Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #ifndef SPDM_COMMON_LIB_INTERNAL_H
8 : #define SPDM_COMMON_LIB_INTERNAL_H
9 :
10 : #include "library/spdm_common_lib.h"
11 : #include "library/spdm_secured_message_lib.h"
12 : #include "library/spdm_return_status.h"
13 : #include "library/spdm_crypt_lib.h"
14 : #include "hal/library/debuglib.h"
15 : #include "hal/library/memlib.h"
16 : #include "hal/library/requester/reqasymsignlib.h"
17 : #include "hal/library/requester/psklib.h"
18 : #include "hal/library/responder/asymsignlib.h"
19 : #include "hal/library/responder/csrlib.h"
20 : #include "hal/library/responder/measlib.h"
21 : #include "hal/library/responder/key_pair_info.h"
22 : #include "hal/library/responder/psklib.h"
23 : #include "hal/library/responder/setcertlib.h"
24 : #include "hal/library/endpointinfolib.h"
25 : #include "hal/library/eventlib.h"
26 : #include "hal/library/cryptlib.h"
27 :
28 : #define INVALID_SESSION_ID LIBSPDM_INVALID_SESSION_ID
29 : /* The SPDM specification does not limit the values of CTExponent and RDTExponent.
30 : * libspdm artificially limits their values to 31, which corresponds to approximately 35 minutes
31 : * for CT and RDT. If an endpoint takes longer than 35 minutes to generate an SPDM message then
32 : * libspdm assumes the Integrator would not want to interact with such an endpoint. A maximum value
33 : * of 31 also means that, when calculating CT and RDT, a left-shift will not result in C undefined
34 : * behavior.
35 : */
36 : #define LIBSPDM_MAX_CT_EXPONENT 31
37 : #define LIBSPDM_MAX_RDT_EXPONENT 31
38 :
39 : #define LIBSPDM_MAX_SPDM_SESSION_SEQUENCE_NUMBER 0xFFFFFFFFFFFFFFFFull
40 :
41 : typedef struct {
42 : uint8_t spdm_version_count;
43 : spdm_version_number_t spdm_version[SPDM_MAX_VERSION_COUNT];
44 : } libspdm_device_version_t;
45 :
46 : typedef struct {
47 : uint8_t ct_exponent;
48 : uint64_t rtt;
49 : uint32_t st1;
50 : uint32_t flags;
51 : uint32_t data_transfer_size;
52 : uint32_t sender_data_transfer_size;
53 : uint32_t max_spdm_msg_size;
54 : uint32_t transport_header_size;
55 : uint32_t transport_tail_size;
56 : } libspdm_device_capability_t;
57 :
58 : typedef struct {
59 : uint8_t measurement_spec;
60 : uint8_t other_params_support;
61 : uint8_t mel_spec;
62 : uint32_t measurement_hash_algo;
63 : uint32_t base_asym_algo;
64 : uint32_t base_hash_algo;
65 : uint16_t dhe_named_group;
66 : uint16_t aead_cipher_suite;
67 : uint16_t req_base_asym_alg;
68 : uint16_t key_schedule;
69 : uint32_t pqc_asym_algo;
70 : uint32_t req_pqc_asym_alg;
71 : uint32_t kem_alg;
72 : bool pqc_first;
73 : } libspdm_device_algorithm_t;
74 :
75 : typedef struct {
76 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
77 : uint8_t buffer[LIBSPDM_MAX_CERT_CHAIN_SIZE];
78 : size_t buffer_size;
79 : #else
80 : uint8_t buffer_hash[LIBSPDM_MAX_HASH_SIZE];
81 : uint32_t buffer_hash_size;
82 : /* leaf cert public key of the peer */
83 : void *leaf_cert_public_key;
84 : #endif
85 : } libspdm_peer_used_cert_chain_t;
86 :
87 : typedef struct {
88 : /* Local device info */
89 : libspdm_device_version_t version;
90 : libspdm_device_capability_t capability;
91 : libspdm_device_algorithm_t algorithm;
92 : libspdm_device_version_t secured_message_version;
93 :
94 : /* My Certificate */
95 : const void *local_cert_chain_provision[SPDM_MAX_SLOT_COUNT];
96 : size_t local_cert_chain_provision_size[SPDM_MAX_SLOT_COUNT];
97 : uint8_t local_supported_slot_mask;
98 : uint8_t cert_slot_reset_mask;
99 : spdm_key_pair_id_t local_key_pair_id[SPDM_MAX_SLOT_COUNT];
100 : spdm_certificate_info_t local_cert_info[SPDM_MAX_SLOT_COUNT];
101 : spdm_key_usage_bit_mask_t local_key_usage_bit_mask[SPDM_MAX_SLOT_COUNT];
102 : /* My raw public key (slot_id - 0xFF) */
103 : const void *local_public_key_provision;
104 : size_t local_public_key_provision_size;
105 :
106 : /* Peer Root Certificate */
107 : const void *peer_root_cert_provision[LIBSPDM_MAX_ROOT_CERT_SUPPORT];
108 : size_t peer_root_cert_provision_size[LIBSPDM_MAX_ROOT_CERT_SUPPORT];
109 : /* Peer raw public key (slot_id - 0xFF) */
110 : const void *peer_public_key_provision;
111 : size_t peer_public_key_provision_size;
112 :
113 : /* Peer Cert verify*/
114 : libspdm_verify_spdm_cert_chain_func verify_peer_spdm_cert_chain;
115 :
116 : /* Responder policy*/
117 : bool basic_mut_auth_requested;
118 : uint8_t mut_auth_requested;
119 : bool mandatory_mut_auth;
120 : uint8_t heartbeat_period;
121 :
122 : /*The device role*/
123 : bool is_requester;
124 :
125 : uint8_t total_key_pairs;
126 : } libspdm_local_context_t;
127 :
128 : typedef struct {
129 : /* Connection State */
130 : libspdm_connection_state_t connection_state;
131 :
132 : /* Peer device info (negotiated) */
133 : spdm_version_number_t version;
134 : libspdm_device_capability_t capability;
135 : libspdm_device_algorithm_t algorithm;
136 : spdm_version_number_t secured_message_version;
137 :
138 : /* Peer digests buffer */
139 : uint8_t peer_provisioned_slot_mask;
140 : uint8_t peer_supported_slot_mask;
141 : uint8_t peer_total_digest_buffer[LIBSPDM_MAX_HASH_SIZE * SPDM_MAX_SLOT_COUNT];
142 :
143 : spdm_key_pair_id_t peer_key_pair_id[SPDM_MAX_SLOT_COUNT];
144 : spdm_certificate_info_t peer_cert_info[SPDM_MAX_SLOT_COUNT];
145 : spdm_key_usage_bit_mask_t peer_key_usage_bit_mask[SPDM_MAX_SLOT_COUNT];
146 :
147 : /* Peer CertificateChain */
148 : libspdm_peer_used_cert_chain_t peer_used_cert_chain[SPDM_MAX_SLOT_COUNT];
149 : uint8_t peer_used_cert_chain_slot_id;
150 :
151 : /* Local Used CertificateChain (for responder, or requester in mut auth) */
152 : const uint8_t *local_used_cert_chain_buffer;
153 : size_t local_used_cert_chain_buffer_size;
154 : uint8_t local_used_cert_chain_slot_id;
155 :
156 : /* Specifies whether the cached negotiated state should be invalidated. (responder only)
157 : * This is a "sticky" bit wherein if it is set to 1 then it cannot be set to 0. */
158 : uint8_t end_session_attributes;
159 :
160 : /* multi-key negotiated result */
161 : bool multi_key_conn_req;
162 : bool multi_key_conn_rsp;
163 : } libspdm_connection_info_t;
164 :
165 : typedef struct {
166 : size_t max_buffer_size;
167 : size_t buffer_size;
168 : /*uint8_t buffer[max_buffer_size];*/
169 : } libspdm_managed_buffer_t;
170 :
171 : typedef struct {
172 : size_t max_buffer_size;
173 : size_t buffer_size;
174 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_VCA_BUFFER_SIZE];
175 : } libspdm_vca_managed_buffer_t;
176 :
177 : /*
178 : * +--------------------------+------------------------------------------+---------+
179 : * | DIGESTS 1.3 | 4 + (H [+ 4]) * SlotNum = [36, 548] | [1, 18] |
180 : * +--------------------------+------------------------------------------+---------+
181 : * It is for multi-key.
