@@ -65,6 +65,59 @@ pub(crate) enum SpdmErrorCode {
pub(crate) const SPDM_CERT_CAP: u32 = 1 << 1;
pub(crate) const SPDM_CHAL_CAP: u32 = 1 << 2;
+pub(crate) const SPDM_MEAS_CAP_MASK: u32 = 3 << 3;
+pub(crate) const SPDM_KEY_EX_CAP: u32 = 1 << 9;
pub(crate) const SPDM_REQ_CAPS: u32 = SPDM_CERT_CAP | SPDM_CHAL_CAP;
pub(crate) const SPDM_RSP_MIN_CAPS: u32 = SPDM_CERT_CAP | SPDM_CHAL_CAP;
+
+pub(crate) const SPDM_NEGOTIATE_ALGS: u8 = 0xe3;
+
+pub(crate) const SPDM_MEAS_SPEC_DMTF: u8 = 1 << 0;
+
+pub(crate) const SPDM_ASYM_RSASSA_2048: u32 = 1 << 0;
+pub(crate) const _SPDM_ASYM_RSAPSS_2048: u32 = 1 << 1;
+pub(crate) const SPDM_ASYM_RSASSA_3072: u32 = 1 << 2;
+pub(crate) const _SPDM_ASYM_RSAPSS_3072: u32 = 1 << 3;
+pub(crate) const SPDM_ASYM_ECDSA_ECC_NIST_P256: u32 = 1 << 4;
+pub(crate) const SPDM_ASYM_RSASSA_4096: u32 = 1 << 5;
+pub(crate) const _SPDM_ASYM_RSAPSS_4096: u32 = 1 << 6;
+pub(crate) const SPDM_ASYM_ECDSA_ECC_NIST_P384: u32 = 1 << 7;
+pub(crate) const SPDM_ASYM_ECDSA_ECC_NIST_P521: u32 = 1 << 8;
+pub(crate) const _SPDM_ASYM_SM2_ECC_SM2_P256: u32 = 1 << 9;
+pub(crate) const _SPDM_ASYM_EDDSA_ED25519: u32 = 1 << 10;
+pub(crate) const _SPDM_ASYM_EDDSA_ED448: u32 = 1 << 11;
+
+pub(crate) const SPDM_HASH_SHA_256: u32 = 1 << 0;
+pub(crate) const SPDM_HASH_SHA_384: u32 = 1 << 1;
+pub(crate) const SPDM_HASH_SHA_512: u32 = 1 << 2;
+
+#[cfg(CONFIG_CRYPTO_RSA)]
+pub(crate) const SPDM_ASYM_RSA: u32 =
+ SPDM_ASYM_RSASSA_2048 | SPDM_ASYM_RSASSA_3072 | SPDM_ASYM_RSASSA_4096;
+#[cfg(not(CONFIG_CRYPTO_RSA))]
+pub(crate) const SPDM_ASYM_RSA: u32 = 0;
+
+#[cfg(CONFIG_CRYPTO_ECDSA)]
+pub(crate) const SPDM_ASYM_ECDSA: u32 =
+ SPDM_ASYM_ECDSA_ECC_NIST_P256 | SPDM_ASYM_ECDSA_ECC_NIST_P384 | SPDM_ASYM_ECDSA_ECC_NIST_P521;
+#[cfg(not(CONFIG_CRYPTO_ECDSA))]
+pub(crate) const SPDM_ASYM_ECDSA: u32 = 0;
+
+#[cfg(CONFIG_CRYPTO_SHA256)]
+pub(crate) const SPDM_HASH_SHA2_256: u32 = SPDM_HASH_SHA_256;
+#[cfg(not(CONFIG_CRYPTO_SHA256))]
+pub(crate) const SPDM_HASH_SHA2_256: u32 = 0;
+
+#[cfg(CONFIG_CRYPTO_SHA512)]
+pub(crate) const SPDM_HASH_SHA2_384_512: u32 = SPDM_HASH_SHA_384 | SPDM_HASH_SHA_512;
+#[cfg(not(CONFIG_CRYPTO_SHA512))]
+pub(crate) const SPDM_HASH_SHA2_384_512: u32 = 0;
