Add SPDM 1.3 feature GET_ENDPOINT_INFO

Fix the issue: #2294

ENDPOINT_INFO is SPDM spec 1.3 new feature.
Add ENDPOINT_INFO for Libspdm.

Signed-off-by: Aaron Li <[email protected]>

Author: Li-Aaron

include/industry_standard/spdm.h

@@ -55,6 +55,7 @@
 #define SPDM_CHUNK_RESPONSE 0x06
 
 /* SPDM response code (1.3) */
+#define SPDM_ENDPOINT_INFO 0x07
 #define SPDM_SUPPORTED_EVENT_TYPES 0x62
 #define SPDM_SUBSCRIBE_EVENT_TYPES_ACK 0x70
 #define SPDM_EVENT_ACK 0x71
@@ -91,6 +92,7 @@
 #define SPDM_CHUNK_GET 0x86
 
 /* SPDM request code (1.3) */
+#define SPDM_GET_ENDPOINT_INFO 0x87
 #define SPDM_GET_SUPPORTED_EVENT_TYPES 0xE2
 #define SPDM_SUBSCRIBE_EVENT_TYPES 0xF0
 #define SPDM_SEND_EVENT 0xF1
@@ -1277,6 +1279,65 @@ typedef struct {
 
 #define SPDM_CHUNK_GET_RESPONSE_ATTRIBUTE_LAST_CHUNK (1 << 0)
 
+/* SPDM GET_ENDPOINT_INFO request */
+typedef struct {
+    spdm_message_header_t header;
+    /* param1 - subcode of the request
+     * param2 - Bit[7:4]: reserved
+     *          Bit[3:0]: slot_id */
+    uint8_t request_attributes;
+    uint8_t reserved[3];
+    /* uint8_t nonce[32]; */
+} spdm_get_endpoint_info_request_t;
+
+#define SPDM_GET_ENDPOINT_INFO_REQUEST_SLOT_ID_MASK 0xF
+
+/* SPDM GET_ENDPOINT_INFO request subcode */
+#define SPDM_GET_ENDPOINT_INFO_REQUEST_SUBCODE_DEVICE_CLASS_IDENTIFIER 0x01
+
+/* SPDM GET_ENDPOINT_INFO request attribute */
+#define SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED (1 << 0)
+
+/* SPDM ENDPOINT_INFO response */
+typedef struct {
+    spdm_message_header_t header;
+    /* param1 - reserved
+     * param2 - Bit[7:4]: reserved
+     *          Bit[3:0]: slot_id*/
+    uint32_t reserved;
+    /* uint8_t nonce[32];
+     * uint32_t ep_info_len
+     * uint8_t ep_info[ep_info_len];
+     * uint8_t signature[sig_len]; */
+} spdm_endpoint_info_response_t;
+
+#define SPDM_ENDPOINT_INFO_RESPONSE_SLOT_ID_MASK 0xF
+
+typedef struct {
+    uint8_t num_identifiers;
+    uint8_t reserved[3];
+    /* uint8_t identifier_elements; */
+} spdm_endpoint_info_device_class_identifier_t;
+
+typedef struct {
+    uint8_t id_elem_length;
+    spdm_svh_header_t svh;
+    /* size of svh is 2 + vendor_id_len */
+
+    /* uint8_t num_sub_ids;
+     * uint8_t subordinate_id[]; */
+} spdm_endpoint_info_device_class_identifier_element_t;
+
+typedef struct {
+    uint8_t sub_id_len;
+    /* uint8_t sub_identifier[sub_id_len]; */
+} spdm_endpoint_info_device_class_identifier_subordinate_id_t;
+
+#define SPDM_ENDPOINT_INFO_SIGN_CONTEXT "responder-endpoint_info signing"
+#define SPDM_ENDPOINT_INFO_SIGN_CONTEXT_SIZE (sizeof(SPDM_ENDPOINT_INFO_SIGN_CONTEXT) - 1)
+#define SPDM_MUT_ENDPOINT_INFO_SIGN_CONTEXT "requester-endpoint_info signing"
+#define SPDM_MUT_ENDPOINT_INFO_SIGN_CONTEXT_SIZE (sizeof(SPDM_MUT_ENDPOINT_INFO_SIGN_CONTEXT) - 1)
+
 typedef struct {
     spdm_message_header_t header;
     /* param1 == RSVD

include/internal/libspdm_common_lib.h

@@ -243,6 +243,15 @@ typedef struct {
 #define LIBSPDM_MAX_MESSAGE_F_BUFFER_SIZE (8 + LIBSPDM_MAX_HASH_SIZE * 2 + \
                                            LIBSPDM_MAX_ASYM_KEY_SIZE)
 
