CAPABILITIES: Add SupportedAlgorithms

fix #2279

Signed-off-by: Shital Jumbad <[email protected]>

Author: ShitalJumbad

doc/api/requester_api.md

@@ -31,6 +31,52 @@ returns early with value not equal to `LIBSPDM_STATUS_SUCCESS` then the SPDM con
 before attempting establish a new connection.
 <br/><br/>
 
+---
+### libspdm_get_supported_algorithms
+---
+
+### Description
+Sends `GET_VERSION` and `GET_CAPABILITIES` requests to retrieve the Responder's supported algorithms before algorithm negotiation.
+
+### Parameters
+
+**spdm_context**<br/>
+The SPDM context.
+
+**responder_supported_algorithms_length**<br/>
+On input, indicates the size, in bytes, of the buffer in which the supported algorithms will be stored.
+The buffer must be at least sizeof(libspdm_responder_supported_algorithms_13_t) bytes.
+On output, indicates the size, in bytes, of the supported algorithms data.
+
+**responder_supported_algorithms_buffer**<br/>
+A pointer to a buffer to store the Responder's supported algorithms. Must not be NULL.
+
+**spdm_version**<br/>
+A pointer to store the SPDM version used for the request. The Integrator should check this value
+to determine which structure type to use when accessing the algorithms data.
+
+### Details
+Before calling this function the Integrator must ensure that the SPDM context is initialized
+with proper configuration, including the Requester's capabilities. The Requester must support
+at least one SPDM version >= 1.3 and have CHUNK_CAP capability enabled in its configuration.
+
+When this function returns with value `LIBSPDM_STATUS_SUCCESS`, the Integrator should:
+1. Check the `spdm_version` to determine which structure type to use
+2. Cast `responder_supported_algorithms_buffer` to the appropriate structure type
+3. Access the supported algorithms through the structure fields
+
+For example, if `spdm_version` indicates SPDM 1.3 or above:
+```c
+libspdm_responder_supported_algorithms_13_t *algorithms;
+algorithms = (libspdm_responder_supported_algorithms_13_t *)responder_supported_algorithms_buffer;
+// Access algorithms through algorithms->ext_asym_count, algorithms->ext_hash_count, etc.
+```
+
+If this function returns with value `LIBSPDM_STATUS_UNSUPPORTED_CAP`, either the Requester
+does not support version 1.3 or above, or CHUNK_CAP is not enabled.
+
+The function will assert if responder_supported_algorithms_buffer is NULL.
+<br/><br/>
 
 ---
 ### libspdm_get_digest

include/industry_standard/spdm.h

@@ -164,8 +164,41 @@ typedef struct {
     uint32_t max_spdm_msg_size;
 } spdm_get_capabilities_request_t;
 
-/* SPDM GET_CAPABILITIES response*/
+/* SPDM extended algorithm */
+typedef struct {
+    uint8_t registry_id;
+    uint8_t reserved;
+    uint16_t algorithm_id;
+} spdm_extended_algorithm_t;
+
+typedef struct {
+    uint8_t alg_type;
+    uint8_t alg_count;
+    uint16_t alg_supported;
+} spdm_negotiate_algorithms_common_struct_table_t;
 
+/* SPDM supported algorithms block */
+typedef struct {
+    uint8_t param1;  /* Number of Algorithms Structure Tables */
+    uint8_t param2;  /* Reserved */
+    uint16_t length;
+    uint8_t measurement_specification;
+    uint8_t other_params_support;
+    uint32_t base_asym_algo;
+    uint32_t base_hash_algo;
+    uint8_t reserved2[12];
+    uint8_t ext_asym_count;
+    uint8_t ext_hash_count;
+    uint8_t reserved3;
+    uint8_t mel_specification;
+    /* Followed by dynamic arrays for ext_asym, ext_hash, and struct_tableif needed
+     * spdm_extended_algorithm_t ext_asym[ext_asym_count];
+     * spdm_extended_algorithm_t ext_hash[ext_hash_count];
+     * spdm_negotiate_algorithms_common_struct_table_t struct_table[
+     *  SPDM_NEGOTIATE_ALGORITHMS_MAX_NUM_STRUCT_TABLE_ALG];*/
+} spdm_supported_algorithms_block_t;
+
+/* SPDM GET_CAPABILITIES response*/
 typedef struct {
     spdm_message_header_t header;
     /* param1 == RSVD
@@ -177,6 +210,8 @@ typedef struct {
     /* Below field is added in 1.2.*/
     uint32_t data_transfer_size;
     uint32_t max_spdm_msg_size;
+    /* Below field is added in 1.3.*/
+    spdm_supported_algorithms_block_t supported_algorithms;
 } spdm_capabilities_response_t;
 