+
+pub(crate) const SPDM_ASYM_ALGOS: u32 = SPDM_ASYM_RSA | SPDM_ASYM_ECDSA;
+pub(crate) const SPDM_HASH_ALGOS: u32 = SPDM_HASH_SHA2_256 | SPDM_HASH_SHA2_384_512;
+
+/* Maximum number of ReqAlgStructs sent by this implementation */
+// pub(crate) const SPDM_MAX_REQ_ALG_STRUCT: usize = 4;
+
+pub(crate) const SPDM_OPAQUE_DATA_FMT_GENERAL: u8 = 1 << 1;
@@ -115,6 +115,10 @@
return e.to_errno() as c_int;
}
+ if let Err(e) = state.negotiate_algs() {
+ return e.to_errno() as c_int;
+ }
+
0
}
@@ -12,16 +12,22 @@
use kernel::{
bindings,
error::{code::EINVAL, to_result, Error},
+ str::CStr,
validate::Untrusted,
};
use crate::consts::{
- SpdmErrorCode, SPDM_CTEXPONENT, SPDM_ERROR, SPDM_GET_CAPABILITIES, SPDM_GET_VERSION,
- SPDM_GET_VERSION_LEN, SPDM_MAX_VER, SPDM_MIN_DATA_TRANSFER_SIZE, SPDM_MIN_VER, SPDM_REQ,
- SPDM_REQ_CAPS, SPDM_RSP_MIN_CAPS, SPDM_VER_10, SPDM_VER_11, SPDM_VER_12,
+ SpdmErrorCode, SPDM_ASYM_ALGOS, SPDM_ASYM_ECDSA_ECC_NIST_P256, SPDM_ASYM_ECDSA_ECC_NIST_P384,
+ SPDM_ASYM_ECDSA_ECC_NIST_P521, SPDM_ASYM_RSASSA_2048, SPDM_ASYM_RSASSA_3072,
+ SPDM_ASYM_RSASSA_4096, SPDM_CTEXPONENT, SPDM_ERROR, SPDM_GET_CAPABILITIES, SPDM_GET_VERSION,
+ SPDM_GET_VERSION_LEN, SPDM_HASH_ALGOS, SPDM_HASH_SHA_256, SPDM_HASH_SHA_384, SPDM_HASH_SHA_512,
+ SPDM_KEY_EX_CAP, SPDM_MAX_VER, SPDM_MEAS_CAP_MASK, SPDM_MEAS_SPEC_DMTF,
+ SPDM_MIN_DATA_TRANSFER_SIZE, SPDM_MIN_VER, SPDM_NEGOTIATE_ALGS, SPDM_OPAQUE_DATA_FMT_GENERAL,
+ SPDM_REQ, SPDM_REQ_CAPS, SPDM_RSP_MIN_CAPS, SPDM_VER_10, SPDM_VER_11, SPDM_VER_12,
};
use crate::validator::{
- GetCapabilitiesReq, GetCapabilitiesRsp, GetVersionReq, GetVersionRsp, SpdmErrorRsp, SpdmHeader,
+ GetCapabilitiesReq, GetCapabilitiesRsp, GetVersionReq, GetVersionRsp, NegotiateAlgsReq,
+ NegotiateAlgsRsp, RegAlg, SpdmErrorRsp, SpdmHeader,
};
/// The current SPDM session state for a device. Based on the
@@ -40,6 +46,28 @@
/// Negotiated during GET_VERSION exchange.
/// @rsp_caps: Cached capabilities of responder.
/// Received during GET_CAPABILITIES exchange.
+/// @base_asym_alg: Asymmetric key algorithm for signature verification of
+/// CHALLENGE_AUTH and MEASUREMENTS messages.
+/// Selected by responder during NEGOTIATE_ALGORITHMS exchange.
