// Copyright (c) Microsoft Corporation. All rights reserved. // Licensed under the MIT license. #ifndef CMD_INTERFACE_SPDM_RESPONDER_H_ #define CMD_INTERFACE_SPDM_RESPONDER_H_ #include <stdint.h> #include "spdm_commands.h" #include "spdm_measurements.h" #include "spdm_protocol.h" #include "spdm_transcript_manager.h" #include "cmd_interface/cmd_interface.h" #include "crypto/ecc.h" #include "crypto/hash.h" #include "crypto/rng.h" #include "riot/riot_key_manager.h" /** * Minimum number of hash engines required for an SPDM responder. */ #define SPDM_RESPONDER_HASH_ENGINE_REQUIRED_COUNT 2 /** * Command interface for processing SPDM protocol requests. */ struct cmd_interface_spdm_responder { struct cmd_interface base; /**< Base command interface. */ struct spdm_state *state; /**< SPDM state. */ const struct hash_engine *const *hash_engine; /**< Hash engines for hashing operations. */ uint8_t hash_engine_count; /**< Number of hash engine instances. */ const struct spdm_transcript_manager *transcript_manager; /**< Transcript manager for SPDM. */ const struct riot_key_manager *key_manager; /**< Manager for device certificate chain. */ const struct spdm_measurements *measurements; /**< Measurements for the device. */ const struct ecc_engine *ecc_engine; /**< Engine for ECC operations. */ const struct rng_engine *rng_engine; /**< Engine for random number generation. */ const struct spdm_version_num_entry *version_num; /**< Supported version number(s). */ uint8_t version_num_count; /**< Number of supported version number(s). */ const struct spdm_version_num_entry *secure_message_version_num; /**< Supported secure message version number(s). */ uint8_t secure_message_version_num_count; /**< Number of secure message supported version number(s). */ const struct spdm_device_capability *local_capabilities; /**< Local SPDM capabilities. */ const struct spdm_local_device_algorithms *local_algorithms; /**< Local SPDM algorithms and their priorities. */ struct spdm_secure_session_manager *session_manager; /**< Session manager for managing secure sessions. */ const struct cmd_interface *vdm_handler; /**< Command handler for VDM messages */ }; int cmd_interface_spdm_responder_init (struct cmd_interface_spdm_responder *spdm_responder, struct spdm_state *state, const struct spdm_transcript_manager *transcript_manager, const struct hash_engine *const *hash_engine, uint8_t hash_engine_count, const struct spdm_version_num_entry *version_num, uint8_t version_num_count, const struct spdm_version_num_entry *secure_message_version_num, uint8_t secure_message_version_num_count, const struct spdm_device_capability *local_capabilities, const struct spdm_local_device_algorithms *local_algorithms, const struct riot_key_manager *key_manager, const struct spdm_measurements *measurements, const struct ecc_engine *ecc_engine, const struct rng_engine *rng_engine, struct spdm_secure_session_manager *session_manager, const struct cmd_interface *vdm_handler); int cmd_interface_spdm_responder_init_state ( const struct cmd_interface_spdm_responder *spdm_responder); void cmd_interface_spdm_responder_deinit ( const struct cmd_interface_spdm_responder *spdm_responder); #define CMD_HANDLER_SPDM_RESPONDER_ERROR(\ code) ROT_ERROR (ROT_MODULE_CMD_HANDLER_SPDM_RESPONDER, code) /** * Error codes that can be generated by the SPDM responder. */ enum { CMD_HANDLER_SPDM_RESPONDER_INVALID_ARGUMENT = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x00), /**< Input parameter is null or not valid. */ CMD_HANDLER_SPDM_RESPONDER_NO_MEMORY = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x01), /**< Memory allocation failed. */ CMD_HANDLER_SPDM_RESPONDER_UNKNOWN_COMMAND = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x02), /**< A command does not represent a known request. */ CMD_HANDLER_SPDM_RESPONDER_SPDM_BAD_LENGTH = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x03), /**< The payload length is wrong for the request. */ CMD_HANDLER_SPDM_RESPONDER_DEVICE_CERT_NOT_AVAILABLE = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x04), /**< The device cert is not available. */ CMD_HANDLER_SPDM_RESPONDER_ALIAS_CERT_NOT_AVAILABLE = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x05), /**< The alias cert is not available. */ CMD_HANDLER_SPDM_RESPONDER_UNSUPPORTED_OPERATION = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x06), /**< The request is not supported. */ CMD_HANDLER_SPDM_RESPONDER_INVALID_REQUEST = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x07), /**< The request is invalid. */ CMD_HANDLER_SPDM_RESPONDER_VERSION_MISMATCH = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x08), /**< The request version is not supported. */ CMD_HANDLER_SPDM_RESPONDER_UNSUPPORTED_CAPABILITY = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x09), /**< The device capability is not supported. */ CMD_HANDLER_SPDM_RESPONDER_INCOMPATIBLE_CAPABILITIES = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x0a), /**< The device capabilities are incompatible. */ CMD_HANDLER_SPDM_RESPONDER_UNEXPECTED_REQUEST = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x0b), /**< The request is unexpected. */ CMD_HANDLER_SPDM_RESPONDER_INTERNAL_ERROR = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x0c), /**< An internal error occurred. */ CMD_HANDLER_SPDM_RESPONDER_RESPONSE_TOO_LARGE = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x0d), /**< The response is too large. */ CMD_HANDLER_SPDM_RESPONDER_UNSUPPORTED_SIG_SIZE = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x0e), /**< The signature size is not supported. */ CMD_HANDLER_SPDM_RESPONDER_UNSUPPORTED_DHE_KEY_SIZE = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x0f), /**< The DHE key size is not supported. */ CMD_HANDLER_SPDM_RESPONDER_UNSUPPORTED_HMAC_HASH_TYPE = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x10), /**< The HMAC hash type is not supported. */ CMD_HANDLER_SPDM_RESPONDER_INVALID_RESPONSE_STATE = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x11), /**< The response state is invalid. */ CMD_HANDLER_SPDM_RESPONDER_INVALID_CONNECTION_STATE = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x12), /**< The connection state is invalid. */ CMD_HANDLER_SPDM_RESPONDER_PREV_SESSION_VALID = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x13), /**< The previous session is still valid. */ CMD_HANDLER_SPDM_RESPONDER_SESSION_LIMIT_EXCEEDED = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x14), /**< The session limit has been exceeded. */ CMD_HANDLER_SPDM_RESPONDER_UNSUPPORTED_HASH_ALGO = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x15), /**< The hash algorithm is not supported. */ CMD_HANDLER_SPDM_RESPONDER_INVALID_OPAQUE_DATA_FORMAT = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x16), /**< The opaque data format is invalid. */ CMD_HANDLER_SPDM_RESPONDER_INVALID_SESSION_STATE = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x17), /**< The session manager state is invalid. */ CMD_HANDLER_SPDM_RESPONDER_DECRYPT_ERROR = CMD_HANDLER_SPDM_RESPONDER_ERROR (0x18), /**< Decrypt operation failed. */ }; #endif /* CMD_INTERFACE_SPDM_RESPONDER_H_ */