Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #ifndef SPDM_COMMON_LIB_INTERNAL_H
8 : #define SPDM_COMMON_LIB_INTERNAL_H
9 :
10 : #include "library/spdm_common_lib.h"
11 : #include "library/spdm_secured_message_lib.h"
12 : #include "library/spdm_return_status.h"
13 : #include "library/spdm_crypt_lib.h"
14 : #include "hal/library/debuglib.h"
15 : #include "hal/library/memlib.h"
16 : #include "hal/library/requester/reqasymsignlib.h"
17 : #include "hal/library/requester/psklib.h"
18 : #include "hal/library/responder/asymsignlib.h"
19 : #include "hal/library/responder/csrlib.h"
20 : #include "hal/library/responder/measlib.h"
21 : #include "hal/library/responder/key_pair_info.h"
22 : #include "hal/library/responder/psklib.h"
23 : #include "hal/library/responder/setcertlib.h"
24 : #include "hal/library/endpointinfolib.h"
25 : #include "hal/library/eventlib.h"
26 : #include "hal/library/cryptlib.h"
27 :
28 : #define INVALID_SESSION_ID LIBSPDM_INVALID_SESSION_ID
29 : /* The SPDM specification does not limit the values of CTExponent and RDTExponent.
30 : * libspdm artificially limits their values to 31, which corresponds to approximately 35 minutes
31 : * for CT and RDT. If an endpoint takes longer than 35 minutes to generate an SPDM message then
32 : * libspdm assumes the Integrator would not want to interact with such an endpoint. A maximum value
33 : * of 31 also means that, when calculating CT and RDT, a left-shift will not result in C undefined
34 : * behavior.
35 : */
36 : #define LIBSPDM_MAX_CT_EXPONENT 31
37 : #define LIBSPDM_MAX_RDT_EXPONENT 31
38 :
39 : #define LIBSPDM_MAX_SPDM_SESSION_SEQUENCE_NUMBER 0xFFFFFFFFFFFFFFFFull
40 :
41 : typedef struct {
42 : uint8_t spdm_version_count;
43 : spdm_version_number_t spdm_version[SPDM_MAX_VERSION_COUNT];
44 : } libspdm_device_version_t;
45 :
46 : typedef struct {
47 : uint8_t ct_exponent;
48 : uint64_t rtt;
49 : uint32_t st1;
50 : uint32_t flags;
51 : uint16_t ext_flags;
52 : uint32_t data_transfer_size;
53 : uint32_t sender_data_transfer_size;
54 : uint32_t max_spdm_msg_size;
55 : uint32_t transport_header_size;
56 : uint32_t transport_tail_size;
57 : } libspdm_device_capability_t;
58 :
59 : typedef struct {
60 : uint8_t measurement_spec;
61 : uint8_t other_params_support;
62 : uint8_t mel_spec;
63 : uint32_t measurement_hash_algo;
64 : uint32_t base_asym_algo;
65 : uint32_t base_hash_algo;
66 : uint16_t dhe_named_group;
67 : uint16_t aead_cipher_suite;
68 : uint16_t req_base_asym_alg;
69 : uint16_t key_schedule;
70 : uint32_t pqc_asym_algo;
71 : uint32_t req_pqc_asym_alg;
72 : uint32_t kem_alg;
73 : bool pqc_first;
74 : } libspdm_device_algorithm_t;
75 :
76 : typedef struct {
77 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
78 : uint8_t buffer[LIBSPDM_MAX_CERT_CHAIN_SIZE];
79 : size_t buffer_size;
80 : #else
81 : uint8_t buffer_hash[LIBSPDM_MAX_HASH_SIZE];
82 : uint32_t buffer_hash_size;
83 : /* leaf cert public key of the peer */
84 : void *leaf_cert_public_key;
85 : #endif
86 : } libspdm_peer_used_cert_chain_t;
87 :
88 : typedef struct {
89 : /* Local device info */
90 : libspdm_device_version_t version;
91 : libspdm_device_capability_t capability;
92 : libspdm_device_algorithm_t algorithm;
93 : libspdm_device_version_t secured_message_version;
94 :
95 : /* My Certificate */
96 : const void *local_cert_chain_provision[SPDM_MAX_SLOT_COUNT];
97 : size_t local_cert_chain_provision_size[SPDM_MAX_SLOT_COUNT];
98 : uint8_t local_supported_slot_mask;
99 : uint8_t cert_slot_reset_mask;
100 : spdm_key_pair_id_t local_key_pair_id[SPDM_MAX_SLOT_COUNT];
101 : spdm_certificate_info_t local_cert_info[SPDM_MAX_SLOT_COUNT];
102 : spdm_key_usage_bit_mask_t local_key_usage_bit_mask[SPDM_MAX_SLOT_COUNT];
103 : /* My raw public key (slot_id - 0xFF) */
104 : const void *local_public_key_provision;
105 : size_t local_public_key_provision_size;
106 :
107 : /* Peer Root Certificate */
108 : const void *peer_root_cert_provision[LIBSPDM_MAX_ROOT_CERT_SUPPORT];
109 : size_t peer_root_cert_provision_size[LIBSPDM_MAX_ROOT_CERT_SUPPORT];
110 : /* Peer raw public key (slot_id - 0xFF) */
111 : const void *peer_public_key_provision;
112 : size_t peer_public_key_provision_size;
113 :
114 : /* Peer Cert verify*/
115 : libspdm_verify_spdm_cert_chain_func verify_peer_spdm_cert_chain;
116 :
117 : /* Responder policy*/
118 : bool basic_mut_auth_requested;
119 : uint8_t mut_auth_requested;
120 : bool mandatory_mut_auth;
121 : uint8_t heartbeat_period;
122 :
123 : /*The device role*/
124 : bool is_requester;
125 : } libspdm_local_context_t;
126 :
127 : typedef struct {
128 : /* Connection State */
129 : libspdm_connection_state_t connection_state;
130 :
131 : /* Peer device info (negotiated) */
132 : spdm_version_number_t version;
133 : libspdm_device_capability_t capability;
134 : libspdm_device_algorithm_t algorithm;
135 :
136 : /* Peer digests buffer */
137 : uint8_t peer_provisioned_slot_mask;
138 : uint8_t peer_supported_slot_mask;
139 : uint8_t peer_total_digest_buffer[LIBSPDM_MAX_HASH_SIZE * SPDM_MAX_SLOT_COUNT];
140 :
141 : spdm_key_pair_id_t peer_key_pair_id[SPDM_MAX_SLOT_COUNT];
142 : spdm_certificate_info_t peer_cert_info[SPDM_MAX_SLOT_COUNT];
143 : spdm_key_usage_bit_mask_t peer_key_usage_bit_mask[SPDM_MAX_SLOT_COUNT];
144 :
145 : /* Peer CertificateChain */
146 : libspdm_peer_used_cert_chain_t peer_used_cert_chain[SPDM_MAX_SLOT_COUNT];
147 : uint8_t peer_used_cert_chain_slot_id;
148 :
149 : /* Local Used CertificateChain (for responder, or requester in mut auth) */
150 : const uint8_t *local_used_cert_chain_buffer;
151 : size_t local_used_cert_chain_buffer_size;
152 : uint8_t local_used_cert_chain_slot_id;
153 :
154 : /* Specifies whether the cached negotiated state should be invalidated. (responder only)
155 : * This is a "sticky" bit wherein if it is set to 1 then it cannot be set to 0. */
156 : uint8_t end_session_attributes;
157 :
158 : /* multi-key negotiated result */
159 : bool multi_key_conn_req;
160 : bool multi_key_conn_rsp;
161 : } libspdm_connection_info_t;
162 :
163 : typedef struct {
164 : size_t max_buffer_size;
165 : size_t buffer_size;
166 : /*uint8_t buffer[max_buffer_size];*/
167 : } libspdm_managed_buffer_t;
168 :
169 : typedef struct {
170 : size_t max_buffer_size;
171 : size_t buffer_size;
172 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_VCA_BUFFER_SIZE];
173 : } libspdm_vca_managed_buffer_t;
174 :
175 : /*
176 : * +--------------------------+------------------------------------------+---------+
177 : * | DIGESTS 1.4 | 4 + (H [+ 4]) * SlotNum = [36, 548] | [1, 18] |
178 : * +--------------------------+------------------------------------------+---------+
179 : * It is for multi-key.