 #define SPDM_MIN_DATA_TRANSFER_SIZE_VERSION_12  42
@@ -360,12 +395,6 @@ typedef struct {
 #define SPDM_NEGOTIATE_ALGORITHMS_ALG_SUPPORTED_AEAD_12_MASK 0x000f
 #define SPDM_NEGOTIATE_ALGORITHMS_ALG_SUPPORTED_REQ_BASE_ASYM_ALG_12_MASK 0x0fff
 
-typedef struct {
-    uint8_t alg_type;
-    uint8_t alg_count;
-    uint16_t alg_supported;
-} spdm_negotiate_algorithms_common_struct_table_t;
-
 
 /* SPDM NEGOTIATE_ALGORITHMS request base_asym_algo/REQ_BASE_ASYM_ALG */
 #define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 0x00000001
@@ -484,13 +513,6 @@ typedef struct {
     /*opaque_element_table_t  opaque_list[];*/
 } spdm_general_opaque_data_table_header_t;
 
-/* SPDM extended algorithm */
-typedef struct {
-    uint8_t registry_id;
-    uint8_t reserved;
-    uint16_t algorithm_id;
-} spdm_extended_algorithm_t;
-
 /* SPDM registry_id */
 #define SPDM_REGISTRY_ID_DMTF 0x0
 #define SPDM_REGISTRY_ID_TCG 0x1

include/internal/libspdm_requester_lib.h

@@ -129,10 +129,35 @@ libspdm_return_t libspdm_get_version(libspdm_context_t *spdm_context,
                                      uint8_t *version_number_entry_count,
                                      spdm_version_number_t *version_number_entry);
 
+#define LIBSPDM_MAX_EXT_ALG_COUNT 5
+
+#pragma pack(1)
+typedef struct {
+    spdm_negotiate_algorithms_common_struct_table_t alg_struct;
+    spdm_extended_algorithm_t alg_external[LIBSPDM_MAX_EXT_ALG_COUNT];
+} libspdm_supported_algorithms_alg_struct_t;
+#pragma pack()
+
+typedef struct {
+    uint8_t spdm_version;
+    uint8_t measurement_specification;
+    uint8_t other_params_support;
+    uint32_t base_asym_algo;
+    uint32_t base_hash_algo;
+    uint8_t mel_specification;
+    uint8_t ext_asym_count;
+    spdm_extended_algorithm_t ext_asym[LIBSPDM_MAX_EXT_ALG_COUNT];
+    uint8_t ext_hash_count;
+    spdm_extended_algorithm_t ext_hash[LIBSPDM_MAX_EXT_ALG_COUNT];
+    uint8_t struct_table_count;
+    libspdm_supported_algorithms_alg_struct_t
+        struct_table[LIBSPDM_MAX_EXT_ALG_COUNT];
+} libspdm_responder_supported_algorithms_13_t;
+
 /**
  * This function sends GET_CAPABILITIES and receives CAPABILITIES.
  *
- * @param  spdm_context                  A pointer to the SPDM context.
+ * @param  spdm_context                 A pointer to the SPDM context.
  * @param  RequesterCTExponent          RequesterCTExponent to the GET_CAPABILITIES request.
  * @param  RequesterFlags               RequesterFlags to the GET_CAPABILITIES request.
  * @param  ResponderCTExponent          ResponderCTExponent from the CAPABILITIES response.
@@ -143,6 +168,26 @@ libspdm_return_t libspdm_get_version(libspdm_context_t *spdm_context,
  **/
 libspdm_return_t libspdm_get_capabilities(libspdm_context_t *spdm_context);
 
+/**
+ * This function sends GET_CAPABILITIES and receives CAPABILITIES.
+ *
+ * @param  spdm_context                 A pointer to the SPDM context.
+ * @param  get_supported_algorithms     If true, indicates that the requester wants the responder to include its supported algorithms in the CAPABILITIES response.
+ * @param  supported_algs_length        On input, the size of the supported_algs buffer.
+ * @param  supported_algs               A pointer to a buffer to store the supported algorithms.
+ * @param  RequesterCTExponent          RequesterCTExponent to the GET_CAPABILITIES request.
+ * @param  RequesterFlags               RequesterFlags to the GET_CAPABILITIES request.
+ * @param  ResponderCTExponent          ResponderCTExponent from the CAPABILITIES response.
+ * @param  ResponderFlags               ResponderFlags from the CAPABILITIES response.
+ *
+ * @retval RETURN_SUCCESS               The GET_CAPABILITIES is sent and the CAPABILITIES is received.
+ * @retval RETURN_DEVICE_ERROR          A device error occurs when communicates with the device.
+ **/
+libspdm_return_t libspdm_get_capabilities_with_supported_algs(libspdm_context_t *spdm_context,
+                                                              bool get_supported_algorithms,
+                                                              size_t *supported_algs_length,
+                                                              void *supported_algs);
+
 /**
  * This function sends NEGOTIATE_ALGORITHMS and receives ALGORITHMS.
  *

include/library/spdm_requester_lib.h

@@ -525,6 +525,33 @@ libspdm_return_t libspdm_start_session(void *spdm_context, bool use_psk,
                                        uint8_t *heartbeat_period,
                                        void *measurement_hash);
 
