spdm: Add support for mutual authentication

l1k · l1k · commit 07435a3d7f83 · 2025-02-04T10:38:42.000+01:00
Signed-off-by: Jonathan Cameron &lt;Jonathan.Cameron@huawei.com&gt;
Signed-off-by: Lukas Wunner &lt;lukas@wunner.de&gt;
diff --git a/lib/spdm/req-authenticate.c b/lib/spdm/req-authenticate.c
@@ -251,6 +251,7 @@ static int spdm_negotiate_algs(struct spdm_state *spdm_state)
 	    spdm_state->rsp_caps & SPDM_KEY_EX_CAP)
 		req->other_params_support = SPDM_OPAQUE_DATA_FMT_GENERAL;
 
+	/* ReqAlgStruct order shall be by AlgType (SPDM 1.1.0 margin no 186) */
 	req_alg_struct = (struct spdm_req_alg_struct *)(req + 1);
 	if (spdm_state->rsp_caps & SPDM_KEY_EX_CAP) {
 		req_alg_struct[i++] = (struct spdm_req_alg_struct) {
@@ -263,12 +264,19 @@ static int spdm_negotiate_algs(struct spdm_state *spdm_state)
 			.alg_count = 0x20,
 			.alg_supported = cpu_to_le16(SPDM_AEAD_ALGOS),
 		};
+	}
+	if (spdm_state->rsp_caps & SPDM_MUT_AUTH_CAP)
+		req_alg_struct[i++] = (struct spdm_req_alg_struct) {
+			.alg_type = SPDM_REQ_ALG_STRUCT_REQ_BASE_ASYM_ALG,
+			.alg_count = 0x20,
+			.alg_supported = cpu_to_le16(SPDM_ASYM_ALGOS),
+		};
+	if (spdm_state->rsp_caps & SPDM_KEY_EX_CAP)
 		req_alg_struct[i++] = (struct spdm_req_alg_struct) {
 			.alg_type = SPDM_REQ_ALG_STRUCT_KEY_SCHEDULE,
 			.alg_count = 0x20,
 			.alg_supported = cpu_to_le16(SPDM_KEY_SCHEDULE_SPDM),
 		};
-	}
 	WARN_ON(i > SPDM_MAX_REQ_ALG_STRUCT);
 	req_sz = sizeof(*req) + i * sizeof(*req_alg_struct);
 	rsp_sz = sizeof(*rsp) + i * sizeof(*req_alg_struct);
diff --git a/lib/spdm/spdm.h b/lib/spdm/spdm.h
@@ -133,6 +133,9 @@
 #define SPDM_AEAD_CHACHA20_POLY1305	BIT(2)		/* 1.1 */
 #define SPDM_AEAD_SM4_GCM		BIT(3)		/* 1.2 */
 
+/* SPDM asymmetric key signature algorithms (SPDM 1.1.0 margin no 191) */
+#define SPDM_REQ_ALG_STRUCT_REQ_BASE_ASYM_ALG 4		/* 1.1 */
+
 /* SPDM key schedule algorithms (SPDM 1.1.0 margin no 192) */
 #define SPDM_REQ_ALG_STRUCT_KEY_SCHEDULE 5		/* 1.1 */
 #define SPDM_KEY_SCHEDULE_SPDM		BIT(0)		/* 1.1 */
@@ -321,7 +324,7 @@ struct spdm_negotiate_algs_rsp {
 } __packed;
 
 /* Maximum number of ReqAlgStructs sent by this implementation */
-#define SPDM_MAX_REQ_ALG_STRUCT 3
+#define SPDM_MAX_REQ_ALG_STRUCT 4
 
 struct spdm_req_alg_struct {
 	u8 alg_type;