+/*
+ * +--------------------------+------------------------------------------+---------+
+ * | GET_EP_INFO 1.3          | 8 + Nonce (0 or 32) = [8, 40]            | 1       |
+ * | EP_INFO 1.3              | 12 + Nonce + EPInfoLen = [12, 1024]      | [1, 25] |
+ * +--------------------------+------------------------------------------+---------+
+ */
+#define LIBSPDM_MAX_MESSAGE_E_BUFFER_SIZE (20 + SPDM_NONCE_SIZE * 2 + \
+                                           LIBSPDM_MAX_ENDPOINT_INFO_LENGTH)
+
 #define LIBSPDM_MAX_MESSAGE_L1L2_BUFFER_SIZE \
     (LIBSPDM_MAX_MESSAGE_VCA_BUFFER_SIZE + LIBSPDM_MAX_MESSAGE_M_BUFFER_SIZE)
 
@@ -257,6 +266,9 @@ typedef struct {
      LIBSPDM_MAX_MESSAGE_D_BUFFER_SIZE + \
      LIBSPDM_MAX_HASH_SIZE + LIBSPDM_MAX_MESSAGE_F_BUFFER_SIZE)
 
+#define LIBSPDM_MAX_MESSAGE_IL1IL2_BUFFER_SIZE \
+    (LIBSPDM_MAX_MESSAGE_VCA_BUFFER_SIZE + LIBSPDM_MAX_MESSAGE_E_BUFFER_SIZE)
+
 typedef struct {
     size_t max_buffer_size;
     size_t buffer_size;
@@ -287,6 +299,12 @@ typedef struct {
     uint8_t buffer[LIBSPDM_MAX_MESSAGE_F_BUFFER_SIZE];
 } libspdm_message_f_managed_buffer_t;
 
+typedef struct {
+    size_t max_buffer_size;
+    size_t buffer_size;
+    uint8_t buffer[LIBSPDM_MAX_MESSAGE_E_BUFFER_SIZE];
+} libspdm_message_e_managed_buffer_t;
+
 typedef struct {
     size_t max_buffer_size;
     size_t buffer_size;
@@ -299,6 +317,12 @@ typedef struct {
     uint8_t buffer[LIBSPDM_MAX_MESSAGE_M1M2_BUFFER_SIZE];
 } libspdm_m1m2_managed_buffer_t;
 
+typedef struct {
+    size_t max_buffer_size;
+    size_t buffer_size;
+    uint8_t buffer[LIBSPDM_MAX_MESSAGE_IL1IL2_BUFFER_SIZE];
+} libspdm_il1il2_managed_buffer_t;
+
 typedef struct {
     size_t max_buffer_size;
     size_t buffer_size;
@@ -325,6 +349,12 @@ typedef struct {
 /* L1/L2 = Concatenate (M)
  * M = Concatenate (GET_MEASUREMENT, MEASUREMENT\signature)*/
 
+/* IL1/IL2 = Concatenate (A, E)
+ * E = Concatenate (GET_ENDPOINT_INFO, ENDPOINT_INFO\signature)*/
+
+/* Mut IL1/IL2 = Concatenate (A, Mut E)
+ * Mut E = Concatenate (GET_ENDPOINT_INFO, ENDPOINT_INFO\signature)*/
+
 typedef struct {
     /* the message_a must be plan text because we do not know the algorithm yet.*/
     libspdm_vca_managed_buffer_t message_a;
@@ -335,10 +365,14 @@ typedef struct {
     libspdm_message_b_managed_buffer_t message_mut_b;
     libspdm_message_c_managed_buffer_t message_mut_c;
     libspdm_message_m_managed_buffer_t message_m;
+    libspdm_message_e_managed_buffer_t message_e;
+    libspdm_message_e_managed_buffer_t message_mut_e;
 #else
     void *digest_context_m1m2;
     void *digest_context_mut_m1m2;
     void *digest_context_l1l2;
+    void *digest_context_il1il2;
+    void *digest_context_mut_il1il2;
 #endif
 } libspdm_transcript_t;
 
@@ -405,10 +439,14 @@ typedef struct {
     libspdm_message_k_managed_buffer_t message_k;
     libspdm_message_f_managed_buffer_t message_f;
     libspdm_message_m_managed_buffer_t message_m;
+    libspdm_message_e_managed_buffer_t message_e;
+    libspdm_message_e_managed_buffer_t message_mut_e;
 #else
     bool message_f_initialized;
     void *digest_context_th;
     void *digest_context_l1l2;
+    void *digest_context_il1il2;
+    void *digest_context_mut_il1il2;
     /* this is back up for message F reset.*/
     void *digest_context_th_backup;
 #endif
@@ -619,6 +657,10 @@ typedef struct {
      * This field is ignored for other SPDM versions */
     uint8_t spdm_10_11_verify_signature_endian;
 
