CAPABILITIES: Add SupportedAlgorithms #2968
Conversation
ShitalJumbad
force-pushed
the
fix-2279
branch
3 times, most recently
from
a061ee9 to
c0d1cd5
Compare
| @@ -251,6 +251,10 @@ static libspdm_return_t libspdm_try_get_capabilities(libspdm_context_t *spdm_con | |||
| } | |||
| spdm_request->header.request_response_code = SPDM_GET_CAPABILITIES; | |||
| spdm_request->header.param1 = 0; | |||
| if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13 && | |||
There was a problem hiding this comment.
The check for Requester's CHUNK_CAP should be a LIBSPDM_ASSERT done near the top of this function.
| status = LIBSPDM_STATUS_INVALID_MSG_SIZE; | ||
| goto receive_done; | ||
| } | ||
| } | ||
| if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_12) { | ||
|
|
There was a problem hiding this comment.
In addition to size checks there are some checks that can be performed based on the Responder's algorithms and capabilities. For example if Responder's KEY_EX_CAP is set then it needs DHE algorithms. See #2947 for more information.
There was a problem hiding this comment.
Updated the change, please let me know if it looks okay.
| if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13 && | ||
| (spdm_request->header.param1 & 0x01) && | ||
| ((spdm_request->flags & | ||
| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHUNK_CAP) == 0)) { |
There was a problem hiding this comment.
Both the Requester and Responder's CHUNK_CAP needs to be set for this to occur.
There was a problem hiding this comment.
No, they need to be checked.
| *response_size = sizeof(spdm_capabilities_response_t); | ||
|
|
||
| spdm_response->supported_algorithms.param1 = spdm_context->local_context.algorithm.param1; |
There was a problem hiding this comment.
Need to check if dhe_named_group, aead_cipher_suite, etc, is non-zero to populate this.
ShitalJumbad
force-pushed
the
fix-2279
branch
10 times, most recently
from
4b465cb to
d8be4bf
Compare
fix DMTF#2279 Signed-off-by: Shital Jumbad <sjumbad@nvidia.com>
ShitalJumbad
force-pushed
the
fix-2279
branch
from
d8be4bf to
edf4eaa
Compare
| @@ -417,3 +466,23 @@ libspdm_return_t libspdm_get_capabilities(libspdm_context_t *spdm_context) | |||
|
|
|||
| return status; | |||
| } | |||
|
|
|||
| libspdm_return_t libspdm_get_supported_algorithms(void *spdm_context) | |||
There was a problem hiding this comment.
This should go in libspdm_req_communications.c.
| if (LIBSPDM_STATUS_IS_ERROR(status)) { | ||
| return status; | ||
| } | ||
|
|
There was a problem hiding this comment.
Need to check that the negotiated version is >= 1.3. If it isn't then there's no point in calling libspdm_get_capabilities.
| { | ||
| libspdm_return_t status; | ||
| libspdm_context_t *context; | ||
|
|
There was a problem hiding this comment.
Can add assert that at least one of the versions supported by the Requester is >= 1.3, and that the Requester supports CHUNK_CAP.
| * @retval RETURN_SUCCESS The connection is initialized successfully. | ||
| * @retval RETURN_DEVICE_ERROR A device error occurs when communicates with the device. | ||
| **/ | ||
| libspdm_return_t libspdm_get_supported_algorithms( |
There was a problem hiding this comment.
This function needs to return the supported algorithms to the caller, presumably as a struct that looks a bit like spdm_supported_algorithms_block_t, but without the params and whatnot.
| @@ -271,10 +271,98 @@ libspdm_return_t libspdm_get_response_capabilities(libspdm_context_t *spdm_conte | |||
| spdm_context->local_context.capability.max_spdm_msg_size; | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
As a basic validation step, need to check that if negotiated version is >= 1.3 and Param1[0] is set then the Requester's CHUNK_CAP is also set.
| @@ -271,10 +271,98 @@ libspdm_return_t libspdm_get_response_capabilities(libspdm_context_t *spdm_conte | |||
| spdm_context->local_context.capability.max_spdm_msg_size; | |||
| } | |||
|
|
|||
| if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_12) { | |||
| if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13 && | |||
There was a problem hiding this comment.
This is also conditional on both Requester and Responder supporting CHUNK_CAP.
| spdm_response->supported_algorithms.mel_specification = | ||
| spdm_context->local_context.algorithm.mel_spec; | ||
|
|
||
| uint8_t index = 0; |
There was a problem hiding this comment.
Need to declare this at line 277 before any statements. The libspdm codebase tries to be as C89-compatible as possible.
| (spdm_negotiate_algorithms_common_struct_table_t*)(&spdm_response->supported_algorithms | ||
| +1); | ||
|
|
||
| if ((spdm_context->connection_info.capability.flags & |
There was a problem hiding this comment.
On the Responder side I don't think the capability checks are needed. If Integrator has a non-zero algorithm then just send it. libspdm_check_context can be used by the Integrator to check if they have configured things correctly.
fix #2279