From 61880cb62dfc7b541f01d6bb1204a137c155d4de Mon Sep 17 00:00:00 2001 From: Jiewen Yao Date: Mon, 13 Nov 2023 11:33:15 +0800 Subject: [PATCH 1/5] Add 1.3 Cap definition. Signed-off-by: Jiewen Yao --- include/industry_standard/spdm.h | 34 ++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/include/industry_standard/spdm.h b/include/industry_standard/spdm.h index 9a930dbe641..a95e2916959 100644 --- a/include/industry_standard/spdm.h +++ b/include/industry_standard/spdm.h @@ -190,6 +190,20 @@ typedef struct { SPDM_GET_CAPABILITIES_REQUEST_FLAGS_11_MASK | \ SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHUNK_CAP) +/* SPDM GET_CAPABILITIES request flags (1.3) */ +#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_EP_INFO_CAP (0x00400000 | 0x00800000) +#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_EP_INFO_CAP_NO_SIG 0x00400000 +#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_EP_INFO_CAP_SIG 0x00800000 +#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_EVENT_CAP 0x02000000 +#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP (0x04000000 | 0x08000000) +#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP_ONLY 0x04000000 +#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP_NEG 0x08000000 +#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_13_MASK ( \ + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_12_MASK | \ + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_EP_INFO_CAP | \ + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_EVENT_CAP | \ + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP) + /* SPDM GET_CAPABILITIES response flags (1.0) */ #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CACHE_CAP 0x00000001 #define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP 0x00000002 @@ -247,6 +261,26 @@ typedef struct { SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CSR_CAP | \ SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP) +/* SPDM GET_CAPABILITIES response flags (1.3) */ +#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP (0x00400000 | 0x00800000) +#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP_NO_SIG 0x00400000 +#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP_SIG 0x00800000 +#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEL_CAP 0x01000000 +#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EVENT_CAP 0x02000000 +#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MULTI_KEY_CAP (0x04000000 | 0x08000000) +#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MULTI_KEY_CAP_ONLY 0x04000000 +#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MULTI_KEY_CAP_NEG 0x08000000 +#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_GET_KEY_PAIR_INFO_CAP 0x10000000 +#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_INFO_CAP 0x20000000 +#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_13_MASK ( \ + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_12_MASK | \ + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP | \ + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEL_CAP | \ + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EVENT_CAP | \ + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MULTI_KEY_CAP | \ + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_GET_KEY_PAIR_INFO_CAP | \ + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_INFO_CAP) + /* SPDM NEGOTIATE_ALGORITHMS request */ typedef struct { spdm_message_header_t header; From c7949ca3fd12650a80bd22864425dccbc3d93b9b Mon Sep 17 00:00:00 2001 From: Jiewen Yao Date: Mon, 13 Nov 2023 12:52:59 +0800 Subject: [PATCH 2/5] Add 1.3 cap check in message. Signed-off-by: Jiewen Yao --- .../libspdm_req_get_capabilities.c | 41 ++++++++++++++++--- .../libspdm_rsp_capabilities.c | 30 ++++++++++++-- 2 files changed, 63 insertions(+), 8 deletions(-) diff --git a/library/spdm_requester_lib/libspdm_req_get_capabilities.c b/library/spdm_requester_lib/libspdm_req_get_capabilities.c index a36c777ace7..112827d3972 100644 --- a/library/spdm_requester_lib/libspdm_req_get_capabilities.c +++ b/library/spdm_requester_lib/libspdm_req_get_capabilities.c @@ -37,6 +37,12 @@ static bool validate_responder_capability(uint32_t capabilities_flag, uint8_t