Releases: DMTF/libspdm
2.3.1
Tag 2.3.1 fixes two implementation defects present in tag 2.3.0. #1608. If a Requester sets (CERT_CAP=0
, PUB_KEY_ID_CAP=0
, KEY_EX_CAP=1
) in its GET_CAPABILITIES
request, then a 2.3.0 Responder will incorrectly send an InvalidRequest
error response to the Requester. Similarly, if a Requester sets (KEY_EX_CAP=0
, PSK_CAP=0
, MUT_AUTH_CAP=1
), then a 2.3.0 Responder will incorrectly send an InvalidRequest
error response to the Requester.
2.3.0
Tag 2.3.0 fixes an implementation defect present in tags 2.2.0 and previous. #1424. According to the SPDM specification, the session ID should be Concatenate (ReqSessionID, RspSessionID). In tags 2.2.0 and previous, libspdm calculated the session ID as Concatenate (RspSessionID, ReqSessionID). While tag 2.3.0 has corrected this defect it means that a tag 2.3.0 endpoint will not be able to establish a secure session with a tag 2.2.0 and previous endpoint.
In addition the MDEPKG_NDEBUG macro has been deprecated and replaced with the LIBSPDM_DEBUG_ENABLE macro.
This is an SPDM specification compliance issue, we suggest the consumers use the tag 2.3.0 for further development.
2.2.0
Tag 2.2.0 fixes an implementation defect present in tags 2.1.0 and previous. #1136. According to the SPDM specification, the ResponderVerifyData / RequesterVerifyData during secure session establishment should be calculated based on HMAC(finished_key, hash(transcript)). In tags 2.1.0 and previous, the libspdm calculated ResponderVerifyData / RequesterVerifyData as HMAC(finished_key, transcript). While tag 2.2.0 has corrected this defect it means that a tag 2.2.0 endpoint will not be able to establish a secure session with a tag 2.1.0 and previous endpoint.
This is an SPDM specification compliance issue, we suggest the consumers use the tag 2.2.0 for further development.
Major feature:
- Align to SPDM 1.2.1 spec https://www.dmtf.org/dsp/DSP0274
2.1.0
Tag 2.1.0 fixes an implementation defect present in tags 1.0.0 and 2.0.0. #987. According to the SPDM specification, during secure session establishment the Handshake-Secret is derived as HMAC-Hash(Salt_0, Secret) where Secret is either the DHE Secret or the Pre-shared Key. In tags 1.0.0 and 2.0.0 libspdm swapped these two parameters as HMAC-Hash(Secret, Salt_0). While tag 2.1.0 has corrected this defect it means that a tag 2.1.0 endpoint will not be able to establish a secure session with a tag 1.0.0 or 2.0.0 endpoint.
This is an SPDM specification compliance issue, we suggest the consumers use the tag 2.1.0 for further development.
Major feature:
- Align to SPDM 1.2.1 spec https://www.dmtf.org/dsp/DSP0274
- Finish all SPDM 1.2.1 new features, including identity provisioning and chunking.