMENT_BLOCK_HEADER; + +#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_IMMUTABLE_ROM 1 +#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_MUTABLE_FIRMWARE 2 +#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_HARDWARE_CONFIGURATION 3 +#define SPDM_MEASUREMENT_BLOCK_MEASUREMENT_TYPE_FIRMWARE_CONFIGURATION 4 + +typedef struct { + SPDM_MESSAGE_HEADER Header; + UINT8 NumberOfBlocks; +//SPDM_MEASUREMENT_BLOCK_STRUCT MeasurementRecord[NumberOfBlocks]; +//UINT8 Salt[DigestSize]; +//UINT8 ContextHash[DigestSize]; + // + // L1 = Concatenate( + // GET_MEASUREMENTS_REQUEST1, MEASUREMENTS_RESPONSE_WITHOUT_SIGNATURE1) + // Signature = Sign(SK, Hash1(L1)) + // +//UINT8 Signature[KeySize]; +} SPDM_MEASUREMENTS_RESPONSE; + +typedef struct { + SPDM_MESSAGE_HEADER Header; + // Param1 == Error Code + // Param2 == Error Data +//UINT8 ExtendedErrorData[]; +} SPDM_ERROR_RESPONSE; + +#define SPDM_ERROR_CODE_INVALID_REQUEST 0x01 +#define SPDM_ERROR_CODE_BUSY 0x03 +#define SPDM_ERROR_CODE_UNEXPECTED_REQUEST 0x04 +#define SPDM_ERROR_CODE_UNINITIALIZED 0x05 +#define SPDM_ERROR_CODE_REQUESTED_INFO_TOO_LONG 0x40 +#define SPDM_ERROR_CODE_MAJOR_VERSION_MISMATCH 0x41 +#define SPDM_ERROR_CODE_RESPONSE_NOT_READY 0x42 + +typedef struct { + SPDM_MESSAGE_HEADER Header; +} SPDM_RESPONSE_IF_READY_REQUEST; + +#pragma pack() + +#endif + -- 2.19.2.windows.1