// Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT license. #ifndef ATTESTATION_H_ #define ATTESTATION_H_ #include <stdint.h> #include "pcr.h" #include "crypto/hash.h" #include "status/rot_status.h" // Length of challenge nonce in Cerberus Challenge #define ATTESTATION_NONCE_LEN SHA256_HASH_LENGTH /** * Key exchange algorithms */ enum { ATTESTATION_KEY_EXCHANGE_NONE = 0, /**< No key exchange requested */ ATTESTATION_ECDHE_KEY_EXCHANGE, /**< ECDHE key exchange */ NUM_ATTESTATION_KEY_EXCHANGE_ALGORITHMS, /**< Number of key exchange algorithms */ }; /** * Slot numbers for each supported certificate chain */ enum { ATTESTATION_RIOT_SLOT_NUM = 0, /**< Slot number for the RIoT certificate chain */ ATTESTATION_AUX_SLOT_NUM, /**< Slot number for the auxiliary certificate chain */ ATTESTATION_MAX_SLOT_NUM = 7, /**< The maximum allowed certificate slot number */ }; /** * Attestation protocols supported by device */ enum attestation_protocol { ATTESTATION_PROTOCOL_CERBERUS = 0, /**< Cerberus challenge protocol */ ATTESTATION_PROTOCOL_DMTF_SPDM, /**< DMTF SPDM protocol */ }; /** * Attestation protocols spdm minor version numbers */ enum attestation_spdm_minor_version { ATTESTATION_PROTOCOL_DMTF_SPDM_1_0 = 0, /**< DMTF SPDM protocol 1.0 */ ATTESTATION_PROTOCOL_DMTF_SPDM_1_1, /**< DMTF SPDM protocol 1.1 */ ATTESTATION_PROTOCOL_DMTF_SPDM_1_2, /**< DMTF SPDM protocol 1.2 */ }; #pragma pack(push, 1) /** * Challenge nonce. This follows the format in the Cerberus protocol. */ struct attestation_challenge { uint8_t slot_num; /**< The slot number of the chain to use. */ uint8_t reserved; /**< Reserved */ uint8_t nonce[ATTESTATION_NONCE_LEN]; /**< Nonce chosen by requestor. */ }; #define ATTESTATION_CHALLENGE_LEN \ (sizeof (struct attestation_challenge)) /** * Challenge attestation response. This follows the format in the Cerberus protocol. */ struct attestation_response { uint8_t slot_num; /**< The slot number of the chain used when generating response. */ uint8_t slot_mask; /**< The certificate slot mask. */ uint8_t min_protocol_version; /**< Minimum protocol version supported by device. */ uint8_t max_protocol_version; /**< Maximum protocol version supported by device. */ uint16_t reserved; /**< Reserved. */ uint8_t nonce[ATTESTATION_NONCE_LEN]; /**< Nonce chosen by responder. */ uint8_t num_digests; /**< Number of components used to generate PMR digest. */ uint8_t digests_size; /**< Length of PMR digests in bytes. */ }; #define ATTESTATION_CHALLENGE_RSP_LEN \ (sizeof (struct attestation_response)) #pragma pack(pop) #define ATTESTATION_ERROR(\ code) ROT_ERROR (ROT_MODULE_ATTESTATION, code) /** * Error codes that can be generated by the attestation manager. */ enum { ATTESTATION_INVALID_ARGUMENT = ATTESTATION_ERROR (0x00), /**< Input parameter is null or not valid. */ ATTESTATION_NO_MEMORY = ATTESTATION_ERROR (0x01), /**< Memory allocation failed. */ ATTESTATION_INVALID_SLOT_NUM = ATTESTATION_ERROR (0x02), /**< Unsupported certificate slot number. */ ATTESTATION_INVALID_STATE = ATTESTATION_ERROR (0x03), /**< Invalid state. */ ATTESTATION_INVALID_DEVICE_NUM = ATTESTATION_ERROR (0x04), /**< Invalid device number. */ ATTESTATION_INVALID_CERT_NUM = ATTESTATION_ERROR (0x05), /**< Invalid certificate number. */ ATTESTATION_INVALID_DEVICE_ADDR = ATTESTATION_ERROR (0x06), /**< Unsupported device address. */ ATTESTATION_UNSUPPORTED_PROTOCOL_VERSION = ATTESTATION_ERROR (0x07), /**< Unsupported protocol version. */ ATTESTATION_INVALID_CERT_CHAIN = ATTESTATION_ERROR (0x08), /**< Invalid certificate chain. */ ATTESTATION_UNSUPPORTED_ALGORITHM = ATTESTATION_ERROR (0x09), /**< Unsupported algorithm. */ // ATTESTATION_INVALID_MEASUREMENT = ATTESTATION_ERROR (0x0A), /**< Invalid platform measurement. */ ATTESTATION_BUF_TOO_SMALL = ATTESTATION_ERROR (0x0B), /**< Provided