ve const uint8_t set_cert_cap = (uint8_t)(capabilities_flag >> 19) & 0x01; const uint8_t csr_cap = (uint8_t)(capabilities_flag >> 20) & 0x01; const uint8_t cert_install_reset_cap = (uint8_t)(capabilities_flag >> 21) & 0x01; + const uint8_t ep_info_cap = (uint8_t)(capabilities_flag >> 22) & 0x03; + /* const uint8_t mel_cap = (uint8_t)(capabilities_flag >> 24) & 0x01; */ + const uint8_t event_cap = (uint8_t)(capabilities_flag >> 25) & 0x01; + const uint8_t multi_key_cap = (uint8_t)(capabilities_flag >> 26) & 0x03; + const uint8_t get_key_pair_info_cap = (uint8_t)(capabilities_flag >> 28) & 0x01; + /* const uint8_t set_key_pair_info_cap = (uint8_t)(capabilities_flag >> 29) & 0x01; */ /* Checks common to all SPDM versions. */ @@ -65,8 +71,8 @@ static bool validate_responder_capability(uint32_t capabilities_flag, uint8_t ve return true; } - /* Checks common to 1.1 and 1.2. */ - if ((version == SPDM_MESSAGE_VERSION_11) || (version == SPDM_MESSAGE_VERSION_12)) { + /* Checks common to 1.1 and higher. */ + if (version >= SPDM_MESSAGE_VERSION_11) { /* Illegal to return reserved values. */ if (psk_cap == 3) { return false; @@ -85,6 +91,11 @@ static bool validate_responder_capability(uint32_t capabilities_flag, uint8_t ve (hbeat_cap == 1) || (key_upd_cap == 1)) { return false; } + if (version == SPDM_MESSAGE_VERSION_13) { + if (event_cap == 1) { + return false; + } + } } if ((key_ex_cap == 0) && (psk_cap != 0)) { if (handshake_in_the_clear_cap == 1) { @@ -107,6 +118,11 @@ static bool validate_responder_capability(uint32_t capabilities_flag, uint8_t ve if ((chal_cap == 1) || (key_ex_cap == 1) || (meas_cap == 2) || (mut_auth_cap == 1)) { return false; } + if (version == SPDM_MESSAGE_VERSION_13) { + if (ep_info_cap == 2) { + return false; + } + } } /* Checks that originate from mutual authentication capabilities. */ @@ -124,8 +140,8 @@ static bool validate_responder_capability(uint32_t capabilities_flag, uint8_t ve } } - /* Checks specific to 1.2. */ - if (version == SPDM_MESSAGE_VERSION_12) { + /* Checks common to 1.2 and higher. */ + if (version >= SPDM_MESSAGE_VERSION_12) { if ((cert_cap == 0) && ((alias_cert_cap == 1) || (set_cert_cap == 1))) { return false; } @@ -137,6 +153,18 @@ static bool validate_responder_capability(uint32_t capabilities_flag, uint8_t ve } } + /* Checks specific to 1.3. */ + if (version == SPDM_MESSAGE_VERSION_13) { + /* Illegal to return reserved values. */ + if ((ep_info_cap == 3) || (multi_key_cap == 3)) { + return false; + } + /* check multi-key */ + if ((multi_key_cap != 0) && (get_key_pair_info_cap == 0)) { + return false; + } + } + return true; } @@ -322,9 +350,12 @@ static libspdm_return_t libspdm_try_get_capabilities(libspdm_context_t *spdm_con } else if (spdm_response->header.spdm_version == SPDM_MESSAGE_VERSION_11) { spdm_context->connection_info.capability.flags = spdm_response->flags & SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_11_MASK; - } else { + } else if (spdm_response->header.spdm_version == SPDM_MESSAGE_VERSION_12) { spdm_context->connection_info.capability.flags = spdm_response->flags & SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_12_MASK; + } else { + spdm_context->connection_info.capability.flags = + spdm_response->flags & SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_13_MASK; } if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_12) { diff --git a/library/spdm_responder_lib/libspdm_rsp_capabilities.c b/library/spdm_responder_lib/libspdm_rsp_capabilities.c index ac82e7c11b7..c82f32afa78 100644 --- a/library/spdm_responder_lib/libspdm_rsp_capabilities.c +++ b/library/spdm_responder_lib/libspdm_rsp_capabilities.c @@ -59,9 +59,12 @@ static bool libspdm_check_request_flag_compatibility(uint32_t capabilities_flag, const uint8_t key_upd_cap = (uint8_t)(capabilities_flag >> 14) & 0x01; const uint8_t handshake_in_the_clear_cap = (uint8_t)(capabilities_flag >> 15) & 0x01; const uint8_t pub_key_id_cap = (uint8_t)(capabilities_flag >> 16) & 0x01; + const uint8_t ep_info_cap = (uint8_t)(capabilities_flag >> 22) & 0x03; + const uint8_t event_cap = (uint8_t)(capabilities_flag >> 25) & 0x01; + const uint8_t multi_key_cap = (uint8_t)(capabilities_flag >> 26) & 