With exception of GET_VERSION, all requests and responses should use SPDM_MESSAGE_VERSION_11 in header, even though those commands were first defined in 1.0.

SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST
SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_GET_DIGESTS

Current implementation uses a drafted version MTCP in SPDM lib.
We may need isolate this to support PCI DOE secure message as well.

Current code does not support SPDM_EXTENDED_ALGORITHM.

4.9.2.4.3 Definition of othername using the DMTF OID

DMTFOtherName :== SEQUENCE {
type-id [0] id-DMTF-device-info
value [1] ub-DMTF-device-info
}
-- OID for DMTF device info --
id-DMTF-device-info OBJECT IDENTIFIER ::== { 1 3 6 1 4 1 412 274 1 }
-- All printable characters except ":" --
DMTF-device-string PrintableString ::== (ALL EXCEPT ":")
-- Device Manufacturer --
DMTF-manufacturer ::== DMTF-device-string
-- Device Product --
DMTF-product ::== DMTF-device-string
-- Device Serial Number --
DMTF-serialNumber ::== DMTF-device-string
-- Device information string --
ub-DMTF-device-info UTF8String ::== (DMTF-manufacturer":"DMTF-product":"DMTF-serialNumber)

SPDM_DEVICE_CONTEXT is overloaded with both Requester and Responder context.

Suggest define SPDM_REQUESTER_CONTEXT and SPDM_RESPONDER_CONTEXT instead.

I think instead of returning list of Responder's supported versions to caller, function SpdmGetVersion() itself should do the comparison of its own version (currently 1.1) and Responder's supported versions and decides on the highest common version to use going forward.

Current openspdm supports 1.1.0B. We need sync to latest SPDM 1.1.0C.

The verification should be based upon the key in different slot number.

The code requires that MANAGED_BUFFER be the same as the first two components of LARGE/SMALL_MANAGED_BUFFER.
To facilitate such, suggest below:

typedef struct {
UINTN MaxBufferSize;
UINTN BufferSize;
//UINT8 Buffer[MaxBufferSize];
} MANAGED_BUFFER;

typedef struct {
MANAGED_BUFFER ManagedBufferSizes;
UINT8 Buffer[MAX_SPDM_MESSAGE_BUFFER_SIZE];
} LARGE_MANAGED_BUFFER;

typedef struct {
MANAGED_BUFFER ManagedBufferSizes;
UINT8 Buffer[MAX_SPDM_MESSAGE_SMALL_BUFFER_SIZE];
} SMALL_MANAGED_BUFFER;

Current openspdm link all algorithm. The size of the binary is big.
A given device may only need support single algorithm (Hash/AEAD/Signing).

We need support single algorithm configuration to reduce the final binary size.

the test should support both KeyExchange and PskExchange without rebuild.

Current negotiate algo only supports DHE/AEAD/KeySchedule, but misses ReqBaseAsymAlg.

Current DHE:
Result = DhGenerateKey (*Context, SelfPubKey, &OutKeySize);

Current ECDHE:
Result = EcGenerateKey (*Context);
ASSERT (Result);

OutKeySize = SelfKeySize;
Result = EcGetPublicKey (*Context, SelfPubKey, &OutKeySize);

need handle response not ready to resend the message and append both message to TH
other than response_not_ready, any other error message should be dropped and append neither to TH.

Currently, there is no code handling FLAGS_CACHE_CAP

Response version should be 0x11.

From SpdmResponderLibCertificate.c:

SpdmGetResponseCertificate (
IN VOID *Context,
IN UINTN RequestSize,
IN VOID *Request,
IN OUT UINTN *ResponseSize,
OUT VOID *Response
)
{
….
if ((SpdmContext->SpdmCmdReceiveState & SPDM_GET_CAPABILITIES_RECEIVE_FLAG) == 0) {
SpdmGenerateErrorResponse (SpdmContext, SPDM_ERROR_CODE_UNEXPECTED_REQUEST, 0, ResponseSize, Response);
return RETURN_SUCCESS;
}

Should we need check GET_DIGESTS command run previously?

MCTP_MESSAGE_CIPHERTEXT_HEADER should be refined.

I think the GET_CAPABILITIES() should check the Flags returned from Responder and remember the set of capabilities (bits of Flags) that are set both by Requester and Responder. For this session, if caller calls a command that's not in the set of capabilities, then that command function should return error. For example, if Responder did not set CHAL_CAP, then SpdmChallenge() should return error immediately, without sending CHALLEGE to Responder.

ResetManagedBuffer (&SpdmContext->Transcript.MessageA);
ResetManagedBuffer (&SpdmContext->Transcript.MessageB);
ResetManagedBuffer (&SpdmContext->Transcript.MessageC);
ResetManagedBuffer (&SpdmContext->Transcript.M1M2);

ResetManagedBuffer() is type casting SMALL/LARGE_MANAGED_BUFFER to MANAGED_BUFFER. But they have different structures.

It should Include

1. the root cert hash verification
2. root cert verify intermediate cert
3. intermediate cert verify leaf cert.

Below code will get error if DEFAULT_OPAQUE_LENGTH is 0.

#pragma pack(1)

typedef struct {
UINT8 Nonce[SPDM_NONCE_SIZE];
UINT16 OpaqueLength;
UINT8 OpaqueData[DEFAULT_OPAQUE_LENGTH];
//UINT8 Signature[SignatureSize];
} SPDM_MEASUREMENT_SIG;

#pragma pack()

Current code does not support RESPOND_IF_READY handling.

According to SPDM 1.0 Spec: For an SPDM operation that results in an error, the Responder shall send an ERROR response message (with error code and error data) to the Requester.
When Requester receive the ERROR response message, Requester should do the relevant error handling.

Current request is appended before the response is got. It violates the spec.

Also, the SpdmCommonLib path should be removed from -I include path.

Current SpdmGenerateErrorResponse() only support ErrorCode and ErrorData.

For example, add E-IC:0, E-MessageType=5 for MCTP.

This is for secure message version control

currently it is hardcoded as SlotNum = 0;

In SpdmGetResponseChallenge (), it checks SPDM_GET_CERTIFICATE_RECEIVE_FLAG

if (((SpdmContext->SpdmCmdReceiveState & SPDM_NEGOTIATE_ALGORITHMS_RECEIVE_FLAG) == 0) ||
((SpdmContext->SpdmCmdReceiveState & SPDM_GET_CAPABILITIES_RECEIVE_FLAG) == 0) ||
((SpdmContext->SpdmCmdReceiveState & SPDM_GET_CERTIFICATE_RECEIVE_FLAG) == 0)) {
SpdmGenerateErrorResponse (SpdmContext, SPDM_ERROR_CODE_UNEXPECTED_REQUEST, 0, ResponseSize, Response);
return RETURN_SUCCESS;
}

According to spec, page 21, SPDM messaging protocol flow.

GET_CERTIFICATE is optional, GET_DIGESTS is required.