+/**
+ * This function retrieves the supported algorithms from the responder.
+ * It sends the GET_VERSION and GET_CAPABILITIES requests, where GET_CAPABILITIES.Param1[0] is set.
+ * If the Responder supports this extended capability, the Responder will include the Supported
+ * Algorithms Block in its CAPABILITIES response.
+ *
+ * @param spdm_context                          A pointer to the SPDM context.
+ * @param responder_supported_algorithms_length  On input, indicates the size in bytes of the provided buffer.
+ *                                              The buffer must be at least sizeof(libspdm_responder_supported_algorithms_13_t) bytes.
+ *                                              On output, the size in bytes of the supported algorithms data.
+ * @param responder_supported_algorithms_buffer  A pointer to a destination buffer to store the supported algorithms.
+ *                                              Must not be NULL. The buffer must be large enough to hold the supported algorithms data.
+ * @param spdm_version                          A pointer to store the SPDM version used for the request.
+ *
+ * @retval RETURN_SUCCESS                        The supported algorithms were successfully retrieved.
+ * @retval RETURN_DEVICE_ERROR                   A device error occurs when communicates with the device.
+ * @retval RETURN_UNSUPPORTED                    The operation is not supported by the device.
+ * @retval RETURN_SECURITY_VIOLATION             Any verification fails.
+ *
+ * @note   The buffer must be at least sizeof(libspdm_responder_supported_algorithms_13_t) bytes.
+ *         The function will assert if responder_supported_algorithms_buffer is NULL.
+ */
+libspdm_return_t libspdm_get_supported_algorithms(void *spdm_context,
+                                                  size_t *responder_supported_algorithms_length,
+                                                  void *responder_supported_algorithms_buffer,
+                                                  uint8_t *spdm_version);
+
 /**
  * This function sends KEY_EXCHANGE/FINISH or PSK_EXCHANGE/PSK_FINISH to start an SPDM Session.
  *

library/spdm_requester_lib/libspdm_req_communication.c

@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2021-2024 DMTF. All rights reserved.
+ *  Copyright 2021-2025 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -31,6 +31,63 @@ libspdm_return_t libspdm_init_connection(void *spdm_context, bool get_version_on
     return LIBSPDM_STATUS_SUCCESS;
 }
 
+libspdm_return_t libspdm_get_supported_algorithms(void *spdm_context,
+                                                  size_t *responder_supported_algorithms_length,
+                                                  void *responder_supported_algorithms_buffer,
+                                                  uint8_t *spdm_version)
+{
+    libspdm_return_t status;
+    libspdm_context_t *context;
+    bool has_version_1_3_or_above;
+    size_t index;
+
+    context = spdm_context;
+    has_version_1_3_or_above = false;
+
+    /* Verify responder_supported_algorithms_buffer is not NULL */
+    LIBSPDM_ASSERT(responder_supported_algorithms_buffer != NULL);
+    LIBSPDM_ASSERT(responder_supported_algorithms_length != NULL);
+
+    /* Pre-check: Verify requester supports at least one version >= 1.3 */
+    for (index = 0; index < context->local_context.version.spdm_version_count; index++) {
+        if (libspdm_get_version_from_version_number(context->local_context.version.spdm_version[index]) >=
+            SPDM_MESSAGE_VERSION_13) {
+            has_version_1_3_or_above = true;
+            break;
+        }
+    }
+    if (!has_version_1_3_or_above) {
+        return LIBSPDM_STATUS_UNSUPPORTED_CAP;
+    }
+
+    LIBSPDM_ASSERT((context->local_context.capability.flags &
+                    SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHUNK_CAP) != 0);
+
+    status = libspdm_get_version(context, NULL, NULL);
+
+    if (LIBSPDM_STATUS_IS_ERROR(status)) {
+        return status;
+    }
+
+    *spdm_version = libspdm_get_version_from_version_number(context->connection_info.version);
+
+    if (*spdm_version < SPDM_MESSAGE_VERSION_13) {
+        return LIBSPDM_STATUS_UNSUPPORTED_CAP;
+    }
+
+    if (*responder_supported_algorithms_length < sizeof(libspdm_responder_supported_algorithms_13_t)) {
+        return LIBSPDM_STATUS_UNSUPPORTED_CAP;
+    }
+
+    status = libspdm_get_capabilities_with_supported_algs(context, true, responder_supported_algorithms_length,
+                                                          responder_supported_algorithms_buffer);
+    if (LIBSPDM_STATUS_IS_ERROR(status)) {
+        return status;
+    }
+
+    return LIBSPDM_STATUS_SUCCESS;
+}
+
 #if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_CAP)
 libspdm_return_t libspdm_start_session(void *spdm_context, bool use_psk,
                                        const void *psk_hint,