0x03; - /* Checks common to 1.1 and 1.2. */ - if ((version == SPDM_MESSAGE_VERSION_11) || (version == SPDM_MESSAGE_VERSION_12)) { + /* Checks common to 1.1 and higher */ + if (version >= SPDM_MESSAGE_VERSION_11) { /* Illegal to return reserved values. */ if ((psk_cap == 2) || (psk_cap == 3)) { return false; @@ -80,6 +83,11 @@ static bool libspdm_check_request_flag_compatibility(uint32_t capabilities_flag, (hbeat_cap == 1) || (key_upd_cap == 1)) { return false; } + if (version == SPDM_MESSAGE_VERSION_13) { + if (event_cap == 1) { + return false; + } + } } if ((key_ex_cap == 0) && (psk_cap == 1)) { if (handshake_in_the_clear_cap == 1) { @@ -102,6 +110,11 @@ static bool libspdm_check_request_flag_compatibility(uint32_t capabilities_flag, if ((chal_cap == 1) || (mut_auth_cap == 1)) { return false; } + if (version == SPDM_MESSAGE_VERSION_13) { + if (ep_info_cap == 2) { + return false; + } + } } /* Checks that originate from mutual authentication capabilities. */ @@ -119,6 +132,14 @@ static bool libspdm_check_request_flag_compatibility(uint32_t capabilities_flag, } } + /* Checks specific to 1.3. */ + if (version == SPDM_MESSAGE_VERSION_13) { + /* Illegal to return reserved values. */ + if ((ep_info_cap == 3) || (multi_key_cap == 3)) { + return false; + } + } + return true; } @@ -264,9 +285,12 @@ libspdm_return_t libspdm_get_response_capabilities(libspdm_context_t *spdm_conte } else if (spdm_response->header.spdm_version == SPDM_MESSAGE_VERSION_11) { spdm_context->connection_info.capability.flags = spdm_request->flags & SPDM_GET_CAPABILITIES_REQUEST_FLAGS_11_MASK; - } else { + } else if (spdm_response->header.spdm_version == SPDM_MESSAGE_VERSION_12) { spdm_context->connection_info.capability.flags = spdm_request->flags & SPDM_GET_CAPABILITIES_REQUEST_FLAGS_12_MASK; + } else { + spdm_context->connection_info.capability.flags = + spdm_request->flags & SPDM_GET_CAPABILITIES_REQUEST_FLAGS_13_MASK; } if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_12) { From 5b0bf7d10f129635e3cf3424b36cc902519b6632 Mon Sep 17 00:00:00 2001 From: Jiewen Yao Date: Mon, 13 Nov 2023 13:20:48 +0800 Subject: [PATCH 3/5] Add 1.3 multi connection definition Signed-off-by: Jiewen Yao --- include/industry_standard/spdm.h | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/include/industry_standard/spdm.h b/include/industry_standard/spdm.h index a95e2916959..b323270d8a7 100644 --- a/include/industry_standard/spdm.h +++ b/include/industry_standard/spdm.h @@ -289,7 +289,9 @@ typedef struct { uint16_t length; uint8_t measurement_specification; /* other_params_support is added in 1.2. - * BIT[0:3]=opaque_data_format support, BIT[4:7]=reserved*/ + * BIT[0:3]=opaque_data_format support + * BIT[4]=ResponderMultiKeyConn, added in 1.3 + * BIT[5:7]=reserved*/ uint8_t other_params_support; uint32_t base_asym_algo; uint32_t base_hash_algo; @@ -387,7 +389,9 @@ typedef struct { uint16_t length; uint8_t measurement_specification_sel; /* other_params_selection is added in 1.2. - * BIT[0:3]=opaque_data_format select, BIT[4:7]=reserved*/ + * BIT[0:3]=opaque_data_format select, + * BIT[4]=RequesterMultiKeyConnSel, added in 1.3 + * BIT[5:7]=reserved*/ uint8_t other_params_selection; uint32_t measurement_hash_algo; uint32_t base_asym_sel; @@ -419,6 +423,8 @@ typedef struct { #define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_0 0x1 #define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1 0x2 #define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK 0xF +/* SPDM Multi-Connection Selection (1.3) */ +#define SPDM_ALGORITHMS_MULTI_KEY_CONN 0x10 /* SPDM Opaque Data Format 1 (1.2) */ typedef struct { From 57d7cbbe9fa67866c6926c31671805e81dc39ce5 Mon Sep 17 00:00:00 2001 From: Jiewen Yao Date: Mon, 13 Nov 2023 14:15:47 +0800 Subject: [PATCH 4/5] add 1.3 multi-key connection process in algorithm. Signed-off-by: Jiewen Yao --- include/internal/libspdm_common_lib.h | 4 ++ .../spdm_common_lib/libspdm_com_opaque_data.c | 4 +- .../libspdm_req_negotiate_algorithms.c | 46 +++++++++++++++ .../libspdm_rsp_algorithms.c | 59 ++++++++++++++++++- 4 files changed, 109 insertions(+), 4 deletions(-) diff --git a/include/internal/libspdm_common_lib.h b/include/internal/libspdm_common_lib.h