Add DSP0277 1.3 AEAD limit support#3644
Open
jyao1 wants to merge 2 commits into
Open
Conversation
jyao1
force-pushed
the
dsp0277-1.3-proposal
branch
from
3d2bd4d to
895b930
Compare
Implement the DSP0277 1.3 "AEAD limit" feature. A new Secured Message opaque-data element AEADlimitOE (SMDataID = 2) carries a 1-byte AeadLimitExponent (<= 64; AeadLimit = 2^exp; default 64). It is exchanged in the Session-Secrets-Exchange request and response opaque data (KEY_EXCHANGE/KEY_EXCHANGE_RSP and PSK_EXCHANGE/PSK_EXCHANGE_RSP), and both the Requester and the Responder populate it. Design highlights: - Single source of truth: max_spdm_session_sequence_number is the only integrator-settable knob. The advertised AeadLimitExponent is derived from it as floor(log2(max + 1)); a non-power-of-two cap rounds the advertised limit down (the safe direction). There is no separate exponent set/get, so the two can never disagree. - The session cap is stored as (2^exp) - 1 to match the "seq >= max" overflow check, and the all-ones default maps to exponent 64 without computing 2^64. - At session establishment each endpoint sets the session's effective cap to min(local cap, peer AEAD limit); neither side is ever raised. - The per-session cap is read-only via get_data(LIBSPDM_DATA_MAX_SPDM_SESSION_SEQUENCE_NUMBER, LIBSPDM_DATA_LOCATION_SESSION); a per-session set is rejected. - The AEADlimitOE element is only defined for secured message version 1.3+. The version gate is enforced inside the size/append helpers (they take the target version), so the element is never emitted onto a sub-1.3 session, and a received element is ignored for an older negotiated version. Parsing is order-independent. - Secured message version 0x13 is added to the default advertised list. Adds unit tests (build/parse round-trip, exponent > 64 rejected, absent-defaults-to-64, effective limit = min, order-independence, version gating, peer-supports vs peer-does-not-support) and doc/aead_limit.md. Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Assisted-by: Claude Code:claude-opus-4-8
jyao1
force-pushed
the
dsp0277-1.3-proposal
branch
2 times, most recently
from
0365e51 to
ceda067
Compare
libspdm now implements the DSP0277 1.3 AEAD limit feature, so list DSP0277 version 1.3.0 in the specifications section. Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Assisted-by: Claude Code:claude-opus-4-8
jyao1
force-pushed
the
dsp0277-1.3-proposal
branch
from
ceda067 to
3643aeb
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements the DSP0277 1.3 "AEAD limit" feature (issue #3639).
A new Secured Message opaque-data element
AEADlimitOE(SMDataID= 2) carries a 1-byteAeadLimitExponent(<= 64;AeadLimit = 2^exp; default 64). It is exchanged in the Session-Secrets-Exchange request and response opaque data (KEY_EXCHANGE/KEY_EXCHANGE_RSPandPSK_EXCHANGE/PSK_EXCHANGE_RSP), and both the Requester and the Responder populate it.Design
max_spdm_session_sequence_numberis the only integrator-settable knob. The advertisedAeadLimitExponentis derived from it asfloor(log2(max + 1)); a non-power-of-two cap rounds the advertised limit down (the safe direction). There is no separate exponent set/get, so the two can never disagree.(2^exp) - 1to match theseq >= maxoverflow check, and the all-ones default maps to exponent 64 without ever computing2^64.min(local cap, peer AEAD limit); neither side is ever raised by the other.get_data(LIBSPDM_DATA_MAX_SPDM_SESSION_SEQUENCE_NUMBER, LIBSPDM_DATA_LOCATION_SESSION); a per-session set is rejected.AEADlimitOEis only defined for secured message version 1.3+. The version gate is enforced inside the size/append helpers (they take the target version), so the element is never emitted onto a sub-1.3 session, and a received element is ignored for an older negotiated version. Parsing is order-independent.0x13is added to the default advertised list.Tests
Adds unit tests covering: build/parse round-trip, exponent > 64 rejected, absent-defaults-to-64, effective limit = min, order-independence, version gating, and peer-supports vs peer-does-not-support. Also adds
doc/aead_limit.md.All
test_spdm_commoncases pass (28 total), and the requester/responder KEY_EXCHANGE and PSK_EXCHANGE suites pass.