182 : */
183 : #define LIBSPDM_MAX_MESSAGE_D_BUFFER_SIZE (4 + \
184 : (LIBSPDM_MAX_HASH_SIZE + 4) * SPDM_MAX_SLOT_COUNT)
185 :
186 : typedef struct {
187 : size_t max_buffer_size;
188 : size_t buffer_size;
189 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_D_BUFFER_SIZE];
190 : } libspdm_message_d_managed_buffer_t;
191 :
192 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
193 :
194 : /*
195 : * +--------------------------+------------------------------------------+---------+
196 : * | GET_DIGESTS 1.3 | 4 | 1 |
197 : * | DIGESTS 1.3 | 4 + (H [+ 4]) * SlotNum = [36, 548] | [1, 18] |
198 : * +--------------------------+------------------------------------------+---------+
199 : * | GET_CERTIFICATE 1.3 | 8 | 1 |
200 : * | CERTIFICATE 1.3 | 8 + PortionLen | [1, ] |
201 : * +--------------------------+------------------------------------------+---------+
202 : */
203 : #define LIBSPDM_MAX_MESSAGE_B_BUFFER_SIZE (24 + \
204 : (LIBSPDM_MAX_HASH_SIZE + 4) * SPDM_MAX_SLOT_COUNT + \
205 : LIBSPDM_MAX_CERT_CHAIN_SIZE)
206 :
207 : /*
208 : * +--------------------------+------------------------------------------+---------+
209 : * | CHALLENGE 1.3 | 44 | 1 |
210 : * | CHALLENGE_AUTH 1.3 | 46 + H * 2 + S [+ O] = [166, 678] | [6, 23] |
211 : * +--------------------------+------------------------------------------+---------+
212 : */
213 : #define LIBSPDM_MAX_MESSAGE_C_BUFFER_SIZE (90 + \
214 : LIBSPDM_MAX_HASH_SIZE * 2 + \
215 : LIBSPDM_MAX_ASYM_KEY_SIZE + SPDM_MAX_OPAQUE_DATA_SIZE)
216 :
217 : /*
218 : * +--------------------------+------------------------------------------+---------+
219 : * | GET_MEASUREMENTS 1.3 | 13 + Nonce (0 or 32) | 1 |
220 : * | MEASUREMENTS 1.3 | 50 + MeasRecLen (+ S) [+ O] = [106, 554] | [4, 19] |
221 : * +--------------------------+------------------------------------------+---------+
222 : */
223 : #define LIBSPDM_MAX_MESSAGE_M_BUFFER_SIZE (63 + SPDM_NONCE_SIZE + \
224 : LIBSPDM_MAX_MEASUREMENT_RECORD_SIZE + \
225 : LIBSPDM_MAX_ASYM_KEY_SIZE + SPDM_MAX_OPAQUE_DATA_SIZE)
226 :
227 : /*
228 : * +--------------------------+------------------------------------------+---------+
229 : * | KEY_EXCHANGE 1.3 | 42 + D [+ O] = [106, 554] | [4, 19] |
230 : * | KEY_EXCHANGE_RSP 1.3 | 42 + D + H + S (+ H) [+ O] = [234, 1194] | [8, 40] |
231 : * +--------------------------+------------------------------------------+---------+
232 : * | PSK_EXCHANGE 1.3 | 12 [+ PSKHint] + R [+ O] = 44 | 2 |
233 : * | PSK_EXCHANGE_RSP 1.3 | 12 + R + H (+ H) [+ O] = [108, 172] | [4, 6] |
234 : * +--------------------------+------------------------------------------+---------+
235 : */
236 : #define LIBSPDM_MAX_MESSAGE_K_BUFFER_SIZE (84 + LIBSPDM_MAX_DHE_KEY_SIZE * 2 + \
237 : LIBSPDM_MAX_HASH_SIZE * 2 + LIBSPDM_MAX_ASYM_KEY_SIZE + \
238 : SPDM_MAX_OPAQUE_DATA_SIZE * 2)
239 :
240 : /*
241 : * +--------------------------+------------------------------------------+---------+
242 : * | FINISH 1.3 | 4 (+ S) + H = [100, 580] | [4, 20] |
243 : * | FINISH_RSP 1.3 | 4 (+ H) = [36, 69] | [1, 3] |
244 : * +--------------------------+------------------------------------------+---------+
245 : * | PSK_FINISH 1.3 | 4 + H = [36, 68] | [1, 3] |
246 : * | PSK_FINISH_RSP 1.3 | 4 | 1 |
247 : * +--------------------------+------------------------------------------+---------+
248 : */
249 : #define LIBSPDM_MAX_MESSAGE_F_BUFFER_SIZE (8 + LIBSPDM_MAX_HASH_SIZE * 2 + \
250 : LIBSPDM_MAX_ASYM_KEY_SIZE)
251 :
252 : /*
253 : * +--------------------------+------------------------------------------+---------+
254 : * | GET_EP_INFO 1.3 | 8 + Nonce (0 or 32) = [8, 40] | 1 |
255 : * | EP_INFO 1.3 | 12 + Nonce + EPInfoLen = [12, 1024] | [1, 25] |
256 : * +--------------------------+------------------------------------------+---------+
257 : */
258 : #define LIBSPDM_MAX_MESSAGE_E_BUFFER_SIZE (20 + SPDM_NONCE_SIZE * 2 + \
259 : LIBSPDM_MAX_ENDPOINT_INFO_LENGTH)
260 :
261 : #define LIBSPDM_MAX_MESSAGE_L1L2_BUFFER_SIZE \
262 : (LIBSPDM_MAX_MESSAGE_VCA_BUFFER_SIZE + LIBSPDM_MAX_MESSAGE_M_BUFFER_SIZE)
263 :
264 : #define LIBSPDM_MAX_MESSAGE_M1M2_BUFFER_SIZE \
265 : (LIBSPDM_MAX_MESSAGE_VCA_BUFFER_SIZE + \
266 : LIBSPDM_MAX_MESSAGE_B_BUFFER_SIZE + LIBSPDM_MAX_MESSAGE_C_BUFFER_SIZE)
267 :
268 : #define LIBSPDM_MAX_MESSAGE_TH_BUFFER_SIZE \
269 : (LIBSPDM_MAX_MESSAGE_VCA_BUFFER_SIZE + \
270 : LIBSPDM_MAX_MESSAGE_D_BUFFER_SIZE + \
271 : LIBSPDM_MAX_HASH_SIZE + LIBSPDM_MAX_MESSAGE_K_BUFFER_SIZE + \
272 : LIBSPDM_MAX_MESSAGE_D_BUFFER_SIZE + \
273 : LIBSPDM_MAX_HASH_SIZE + LIBSPDM_MAX_MESSAGE_F_BUFFER_SIZE)
274 :
275 : #define LIBSPDM_MAX_MESSAGE_IL1IL2_BUFFER_SIZE \
276 : (LIBSPDM_MAX_MESSAGE_VCA_BUFFER_SIZE + LIBSPDM_MAX_MESSAGE_E_BUFFER_SIZE)
277 :
278 : typedef struct {
279 : size_t max_buffer_size;
280 : size_t buffer_size;
281 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_B_BUFFER_SIZE];
282 : } libspdm_message_b_managed_buffer_t;
283 :
284 : typedef struct {
285 : size_t max_buffer_size;
286 : size_t buffer_size;
287 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_C_BUFFER_SIZE];
288 : } libspdm_message_c_managed_buffer_t;
289 :
290 : typedef struct {
291 : size_t max_buffer_size;
292 : size_t buffer_size;
293 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_M_BUFFER_SIZE];
294 : } libspdm_message_m_managed_buffer_t;
295 :
296 : typedef struct {
297 : size_t max_buffer_size;
298 : size_t buffer_size;
299 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_K_BUFFER_SIZE];
300 : } libspdm_message_k_managed_buffer_t;
301 :
302 : typedef struct {
303 : size_t max_buffer_size;
304 : size_t buffer_size;
305 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_F_BUFFER_SIZE];
306 : } libspdm_message_f_managed_buffer_t;
307 :
308 : typedef struct {
309 : size_t max_buffer_size;
310 : size_t buffer_size;
311 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_E_BUFFER_SIZE];
312 : } libspdm_message_e_managed_buffer_t;
313 :
314 : typedef struct {
315 : size_t max_buffer_size;
316 : size_t buffer_size;
317 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_L1L2_BUFFER_SIZE];
318 : } libspdm_l1l2_managed_buffer_t;
319 :
320 : typedef struct {
321 : size_t max_buffer_size;
322 : size_t buffer_size;
323 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_M1M2_BUFFER_SIZE];
324 : } libspdm_m1m2_managed_buffer_t;
325 :
326 : typedef struct {
327 : size_t max_buffer_size;
328 : size_t buffer_size;
329 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_IL1IL2_BUFFER_SIZE];
330 : } libspdm_il1il2_managed_buffer_t;
331 :
332 : typedef struct {
333 : size_t max_buffer_size;
334 : size_t buffer_size;
335 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_TH_BUFFER_SIZE];
336 : } libspdm_th_managed_buffer_t;
337 :
338 : #endif /* LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT */
339 :
340 : /* signature = Sign(SK, hash(M1))
341 : * Verify(PK, hash(M2), signature)*/
342 :
343 : /* M1/M2 = Concatenate (A, B, C)
344 : * A = Concatenate (GET_VERSION, VERSION, GET_CAPABILITIES, CAPABILITIES, NEGOTIATE_ALGORITHMS, ALGORITHMS)
345 : * B = Concatenate (GET_DIGEST, DIGEST, GET_CERTIFICATE, CERTIFICATE)
346 : * C = Concatenate (CHALLENGE, CHALLENGE_AUTH\signature)*/
347 :
348 : /* Mut M1/M2 = Concatenate (MutB, MutC)
349 : * MutB = Concatenate (GET_DIGEST, DIGEST, GET_CERTIFICATE, CERTIFICATE)
350 : * MutC = Concatenate (CHALLENGE, CHALLENGE_AUTH\signature)*/
351 :
352 : /* signature = Sign(SK, hash(L1))
353 : * Verify(PK, hash(L2), signature)*/
354 :
355 : /* L1/L2 = Concatenate (M)
356 : * M = Concatenate (GET_MEASUREMENT, MEASUREMENT\signature)*/
357 :
358 : /* IL1/IL2 = Concatenate (A, E)
359 : * E = Concatenate (GET_ENDPOINT_INFO, ENDPOINT_INFO\signature)*/
360 :
361 : /* Encap IL1/IL2 = Concatenate (A, Encap E)
362 : * Encap E = Concatenate (GET_ENDPOINT_INFO, ENDPOINT_INFO\signature)*/
363 :
364 : typedef struct {
365 : /* the message_a must be plan text because we do not know the algorithm yet.*/
366 : libspdm_vca_managed_buffer_t message_a;
367 : libspdm_message_d_managed_buffer_t message_d;
368 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
369 : libspdm_message_b_managed_buffer_t message_b;
370 : libspdm_message_c_managed_buffer_t message_c;
371 : libspdm_message_b_managed_buffer_t message_mut_b;
372 : libspdm_message_c_managed_buffer_t message_mut_c;
373 : libspdm_message_m_managed_buffer_t message_m;
374 : libspdm_message_e_managed_buffer_t message_e;
375 : libspdm_message_e_managed_buffer_t message_encap_e;
376 : #else
377 : void *digest_context_m1m2;
378 : void *digest_context_mut_m1m2;
379 : void *digest_context_l1l2;
380 : void *digest_context_il1il2;
381 : void *digest_context_encap_il1il2;
382 : #endif
383 : } libspdm_transcript_t;
384 :
385 : /* TH for KEY_EXCHANGE response signature: Concatenate (A, D, Ct, K)
386 : * D = DIGEST, if MULTI_KEY_CONN_RSP
387 : * Ct = certificate chain
388 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response\signature+verify_data)*/
389 :
390 : /* TH for KEY_EXCHANGE response HMAC: Concatenate (A, D, Ct, K)
391 : * D = DIGEST, if MULTI_KEY_CONN_RSP
392 : * Ct = certificate chain
393 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response\verify_data)*/
394 :
395 : /* TH for FINISH request signature: Concatenate (A, D, Ct, K, EncapD, CM, F)
396 : * D = DIGEST, if MULTI_KEY_CONN_RSP
397 : * Ct = certificate chain
398 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response)
399 : * EncapD = Encap DIGEST, if MULTI_KEY_CONN_REQ
400 : * CM = mutual certificate chain
401 : * F = Concatenate (FINISH request\signature+verify_data)*/
402 :
403 : /* TH for FINISH response HMAC: Concatenate (A, D, Ct, K, EncapD, CM, F)
404 : * D = DIGEST, if MULTI_KEY_CONN_RSP
405 : * Ct = certificate chain
406 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response)
407 : * EncapD = Encap DIGEST, if MULTI_KEY_CONN_REQ
408 : * CM = mutual certificate chain, if MutAuth
409 : * F = Concatenate (FINISH request\verify_data)*/
410 :
411 : /* th1: Concatenate (A, D, Ct, K)
412 : * D = DIGEST, if MULTI_KEY_CONN_RSP
413 : * Ct = certificate chain
414 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response)*/
415 :
416 : /* th2: Concatenate (A, D, Ct, K, EncapD, CM, F)
417 : * D = DIGEST, if MULTI_KEY_CONN_RSP
418 : * Ct = certificate chain
419 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response)
420 : * EncapD = Encap DIGEST, if MULTI_KEY_CONN_REQ
421 : * CM = mutual certificate chain, if MutAuth
422 : * F = Concatenate (FINISH request, FINISH response)*/
423 :
424 : /* TH for PSK_EXCHANGE response HMAC: Concatenate (A, K)