180 : */
181 : #define LIBSPDM_MAX_MESSAGE_D_BUFFER_SIZE (4 + \
182 : (LIBSPDM_MAX_HASH_SIZE + 4) * SPDM_MAX_SLOT_COUNT)
183 :
184 : typedef struct {
185 : size_t max_buffer_size;
186 : size_t buffer_size;
187 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_D_BUFFER_SIZE];
188 : } libspdm_message_d_managed_buffer_t;
189 :
190 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
191 :
192 : /*
193 : * +--------------------------+------------------------------------------+---------+
194 : * | GET_DIGESTS 1.4 | 4 | 1 |
195 : * | DIGESTS 1.4 | 4 + (H [+ 4]) * SlotNum = [36, 548] | [1, 18] |
196 : * +--------------------------+------------------------------------------+---------+
197 : * | GET_CERTIFICATE 1.4 | 16 | 1 |
198 : * | CERTIFICATE 1.4 | 16 + PortionLen | [1, ] |
199 : * +--------------------------+------------------------------------------+---------+
200 : */
201 : #define LIBSPDM_MAX_MESSAGE_B_BUFFER_SIZE (40 + \
202 : (LIBSPDM_MAX_HASH_SIZE + 4) * SPDM_MAX_SLOT_COUNT + \
203 : LIBSPDM_MAX_CERT_CHAIN_SIZE)
204 :
205 : /*
206 : * +--------------------------+------------------------------------------+---------+
207 : * | CHALLENGE 1.4 | 44 | 1 |
208 : * | CHALLENGE_AUTH 1.4 | 46 + H * 2 + S [+ O] = [166, 678] | [6, 23] |
209 : * +--------------------------+------------------------------------------+---------+
210 : */
211 : #define LIBSPDM_MAX_MESSAGE_C_BUFFER_SIZE (90 + \
212 : LIBSPDM_MAX_HASH_SIZE * 2 + \
213 : LIBSPDM_RSP_SIGNATURE_DATA_MAX_SIZE + \
214 : SPDM_MAX_OPAQUE_DATA_SIZE)
215 :
216 : /*
217 : * +--------------------------+------------------------------------------+---------+
218 : * | GET_MEASUREMENTS 1.4 | 13 + Nonce (0 or 32) | 1 |
219 : * | MEASUREMENTS 1.4 | 50 + MeasRecLen (+ S) [+ O] = [106, 554] | [4, 19] |
220 : * +--------------------------+------------------------------------------+---------+
221 : */
222 : #define LIBSPDM_MAX_MESSAGE_M_BUFFER_SIZE (63 + SPDM_NONCE_SIZE + \
223 : LIBSPDM_MAX_MEASUREMENT_RECORD_SIZE + \
224 : LIBSPDM_RSP_SIGNATURE_DATA_MAX_SIZE + \
225 : SPDM_MAX_OPAQUE_DATA_SIZE)
226 :
227 : /*
228 : * +--------------------------+------------------------------------------+---------+
229 : * | KEY_EXCHANGE 1.4 | 42 + D [+ O] = [106, 554] | [4, 19] |
230 : * | KEY_EXCHANGE_RSP 1.4 | 42 + D + H + S (+ H) [+ O] = [234, 1194] | [8, 40] |
231 : * +--------------------------+------------------------------------------+---------+
232 : * | PSK_EXCHANGE 1.4 | 12 [+ PSKHint] + R [+ O] = 44 | 2 |
233 : * | PSK_EXCHANGE_RSP 1.4 | 12 + R + H (+ H) [+ O] = [108, 172] | [4, 6] |
234 : * +--------------------------+------------------------------------------+---------+
235 : */
236 : #define LIBSPDM_MAX_MESSAGE_K_BUFFER_SIZE (84 + LIBSPDM_REQ_EXCHANGE_DATA_MAX_SIZE + \
237 : LIBSPDM_RSP_EXCHANGE_DATA_MAX_SIZE + \
238 : LIBSPDM_MAX_HASH_SIZE * 2 + \
239 : LIBSPDM_RSP_SIGNATURE_DATA_MAX_SIZE + \
240 : SPDM_MAX_OPAQUE_DATA_SIZE * 2)
241 :
242 : /*
243 : * +--------------------------+------------------------------------------+---------+
244 : * | FINISH 1.4 | 6 (+ S) + H [+ O] = [100, 580] | [4, 20] |
245 : * | FINISH_RSP 1.4 | 6 (+ H) [+ O] = [36, 69] | [1, 3] |
246 : * +--------------------------+------------------------------------------+---------+
247 : * | PSK_FINISH 1.4 | 6 + H [+ O] = [36, 68] | [1, 3] |
248 : * | PSK_FINISH_RSP 1.4 | 6 [+ O] | 1 |
249 : * +--------------------------+------------------------------------------+---------+
250 : */
251 : #define LIBSPDM_MAX_MESSAGE_F_BUFFER_SIZE (12 + LIBSPDM_MAX_HASH_SIZE * 2 + \
252 : LIBSPDM_REQ_SIGNATURE_DATA_MAX_SIZE + \
253 : SPDM_MAX_OPAQUE_DATA_SIZE * 2)
254 :
255 : /*
256 : * +--------------------------+------------------------------------------+---------+
257 : * | GET_EP_INFO 1.4 | 8 + Nonce (0 or 32) = [8, 40] | 1 |
258 : * | EP_INFO 1.4 | 12 + Nonce + EPInfoLen (+ S) = [12, 1024]| [1, 25] |
259 : * +--------------------------+------------------------------------------+---------+
260 : */
261 : #define LIBSPDM_MAX_MESSAGE_E_BUFFER_SIZE (20 + SPDM_NONCE_SIZE * 2 + \
262 : LIBSPDM_MAX_ENDPOINT_INFO_LENGTH + \
263 : LIBSPDM_RSP_SIGNATURE_DATA_MAX_SIZE)
264 :
265 : #define LIBSPDM_MAX_MESSAGE_L1L2_BUFFER_SIZE \
266 : (LIBSPDM_MAX_MESSAGE_VCA_BUFFER_SIZE + LIBSPDM_MAX_MESSAGE_M_BUFFER_SIZE)
267 :
268 : #define LIBSPDM_MAX_MESSAGE_M1M2_BUFFER_SIZE \
269 : (LIBSPDM_MAX_MESSAGE_VCA_BUFFER_SIZE + \
270 : LIBSPDM_MAX_MESSAGE_B_BUFFER_SIZE + LIBSPDM_MAX_MESSAGE_C_BUFFER_SIZE)
271 :
272 : #define LIBSPDM_MAX_MESSAGE_TH_BUFFER_SIZE \
273 : (LIBSPDM_MAX_MESSAGE_VCA_BUFFER_SIZE + \
274 : LIBSPDM_MAX_MESSAGE_D_BUFFER_SIZE + \
275 : LIBSPDM_MAX_HASH_SIZE + LIBSPDM_MAX_MESSAGE_K_BUFFER_SIZE + \
276 : LIBSPDM_MAX_MESSAGE_D_BUFFER_SIZE + \
277 : LIBSPDM_MAX_HASH_SIZE + LIBSPDM_MAX_MESSAGE_F_BUFFER_SIZE)
278 :
279 : #define LIBSPDM_MAX_MESSAGE_IL1IL2_BUFFER_SIZE \
280 : (LIBSPDM_MAX_MESSAGE_VCA_BUFFER_SIZE + LIBSPDM_MAX_MESSAGE_E_BUFFER_SIZE)
281 :
282 : typedef struct {
283 : size_t max_buffer_size;
284 : size_t buffer_size;
285 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_B_BUFFER_SIZE];
286 : } libspdm_message_b_managed_buffer_t;
287 :
288 : typedef struct {
289 : size_t max_buffer_size;
290 : size_t buffer_size;
291 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_C_BUFFER_SIZE];
292 : } libspdm_message_c_managed_buffer_t;
293 :
294 : typedef struct {
295 : size_t max_buffer_size;
296 : size_t buffer_size;
297 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_M_BUFFER_SIZE];
298 : } libspdm_message_m_managed_buffer_t;
299 :
300 : typedef struct {
301 : size_t max_buffer_size;
302 : size_t buffer_size;
303 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_K_BUFFER_SIZE];
304 : } libspdm_message_k_managed_buffer_t;
305 :
306 : typedef struct {
307 : size_t max_buffer_size;
308 : size_t buffer_size;
309 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_F_BUFFER_SIZE];
310 : } libspdm_message_f_managed_buffer_t;
311 :
312 : typedef struct {
313 : size_t max_buffer_size;
314 : size_t buffer_size;
315 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_E_BUFFER_SIZE];
316 : } libspdm_message_e_managed_buffer_t;
317 :
318 : typedef struct {
319 : size_t max_buffer_size;
320 : size_t buffer_size;
321 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_L1L2_BUFFER_SIZE];
322 : } libspdm_l1l2_managed_buffer_t;
323 :
324 : typedef struct {
325 : size_t max_buffer_size;
326 : size_t buffer_size;
327 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_M1M2_BUFFER_SIZE];
328 : } libspdm_m1m2_managed_buffer_t;
329 :
330 : typedef struct {
331 : size_t max_buffer_size;
332 : size_t buffer_size;
333 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_IL1IL2_BUFFER_SIZE];
334 : } libspdm_il1il2_managed_buffer_t;
335 :
336 : typedef struct {
337 : size_t max_buffer_size;
338 : size_t buffer_size;
339 : uint8_t buffer[LIBSPDM_MAX_MESSAGE_TH_BUFFER_SIZE];
340 : } libspdm_th_managed_buffer_t;
341 :
342 : #endif /* LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT */
343 :
344 : /* signature = Sign(SK, hash(M1))
345 : * Verify(PK, hash(M2), signature)*/
346 :
347 : /* M1/M2 = Concatenate (A, B, C)
348 : * A = Concatenate (GET_VERSION, VERSION, GET_CAPABILITIES, CAPABILITIES, NEGOTIATE_ALGORITHMS, ALGORITHMS)
349 : * B = Concatenate (GET_DIGEST, DIGEST, GET_CERTIFICATE, CERTIFICATE)
350 : * C = Concatenate (CHALLENGE, CHALLENGE_AUTH\signature)*/
351 :
352 : /* Mut M1/M2 = Concatenate (MutB, MutC)
353 : * MutB = Concatenate (GET_DIGEST, DIGEST, GET_CERTIFICATE, CERTIFICATE)
354 : * MutC = Concatenate (CHALLENGE, CHALLENGE_AUTH\signature)*/
355 :
356 : /* signature = Sign(SK, hash(L1))
357 : * Verify(PK, hash(L2), signature)*/
358 :
359 : /* L1/L2 = Concatenate (M)
360 : * M = Concatenate (GET_MEASUREMENT, MEASUREMENT\signature)*/
361 :
362 : /* IL1/IL2 = Concatenate (A, E)
363 : * E = Concatenate (GET_ENDPOINT_INFO, ENDPOINT_INFO\signature)*/
364 :
365 : /* Encap IL1/IL2 = Concatenate (A, Encap E)
366 : * Encap E = Concatenate (GET_ENDPOINT_INFO, ENDPOINT_INFO\signature)*/
367 :
368 : typedef struct {
369 : /* the message_a must be plan text because we do not know the algorithm yet.*/
370 : libspdm_vca_managed_buffer_t message_a;
371 : libspdm_message_d_managed_buffer_t message_d;
372 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
373 : libspdm_message_b_managed_buffer_t message_b;
374 : libspdm_message_c_managed_buffer_t message_c;
375 : libspdm_message_b_managed_buffer_t message_mut_b;
376 : libspdm_message_c_managed_buffer_t message_mut_c;
377 : libspdm_message_m_managed_buffer_t message_m;
378 : libspdm_message_e_managed_buffer_t message_e;
379 : libspdm_message_e_managed_buffer_t message_encap_e;
380 : #else
381 : void *digest_context_m1m2;
382 : void *digest_context_mut_m1m2;
383 : void *digest_context_l1l2;
384 : void *digest_context_il1il2;
385 : void *digest_context_encap_il1il2;
386 : #endif
387 : } libspdm_transcript_t;
388 :
389 : /* TH for KEY_EXCHANGE response signature: Concatenate (A, D, Ct, K)
390 : * D = DIGEST, if MULTI_KEY_CONN_RSP
391 : * Ct = certificate chain
392 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response\signature+verify_data)*/
393 :
394 : /* TH for KEY_EXCHANGE response HMAC: Concatenate (A, D, Ct, K)
395 : * D = DIGEST, if MULTI_KEY_CONN_RSP
396 : * Ct = certificate chain
397 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response\verify_data)*/
398 :
399 : /* TH for FINISH request signature: Concatenate (A, D, Ct, K, EncapD, CM, F)
400 : * D = DIGEST, if MULTI_KEY_CONN_RSP
401 : * Ct = certificate chain
402 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response)
403 : * EncapD = Encap DIGEST, if MULTI_KEY_CONN_REQ
404 : * CM = mutual certificate chain
405 : * F = Concatenate (FINISH request\signature+verify_data)*/
406 :
407 : /* TH for FINISH response HMAC: Concatenate (A, D, Ct, K, EncapD, CM, F)
408 : * D = DIGEST, if MULTI_KEY_CONN_RSP
409 : * Ct = certificate chain
410 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response)
411 : * EncapD = Encap DIGEST, if MULTI_KEY_CONN_REQ
412 : * CM = mutual certificate chain, if MutAuth
413 : * F = Concatenate (FINISH request\verify_data)*/
414 :
415 : /* th1: Concatenate (A, D, Ct, K)
416 : * D = DIGEST, if MULTI_KEY_CONN_RSP
417 : * Ct = certificate chain
418 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response)*/
419 :
420 : /* th2: Concatenate (A, D, Ct, K, EncapD, CM, F)
421 : * D = DIGEST, if MULTI_KEY_CONN_RSP
422 : * Ct = certificate chain
423 : * K = Concatenate (KEY_EXCHANGE request, KEY_EXCHANGE response)
424 : * EncapD = Encap DIGEST, if MULTI_KEY_CONN_REQ
425 : * CM = mutual certificate chain, if MutAuth
426 : * F = Concatenate (FINISH request, FINISH response)*/
427 :