+#if LIBSPDM_ENABLE_ENDPOINT_INFO_CAP
+    libspdm_endpoint_info_device_func endpoint_info_device_func;
+#endif /* LIBSPDM_ENABLE_ENDPOINT_INFO_CAP */
+
 #if LIBSPDM_ENABLE_VENDOR_DEFINED_MESSAGES
     libspdm_vendor_response_callback_func vendor_response_callback;
     libspdm_vendor_get_id_callback_func vendor_response_get_id;
@@ -1006,6 +1048,40 @@ uint32_t libspdm_get_measurement_summary_hash_size(libspdm_context_t *spdm_conte
                                                    bool is_requester,
                                                    uint8_t measurement_summary_hash_type);
 
+/**
+ * This function generates the endpoint info signature based upon il1il2 for authentication.
+ *
+ * @param  spdm_context                  A pointer to the SPDM context.
+ * @param  session_info                  A pointer to the SPDM session context.
+ * @param  is_requester                  Indicate of the signature generation for a requester or a responder.
+ * @param  signature                     The buffer to store the endpoint info signature.
+ *
+ * @retval true  challenge signature is generated.
+ * @retval false challenge signature is not generated.
+ **/
+bool libspdm_generate_endpoint_info_signature(libspdm_context_t *spdm_context,
+                                              libspdm_session_info_t *session_info,
+                                              bool is_requester,
+                                              uint8_t *signature);
+
+/**
+ * This function verifies the challenge signature based upon m1m2.
+ *
+ * @param  spdm_context                  A pointer to the SPDM context.
+ * @param  session_info                  A pointer to the SPDM session context.
+ * @param  is_requester                  Indicate of the signature verification for a requester or a responder.
+ * @param  sign_data                     The signature data buffer.
+ * @param  sign_data_size                size in bytes of the signature data buffer.
+ *
+ * @retval true  signature verification pass.
+ * @retval false signature verification fail.
+ **/
+bool libspdm_verify_endpoint_info_signature(libspdm_context_t *spdm_context,
+                                            libspdm_session_info_t *session_info,
+                                            bool is_requester,
+                                            const void *sign_data,
+                                            size_t sign_data_size);
+
 #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
 /*
  * This function calculates l1l2.
@@ -1306,6 +1382,26 @@ void libspdm_reset_message_encap_d(libspdm_context_t *spdm_context, void *spdm_s
  **/
 void libspdm_reset_message_f(libspdm_context_t *spdm_context, void *spdm_session_info);
 
+/**
+ * Reset message E cache in SPDM context.
+ * If session_info is NULL, this function will use E cache of SPDM context,
+ * else will use E cache of SPDM session context.
+ *
+ * @param  spdm_context                  A pointer to the SPDM context.
+ * @param  spdm_session_info              A pointer to the SPDM session context.
+ **/
+void libspdm_reset_message_e(libspdm_context_t *spdm_context, void *session_info);
+
+/**
+ * Reset message mut E cache in SPDM context.
+ * If session_info is NULL, this function will use mut E cache of SPDM context,
+ * else will use mut E cache of SPDM session context.
+ *
+ * @param  spdm_context                  A pointer to the SPDM context.
+ * @param  spdm_session_info              A pointer to the SPDM session context.
+ **/
+void libspdm_reset_message_mut_e(libspdm_context_t *spdm_context, void *session_info);
+
 /**
  * Append message A cache in SPDM context.
  *
@@ -1452,6 +1548,38 @@ libspdm_return_t libspdm_append_message_f(libspdm_context_t *spdm_context,
                                           bool is_requester, const void *message,
                                           size_t message_size);
 