425 : * K = Concatenate (PSK_EXCHANGE request, PSK_EXCHANGE response\verify_data)*/
426 :
427 : /* TH for PSK_FINISH response HMAC: Concatenate (A, K, F)
428 : * K = Concatenate (PSK_EXCHANGE request, PSK_EXCHANGE response)
429 : * F = Concatenate (PSK_FINISH request\verify_data)*/
430 :
431 : /* TH1_PSK1: Concatenate (A, K)
432 : * K = Concatenate (PSK_EXCHANGE request, PSK_EXCHANGE response\verify_data)*/
433 :
434 : /* TH1_PSK2: Concatenate (A, K, F)
435 : * K = Concatenate (PSK_EXCHANGE request, PSK_EXCHANGE response)
436 : * F = Concatenate (PSK_FINISH request\verify_data)*/
437 :
438 : /* TH2_PSK: Concatenate (A, K, F)
439 : * K = Concatenate (PSK_EXCHANGE request, PSK_EXCHANGE response)
440 : * F = Concatenate (PSK_FINISH request, PSK_FINISH response)*/
441 :
442 : typedef struct {
443 : libspdm_message_d_managed_buffer_t message_encap_d;
444 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
445 : libspdm_message_k_managed_buffer_t message_k;
446 : libspdm_message_f_managed_buffer_t message_f;
447 : libspdm_message_m_managed_buffer_t message_m;
448 : libspdm_message_e_managed_buffer_t message_e;
449 : libspdm_message_e_managed_buffer_t message_encap_e;
450 : #else
451 : bool message_f_initialized;
452 : void *digest_context_th;
453 : void *digest_context_l1l2;
454 : void *digest_context_il1il2;
455 : void *digest_context_encap_il1il2;
456 : /* this is back up for message F reset.*/
457 : void *digest_context_th_backup;
458 : #endif
459 : } libspdm_session_transcript_t;
460 :
461 : typedef struct {
462 : uint32_t session_id;
463 : bool use_psk;
464 : uint8_t mut_auth_requested;
465 : uint8_t end_session_attributes;
466 : uint8_t session_policy;
467 : uint8_t heartbeat_period;
468 : libspdm_session_transcript_t session_transcript;
469 : /* Register for the last KEY_UPDATE token and operation (responder only)*/
470 : spdm_key_update_request_t last_key_update_request;
471 : void *secured_message_context;
472 : } libspdm_session_info_t;
473 :
474 : #define LIBSPDM_MAX_ENCAP_REQUEST_OP_CODE_SEQUENCE_COUNT 3
475 : typedef struct {
476 : /* Valid OpCode: GET_DIGEST/GET_CERTIFICATE/CHALLENGE/KEY_UPDATE/GET_ENDPOINT_INFO/SEND_EVENT
477 : * The last one is 0x00, as a terminator. */
478 : uint8_t request_op_code_sequence[LIBSPDM_MAX_ENCAP_REQUEST_OP_CODE_SEQUENCE_COUNT + 1];
479 : uint8_t request_op_code_count;
480 : uint8_t current_request_op_code;
481 : uint8_t request_id;
482 : uint8_t req_slot_id;
483 : spdm_message_header_t last_encap_request_header;
484 : size_t last_encap_request_size;
485 : uint32_t cert_chain_total_len;
486 : uint8_t req_context[SPDM_REQ_CONTEXT_SIZE];
487 : uint32_t session_id;
488 : bool use_large_cert_chain;
489 : } libspdm_encap_context_t;
490 :
491 : #if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP
492 : typedef struct {
493 : bool chunk_in_use;
494 : uint8_t chunk_handle;
495 : uint16_t chunk_seq_no;
496 : size_t chunk_bytes_transferred;
497 :
498 : void* large_message;
499 : size_t large_message_size;
500 : size_t large_message_capacity;
501 : } libspdm_chunk_info_t;
502 :
503 : typedef struct {
504 : libspdm_chunk_info_t send;
505 : libspdm_chunk_info_t get;
506 : } libspdm_chunk_context_t;
507 : #endif /* LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP */
508 :
509 : #if LIBSPDM_ENABLE_MSG_LOG
510 : typedef struct {
511 : void *buffer;
512 : size_t max_buffer_size;
513 : uint32_t mode;
514 : size_t buffer_size;
515 : uint32_t status;
516 : } libspdm_msg_log_t;
517 : #endif /* LIBSPDM_ENABLE_MSG_LOG */
518 :
519 : #if LIBSPDM_FIPS_MODE
520 : typedef struct {
521 : /**
522 : * Tested algo flag: 0 represents that the algo is not tested.
523 : * See LIBSPDM_FIPS_SELF_TEST_xxx;
524 : **/
525 : uint32_t tested_algo;
526 : /**
527 : * Flag for the result of run algo self_test, 0 represents the result is failed.
528 : * See LIBSPDM_FIPS_SELF_TEST_xxx;
529 : **/
530 : uint32_t self_test_result;
531 : } libspdm_fips_selftest_context_t;
532 : #endif /* LIBSPDM_FIPS_MODE */
533 :
534 : #define LIBSPDM_CONTEXT_STRUCT_VERSION 0x3
535 :
536 : typedef struct {
537 : uint32_t version;
538 :
539 : /* IO information */
540 : libspdm_device_send_message_func send_message;
541 : libspdm_device_receive_message_func receive_message;
542 :
543 : /*
544 : * reserved for request and response in the main dispatch function in SPDM responder.
545 : * this buffer is the transport message received from spdm_context->receive_message()
546 : * or sent to spdm_context->send_message().
547 : * This message may be SPDM transport message or secured SPDM transport message.
548 : **/
549 : libspdm_device_acquire_sender_buffer_func acquire_sender_buffer;
550 : libspdm_device_release_sender_buffer_func release_sender_buffer;
551 : libspdm_device_acquire_receiver_buffer_func acquire_receiver_buffer;
552 : libspdm_device_release_receiver_buffer_func release_receiver_buffer;
553 :
554 : /* Transport Layer information */
555 : libspdm_transport_encode_message_func transport_encode_message;
556 : libspdm_transport_decode_message_func transport_decode_message;
557 :
558 : /* Cached plain text command
559 : * If the command is cipher text, decrypt then cache it. */
560 : void *last_spdm_request;
561 : size_t last_spdm_request_size;
562 :
563 : /* Buffers used for data processing and transport. */
564 : void *scratch_buffer;
565 : size_t scratch_buffer_size;
566 : void *sender_buffer;
567 : size_t sender_buffer_size;
568 : void *receiver_buffer;
569 : size_t receiver_buffer_size;
570 :
571 : /* Cache session_id in this spdm_message, only valid for secured message. */
572 : uint32_t last_spdm_request_session_id;
573 : bool last_spdm_request_session_id_valid;
574 :
575 : /* Cache the error in libspdm_process_request. It is handled in libspdm_build_response. */
576 : libspdm_error_struct_t last_spdm_error;
577 :
578 : /* Register GetResponse function (responder only) */
579 : void *get_response_func;
580 :
581 : /* Register GetEncapResponse function (requester only) */
582 : void *get_encap_response_func;
583 : libspdm_encap_context_t encap_context;
584 :
585 : /* Register spdm_session_state_callback function (responder only)
586 : * Register can know the state after StartSession / EndSession. */
587 : void *spdm_session_state_callback;
588 :
589 : /* Register spdm_connection_state_callback function (responder only)
590 : * Register can know the connection state such as negotiated. */
591 : void *spdm_connection_state_callback;
592 :
593 : /* Register libspdm_key_update_callback function (responder only)
594 : * Register can know when session keys are updated during KEY_UPDATE operations. */
595 : void *spdm_key_update_callback;
596 :
597 : libspdm_local_context_t local_context;
598 :
599 : libspdm_connection_info_t connection_info;
600 : libspdm_transcript_t transcript;
601 :
602 : libspdm_session_info_t session_info[LIBSPDM_MAX_SESSION_COUNT];
603 :
604 : /* Buffer that the Responder uses to store the Requester's certificate chain for
605 : * mutual authentication. */
606 : void *mut_auth_cert_chain_buffer;
607 : size_t mut_auth_cert_chain_buffer_size;
608 : size_t mut_auth_cert_chain_buffer_max_size;
609 :
610 : /* Cache latest session ID for HANDSHAKE_IN_THE_CLEAR */
611 : uint32_t latest_session_id;
612 :
613 : /* Register for Responder state, be initial to Normal (responder only) */
614 : libspdm_response_state_t response_state;
615 :
616 : /* Cached data for SPDM_ERROR_CODE_RESPONSE_NOT_READY/SPDM_RESPOND_IF_READY */
617 : spdm_error_data_response_not_ready_t error_data;
618 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
619 : void *cache_spdm_request;
620 : size_t cache_spdm_request_size;
621 : #endif
622 : uint8_t current_token;
623 :
624 : /* Register for the retry times when receive "BUSY" Error response (requester only) */
625 : uint8_t retry_times;
626 : /* Register for the delay time in microseconds between retry requests
627 : * when receive "BUSY" Error response (requester only) */
628 : uint64_t retry_delay_time;
629 : bool crypto_request;
630 :
631 : /* App context data for use by application */
632 : void *app_context_data_ptr;
633 :
634 : /* See LIBSPDM_DATA_HANDLE_ERROR_RETURN_POLICY_*. */
635 : uint8_t handle_error_return_policy;
636 :
637 : /* Max session count for DHE session and PSK session
638 : * Set via LIBSPDM_DATA_MAX_DHE_SESSION_COUNT and LIBSPDM_DATA_MAX_PSK_SESSION_COUNT */
639 : uint32_t max_dhe_session_count;
640 : uint32_t max_psk_session_count;
641 :
642 : /* Current session count for DHE session and PSK session */
643 : uint32_t current_dhe_session_count;
644 : uint32_t current_psk_session_count;
645 :
646 : /* see LIBSPDM_DATA_MAX_SPDM_SESSION_SEQUENCE_NUMBER */
647 : uint64_t max_spdm_session_sequence_number;
648 :
649 : uint8_t sequence_number_endian;
650 :
651 : #if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP
652 : /* Chunk specific context */
653 : libspdm_chunk_context_t chunk_context;
654 : #endif /* LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP */
655 :
656 : #if LIBSPDM_ENABLE_MSG_LOG
657 : libspdm_msg_log_t msg_log;
658 : #endif /* LIBSPDM_ENABLE_MSG_LOG */
659 :
660 : #if LIBSPDM_FIPS_MODE
661 : libspdm_fips_selftest_context_t fips_selftest_context;
662 : #endif /* LIBSPDM_FIPS_MODE */
663 :
664 : /* Endianness (BE/LE/Both) to use for signature verification on SPDM 1.0 and 1.1
665 : * This field is ignored for other SPDM versions */
666 : uint8_t spdm_10_11_verify_signature_endian;
667 :
668 : #if LIBSPDM_ENABLE_VENDOR_DEFINED_MESSAGES
669 : libspdm_vendor_response_callback_func vendor_response_callback;
670 : libspdm_vendor_get_id_callback_func vendor_response_get_id;
671 : #endif /* LIBSPDM_ENABLE_VENDOR_DEFINED_MESSAGES */
672 :
673 : #if LIBSPDM_EVENT_RECIPIENT_SUPPORT
674 : libspdm_process_event_func process_event;
675 : #endif /* LIBSPDM_EVENT_RECIPIENT_SUPPORT */
676 :
677 : #if (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (LIBSPDM_SEND_GET_ENDPOINT_INFO_SUPPORT)
678 : libspdm_get_endpoint_info_callback_func get_endpoint_info_callback;
679 : #endif /* (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (LIBSPDM_SEND_GET_ENDPOINT_INFO_SUPPORT) */
680 : } libspdm_context_t;
681 :
682 : #define LIBSPDM_CONTEXT_SIZE_WITHOUT_SECURED_CONTEXT (sizeof(libspdm_context_t))
683 : #define LIBSPDM_CONTEXT_SIZE_ALL (LIBSPDM_CONTEXT_SIZE_WITHOUT_SECURED_CONTEXT + \
684 : LIBSPDM_SECURED_MESSAGE_CONTEXT_SIZE * LIBSPDM_MAX_SESSION_COUNT)
685 :
686 : #if LIBSPDM_DEBUG_PRINT_ENABLE
687 : /**
688 : * Return the request code name based on given request code.