index 5e9bb63a082..ff550476abd 100644 --- a/include/internal/libspdm_common_lib.h +++ b/include/internal/libspdm_common_lib.h @@ -128,6 +128,10 @@ typedef struct { /* Specifies whether the cached negotiated state should be invalidated. (responder only) * This is a "sticky" bit wherein if it is set to 1 then it cannot be set to 0. */ uint8_t end_session_attributes; + + /* multi-key negotiated result */ + bool multi_key_conn_req; + bool multi_key_conn_rsp; } libspdm_connection_info_t; typedef struct { diff --git a/library/spdm_common_lib/libspdm_com_opaque_data.c b/library/spdm_common_lib/libspdm_com_opaque_data.c index 76739e596a3..6dcbbc10155 100644 --- a/library/spdm_common_lib/libspdm_com_opaque_data.c +++ b/library/spdm_common_lib/libspdm_com_opaque_data.c @@ -261,8 +261,8 @@ bool libspdm_process_general_opaque_data_check(libspdm_context_t *spdm_context, LIBSPDM_ASSERT(data_in_size <= SPDM_MAX_OPAQUE_DATA_SIZE); if (libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_12) { - if (spdm_context->connection_info.algorithm.other_params_support == - SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1) { + if ((spdm_context->connection_info.algorithm.other_params_support & + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK) == SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1) { /* Check byte alignment */ if ((data_in_size & 3) != 0) { return false; diff --git a/library/spdm_requester_lib/libspdm_req_negotiate_algorithms.c b/library/spdm_requester_lib/libspdm_req_negotiate_algorithms.c index 23abff6e530..e10550fb75d 100644 --- a/library/spdm_requester_lib/libspdm_req_negotiate_algorithms.c +++ b/library/spdm_requester_lib/libspdm_req_negotiate_algorithms.c @@ -140,6 +140,32 @@ static libspdm_return_t libspdm_try_negotiate_algorithms(libspdm_context_t *spdm spdm_request->other_params_support = spdm_context->local_context.algorithm.other_params_support; } + if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) { + switch (spdm_context->connection_info.capability.flags & + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MULTI_KEY_CAP) { + case 0: + spdm_context->connection_info.multi_key_conn_rsp = false; + break; + case SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MULTI_KEY_CAP_ONLY: + spdm_context->connection_info.multi_key_conn_rsp = true; + break; + case SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MULTI_KEY_CAP_NEG: + if ((spdm_context->local_context.algorithm.other_params_support & + SPDM_ALGORITHMS_MULTI_KEY_CONN) == 0) { + spdm_context->connection_info.multi_key_conn_rsp = false; + } else { + spdm_context->connection_info.multi_key_conn_rsp = true; + } + break; + default: + return LIBSPDM_STATUS_INVALID_MSG_FIELD; + } + if (spdm_context->connection_info.multi_key_conn_rsp) { + spdm_request->other_params_support |= SPDM_ALGORITHMS_MULTI_KEY_CONN; + } else { + spdm_request->other_params_support &= ~SPDM_ALGORITHMS_MULTI_KEY_CONN; + } + } spdm_request->base_asym_algo = spdm_context->local_context.algorithm.base_asym_algo; spdm_request->base_hash_algo = spdm_context->local_context.algorithm.base_hash_algo; spdm_request->ext_asym_count = 0; @@ -536,6 +562,26 @@ static libspdm_return_t libspdm_try_negotiate_algorithms(libspdm_context_t *spdm } } } + + if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) { + if ((spdm_context->connection_info.algorithm.other_params_support & + SPDM_ALGORITHMS_MULTI_KEY_CONN) == 0) { + if ((spdm_context->local_context.capability.flags & + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP) == + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP_ONLY) { + status = LIBSPDM_STATUS_NEGOTIATION_FAIL; + goto receive_done; + } + spdm_context->connection_info.multi_key_conn_req = false; + } else { + if ((spdm_context->local_context.capability.flags & + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP) == 0) { + status = LIBSPDM_STATUS_NEGOTIATION_FAIL; + goto receive_done; + } + spdm_context->connection_info.multi_key_conn_req = true; + } + } } else { spdm_context->connection_info.algorithm.dhe_named_group = 0; spdm_context->connection_info.algorithm.aead_cipher_suite = 0; diff --git a/library/spdm_responder_lib/libspdm_rsp_algorithms.c