428 : /* TH for PSK_EXCHANGE response HMAC: Concatenate (A, K)
429 : * K = Concatenate (PSK_EXCHANGE request, PSK_EXCHANGE response\verify_data)*/
430 :
431 : /* TH for PSK_FINISH response HMAC: Concatenate (A, K, F)
432 : * K = Concatenate (PSK_EXCHANGE request, PSK_EXCHANGE response)
433 : * F = Concatenate (PSK_FINISH request\verify_data)*/
434 :
435 : /* TH1_PSK1: Concatenate (A, K)
436 : * K = Concatenate (PSK_EXCHANGE request, PSK_EXCHANGE response\verify_data)*/
437 :
438 : /* TH1_PSK2: Concatenate (A, K, F)
439 : * K = Concatenate (PSK_EXCHANGE request, PSK_EXCHANGE response)
440 : * F = Concatenate (PSK_FINISH request\verify_data)*/
441 :
442 : /* TH2_PSK: Concatenate (A, K, F)
443 : * K = Concatenate (PSK_EXCHANGE request, PSK_EXCHANGE response)
444 : * F = Concatenate (PSK_FINISH request, PSK_FINISH response)*/
445 :
446 : typedef struct {
447 : libspdm_message_d_managed_buffer_t message_encap_d;
448 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
449 : libspdm_message_k_managed_buffer_t message_k;
450 : libspdm_message_f_managed_buffer_t message_f;
451 : libspdm_message_m_managed_buffer_t message_m;
452 : libspdm_message_e_managed_buffer_t message_e;
453 : libspdm_message_e_managed_buffer_t message_encap_e;
454 : #else
455 : bool message_f_initialized;
456 : void *digest_context_th;
457 : void *digest_context_l1l2;
458 : void *digest_context_il1il2;
459 : void *digest_context_encap_il1il2;
460 : /* this is back up for message F reset.*/
461 : void *digest_context_th_backup;
462 : #endif
463 : } libspdm_session_transcript_t;
464 :
465 : typedef struct {
466 : uint32_t session_id;
467 : bool use_psk;
468 : uint8_t mut_auth_requested;
469 : uint8_t end_session_attributes;
470 : uint8_t session_policy;
471 : uint8_t heartbeat_period;
472 : libspdm_session_transcript_t session_transcript;
473 : /* Register for the last KEY_UPDATE token and operation (responder only)*/
474 : spdm_key_update_request_t last_key_update_request;
475 : void *secured_message_context;
476 : } libspdm_session_info_t;
477 :
478 : #define LIBSPDM_MAX_ENCAP_REQUEST_OP_CODE_SEQUENCE_COUNT 3
479 : typedef struct {
480 : /* Valid OpCode: GET_DIGEST/GET_CERTIFICATE/CHALLENGE/KEY_UPDATE/GET_ENDPOINT_INFO/SEND_EVENT
481 : * The last one is 0x00, as a terminator. */
482 : uint8_t request_op_code_sequence[LIBSPDM_MAX_ENCAP_REQUEST_OP_CODE_SEQUENCE_COUNT + 1];
483 : uint8_t request_op_code_count;
484 : uint8_t current_request_op_code;
485 : uint8_t request_id;
486 : uint8_t req_slot_id;
487 : spdm_message_header_t last_encap_request_header;
488 : size_t last_encap_request_size;
489 : uint32_t cert_chain_total_len;
490 : uint8_t req_context[SPDM_REQ_CONTEXT_SIZE];
491 : uint32_t session_id;
492 : bool use_large_cert_chain;
493 : } libspdm_encap_context_t;
494 :
495 : #if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP
496 : typedef struct {
497 : bool chunk_in_use;
498 : uint8_t chunk_handle;
499 : uint32_t chunk_seq_no;
500 : size_t chunk_bytes_transferred;
501 :
502 : void* large_message;
503 : size_t large_message_size;
504 : size_t large_message_capacity;
505 : } libspdm_chunk_info_t;
506 :
507 : typedef struct {
508 : libspdm_chunk_info_t send;
509 : libspdm_chunk_info_t get;
510 : } libspdm_chunk_context_t;
511 : #endif /* LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP */
512 :
513 : #if LIBSPDM_ENABLE_MSG_LOG
514 : typedef struct {
515 : void *buffer;
516 : size_t max_buffer_size;
517 : uint32_t mode;
518 : size_t buffer_size;
519 : uint32_t status;
520 : } libspdm_msg_log_t;
521 : #endif /* LIBSPDM_ENABLE_MSG_LOG */
522 :
523 : #if LIBSPDM_FIPS_MODE
524 : typedef struct {
525 : /**
526 : * Tested algo flag: 0 represents that the algo is not tested.
527 : * See LIBSPDM_FIPS_SELF_TEST_xxx;
528 : **/
529 : uint32_t tested_algo;
530 : /**
531 : * Flag for the result of run algo self_test, 0 represents the result is failed.
532 : * See LIBSPDM_FIPS_SELF_TEST_xxx;
533 : **/
534 : uint32_t self_test_result;
535 : /**
536 : * Buffer provided by integrator to hold large intermediate results.
537 : **/
538 : void *selftest_buffer;
539 : size_t selftest_buffer_size;
540 : } libspdm_fips_selftest_context_t;
541 : #endif /* LIBSPDM_FIPS_MODE */
542 :
543 : #define LIBSPDM_CONTEXT_STRUCT_VERSION 0x3
544 :
545 : typedef struct {
546 : uint32_t version;
547 :
548 : /* IO information */
549 : libspdm_device_send_message_func send_message;
550 : libspdm_device_receive_message_func receive_message;
551 :
552 : /*
553 : * reserved for request and response in the main dispatch function in SPDM responder.
554 : * this buffer is the transport message received from spdm_context->receive_message()
555 : * or sent to spdm_context->send_message().
556 : * This message may be SPDM transport message or secured SPDM transport message.
557 : **/
558 : libspdm_device_acquire_sender_buffer_func acquire_sender_buffer;
559 : libspdm_device_release_sender_buffer_func release_sender_buffer;
560 : libspdm_device_acquire_receiver_buffer_func acquire_receiver_buffer;
561 : libspdm_device_release_receiver_buffer_func release_receiver_buffer;
562 :
563 : /* Transport Layer information */
564 : libspdm_transport_encode_message_func transport_encode_message;
565 : libspdm_transport_decode_message_func transport_decode_message;
566 :
567 : /* Cached plain text command
568 : * If the command is cipher text, decrypt then cache it. */
569 : void *last_spdm_request;
570 : size_t last_spdm_request_size;
571 :
572 : /* Buffers used for data processing and transport. */
573 : void *scratch_buffer;
574 : size_t scratch_buffer_size;
575 : void *sender_buffer;
576 : size_t sender_buffer_size;
577 : void *receiver_buffer;
578 : size_t receiver_buffer_size;
579 :
580 : /* Cache session_id in this spdm_message, only valid for secured message. */
581 : uint32_t last_spdm_request_session_id;
582 : bool last_spdm_request_session_id_valid;
583 :
584 : /* Cache the error in libspdm_process_request. It is handled in libspdm_build_response. */
585 : libspdm_error_struct_t last_spdm_error;
586 :
587 : /* Register GetResponse function (responder only) */
588 : void *get_response_func;
589 :
590 : /* Register GetEncapResponse function (requester only) */
591 : void *get_encap_response_func;
592 : libspdm_encap_context_t encap_context;
593 :
594 : /* Register spdm_session_state_callback function (responder only)
595 : * Register can know the state after StartSession / EndSession. */
596 : void *spdm_session_state_callback;
597 :
598 : /* Register spdm_connection_state_callback function (responder only)
599 : * Register can know the connection state such as negotiated. */
600 : void *spdm_connection_state_callback;
601 :
602 : /* Register libspdm_key_update_callback function (responder only)
603 : * Register can know when session keys are updated during KEY_UPDATE operations. */
604 : void *spdm_key_update_callback;
605 :
606 : libspdm_local_context_t local_context;
607 :
608 : libspdm_connection_info_t connection_info;
609 : libspdm_transcript_t transcript;
610 :
611 : libspdm_session_info_t session_info[LIBSPDM_MAX_SESSION_COUNT];
612 :
613 : /* Buffer that the Responder uses to store the Requester's certificate chain for
614 : * mutual authentication. */
615 : void *mut_auth_cert_chain_buffer;
616 : size_t mut_auth_cert_chain_buffer_size;
617 : size_t mut_auth_cert_chain_buffer_max_size;
618 :
619 : /* Cache latest session ID for HANDSHAKE_IN_THE_CLEAR */
620 : uint32_t latest_session_id;
621 :
622 : /* Register for Responder state, be initial to Normal (responder only) */
623 : libspdm_response_state_t response_state;
624 :
625 : /* Cached data for SPDM_ERROR_CODE_RESPONSE_NOT_READY/SPDM_RESPOND_IF_READY */
626 : spdm_error_data_response_not_ready_t error_data;
627 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
628 : void *cache_spdm_request;
629 : size_t cache_spdm_request_size;
630 : #endif
631 : uint8_t current_token;
632 :
633 : /* Register for the retry times when receive "BUSY" Error response (requester only) */
634 : uint8_t retry_times;
635 : /* Register for the delay time in microseconds between retry requests
636 : * when receive "BUSY" Error response (requester only) */
637 : uint64_t retry_delay_time;
638 : bool crypto_request;
639 :
640 : /* App context data for use by application */
641 : void *app_context_data_ptr;
642 :
643 : /* See LIBSPDM_DATA_HANDLE_ERROR_RETURN_POLICY_*. */
644 : uint8_t handle_error_return_policy;
645 :
646 : /* Max session count for DHE session and PSK session
647 : * Set via LIBSPDM_DATA_MAX_DHE_SESSION_COUNT and LIBSPDM_DATA_MAX_PSK_SESSION_COUNT */
648 : uint32_t max_dhe_session_count;
649 : uint32_t max_psk_session_count;
650 :
651 : /* Current session count for DHE session and PSK session */
652 : uint32_t current_dhe_session_count;
653 : uint32_t current_psk_session_count;
654 :
655 : /* see LIBSPDM_DATA_MAX_SPDM_SESSION_SEQUENCE_NUMBER */
656 : uint64_t max_spdm_session_sequence_number;
657 :
658 : uint8_t sequence_number_endian;
659 :
660 : #if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP
661 : /* Chunk specific context */
662 : libspdm_chunk_context_t chunk_context;
663 : #endif /* LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP */
664 :
665 : #if LIBSPDM_ENABLE_MSG_LOG
666 : libspdm_msg_log_t msg_log;
667 : #endif /* LIBSPDM_ENABLE_MSG_LOG */
668 :
669 : #if LIBSPDM_FIPS_MODE
670 : libspdm_fips_selftest_context_t fips_selftest_context;
671 : #endif /* LIBSPDM_FIPS_MODE */
672 :
673 : /* Endianness (BE/LE/Both) to use for signature verification on SPDM 1.0 and 1.1
674 : * This field is ignored for other SPDM versions */
675 : uint8_t spdm_10_11_verify_signature_endian;
676 :
677 : #if LIBSPDM_ENABLE_VENDOR_DEFINED_MESSAGES
678 : libspdm_vendor_response_callback_func vendor_response_callback;
679 : libspdm_vendor_get_id_callback_func vendor_response_get_id;
680 : #endif /* LIBSPDM_ENABLE_VENDOR_DEFINED_MESSAGES */
681 :
682 : #if LIBSPDM_EVENT_RECIPIENT_SUPPORT
683 : libspdm_process_event_func process_event;
684 : #endif /* LIBSPDM_EVENT_RECIPIENT_SUPPORT */
685 :
686 : #if (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (LIBSPDM_SEND_GET_ENDPOINT_INFO_SUPPORT)
687 : libspdm_get_endpoint_info_callback_func get_endpoint_info_callback;
688 : #endif /* (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (LIBSPDM_SEND_GET_ENDPOINT_INFO_SUPPORT) */
689 : } libspdm_context_t;
690 :
691 : #define LIBSPDM_CONTEXT_SIZE_WITHOUT_SECURED_CONTEXT (sizeof(libspdm_context_t))
692 : #define LIBSPDM_CONTEXT_SIZE_ALL (LIBSPDM_CONTEXT_SIZE_WITHOUT_SECURED_CONTEXT + \
693 : LIBSPDM_SECURED_MESSAGE_CONTEXT_SIZE * LIBSPDM_MAX_SESSION_COUNT)
694 :
695 : #if LIBSPDM_DEBUG_PRINT_ENABLE
696 : /**
697 : * Return the request code name based on given request code.