689 : *
690 : * @param request_code The SPDM request code.
691 : *
692 : * @return request code name according to the request code.
693 : **/
694 : const char *libspdm_get_code_str(uint8_t request_code);
695 :
696 : #ifdef LIBSPDM_INTERNAL_DUMP_HEX_STR_OVERRIDE
697 : extern void LIBSPDM_INTERNAL_DUMP_HEX_STR_OVERRIDE(const uint8_t *data, size_t size);
698 : #define LIBSPDM_INTERNAL_DUMP_HEX_STR(data, size) LIBSPDM_INTERNAL_DUMP_HEX_STR_OVERRIDE(data, size)
699 : #else
700 : /**
701 : * This function dump raw data.
702 : *
703 : * @param data raw data
704 : * @param size raw data size
705 : **/
706 : void libspdm_internal_dump_hex_str(const uint8_t *data, size_t size);
707 : #define LIBSPDM_INTERNAL_DUMP_HEX_STR(data, size) libspdm_internal_dump_hex_str(data, size)
708 : #endif /* LIBSPDM_INTERNAL_DUMP_HEX_STR_OVERRIDE */
709 :
710 : #ifdef LIBSPDM_INTERNAL_DUMP_DATA_OVERRIDE
711 : extern void LIBSPDM_INTERNAL_DUMP_DATA_OVERRIDE(const uint8_t *data, size_t size);
712 : #define LIBSPDM_INTERNAL_DUMP_DATA(data, size) LIBSPDM_INTERNAL_DUMP_DATA_OVERRIDE(data, size)
713 : #else
714 : /**
715 : * This function dump raw data.
716 : *
717 : * @param data raw data
718 : * @param size raw data size
719 : **/
720 : void libspdm_internal_dump_data(const uint8_t *data, size_t size);
721 : #define LIBSPDM_INTERNAL_DUMP_DATA(data, size) libspdm_internal_dump_data(data, size)
722 : #endif /* LIBSPDM_INTERNAL_DUMP_DATA_OVERRIDE */
723 :
724 : #ifdef LIBSPDM_INTERNAL_DUMP_HEX_OVERRIDE
725 : extern void LIBSPDM_INTERNAL_DUMP_HEX_OVERRIDE(const uint8_t *data, size_t size);
726 : #define LIBSPDM_INTERNAL_DUMP_HEX(data, size) LIBSPDM_INTERNAL_DUMP_HEX_OVERRIDE(data, size)
727 : #else
728 : /**
729 : * This function dump raw data with column format.
730 : *
731 : * @param data raw data
732 : * @param size raw data size
733 : **/
734 : void libspdm_internal_dump_hex(const uint8_t *data, size_t size);
735 : #define LIBSPDM_INTERNAL_DUMP_HEX(data, size) libspdm_internal_dump_hex(data, size)
736 : #endif /* LIBSPDM_INTERNAL_DUMP_HEX_OVERRIDE */
737 :
738 : #else /* LIBSPDM_DEBUG_PRINT_ENABLE */
739 : #define LIBSPDM_INTERNAL_DUMP_HEX(data, size)
740 : #define LIBSPDM_INTERNAL_DUMP_HEX_STR(data, size)
741 : #define LIBSPDM_INTERNAL_DUMP_DATA(data, size)
742 : #endif /* LIBSPDM_DEBUG_PRINT_ENABLE */
743 :
744 : /* Required scratch buffer size for libspdm internal usage.
745 : * It may be used to hold the encrypted/decrypted message and/or last sent/received message.
746 : * It may be used to hold the large request/response and intermediate send/receive buffer
747 : * in case of chunking.
748 : *
749 : * If chunking is not supported, it should be at least below.
750 : * +--------------------------+-----------------+-----------------+
751 : * | SENDER_RECEIVER |MAX_SPDM_MSG_SIZE|MAX_SPDM_MSG_SIZE|
752 : * +--------------------------+-----------------+-----------------+
753 : * |<-Snd/Rcv buf for chunk ->|<-last request ->|<-cache request->|
754 : *
755 : *
756 : * If chunking is supported, it should be at least below.
757 : * +---------------+--------------+--------------------------+------------------------------+-----------------+-----------------+
758 : * |SECURE_MESSAGE |LARGE_MESSAGE | SENDER_RECEIVER | LARGE SENDER_RECEIVER |MAX_SPDM_MSG_SIZE|MAX_SPDM_MSG_SIZE|
759 : * +---------------+--------------+--------------------------+------------------------------+-----------------+-----------------+
760 : * |<-Secure msg ->|<-Large msg ->|<-Snd/Rcv buf for chunk ->|<-Snd/Rcv buf for large msg ->|<-last request ->|<-cache request->|
761 : *
762 : *
763 : * The value is configurable based on max_spdm_msg_size.
764 : * The value MAY be changed in different libspdm version.
765 : * It is exposed here, just in case the libspdm consumer wants to configure the setting at build time.
766 : */
767 : #if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP
768 : /* first section */
769 : uint32_t libspdm_get_scratch_buffer_secure_message_offset(libspdm_context_t *spdm_context);
770 : uint32_t libspdm_get_scratch_buffer_secure_message_capacity(libspdm_context_t *spdm_context);
771 :
772 : /* second section */
773 : uint32_t libspdm_get_scratch_buffer_large_message_offset(libspdm_context_t *spdm_context);
774 : uint32_t libspdm_get_scratch_buffer_large_message_capacity(libspdm_context_t *spdm_context);
775 : #endif
776 :
777 : /* third section */
778 : uint32_t libspdm_get_scratch_buffer_sender_receiver_offset(libspdm_context_t *spdm_context);
779 : uint32_t libspdm_get_scratch_buffer_sender_receiver_capacity(libspdm_context_t *spdm_context);
780 :
781 : #if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP
782 : /* fourth section */
783 : uint32_t libspdm_get_scratch_buffer_large_sender_receiver_offset(libspdm_context_t *spdm_context);
784 : uint32_t libspdm_get_scratch_buffer_large_sender_receiver_capacity(libspdm_context_t *spdm_context);
785 : #endif
786 :
787 : /* fifth section */
788 : uint32_t libspdm_get_scratch_buffer_last_spdm_request_offset(libspdm_context_t *spdm_context);
789 : uint32_t libspdm_get_scratch_buffer_last_spdm_request_capacity(libspdm_context_t *spdm_context);
790 :
791 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
792 : /* sixth section */
793 : uint32_t libspdm_get_scratch_buffer_cache_spdm_request_offset(libspdm_context_t *spdm_context);
794 : uint32_t libspdm_get_scratch_buffer_cache_spdm_request_capacity(libspdm_context_t *spdm_context);
795 : #endif
796 :
797 : /* combination */
798 : uint32_t libspdm_get_scratch_buffer_capacity(libspdm_context_t *spdm_context);
799 :
800 : /**
801 : * Append a new data buffer to the managed buffer.
802 : *
803 : * @param managed_buffer The managed buffer to be appended.
804 : * @param buffer The address of the data buffer to be appended to the managed buffer.
805 : * @param buffer_size The size in bytes of the data buffer to be appended to the managed buffer.
806 : *
807 : * @retval RETURN_SUCCESS The new data buffer is appended to the managed buffer.
808 : * @retval RETURN_BUFFER_TOO_SMALL The managed buffer is too small to be appended.
809 : **/
810 : libspdm_return_t libspdm_append_managed_buffer(void *managed_buffer,
811 : const void *buffer, size_t buffer_size);
812 :
813 : /**
814 : * Reset the managed buffer.
815 : * The buffer_size is reset to 0.
816 : * The max_buffer_size is unchanged.
817 : * The buffer is not freed.
818 : *
819 : * @param managed_buffer The managed buffer.
820 : **/
821 : void libspdm_reset_managed_buffer(void *managed_buffer);
822 :
823 : /**
824 : * Return the size of managed buffer.
825 : *
826 : * @param managed_buffer The managed buffer.
827 : *
828 : * @return the size of managed buffer.
829 : **/
830 : size_t libspdm_get_managed_buffer_size(void *managed_buffer);
831 :
832 : /**
833 : * Return the address of managed buffer.
834 : *
835 : * @param managed_buffer The managed buffer.
836 : *
837 : * @return the address of managed buffer.
838 : **/
839 : void *libspdm_get_managed_buffer(void *managed_buffer);
840 :
841 : /**
842 : * Init the managed buffer.
843 : *
844 : * @param managed_buffer The managed buffer.
845 : * @param max_buffer_size The maximum size in bytes of the managed buffer.
846 : **/
847 : void libspdm_init_managed_buffer(void *managed_buffer, size_t max_buffer_size);
848 :
849 : /**
850 : * Reset message buffer in SPDM context according to request code.
851 : *
852 : * @param spdm_context A pointer to the SPDM context.
853 : * @param spdm_session_info A pointer to the SPDM session context.
854 : * @param spdm_request The SPDM request code.
855 : */
856 : void libspdm_reset_message_buffer_via_request_code(void *context, void *session_info,
857 : uint8_t request_code);
858 :
859 : /**
860 : * This function initializes the session info.
861 : *
862 : * @param spdm_context A pointer to the SPDM context.
863 : * @param session_id The SPDM session ID.
864 : **/
865 : void libspdm_session_info_init(libspdm_context_t *spdm_context,
866 : libspdm_session_info_t *session_info,
867 : uint32_t session_id, bool use_psk);
868 :
869 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
870 : /**
871 : * Set the psk_hint to a session info.
872 : *
873 : * @param session_info A pointer to a session info.
874 : * @param psk_hint Indicate the PSK hint.
875 : * @param psk_hint_size The size in bytes of the PSK hint.
876 : */
877 : void libspdm_session_info_set_psk_hint(libspdm_session_info_t *session_info,
878 : const void *psk_hint,
879 : size_t psk_hint_size);
880 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
881 :
882 : /**
883 : * This function returns if a given version is supported based upon the GET_VERSION/VERSION.
884 : *
885 : * @param spdm_context A pointer to the SPDM context.
886 : * @param version The SPDM version.
887 : *
888 : * @retval true the version is supported.
889 : * @retval false the version is not supported.
890 : **/
891 : bool libspdm_is_version_supported(const libspdm_context_t *spdm_context, uint8_t version);
892 :
893 : /**
894 : * This function returns connection version negotiated by GET_VERSION/VERSION.
895 : *
896 : * @param spdm_context A pointer to the SPDM context.
897 : *
898 : * @return the connection version.
899 : **/
900 : uint8_t libspdm_get_connection_version(const libspdm_context_t *spdm_context);
901 :
902 : /**
903 : * This function returns if a capabilities flag is supported in current SPDM connection.
904 : *
905 : * @param spdm_context A pointer to the SPDM context.
906 : * @param is_requester Is the function called from a requester.