+/// @base_hash_alg: Hash algorithm for signature verification of
+/// CHALLENGE_AUTH and MEASUREMENTS messages.
+/// Selected by responder during NEGOTIATE_ALGORITHMS exchange.
+/// @meas_hash_alg: Hash algorithm for measurement blocks.
+/// Selected by responder during NEGOTIATE_ALGORITHMS exchange.
+/// @base_asym_enc: Human-readable name of @base_asym_alg's signature encoding.
+/// Passed to crypto subsystem when calling verify_signature().
+/// @sig_len: Signature length of @base_asym_alg (in bytes).
+/// S or SigLen in SPDM specification.
+/// @base_hash_alg_name: Human-readable name of @base_hash_alg.
+/// Passed to crypto subsystem when calling crypto_alloc_shash() and
+/// verify_signature().
+/// @base_hash_alg_name: Human-readable name of @base_hash_alg.
+/// Passed to crypto subsystem when calling crypto_alloc_shash() and
+/// verify_signature().
+/// @shash: Synchronous hash handle for @base_hash_alg computation.
+/// @desc: Synchronous hash context for @base_hash_alg computation.
+/// @hash_len: Hash length of @base_hash_alg (in bytes).
+/// H in SPDM specification.
///
/// @authenticated: Whether device was authenticated successfully.
#[allow(dead_code)]
@@ -54,6 +82,19 @@ pub struct SpdmState {
/* Negotiated state */
pub(crate) version: u8,
pub(crate) rsp_caps: u32,
+ pub(crate) base_asym_alg: u32,
+ pub(crate) base_hash_alg: u32,
+ pub(crate) meas_hash_alg: u32,
+
+ /* Signature algorithm */
+ base_asym_enc: &'static CStr,
+ sig_len: usize,
+
+ /* Hash algorithm */
+ base_hash_alg_name: &'static CStr,
+ shash: Option<*mut bindings::crypto_shash>,
+ desc: Option<&'static mut bindings::shash_desc>,
+ hash_len: usize,
pub(crate) authenticated: bool,
}
@@ -76,6 +117,15 @@ pub(crate) fn new(
validate,
version: SPDM_MIN_VER,
rsp_caps: 0,
+ base_asym_alg: 0,
+ base_hash_alg: 0,
+ meas_hash_alg: 0,
+ base_asym_enc: unsafe { CStr::from_bytes_with_nul_unchecked(b"\0") },
+ sig_len: 0,
+ base_hash_alg_name: unsafe { CStr::from_bytes_with_nul_unchecked(b"\0") },
+ shash: None,
+ desc: None,
+ hash_len: 0,
authenticated: false,
}
}
@@ -336,4 +386,171 @@ pub(crate) fn get_capabilities(&mut self) -> Result<(), Error> {
Ok(())
}
+
+ fn update_response_algs(&mut self) -> Result<(), Error> {
+ match self.base_asym_alg {
+ SPDM_ASYM_RSASSA_2048 => {
+ self.sig_len = 256;
+ self.base_asym_enc = CStr::from_bytes_with_nul(b"pkcs1\0")?;
+ }
+ SPDM_ASYM_RSASSA_3072 => {
+ self.sig_len = 384;
+ self.base_asym_enc = CStr::from_bytes_with_nul(b"pkcs1\0")?;
+ }
+ SPDM_ASYM_RSASSA_4096 => {
+ self.sig_len = 512;
+ self.base_asym_enc = CStr::from_bytes_with_nul(b"pkcs1\0")?;
+ }
+ SPDM_ASYM_ECDSA_ECC_NIST_P256 => {
+ self.sig_len = 64;
+ self.base_asym_enc = CStr::from_bytes_with_nul(b"p1363\0")?;
+ }
+ SPDM_ASYM_ECDSA_ECC_NIST_P384 => {
+ self.sig_len = 96;
+ self.base_asym_enc = CStr::from_bytes_with_nul(b"p1363\0")?;
+ }
+ SPDM_ASYM_ECDSA_ECC_NIST_P521 => {
+ self.sig_len = 132;
+ self.base_asym_enc = CStr::from_bytes_with_nul(b"p1363\0")?;
+ }
+ _ => {
+ pr_err!("Unknown asym algorithm\n");
+ return Err(EINVAL);
+ }
+ }
+
+ match self.base_hash_alg {
+ SPDM_HASH_SHA_256 => {
+ self.base_hash_alg_name = CStr::from_bytes_with_nul(b"sha256\0")?;
+ }
+ SPDM_HASH_SHA_384 => {
+ self.base_hash_alg_name = CStr::from_bytes_with_nul(b"sha384\0")?;
+ }
+ SPDM_HASH_SHA_512 => {
+ self.base_hash_alg_name = CStr::from_bytes_with_nul(b"sha512\0")?;
+ }
+ _ => {
+ pr_err!("Unknown hash algorithm\n");
+ return Err(EINVAL);
+ }
+ }
+
+ /*
+ * shash and desc allocations are reused for subsequent measurement
+ * retrieval, hence are not freed until spdm_reset().