b/library/spdm_responder_lib/libspdm_rsp_algorithms.c index 78ac6d91c89..2b56324f704 100644 --- a/library/spdm_responder_lib/libspdm_rsp_algorithms.c +++ b/library/spdm_responder_lib/libspdm_rsp_algorithms.c @@ -579,8 +579,39 @@ libspdm_return_t libspdm_get_response_algorithms(libspdm_context_t *spdm_context spdm_response->other_params_selection = (uint8_t)libspdm_prioritize_algorithm( other_params_support_priority_table, LIBSPDM_ARRAY_SIZE(other_params_support_priority_table), - spdm_context->local_context.algorithm.other_params_support, - spdm_context->connection_info.algorithm.other_params_support); + spdm_context->local_context.algorithm.other_params_support & + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK, + spdm_context->connection_info.algorithm.other_params_support & + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK); + } + + if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) { + switch (spdm_context->connection_info.capability.flags & + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP) { + case 0: + spdm_context->connection_info.multi_key_conn_req = false; + break; + case SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP_ONLY: + spdm_context->connection_info.multi_key_conn_req = true; + break; + case SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MULTI_KEY_CAP_NEG: + if ((spdm_context->local_context.algorithm.other_params_support & + SPDM_ALGORITHMS_MULTI_KEY_CONN) == 0) { + spdm_context->connection_info.multi_key_conn_req = false; + } else { + spdm_context->connection_info.multi_key_conn_req = true; + } + break; + default: + return libspdm_generate_error_response( + spdm_context, SPDM_ERROR_CODE_INVALID_REQUEST, + 0, response_size, response); + } + if (spdm_context->connection_info.multi_key_conn_req) { + spdm_response->other_params_selection |= SPDM_ALGORITHMS_MULTI_KEY_CONN; + } else { + spdm_response->other_params_selection &= ~SPDM_ALGORITHMS_MULTI_KEY_CONN; + } } spdm_context->connection_info.algorithm.measurement_spec = @@ -760,6 +791,30 @@ libspdm_return_t libspdm_get_response_algorithms(libspdm_context_t *spdm_context } } } + + if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) { + if ((spdm_context->connection_info.algorithm.other_params_support & + SPDM_ALGORITHMS_MULTI_KEY_CONN) == 0) { + if ((spdm_context->local_context.capability.flags & + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MULTI_KEY_CAP) == + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MULTI_KEY_CAP_ONLY) { + return libspdm_generate_error_response( + spdm_context, + SPDM_ERROR_CODE_INVALID_REQUEST, 0, + response_size, response); + } + spdm_context->connection_info.multi_key_conn_rsp = false; + } else { + if ((spdm_context->local_context.capability.flags & + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MULTI_KEY_CAP) == 0) { + return libspdm_generate_error_response( + spdm_context, + SPDM_ERROR_CODE_INVALID_REQUEST, 0, + response_size, response); + } + spdm_context->connection_info.multi_key_conn_rsp = true; + } + } } else { spdm_context->connection_info.algorithm.dhe_named_group = 0; spdm_context->connection_info.algorithm.aead_cipher_suite = 0; From 42c4097fcd2c7dd86f6a28d5276155a7ab795ef4 Mon Sep 17 00:00:00 2001 From: Jiewen Yao Date: Mon, 13 Nov 2023 23:51:02 +0800 Subject: [PATCH 5/5] 1.3 clear multi-key flag in context reset Signed-off-by: Jiewen Yao --- library/spdm_common_lib/libspdm_com_context_data.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/spdm_common_lib/libspdm_com_context_data.c b/library/spdm_common_lib/libspdm_com_context_data.c index 1ff9f5cae87..00accb8cfae 100644 --- a/library/spdm_common_lib/libspdm_com_context_data.c +++ b/library/spdm_common_lib/libspdm_com_context_data.c @@ -2752,6 +2752,8 @@ void libspdm_reset_context(void *spdm_context) libspdm_zero_mem(&context->encap_context, sizeof(libspdm_encap_context_t)); context->connection_info.local_used_cert_chain_buffer_size = 0; context->connection_info.local_used_cert_chain_buffer = NULL; + context->connection_info.multi_key_conn_req = false; + context->connection_info.multi_key_conn_rsp = false; #if LIBSPDM_RESPOND_IF_READY_SUPPORT context->cache_spdm_request_size = 0; #endif