907 : * @param requester_capabilities_flag The requester capabilities flag to be checked
908 : * @param responder_capabilities_flag The responder capabilities flag to be checked
909 : *
910 : * @retval true the capabilities flag is supported.
911 : * @retval false the capabilities flag is not supported.
912 : **/
913 : bool libspdm_is_capabilities_flag_supported(const libspdm_context_t *spdm_context,
914 : bool is_requester,
915 : uint32_t requester_capabilities_flag,
916 : uint32_t responder_capabilities_flag);
917 :
918 : /**
919 : * Checks the negotiated SPDM version and endpoint capabilities to determine if encapsulated
920 : * messages are supported or not.
921 : *
922 : * @param spdm_context A pointer to the SPDM context.
923 : *
924 : * @retval true Both endpoints support encapsulated messages.
925 : * @retval false At least one endpoint does not support encapsulated messages.
926 : **/
927 : bool libspdm_is_encap_supported(const libspdm_context_t *spdm_context);
928 :
929 : /**
930 : * This function generates the certificate chain hash.
931 : *
932 : * @param spdm_context A pointer to the SPDM context.
933 : * @param slot_id The slot index of the certificate chain.
934 : * @param signature The buffer to store the certificate chain hash.
935 : *
936 : * @retval true certificate chain hash is generated.
937 : * @retval false certificate chain hash is not generated.
938 : **/
939 : bool libspdm_generate_cert_chain_hash(libspdm_context_t *spdm_context,
940 : size_t slot_id, uint8_t *hash);
941 :
942 : /**
943 : * This function generates the public key hash.
944 : *
945 : * @param spdm_context A pointer to the SPDM context.
946 : * @param hash The buffer to store the public key hash.
947 : *
948 : * @retval true public key hash is generated.
949 : * @retval false public key hash is not generated.
950 : **/
951 : bool libspdm_generate_public_key_hash(libspdm_context_t *spdm_context,
952 : uint8_t *hash);
953 :
954 : /**
955 : * This function verifies the integrity of peer certificate chain buffer including
956 : * spdm_cert_chain_t header.
957 : *
958 : * @param spdm_context A pointer to the SPDM context.
959 : * @param cert_chain_buffer Certificate chain buffer including spdm_cert_chain_t header.
960 : * @param cert_chain_buffer_size size in bytes of the certificate chain buffer.
961 : *
962 : * @retval true Peer certificate chain buffer integrity verification passed.
963 : * @retval false Peer certificate chain buffer integrity verification failed.
964 : **/
965 : bool libspdm_verify_peer_cert_chain_buffer_integrity(libspdm_context_t *spdm_context,
966 : const void *cert_chain_buffer,
967 : size_t cert_chain_buffer_size);
968 :
969 : /**
970 : * This function verifies peer certificate chain authority.
971 : *
972 : * @param spdm_context A pointer to the SPDM context.
973 : * @param cert_chain_buffer Certificate chain buffer including spdm_cert_chain_t header.
974 : * @param cert_chain_buffer_size size in bytes of the certificate chain buffer.
975 : * @param trust_anchor A buffer to hold the trust_anchor which is used to validate the peer certificate, if not NULL.
976 : * @param trust_anchor_size A buffer to hold the trust_anchor_size, if not NULL.
977 : *
978 : * @retval true Peer certificate chain buffer authority verification passed.
979 : * Or there is no root_cert in local_context.
980 : * @retval false Peer certificate chain buffer authority verification failed.
981 : **/
982 : bool libspdm_verify_peer_cert_chain_buffer_authority(libspdm_context_t *spdm_context,
983 : const void *cert_chain_buffer,
984 : size_t cert_chain_buffer_size,
985 : const void **trust_anchor,
986 : size_t *trust_anchor_size);
987 : /**
988 : * This function generates the challenge signature based upon m1m2 for authentication.
989 : *
990 : * @param spdm_context A pointer to the SPDM context.
991 : * @param is_requester Indicate of the signature generation for a requester or a responder.
992 : * @param signature The buffer to store the challenge signature.
993 : *
994 : * @retval true challenge signature is generated.
995 : * @retval false challenge signature is not generated.
996 : **/
997 : bool libspdm_generate_challenge_auth_signature(libspdm_context_t *spdm_context,
998 : bool is_requester,
999 : uint8_t *signature);
1000 :
1001 : /**
1002 : * This function verifies the certificate chain hash.
1003 : *
1004 : * @param spdm_context A pointer to the SPDM context.
1005 : * @param certificate_chain_hash The certificate chain hash data buffer.
1006 : * @param certificate_chain_hash_size size in bytes of the certificate chain hash data buffer.
1007 : *
1008 : * @retval true hash verification pass.
1009 : * @retval false hash verification fail.
1010 : **/
1011 : bool libspdm_verify_certificate_chain_hash(libspdm_context_t *spdm_context,
1012 : const void *certificate_chain_hash,
1013 : size_t certificate_chain_hash_size);
1014 :
1015 : /**
1016 : * This function verifies the public key hash.
1017 : *
1018 : * @param spdm_context A pointer to the SPDM context.
1019 : * @param public_key_hash The public key hash data buffer.
1020 : * @param public_key_hash_size size in bytes of the public key hash data buffer.
1021 : *
1022 : * @retval true hash verification pass.
1023 : * @retval false hash verification fail.
1024 : **/
1025 : bool libspdm_verify_public_key_hash(libspdm_context_t *spdm_context,
1026 : const void *public_key_hash,
1027 : size_t public_key_hash_size);
1028 :
1029 : /**
1030 : * This function verifies the challenge signature based upon m1m2.
1031 : *
1032 : * @param spdm_context A pointer to the SPDM context.
1033 : * @param is_requester Indicate of the signature verification for a requester or a responder.
1034 : * @param sign_data The signature data buffer.
1035 : * @param sign_data_size size in bytes of the signature data buffer.
1036 : *
1037 : * @retval true signature verification pass.
1038 : * @retval false signature verification fail.
1039 : **/
1040 : bool libspdm_verify_challenge_auth_signature(libspdm_context_t *spdm_context,
1041 : bool is_requester,
1042 : const void *sign_data,
1043 : size_t sign_data_size);
1044 :
1045 : /**
1046 : * This function calculate the measurement summary hash size.
1047 : *
1048 : * @param spdm_context A pointer to the SPDM context.
1049 : * @param is_requester Is the function called from a requester.
1050 : * @param measurement_summary_hash_type The type of the measurement summary hash.
1051 : *
1052 : * @return 0 measurement summary hash type is invalid, NO_MEAS hash type or no MEAS capabilities.
1053 : * @return measurement summary hash size according to type.
1054 : **/
1055 : uint32_t libspdm_get_measurement_summary_hash_size(libspdm_context_t *spdm_context,
1056 : bool is_requester,
1057 : uint8_t measurement_summary_hash_type);
1058 :
1059 : /**
1060 : * This function generates the endpoint info signature based upon il1il2 for authentication.
1061 : *
1062 : * @param spdm_context A pointer to the SPDM context.
1063 : * @param session_info A pointer to the SPDM session context.
1064 : * @param is_requester Indicate of the signature generation for a requester or a responder.
1065 : * @param signature The buffer to store the endpoint info signature.
1066 : *
1067 : * @retval true challenge signature is generated.
1068 : * @retval false challenge signature is not generated.
1069 : **/
1070 : bool libspdm_generate_endpoint_info_signature(libspdm_context_t *spdm_context,
1071 : libspdm_session_info_t *session_info,
1072 : bool is_requester,
1073 : uint8_t *signature);
1074 :
1075 : /**
1076 : * This function verifies the challenge signature based upon m1m2.
1077 : *
1078 : * @param spdm_context A pointer to the SPDM context.
1079 : * @param session_info A pointer to the SPDM session context.
1080 : * @param is_requester Indicate of the signature verification for a requester or a responder.
1081 : * @param sign_data The signature data buffer.
1082 : * @param sign_data_size size in bytes of the signature data buffer.
1083 : *
1084 : * @retval true signature verification pass.
1085 : * @retval false signature verification fail.
1086 : **/
1087 : bool libspdm_verify_endpoint_info_signature(libspdm_context_t *spdm_context,
1088 : libspdm_session_info_t *session_info,
1089 : bool is_requester,
1090 : const void *sign_data,
1091 : size_t sign_data_size);
1092 :
1093 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1094 : /*
1095 : * This function calculates l1l2.
1096 : * If session_info is NULL, this function will use M cache of SPDM context,
1097 : * else will use M cache of SPDM session context.
1098 : *
1099 : * @param spdm_context A pointer to the SPDM context.
1100 : * @param session_info A pointer to the SPDM session context.
1101 : * @param l1l2 The buffer to store the l1l2.
1102 : *
1103 : * @retval RETURN_SUCCESS l1l2 is calculated.
1104 : */
1105 : bool libspdm_calculate_l1l2(libspdm_context_t *spdm_context,
1106 : void *session_info,
1107 : libspdm_l1l2_managed_buffer_t *l1l2);
1108 : #else
1109 : /*
1110 : * This function calculates l1l2 hash.
1111 : * If session_info is NULL, this function will use M cache of SPDM context,
1112 : * else will use M cache of SPDM session context.
1113 : *
1114 : * @param spdm_context A pointer to the SPDM context.
1115 : * @param session_info A pointer to the SPDM session context.
1116 : * @param l1l2_hash_size size in bytes of the l1l2 hash
1117 : * @param l1l2_hash The buffer to store the l1l2 hash
1118 : *
1119 : * @retval RETURN_SUCCESS l1l2 is calculated.
1120 : */
1121 : bool libspdm_calculate_l1l2_hash(libspdm_context_t *spdm_context,
1122 : void *session_info,
1123 : size_t *l1l2_hash_size, void *l1l2_hash);
1124 : #endif /* LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT */
1125 :
1126 : /**
1127 : * Get element from multi element opaque data by element id.
1128 : *
1129 : * This function should be called in
1130 : * libspdm_process_opaque_data_supported_version_data/libspdm_process_opaque_data_version_selection_data.
1131 : *
1132 : * @param[in] data_in_size Size of multi element opaque data.
1133 : * @param[in] data_in A pointer to the multi element opaque data.
1134 : * @param[in] element_id Element id.
1135 : * @param[in] sm_data_id ID for the Secured Message data type.
1136 : * @param[out] get_element_ptr Pointer to store found element.
1137 : *
1138 : * @retval true Get element successfully
1139 : * @retval false Get element failed
1140 : **/
1141 : bool libspdm_get_element_from_opaque_data(libspdm_context_t *spdm_context,
1142 : size_t data_in_size, const void *data_in,
1143 : uint8_t element_id, uint8_t sm_data_id,
1144 : const void **get_element_ptr, size_t *get_element_len);
1145 :
1146 : /**
1147 : * Process general opaque data check
1148 : *
1149 : * @param data_in_size size in bytes of the data_in.
1150 : * @param data_in A pointer to the buffer to store the opaque data version selection.
1151 : *
1152 : * @retval true check opaque data successfully
1153 : * @retval false check opaque data failed
1154 : **/
1155 : bool libspdm_process_general_opaque_data_check(libspdm_context_t *spdm_context,
1156 : size_t data_in_size,
1157 : const void *data_in);
1158 :
1159 : /**
1160 : * Return the size in bytes of opaque data supported version.
