diff --git a/SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h b/SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h index 8ec6e61675..e79c705f03 100644 --- a/SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h +++ b/SecurityPkg/DeviceSecurity/SpdmLib/Include/Stub/SpdmLibStub.h @@ -84,201 +84,6 @@ typedef struct { #define SPDM_DATA_PARAMETER libspdm_data_parameter_t -typedef enum { - // - // SPDM parameter - // - SpdmDataSpdmVersion, - SpdmDataSecuredMessageVersion, - // - // SPDM capability - // - SpdmDataCapabilityFlags, - SpdmDataCapabilityCTExponent, - SpdmDataCapabilityRttUs, - SpdmDataCapabilityDataTransferSize, - SpdmDataCapabilityMaxSpdmMsgSize, - SpdmDataCapabilitySenderDataTransferSize, - - // - // SPDM Algorithm setting - // - SpdmDataMeasurementSpec, - SpdmDataMeasurementHashAlgo, - SpdmDataBaseAsymAlgo, - SpdmDataBaseHashAlgo, - SpdmDataDHENameGroup, - SpdmDataAEADCipherSuite, - SpdmDataReqBaseAsymAlg, - SpdmDataKeySchedule, - SpdmDataOtherParamsSupport, - SpdmDataMelSpec, - - // - // Connection State - // - SpdmDataConnectionState, - // - // ResponseState - // - SpdmDataResponseState, - // - // Certificate info - // - SpdmDataLocalPublicCertChain, - SpdmDataPeerPublicRootCert, - SpdmDataPeerPublicKey, - SpdmDataLocalPublicKey, - SpdmDataLocalSupportedSlotMask, - SpdmDataLocalKeyPairId, - SpdmDataLocalCertInfo, - SpdmDataLocalKeyUsageBitMask, - - SpdmDataBasicMutAuthRequested, - SpdmDataMutAuthRequested, - SpdmDataHeartBeatPeriod, - // - // Negotiated result - // - SpdmDataPeerUsedCertChainBuffer, - SpdmDataPeerSlotMask, - SpdmDataPeerProvisionedSlotMask = SpdmDataPeerSlotMask, - SpdmDataPeerSupportedSlotMask, - SpdmDataPeerTotalDigestBuffer, - SpdmDataPeerKeyPairId, - SpdmDataPeerCertInfo, - SpdmDataPeerKeyUsageBitMask, - - // - // Pre-shared Key Hint - // If PSK is present, then PSK_EXCHANGE is used. - // Otherwise, the KEY_EXCHANGE is used. - // - SpdmDataPskHint, - // - // SessionData - // - SpdmDataSessionUsePsk, - SpdmDataSessionMutAuthRequested, - SpdmDataSessionEndSessionAttributes, - SpdmDataSessionPolicy, - - SpdmDataAppContextData, - - SpdmDataHandleErrorReturnPolicy, - - /* VCA cached for CACHE_CAP in 1.2 for transcript.*/ - SpdmDataVcaCache, - - /* if the context is for a requester. It only needs to be set in VCA cache.*/ - SpdmDataIsRequester, - - // If the Responder replies with a Busy `ERROR` response to a request - // then the Requester is free to retry sending the request. - // This value specifies the maximum number of times libspdm will retry - // sending the request before returning an error. - // If its value is 0 then libspdm will not send any retry requests. - SpdmDataRequestRetryTimes, - - // If the Responder replies with a Busy `ERROR` response to a request - // then the Requester is free to retry sending the request. - // This value specifies the delay time in microseconds between each retry requests. - // If its value is 0 then libspdm will send retry request immediately. - SpdmDataRequestRetryDelayTime, - - /* limit the number of DHE session and PSK session separately.*/ - SpdmDataMaxDheSessionConut, - SpdmDataMaxPskSessionConut, - - SpdmDataSessionSequenceNumberRspDir, - SpdmDataSessionSequenceNumberReqDir, - SpdmDataMaxSessionSequenceNumber, - - /* For SPDM 1.0 and 1.1, allow signature verification in big, little, or both endians. */ - SpdmDataSpdmVersion1011VerifySigatureEndian, - - SpdmDataSequenceNumberEndian, - SpdmDataSessionSequenceNumberEndian, - - SpdmDataMultiKeyConnReq, - SpdmDataMultiKeyConnRsp, - // - // MAX - // - SpdmDataMax, -} SPDM_DATA_TYPE; - -typedef enum { - SpdmDataLocationLocal, - SpdmDataLocationConnection, - SpdmDataLocationSession, - SpdmDataLocationMax, -} SPDM_DATA_LOCATION; - -typedef enum { - // - // Before GET_VERSION/VERSION - // - SpdmConnectionStateNotStarted, - // - // After GET_VERSION/VERSION - // - SpdmConnectionStateAfterVersion, - // - // After GET_CAPABILITIES/CAPABILITIES - // - SpdmConnectionStateAfterCapabilities, - // - // After