SPDM Design updates #171
Open
SPDM Design updates #171
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… into pbhogaraju/spdm-cert-store-design
Co-authored-by: Parvathi Bhogaraju <[email protected]>
… into pbhogaraju/spdm-cert-store-design
…m/chipsalliance/caliptra-mcu-sw into pbhogaraju/spdm-cert-store-design
parvathib
changed the title
added 5 commits
April 25, 2025 15:17
added 3 commits
May 3, 2025 07:13
… into pbhogaraju/spdm-cert-store-design
mhatrevi
reviewed
May 12, 2025
|
|
||
| ## Transcript Manager | ||
| The Transcript Manager is for managing the transcript and the transcript hash. The transcript is a sequential concatenation of prescribed full messages or message fields. The transcript hash is the cryptographic hash of this transcript, computed using the negotiated hash algorithm. This component ensures the integrity and authenticity of SPDM communications by managing these essential elements. | ||
| The Transcript Manager is responsible for handling the transcript and its associated hash. The transcript represents a sequential concatenation of specific full SPDM messages or message fields, while the transcript hash is a cryptographic hash of this transcript. The transcript hash is computed using the negotiated hash algorithm (SHA384). |
Collaborator
There was a problem hiding this comment.
Is specifying SHA384 necessary?
Collaborator
Author
There was a problem hiding this comment.
Caliptra only supports SHA384. I just added it here for the information. I could rephrase it to indicate that the SHA384 hash is calculated.
mhatrevi
reviewed
May 12, 2025
docs/src/spdm.md
Outdated
| /// - `hash`: Buffer to copy the hash to. | ||
| /// # Arguments | ||
| /// * `slot_id` - The slot ID of the certificate chain. | ||
| /// * `asym_algo` - The asymmetric algorithm to indicate the type of Certificate chain. |
Collaborator
There was a problem hiding this comment.
NIT: 'certificate chain'
mhatrevi
reviewed
May 12, 2025
| hash: &mut [u8] | ||
| ) -> Result<(), SpdmError>; | ||
| /// * `usize` - The length of the certificate chain in bytes or error. | ||
| async fn cert_chain_len(&mut self, asym_algo: AsymAlgo, slot_id: u8) -> CertStoreResult<usize>; |
Collaborator
There was a problem hiding this comment.
Why is algo needed here? Slot Id should be enough to get to the cert chain, correct?
Collaborator
Author
There was a problem hiding this comment.
Depending on the negotiated asymmetric algorithm (ECC or MLDSA), we need the certificate store to provide the certificate chain. For now, I have only defined ECC384.
mhatrevi
reviewed
May 12, 2025
| /// * `usize` - The number of bytes read or error. | ||
| /// If the cert portion size is smaller than the buffer size, the remaining bytes in the buffer will be filled with 0, | ||
| /// indicating the end of the cert chain. | ||
| async fn get_cert_chain<'a>( |
Collaborator
There was a problem hiding this comment.
Same comment here on the algo paramter.
Collaborator
Author
There was a problem hiding this comment.
Refer to my comment above.
mhatrevi
reviewed
May 12, 2025
docs/src/spdm.md
Outdated
| /// * u8 - The KeyPairID associated with the certificate chain or None if not supported or not found. | ||
| fn key_pair_id(&mut self, slot_id: u8) -> Option<u8>; | ||
|
|
||
| /// Get CertificateInfo associated with the certificate chain if SPDM responder supports |
Collaborator
There was a problem hiding this comment.
Suggest explaining what this 'CertificateInfo' is.
mhatrevi
reviewed
May 12, 2025
docs/src/spdm.md
Outdated
| fn cert_info(&mut self, slot_id: u8) -> Option<CertificateInfo>; | ||
|
|
||
| /// Get the KeyUsageMask associated with the certificate chain if SPDM responder supports | ||
| /// multiple assymmetric keys in connection. |
mhatrevi
requested changes
May 12, 2025
Collaborator
mhatrevi
left a comment
mhatrevi
left a comment
There was a problem hiding this comment.
Please see the feedback.
added 9 commits
May 13, 2025 17:37
… into pbhogaraju/spdm-cert-store-design
… into pbhogaraju/spdm-cert-store-design
… into pbhogaraju/spdm-cert-store-design
… into pbhogaraju/spdm-cert-store-design
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.