1161 : *
1162 : * This function should be called in libspdm_process_opaque_data_supported_version_data.
1163 : *
1164 : * @param version_count Secure version count.
1165 : *
1166 : * @return The size in bytes of opaque data supported version.
1167 : **/
1168 : size_t libspdm_get_untrusted_opaque_data_supported_version_data_size(
1169 : libspdm_context_t *spdm_context, uint8_t version_count);
1170 :
1171 : /**
1172 : * Return the size in bytes of opaque data supported version.
1173 : *
1174 : * This function should be called in KEY_EXCHANGE/PSK_EXCHANGE request generation.
1175 : *
1176 : * @return the size in bytes of opaque data supported version.
1177 : **/
1178 : size_t libspdm_get_opaque_data_supported_version_data_size(libspdm_context_t *spdm_context);
1179 :
1180 : /**
1181 : * Return the size in bytes of opaque data version selection.
1182 : *
1183 : * This function should be called in KEY_EXCHANGE/PSK_EXCHANGE response generation.
1184 : *
1185 : * @return the size in bytes of opaque data version selection.
1186 : **/
1187 : size_t libspdm_get_opaque_data_version_selection_data_size(const libspdm_context_t *spdm_context);
1188 :
1189 : /**
1190 : * Return the SPDMversion field of the version number struct.
1191 : *
1192 : * @param ver Spdm version number struct.
1193 : *
1194 : * @return the SPDMversion of the version number struct.
1195 : **/
1196 : uint8_t libspdm_get_version_from_version_number(const spdm_version_number_t ver);
1197 :
1198 : /**
1199 : * Sort SPDMversion in descending order.
1200 : *
1201 : * @param spdm_context A pointer to the SPDM context.
1202 : * @param ver_set A pointer to the version set.
1203 : * @param ver_num Version number.
1204 : */
1205 : void libspdm_version_number_sort(spdm_version_number_t *ver_set, size_t ver_num);
1206 :
1207 : /**
1208 : * Negotiate SPDMversion for connection.
1209 : * ver_set is the local version set of requester, res_ver_set is the version set of responder.
1210 : *
1211 : * @param common_version A pointer to store the common version.
1212 : * @param req_ver_set A pointer to the requester version set.
1213 : * @param req_ver_num Version number of requester.
1214 : * @param res_ver_set A pointer to the responder version set.
1215 : * @param res_ver_num Version number of responder.
1216 : *
1217 : * @retval true Negotiation successfully, connect version be saved to common_version.
1218 : * @retval false Negotiation failed.
1219 : */
1220 : bool libspdm_negotiate_connection_version(spdm_version_number_t *common_version,
1221 : spdm_version_number_t *req_ver_set,
1222 : size_t req_ver_num,
1223 : const spdm_version_number_t *res_ver_set,
1224 : size_t res_ver_num);
1225 :
1226 : /**
1227 : * Acquire a device sender buffer for transport layer message.
1228 : *
1229 : * @param context A pointer to the SPDM context.
1230 : * @param max_msg_size size in bytes of the maximum size of sender buffer.
1231 : * @param msg_buf_ptr A pointer to a sender buffer.
1232 : *
1233 : * @retval RETURN_SUCCESS The sender buffer is acquired.
1234 : **/
1235 : libspdm_return_t libspdm_acquire_sender_buffer (
1236 : libspdm_context_t *spdm_context, size_t *max_msg_size, void **msg_buf_ptr);
1237 :
1238 : /**
1239 : * Release a device sender buffer for transport layer message.
1240 : *
1241 : * @param context A pointer to the SPDM context.
1242 : *
1243 : * @retval RETURN_SUCCESS The sender buffer is Released.
1244 : **/
1245 : void libspdm_release_sender_buffer (libspdm_context_t *spdm_context);
1246 :
1247 : /**
1248 : * Get the sender buffer.
1249 : *
1250 : * @param context A pointer to the SPDM context.
1251 : * @param sender_buffer Buffer address of the sender buffer.
1252 : * @param sender_buffer_size Size of the sender buffer.
1253 : *
1254 : **/
1255 : void libspdm_get_sender_buffer (
1256 : libspdm_context_t *spdm_context,
1257 : void **sender_buffer,
1258 : size_t *sender_buffer_size);
1259 :
1260 : /**
1261 : * Acquire a device receiver buffer for transport layer message.
1262 : *
1263 : * @param context A pointer to the SPDM context.
1264 : * @param max_msg_size size in bytes of the maximum size of receiver buffer.
1265 : * @param msg_buf_pt A pointer to a receiver buffer.
1266 : *
1267 : * @retval RETURN_SUCCESS The receiver buffer is acquired.
1268 : **/
1269 : libspdm_return_t libspdm_acquire_receiver_buffer (
1270 : libspdm_context_t *spdm_context, size_t *max_msg_size, void **msg_buf_ptr);
1271 :
1272 : /**
1273 : * Release a device receiver buffer for transport layer message.
1274 : *
1275 : * @param context A pointer to the SPDM context.
1276 : *
1277 : * @retval RETURN_SUCCESS The receiver buffer is Released.
1278 : **/
1279 : void libspdm_release_receiver_buffer (libspdm_context_t *spdm_context);
1280 :
1281 : /**
1282 : * Get the receiver buffer.
1283 : *
1284 : * @param context A pointer to the SPDM context.
1285 : * @param receiver_buffer Buffer address of the receiver buffer.
1286 : * @param receiver_buffer_size Size of the receiver buffer.
1287 : *
1288 : **/
1289 : void libspdm_get_receiver_buffer (
1290 : libspdm_context_t *spdm_context,
1291 : void **receiver_buffer,
1292 : size_t *receiver_buffer_size);
1293 :
1294 : /**
1295 : * Get the certificate slot mask
1296 : *
1297 : * @param[in] context A pointer to the SPDM context.
1298 : *
1299 : * @retval slot_mask get slot mask
1300 : **/
1301 : uint8_t libspdm_get_cert_slot_mask (libspdm_context_t *spdm_context);
1302 :
1303 : /**
1304 : * Get the certificate slot count
1305 : *
1306 : * @param[in] context A pointer to the SPDM context.
1307 : *
1308 : * @retval slot_count get slot count
1309 : **/
1310 : uint8_t libspdm_get_cert_slot_count(libspdm_context_t *spdm_context);
1311 :
1312 : #if LIBSPDM_ENABLE_MSG_LOG
1313 : void libspdm_append_msg_log(libspdm_context_t *spdm_context, void *message, size_t message_size);
1314 : #endif
1315 :
1316 : /**
1317 : * Reset message A cache in SPDM context.
1318 : *
1319 : * @param spdm_context A pointer to the SPDM context.
1320 : **/
1321 : void libspdm_reset_message_a(libspdm_context_t *spdm_context);
1322 :
1323 : /**
1324 : * Reset message D cache in SPDM context.
1325 : *
1326 : * @param spdm_context A pointer to the SPDM context.
1327 : * @param spdm_session_info A pointer to the SPDM session context.
1328 : **/
1329 : void libspdm_reset_message_d(libspdm_context_t *spdm_context);
1330 :
1331 : /**
1332 : * Reset message B cache in SPDM context.
1333 : *
1334 : * @param spdm_context A pointer to the SPDM context.
1335 : **/
1336 : void libspdm_reset_message_b(libspdm_context_t *spdm_context);
1337 :
1338 : /**
1339 : * Reset message C cache in SPDM context.
1340 : *
1341 : * @param spdm_context A pointer to the SPDM context.
1342 : **/
1343 : void libspdm_reset_message_c(libspdm_context_t *spdm_context);
1344 :
1345 : /**
1346 : * Reset message MutB cache in SPDM context.
1347 : *
1348 : * @param spdm_context A pointer to the SPDM context.
1349 : **/
1350 : void libspdm_reset_message_mut_b(libspdm_context_t *spdm_context);
1351 :
1352 : /**
1353 : * Reset message MutC cache in SPDM context.
1354 : *
1355 : * @param spdm_context A pointer to the SPDM context.
1356 : **/
1357 : void libspdm_reset_message_mut_c(libspdm_context_t *spdm_context);
1358 :
1359 : /**
1360 : * Reset message M cache in SPDM context.
1361 : * If session_info is NULL, this function will use M cache of SPDM context,
1362 : * else will use M cache of SPDM session context.
1363 : *
1364 : * @param spdm_context A pointer to the SPDM context.
1365 : * @param session_info A pointer to the SPDM session context.
1366 : **/
1367 : void libspdm_reset_message_m(libspdm_context_t *spdm_context, void *session_info);
1368 :
1369 : /**
1370 : * Reset message K cache in SPDM context.
1371 : *
1372 : * @param spdm_context A pointer to the SPDM context.
1373 : * @param spdm_session_info A pointer to the SPDM session context.
1374 : **/
1375 : void libspdm_reset_message_k(libspdm_context_t *spdm_context, void *spdm_session_info);
1376 :
1377 : /**
1378 : * Reset message EncapD cache in SPDM context.
1379 : *
1380 : * @param spdm_context A pointer to the SPDM context.
1381 : * @param spdm_session_info A pointer to the SPDM session context.
1382 : **/
1383 : void libspdm_reset_message_encap_d(libspdm_context_t *spdm_context, void *spdm_session_info);
1384 :
1385 : /**
1386 : * Reset message F cache in SPDM context.
1387 : *
1388 : * @param spdm_context A pointer to the SPDM context.
1389 : * @param spdm_session_info A pointer to the SPDM session context.
1390 : **/
1391 : void libspdm_reset_message_f(libspdm_context_t *spdm_context, void *spdm_session_info);
1392 :
1393 : /**
1394 : * Reset message E cache in SPDM context.
1395 : * If session_info is NULL, this function will use E cache of SPDM context,
1396 : * else will use E cache of SPDM session context.
1397 : *
1398 : * @param spdm_context A pointer to the SPDM context.
1399 : * @param spdm_session_info A pointer to the SPDM session context.
1400 : **/
1401 : void libspdm_reset_message_e(libspdm_context_t *spdm_context, void *session_info);
1402 :
1403 : /**
1404 : * Reset message encap E cache in SPDM context.
1405 : * If session_info is NULL, this function will use encap E cache of SPDM context,
1406 : * else will use encap E cache of SPDM session context.
1407 : *
1408 : * @param spdm_context A pointer to the SPDM context.
1409 : * @param spdm_session_info A pointer to the SPDM session context.
1410 : **/
1411 : void libspdm_reset_message_encap_e(libspdm_context_t *spdm_context, void *session_info);
1412 :
1413 : /**
1414 : * Append message A cache in SPDM context.
1415 : *
1416 : * @param spdm_context A pointer to the SPDM context.
1417 : * @param message Message buffer.
1418 : * @param message_size Size in bytes of message buffer.
1419 : *
1420 : * @return RETURN_SUCCESS message is appended.
1421 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1422 : **/
1423 : libspdm_return_t libspdm_append_message_a(libspdm_context_t *spdm_context, const void *message,
1424 : size_t message_size);
1425 :
1426 : /**
1427 : * Append message D cache in SPDM context.
1428 : *
1429 : * @param spdm_context A pointer to the SPDM context.
1430 : * @param message Message buffer.
1431 : * @param message_size Size in bytes of message buffer.
1432 : *
1433 : * @return RETURN_SUCCESS message is appended.