+ */
+ let shash =
+ unsafe { bindings::crypto_alloc_shash(self.base_hash_alg_name.as_char_ptr(), 0, 0) };
+ if shash.is_null() {
+ return Err(ENOMEM);
+ }
+
+ let desc_len = core::mem::size_of::<bindings::shash_desc>()
+ + unsafe { bindings::crypto_shash_descsize(shash) } as usize;
+ self.shash = Some(shash);
+
+ let mut desc_vec: KVec<u8> = KVec::with_capacity(desc_len, GFP_KERNEL)?;
+ // SAFETY: `desc_vec` is `desc_len` long
+ let desc_buf = unsafe { from_raw_parts_mut(desc_vec.as_mut_ptr(), desc_len) };
+
+ let desc = unsafe {
+ core::mem::transmute::<*mut c_void, &mut bindings::shash_desc>(
+ desc_buf.as_mut_ptr() as *mut c_void
+ )
+ };
+ desc.tfm = shash;
+
+ self.desc = Some(desc);
+
+ /* Used frequently to compute offsets, so cache H */
+ self.shash.map(|shash| {
+ self.hash_len = unsafe { bindings::crypto_shash_digestsize(shash) as usize };
+ });
+
+ if let Some(desc) = &mut self.desc {
+ unsafe {
+ to_result(bindings::crypto_shash_init(
+ *desc as *mut bindings::shash_desc,
+ ))
+ }
+ } else {
+ Err(ENOMEM)
+ }
+ }
+
+ pub(crate) fn negotiate_algs(&mut self) -> Result<(), Error> {
+ let mut request = NegotiateAlgsReq::default();
+ let reg_alg_entries = 0;
+
+ request.version = self.version;
+ request.code = SPDM_NEGOTIATE_ALGS;
+ request.measurement_specification = SPDM_MEAS_SPEC_DMTF;
+ request.base_asym_algo = SPDM_ASYM_ALGOS.to_le();
+ request.base_hash_algo = SPDM_HASH_ALGOS.to_le();
+
+ if self.version >= SPDM_VER_12 && (self.rsp_caps & SPDM_KEY_EX_CAP) == SPDM_KEY_EX_CAP {
+ request.other_params_support = SPDM_OPAQUE_DATA_FMT_GENERAL;
+ }
+
+ let req_sz = core::mem::size_of::<NegotiateAlgsReq>()
+ + core::mem::size_of::<RegAlg>() * reg_alg_entries;
+ let rsp_sz = core::mem::size_of::<NegotiateAlgsRsp>()
+ + core::mem::size_of::<RegAlg>() * reg_alg_entries;
+
+ request.length = req_sz as u16;
+ request.param1 = reg_alg_entries as u8;
+
+ // SAFETY: `request` is repr(C) and packed, so we can convert it to a slice
+ let request_buf = unsafe { from_raw_parts_mut(&mut request as *mut _ as *mut u8, req_sz) };
+
+ let mut response_vec: KVec<u8> = KVec::with_capacity(rsp_sz, GFP_KERNEL)?;
+ // SAFETY: `request` is repr(C) and packed, so we can convert it to a slice
+ let response_buf = unsafe { from_raw_parts_mut(response_vec.as_mut_ptr(), rsp_sz) };
+
+ let rc = self.spdm_exchange(request_buf, response_buf)?;
+
+ if rc < (rsp_sz as i32) {
+ pr_err!("Truncated capabilities response\n");
+ to_result(-(bindings::EIO as i32))?;
+ }
+
+ // SAFETY: `rc` bytes where inserted to the raw pointer by spdm_exchange
+ unsafe { response_vec.set_len(rc as usize) };