698 : *
699 : * @param request_code The SPDM request code.
700 : *
701 : * @return request code name according to the request code.
702 : **/
703 : const char *libspdm_get_code_str(uint8_t request_code);
704 :
705 : #ifdef LIBSPDM_INTERNAL_DUMP_HEX_STR_OVERRIDE
706 : extern void LIBSPDM_INTERNAL_DUMP_HEX_STR_OVERRIDE(const uint8_t *data, size_t size);
707 : #define LIBSPDM_INTERNAL_DUMP_HEX_STR(data, size) LIBSPDM_INTERNAL_DUMP_HEX_STR_OVERRIDE(data, size)
708 : #else
709 : /**
710 : * This function dump raw data.
711 : *
712 : * @param data raw data
713 : * @param size raw data size
714 : **/
715 : void libspdm_internal_dump_hex_str(const uint8_t *data, size_t size);
716 : #define LIBSPDM_INTERNAL_DUMP_HEX_STR(data, size) libspdm_internal_dump_hex_str(data, size)
717 : #endif /* LIBSPDM_INTERNAL_DUMP_HEX_STR_OVERRIDE */
718 :
719 : #ifdef LIBSPDM_INTERNAL_DUMP_DATA_OVERRIDE
720 : extern void LIBSPDM_INTERNAL_DUMP_DATA_OVERRIDE(const uint8_t *data, size_t size);
721 : #define LIBSPDM_INTERNAL_DUMP_DATA(data, size) LIBSPDM_INTERNAL_DUMP_DATA_OVERRIDE(data, size)
722 : #else
723 : /**
724 : * This function dump raw data.
725 : *
726 : * @param data raw data
727 : * @param size raw data size
728 : **/
729 : void libspdm_internal_dump_data(const uint8_t *data, size_t size);
730 : #define LIBSPDM_INTERNAL_DUMP_DATA(data, size) libspdm_internal_dump_data(data, size)
731 : #endif /* LIBSPDM_INTERNAL_DUMP_DATA_OVERRIDE */
732 :
733 : #ifdef LIBSPDM_INTERNAL_DUMP_HEX_OVERRIDE
734 : extern void LIBSPDM_INTERNAL_DUMP_HEX_OVERRIDE(const uint8_t *data, size_t size);
735 : #define LIBSPDM_INTERNAL_DUMP_HEX(data, size) LIBSPDM_INTERNAL_DUMP_HEX_OVERRIDE(data, size)
736 : #else
737 : /**
738 : * This function dump raw data with column format.
739 : *
740 : * @param data raw data
741 : * @param size raw data size
742 : **/
743 : void libspdm_internal_dump_hex(const uint8_t *data, size_t size);
744 : #define LIBSPDM_INTERNAL_DUMP_HEX(data, size) libspdm_internal_dump_hex(data, size)
745 : #endif /* LIBSPDM_INTERNAL_DUMP_HEX_OVERRIDE */
746 :
747 : #else /* LIBSPDM_DEBUG_PRINT_ENABLE */
748 : #define LIBSPDM_INTERNAL_DUMP_HEX(data, size)
749 : #define LIBSPDM_INTERNAL_DUMP_HEX_STR(data, size)
750 : #define LIBSPDM_INTERNAL_DUMP_DATA(data, size)
751 : #endif /* LIBSPDM_DEBUG_PRINT_ENABLE */
752 :
753 : /* Required scratch buffer size for libspdm internal usage.
754 : * It may be used to hold the encrypted/decrypted message and/or last sent/received message.
755 : * It may be used to hold the large request/response and intermediate send/receive buffer
756 : * in case of chunking.
757 : *
758 : * If chunking is not supported, it should be at least below.
759 : * +--------------------------+-----------------+-----------------+
760 : * | SENDER_RECEIVER |MAX_SPDM_MSG_SIZE|MAX_SPDM_MSG_SIZE|
761 : * +--------------------------+-----------------+-----------------+
762 : * |<-Snd/Rcv buf for chunk ->|<-last request ->|<-cache request->|
763 : *
764 : *
765 : * If chunking is supported, it should be at least below.
766 : * +---------------+--------------+--------------------------+------------------------------+-----------------+-----------------+
767 : * |SECURE_MESSAGE |LARGE_MESSAGE | SENDER_RECEIVER | LARGE SENDER_RECEIVER |MAX_SPDM_MSG_SIZE|MAX_SPDM_MSG_SIZE|
768 : * +---------------+--------------+--------------------------+------------------------------+-----------------+-----------------+
769 : * |<-Secure msg ->|<-Large msg ->|<-Snd/Rcv buf for chunk ->|<-Snd/Rcv buf for large msg ->|<-last request ->|<-cache request->|
770 : *
771 : *
772 : * The value is configurable based on max_spdm_msg_size.
773 : * The value MAY be changed in different libspdm version.
774 : * It is exposed here, just in case the libspdm consumer wants to configure the setting at build time.
775 : */
776 : #if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP
777 : /* first section */
778 : uint32_t libspdm_get_scratch_buffer_secure_message_offset(libspdm_context_t *spdm_context);
779 : uint32_t libspdm_get_scratch_buffer_secure_message_capacity(libspdm_context_t *spdm_context);
780 :
781 : /* second section */
782 : uint32_t libspdm_get_scratch_buffer_large_message_offset(libspdm_context_t *spdm_context);
783 : uint32_t libspdm_get_scratch_buffer_large_message_capacity(libspdm_context_t *spdm_context);
784 : #endif
785 :
786 : /* third section */
787 : uint32_t libspdm_get_scratch_buffer_sender_receiver_offset(libspdm_context_t *spdm_context);
788 : uint32_t libspdm_get_scratch_buffer_sender_receiver_capacity(libspdm_context_t *spdm_context);
789 :
790 : #if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP
791 : /* fourth section */
792 : uint32_t libspdm_get_scratch_buffer_large_sender_receiver_offset(libspdm_context_t *spdm_context);
793 : uint32_t libspdm_get_scratch_buffer_large_sender_receiver_capacity(libspdm_context_t *spdm_context);
794 : #endif
795 :
796 : /* fifth section */
797 : uint32_t libspdm_get_scratch_buffer_last_spdm_request_offset(libspdm_context_t *spdm_context);
798 : uint32_t libspdm_get_scratch_buffer_last_spdm_request_capacity(libspdm_context_t *spdm_context);
799 :
800 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
801 : /* sixth section */
802 : uint32_t libspdm_get_scratch_buffer_cache_spdm_request_offset(libspdm_context_t *spdm_context);
803 : uint32_t libspdm_get_scratch_buffer_cache_spdm_request_capacity(libspdm_context_t *spdm_context);
804 : #endif
805 :
806 : /* combination */
807 : uint32_t libspdm_get_scratch_buffer_capacity(libspdm_context_t *spdm_context);
808 :
809 : /**
810 : * Append a new data buffer to the managed buffer.
811 : *
812 : * @param managed_buffer The managed buffer to be appended.
813 : * @param buffer The address of the data buffer to be appended to the managed buffer.
814 : * @param buffer_size The size in bytes of the data buffer to be appended to the managed buffer.
815 : *
816 : * @retval RETURN_SUCCESS The new data buffer is appended to the managed buffer.
817 : * @retval RETURN_BUFFER_TOO_SMALL The managed buffer is too small to be appended.
818 : **/
819 : libspdm_return_t libspdm_append_managed_buffer(void *managed_buffer,
820 : const void *buffer, size_t buffer_size);
821 :
822 : /**
823 : * Reset the managed buffer.
824 : * The buffer_size is reset to 0.
825 : * The max_buffer_size is unchanged.
826 : * The buffer is not freed.
827 : *
828 : * @param managed_buffer The managed buffer.
829 : **/
830 : void libspdm_reset_managed_buffer(void *managed_buffer);
831 :
832 : /**
833 : * Return the size of managed buffer.
834 : *
835 : * @param managed_buffer The managed buffer.
836 : *
837 : * @return the size of managed buffer.
838 : **/
839 : size_t libspdm_get_managed_buffer_size(void *managed_buffer);
840 :
841 : /**
842 : * Return the address of managed buffer.
843 : *
844 : * @param managed_buffer The managed buffer.
845 : *
846 : * @return the address of managed buffer.
847 : **/
848 : void *libspdm_get_managed_buffer(void *managed_buffer);
849 :
850 : /**
851 : * Init the managed buffer.
852 : *
853 : * @param managed_buffer The managed buffer.
854 : * @param max_buffer_size The maximum size in bytes of the managed buffer.
855 : **/
856 : void libspdm_init_managed_buffer(void *managed_buffer, size_t max_buffer_size);
857 :
858 : /**
859 : * Reset message buffer in SPDM context according to request code.
860 : *
861 : * @param spdm_context A pointer to the SPDM context.
862 : * @param spdm_session_info A pointer to the SPDM session context.
863 : * @param spdm_request The SPDM request code.
864 : */
865 : void libspdm_reset_message_buffer_via_request_code(void *context, void *session_info,
866 : uint8_t request_code);
867 :
868 : /**
869 : * This function initializes the session info.
870 : *
871 : * @param spdm_context A pointer to the SPDM context.
872 : * @param session_id The SPDM session ID.
873 : **/
874 : void libspdm_session_info_init(libspdm_context_t *spdm_context,
875 : libspdm_session_info_t *session_info,
876 : uint32_t session_id, spdm_version_number_t secured_message_version,
877 : bool use_psk);
878 :
879 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
880 : /**
881 : * Set the psk_hint to a session info.