1434 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1435 : **/
1436 : libspdm_return_t libspdm_append_message_d(libspdm_context_t *spdm_context, const void *message,
1437 : size_t message_size);
1438 :
1439 : /**
1440 : * Append message B cache in SPDM context.
1441 : *
1442 : * @param spdm_context A pointer to the SPDM context.
1443 : * @param message Message buffer.
1444 : * @param message_size Size in bytes of message buffer.
1445 : *
1446 : * @return RETURN_SUCCESS message is appended.
1447 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1448 : **/
1449 : libspdm_return_t libspdm_append_message_b(libspdm_context_t *spdm_context, const void *message,
1450 : size_t message_size);
1451 :
1452 : /**
1453 : * Append message C cache in SPDM context.
1454 : *
1455 : * @param spdm_context A pointer to the SPDM context.
1456 : * @param message Message buffer.
1457 : * @param message_size Size in bytes of message buffer.
1458 : *
1459 : * @return RETURN_SUCCESS message is appended.
1460 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1461 : **/
1462 : libspdm_return_t libspdm_append_message_c(libspdm_context_t *spdm_context, const void *message,
1463 : size_t message_size);
1464 :
1465 : /**
1466 : * Append message MutB cache in SPDM context.
1467 : *
1468 : * @param spdm_context A pointer to the SPDM context.
1469 : * @param message Message buffer.
1470 : * @param message_size Size in bytes of message buffer.
1471 : *
1472 : * @return RETURN_SUCCESS message is appended.
1473 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1474 : **/
1475 : libspdm_return_t libspdm_append_message_mut_b(libspdm_context_t *spdm_context, const void *message,
1476 : size_t message_size);
1477 :
1478 : /**
1479 : * Append message MutC cache in SPDM context.
1480 : *
1481 : * @param spdm_context A pointer to the SPDM context.
1482 : * @param message Message buffer.
1483 : * @param message_size Size in bytes of message buffer.
1484 : *
1485 : * @return RETURN_SUCCESS message is appended.
1486 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1487 : **/
1488 : libspdm_return_t libspdm_append_message_mut_c(libspdm_context_t *spdm_context, const void *message,
1489 : size_t message_size);
1490 :
1491 : /**
1492 : * Append message M cache in SPDM context.
1493 : * If session_info is NULL, this function will use M cache of SPDM context,
1494 : * else will use M cache of SPDM session context.
1495 : *
1496 : * @param spdm_context A pointer to the SPDM context.
1497 : * @param session_info A pointer to the SPDM session context.
1498 : * @param message Message buffer.
1499 : * @param message_size Size in bytes of message buffer.
1500 : *
1501 : * @return RETURN_SUCCESS message is appended.
1502 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1503 : **/
1504 : libspdm_return_t libspdm_append_message_m(libspdm_context_t *spdm_context,
1505 : void *session_info,
1506 : const void *message, size_t message_size);
1507 :
1508 : /**
1509 : * Append message K cache in SPDM context.
1510 : *
1511 : * @param spdm_context A pointer to the SPDM context.
1512 : * @param spdm_session_info A pointer to the SPDM session context.
1513 : * @param is_requester Indicate of the key generation for a requester or a responder.
1514 : * @param message Message buffer.
1515 : * @param message_size Size in bytes of message buffer.
1516 : *
1517 : * @return RETURN_SUCCESS message is appended.
1518 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1519 : **/
1520 : libspdm_return_t libspdm_append_message_k(libspdm_context_t *spdm_context,
1521 : void *spdm_session_info,
1522 : bool is_requester, const void *message,
1523 : size_t message_size);
1524 :
1525 : /**
1526 : * Append message EncapD cache in SPDM context.
1527 : *
1528 : * @param spdm_context A pointer to the SPDM context.
1529 : * @param spdm_session_info A pointer to the SPDM session context.
1530 : * @param is_requester Indicate of the key generation for a requester or a responder.
1531 : * @param message Message buffer.
1532 : * @param message_size Size in bytes of message buffer.
1533 : *
1534 : * @return RETURN_SUCCESS message is appended.
1535 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1536 : **/
1537 : libspdm_return_t libspdm_append_message_encap_d(libspdm_context_t *spdm_context,
1538 : void *spdm_session_info,
1539 : bool is_requester, const void *message,
1540 : size_t message_size);
1541 :
1542 : /**
1543 : * Append message F cache in SPDM context.
1544 : *
1545 : * @param spdm_context A pointer to the SPDM context.
1546 : * @param spdm_session_info A pointer to the SPDM session context.
1547 : * @param is_requester Indicate of the key generation for a requester or a responder.
1548 : * @param message Message buffer.
1549 : * @param message_size Size in bytes of message buffer.
1550 : *
1551 : * @return RETURN_SUCCESS message is appended.
1552 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1553 : **/
1554 : libspdm_return_t libspdm_append_message_f(libspdm_context_t *spdm_context,
1555 : void *spdm_session_info,
1556 : bool is_requester, const void *message,
1557 : size_t message_size);
1558 :
1559 : /**
1560 : * Append message E cache in SPDM context.
1561 : * If session_info is NULL, this function will use E cache of SPDM context,
1562 : * else will use E cache of SPDM session context.
1563 : *
1564 : * @param spdm_context A pointer to the SPDM context.
1565 : * @param session_info A pointer to the SPDM session context.
1566 : * @param message message buffer.
1567 : * @param message_size size in bytes of message buffer.
1568 : *
1569 : * @return RETURN_SUCCESS message is appended.
1570 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1571 : **/
1572 : libspdm_return_t libspdm_append_message_e(libspdm_context_t *spdm_context, void *session_info,
1573 : const void *message, size_t message_size);
1574 :
1575 : /**
1576 : * Append message encap E cache in SPDM context.
1577 : * If session_info is NULL, this function will use encap E cache of SPDM context,
1578 : * else will use encap E cache of SPDM session context.
1579 : *
1580 : * @param spdm_context A pointer to the SPDM context.
1581 : * @param session_info A pointer to the SPDM session context.
1582 : * @param message message buffer.
1583 : * @param message_size size in bytes of message buffer.
1584 : *
1585 : * @return RETURN_SUCCESS message is appended.
1586 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1587 : **/
1588 : libspdm_return_t libspdm_append_message_encap_e(libspdm_context_t *spdm_context, void *session_info,
1589 : const void *message, size_t message_size);
1590 :
1591 : /**
1592 : * This function generates a session ID by concatenating req_session_id and rsp_session_id.
1593 : *
1594 : * @param[in] req_session_id
1595 : * @param[in] rsp_session_id
1596 : *
1597 : * @return Session ID.
1598 : **/
1599 : uint32_t libspdm_generate_session_id(uint16_t req_session_id, uint16_t rsp_session_id);
1600 :
1601 : /**
1602 : * This function assigns a new session ID.
1603 : *
1604 : * @param spdm_context A pointer to the SPDM context.
1605 : * @param session_id The SPDM session ID.
1606 : *
1607 : * @return session info associated with this new session ID.
1608 : **/
1609 : void *libspdm_assign_session_id(libspdm_context_t *spdm_context, uint32_t session_id, bool use_psk);
1610 :
1611 : /**
1612 : * This function frees a session ID.
1613 : *
1614 : * @param spdm_context A pointer to the SPDM context.
1615 : * @param session_id The SPDM session ID.
1616 : **/
1617 : void libspdm_free_session_id(libspdm_context_t *spdm_context, uint32_t session_id);
1618 :
1619 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1620 : /*
1621 : * This function calculates current TH data with message A and message K.
1622 : *
1623 : * @param spdm_context A pointer to the SPDM context.
1624 : * @param session_info The SPDM session ID.
1625 : * @param cert_chain_buffer Certificate chain buffer with spdm_cert_chain_t header.
1626 : * @param cert_chain_buffer_size Size in bytes of the certificate chain buffer.
1627 : * @param th_data_buffer_size Size in bytes of the th_data_buffer
1628 : * @param th_data_buffer The buffer to store the th_data_buffer
1629 : *
1630 : * @retval RETURN_SUCCESS current TH data is calculated.
1631 : */
1632 : bool libspdm_calculate_th_for_exchange(
1633 : libspdm_context_t *spdm_context, void *spdm_session_info,
1634 : const uint8_t *cert_chain_buffer, size_t cert_chain_buffer_size,
1635 : libspdm_th_managed_buffer_t *th_curr);
1636 : #else
1637 : /*
1638 : * This function calculates current TH hash with message A and message K.
1639 : *
1640 : * @param spdm_context A pointer to the SPDM context.
1641 : * @param session_info The SPDM session ID.
1642 : * @param th_hash_buffer_size Size in bytes of the th_hash_buffer
1643 : * @param th_hash_buffer The buffer to store the th_hash_buffer
1644 : *
1645 : * @retval RETURN_SUCCESS current TH hash is calculated.
1646 : */
1647 : bool libspdm_calculate_th_hash_for_exchange(
1648 : libspdm_context_t *spdm_context, void *spdm_session_info,
1649 : size_t *th_hash_buffer_size, void *th_hash_buffer);
1650 :
1651 : /*
1652 : * This function calculates current TH hmac with message A and message K, with response finished_key.
1653 : *
1654 : * @param spdm_context A pointer to the SPDM context.
1655 : * @param session_info The SPDM session ID.
1656 : * @param th_hmac_buffer_size Size in bytes of the th_hmac_buffer
1657 : * @param th_hmac_buffer The buffer to store the th_hmac_buffer
1658 : *
1659 : * @retval RETURN_SUCCESS current TH hmac is calculated.
1660 : */
1661 : bool libspdm_calculate_th_hmac_for_exchange_rsp(
1662 : libspdm_context_t *spdm_context, void *spdm_session_info, bool is_requester,
1663 : size_t *th_hmac_buffer_size, void *th_hmac_buffer);
1664 : #endif
1665 :
1666 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1667 : /*
1668 : * This function calculates current TH data with message A, message K and message F.
1669 : *
1670 : * @param spdm_context A pointer to the SPDM context.
1671 : * @param session_info The SPDM session ID.
1672 : * @param cert_chain_buffer Certificate chain buffer with spdm_cert_chain_t header.
1673 : * @param cert_chain_buffer_size Size in bytes of the certificate chain buffer.
1674 : * @param mut_cert_chain_buffer Certificate chain buffer with spdm_cert_chain_t header in mutual authentication.
1675 : * @param mut_cert_chain_buffer_size Size in bytes of the certificate chain buffer in mutual authentication.
1676 : * @param th_data_buffer_size Size in bytes of the th_data_buffer.
1677 : * @param th_data_buffer The buffer to store the th_data_buffer
1678 : *
1679 : * @retval RETURN_SUCCESS current TH data is calculated.
1680 : */
1681 : bool libspdm_calculate_th_for_finish(libspdm_context_t *spdm_context,
1682 : void *spdm_session_info,
1683 : const uint8_t *cert_chain_buffer,
1684 : size_t cert_chain_buffer_size,
1685 : const uint8_t *mut_cert_chain_buffer,
1686 : size_t mut_cert_chain_buffer_size,
1687 : libspdm_th_managed_buffer_t *th_curr);
1688 : #else
1689 : /*
1690 : * This function calculates current TH hash with message A, message K and message F.
1691 : *
1692 : * @param spdm_context A pointer to the SPDM context.
1693 : * @param session_info The SPDM session ID.