NEGOTIATE_ALGORITHMS/ALGORITHMS - // - SpdmConnectionStateNegotiated, - // - // After GET_DIGESTS/DIGESTS - // - SpdmConnectionStateAfterDigests, - // - // After GET_CERTIFICATE/CERTIFICATE - // - SpdmConnectionStateAfterCertificate, - // - // After CHALLENGE/CHALLENGE_AUTH, and ENCAP CALLENGE/CHALLENG_AUTH if MUT_AUTH is enabled. - // - SpdmConnectionStateAuthenticated, - // - // MAX - // - SpdmConnectionStateMax, -} SPDM_CONNECTION_STATE; - -typedef enum { - // - // Normal response. - // - SpdmResponseStateNormal, - // - // Other component is busy. - // - SpdmResponseStateBusy, - #if LIBSPDM_RESPOND_IF_READY_SUPPORT - // - // Hardware is not ready. - // - SpdmResponseStateNotReady, - #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */ - // - // Firmware Update is done. Need resync. - // - SpdmResponseStateNeedResync, - // - // Processing Encapsulated message. - // - SpdmResponseStateProcessingEncap, - // - // MAX - // - SpdmResponseStateMax, -} SPDM_RESPONSE_STATE; - /* DOE header*/ typedef struct { diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c index 0b2a90a2bb..bde71eadab 100644 --- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c +++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmAuthentication.c @@ -136,9 +136,9 @@ ExtendCertificate ( EventLog = NULL; ZeroMem (&Parameter, sizeof (Parameter)); - Parameter.location = SpdmDataLocationConnection; + Parameter.location = LIBSPDM_DATA_LOCATION_CONNECTION; DataSize = sizeof (BaseHashAlgo); - Status = SpdmGetData (SpdmContext, SpdmDataBaseHashAlgo, &Parameter, &BaseHashAlgo, &DataSize); + Status = SpdmGetData (SpdmContext, LIBSPDM_DATA_BASE_HASH_ALGO, &Parameter, &BaseHashAlgo, &DataSize); ASSERT_EFI_ERROR (Status); DeviceContextSize = GetDeviceMeasurementContextSize (SpdmDeviceContext); @@ -520,9 +520,9 @@ DoDeviceCertificate ( SpdmContext = SpdmDeviceContext->SpdmContext; ZeroMem (&Parameter, sizeof (Parameter)); - Parameter.location = SpdmDataLocationConnection; + Parameter.location = LIBSPDM_DATA_LOCATION_CONNECTION; DataSize = sizeof (CapabilityFlags); - SpdmReturn = SpdmGetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize); + SpdmReturn = SpdmGetData (SpdmContext, LIBSPDM_DATA_CAPABILITY_FLAGS, &Parameter, &CapabilityFlags, &DataSize); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR; return EFI_DEVICE_ERROR; @@ -643,9 +643,9 @@ DoDeviceAuthentication ( SpdmContext = SpdmDeviceContext->SpdmContext; ZeroMem (&Parameter, sizeof (Parameter)); - Parameter.location = SpdmDataLocationConnection; + Parameter.location = LIBSPDM_DATA_LOCATION_CONNECTION; DataSize = sizeof (CapabilityFlags); - SpdmReturn = SpdmGetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize); + SpdmReturn = SpdmGetData (SpdmContext, LIBSPDM_DATA_CAPABILITY_FLAGS, &Parameter, &CapabilityFlags, &DataSize); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR; return EFI_DEVICE_ERROR; diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c index ad908be9ce..4cf86a3019 100644 --- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c +++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmConnectionInit.c @@ -338,8 +338,8 @@ CreateSpdmDeviceContext ( DataSize = DbList->SignatureSize - sizeof (EFI_GUID); ZeroMem (&Parameter, sizeof (Parameter)); - Parameter.location = SpdmDataLocationLocal; - SpdmReturn = SpdmSetData (SpdmContext, SpdmDataPeerPublicRootCert, &Parameter, Data, DataSize); + Parameter.location = LIBSPDM_DATA_LOCATION_LOCAL; + SpdmReturn = SpdmSetData (SpdmContext, LIBSPDM_DATA_PEER_PUBLIC_ROOT_CERT, &Parameter, Data, DataSize); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { if (SpdmReturn == LIBSPDM_STATUS_BUFFER_FULL) { Status = RecordConnectionFailureStatus ( @@ -366,22 +366,22 @@ CreateSpdmDeviceContext ( Data8 = 0; ZeroMem (&Parameter, sizeof (Parameter)); - Parameter.location = SpdmDataLocationLocal; - SpdmReturn = SpdmSetData (SpdmContext, SpdmDataCapabilityCTExponent, &Parameter, &Data8, sizeof (Data8)); + Parameter.location = LIBSPDM_DATA_LOCATION_LOCAL; + SpdmReturn = SpdmSetData (SpdmContext, LIBSPDM_DATA_CAPABILITY_CT_EXPONENT, &Parameter, &Data8, sizeof (Data8)); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { ASSERT (FALSE); goto Error; } Data32 = 0; - SpdmReturn = SpdmSetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &Data32, sizeof (Data32)); + SpdmReturn = SpdmSetData (SpdmContext, LIBSPDM_DATA_CAPABILITY_FLAGS, &Parameter, &Data32, sizeof (Data32)); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { ASSERT (FALSE); goto Error; } Data8 = SPDM_MEASUREMENT_SPECIFICATION_DMTF; - SpdmReturn = SpdmSetData (SpdmContext, SpdmDataMeasurementSpec, &Parameter, &Data8, sizeof (Data8)); + SpdmReturn = SpdmSetData (SpdmContext, LIBSPDM_DATA_MEASUREMENT_SPEC, &Parameter, &Data8, sizeof (Data8)); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { ASSERT (FALSE); goto Error; @@ -398,7 +398,7 @@ CreateSpdmDeviceContext ( SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521; } - SpdmReturn = SpdmSetData (SpdmContext, SpdmDataBaseAsymAlgo, &Parameter, &Data32, sizeof (Data32)); + SpdmReturn = SpdmSetData (SpdmContext, LIBSPDM_DATA_BASE_ASYM_ALGO, &Parameter, &Data32, sizeof (Data32)); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { ASSERT (FALSE); goto Error; @@ -412,14 +412,14 @@ CreateSpdmDeviceContext ( SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512; } - SpdmReturn = SpdmSetData (SpdmContext, SpdmDataBaseHashAlgo, &Parameter, &Data32, sizeof (Data32)); + SpdmReturn = SpdmSetData (SpdmContext, LIBSPDM_DATA_BASE_HASH_ALGO, &Parameter, &Data32, sizeof (Data32)); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { ASSERT (FALSE); goto Error; } Data8 = SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1; - SpdmSetData (SpdmContext, SpdmDataOtherParamsSupport, &Parameter, &Data8, sizeof (Data8)); + SpdmSetData (SpdmContext, LIBSPDM_DATA_OTHER_PARAMS_SUPPORT, &Parameter, &Data8, sizeof (Data8)); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { DEBUG ((DEBUG_ERROR, "SpdmSetDataOtherParamsSupport - %p\n", SpdmReturn)); ASSERT (FALSE); @@ -441,9 +441,9 @@ CreateSpdmDeviceContext ( } ZeroMem (&Parameter, sizeof (Parameter)); - Parameter.location = SpdmDataLocationConnection; + Parameter.location = LIBSPDM_DATA_LOCATION_CONNECTION; DataSize = sizeof (Data16); - SpdmReturn = SpdmGetData (SpdmContext, SpdmDataSpdmVersion, &Parameter, &Data16, &DataSize); + SpdmReturn = SpdmGetData (SpdmContext, LIBSPDM_DATA_SPDM_VERSION, &Parameter, &Data16, &DataSize); if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) { DEBUG ((DEBUG_ERROR, "SpdmGetData - %p\n", SpdmReturn)); goto Error; diff --git a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c index f94ec1e7bf..63c9ef776c 100644 --- a/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c +++ b/SecurityPkg/DeviceSecurity/SpdmSecurityLib/SpdmMeasurement.c @@ -209,9 +209,9 @@ ExtendMeasurement ( EventLog = NULL; ZeroMem (&Parameter, sizeof (Parameter)); - Parameter.location = SpdmDataLocationConnection; + Parameter.location = LIBSPDM_DATA_LOCATION_CONNECTION; DataSize = sizeof (MeasurementHashAlgo); - Status = SpdmGetData (SpdmContext, SpdmDataMeasurementHashAlgo, &Parameter, &MeasurementHashAlgo, &DataSize); + Status = SpdmGetData (SpdmContext, LIBSPDM_DATA_MEASUREMENT_HASH_ALGO, &Parameter, &MeasurementHashAlgo, &DataSize); ASSERT_EFI_ERROR (Status); if (MeasurementRecord != NULL) { @@ -531,9 +531,9 @@ DoDeviceMeasurement ( SpdmContext = SpdmDeviceContext->SpdmContext; ZeroMem (&Parameter, sizeof (Parameter)); - Parameter.location = SpdmDataLocationConnection; + Parameter.location = LIBSPDM_DATA_LOCATION_CONNECTION; DataSize = sizeof (CapabilityFlags); - SpdmGetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize); + SpdmGetData (SpdmContext, LIBSPDM_DATA_CAPABILITY_FLAGS, &Parameter, &CapabilityFlags, &DataSize); if ((CapabilityFlags & SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG) == 0) { AuthState = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG;