Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #ifndef SPDM_COMMON_LIB_INTERNAL_H
8 : #define SPDM_COMMON_LIB_INTERNAL_H
9 :
10 : #include "library/spdm_common_lib.h"
11 : #include "library/spdm_secured_message_lib.h"
12 : #include "library/spdm_return_status.h"
13 : #include "library/spdm_crypt_lib.h"
14 : #include "hal/library/debuglib.h"
15 : #include "hal/library/memlib.h"
16 : #include "hal/library/requester/reqasymsignlib.h"
17 : #include "hal/library/requester/psklib.h"
18 : #include "hal/library/responder/asymsignlib.h"
19 : #include "hal/library/responder/csrlib.h"
20 : #include "hal/library/responder/measlib.h"
21 : #include "hal/library/responder/key_pair_info.h"
22 : #include "hal/library/responder/psklib.h"
23 : #include "hal/library/responder/setcertlib.h"
24 : #include "hal/library/endpointinfolib.h"
25 : #include "hal/library/eventlib.h"
26 : #include "hal/library/cryptlib.h"
27 :
28 : #define INVALID_SESSION_ID LIBSPDM_INVALID_SESSION_ID
29 : /* The SPDM specification does not limit the values of CTExponent and RDTExponent.
30 : * libspdm artificially limits their values to 31, which corresponds to approximately 35 minutes
31 : * for CT and RDT. If an endpoint takes longer than 35 minutes to generate an SPDM message then
32 : * libspdm assumes the Integrator would not want to interact with such an endpoint. A maximum value
33 : * of 31 also means that, when calculating CT and RDT, a left-shift will not result in C undefined
34 : * behavior.
35 : */
36 : #define LIBSPDM_MAX_CT_EXPONENT 31
37 : #define LIBSPDM_MAX_RDT_EXPONENT 31
38 :
39 : #define LIBSPDM_MAX_SPDM_SESSION_SEQUENCE_NUMBER 0xFFFFFFFFFFFFFFFFull
40 :
41 : typedef struct {
42 : uint8_t spdm_version_count;
43 : spdm_version_number_t spdm_version[SPDM_MAX_VERSION_COUNT];
44 : } libspdm_device_version_t;
45 :
46 : typedef struct {
47 : uint8_t ct_exponent;
48 : uint64_t rtt;
49 : uint32_t st1;
50 : uint32_t flags;
51 : uint32_t data_transfer_size;
52 : uint32_t sender_data_transfer_size;
53 : uint32_t max_spdm_msg_size;
54 : uint32_t transport_header_size;
55 : uint32_t transport_tail_size;
56 : } libspdm_device_capability_t;
57 :
58 : typedef struct {
59 : uint8_t measurement_spec;
60 : uint8_t other_params_support;
61 : uint8_t mel_spec;
62 : uint32_t measurement_hash_algo;
63 : uint32_t base_asym_algo;
64 : uint32_t base_hash_algo;
65 : uint16_t dhe_named_group;
66 : uint16_t aead_cipher_suite;
67 : uint16_t req_base_asym_alg;
68 : uint16_t key_schedule;
69 : } libspdm_device_algorithm_t;
70 :
71 : typedef struct {
72 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
73 : uint8_t buffer[LIBSPDM_MAX_CERT_CHAIN_SIZE];
74 : size_t buffer_size;
75 : #else
76 : uint8_t buffer_hash[LIBSPDM_MAX_HASH_SIZE];
77 : uint32_t buffer_hash_size;
78 : /* leaf cert public key of the peer */
79 : void *leaf_cert_public_key;
80 : #endif
81 : } libspdm_peer_used_cert_chain_t;
82 :
83 : typedef struct {
84 : /* Local device info */
85 : libspdm_device_version_t version;
86 : libspdm_device_capability_t capability;
87 : libspdm_device_algorithm_t algorithm;
88 : libspdm_device_version_t secured_message_version;
89 :
90 : /* My Certificate */
91 : const void *local_cert_chain_provision[SPDM_MAX_SLOT_COUNT];
92 : size_t local_cert_chain_provision_size[SPDM_MAX_SLOT_COUNT];
93 : uint8_t local_supported_slot_mask;
94 : uint8_t cert_slot_reset_mask;
95 : spdm_key_pair_id_t local_key_pair_id[SPDM_MAX_SLOT_COUNT];
96 : spdm_certificate_info_t local_cert_info[SPDM_MAX_SLOT_COUNT];
97 : spdm_key_usage_bit_mask_t local_key_usage_bit_mask[SPDM_MAX_SLOT_COUNT];
98 : /* My raw public key (slot_id - 0xFF) */
99 : const void *local_public_key_provision;
100 : size_t local_public_key_provision_size;
101 :
102 : /* Peer Root Certificate */
103 : const void *peer_root_cert_provision[LIBSPDM_MAX_ROOT_CERT_SUPPORT];
104 : size_t peer_root_cert_provision_size[LIBSPDM_MAX_ROOT_CERT_SUPPORT];
105 : /* Peer raw public key (slot_id - 0xFF) */
106 : const void *peer_public_key_provision;
107 : size_t peer_public_key_provision_size;
108 :
109 : /* Peer Cert verify*/
110 : libspdm_verify_spdm_cert_chain_func verify_peer_spdm_cert_chain;
111 :
112 : /* Responder policy*/
113 : bool basic_mut_auth_requested;
114 : uint8_t mut_auth_requested;
115 : bool mandatory_mut_auth;
116 : uint8_t heartbeat_period;
117 :
118 : /*The device role*/
119 : bool is_requester;
120 :
121 : uint8_t total_key_pairs;
122 : } libspdm_local_context_t;
123 :
124 : typedef struct {
125 : /* Connection State */
126 : libspdm_connection_state_t connection_state;
127 :
128 : /* Peer device info (negotiated) */
129 : spdm_version_number_t version;
130 : libspdm_device_capability_t capability;
131 : libspdm_device_algorithm_t algorithm;
132 : spdm_version_number_t secured_message_version;
133 :
134 : /* Peer digests buffer */
135 : uint8_t peer_provisioned_slot_mask;
136 : uint8_t peer_supported_slot_mask;
137 : uint8_t peer_total_digest_buffer[LIBSPDM_MAX_HASH_SIZE * SPDM_MAX_SLOT_COUNT];
138 :
139 : spdm_key_pair_id_t peer_key_pair_id[SPDM_MAX_SLOT_COUNT];
140 : spdm_certificate_info_t peer_cert_info[SPDM_MAX_SLOT_COUNT];
141 : spdm_key_usage_bit_mask_t peer_key_usage_bit_mask[SPDM_MAX_SLOT_COUNT];
142 :
143 : /* Peer CertificateChain */
144 : libspdm_peer_used_cert_chain_t peer_used_cert_chain[SPDM_MAX_SLOT_COUNT];
145 : uint8_t peer_used_cert_chain_slot_id;
146 :
147 : /* Local Used CertificateChain (for responder, or requester in mut auth) */
148 : const uint8_t *local_used_cert_chain_buffer;
149 : size_t local_used_cert_chain_buffer_size;
150 : uint8_t local_used_cert_chain_slot_id;
151 :
152 : /* Specifies whether the cached negotiated state should be invalidated. (responder only)
153 : * This is a "sticky" bit wherein if it is set to 1 then it cannot be set to 0. */
154 : uint8_t end_session_attributes;
155 :
156 : /* multi-key negotiated result */
157 : bool multi_key_conn_req;
158 : bool multi_key_conn_rsp;
159 : } libspdm_connection_info_t;
160 :
161 : typedef struct {
162 : size_t max_buffer_size;
163 : size_t buffer_size;
164 : /*uint8_t buffer[max_buffer_size];*/
165 : } libspdm_managed_buffer_t;
166 :
167 : typedef struct {
168 : size_t max_buffer_size;
169 : size_t buffer_size;
170 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_VCA_BUFFER_SIZE];
171 : } libspdm_vca_managed_buffer_t;
172 :
173 : /*
174 : * +--------------------------+------------------------------------------+---------+
175 : * | DIGESTS 1.3 | 4 + (H [+ 4]) * SlotNum = [36, 548] | [1, 18] |
176 : * +--------------------------+------------------------------------------+---------+
177 : * It is for multi-key.
178 : */
179 : #define LIBSPDM_MAX_MESSAGE_D_BUFFER_SIZE (4 + \
180 : (LIBSPDM_MAX_HASH_SIZE + 4) * SPDM_MAX_SLOT_COUNT)
181 :
182 : typedef struct {
183 : size_t max_buffer_size;
184 : size_t buffer_size;
185 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_D_BUFFER_SIZE];
186 : } libspdm_message_d_managed_buffer_t;
187 :
188 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
189 :
190 : /*
191 : * +--------------------------+------------------------------------------+---------+
192 : * | GET_DIGESTS 1.3 | 4 | 1 |
193 : * | DIGESTS 1.3 | 4 + (H [+ 4]) * SlotNum = [36, 548] | [1, 18] |
194 : * +--------------------------+------------------------------------------+---------+
195 : * | GET_CERTIFICATE 1.3 | 8 | 1 |
196 : * | CERTIFICATE 1.3 | 8 + PortionLen | [1, ] |
197 : * +--------------------------+------------------------------------------+---------+
198 : */
199 : #define LIBSPDM_MAX_MESSAGE_B_BUFFER_SIZE (24 + \
200 : (LIBSPDM_MAX_HASH_SIZE + 4) * SPDM_MAX_SLOT_COUNT + \
201 : LIBSPDM_MAX_CERT_CHAIN_SIZE)
202 :
203 : /*
204 : * +--------------------------+------------------------------------------+---------+
205 : * | CHALLENGE 1.3 | 44 | 1 |
206 : * | CHALLENGE_AUTH 1.3 | 46 + H * 2 + S [+ O] = [166, 678] | [6, 23] |
207 : * +--------------------------+------------------------------------------+---------+
208 : */
209 : #define LIBSPDM_MAX_MESSAGE_C_BUFFER_SIZE (90 + \
210 : LIBSPDM_MAX_HASH_SIZE * 2 + \
211 : LIBSPDM_MAX_ASYM_KEY_SIZE + SPDM_MAX_OPAQUE_DATA_SIZE)
212 :
213 : /*
214 : * +--------------------------+------------------------------------------+---------+
215 : * | GET_MEASUREMENTS 1.3 | 13 + Nonce (0 or 32) | 1 |
216 : * | MEASUREMENTS 1.3 | 50 + MeasRecLen (+ S) [+ O] = [106, 554] | [4, 19] |
217 : * +--------------------------+------------------------------------------+---------+
218 : */
219 : #define LIBSPDM_MAX_MESSAGE_M_BUFFER_SIZE (63 + SPDM_NONCE_SIZE + \
220 : LIBSPDM_MAX_MEASUREMENT_RECORD_SIZE + \
221 : LIBSPDM_MAX_ASYM_KEY_SIZE + SPDM_MAX_OPAQUE_DATA_SIZE)
222 :
223 : /*
224 : * +--------------------------+------------------------------------------+---------+
225 : * | KEY_EXCHANGE 1.3 | 42 + D [+ O] = [106, 554] | [4, 19] |
226 : * | KEY_EXCHANGE_RSP 1.3 | 42 + D + H + S (+ H) [+ O] = [234, 1194] | [8, 40] |
227 : * +--------------------------+------------------------------------------+---------+
228 : * | PSK_EXCHANGE 1.3 | 12 [+ PSKHint] + R [+ O] = 44 | 2 |
229 : * | PSK_EXCHANGE_RSP 1.3 | 12 + R + H (+ H) [+ O] = [108, 172] | [4, 6] |
230 : * +--------------------------+------------------------------------------+---------+
231 : */
232 : #define LIBSPDM_MAX_MESSAGE_K_BUFFER_SIZE (84 + LIBSPDM_MAX_DHE_KEY_SIZE * 2 + \
233 : LIBSPDM_MAX_HASH_SIZE * 2 + LIBSPDM_MAX_ASYM_KEY_SIZE + \
234 : SPDM_MAX_OPAQUE_DATA_SIZE * 2)
235 :
236 : /*
237 : * +--------------------------+------------------------------------------+---------+
238 : * | FINISH 1.3 | 4 (+ S) + H = [100, 580] | [4, 20] |
239 : * | FINISH_RSP 1.3 | 4 (+ H) = [36, 69] | [1, 3] |
240 : * +--------------------------+------------------------------------------+---------+
241 : * | PSK_FINISH 1.3 | 4 + H = [36, 68] | [1, 3] |
242 : * | PSK_FINISH_RSP 1.3 | 4 | 1 |
243 : * +--------------------------+------------------------------------------+---------+
244 : */
245 : #define LIBSPDM_MAX_MESSAGE_F_BUFFER_SIZE (8 + LIBSPDM_MAX_HASH_SIZE * 2 + \
246 : LIBSPDM_MAX_ASYM_KEY_SIZE)
247 :
248 : /*
249 : * +--------------------------+------------------------------------------+---------+
250 : * | GET_EP_INFO 1.3 | 8 + Nonce (0 or 32) = [8, 40] | 1 |
251 : * | EP_INFO 1.3 | 12 + Nonce + EPInfoLen = [12, 1024] | [1, 25] |
252 : * +--------------------------+------------------------------------------+---------+
253 : */
254 : #define LIBSPDM_MAX_MESSAGE_E_BUFFER_SIZE (20 + SPDM_NONCE_SIZE * 2 + \
255 : LIBSPDM_MAX_ENDPOINT_INFO_LENGTH)
256 :
257 : #define LIBSPDM_MAX_MESSAGE_L1L2_BUFFER_SIZE \
258 : (LIBSPDM_MAX_MESSAGE_VCA_BUFFER_SIZE + LIBSPDM_MAX_MESSAGE_M_BUFFER_SIZE)
259 :
260 : #define LIBSPDM_MAX_MESSAGE_M1M2_BUFFER_SIZE \
261 : (LIBSPDM_MAX_MESSAGE_VCA_BUFFER_SIZE + \
262 : LIBSPDM_MAX_MESSAGE_B_BUFFER_SIZE + LIBSPDM_MAX_MESSAGE_C_BUFFER_SIZE)
263 :
264 : #define LIBSPDM_MAX_MESSAGE_TH_BUFFER_SIZE \
265 : (LIBSPDM_MAX_MESSAGE_VCA_BUFFER_SIZE + \
266 : LIBSPDM_MAX_MESSAGE_D_BUFFER_SIZE + \
267 : LIBSPDM_MAX_HASH_SIZE + LIBSPDM_MAX_MESSAGE_K_BUFFER_SIZE + \
268 : LIBSPDM_MAX_MESSAGE_D_BUFFER_SIZE + \
269 : LIBSPDM_MAX_HASH_SIZE + LIBSPDM_MAX_MESSAGE_F_BUFFER_SIZE)
270 :
271 : #define LIBSPDM_MAX_MESSAGE_IL1IL2_BUFFER_SIZE \
272 : (LIBSPDM_MAX_MESSAGE_VCA_BUFFER_SIZE + LIBSPDM_MAX_MESSAGE_E_BUFFER_SIZE)
273 :
274 : typedef struct {
275 : size_t max_buffer_size;
276 : size_t buffer_size;
277 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_B_BUFFER_SIZE];
278 : } libspdm_message_b_managed_buffer_t;
279 :
280 : typedef struct {
281 : size_t max_buffer_size;
282 : size_t buffer_size;
283 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_C_BUFFER_SIZE];
284 : } libspdm_message_c_managed_buffer_t;
285 :
286 : typedef struct {
287 : size_t max_buffer_size;
288 : size_t buffer_size;
289 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_M_BUFFER_SIZE];
290 : } libspdm_message_m_managed_buffer_t;
291 :
292 : typedef struct {
293 : size_t max_buffer_size;
294 : size_t buffer_size;
295 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_K_BUFFER_SIZE];
296 : } libspdm_message_k_managed_buffer_t;
297 :
298 : typedef struct {
299 : size_t max_buffer_size;
300 : size_t buffer_size;
301 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_F_BUFFER_SIZE];
302 : } libspdm_message_f_managed_buffer_t;
303 :
304 : typedef struct {
305 : size_t max_buffer_size;
306 : size_t buffer_size;
307 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_E_BUFFER_SIZE];
308 : } libspdm_message_e_managed_buffer_t;
309 :
310 : typedef struct {
311 : size_t max_buffer_size;
312 : size_t buffer_size;
313 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_L1L2_BUFFER_SIZE];
314 : } libspdm_l1l2_managed_buffer_t;
315 :
316 : typedef struct {
317 : size_t max_buffer_size;
318 : size_t buffer_size;
319 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_M1M2_BUFFER_SIZE];
320 : } libspdm_m1m2_managed_buffer_t;
321 :
322 : typedef struct {
323 : size_t max_buffer_size;
324 : size_t buffer_size;
325 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_IL1IL2_BUFFER_SIZE];
326 : } libspdm_il1il2_managed_buffer_t;
327 :
328 : typedef struct {
329 : size_t max_buffer_size;
330 : size_t buffer_size;
331 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_TH_BUFFER_SIZE];
332 : } libspdm_th_managed_buffer_t;
333 :
334 : #endif /* LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT */
335 :
336 : /* signature = Sign(SK, hash(M1))
337 : * Verify(PK, hash(M2), signature)*/
338 :
339 : /* M1/M2 = Concatenate (A, B, C)
340 : * A = Concatenate (GET_VERSION, VERSION, GET_CAPABILITIES, CAPABILITIES, NEGOTIATE_ALGORITHMS, ALGORITHMS)
341 : * B = Concatenate (GET_DIGEST, DIGEST, GET_CERTIFICATE, CERTIFICATE)
342 : * C = Concatenate (CHALLENGE, CHALLENGE_AUTH\signature)*/
343 :
344 : /* Mut M1/M2 = Concatenate (MutB, MutC)
345 : * MutB = Concatenate (GET_DIGEST, DIGEST, GET_CERTIFICATE, CERTIFICATE)
346 : * MutC = Concatenate (CHALLENGE, CHALLENGE_AUTH\signature)*/
347 :
348 : /* signature = Sign(SK, hash(L1))
349 : * Verify(PK, hash(L2), signature)*/
350 :
351 : /* L1/L2 = Concatenate (M)
352 : * M = Concatenate (GET_MEASUREMENT, MEASUREMENT\signature)*/
353 :
354 : /* IL1/IL2 = Concatenate (A, E)
355 : * E = Concatenate (GET_ENDPOINT_INFO, ENDPOINT_INFO\signature)*/
356 :
357 : /* Encap IL1/IL2 = Concatenate (A, Encap E)
358 : * Encap E = Concatenate (GET_ENDPOINT_INFO, ENDPOINT_INFO\signature)*/
359 :
360 : typedef struct {
361 : /* the message_a must be plan text because we do not know the algorithm yet.*/
362 : libspdm_vca_managed_buffer_t message_a;
363 : libspdm_message_d_managed_buffer_t message_d;
364 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
365 : libspdm_message_b_managed_buffer_t message_b;
366 : libspdm_message_c_managed_buffer_t message_c;
367 : libspdm_message_b_managed_buffer_t message_mut_b;
368 : libspdm_message_c_managed_buffer_t message_mut_c;
369 : libspdm_message_m_managed_buffer_t message_m;
370 : libspdm_message_e_managed_buffer_t message_e;
371 : libspdm_message_e_managed_buffer_t message_encap_e;
372 : #else
373 : void *digest_context_m1m2;
374 : void *digest_context_mut_m1m2;
375 : void *digest_context_l1l2;
376 : void *digest_context_il1il2;
377 : void *digest_context_encap_il1il2;
378 : #endif
379 : } libspdm_transcript_t;
380 :
381 : /* TH for KEY_EXCHANGE response signature: Concatenate (A, D, Ct, K)
382 : * D = DIGEST, if MULTI_KEY_CONN_RSP
383 : * Ct = certificate chain
384 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response\signature+verify_data)*/
385 :
386 : /* TH for KEY_EXCHANGE response HMAC: Concatenate (A, D, Ct, K)
387 : * D = DIGEST, if MULTI_KEY_CONN_RSP
388 : * Ct = certificate chain
389 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response\verify_data)*/
390 :
391 : /* TH for FINISH request signature: Concatenate (A, D, Ct, K, EncapD, CM, F)
392 : * D = DIGEST, if MULTI_KEY_CONN_RSP
393 : * Ct = certificate chain
394 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response)
395 : * EncapD = Encap DIGEST, if MULTI_KEY_CONN_REQ
396 : * CM = mutual certificate chain
397 : * F = Concatenate (FINISH request\signature+verify_data)*/
398 :
399 : /* TH for FINISH response HMAC: Concatenate (A, D, Ct, K, EncapD, CM, F)
400 : * D = DIGEST, if MULTI_KEY_CONN_RSP
401 : * Ct = certificate chain
402 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response)
403 : * EncapD = Encap DIGEST, if MULTI_KEY_CONN_REQ
404 : * CM = mutual certificate chain, if MutAuth
405 : * F = Concatenate (FINISH request\verify_data)*/
406 :
407 : /* th1: Concatenate (A, D, Ct, K)
408 : * D = DIGEST, if MULTI_KEY_CONN_RSP
409 : * Ct = certificate chain
410 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response)*/
411 :
412 : /* th2: Concatenate (A, D, Ct, K, EncapD, CM, F)
413 : * D = DIGEST, if MULTI_KEY_CONN_RSP
414 : * Ct = certificate chain
415 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response)
416 : * EncapD = Encap DIGEST, if MULTI_KEY_CONN_REQ
417 : * CM = mutual certificate chain, if MutAuth
418 : * F = Concatenate (FINISH request, FINISH response)*/
419 :
420 : /* TH for PSK_EXCHANGE response HMAC: Concatenate (A, K)
421 : * K = Concatenate (PSK_EXCHANGE request, PSK_EXCHANGE response\verify_data)*/
422 :
423 : /* TH for PSK_FINISH response HMAC: Concatenate (A, K, F)
424 : * K = Concatenate (PSK_EXCHANGE request, PSK_EXCHANGE response)
425 : * F = Concatenate (PSK_FINISH request\verify_data)*/
426 :
427 : /* TH1_PSK1: Concatenate (A, K)
428 : * K = Concatenate (PSK_EXCHANGE request, PSK_EXCHANGE response\verify_data)*/
429 :
430 : /* TH1_PSK2: Concatenate (A, K, F)
431 : * K = Concatenate (PSK_EXCHANGE request, PSK_EXCHANGE response)
432 : * F = Concatenate (PSK_FINISH request\verify_data)*/
433 :
434 : /* TH2_PSK: Concatenate (A, K, F)
435 : * K = Concatenate (PSK_EXCHANGE request, PSK_EXCHANGE response)
436 : * F = Concatenate (PSK_FINISH request, PSK_FINISH response)*/
437 :
438 : typedef struct {
439 : libspdm_message_d_managed_buffer_t message_encap_d;
440 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
441 : libspdm_message_k_managed_buffer_t message_k;
442 : libspdm_message_f_managed_buffer_t message_f;
443 : libspdm_message_m_managed_buffer_t message_m;
444 : libspdm_message_e_managed_buffer_t message_e;
445 : libspdm_message_e_managed_buffer_t message_encap_e;
446 : #else
447 : bool message_f_initialized;
448 : void *digest_context_th;
449 : void *digest_context_l1l2;
450 : void *digest_context_il1il2;
451 : void *digest_context_encap_il1il2;
452 : /* this is back up for message F reset.*/
453 : void *digest_context_th_backup;
454 : #endif
455 : } libspdm_session_transcript_t;
456 :
457 : typedef struct {
458 : uint32_t session_id;
459 : bool use_psk;
460 : uint8_t mut_auth_requested;
461 : uint8_t end_session_attributes;
462 : uint8_t session_policy;
463 : uint8_t heartbeat_period;
464 : libspdm_session_transcript_t session_transcript;
465 : /* Register for the last KEY_UPDATE token and operation (responder only)*/
466 : spdm_key_update_request_t last_key_update_request;
467 : void *secured_message_context;
468 : } libspdm_session_info_t;
469 :
470 : #define LIBSPDM_MAX_ENCAP_REQUEST_OP_CODE_SEQUENCE_COUNT 3
471 : typedef struct {
472 : /* Valid OpCode: GET_DIGEST/GET_CERTIFICATE/CHALLENGE/KEY_UPDATE/GET_ENDPOINT_INFO
473 : * The last one is 0x00, as terminator.*/
474 : uint8_t request_op_code_sequence[LIBSPDM_MAX_ENCAP_REQUEST_OP_CODE_SEQUENCE_COUNT + 1];
475 : uint8_t request_op_code_count;
476 : uint8_t current_request_op_code;
477 : uint8_t request_id;
478 : uint8_t req_slot_id;
479 : spdm_message_header_t last_encap_request_header;
480 : size_t last_encap_request_size;
481 : uint16_t cert_chain_total_len;
482 : uint8_t req_context[SPDM_REQ_CONTEXT_SIZE];
483 : uint32_t session_id;
484 : } libspdm_encap_context_t;
485 :
486 : #if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP
487 : typedef struct {
488 : bool chunk_in_use;
489 : uint8_t chunk_handle;
490 : uint16_t chunk_seq_no;
491 : size_t chunk_bytes_transferred;
492 :
493 : void* large_message;
494 : size_t large_message_size;
495 : size_t large_message_capacity;
496 : } libspdm_chunk_info_t;
497 :
498 : typedef struct {
499 : libspdm_chunk_info_t send;
500 : libspdm_chunk_info_t get;
501 : } libspdm_chunk_context_t;
502 : #endif /* LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP */
503 :
504 : #if LIBSPDM_ENABLE_MSG_LOG
505 : typedef struct {
506 : void *buffer;
507 : size_t max_buffer_size;
508 : uint32_t mode;
509 : size_t buffer_size;
510 : uint32_t status;
511 : } libspdm_msg_log_t;
512 : #endif /* LIBSPDM_ENABLE_MSG_LOG */
513 :
514 : #if LIBSPDM_FIPS_MODE
515 : typedef struct {
516 : /**
517 : * Tested algo flag: 0 represents that the algo is not tested.
518 : * See LIBSPDM_FIPS_SELF_TEST_xxx;
519 : **/
520 : uint32_t tested_algo;
521 : /**
522 : * Flag for the result of run algo self_test, 0 represents the result is failed.
523 : * See LIBSPDM_FIPS_SELF_TEST_xxx;
524 : **/
525 : uint32_t self_test_result;
526 : } libspdm_fips_selftest_context_t;
527 : #endif /* LIBSPDM_FIPS_MODE */
528 :
529 : #define LIBSPDM_CONTEXT_STRUCT_VERSION 0x3
530 :
531 : typedef struct {
532 : uint32_t version;
533 :
534 : /* IO information */
535 : libspdm_device_send_message_func send_message;
536 : libspdm_device_receive_message_func receive_message;
537 :
538 : /*
539 : * reserved for request and response in the main dispatch function in SPDM responder.
540 : * this buffer is the transport message received from spdm_context->receive_message()
541 : * or sent to spdm_context->send_message().
542 : * This message may be SPDM transport message or secured SPDM transport message.
543 : **/
544 : libspdm_device_acquire_sender_buffer_func acquire_sender_buffer;
545 : libspdm_device_release_sender_buffer_func release_sender_buffer;
546 : libspdm_device_acquire_receiver_buffer_func acquire_receiver_buffer;
547 : libspdm_device_release_receiver_buffer_func release_receiver_buffer;
548 :
549 : /* Transport Layer information */
550 : libspdm_transport_encode_message_func transport_encode_message;
551 : libspdm_transport_decode_message_func transport_decode_message;
552 :
553 : /* Cached plain text command
554 : * If the command is cipher text, decrypt then cache it. */
555 : void *last_spdm_request;
556 : size_t last_spdm_request_size;
557 :
558 : /* Buffers used for data processing and transport. */
559 : void *scratch_buffer;
560 : size_t scratch_buffer_size;
561 : void *sender_buffer;
562 : size_t sender_buffer_size;
563 : void *receiver_buffer;
564 : size_t receiver_buffer_size;
565 :
566 : /* Cache session_id in this spdm_message, only valid for secured message. */
567 : uint32_t last_spdm_request_session_id;
568 : bool last_spdm_request_session_id_valid;
569 :
570 : /* Cache the error in libspdm_process_request. It is handled in libspdm_build_response. */
571 : libspdm_error_struct_t last_spdm_error;
572 :
573 : /* Register GetResponse function (responder only) */
574 : void *get_response_func;
575 :
576 : /* Register GetEncapResponse function (requester only) */
577 : void *get_encap_response_func;
578 : libspdm_encap_context_t encap_context;
579 :
580 : /* Register spdm_session_state_callback function (responder only)
581 : * Register can know the state after StartSession / EndSession. */
582 : void *spdm_session_state_callback;
583 :
584 : /* Register spdm_connection_state_callback function (responder only)
585 : * Register can know the connection state such as negotiated. */
586 : void *spdm_connection_state_callback;
587 :
588 : /* Register libspdm_key_update_callback function (responder only)
589 : * Register can know when session keys are updated during KEY_UPDATE operations. */
590 : void *spdm_key_update_callback;
591 :
592 : libspdm_local_context_t local_context;
593 :
594 : libspdm_connection_info_t connection_info;
595 : libspdm_transcript_t transcript;
596 :
597 : libspdm_session_info_t session_info[LIBSPDM_MAX_SESSION_COUNT];
598 :
599 : /* Buffer that the Responder uses to store the Requester's certificate chain for
600 : * mutual authentication. */
601 : void *mut_auth_cert_chain_buffer;
602 : size_t mut_auth_cert_chain_buffer_size;
603 : size_t mut_auth_cert_chain_buffer_max_size;
604 :
605 : /* Cache latest session ID for HANDSHAKE_IN_THE_CLEAR */
606 : uint32_t latest_session_id;
607 :
608 : /* Register for Responder state, be initial to Normal (responder only) */
609 : libspdm_response_state_t response_state;
610 :
611 : /* Cached data for SPDM_ERROR_CODE_RESPONSE_NOT_READY/SPDM_RESPOND_IF_READY */
612 : spdm_error_data_response_not_ready_t error_data;
613 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
614 : void *cache_spdm_request;
615 : size_t cache_spdm_request_size;
616 : #endif
617 : uint8_t current_token;
618 :
619 : /* Register for the retry times when receive "BUSY" Error response (requester only) */
620 : uint8_t retry_times;
621 : /* Register for the delay time in microseconds between retry requests
622 : * when receive "BUSY" Error response (requester only) */
623 : uint64_t retry_delay_time;
624 : bool crypto_request;
625 :
626 : /* App context data for use by application */
627 : void *app_context_data_ptr;
628 :
629 : /* See LIBSPDM_DATA_HANDLE_ERROR_RETURN_POLICY_*. */
630 : uint8_t handle_error_return_policy;
631 :
632 : /* Max session count for DHE session and PSK session
633 : * Set via LIBSPDM_DATA_MAX_DHE_SESSION_COUNT and LIBSPDM_DATA_MAX_PSK_SESSION_COUNT */
634 : uint32_t max_dhe_session_count;
635 : uint32_t max_psk_session_count;
636 :
637 : /* Current session count for DHE session and PSK session */
638 : uint32_t current_dhe_session_count;
639 : uint32_t current_psk_session_count;
640 :
641 : /* see LIBSPDM_DATA_MAX_SPDM_SESSION_SEQUENCE_NUMBER */
642 : uint64_t max_spdm_session_sequence_number;
643 :
644 : uint8_t sequence_number_endian;
645 :
646 : #if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP
647 : /* Chunk specific context */
648 : libspdm_chunk_context_t chunk_context;
649 : #endif /* LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP */
650 :
651 : #if LIBSPDM_ENABLE_MSG_LOG
652 : libspdm_msg_log_t msg_log;
653 : #endif /* LIBSPDM_ENABLE_MSG_LOG */
654 :
655 : #if LIBSPDM_FIPS_MODE
656 : libspdm_fips_selftest_context_t fips_selftest_context;
657 : #endif /* LIBSPDM_FIPS_MODE */
658 :
659 : /* Endianness (BE/LE/Both) to use for signature verification on SPDM 1.0 and 1.1
660 : * This field is ignored for other SPDM versions */
661 : uint8_t spdm_10_11_verify_signature_endian;
662 :
663 : #if LIBSPDM_ENABLE_VENDOR_DEFINED_MESSAGES
664 : libspdm_vendor_response_callback_func vendor_response_callback;
665 : libspdm_vendor_get_id_callback_func vendor_response_get_id;
666 : #endif /* LIBSPDM_ENABLE_VENDOR_DEFINED_MESSAGES */
667 :
668 : #if LIBSPDM_EVENT_RECIPIENT_SUPPORT
669 : libspdm_process_event_func process_event;
670 : #endif /* LIBSPDM_EVENT_RECIPIENT_SUPPORT */
671 :
672 : #if (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (LIBSPDM_SEND_GET_ENDPOINT_INFO_SUPPORT)
673 : libspdm_get_endpoint_info_callback_func get_endpoint_info_callback;
674 : #endif /* (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (LIBSPDM_SEND_GET_ENDPOINT_INFO_SUPPORT) */
675 : } libspdm_context_t;
676 :
677 : #define LIBSPDM_CONTEXT_SIZE_WITHOUT_SECURED_CONTEXT (sizeof(libspdm_context_t))
678 : #define LIBSPDM_CONTEXT_SIZE_ALL (LIBSPDM_CONTEXT_SIZE_WITHOUT_SECURED_CONTEXT + \
679 : LIBSPDM_SECURED_MESSAGE_CONTEXT_SIZE * LIBSPDM_MAX_SESSION_COUNT)
680 :
681 : #if LIBSPDM_DEBUG_PRINT_ENABLE
682 : /**
683 : * Return the request code name based on given request code.
684 : *
685 : * @param request_code The SPDM request code.
686 : *
687 : * @return request code name according to the request code.
688 : **/
689 : const char *libspdm_get_code_str(uint8_t request_code);
690 :
691 : #ifdef LIBSPDM_INTERNAL_DUMP_HEX_STR_OVERRIDE
692 : extern void LIBSPDM_INTERNAL_DUMP_HEX_STR_OVERRIDE(const uint8_t *data, size_t size);
693 : #define LIBSPDM_INTERNAL_DUMP_HEX_STR(data, size) LIBSPDM_INTERNAL_DUMP_HEX_STR_OVERRIDE(data, size)
694 : #else
695 : /**
696 : * This function dump raw data.
697 : *
698 : * @param data raw data
699 : * @param size raw data size
700 : **/
701 : void libspdm_internal_dump_hex_str(const uint8_t *data, size_t size);
702 : #define LIBSPDM_INTERNAL_DUMP_HEX_STR(data, size) libspdm_internal_dump_hex_str(data, size)
703 : #endif /* LIBSPDM_INTERNAL_DUMP_HEX_STR_OVERRIDE */
704 :
705 : #ifdef LIBSPDM_INTERNAL_DUMP_DATA_OVERRIDE
706 : extern void LIBSPDM_INTERNAL_DUMP_DATA_OVERRIDE(const uint8_t *data, size_t size);
707 : #define LIBSPDM_INTERNAL_DUMP_DATA(data, size) LIBSPDM_INTERNAL_DUMP_DATA_OVERRIDE(data, size)
708 : #else
709 : /**
710 : * This function dump raw data.
711 : *
712 : * @param data raw data
713 : * @param size raw data size
714 : **/
715 : void libspdm_internal_dump_data(const uint8_t *data, size_t size);
716 : #define LIBSPDM_INTERNAL_DUMP_DATA(data, size) libspdm_internal_dump_data(data, size)
717 : #endif /* LIBSPDM_INTERNAL_DUMP_DATA_OVERRIDE */
718 :
719 : #ifdef LIBSPDM_INTERNAL_DUMP_HEX_OVERRIDE
720 : extern void LIBSPDM_INTERNAL_DUMP_HEX_OVERRIDE(const uint8_t *data, size_t size);
721 : #define LIBSPDM_INTERNAL_DUMP_HEX(data, size) LIBSPDM_INTERNAL_DUMP_HEX_OVERRIDE(data, size)
722 : #else
723 : /**
724 : * This function dump raw data with column format.
725 : *
726 : * @param data raw data
727 : * @param size raw data size
728 : **/
729 : void libspdm_internal_dump_hex(const uint8_t *data, size_t size);
730 : #define LIBSPDM_INTERNAL_DUMP_HEX(data, size) libspdm_internal_dump_hex(data, size)
731 : #endif /* LIBSPDM_INTERNAL_DUMP_HEX_OVERRIDE */
732 :
733 : #else /* LIBSPDM_DEBUG_PRINT_ENABLE */
734 : #define LIBSPDM_INTERNAL_DUMP_HEX(data, size)
735 : #define LIBSPDM_INTERNAL_DUMP_HEX_STR(data, size)
736 : #define LIBSPDM_INTERNAL_DUMP_DATA(data, size)
737 : #endif /* LIBSPDM_DEBUG_PRINT_ENABLE */
738 :
739 : /* Required scratch buffer size for libspdm internal usage.
740 : * It may be used to hold the encrypted/decrypted message and/or last sent/received message.
741 : * It may be used to hold the large request/response and intermediate send/receive buffer
742 : * in case of chunking.
743 : *
744 : * If chunking is not supported, it should be at least below.
745 : * +--------------------------+-----------------+-----------------+
746 : * | SENDER_RECEIVER |MAX_SPDM_MSG_SIZE|MAX_SPDM_MSG_SIZE|
747 : * +--------------------------+-----------------+-----------------+
748 : * |<-Snd/Rcv buf for chunk ->|<-last request ->|<-cache request->|
749 : *
750 : *
751 : * If chunking is supported, it should be at least below.
752 : * +---------------+--------------+--------------------------+------------------------------+-----------------+-----------------+
753 : * |SECURE_MESSAGE |LARGE_MESSAGE | SENDER_RECEIVER | LARGE SENDER_RECEIVER |MAX_SPDM_MSG_SIZE|MAX_SPDM_MSG_SIZE|
754 : * +---------------+--------------+--------------------------+------------------------------+-----------------+-----------------+
755 : * |<-Secure msg ->|<-Large msg ->|<-Snd/Rcv buf for chunk ->|<-Snd/Rcv buf for large msg ->|<-last request ->|<-cache request->|
756 : *
757 : *
758 : * The value is configurable based on max_spdm_msg_size.
759 : * The value MAY be changed in different libspdm version.
760 : * It is exposed here, just in case the libspdm consumer wants to configure the setting at build time.
761 : */
762 : #if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP
763 : /* first section */
764 : uint32_t libspdm_get_scratch_buffer_secure_message_offset(libspdm_context_t *spdm_context);
765 : uint32_t libspdm_get_scratch_buffer_secure_message_capacity(libspdm_context_t *spdm_context);
766 :
767 : /* second section */
768 : uint32_t libspdm_get_scratch_buffer_large_message_offset(libspdm_context_t *spdm_context);
769 : uint32_t libspdm_get_scratch_buffer_large_message_capacity(libspdm_context_t *spdm_context);
770 : #endif
771 :
772 : /* third section */
773 : uint32_t libspdm_get_scratch_buffer_sender_receiver_offset(libspdm_context_t *spdm_context);
774 : uint32_t libspdm_get_scratch_buffer_sender_receiver_capacity(libspdm_context_t *spdm_context);
775 :
776 : #if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP
777 : /* fourth section */
778 : uint32_t libspdm_get_scratch_buffer_large_sender_receiver_offset(libspdm_context_t *spdm_context);
779 : uint32_t libspdm_get_scratch_buffer_large_sender_receiver_capacity(libspdm_context_t *spdm_context);
780 : #endif
781 :
782 : /* fifth section */
783 : uint32_t libspdm_get_scratch_buffer_last_spdm_request_offset(libspdm_context_t *spdm_context);
784 : uint32_t libspdm_get_scratch_buffer_last_spdm_request_capacity(libspdm_context_t *spdm_context);
785 :
786 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
787 : /* sixth section */
788 : uint32_t libspdm_get_scratch_buffer_cache_spdm_request_offset(libspdm_context_t *spdm_context);
789 : uint32_t libspdm_get_scratch_buffer_cache_spdm_request_capacity(libspdm_context_t *spdm_context);
790 : #endif
791 :
792 : /* combination */
793 : uint32_t libspdm_get_scratch_buffer_capacity(libspdm_context_t *spdm_context);
794 :
795 : /**
796 : * Append a new data buffer to the managed buffer.
797 : *
798 : * @param managed_buffer The managed buffer to be appended.
799 : * @param buffer The address of the data buffer to be appended to the managed buffer.
800 : * @param buffer_size The size in bytes of the data buffer to be appended to the managed buffer.
801 : *
802 : * @retval RETURN_SUCCESS The new data buffer is appended to the managed buffer.
803 : * @retval RETURN_BUFFER_TOO_SMALL The managed buffer is too small to be appended.
804 : **/
805 : libspdm_return_t libspdm_append_managed_buffer(void *managed_buffer,
806 : const void *buffer, size_t buffer_size);
807 :
808 : /**
809 : * Reset the managed buffer.
810 : * The buffer_size is reset to 0.
811 : * The max_buffer_size is unchanged.
812 : * The buffer is not freed.
813 : *
814 : * @param managed_buffer The managed buffer.
815 : **/
816 : void libspdm_reset_managed_buffer(void *managed_buffer);
817 :
818 : /**
819 : * Return the size of managed buffer.
820 : *
821 : * @param managed_buffer The managed buffer.
822 : *
823 : * @return the size of managed buffer.
824 : **/
825 : size_t libspdm_get_managed_buffer_size(void *managed_buffer);
826 :
827 : /**
828 : * Return the address of managed buffer.
829 : *
830 : * @param managed_buffer The managed buffer.
831 : *
832 : * @return the address of managed buffer.
833 : **/
834 : void *libspdm_get_managed_buffer(void *managed_buffer);
835 :
836 : /**
837 : * Init the managed buffer.
838 : *
839 : * @param managed_buffer The managed buffer.
840 : * @param max_buffer_size The maximum size in bytes of the managed buffer.
841 : **/
842 : void libspdm_init_managed_buffer(void *managed_buffer, size_t max_buffer_size);
843 :
844 : /**
845 : * Reset message buffer in SPDM context according to request code.
846 : *
847 : * @param spdm_context A pointer to the SPDM context.
848 : * @param spdm_session_info A pointer to the SPDM session context.
849 : * @param spdm_request The SPDM request code.
850 : */
851 : void libspdm_reset_message_buffer_via_request_code(void *context, void *session_info,
852 : uint8_t request_code);
853 :
854 : /**
855 : * This function initializes the session info.
856 : *
857 : * @param spdm_context A pointer to the SPDM context.
858 : * @param session_id The SPDM session ID.
859 : **/
860 : void libspdm_session_info_init(libspdm_context_t *spdm_context,
861 : libspdm_session_info_t *session_info,
862 : uint32_t session_id, bool use_psk);
863 :
864 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
865 : /**
866 : * Set the psk_hint to a session info.
867 : *
868 : * @param session_info A pointer to a session info.
869 : * @param psk_hint Indicate the PSK hint.
870 : * @param psk_hint_size The size in bytes of the PSK hint.
871 : */
872 : void libspdm_session_info_set_psk_hint(libspdm_session_info_t *session_info,
873 : const void *psk_hint,
874 : size_t psk_hint_size);
875 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
876 :
877 : /**
878 : * This function returns if a given version is supported based upon the GET_VERSION/VERSION.
879 : *
880 : * @param spdm_context A pointer to the SPDM context.
881 : * @param version The SPDM version.
882 : *
883 : * @retval true the version is supported.
884 : * @retval false the version is not supported.
885 : **/
886 : bool libspdm_is_version_supported(const libspdm_context_t *spdm_context, uint8_t version);
887 :
888 : /**
889 : * This function returns connection version negotiated by GET_VERSION/VERSION.
890 : *
891 : * @param spdm_context A pointer to the SPDM context.
892 : *
893 : * @return the connection version.
894 : **/
895 : uint8_t libspdm_get_connection_version(const libspdm_context_t *spdm_context);
896 :
897 : /**
898 : * This function returns if a capabilities flag is supported in current SPDM connection.
899 : *
900 : * @param spdm_context A pointer to the SPDM context.
901 : * @param is_requester Is the function called from a requester.
902 : * @param requester_capabilities_flag The requester capabilities flag to be checked
903 : * @param responder_capabilities_flag The responder capabilities flag to be checked
904 : *
905 : * @retval true the capabilities flag is supported.
906 : * @retval false the capabilities flag is not supported.
907 : **/
908 : bool libspdm_is_capabilities_flag_supported(const libspdm_context_t *spdm_context,
909 : bool is_requester,
910 : uint32_t requester_capabilities_flag,
911 : uint32_t responder_capabilities_flag);
912 :
913 : /**
914 : * Checks the negotiated SPDM version and endpoint capabilities to determine if encapsulated
915 : * messages are supported or not.
916 : *
917 : * @param spdm_context A pointer to the SPDM context.
918 : *
919 : * @retval true Both endpoints support encapsulated messages.
920 : * @retval false At least one endpoint does not support encapsulated messages.
921 : **/
922 : bool libspdm_is_encap_supported(const libspdm_context_t *spdm_context);
923 :
924 : /**
925 : * This function generates the certificate chain hash.
926 : *
927 : * @param spdm_context A pointer to the SPDM context.
928 : * @param slot_id The slot index of the certificate chain.
929 : * @param signature The buffer to store the certificate chain hash.
930 : *
931 : * @retval true certificate chain hash is generated.
932 : * @retval false certificate chain hash is not generated.
933 : **/
934 : bool libspdm_generate_cert_chain_hash(libspdm_context_t *spdm_context,
935 : size_t slot_id, uint8_t *hash);
936 :
937 : /**
938 : * This function generates the public key hash.
939 : *
940 : * @param spdm_context A pointer to the SPDM context.
941 : * @param hash The buffer to store the public key hash.
942 : *
943 : * @retval true public key hash is generated.
944 : * @retval false public key hash is not generated.
945 : **/
946 : bool libspdm_generate_public_key_hash(libspdm_context_t *spdm_context,
947 : uint8_t *hash);
948 :
949 : /**
950 : * This function verifies the integrity of peer certificate chain buffer including
951 : * spdm_cert_chain_t header.
952 : *
953 : * @param spdm_context A pointer to the SPDM context.
954 : * @param cert_chain_buffer Certificate chain buffer including spdm_cert_chain_t header.
955 : * @param cert_chain_buffer_size size in bytes of the certificate chain buffer.
956 : *
957 : * @retval true Peer certificate chain buffer integrity verification passed.
958 : * @retval false Peer certificate chain buffer integrity verification failed.
959 : **/
960 : bool libspdm_verify_peer_cert_chain_buffer_integrity(libspdm_context_t *spdm_context,
961 : const void *cert_chain_buffer,
962 : size_t cert_chain_buffer_size);
963 :
964 : /**
965 : * This function verifies peer certificate chain authority.
966 : *
967 : * @param spdm_context A pointer to the SPDM context.
968 : * @param cert_chain_buffer Certificate chain buffer including spdm_cert_chain_t header.
969 : * @param cert_chain_buffer_size size in bytes of the certificate chain buffer.
970 : * @param trust_anchor A buffer to hold the trust_anchor which is used to validate the peer certificate, if not NULL.
971 : * @param trust_anchor_size A buffer to hold the trust_anchor_size, if not NULL.
972 : *
973 : * @retval true Peer certificate chain buffer authority verification passed.
974 : * Or there is no root_cert in local_context.
975 : * @retval false Peer certificate chain buffer authority verification failed.
976 : **/
977 : bool libspdm_verify_peer_cert_chain_buffer_authority(libspdm_context_t *spdm_context,
978 : const void *cert_chain_buffer,
979 : size_t cert_chain_buffer_size,
980 : const void **trust_anchor,
981 : size_t *trust_anchor_size);
982 : /**
983 : * This function generates the challenge signature based upon m1m2 for authentication.
984 : *
985 : * @param spdm_context A pointer to the SPDM context.
986 : * @param is_requester Indicate of the signature generation for a requester or a responder.
987 : * @param signature The buffer to store the challenge signature.
988 : *
989 : * @retval true challenge signature is generated.
990 : * @retval false challenge signature is not generated.
991 : **/
992 : bool libspdm_generate_challenge_auth_signature(libspdm_context_t *spdm_context,
993 : bool is_requester,
994 : uint8_t *signature);
995 :
996 : /**
997 : * This function verifies the certificate chain hash.
998 : *
999 : * @param spdm_context A pointer to the SPDM context.
1000 : * @param certificate_chain_hash The certificate chain hash data buffer.
1001 : * @param certificate_chain_hash_size size in bytes of the certificate chain hash data buffer.
1002 : *
1003 : * @retval true hash verification pass.
1004 : * @retval false hash verification fail.
1005 : **/
1006 : bool libspdm_verify_certificate_chain_hash(libspdm_context_t *spdm_context,
1007 : const void *certificate_chain_hash,
1008 : size_t certificate_chain_hash_size);
1009 :
1010 : /**
1011 : * This function verifies the public key hash.
1012 : *
1013 : * @param spdm_context A pointer to the SPDM context.
1014 : * @param public_key_hash The public key hash data buffer.
1015 : * @param public_key_hash_size size in bytes of the public key hash data buffer.
1016 : *
1017 : * @retval true hash verification pass.
1018 : * @retval false hash verification fail.
1019 : **/
1020 : bool libspdm_verify_public_key_hash(libspdm_context_t *spdm_context,
1021 : const void *public_key_hash,
1022 : size_t public_key_hash_size);
1023 :
1024 : /**
1025 : * This function verifies the challenge signature based upon m1m2.
1026 : *
1027 : * @param spdm_context A pointer to the SPDM context.
1028 : * @param is_requester Indicate of the signature verification for a requester or a responder.
1029 : * @param sign_data The signature data buffer.
1030 : * @param sign_data_size size in bytes of the signature data buffer.
1031 : *
1032 : * @retval true signature verification pass.
1033 : * @retval false signature verification fail.
1034 : **/
1035 : bool libspdm_verify_challenge_auth_signature(libspdm_context_t *spdm_context,
1036 : bool is_requester,
1037 : const void *sign_data,
1038 : size_t sign_data_size);
1039 :
1040 : /**
1041 : * This function calculate the measurement summary hash size.
1042 : *
1043 : * @param spdm_context A pointer to the SPDM context.
1044 : * @param is_requester Is the function called from a requester.
1045 : * @param measurement_summary_hash_type The type of the measurement summary hash.
1046 : *
1047 : * @return 0 measurement summary hash type is invalid, NO_MEAS hash type or no MEAS capabilities.
1048 : * @return measurement summary hash size according to type.
1049 : **/
1050 : uint32_t libspdm_get_measurement_summary_hash_size(libspdm_context_t *spdm_context,
1051 : bool is_requester,
1052 : uint8_t measurement_summary_hash_type);
1053 :
1054 : /**
1055 : * This function generates the endpoint info signature based upon il1il2 for authentication.
1056 : *
1057 : * @param spdm_context A pointer to the SPDM context.
1058 : * @param session_info A pointer to the SPDM session context.
1059 : * @param is_requester Indicate of the signature generation for a requester or a responder.
1060 : * @param signature The buffer to store the endpoint info signature.
1061 : *
1062 : * @retval true challenge signature is generated.
1063 : * @retval false challenge signature is not generated.
1064 : **/
1065 : bool libspdm_generate_endpoint_info_signature(libspdm_context_t *spdm_context,
1066 : libspdm_session_info_t *session_info,
1067 : bool is_requester,
1068 : uint8_t *signature);
1069 :
1070 : /**
1071 : * This function verifies the challenge signature based upon m1m2.
1072 : *
1073 : * @param spdm_context A pointer to the SPDM context.
1074 : * @param session_info A pointer to the SPDM session context.
1075 : * @param is_requester Indicate of the signature verification for a requester or a responder.
1076 : * @param sign_data The signature data buffer.
1077 : * @param sign_data_size size in bytes of the signature data buffer.
1078 : *
1079 : * @retval true signature verification pass.
1080 : * @retval false signature verification fail.
1081 : **/
1082 : bool libspdm_verify_endpoint_info_signature(libspdm_context_t *spdm_context,
1083 : libspdm_session_info_t *session_info,
1084 : bool is_requester,
1085 : const void *sign_data,
1086 : size_t sign_data_size);
1087 :
1088 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1089 : /*
1090 : * This function calculates l1l2.
1091 : * If session_info is NULL, this function will use M cache of SPDM context,
1092 : * else will use M cache of SPDM session context.
1093 : *
1094 : * @param spdm_context A pointer to the SPDM context.
1095 : * @param session_info A pointer to the SPDM session context.
1096 : * @param l1l2 The buffer to store the l1l2.
1097 : *
1098 : * @retval RETURN_SUCCESS l1l2 is calculated.
1099 : */
1100 : bool libspdm_calculate_l1l2(libspdm_context_t *spdm_context,
1101 : void *session_info,
1102 : libspdm_l1l2_managed_buffer_t *l1l2);
1103 : #else
1104 : /*
1105 : * This function calculates l1l2 hash.
1106 : * If session_info is NULL, this function will use M cache of SPDM context,
1107 : * else will use M cache of SPDM session context.
1108 : *
1109 : * @param spdm_context A pointer to the SPDM context.
1110 : * @param session_info A pointer to the SPDM session context.
1111 : * @param l1l2_hash_size size in bytes of the l1l2 hash
1112 : * @param l1l2_hash The buffer to store the l1l2 hash
1113 : *
1114 : * @retval RETURN_SUCCESS l1l2 is calculated.
1115 : */
1116 : bool libspdm_calculate_l1l2_hash(libspdm_context_t *spdm_context,
1117 : void *session_info,
1118 : size_t *l1l2_hash_size, void *l1l2_hash);
1119 : #endif /* LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT */
1120 :
1121 : /**
1122 : * Get element from multi element opaque data by element id.
1123 : *
1124 : * This function should be called in
1125 : * libspdm_process_opaque_data_supported_version_data/libspdm_process_opaque_data_version_selection_data.
1126 : *
1127 : * @param[in] data_in_size Size of multi element opaque data.
1128 : * @param[in] data_in A pointer to the multi element opaque data.
1129 : * @param[in] element_id Element id.
1130 : * @param[in] sm_data_id ID for the Secured Message data type.
1131 : * @param[out] get_element_ptr Pointer to store found element.
1132 : *
1133 : * @retval true Get element successfully
1134 : * @retval false Get element failed
1135 : **/
1136 : bool libspdm_get_element_from_opaque_data(libspdm_context_t *spdm_context,
1137 : size_t data_in_size, const void *data_in,
1138 : uint8_t element_id, uint8_t sm_data_id,
1139 : const void **get_element_ptr, size_t *get_element_len);
1140 :
1141 : /**
1142 : * Process general opaque data check
1143 : *
1144 : * @param data_in_size size in bytes of the data_in.
1145 : * @param data_in A pointer to the buffer to store the opaque data version selection.
1146 : *
1147 : * @retval true check opaque data successfully
1148 : * @retval false check opaque data failed
1149 : **/
1150 : bool libspdm_process_general_opaque_data_check(libspdm_context_t *spdm_context,
1151 : size_t data_in_size,
1152 : const void *data_in);
1153 :
1154 : /**
1155 : * Return the size in bytes of opaque data supported version.
1156 : *
1157 : * This function should be called in libspdm_process_opaque_data_supported_version_data.
1158 : *
1159 : * @param version_count Secure version count.
1160 : *
1161 : * @return The size in bytes of opaque data supported version.
1162 : **/
1163 : size_t libspdm_get_untrusted_opaque_data_supported_version_data_size(
1164 : libspdm_context_t *spdm_context, uint8_t version_count);
1165 :
1166 : /**
1167 : * Return the size in bytes of opaque data supported version.
1168 : *
1169 : * This function should be called in KEY_EXCHANGE/PSK_EXCHANGE request generation.
1170 : *
1171 : * @return the size in bytes of opaque data supported version.
1172 : **/
1173 : size_t libspdm_get_opaque_data_supported_version_data_size(libspdm_context_t *spdm_context);
1174 :
1175 : /**
1176 : * Return the size in bytes of opaque data version selection.
1177 : *
1178 : * This function should be called in KEY_EXCHANGE/PSK_EXCHANGE response generation.
1179 : *
1180 : * @return the size in bytes of opaque data version selection.
1181 : **/
1182 : size_t libspdm_get_opaque_data_version_selection_data_size(const libspdm_context_t *spdm_context);
1183 :
1184 : /**
1185 : * Return the SPDMversion field of the version number struct.
1186 : *
1187 : * @param ver Spdm version number struct.
1188 : *
1189 : * @return the SPDMversion of the version number struct.
1190 : **/
1191 : uint8_t libspdm_get_version_from_version_number(const spdm_version_number_t ver);
1192 :
1193 : /**
1194 : * Sort SPDMversion in descending order.
1195 : *
1196 : * @param spdm_context A pointer to the SPDM context.
1197 : * @param ver_set A pointer to the version set.
1198 : * @param ver_num Version number.
1199 : */
1200 : void libspdm_version_number_sort(spdm_version_number_t *ver_set, size_t ver_num);
1201 :
1202 : /**
1203 : * Negotiate SPDMversion for connection.
1204 : * ver_set is the local version set of requester, res_ver_set is the version set of responder.
1205 : *
1206 : * @param common_version A pointer to store the common version.
1207 : * @param req_ver_set A pointer to the requester version set.
1208 : * @param req_ver_num Version number of requester.
1209 : * @param res_ver_set A pointer to the responder version set.
1210 : * @param res_ver_num Version number of responder.
1211 : *
1212 : * @retval true Negotiation successfully, connect version be saved to common_version.
1213 : * @retval false Negotiation failed.
1214 : */
1215 : bool libspdm_negotiate_connection_version(spdm_version_number_t *common_version,
1216 : spdm_version_number_t *req_ver_set,
1217 : size_t req_ver_num,
1218 : const spdm_version_number_t *res_ver_set,
1219 : size_t res_ver_num);
1220 :
1221 : /**
1222 : * Acquire a device sender buffer for transport layer message.
1223 : *
1224 : * @param context A pointer to the SPDM context.
1225 : * @param max_msg_size size in bytes of the maximum size of sender buffer.
1226 : * @param msg_buf_ptr A pointer to a sender buffer.
1227 : *
1228 : * @retval RETURN_SUCCESS The sender buffer is acquired.
1229 : **/
1230 : libspdm_return_t libspdm_acquire_sender_buffer (
1231 : libspdm_context_t *spdm_context, size_t *max_msg_size, void **msg_buf_ptr);
1232 :
1233 : /**
1234 : * Release a device sender buffer for transport layer message.
1235 : *
1236 : * @param context A pointer to the SPDM context.
1237 : *
1238 : * @retval RETURN_SUCCESS The sender buffer is Released.
1239 : **/
1240 : void libspdm_release_sender_buffer (libspdm_context_t *spdm_context);
1241 :
1242 : /**
1243 : * Get the sender buffer.
1244 : *
1245 : * @param context A pointer to the SPDM context.
1246 : * @param sender_buffer Buffer address of the sender buffer.
1247 : * @param sender_buffer_size Size of the sender buffer.
1248 : *
1249 : **/
1250 : void libspdm_get_sender_buffer (
1251 : libspdm_context_t *spdm_context,
1252 : void **sender_buffer,
1253 : size_t *sender_buffer_size);
1254 :
1255 : /**
1256 : * Acquire a device receiver buffer for transport layer message.
1257 : *
1258 : * @param context A pointer to the SPDM context.
1259 : * @param max_msg_size size in bytes of the maximum size of receiver buffer.
1260 : * @param msg_buf_pt A pointer to a receiver buffer.
1261 : *
1262 : * @retval RETURN_SUCCESS The receiver buffer is acquired.
1263 : **/
1264 : libspdm_return_t libspdm_acquire_receiver_buffer (
1265 : libspdm_context_t *spdm_context, size_t *max_msg_size, void **msg_buf_ptr);
1266 :
1267 : /**
1268 : * Release a device receiver buffer for transport layer message.
1269 : *
1270 : * @param context A pointer to the SPDM context.
1271 : *
1272 : * @retval RETURN_SUCCESS The receiver buffer is Released.
1273 : **/
1274 : void libspdm_release_receiver_buffer (libspdm_context_t *spdm_context);
1275 :
1276 : /**
1277 : * Get the receiver buffer.
1278 : *
1279 : * @param context A pointer to the SPDM context.
1280 : * @param receiver_buffer Buffer address of the receiver buffer.
1281 : * @param receiver_buffer_size Size of the receiver buffer.
1282 : *
1283 : **/
1284 : void libspdm_get_receiver_buffer (
1285 : libspdm_context_t *spdm_context,
1286 : void **receiver_buffer,
1287 : size_t *receiver_buffer_size);
1288 :
1289 : /**
1290 : * Get the certificate slot mask
1291 : *
1292 : * @param[in] context A pointer to the SPDM context.
1293 : *
1294 : * @retval slot_mask get slot mask
1295 : **/
1296 : uint8_t libspdm_get_cert_slot_mask (libspdm_context_t *spdm_context);
1297 :
1298 : /**
1299 : * Get the certificate slot count
1300 : *
1301 : * @param[in] context A pointer to the SPDM context.
1302 : *
1303 : * @retval slot_count get slot count
1304 : **/
1305 : uint8_t libspdm_get_cert_slot_count(libspdm_context_t *spdm_context);
1306 :
1307 : #if LIBSPDM_ENABLE_MSG_LOG
1308 : void libspdm_append_msg_log(libspdm_context_t *spdm_context, void *message, size_t message_size);
1309 : #endif
1310 :
1311 : /**
1312 : * Reset message A cache in SPDM context.
1313 : *
1314 : * @param spdm_context A pointer to the SPDM context.
1315 : **/
1316 : void libspdm_reset_message_a(libspdm_context_t *spdm_context);
1317 :
1318 : /**
1319 : * Reset message D cache in SPDM context.
1320 : *
1321 : * @param spdm_context A pointer to the SPDM context.
1322 : * @param spdm_session_info A pointer to the SPDM session context.
1323 : **/
1324 : void libspdm_reset_message_d(libspdm_context_t *spdm_context);
1325 :
1326 : /**
1327 : * Reset message B cache in SPDM context.
1328 : *
1329 : * @param spdm_context A pointer to the SPDM context.
1330 : **/
1331 : void libspdm_reset_message_b(libspdm_context_t *spdm_context);
1332 :
1333 : /**
1334 : * Reset message C cache in SPDM context.
1335 : *
1336 : * @param spdm_context A pointer to the SPDM context.
1337 : **/
1338 : void libspdm_reset_message_c(libspdm_context_t *spdm_context);
1339 :
1340 : /**
1341 : * Reset message MutB cache in SPDM context.
1342 : *
1343 : * @param spdm_context A pointer to the SPDM context.
1344 : **/
1345 : void libspdm_reset_message_mut_b(libspdm_context_t *spdm_context);
1346 :
1347 : /**
1348 : * Reset message MutC cache in SPDM context.
1349 : *
1350 : * @param spdm_context A pointer to the SPDM context.
1351 : **/
1352 : void libspdm_reset_message_mut_c(libspdm_context_t *spdm_context);
1353 :
1354 : /**
1355 : * Reset message M cache in SPDM context.
1356 : * If session_info is NULL, this function will use M cache of SPDM context,
1357 : * else will use M cache of SPDM session context.
1358 : *
1359 : * @param spdm_context A pointer to the SPDM context.
1360 : * @param session_info A pointer to the SPDM session context.
1361 : **/
1362 : void libspdm_reset_message_m(libspdm_context_t *spdm_context, void *session_info);
1363 :
1364 : /**
1365 : * Reset message K cache in SPDM context.
1366 : *
1367 : * @param spdm_context A pointer to the SPDM context.
1368 : * @param spdm_session_info A pointer to the SPDM session context.
1369 : **/
1370 : void libspdm_reset_message_k(libspdm_context_t *spdm_context, void *spdm_session_info);
1371 :
1372 : /**
1373 : * Reset message EncapD cache in SPDM context.
1374 : *
1375 : * @param spdm_context A pointer to the SPDM context.
1376 : * @param spdm_session_info A pointer to the SPDM session context.
1377 : **/
1378 : void libspdm_reset_message_encap_d(libspdm_context_t *spdm_context, void *spdm_session_info);
1379 :
1380 : /**
1381 : * Reset message F cache in SPDM context.
1382 : *
1383 : * @param spdm_context A pointer to the SPDM context.
1384 : * @param spdm_session_info A pointer to the SPDM session context.
1385 : **/
1386 : void libspdm_reset_message_f(libspdm_context_t *spdm_context, void *spdm_session_info);
1387 :
1388 : /**
1389 : * Reset message E cache in SPDM context.
1390 : * If session_info is NULL, this function will use E cache of SPDM context,
1391 : * else will use E cache of SPDM session context.
1392 : *
1393 : * @param spdm_context A pointer to the SPDM context.
1394 : * @param spdm_session_info A pointer to the SPDM session context.
1395 : **/
1396 : void libspdm_reset_message_e(libspdm_context_t *spdm_context, void *session_info);
1397 :
1398 : /**
1399 : * Reset message encap E cache in SPDM context.
1400 : * If session_info is NULL, this function will use encap E cache of SPDM context,
1401 : * else will use encap E cache of SPDM session context.
1402 : *
1403 : * @param spdm_context A pointer to the SPDM context.
1404 : * @param spdm_session_info A pointer to the SPDM session context.
1405 : **/
1406 : void libspdm_reset_message_encap_e(libspdm_context_t *spdm_context, void *session_info);
1407 :
1408 : /**
1409 : * Append message A cache in SPDM context.
1410 : *
1411 : * @param spdm_context A pointer to the SPDM context.
1412 : * @param message Message buffer.
1413 : * @param message_size Size in bytes of message buffer.
1414 : *
1415 : * @return RETURN_SUCCESS message is appended.
1416 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1417 : **/
1418 : libspdm_return_t libspdm_append_message_a(libspdm_context_t *spdm_context, const void *message,
1419 : size_t message_size);
1420 :
1421 : /**
1422 : * Append message D cache in SPDM context.
1423 : *
1424 : * @param spdm_context A pointer to the SPDM context.
1425 : * @param message Message buffer.
1426 : * @param message_size Size in bytes of message buffer.
1427 : *
1428 : * @return RETURN_SUCCESS message is appended.
1429 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1430 : **/
1431 : libspdm_return_t libspdm_append_message_d(libspdm_context_t *spdm_context, const void *message,
1432 : size_t message_size);
1433 :
1434 : /**
1435 : * Append message B cache in SPDM context.
1436 : *
1437 : * @param spdm_context A pointer to the SPDM context.
1438 : * @param message Message buffer.
1439 : * @param message_size Size in bytes of message buffer.
1440 : *
1441 : * @return RETURN_SUCCESS message is appended.
1442 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1443 : **/
1444 : libspdm_return_t libspdm_append_message_b(libspdm_context_t *spdm_context, const void *message,
1445 : size_t message_size);
1446 :
1447 : /**
1448 : * Append message C cache in SPDM context.
1449 : *
1450 : * @param spdm_context A pointer to the SPDM context.
1451 : * @param message Message buffer.
1452 : * @param message_size Size in bytes of message buffer.
1453 : *
1454 : * @return RETURN_SUCCESS message is appended.
1455 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1456 : **/
1457 : libspdm_return_t libspdm_append_message_c(libspdm_context_t *spdm_context, const void *message,
1458 : size_t message_size);
1459 :
1460 : /**
1461 : * Append message MutB cache in SPDM context.
1462 : *
1463 : * @param spdm_context A pointer to the SPDM context.
1464 : * @param message Message buffer.
1465 : * @param message_size Size in bytes of message buffer.
1466 : *
1467 : * @return RETURN_SUCCESS message is appended.
1468 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1469 : **/
1470 : libspdm_return_t libspdm_append_message_mut_b(libspdm_context_t *spdm_context, const void *message,
1471 : size_t message_size);
1472 :
1473 : /**
1474 : * Append message MutC cache in SPDM context.
1475 : *
1476 : * @param spdm_context A pointer to the SPDM context.
1477 : * @param message Message buffer.
1478 : * @param message_size Size in bytes of message buffer.
1479 : *
1480 : * @return RETURN_SUCCESS message is appended.
1481 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1482 : **/
1483 : libspdm_return_t libspdm_append_message_mut_c(libspdm_context_t *spdm_context, const void *message,
1484 : size_t message_size);
1485 :
1486 : /**
1487 : * Append message M cache in SPDM context.
1488 : * If session_info is NULL, this function will use M cache of SPDM context,
1489 : * else will use M cache of SPDM session context.
1490 : *
1491 : * @param spdm_context A pointer to the SPDM context.
1492 : * @param session_info A pointer to the SPDM session context.
1493 : * @param message Message buffer.
1494 : * @param message_size Size in bytes of message buffer.
1495 : *
1496 : * @return RETURN_SUCCESS message is appended.
1497 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1498 : **/
1499 : libspdm_return_t libspdm_append_message_m(libspdm_context_t *spdm_context,
1500 : void *session_info,
1501 : const void *message, size_t message_size);
1502 :
1503 : /**
1504 : * Append message K cache in SPDM context.
1505 : *
1506 : * @param spdm_context A pointer to the SPDM context.
1507 : * @param spdm_session_info A pointer to the SPDM session context.
1508 : * @param is_requester Indicate of the key generation for a requester or a responder.
1509 : * @param message Message buffer.
1510 : * @param message_size Size in bytes of message buffer.
1511 : *
1512 : * @return RETURN_SUCCESS message is appended.
1513 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1514 : **/
1515 : libspdm_return_t libspdm_append_message_k(libspdm_context_t *spdm_context,
1516 : void *spdm_session_info,
1517 : bool is_requester, const void *message,
1518 : size_t message_size);
1519 :
1520 : /**
1521 : * Append message EncapD cache in SPDM context.
1522 : *
1523 : * @param spdm_context A pointer to the SPDM context.
1524 : * @param spdm_session_info A pointer to the SPDM session context.
1525 : * @param is_requester Indicate of the key generation for a requester or a responder.
1526 : * @param message Message buffer.
1527 : * @param message_size Size in bytes of message buffer.
1528 : *
1529 : * @return RETURN_SUCCESS message is appended.
1530 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1531 : **/
1532 : libspdm_return_t libspdm_append_message_encap_d(libspdm_context_t *spdm_context,
1533 : void *spdm_session_info,
1534 : bool is_requester, const void *message,
1535 : size_t message_size);
1536 :
1537 : /**
1538 : * Append message F cache in SPDM context.
1539 : *
1540 : * @param spdm_context A pointer to the SPDM context.
1541 : * @param spdm_session_info A pointer to the SPDM session context.
1542 : * @param is_requester Indicate of the key generation for a requester or a responder.
1543 : * @param message Message buffer.
1544 : * @param message_size Size in bytes of message buffer.
1545 : *
1546 : * @return RETURN_SUCCESS message is appended.
1547 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1548 : **/
1549 : libspdm_return_t libspdm_append_message_f(libspdm_context_t *spdm_context,
1550 : void *spdm_session_info,
1551 : bool is_requester, const void *message,
1552 : size_t message_size);
1553 :
1554 : /**
1555 : * Append message E cache in SPDM context.
1556 : * If session_info is NULL, this function will use E cache of SPDM context,
1557 : * else will use E cache of SPDM session context.
1558 : *
1559 : * @param spdm_context A pointer to the SPDM context.
1560 : * @param session_info A pointer to the SPDM session context.
1561 : * @param message message buffer.
1562 : * @param message_size size in bytes of message buffer.
1563 : *
1564 : * @return RETURN_SUCCESS message is appended.
1565 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1566 : **/
1567 : libspdm_return_t libspdm_append_message_e(libspdm_context_t *spdm_context, void *session_info,
1568 : const void *message, size_t message_size);
1569 :
1570 : /**
1571 : * Append message encap E cache in SPDM context.
1572 : * If session_info is NULL, this function will use encap E cache of SPDM context,
1573 : * else will use encap E cache of SPDM session context.
1574 : *
1575 : * @param spdm_context A pointer to the SPDM context.
1576 : * @param session_info A pointer to the SPDM session context.
1577 : * @param message message buffer.
1578 : * @param message_size size in bytes of message buffer.
1579 : *
1580 : * @return RETURN_SUCCESS message is appended.
1581 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1582 : **/
1583 : libspdm_return_t libspdm_append_message_encap_e(libspdm_context_t *spdm_context, void *session_info,
1584 : const void *message, size_t message_size);
1585 :
1586 : /**
1587 : * This function generates a session ID by concatenating req_session_id and rsp_session_id.
1588 : *
1589 : * @param[in] req_session_id
1590 : * @param[in] rsp_session_id
1591 : *
1592 : * @return Session ID.
1593 : **/
1594 : uint32_t libspdm_generate_session_id(uint16_t req_session_id, uint16_t rsp_session_id);
1595 :
1596 : /**
1597 : * This function assigns a new session ID.
1598 : *
1599 : * @param spdm_context A pointer to the SPDM context.
1600 : * @param session_id The SPDM session ID.
1601 : *
1602 : * @return session info associated with this new session ID.
1603 : **/
1604 : void *libspdm_assign_session_id(libspdm_context_t *spdm_context, uint32_t session_id, bool use_psk);
1605 :
1606 : /**
1607 : * This function frees a session ID.
1608 : *
1609 : * @param spdm_context A pointer to the SPDM context.
1610 : * @param session_id The SPDM session ID.
1611 : **/
1612 : void libspdm_free_session_id(libspdm_context_t *spdm_context, uint32_t session_id);
1613 :
1614 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1615 : /*
1616 : * This function calculates current TH data with message A and message K.
1617 : *
1618 : * @param spdm_context A pointer to the SPDM context.
1619 : * @param session_info The SPDM session ID.
1620 : * @param cert_chain_buffer Certificate chain buffer with spdm_cert_chain_t header.
1621 : * @param cert_chain_buffer_size Size in bytes of the certificate chain buffer.
1622 : * @param th_data_buffer_size Size in bytes of the th_data_buffer
1623 : * @param th_data_buffer The buffer to store the th_data_buffer
1624 : *
1625 : * @retval RETURN_SUCCESS current TH data is calculated.
1626 : */
1627 : bool libspdm_calculate_th_for_exchange(
1628 : libspdm_context_t *spdm_context, void *spdm_session_info,
1629 : const uint8_t *cert_chain_buffer, size_t cert_chain_buffer_size,
1630 : libspdm_th_managed_buffer_t *th_curr);
1631 : #else
1632 : /*
1633 : * This function calculates current TH hash with message A and message K.
1634 : *
1635 : * @param spdm_context A pointer to the SPDM context.
1636 : * @param session_info The SPDM session ID.
1637 : * @param th_hash_buffer_size Size in bytes of the th_hash_buffer
1638 : * @param th_hash_buffer The buffer to store the th_hash_buffer
1639 : *
1640 : * @retval RETURN_SUCCESS current TH hash is calculated.
1641 : */
1642 : bool libspdm_calculate_th_hash_for_exchange(
1643 : libspdm_context_t *spdm_context, void *spdm_session_info,
1644 : size_t *th_hash_buffer_size, void *th_hash_buffer);
1645 :
1646 : /*
1647 : * This function calculates current TH hmac with message A and message K, with response finished_key.
1648 : *
1649 : * @param spdm_context A pointer to the SPDM context.
1650 : * @param session_info The SPDM session ID.
1651 : * @param th_hmac_buffer_size Size in bytes of the th_hmac_buffer
1652 : * @param th_hmac_buffer The buffer to store the th_hmac_buffer
1653 : *
1654 : * @retval RETURN_SUCCESS current TH hmac is calculated.
1655 : */
1656 : bool libspdm_calculate_th_hmac_for_exchange_rsp(
1657 : libspdm_context_t *spdm_context, void *spdm_session_info, bool is_requester,
1658 : size_t *th_hmac_buffer_size, void *th_hmac_buffer);
1659 : #endif
1660 :
1661 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1662 : /*
1663 : * This function calculates current TH data with message A, message K and message F.
1664 : *
1665 : * @param spdm_context A pointer to the SPDM context.
1666 : * @param session_info The SPDM session ID.
1667 : * @param cert_chain_buffer Certificate chain buffer with spdm_cert_chain_t header.
1668 : * @param cert_chain_buffer_size Size in bytes of the certificate chain buffer.
1669 : * @param mut_cert_chain_buffer Certificate chain buffer with spdm_cert_chain_t header in mutual authentication.
1670 : * @param mut_cert_chain_buffer_size Size in bytes of the certificate chain buffer in mutual authentication.
1671 : * @param th_data_buffer_size Size in bytes of the th_data_buffer.
1672 : * @param th_data_buffer The buffer to store the th_data_buffer
1673 : *
1674 : * @retval RETURN_SUCCESS current TH data is calculated.