+
+ let response: &mut NegotiateAlgsRsp =
+ Untrusted::new_mut(&mut response_vec).validate_mut()?;
+
+ self.base_asym_alg = response.base_asym_sel;
+ self.base_hash_alg = response.base_hash_sel;
+ self.meas_hash_alg = response.measurement_hash_algo;
+
+ if self.base_asym_alg & SPDM_ASYM_ALGOS == 0 || self.base_hash_alg & SPDM_HASH_ALGOS == 0 {
+ pr_err!("No common supported algorithms\n");
+ to_result(-(bindings::EPROTO as i32))?;
+ }
+
+ // /* Responder shall select exactly 1 alg (SPDM 1.0.0 table 14) */
+ if self.base_asym_alg.count_ones() != 1
+ || self.base_hash_alg.count_ones() != 1
+ || response.ext_asym_sel_count != 0
+ || response.ext_hash_sel_count != 0
+ || response.param1 > request.param1
+ || response.other_params_sel != request.other_params_support
+ {
+ pr_err!("Malformed algorithms response\n");
+ to_result(-(bindings::EPROTO as i32))?;
+ }
+
+ if self.rsp_caps & SPDM_MEAS_CAP_MASK == SPDM_MEAS_CAP_MASK
+ && (self.meas_hash_alg.count_ones() != 1
+ || response.measurement_specification_sel != SPDM_MEAS_SPEC_DMTF)
+ {
+ pr_err!("Malformed algorithms response\n");
+ to_result(-(bindings::EPROTO as i32))?;
+ }
+
+ self.update_response_algs()?;
+
+ Ok(())
+ }
}
@@ -6,7 +6,7 @@
//!
//! Copyright (C) 2024 Western Digital
-use crate::bindings::{__IncompleteArrayField, __le16};
+use crate::bindings::{__IncompleteArrayField, __le16, __le32};
use crate::consts::SpdmErrorCode;
use core::mem;
use kernel::prelude::*;
@@ -191,3 +191,111 @@ fn validate(unvalidated: &mut Unvalidated<KVec<u8>>) -> Result<Self, Self::Err>
Ok(rsp)
}
}
+
+#[repr(C, packed)]
+pub(crate) struct RegAlg {
+ pub(crate) alg_type: u8,
+ pub(crate) alg_count: u8,
+ pub(crate) alg_supported: u16,
+ pub(crate) alg_external: __IncompleteArrayField<__le32>,
+}
+
+#[repr(C, packed)]
+pub(crate) struct NegotiateAlgsReq {
+ pub(crate) version: u8,
+ pub(crate) code: u8,
+ pub(crate) param1: u8,
+ pub(crate) param2: u8,
+
+ pub(crate) length: u16,
+ pub(crate) measurement_specification: u8,
+ pub(crate) other_params_support: u8,
+
+ pub(crate) base_asym_algo: u32,
+ pub(crate) base_hash_algo: u32,
+
+ reserved1: [u8; 12],
+
+ pub(crate) ext_asym_count: u8,
+ pub(crate) ext_hash_count: u8,
+ reserved2: u8,
+ pub(crate) mel_specification: u8,
+
+ pub(crate) ext_asym: __IncompleteArrayField<__le32>,
+ pub(crate) ext_hash: __IncompleteArrayField<__le32>,
+ pub(crate) req_alg_struct: __IncompleteArrayField<RegAlg>,
+}
+
+impl Default for NegotiateAlgsReq {
+ fn default() -> Self {
+ NegotiateAlgsReq {
+ version: 0,
+ code: 0,
+ param1: 0,
+ param2: 0,
+ length: 0,