882 : *
883 : * @param session_info A pointer to a session info.
884 : * @param psk_hint Indicate the PSK hint.
885 : * @param psk_hint_size The size in bytes of the PSK hint.
886 : */
887 : void libspdm_session_info_set_psk_hint(libspdm_session_info_t *session_info,
888 : const void *psk_hint,
889 : size_t psk_hint_size);
890 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
891 :
892 : /**
893 : * This function returns if a given version is supported based upon the GET_VERSION/VERSION.
894 : *
895 : * @param spdm_context A pointer to the SPDM context.
896 : * @param version The SPDM version.
897 : *
898 : * @retval true the version is supported.
899 : * @retval false the version is not supported.
900 : **/
901 : bool libspdm_is_version_supported(const libspdm_context_t *spdm_context, uint8_t version);
902 :
903 : /**
904 : * This function returns connection version negotiated by GET_VERSION/VERSION.
905 : *
906 : * @param spdm_context A pointer to the SPDM context.
907 : *
908 : * @return the connection version.
909 : **/
910 : uint8_t libspdm_get_connection_version(const libspdm_context_t *spdm_context);
911 :
912 : /**
913 : * This function returns if a capabilities flag is supported in current SPDM connection.
914 : *
915 : * @param spdm_context A pointer to the SPDM context.
916 : * @param is_requester Is the function called from a requester.
917 : * @param requester_capabilities_flag The requester capabilities flag to be checked
918 : * @param responder_capabilities_flag The responder capabilities flag to be checked
919 : *
920 : * @retval true the capabilities flag is supported.
921 : * @retval false the capabilities flag is not supported.
922 : **/
923 : bool libspdm_is_capabilities_flag_supported(const libspdm_context_t *spdm_context,
924 : bool is_requester,
925 : uint32_t requester_capabilities_flag,
926 : uint32_t responder_capabilities_flag);
927 :
928 : /**
929 : * This function returns if a capabilities extended flag is supported in current SPDM connection.
930 : *
931 : * @param spdm_context A pointer to the SPDM context.
932 : * @param is_requester Is the function called from a requester.
933 : * @param requester_capabilities_ext_flag The requester capabilities extended flag to be checked
934 : * @param responder_capabilities_ext_flag The responder capabilities extended flag to be checked
935 : *
936 : * @retval true the capabilities extended flag is supported.
937 : * @retval false the capabilities extended flag is not supported.
938 : **/
939 : bool libspdm_is_capabilities_ext_flag_supported(const libspdm_context_t *spdm_context,
940 : bool is_requester,
941 : uint16_t requester_capabilities_ext_flag,
942 : uint16_t responder_capabilities_ext_flag);
943 :
944 : /**
945 : * Checks the negotiated SPDM version and endpoint capabilities to determine if encapsulated
946 : * messages are supported or not.
947 : *
948 : * @param spdm_context A pointer to the SPDM context.
949 : *
950 : * @retval true Both endpoints support encapsulated messages.
951 : * @retval false At least one endpoint does not support encapsulated messages.
952 : **/
953 : bool libspdm_is_encap_supported(const libspdm_context_t *spdm_context);
954 :
955 : /**
956 : * This function generates the certificate chain hash.
957 : *
958 : * @param spdm_context A pointer to the SPDM context.
959 : * @param slot_id The slot index of the certificate chain.
960 : * @param signature The buffer to store the certificate chain hash.
961 : *
962 : * @retval true certificate chain hash is generated.
963 : * @retval false certificate chain hash is not generated.
964 : **/
965 : bool libspdm_generate_cert_chain_hash(libspdm_context_t *spdm_context,
966 : size_t slot_id, uint8_t *hash);
967 :
968 : /**
969 : * This function generates the public key hash.
970 : *
971 : * @param spdm_context A pointer to the SPDM context.
972 : * @param hash The buffer to store the public key hash.
973 : *
974 : * @retval true public key hash is generated.
975 : * @retval false public key hash is not generated.
976 : **/
977 : bool libspdm_generate_public_key_hash(libspdm_context_t *spdm_context,
978 : uint8_t *hash);
979 :
980 : /**
981 : * This function verifies the integrity of peer certificate chain buffer including
982 : * spdm_cert_chain_t header.
983 : *
984 : * @param spdm_context A pointer to the SPDM context.
985 : * @param cert_chain_buffer Certificate chain buffer including spdm_cert_chain_t header.
986 : * @param cert_chain_buffer_size size in bytes of the certificate chain buffer.
987 : *
988 : * @retval true Peer certificate chain buffer integrity verification passed.
989 : * @retval false Peer certificate chain buffer integrity verification failed.
990 : **/
991 : bool libspdm_verify_peer_cert_chain_buffer_integrity(libspdm_context_t *spdm_context,
992 : const void *cert_chain_buffer,
993 : size_t cert_chain_buffer_size);
994 :
995 : /**
996 : * This function verifies peer certificate chain authority.
997 : *
998 : * @param spdm_context A pointer to the SPDM context.
999 : * @param cert_chain_buffer Certificate chain buffer including spdm_cert_chain_t header.
1000 : * @param cert_chain_buffer_size size in bytes of the certificate chain buffer.
1001 : * @param trust_anchor A buffer to hold the trust_anchor which is used to validate the peer certificate, if not NULL.
1002 : * @param trust_anchor_size A buffer to hold the trust_anchor_size, if not NULL.
1003 : *
1004 : * @retval true Peer certificate chain buffer authority verification passed.
1005 : * Or there is no root_cert in local_context.
1006 : * @retval false Peer certificate chain buffer authority verification failed.
1007 : **/
1008 : bool libspdm_verify_peer_cert_chain_buffer_authority(libspdm_context_t *spdm_context,
1009 : const void *cert_chain_buffer,
1010 : size_t cert_chain_buffer_size,
1011 : const void **trust_anchor,
1012 : size_t *trust_anchor_size);
1013 : /**
1014 : * This function generates the challenge signature based upon m1m2 for authentication.
1015 : *
1016 : * @param spdm_context A pointer to the SPDM context.
1017 : * @param is_requester Indicate of the signature generation for a requester or a responder.
1018 : * @param signature The buffer to store the challenge signature.
1019 : *
1020 : * @retval true challenge signature is generated.
1021 : * @retval false challenge signature is not generated.
1022 : **/
1023 : bool libspdm_generate_challenge_auth_signature(libspdm_context_t *spdm_context,
1024 : bool is_requester,
1025 : uint8_t slot_id,
1026 : uint8_t *signature);
1027 :
1028 : /**
1029 : * This function verifies the certificate chain hash.
1030 : *
1031 : * @param spdm_context A pointer to the SPDM context.
1032 : * @param certificate_chain_hash The certificate chain hash data buffer.
1033 : * @param certificate_chain_hash_size size in bytes of the certificate chain hash data buffer.
1034 : *
1035 : * @retval true hash verification pass.
1036 : * @retval false hash verification fail.
1037 : **/
1038 : bool libspdm_verify_certificate_chain_hash(libspdm_context_t *spdm_context,
1039 : const void *certificate_chain_hash,
1040 : size_t certificate_chain_hash_size);
1041 :
1042 : /**
1043 : * This function verifies the public key hash.
1044 : *
1045 : * @param spdm_context A pointer to the SPDM context.
1046 : * @param public_key_hash The public key hash data buffer.
1047 : * @param public_key_hash_size size in bytes of the public key hash data buffer.
1048 : *
1049 : * @retval true hash verification pass.
1050 : * @retval false hash verification fail.
1051 : **/
1052 : bool libspdm_verify_public_key_hash(libspdm_context_t *spdm_context,
1053 : const void *public_key_hash,
1054 : size_t public_key_hash_size);
1055 :
1056 : /**
1057 : * This function verifies the challenge signature based upon m1m2.
1058 : *
1059 : * @param spdm_context A pointer to the SPDM context.
1060 : * @param is_requester Indicate of the signature verification for a requester or a responder.
1061 : * @param sign_data The signature data buffer.
1062 : * @param sign_data_size size in bytes of the signature data buffer.
1063 : *
1064 : * @retval true signature verification pass.
1065 : * @retval false signature verification fail.
1066 : **/
1067 : bool libspdm_verify_challenge_auth_signature(libspdm_context_t *spdm_context,
1068 : bool is_requester,
1069 : const void *sign_data,
1070 : size_t sign_data_size);
1071 :
1072 : /**
1073 : * This function calculate the measurement summary hash size.
1074 : *
1075 : * @param spdm_context A pointer to the SPDM context.
1076 : * @param is_requester Is the function called from a requester.
1077 : * @param measurement_summary_hash_type The type of the measurement summary hash.
1078 : *
1079 : * @return 0 measurement summary hash type is invalid, NO_MEAS hash type or no MEAS capabilities.
1080 : * @return measurement summary hash size according to type.
1081 : **/
1082 : uint32_t libspdm_get_measurement_summary_hash_size(libspdm_context_t *spdm_context,
1083 : bool is_requester,
1084 : uint8_t measurement_summary_hash_type);
1085 :
1086 : /**
1087 : * This function generates the endpoint info signature based upon il1il2 for authentication.
1088 : *
1089 : * @param spdm_context A pointer to the SPDM context.
1090 : * @param session_info A pointer to the SPDM session context.
1091 : * @param is_requester Indicate of the signature generation for a requester or a responder.
1092 : * @param signature The buffer to store the endpoint info signature.
1093 : *
1094 : * @retval true challenge signature is generated.
1095 : * @retval false challenge signature is not generated.
1096 : **/
1097 : bool libspdm_generate_endpoint_info_signature(libspdm_context_t *spdm_context,
1098 : libspdm_session_info_t *session_info,
1099 : bool is_requester,
1100 : uint8_t slot_id,
1101 : uint8_t *signature);
1102 :
1103 : /**
1104 : * This function verifies the challenge signature based upon m1m2.
1105 : *
1106 : * @param spdm_context A pointer to the SPDM context.
1107 : * @param session_info A pointer to the SPDM session context.
1108 : * @param is_requester Indicate of the signature verification for a requester or a responder.
1109 : * @param sign_data The signature data buffer.
1110 : * @param sign_data_size size in bytes of the signature data buffer.
1111 : *
1112 : * @retval true signature verification pass.
1113 : * @retval false signature verification fail.
1114 : **/
1115 : bool libspdm_verify_endpoint_info_signature(libspdm_context_t *spdm_context,
1116 : libspdm_session_info_t *session_info,
1117 : bool is_requester,
1118 : const void *sign_data,
1119 : size_t sign_data_size);
1120 :
1121 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1122 : /*
1123 : * This function calculates l1l2.
1124 : * If session_info is NULL, this function will use M cache of SPDM context,
1125 : * else will use M cache of SPDM session context.
1126 : *
1127 : * @param spdm_context A pointer to the SPDM context.
1128 : * @param session_info A pointer to the SPDM session context.
1129 : * @param l1l2 The buffer to store the l1l2.
1130 : *
1131 : * @retval RETURN_SUCCESS l1l2 is calculated.