1675 : */
1676 : bool libspdm_calculate_th_for_finish(libspdm_context_t *spdm_context,
1677 : void *spdm_session_info,
1678 : const uint8_t *cert_chain_buffer,
1679 : size_t cert_chain_buffer_size,
1680 : const uint8_t *mut_cert_chain_buffer,
1681 : size_t mut_cert_chain_buffer_size,
1682 : libspdm_th_managed_buffer_t *th_curr);
1683 : #else
1684 : /*
1685 : * This function calculates current TH hash with message A, message K and message F.
1686 : *
1687 : * @param spdm_context A pointer to the SPDM context.
1688 : * @param session_info The SPDM session ID.
1689 : * @param th_hash_buffer_size Size in bytes of the th_hash_buffer
1690 : * @param th_hash_buffer The buffer to store the th_hash_buffer
1691 : *
1692 : * @retval RETURN_SUCCESS current TH hash is calculated.
1693 : */
1694 : bool libspdm_calculate_th_hash_for_finish(libspdm_context_t *spdm_context,
1695 : void *spdm_session_info,
1696 : size_t *th_hash_buffer_size,
1697 : void *th_hash_buffer);
1698 :
1699 : /*
1700 : * This function calculates current TH hmac with message A, message K and message F, with response finished_key.
1701 : *
1702 : * @param spdm_context A pointer to the SPDM context.
1703 : * @param session_info The SPDM session ID.
1704 : * @param th_hmac_buffer_size Size in bytes of the th_hmac_buffer
1705 : * @param th_hmac_buffer The buffer to store the th_hmac_buffer
1706 : *
1707 : * @retval RETURN_SUCCESS current TH hmac is calculated.
1708 : */
1709 : bool libspdm_calculate_th_hmac_for_finish_rsp(libspdm_context_t *spdm_context,
1710 : void *spdm_session_info,
1711 : size_t *th_hmac_buffer_size,
1712 : void *th_hmac_buffer);
1713 :
1714 : /*
1715 : * This function calculates current TH hmac with message A, message K and message F, with request finished_key.
1716 : *
1717 : * @param spdm_context A pointer to the SPDM context.
1718 : * @param session_info The SPDM session ID.
1719 : * @param th_hmac_buffer_size Size in bytes of the th_hmac_buffer
1720 : * @param th_hmac_buffer The buffer to store the th_hmac_buffer
1721 : *
1722 : * @retval RETURN_SUCCESS current TH hmac is calculated.
1723 : */
1724 : bool libspdm_calculate_th_hmac_for_finish_req(libspdm_context_t *spdm_context,
1725 : void *spdm_session_info,
1726 : size_t *th_hmac_buffer_size,
1727 : void *th_hmac_buffer);
1728 : #endif
1729 :
1730 : /*
1731 : * This function calculates th1 hash.
1732 : *
1733 : * @param spdm_context A pointer to the SPDM context.
1734 : * @param session_info The SPDM session ID.
1735 : * @param is_requester Indicate of the key generation for a requester or a responder.
1736 : * @param th1_hash_data Th1 hash.
1737 : *
1738 : * @retval RETURN_SUCCESS th1 hash is calculated.
1739 : */
1740 : bool libspdm_calculate_th1_hash(libspdm_context_t *spdm_context,
1741 : void *spdm_session_info,
1742 : bool is_requester,
1743 : uint8_t *th1_hash_data);
1744 :
1745 : /*
1746 : * This function calculates th2 hash.
1747 : *
1748 : * @param spdm_context A pointer to the SPDM context.
1749 : * @param session_info The SPDM session ID.
1750 : * @param is_requester Indicate of the key generation for a requester or a responder.
1751 : * @param th1_hash_data Th2 hash
1752 : *
1753 : * @retval RETURN_SUCCESS th2 hash is calculated.
1754 : */
1755 : bool libspdm_calculate_th2_hash(libspdm_context_t *spdm_context,
1756 : void *spdm_session_info,
1757 : bool is_requester,
1758 : uint8_t *th2_hash_data);
1759 :
1760 : /**
1761 : * Reads a 24-bit value from memory that may be unaligned.
1762 : *
1763 : * @param buffer The pointer to a 24-bit value that may be unaligned.
1764 : *
1765 : * @return The 24-bit value read from buffer.
1766 : **/
1767 : uint32_t libspdm_read_uint24(const uint8_t *buffer);
1768 :
1769 : /**
1770 : * Writes a 24-bit value to memory that may be unaligned.
1771 : *
1772 : * @param buffer The pointer to a 24-bit value that may be unaligned.
1773 : * @param value 24-bit value to write to buffer.
1774 : **/
1775 : void libspdm_write_uint24(uint8_t *buffer, uint32_t value);
1776 :
1777 : /**
1778 : * Reads a 16-bit value from memory that may be unaligned.
1779 : *
1780 : * @param buffer The pointer to a 16-bit value that may be unaligned.
1781 : *
1782 : * @return The 16-bit value read from buffer.
1783 : **/
1784 : uint16_t libspdm_read_uint16(const uint8_t *buffer);
1785 :
1786 : /**
1787 : * Writes a 16-bit value to memory that may be unaligned.
1788 : *
1789 : * @param buffer The pointer to a 16-bit value that may be unaligned.
1790 : * @param value 16-bit value to write to buffer.
1791 : **/
1792 : void libspdm_write_uint16(uint8_t *buffer, uint16_t value);
1793 :
1794 : /**
1795 : * Reads a 32-bit value from memory that may be unaligned.
1796 : *
1797 : * @param buffer The pointer to a 32-bit value that may be unaligned.
1798 : *
1799 : * @return The 32-bit value read from buffer.
1800 : **/
1801 : uint32_t libspdm_read_uint32(const uint8_t *buffer);
1802 :
1803 : /**
1804 : * Writes a 32-bit value to memory that may be unaligned.
1805 : *
1806 : * @param buffer The pointer to a 32-bit value that may be unaligned.
1807 : * @param value 32-bit value to write to buffer.
1808 : **/
1809 : void libspdm_write_uint32(uint8_t *buffer, uint32_t value);
1810 :
1811 : /**
1812 : * Reads a 64-bit value from memory that may be unaligned.
1813 : *
1814 : * @param buffer The pointer to a 64-bit value that may be unaligned.
1815 : *
1816 : * @return The 64-bit value read from buffer.
1817 : **/
1818 : uint64_t libspdm_read_uint64(const uint8_t *buffer);
1819 :
1820 : /**
1821 : * Writes a 64-bit value to memory that may be unaligned.
1822 : *
1823 : * @param buffer The pointer to a 64-bit value that may be unaligned.
1824 : * @param value 64-bit value to write to buffer.
1825 : **/
1826 : void libspdm_write_uint64(uint8_t *buffer, uint64_t value);
1827 :
1828 : /**
1829 : * Determine if bitmask has at most one bit set.
1830 : *
1831 : * @param mask The bitmask to be tested.
1832 : *
1833 : * @return true At most one bit is set.
1834 : * @return false More than one bit is set.
1835 : */
1836 362 : static inline bool libspdm_onehot0(uint32_t mask)
1837 : {
1838 362 : return !mask || !(mask & (mask - 1));
1839 : }
1840 :
1841 1 : static inline uint64_t libspdm_le_to_be_64(uint64_t value)
1842 : {
1843 1 : return (((value & 0x00000000000000ff) << 56) |
1844 1 : ((value & 0x000000000000ff00) << 40) |
1845 1 : ((value & 0x0000000000ff0000) << 24) |
1846 1 : ((value & 0x00000000ff000000) << 8) |
1847 1 : ((value & 0x000000ff00000000) >> 8) |
1848 1 : ((value & 0x0000ff0000000000) >> 24) |
1849 2 : ((value & 0x00ff000000000000) >> 40) |
1850 1 : ((value & 0xff00000000000000) >> 56));
1851 : }
1852 :
1853 : /**
1854 : * Return capability flags that are masked by the negotiated SPDM version.
1855 : *
1856 : * @param spdm_context A pointer to the SPDM context.
1857 : * @param is_request_flags If true then flags are from a request message or Requester.
1858 : * If false then flags are from a response message or Responder.
1859 : * @param flags A bitmask of capability flags.
1860 : *
1861 : * @return The masked capability flags.
1862 : */
1863 : uint32_t libspdm_mask_capability_flags(libspdm_context_t *spdm_context,
1864 : bool is_request_flags, uint32_t flags);
1865 :
1866 : /**
1867 : * Return BaseHashAlgo that is masked by the negotiated SPDM version.
1868 : *
1869 : * @param spdm_context A pointer to the SPDM context.
1870 : * @param base_hash_algo Unmasked BaseHashAlgo.
1871 : *
1872 : * @return The masked BaseHashAlgo.
1873 : */
1874 : uint32_t libspdm_mask_base_hash_algo(libspdm_context_t *spdm_context, uint32_t base_hash_algo);
1875 :
1876 : /**
1877 : * Return MeasurementHashAlgo that is masked by the negotiated SPDM version.
1878 : *
1879 : * @param spdm_context A pointer to the SPDM context.
1880 : * @param measurement_hash_algo Unmasked MeasurementHashAlgo.
1881 : *
1882 : * @return The masked MeasurementHashAlgo.
1883 : */
1884 : uint32_t libspdm_mask_measurement_hash_algo(libspdm_context_t *spdm_context,
1885 : uint32_t measurement_hash_algo);
1886 :
1887 : /**
1888 : * Return MeasurementSpecification that is masked by the negotiated SPDM version.
1889 : *
1890 : * @param spdm_context A pointer to the SPDM context.
1891 : * @param measurement_specification Unmasked MeasurementSpecification.
1892 : *
1893 : * @return The masked MeasurementSpecification.
1894 : */
1895 : uint8_t libspdm_mask_measurement_specification(libspdm_context_t *spdm_context,
1896 : uint8_t measurement_specification);
1897 :
1898 : /**
1899 : * Return MELspecification that is masked by the negotiated SPDM version.
1900 : *
1901 : * @param spdm_context A pointer to the SPDM context.
1902 : * @param mel_specification Unmasked MELspecification.
1903 : *
1904 : * @return The masked MELspecification.
1905 : */
1906 : uint8_t libspdm_mask_mel_specification(libspdm_context_t *spdm_context, uint8_t mel_specification);
1907 :
1908 : /**
1909 : * Return BaseAsymAlgo that is masked by the negotiated SPDM version.
1910 : *
1911 : * @param spdm_context A pointer to the SPDM context.
1912 : * @param base_asym_algo Unmasked BaseAsymAlgo.
1913 : *
1914 : * @return The masked BaseAsymAlgo.
1915 : */
1916 : uint32_t libspdm_mask_base_asym_algo(libspdm_context_t *spdm_context, uint32_t base_asym_algo);
1917 :
1918 : /**
1919 : * Check if the combination of SVH ID and VendorIDLen are legal.
1920 : *
1921 : * @param id Registry or standards body identifier (SPDM_REGISTRY_ID_*).
1922 : * @param vendor_id_len Length, in bytes, of the VendorID field.
1923 : *
1924 : * @retval true The ID and VendorIDLen are legal.
1925 : * @retval false The ID and VendorIDLen are illegal.
1926 : */
1927 : bool libspdm_validate_svh_vendor_id_len(uint8_t id, uint8_t vendor_id_len);
1928 :
1929 : #endif /* SPDM_COMMON_LIB_INTERNAL_H */
|