+ measurement_specification: 0,
+ other_params_support: 0,
+ base_asym_algo: 0,
+ base_hash_algo: 0,
+ reserved1: [0u8; 12],
+ ext_asym_count: 0,
+ ext_hash_count: 0,
+ reserved2: 0,
+ mel_specification: 0,
+ ext_asym: __IncompleteArrayField::new(),
+ ext_hash: __IncompleteArrayField::new(),
+ req_alg_struct: __IncompleteArrayField::new(),
+ }
+ }
+}
+
+#[repr(C, packed)]
+pub(crate) struct NegotiateAlgsRsp {
+ pub(crate) version: u8,
+ pub(crate) code: u8,
+ pub(crate) param1: u8,
+ pub(crate) param2: u8,
+
+ pub(crate) length: u16,
+ pub(crate) measurement_specification_sel: u8,
+ pub(crate) other_params_sel: u8,
+
+ pub(crate) measurement_hash_algo: u32,
+ pub(crate) base_asym_sel: u32,
+ pub(crate) base_hash_sel: u32,
+
+ reserved1: [u8; 11],
+
+ pub(crate) mel_specification_sel: u8,
+ pub(crate) ext_asym_sel_count: u8,
+ pub(crate) ext_hash_sel_count: u8,
+ reserved2: [u8; 2],
+
+ pub(crate) ext_asym: __IncompleteArrayField<__le32>,
+ pub(crate) ext_hash: __IncompleteArrayField<__le32>,
+ pub(crate) req_alg_struct: __IncompleteArrayField<RegAlg>,
+}
+
+impl Validate<&mut Unvalidated<KVec<u8>>> for &mut NegotiateAlgsRsp {
+ type Err = Error;
+
+ fn validate(unvalidated: &mut Unvalidated<KVec<u8>>) -> Result<Self, Self::Err> {
+ let raw = unvalidated.raw_mut();
+ if raw.len() < mem::size_of::<NegotiateAlgsRsp>() {
+ return Err(EINVAL);
+ }
+
+ let ptr = raw.as_mut_ptr();
+ // CAST: `NegotiateAlgsRsp` only contains integers and has `repr(C)`.
+ let ptr = ptr.cast::<NegotiateAlgsRsp>();
+ // SAFETY: `ptr` came from a reference and the cast above is valid.
+ let rsp: &mut NegotiateAlgsRsp = unsafe { &mut *ptr };
+
+ rsp.base_asym_sel = rsp.base_asym_sel.to_le();
+ rsp.base_hash_sel = rsp.base_hash_sel.to_le();
+ rsp.measurement_hash_algo = rsp.measurement_hash_algo.to_le();
+
+ Ok(rsp)
+ }
+}
@@ -30,3 +30,7 @@
--allowlist-function copy_from_user
--allowlist-function copy_to_user
+
+--allowlist-function crypto_shash_descsize
+--allowlist-function crypto_shash_init
+--allowlist-function crypto_shash_digestsize
@@ -6,6 +6,7 @@
* Sorted alphabetically.
*/
+#include <crypto/hash.h>
#include <kunit/test.h>
#include <linux/blk-mq.h>
#include <linux/blk_types.h>
Support the NEGOTIATE_ALGORITHMS SPDM command. Signed-off-by: Alistair Francis <alistair@alistair23.me> --- lib/rspdm/consts.rs | 53 ++++++++ lib/rspdm/lib.rs | 4 + lib/rspdm/state.rs | 225 +++++++++++++++++++++++++++++++- lib/rspdm/validator.rs | 110 +++++++++++++++- rust/bindgen_static_functions | 4 + rust/bindings/bindings_helper.h | 1 + 6 files changed, 392 insertions(+), 5 deletions(-)