1132 : */
1133 : bool libspdm_calculate_l1l2(libspdm_context_t *spdm_context,
1134 : void *session_info,
1135 : libspdm_l1l2_managed_buffer_t *l1l2);
1136 : #else
1137 : /*
1138 : * This function calculates l1l2 hash.
1139 : * If session_info is NULL, this function will use M cache of SPDM context,
1140 : * else will use M cache of SPDM session context.
1141 : *
1142 : * @param spdm_context A pointer to the SPDM context.
1143 : * @param session_info A pointer to the SPDM session context.
1144 : * @param l1l2_hash_size size in bytes of the l1l2 hash
1145 : * @param l1l2_hash The buffer to store the l1l2 hash
1146 : *
1147 : * @retval RETURN_SUCCESS l1l2 is calculated.
1148 : */
1149 : bool libspdm_calculate_l1l2_hash(libspdm_context_t *spdm_context,
1150 : void *session_info,
1151 : size_t *l1l2_hash_size, void *l1l2_hash);
1152 : #endif /* LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT */
1153 :
1154 : /**
1155 : * Get element from multi element opaque data by element id.
1156 : *
1157 : * This function should be called in
1158 : * libspdm_process_opaque_data_supported_version_data/libspdm_process_opaque_data_version_selection_data.
1159 : *
1160 : * @param[in] data_in_size Size of multi element opaque data.
1161 : * @param[in] data_in A pointer to the multi element opaque data.
1162 : * @param[in] element_id Element id.
1163 : * @param[in] sm_data_id ID for the Secured Message data type.
1164 : * @param[out] get_element_ptr Pointer to store found element.
1165 : *
1166 : * @retval true Get element successfully
1167 : * @retval false Get element failed
1168 : **/
1169 : bool libspdm_get_element_from_opaque_data(libspdm_context_t *spdm_context,
1170 : size_t data_in_size, const void *data_in,
1171 : uint8_t element_id, uint8_t sm_data_id,
1172 : const void **get_element_ptr, size_t *get_element_len);
1173 :
1174 : /**
1175 : * Process general opaque data check
1176 : *
1177 : * @param data_in_size size in bytes of the data_in.
1178 : * @param data_in A pointer to the buffer to store the opaque data version selection.
1179 : *
1180 : * @retval true check opaque data successfully
1181 : * @retval false check opaque data failed
1182 : **/
1183 : bool libspdm_process_general_opaque_data_check(libspdm_context_t *spdm_context,
1184 : size_t data_in_size,
1185 : const void *data_in);
1186 :
1187 : /**
1188 : * Return the size in bytes of opaque data supported version.
1189 : *
1190 : * This function should be called in libspdm_process_opaque_data_supported_version_data.
1191 : *
1192 : * @param version_count Secure version count.
1193 : *
1194 : * @return The size in bytes of opaque data supported version.
1195 : **/
1196 : size_t libspdm_get_untrusted_opaque_data_supported_version_data_size(
1197 : libspdm_context_t *spdm_context, uint8_t version_count);
1198 :
1199 : /**
1200 : * Return the size in bytes of opaque data supported version.
1201 : *
1202 : * This function should be called in KEY_EXCHANGE/PSK_EXCHANGE request generation.
1203 : *
1204 : * @return the size in bytes of opaque data supported version.
1205 : **/
1206 : size_t libspdm_get_opaque_data_supported_version_data_size(libspdm_context_t *spdm_context);
1207 :
1208 : /**
1209 : * Return the size in bytes of opaque data version selection.
1210 : *
1211 : * This function should be called in KEY_EXCHANGE/PSK_EXCHANGE response generation.
1212 : *
1213 : * @return the size in bytes of opaque data version selection.
1214 : **/
1215 : size_t libspdm_get_opaque_data_version_selection_data_size(const libspdm_context_t *spdm_context);
1216 :
1217 : /**
1218 : * Return the SPDMversion field of the version number struct.
1219 : *
1220 : * @param ver Spdm version number struct.
1221 : *
1222 : * @return the SPDMversion of the version number struct.
1223 : **/
1224 : uint8_t libspdm_get_version_from_version_number(const spdm_version_number_t ver);
1225 :
1226 : /**
1227 : * Sort SPDMversion in descending order.
1228 : *
1229 : * @param spdm_context A pointer to the SPDM context.
1230 : * @param ver_set A pointer to the version set.
1231 : * @param ver_num Version number.
1232 : */
1233 : void libspdm_version_number_sort(spdm_version_number_t *ver_set, size_t ver_num);
1234 :
1235 : /**
1236 : * Negotiate SPDMversion for connection.
1237 : * ver_set is the local version set of requester, res_ver_set is the version set of responder.
1238 : *
1239 : * @param common_version A pointer to store the common version.
1240 : * @param req_ver_set A pointer to the requester version set.
1241 : * @param req_ver_num Version number of requester.
1242 : * @param res_ver_set A pointer to the responder version set.
1243 : * @param res_ver_num Version number of responder.
1244 : *
1245 : * @retval true Negotiation successfully, connect version be saved to common_version.
1246 : * @retval false Negotiation failed.
1247 : */
1248 : bool libspdm_negotiate_connection_version(spdm_version_number_t *common_version,
1249 : spdm_version_number_t *req_ver_set,
1250 : size_t req_ver_num,
1251 : const spdm_version_number_t *res_ver_set,
1252 : size_t res_ver_num);
1253 :
1254 : /**
1255 : * Acquire a device sender buffer for transport layer message.
1256 : *
1257 : * @param context A pointer to the SPDM context.
1258 : * @param max_msg_size size in bytes of the maximum size of sender buffer.
1259 : * @param msg_buf_ptr A pointer to a sender buffer.
1260 : *
1261 : * @retval RETURN_SUCCESS The sender buffer is acquired.
1262 : **/
1263 : libspdm_return_t libspdm_acquire_sender_buffer (
1264 : libspdm_context_t *spdm_context, size_t *max_msg_size, void **msg_buf_ptr);
1265 :
1266 : /**
1267 : * Release a device sender buffer for transport layer message.
1268 : *
1269 : * @param context A pointer to the SPDM context.
1270 : *
1271 : * @retval RETURN_SUCCESS The sender buffer is Released.
1272 : **/
1273 : void libspdm_release_sender_buffer (libspdm_context_t *spdm_context);
1274 :
1275 : /**
1276 : * Get the sender buffer.
1277 : *
1278 : * @param context A pointer to the SPDM context.
1279 : * @param sender_buffer Buffer address of the sender buffer.
1280 : * @param sender_buffer_size Size of the sender buffer.
1281 : *
1282 : **/
1283 : void libspdm_get_sender_buffer (
1284 : libspdm_context_t *spdm_context,
1285 : void **sender_buffer,
1286 : size_t *sender_buffer_size);
1287 :
1288 : /**
1289 : * Acquire a device receiver buffer for transport layer message.
1290 : *
1291 : * @param context A pointer to the SPDM context.
1292 : * @param max_msg_size size in bytes of the maximum size of receiver buffer.
1293 : * @param msg_buf_pt A pointer to a receiver buffer.
1294 : *
1295 : * @retval RETURN_SUCCESS The receiver buffer is acquired.
1296 : **/
1297 : libspdm_return_t libspdm_acquire_receiver_buffer (
1298 : libspdm_context_t *spdm_context, size_t *max_msg_size, void **msg_buf_ptr);
1299 :
1300 : /**
1301 : * Release a device receiver buffer for transport layer message.
1302 : *
1303 : * @param context A pointer to the SPDM context.
1304 : *
1305 : * @retval RETURN_SUCCESS The receiver buffer is Released.
1306 : **/
1307 : void libspdm_release_receiver_buffer (libspdm_context_t *spdm_context);
1308 :
1309 : /**
1310 : * Get the receiver buffer.
1311 : *
1312 : * @param context A pointer to the SPDM context.
1313 : * @param receiver_buffer Buffer address of the receiver buffer.
1314 : * @param receiver_buffer_size Size of the receiver buffer.
1315 : *
1316 : **/
1317 : void libspdm_get_receiver_buffer (
1318 : libspdm_context_t *spdm_context,
1319 : void **receiver_buffer,
1320 : size_t *receiver_buffer_size);
1321 :
1322 : /**
1323 : * Get the certificate slot mask
1324 : *
1325 : * @param[in] context A pointer to the SPDM context.
1326 : *
1327 : * @retval slot_mask get slot mask
1328 : **/
1329 : uint8_t libspdm_get_cert_slot_mask (libspdm_context_t *spdm_context);
1330 :
1331 : /**
1332 : * Get the certificate slot count
1333 : *
1334 : * @param[in] context A pointer to the SPDM context.
1335 : *
1336 : * @retval slot_count get slot count
1337 : **/
1338 : uint8_t libspdm_get_cert_slot_count(libspdm_context_t *spdm_context);
1339 :
1340 : #if LIBSPDM_ENABLE_MSG_LOG
1341 : void libspdm_append_msg_log(libspdm_context_t *spdm_context, void *message, size_t message_size);
1342 : #endif
1343 :
1344 : /**
1345 : * Reset message A cache in SPDM context.
1346 : *
1347 : * @param spdm_context A pointer to the SPDM context.
1348 : **/
1349 : void libspdm_reset_message_a(libspdm_context_t *spdm_context);
1350 :
1351 : /**
1352 : * Reset message D cache in SPDM context.
1353 : *
1354 : * @param spdm_context A pointer to the SPDM context.
1355 : * @param spdm_session_info A pointer to the SPDM session context.
1356 : **/
1357 : void libspdm_reset_message_d(libspdm_context_t *spdm_context);
1358 :
1359 : /**
1360 : * Reset message B cache in SPDM context.
1361 : *
1362 : * @param spdm_context A pointer to the SPDM context.
1363 : **/
1364 : void libspdm_reset_message_b(libspdm_context_t *spdm_context);
1365 :
1366 : /**
1367 : * Reset message C cache in SPDM context.
1368 : *
1369 : * @param spdm_context A pointer to the SPDM context.
1370 : **/
1371 : void libspdm_reset_message_c(libspdm_context_t *spdm_context);
1372 :
1373 : /**
1374 : * Reset message MutB cache in SPDM context.
1375 : *
1376 : * @param spdm_context A pointer to the SPDM context.
1377 : **/
1378 : void libspdm_reset_message_mut_b(libspdm_context_t *spdm_context);
1379 :
1380 : /**
1381 : * Reset message MutC cache in SPDM context.
1382 : *
1383 : * @param spdm_context A pointer to the SPDM context.
1384 : **/
1385 : void libspdm_reset_message_mut_c(libspdm_context_t *spdm_context);
1386 :
1387 : /**
1388 : * Reset message M cache in SPDM context.
1389 : * If session_info is NULL, this function will use M cache of SPDM context,
1390 : * else will use M cache of SPDM session context.
1391 : *
1392 : * @param spdm_context A pointer to the SPDM context.
1393 : * @param session_info A pointer to the SPDM session context.
1394 : **/
1395 : void libspdm_reset_message_m(libspdm_context_t *spdm_context, void *session_info);
1396 :
1397 : /**
1398 : * Reset message K cache in SPDM context.
1399 : *
1400 : * @param spdm_context A pointer to the SPDM context.