+/**
+ * Append message E cache in SPDM context.
+ * If session_info is NULL, this function will use E cache of SPDM context,
+ * else will use E cache of SPDM session context.
+ *
+ * @param  spdm_context                  A pointer to the SPDM context.
+ * @param  session_info                  A pointer to the SPDM session context.
+ * @param  message                      message buffer.
+ * @param  message_size                  size in bytes of message buffer.
+ *
+ * @return RETURN_SUCCESS          message is appended.
+ * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
+ **/
+libspdm_return_t libspdm_append_message_e(libspdm_context_t *spdm_context, void *session_info,
+                                          const void *message, size_t message_size);
+
+/**
+ * Append message mut E cache in SPDM context.
+ * If session_info is NULL, this function will use mut E cache of SPDM context,
+ * else will use mut E cache of SPDM session context.
+ *
+ * @param  spdm_context                  A pointer to the SPDM context.
+ * @param  session_info                  A pointer to the SPDM session context.
+ * @param  message                      message buffer.
+ * @param  message_size                  size in bytes of message buffer.
+ *
+ * @return RETURN_SUCCESS          message is appended.
+ * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
+ **/
+libspdm_return_t libspdm_append_message_mut_e(libspdm_context_t *spdm_context, void *session_info,
+                                              const void *message, size_t message_size);
+
 /**
  * This function generates a session ID by concatenating req_session_id and rsp_session_id.
  *

include/internal/libspdm_responder_lib.h

@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2021-2024 DMTF. All rights reserved.
+ *  Copyright 2021-2025 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -957,4 +957,13 @@ libspdm_return_t libspdm_get_response_set_key_pair_info_ack(libspdm_context_t *s
                                                             void *response);
 #endif /* LIBSPDM_ENABLE_CAPABILITY_SET_KEY_PAIR_INFO_CAP */
 
+
+#if LIBSPDM_ENABLE_ENDPOINT_INFO_CAP
+libspdm_return_t libspdm_get_response_endpoint_info(libspdm_context_t *spdm_context,
+                                                    size_t request_size,
+                                                    const void *request,
+                                                    size_t *response_size,
+                                                    void *response);
+#endif /* LIBSPDM_ENABLE_ENDPOINT_INFO_CAP */
+
 #endif /* SPDM_RESPONDER_LIB_INTERNAL_H */

include/library/spdm_common_lib.h

@@ -958,6 +958,31 @@ uint32_t libspdm_module_version(void);
 /*true: FIPS enabled, false: FIPS disabled*/
 bool libspdm_get_fips_mode(void);
 
+
+#if LIBSPDM_ENABLE_ENDPOINT_INFO_CAP
+
+/**
+ * Endpoint Info Response Get Device Class Identifier Function Pointer.
+ * Required to be able to return the Device Class Identifier correctly
+ *
+ * @param  spdm_context         A pointer to the SPDM context.
+ * @param  sub_code             The subcode of endpoint info.
+ * @param  endpoint_info_size   Length in bytes of the size of device class identifier.
+ * @param  endpoint_info        The buffer to store device class identifier content.
+ *                              If NULL, only return the size of device class identifier.
+ *                              If not NULL, copy the device class identifier to the buffer.
+ *
+ * @retval LIBSPDM_STATUS_SUCCESS Success
+ * @retval LIBSPDM_STATUS_INVALID_PARAMETER Some parameters invalid or NULL
+ **/
+typedef libspdm_return_t (*libspdm_endpoint_info_device_func)(
+    void *spdm_context,
+    uint8_t sub_code,
+    uint32_t *endpoint_info_size,
+    void *endpoint_info);
+
+#endif /* LIBSPDM_ENABLE_ENDPOINT_INFO_CAP */
+
 #if LIBSPDM_ENABLE_VENDOR_DEFINED_MESSAGES
 
 /**

include/library/spdm_lib_config.h

@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2021-2024 DMTF. All rights reserved.
+ *  Copyright 2021-2025 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -82,6 +82,10 @@
 #define LIBSPDM_ENABLE_CAPABILITY_SET_KEY_PAIR_INFO_CAP 1
 #endif
 
+#ifndef LIBSPDM_ENABLE_ENDPOINT_INFO_CAP
+#define LIBSPDM_ENABLE_ENDPOINT_INFO_CAP 1
+#endif
+
 /* Includes SPDM 1.3 features for CSR messages. If enabled then LIBSPDM_ENABLE_CAPABILITY_CSR_CAP
  * must also be enabled.
  */
@@ -213,6 +217,13 @@
 #define LIBSPDM_MAX_MEL_BLOCK_LEN 1024
 #endif
 
+/* This value specifies the maximum size, in bytes, of a endpoint info that can be stored in a
+ * libspdm context.
+ */
+#ifndef LIBSPDM_MAX_ENDPOINT_INFO_LENGTH
+#define LIBSPDM_MAX_ENDPOINT_INFO_LENGTH 1024
+#endif
+
 /* To ensure integrity in communication between the Requester and the Responder libspdm calculates
  * cryptographic digests and signatures over multiple requests and responses. This value specifies
  * whether libspdm will use a running calculation over the transcript, where requests and responses