buffer too small for output. */ ATTESTATION_CERT_NOT_AVAILABLE = ATTESTATION_ERROR (0x0C), /**< Certificate queried not found. */ ATTESTATION_BAD_LENGTH = ATTESTATION_ERROR (0x0D), /**< The payload length is wrong for the request. */ ATTESTATION_UNSUPPORTED_OPERATION = ATTESTATION_ERROR (0x0E), /**< The requested operation is not supported. */ ATTESTATION_REQUEST_FAILED = ATTESTATION_ERROR (0x0F), /**< Request to attestation target failed */ ATTESTATION_UNSUPPORTED_PROTOCOL = ATTESTATION_ERROR (0x10), /**< Unsupported attestation protocol. */ ATTESTATION_NO_CFM = ATTESTATION_ERROR (0x11), /**< No active CFM found. */ ATTESTATION_CFM_INVALID_ATTESTATION = ATTESTATION_ERROR (0x12), /**< CFM attestation rule invalid for device being attested. */ ATTESTATION_CFM_ATTESTATION_RULE_FAIL = ATTESTATION_ERROR (0x13), /**< CFM attestation rule failed for device being attested. */ ATTESTATION_ALIAS_KEY_LOAD_FAIL = ATTESTATION_ERROR (0x14), /**< Failed to load device alias key from device manager. */ ATTESTATION_REFRESH_ROUTING_TABLE = ATTESTATION_ERROR (0x15), /**< Updated MCTP bridge routing table needs to be retrieved. */ ATTESTATION_GET_DEVICE_ID_FAIL = ATTESTATION_ERROR (0x16), /**< Device failed to send SPDM device ID block. */ ATTESTATION_TOO_MANY_RETRIES_REQUESTED = ATTESTATION_ERROR (0x17), /**< Device requested too many ResponseNotReady retries. */ ATTESTATION_GET_MEAS_OPERATION_UNEXPECTED = ATTESTATION_ERROR (0x18), /**< Get Measurements response does not perform requested operation. */ ATTESTATION_GET_MEAS_RSP_NOT_DIGEST = ATTESTATION_ERROR (0x19), /**< Get Measurements response includes block in raw form when digest requested. */ ATTESTATION_GET_MEAS_RSP_NOT_RAW = ATTESTATION_ERROR (0x1A), /**< Get Measurements response includes block in digest form when raw requested. */ ATTESTATION_GET_MEAS_BLOCKS_TOO_LARGE = ATTESTATION_ERROR (0x1B), /**< Get Measurements response data larger than internal buffers.*/ ATTESTATION_DEVICE_NOT_INTEROPERABLE = ATTESTATION_ERROR (0x1C), /**< Device SPDM version not supported. */ ATTESTATION_UNEXPECTED_ALG_IN_RESPONSE = ATTESTATION_ERROR (0x1D), /**< Device response utilizes unexpected algorithm. */ ATTESTATION_UNSUPPORTED_MEASUREMENT_SPEC = ATTESTATION_ERROR (0x1E), /**< Unsupported measurement spec utilized by device. */ // ATTESTATION_GET_CERT_NOT_SUPPORTED_BY_DEVICE = ATTESTATION_ERROR (0x1F), /**< Device does not support required Get Certificates command.*/ ATTESTATION_GET_MEAS_NOT_SUPPORTED_BY_DEVICE = ATTESTATION_ERROR (0x20), /**< Device does not support required Get Measurements command.*/ ATTESTATION_REQUESTED_SLOT_NUM_EMPTY = ATTESTATION_ERROR (0x21), /**< Requested certificate slot number empty in response. */ ATTESTATION_UNEXPECTED_SLOT_NUM = ATTESTATION_ERROR (0x22), /**< Certificate slot number in response unexpected. */ ATTESTATION_UNEXPECTED_NUM_MEAS_BLOCKS = ATTESTATION_ERROR (0x23), /**< Unexpected number of measurement blocks in response. */ ATTESTATION_CFM_VERSION_SET_SELECTOR_INVALID = ATTESTATION_ERROR (0x24), /**< CFM version set selector entry invalid. */ ATTESTATION_FAILED_TO_SELECT_VERSION_SET = ATTESTATION_ERROR (0x25), /**< Failed to determine device version set using CFM version set selector entry. */ ATTESTATION_GET_MEAS_CAP_MISMATCH_BY_DEVICE = ATTESTATION_ERROR (0x26), /**< Target device support mismatched measurement response capabilities. */ ATTESTATION_CHAL_CAP_MISMATCH_BY_DEVICE = ATTESTATION_ERROR (0x27), /**< Target device support mismatched challenge response capabilities. */ ATTESTATION_CERT_TOO_LARGE = ATTESTATION_ERROR (0x28), /**< A single device cert cannot fit into the message buffer. */ ATTESTATION_BUFFER_OVERRUN = ATTESTATION_ERROR (0x29), /**< Buffer overrun occurs when a program accesses memory beyond the allocated buffer size. */ }; #endif /* ATTESTATION_H_ */