1401 : * @param spdm_session_info A pointer to the SPDM session context.
1402 : **/
1403 : void libspdm_reset_message_k(libspdm_context_t *spdm_context, void *spdm_session_info);
1404 :
1405 : /**
1406 : * Reset message EncapD cache in SPDM context.
1407 : *
1408 : * @param spdm_context A pointer to the SPDM context.
1409 : * @param spdm_session_info A pointer to the SPDM session context.
1410 : **/
1411 : void libspdm_reset_message_encap_d(libspdm_context_t *spdm_context, void *spdm_session_info);
1412 :
1413 : /**
1414 : * Reset message F cache in SPDM context.
1415 : *
1416 : * @param spdm_context A pointer to the SPDM context.
1417 : * @param spdm_session_info A pointer to the SPDM session context.
1418 : **/
1419 : void libspdm_reset_message_f(libspdm_context_t *spdm_context, void *spdm_session_info);
1420 :
1421 : /**
1422 : * Reset message E cache in SPDM context.
1423 : * If session_info is NULL, this function will use E cache of SPDM context,
1424 : * else will use E cache of SPDM session context.
1425 : *
1426 : * @param spdm_context A pointer to the SPDM context.
1427 : * @param spdm_session_info A pointer to the SPDM session context.
1428 : **/
1429 : void libspdm_reset_message_e(libspdm_context_t *spdm_context, void *session_info);
1430 :
1431 : /**
1432 : * Reset message encap E cache in SPDM context.
1433 : * If session_info is NULL, this function will use encap E cache of SPDM context,
1434 : * else will use encap E cache of SPDM session context.
1435 : *
1436 : * @param spdm_context A pointer to the SPDM context.
1437 : * @param spdm_session_info A pointer to the SPDM session context.
1438 : **/
1439 : void libspdm_reset_message_encap_e(libspdm_context_t *spdm_context, void *session_info);
1440 :
1441 : /**
1442 : * Append message A cache in SPDM context.
1443 : *
1444 : * @param spdm_context A pointer to the SPDM context.
1445 : * @param message Message buffer.
1446 : * @param message_size Size in bytes of message buffer.
1447 : *
1448 : * @return RETURN_SUCCESS message is appended.
1449 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1450 : **/
1451 : libspdm_return_t libspdm_append_message_a(libspdm_context_t *spdm_context, const void *message,
1452 : size_t message_size);
1453 :
1454 : /**
1455 : * Append message D cache in SPDM context.
1456 : *
1457 : * @param spdm_context A pointer to the SPDM context.
1458 : * @param message Message buffer.
1459 : * @param message_size Size in bytes of message buffer.
1460 : *
1461 : * @return RETURN_SUCCESS message is appended.
1462 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1463 : **/
1464 : libspdm_return_t libspdm_append_message_d(libspdm_context_t *spdm_context, const void *message,
1465 : size_t message_size);
1466 :
1467 : /**
1468 : * Append message B cache in SPDM context.
1469 : *
1470 : * @param spdm_context A pointer to the SPDM context.
1471 : * @param message Message buffer.
1472 : * @param message_size Size in bytes of message buffer.
1473 : *
1474 : * @return RETURN_SUCCESS message is appended.
1475 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1476 : **/
1477 : libspdm_return_t libspdm_append_message_b(libspdm_context_t *spdm_context, const void *message,
1478 : size_t message_size);
1479 :
1480 : /**
1481 : * Append message C cache in SPDM context.
1482 : *
1483 : * @param spdm_context A pointer to the SPDM context.
1484 : * @param message Message buffer.
1485 : * @param message_size Size in bytes of message buffer.
1486 : *
1487 : * @return RETURN_SUCCESS message is appended.
1488 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1489 : **/
1490 : libspdm_return_t libspdm_append_message_c(libspdm_context_t *spdm_context, const void *message,
1491 : size_t message_size);
1492 :
1493 : /**
1494 : * Append message MutB cache in SPDM context.
1495 : *
1496 : * @param spdm_context A pointer to the SPDM context.
1497 : * @param message Message buffer.
1498 : * @param message_size Size in bytes of message buffer.
1499 : *
1500 : * @return RETURN_SUCCESS message is appended.
1501 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1502 : **/
1503 : libspdm_return_t libspdm_append_message_mut_b(libspdm_context_t *spdm_context, const void *message,
1504 : size_t message_size);
1505 :
1506 : /**
1507 : * Append message MutC cache in SPDM context.
1508 : *
1509 : * @param spdm_context A pointer to the SPDM context.
1510 : * @param message Message buffer.
1511 : * @param message_size Size in bytes of message buffer.
1512 : *
1513 : * @return RETURN_SUCCESS message is appended.
1514 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1515 : **/
1516 : libspdm_return_t libspdm_append_message_mut_c(libspdm_context_t *spdm_context, const void *message,
1517 : size_t message_size);
1518 :
1519 : /**
1520 : * Append message M cache in SPDM context.
1521 : * If session_info is NULL, this function will use M cache of SPDM context,
1522 : * else will use M cache of SPDM session context.
1523 : *
1524 : * @param spdm_context A pointer to the SPDM context.
1525 : * @param session_info A pointer to the SPDM session context.
1526 : * @param message Message buffer.
1527 : * @param message_size Size in bytes of message buffer.
1528 : *
1529 : * @return RETURN_SUCCESS message is appended.
1530 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1531 : **/
1532 : libspdm_return_t libspdm_append_message_m(libspdm_context_t *spdm_context,
1533 : void *session_info,
1534 : const void *message, size_t message_size);
1535 :
1536 : /**
1537 : * Append message K cache in SPDM context.
1538 : *
1539 : * @param spdm_context A pointer to the SPDM context.
1540 : * @param spdm_session_info A pointer to the SPDM session context.
1541 : * @param is_requester Indicate of the key generation for a requester or a responder.
1542 : * @param message Message buffer.
1543 : * @param message_size Size in bytes of message buffer.
1544 : *
1545 : * @return RETURN_SUCCESS message is appended.
1546 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1547 : **/
1548 : libspdm_return_t libspdm_append_message_k(libspdm_context_t *spdm_context,
1549 : void *spdm_session_info,
1550 : bool is_requester, const void *message,
1551 : size_t message_size);
1552 :
1553 : /**
1554 : * Append message EncapD cache in SPDM context.
1555 : *
1556 : * @param spdm_context A pointer to the SPDM context.
1557 : * @param spdm_session_info A pointer to the SPDM session context.
1558 : * @param is_requester Indicate of the key generation for a requester or a responder.
1559 : * @param message Message buffer.
1560 : * @param message_size Size in bytes of message buffer.
1561 : *
1562 : * @return RETURN_SUCCESS message is appended.
1563 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1564 : **/
1565 : libspdm_return_t libspdm_append_message_encap_d(libspdm_context_t *spdm_context,
1566 : void *spdm_session_info,
1567 : bool is_requester, const void *message,
1568 : size_t message_size);
1569 :
1570 : /**
1571 : * Append message F cache in SPDM context.
1572 : *
1573 : * @param spdm_context A pointer to the SPDM context.
1574 : * @param spdm_session_info A pointer to the SPDM session context.
1575 : * @param is_requester Indicate of the key generation for a requester or a responder.
1576 : * @param message Message buffer.
1577 : * @param message_size Size in bytes of message buffer.
1578 : *
1579 : * @return RETURN_SUCCESS message is appended.
1580 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1581 : **/
1582 : libspdm_return_t libspdm_append_message_f(libspdm_context_t *spdm_context,
1583 : void *spdm_session_info,
1584 : bool is_requester, const void *message,
1585 : size_t message_size);
1586 :
1587 : /**
1588 : * Append message E cache in SPDM context.
1589 : * If session_info is NULL, this function will use E cache of SPDM context,
1590 : * else will use E cache of SPDM session context.
1591 : *
1592 : * @param spdm_context A pointer to the SPDM context.
1593 : * @param session_info A pointer to the SPDM session context.
1594 : * @param message message buffer.
1595 : * @param message_size size in bytes of message buffer.
1596 : *
1597 : * @return RETURN_SUCCESS message is appended.
1598 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1599 : **/
1600 : libspdm_return_t libspdm_append_message_e(libspdm_context_t *spdm_context, void *session_info,
1601 : const void *message, size_t message_size);
1602 :
1603 : /**
1604 : * Append message encap E cache in SPDM context.
1605 : * If session_info is NULL, this function will use encap E cache of SPDM context,
1606 : * else will use encap E cache of SPDM session context.
1607 : *
1608 : * @param spdm_context A pointer to the SPDM context.
1609 : * @param session_info A pointer to the SPDM session context.
1610 : * @param message message buffer.
1611 : * @param message_size size in bytes of message buffer.
1612 : *
1613 : * @return RETURN_SUCCESS message is appended.
1614 : * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
1615 : **/
1616 : libspdm_return_t libspdm_append_message_encap_e(libspdm_context_t *spdm_context, void *session_info,
1617 : const void *message, size_t message_size);
1618 :
1619 : /**
1620 : * This function generates a session ID by concatenating req_session_id and rsp_session_id.
1621 : *
1622 : * @param[in] req_session_id
1623 : * @param[in] rsp_session_id
1624 : *
1625 : * @return Session ID.
1626 : **/
1627 : uint32_t libspdm_generate_session_id(uint16_t req_session_id, uint16_t rsp_session_id);
1628 :
1629 : /**
1630 : * This function assigns a new session ID.
1631 : *
1632 : * @param spdm_context A pointer to the SPDM context.
1633 : * @param session_id The SPDM session ID.
1634 : *
1635 : * @return session info associated with this new session ID.
1636 : **/
1637 : libspdm_session_info_t *libspdm_assign_session_id(libspdm_context_t *spdm_context,
1638 : uint32_t session_id,
1639 : spdm_version_number_t secured_message_version,
1640 : bool use_psk);
1641 :
1642 : /**
1643 : * This function frees a session ID.
1644 : *
1645 : * @param spdm_context A pointer to the SPDM context.
1646 : * @param session_id The SPDM session ID.
1647 : **/
1648 : void libspdm_free_session_id(libspdm_context_t *spdm_context, uint32_t session_id);
1649 :
1650 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1651 : /*
1652 : * This function calculates current TH data with message A and message K.
1653 : *
1654 : * @param spdm_context A pointer to the SPDM context.
1655 : * @param session_info The SPDM session ID.
1656 : * @param cert_chain_buffer Certificate chain buffer with spdm_cert_chain_t header.
1657 : * @param cert_chain_buffer_size Size in bytes of the certificate chain buffer.
1658 : * @param th_data_buffer_size Size in bytes of the th_data_buffer
1659 : * @param th_data_buffer The buffer to store the th_data_buffer
1660 : *
1661 : * @retval RETURN_SUCCESS current TH data is calculated.
1662 : */
1663 : bool libspdm_calculate_th_for_exchange(
1664 : libspdm_context_t *spdm_context, void *spdm_session_info,
1665 : const uint8_t *cert_chain_buffer, size_t cert_chain_buffer_size,
1666 : libspdm_th_managed_buffer_t *th_curr);
1667 : #else
1668 : /*
1669 : * This function calculates current TH hash with message A and message K.