1694 : * @param th_hash_buffer_size Size in bytes of the th_hash_buffer
1695 : * @param th_hash_buffer The buffer to store the th_hash_buffer
1696 : *
1697 : * @retval RETURN_SUCCESS current TH hash is calculated.
1698 : */
1699 : bool libspdm_calculate_th_hash_for_finish(libspdm_context_t *spdm_context,
1700 : void *spdm_session_info,
1701 : size_t *th_hash_buffer_size,
1702 : void *th_hash_buffer);
1703 :
1704 : /*
1705 : * This function calculates current TH hmac with message A, message K and message F, with response finished_key.
1706 : *
1707 : * @param spdm_context A pointer to the SPDM context.
1708 : * @param session_info The SPDM session ID.
1709 : * @param th_hmac_buffer_size Size in bytes of the th_hmac_buffer
1710 : * @param th_hmac_buffer The buffer to store the th_hmac_buffer
1711 : *
1712 : * @retval RETURN_SUCCESS current TH hmac is calculated.
1713 : */
1714 : bool libspdm_calculate_th_hmac_for_finish_rsp(libspdm_context_t *spdm_context,
1715 : void *spdm_session_info,
1716 : size_t *th_hmac_buffer_size,
1717 : void *th_hmac_buffer);
1718 :
1719 : /*
1720 : * This function calculates current TH hmac with message A, message K and message F, with request finished_key.
1721 : *
1722 : * @param spdm_context A pointer to the SPDM context.
1723 : * @param session_info The SPDM session ID.
1724 : * @param th_hmac_buffer_size Size in bytes of the th_hmac_buffer
1725 : * @param th_hmac_buffer The buffer to store the th_hmac_buffer
1726 : *
1727 : * @retval RETURN_SUCCESS current TH hmac is calculated.
1728 : */
1729 : bool libspdm_calculate_th_hmac_for_finish_req(libspdm_context_t *spdm_context,
1730 : void *spdm_session_info,
1731 : size_t *th_hmac_buffer_size,
1732 : void *th_hmac_buffer);
1733 : #endif
1734 :
1735 : /*
1736 : * This function calculates th1 hash.
1737 : *
1738 : * @param spdm_context A pointer to the SPDM context.
1739 : * @param session_info The SPDM session ID.
1740 : * @param is_requester Indicate of the key generation for a requester or a responder.
1741 : * @param th1_hash_data Th1 hash.
1742 : *
1743 : * @retval RETURN_SUCCESS th1 hash is calculated.
1744 : */
1745 : bool libspdm_calculate_th1_hash(libspdm_context_t *spdm_context,
1746 : void *spdm_session_info,
1747 : bool is_requester,
1748 : uint8_t *th1_hash_data);
1749 :
1750 : /*
1751 : * This function calculates th2 hash.
1752 : *
1753 : * @param spdm_context A pointer to the SPDM context.
1754 : * @param session_info The SPDM session ID.
1755 : * @param is_requester Indicate of the key generation for a requester or a responder.
1756 : * @param th1_hash_data Th2 hash
1757 : *
1758 : * @retval RETURN_SUCCESS th2 hash is calculated.
1759 : */
1760 : bool libspdm_calculate_th2_hash(libspdm_context_t *spdm_context,
1761 : void *spdm_session_info,
1762 : bool is_requester,
1763 : uint8_t *th2_hash_data);
1764 :
1765 : /**
1766 : * Reads a 24-bit value from memory that may be unaligned.
1767 : *
1768 : * @param buffer The pointer to a 24-bit value that may be unaligned.
1769 : *
1770 : * @return The 24-bit value read from buffer.
1771 : **/
1772 : uint32_t libspdm_read_uint24(const uint8_t *buffer);
1773 :
1774 : /**
1775 : * Writes a 24-bit value to memory that may be unaligned.
1776 : *
1777 : * @param buffer The pointer to a 24-bit value that may be unaligned.
1778 : * @param value 24-bit value to write to buffer.
1779 : **/
1780 : void libspdm_write_uint24(uint8_t *buffer, uint32_t value);
1781 :
1782 : /**
1783 : * Reads a 16-bit value from memory that may be unaligned.
1784 : *
1785 : * @param buffer The pointer to a 16-bit value that may be unaligned.
1786 : *
1787 : * @return The 16-bit value read from buffer.
1788 : **/
1789 : uint16_t libspdm_read_uint16(const uint8_t *buffer);
1790 :
1791 : /**
1792 : * Writes a 16-bit value to memory that may be unaligned.
1793 : *
1794 : * @param buffer The pointer to a 16-bit value that may be unaligned.
1795 : * @param value 16-bit value to write to buffer.
1796 : **/
1797 : void libspdm_write_uint16(uint8_t *buffer, uint16_t value);
1798 :
1799 : /**
1800 : * Reads a 32-bit value from memory that may be unaligned.
1801 : *
1802 : * @param buffer The pointer to a 32-bit value that may be unaligned.
1803 : *
1804 : * @return The 32-bit value read from buffer.
1805 : **/
1806 : uint32_t libspdm_read_uint32(const uint8_t *buffer);
1807 :
1808 : /**
1809 : * Writes a 32-bit value to memory that may be unaligned.
1810 : *
1811 : * @param buffer The pointer to a 32-bit value that may be unaligned.
1812 : * @param value 32-bit value to write to buffer.
1813 : **/
1814 : void libspdm_write_uint32(uint8_t *buffer, uint32_t value);
1815 :
1816 : /**
1817 : * Reads a 64-bit value from memory that may be unaligned.
1818 : *
1819 : * @param buffer The pointer to a 64-bit value that may be unaligned.
1820 : *
1821 : * @return The 64-bit value read from buffer.
1822 : **/
1823 : uint64_t libspdm_read_uint64(const uint8_t *buffer);
1824 :
1825 : /**
1826 : * Writes a 64-bit value to memory that may be unaligned.
1827 : *
1828 : * @param buffer The pointer to a 64-bit value that may be unaligned.
1829 : * @param value 64-bit value to write to buffer.
1830 : **/
1831 : void libspdm_write_uint64(uint8_t *buffer, uint64_t value);
1832 :
1833 : /**
1834 : * Determine if bitmask has at most one bit set.
1835 : *
1836 : * @param mask The bitmask to be tested.
1837 : *
1838 : * @return true At most one bit is set.
1839 : * @return false More than one bit is set.
1840 : */
1841 375 : static inline bool libspdm_onehot0(uint32_t mask)
1842 : {
1843 375 : return !mask || !(mask & (mask - 1));
1844 : }
1845 :
1846 1 : static inline uint64_t libspdm_byte_swap_64(uint64_t value)
1847 : {
1848 1 : return (((value & 0x00000000000000ff) << 56) |
1849 1 : ((value & 0x000000000000ff00) << 40) |
1850 1 : ((value & 0x0000000000ff0000) << 24) |
1851 1 : ((value & 0x00000000ff000000) << 8) |
1852 1 : ((value & 0x000000ff00000000) >> 8) |
1853 1 : ((value & 0x0000ff0000000000) >> 24) |
1854 2 : ((value & 0x00ff000000000000) >> 40) |
1855 1 : ((value & 0xff00000000000000) >> 56));
1856 : }
1857 :
1858 : static inline uint32_t libspdm_byte_swap_32(uint32_t value)
1859 : {
1860 : return ((value & 0x000000FF) << 24) |
1861 : ((value & 0x0000FF00) << 8) |
1862 : ((value & 0x00FF0000) >> 8) |
1863 : ((value & 0xFF000000) >> 24);
1864 : }
1865 :
1866 : static inline uint16_t libspdm_byte_swap_16(uint16_t value)
1867 : {
1868 : return ((value & 0x00FF) << 8) |
1869 : ((value & 0xFF00) >> 8);
1870 : }
1871 :
1872 : /**
1873 : * Return capability flags that are masked by the negotiated SPDM version.
1874 : *
1875 : * @param spdm_context A pointer to the SPDM context.
1876 : * @param is_request_flags If true then flags are from a request message or Requester.
1877 : * If false then flags are from a response message or Responder.
1878 : * @param flags A bitmask of capability flags.
1879 : *
1880 : * @return The masked capability flags.
1881 : */
1882 : uint32_t libspdm_mask_capability_flags(libspdm_context_t *spdm_context,
1883 : bool is_request_flags, uint32_t flags);
1884 :
1885 : /**
1886 : * Return BaseHashAlgo that is masked by the negotiated SPDM version.
1887 : *
1888 : * @param spdm_context A pointer to the SPDM context.
1889 : * @param base_hash_algo Unmasked BaseHashAlgo.
1890 : *
1891 : * @return The masked BaseHashAlgo.
1892 : */
1893 : uint32_t libspdm_mask_base_hash_algo(libspdm_context_t *spdm_context, uint32_t base_hash_algo);
1894 :
1895 : /**
1896 : * Return MeasurementHashAlgo that is masked by the negotiated SPDM version.
1897 : *
1898 : * @param spdm_context A pointer to the SPDM context.
1899 : * @param measurement_hash_algo Unmasked MeasurementHashAlgo.
1900 : *
1901 : * @return The masked MeasurementHashAlgo.
1902 : */
1903 : uint32_t libspdm_mask_measurement_hash_algo(libspdm_context_t *spdm_context,
1904 : uint32_t measurement_hash_algo);
1905 :
1906 : /**
1907 : * Return MeasurementSpecification that is masked by the negotiated SPDM version.
1908 : *
1909 : * @param spdm_context A pointer to the SPDM context.
1910 : * @param measurement_specification Unmasked MeasurementSpecification.
1911 : *
1912 : * @return The masked MeasurementSpecification.
1913 : */
1914 : uint8_t libspdm_mask_measurement_specification(libspdm_context_t *spdm_context,
1915 : uint8_t measurement_specification);
1916 :
1917 : /**
1918 : * Return MELspecification that is masked by the negotiated SPDM version.
1919 : *
1920 : * @param spdm_context A pointer to the SPDM context.
1921 : * @param mel_specification Unmasked MELspecification.
1922 : *
1923 : * @return The masked MELspecification.
1924 : */
1925 : uint8_t libspdm_mask_mel_specification(libspdm_context_t *spdm_context, uint8_t mel_specification);
1926 :
1927 : /**
1928 : * Return BaseAsymAlgo that is masked by the negotiated SPDM version.
1929 : *
1930 : * @param spdm_context A pointer to the SPDM context.
1931 : * @param base_asym_algo Unmasked BaseAsymAlgo.
1932 : *
1933 : * @return The masked BaseAsymAlgo.
1934 : */
1935 : uint32_t libspdm_mask_base_asym_algo(libspdm_context_t *spdm_context, uint32_t base_asym_algo);
1936 :
1937 : /**
1938 : * Check if the combination of SVH ID and VendorIDLen are legal.
1939 : *
1940 : * @param id Registry or standards body identifier (SPDM_REGISTRY_ID_*).
1941 : * @param vendor_id_len Length, in bytes, of the VendorID field.
1942 : *
1943 : * @retval true The ID and VendorIDLen are legal.
1944 : * @retval false The ID and VendorIDLen are illegal.
1945 : */
1946 : bool libspdm_validate_svh_vendor_id_len(uint8_t id, uint8_t vendor_id_len);
1947 :
1948 : #endif /* SPDM_COMMON_LIB_INTERNAL_H */
|