Skip to content

Add new caliptra crypto primitives for SPDM #265

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 23, 2025
Merged

Add new caliptra crypto primitives for SPDM #265

merged 2 commits into from
Jul 23, 2025

Conversation

swenson
Copy link
Collaborator

@swenson swenson commented Jul 14, 2025

No description provided.

@swenson swenson requested review from parvathib and Copilot July 14, 2025 21:36
Copilot
Copilot AI reviewed Jul 14, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds new cryptographic primitives to the Caliptra API to support SPDM (Security Protocol and Data Model) functionality. The changes introduce three new crypto modules that provide essential cryptographic operations needed for secure device communication.

Key changes include:

  • Addition of ECDH (Elliptic Curve Diffie-Hellman) key exchange functionality
  • Implementation of HMAC and HKDF (HMAC-based Key Derivation Function) operations
  • Addition of cryptographic key import capabilities

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
runtime/userspace/api/caliptra-api/src/crypto/mod.rs Exports the three new crypto modules (ecdh, hmac, import)
runtime/userspace/api/caliptra-api/src/crypto/ecdh.rs Implements ECDH key generation and exchange completion
runtime/userspace/api/caliptra-api/src/crypto/hmac.rs Provides HMAC, HKDF extract, and HKDF expand operations
runtime/userspace/api/caliptra-api/src/crypto/import.rs Enables importing cryptographic keys with specified usage patterns

@swenson swenson force-pushed the spdm-key-exchange-crypto branch from c5060eb to 2de3d2b Compare July 15, 2025 00:01
swenson added a commit that referenced this pull request Jul 15, 2025
@swenson
Stub out SPDM key exchange and finish responders
7af6c78 
The crypto is in #265

The transcripts are going to be complex, so I'll add those in a separate
PR as well.
@swenson swenson mentioned this pull request Jul 15, 2025
Open
@swenson swenson force-pushed the spdm-key-exchange-crypto branch 3 times, most recently from 0fa3eb1 to 6c78879 Compare July 23, 2025 16:39
swenson added 2 commits July 23, 2025 09:47
@swenson
Add new caliptra crypto primitives for SPDM
cb1beed 
Add ECDH, import, and HMAC tests

Switch back to unaligned mem; move len subtract to after check
@swenson
Update for latest caliptra-sw
e056e63
@swenson swenson force-pushed the spdm-key-exchange-crypto branch from 6c78879 to e056e63 Compare July 23, 2025 16:47
parvathib
parvathib approved these changes Jul 23, 2025
View reviewed changes
Copy link
Collaborator

@parvathib parvathib left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@swenson
Copy link
Collaborator Author

swenson commented Jul 23, 2025

Thanks!

@swenson swenson merged commit 08abaeb into main Jul 23, 2025
1 check passed
@swenson swenson deleted the spdm-key-exchange-crypto branch July 23, 2025 19:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@parvathib parvathib parvathib approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@swenson @parvathib