1670 : *
1671 : * @param spdm_context A pointer to the SPDM context.
1672 : * @param session_info The SPDM session ID.
1673 : * @param th_hash_buffer_size Size in bytes of the th_hash_buffer
1674 : * @param th_hash_buffer The buffer to store the th_hash_buffer
1675 : *
1676 : * @retval RETURN_SUCCESS current TH hash is calculated.
1677 : */
1678 : bool libspdm_calculate_th_hash_for_exchange(
1679 : libspdm_context_t *spdm_context, void *spdm_session_info,
1680 : size_t *th_hash_buffer_size, void *th_hash_buffer);
1681 :
1682 : /*
1683 : * This function calculates current TH hmac with message A and message K, with response finished_key.
1684 : *
1685 : * @param spdm_context A pointer to the SPDM context.
1686 : * @param session_info The SPDM session ID.
1687 : * @param th_hmac_buffer_size Size in bytes of the th_hmac_buffer
1688 : * @param th_hmac_buffer The buffer to store the th_hmac_buffer
1689 : *
1690 : * @retval RETURN_SUCCESS current TH hmac is calculated.
1691 : */
1692 : bool libspdm_calculate_th_hmac_for_exchange_rsp(
1693 : libspdm_context_t *spdm_context, void *spdm_session_info,
1694 : size_t *th_hmac_buffer_size, void *th_hmac_buffer);
1695 : #endif
1696 :
1697 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1698 : /*
1699 : * This function calculates current TH data with message A, message K and message F.
1700 : *
1701 : * @param spdm_context A pointer to the SPDM context.
1702 : * @param session_info The SPDM session ID.
1703 : * @param cert_chain_buffer Certificate chain buffer with spdm_cert_chain_t header.
1704 : * @param cert_chain_buffer_size Size in bytes of the certificate chain buffer.
1705 : * @param mut_cert_chain_buffer Certificate chain buffer with spdm_cert_chain_t header in mutual authentication.
1706 : * @param mut_cert_chain_buffer_size Size in bytes of the certificate chain buffer in mutual authentication.
1707 : * @param th_data_buffer_size Size in bytes of the th_data_buffer.
1708 : * @param th_data_buffer The buffer to store the th_data_buffer
1709 : *
1710 : * @retval RETURN_SUCCESS current TH data is calculated.
1711 : */
1712 : bool libspdm_calculate_th_for_finish(libspdm_context_t *spdm_context,
1713 : void *spdm_session_info,
1714 : const uint8_t *cert_chain_buffer,
1715 : size_t cert_chain_buffer_size,
1716 : const uint8_t *mut_cert_chain_buffer,
1717 : size_t mut_cert_chain_buffer_size,
1718 : libspdm_th_managed_buffer_t *th_curr);
1719 : #else
1720 : /*
1721 : * This function calculates current TH hash with message A, message K and message F.
1722 : *
1723 : * @param spdm_context A pointer to the SPDM context.
1724 : * @param session_info The SPDM session ID.
1725 : * @param th_hash_buffer_size Size in bytes of the th_hash_buffer
1726 : * @param th_hash_buffer The buffer to store the th_hash_buffer
1727 : *
1728 : * @retval RETURN_SUCCESS current TH hash is calculated.
1729 : */
1730 : bool libspdm_calculate_th_hash_for_finish(libspdm_context_t *spdm_context,
1731 : void *spdm_session_info,
1732 : size_t *th_hash_buffer_size,
1733 : void *th_hash_buffer);
1734 :
1735 : /*
1736 : * This function calculates current TH hmac with message A, message K and message F, with response finished_key.
1737 : *
1738 : * @param spdm_context A pointer to the SPDM context.
1739 : * @param session_info The SPDM session ID.
1740 : * @param th_hmac_buffer_size Size in bytes of the th_hmac_buffer
1741 : * @param th_hmac_buffer The buffer to store the th_hmac_buffer
1742 : *
1743 : * @retval RETURN_SUCCESS current TH hmac is calculated.
1744 : */
1745 : bool libspdm_calculate_th_hmac_for_finish_rsp(libspdm_context_t *spdm_context,
1746 : void *spdm_session_info,
1747 : size_t *th_hmac_buffer_size,
1748 : void *th_hmac_buffer);
1749 :
1750 : /*
1751 : * This function calculates current TH hmac with message A, message K and message F, with request finished_key.
1752 : *
1753 : * @param spdm_context A pointer to the SPDM context.
1754 : * @param session_info The SPDM session ID.
1755 : * @param th_hmac_buffer_size Size in bytes of the th_hmac_buffer
1756 : * @param th_hmac_buffer The buffer to store the th_hmac_buffer
1757 : *
1758 : * @retval RETURN_SUCCESS current TH hmac is calculated.
1759 : */
1760 : bool libspdm_calculate_th_hmac_for_finish_req(libspdm_context_t *spdm_context,
1761 : void *spdm_session_info,
1762 : size_t *th_hmac_buffer_size,
1763 : void *th_hmac_buffer);
1764 : #endif
1765 :
1766 : /*
1767 : * This function calculates th1 hash.
1768 : *
1769 : * @param spdm_context A pointer to the SPDM context.
1770 : * @param session_info The SPDM session ID.
1771 : * @param is_requester Indicate of the key generation for a requester or a responder.
1772 : * @param th1_hash_data Th1 hash.
1773 : *
1774 : * @retval RETURN_SUCCESS th1 hash is calculated.
1775 : */
1776 : bool libspdm_calculate_th1_hash(libspdm_context_t *spdm_context,
1777 : void *spdm_session_info,
1778 : bool is_requester,
1779 : uint8_t *th1_hash_data);
1780 :
1781 : /*
1782 : * This function calculates th2 hash.
1783 : *
1784 : * @param spdm_context A pointer to the SPDM context.
1785 : * @param session_info The SPDM session ID.
1786 : * @param is_requester Indicate of the key generation for a requester or a responder.
1787 : * @param th1_hash_data Th2 hash
1788 : *
1789 : * @retval RETURN_SUCCESS th2 hash is calculated.
1790 : */
1791 : bool libspdm_calculate_th2_hash(libspdm_context_t *spdm_context,
1792 : void *spdm_session_info,
1793 : bool is_requester,
1794 : uint8_t *th2_hash_data);
1795 :
1796 : /**
1797 : * Reads a 24-bit value from memory that may be unaligned.
1798 : *
1799 : * @param buffer The pointer to a 24-bit value that may be unaligned.
1800 : *
1801 : * @return The 24-bit value read from buffer.
1802 : **/
1803 : uint32_t libspdm_read_uint24(const uint8_t *buffer);
1804 :
1805 : /**
1806 : * Writes a 24-bit value to memory that may be unaligned.
1807 : *
1808 : * @param buffer The pointer to a 24-bit value that may be unaligned.
1809 : * @param value 24-bit value to write to buffer.
1810 : **/
1811 : void libspdm_write_uint24(uint8_t *buffer, uint32_t value);
1812 :
1813 : /**
1814 : * Reads a 16-bit value from memory that may be unaligned.
1815 : *
1816 : * @param buffer The pointer to a 16-bit value that may be unaligned.
1817 : *
1818 : * @return The 16-bit value read from buffer.
1819 : **/
1820 : uint16_t libspdm_read_uint16(const uint8_t *buffer);
1821 :
1822 : /**
1823 : * Writes a 16-bit value to memory that may be unaligned.
1824 : *
1825 : * @param buffer The pointer to a 16-bit value that may be unaligned.
1826 : * @param value 16-bit value to write to buffer.
1827 : **/
1828 : void libspdm_write_uint16(uint8_t *buffer, uint16_t value);
1829 :
1830 : /**
1831 : * Reads a 32-bit value from memory that may be unaligned.
1832 : *
1833 : * @param buffer The pointer to a 32-bit value that may be unaligned.
1834 : *
1835 : * @return The 32-bit value read from buffer.
1836 : **/
1837 : uint32_t libspdm_read_uint32(const uint8_t *buffer);
1838 :
1839 : /**
1840 : * Writes a 32-bit value to memory that may be unaligned.
1841 : *
1842 : * @param buffer The pointer to a 32-bit value that may be unaligned.
1843 : * @param value 32-bit value to write to buffer.
1844 : **/
1845 : void libspdm_write_uint32(uint8_t *buffer, uint32_t value);
1846 :
1847 : /**
1848 : * Reads a 64-bit value from memory that may be unaligned.
1849 : *
1850 : * @param buffer The pointer to a 64-bit value that may be unaligned.
1851 : *
1852 : * @return The 64-bit value read from buffer.
1853 : **/
1854 : uint64_t libspdm_read_uint64(const uint8_t *buffer);
1855 :
1856 : /**
1857 : * Writes a 64-bit value to memory that may be unaligned.
1858 : *
1859 : * @param buffer The pointer to a 64-bit value that may be unaligned.
1860 : * @param value 64-bit value to write to buffer.
1861 : **/
1862 : void libspdm_write_uint64(uint8_t *buffer, uint64_t value);
1863 :
1864 : /**
1865 : * Determine if bitmask has at most one bit set.
1866 : *
1867 : * @param mask The bitmask to be tested.
1868 : *
1869 : * @return true At most one bit is set.
1870 : * @return false More than one bit is set.
1871 : */
1872 402 : static inline bool libspdm_onehot0(uint32_t mask)
1873 : {
1874 402 : return !mask || !(mask & (mask - 1));
1875 : }
1876 :
1877 1 : static inline uint64_t libspdm_byte_swap_64(uint64_t value)
1878 : {
1879 1 : return (((value & 0x00000000000000ff) << 56) |
1880 1 : ((value & 0x000000000000ff00) << 40) |
1881 1 : ((value & 0x0000000000ff0000) << 24) |
1882 1 : ((value & 0x00000000ff000000) << 8) |
1883 1 : ((value & 0x000000ff00000000) >> 8) |
1884 1 : ((value & 0x0000ff0000000000) >> 24) |
1885 2 : ((value & 0x00ff000000000000) >> 40) |
1886 1 : ((value & 0xff00000000000000) >> 56));
1887 : }
1888 :
1889 : static inline uint32_t libspdm_byte_swap_32(uint32_t value)
1890 : {
1891 : return ((value & 0x000000FF) << 24) |
1892 : ((value & 0x0000FF00) << 8) |
1893 : ((value & 0x00FF0000) >> 8) |
1894 : ((value & 0xFF000000) >> 24);
1895 : }
1896 :
1897 : static inline uint16_t libspdm_byte_swap_16(uint16_t value)
1898 : {
1899 : return ((value & 0x00FF) << 8) |
1900 : ((value & 0xFF00) >> 8);
1901 : }
1902 :
1903 : /**
1904 : * Return capability flags that are masked by the negotiated SPDM version.
1905 : *
1906 : * @param spdm_context A pointer to the SPDM context.
1907 : * @param is_request_flags If true then flags are from a request message or Requester.
1908 : * If false then flags are from a response message or Responder.
1909 : * @param flags A bitmask of capability flags.
1910 : *
1911 : * @return The masked capability flags.
1912 : */
1913 : uint32_t libspdm_mask_capability_flags(libspdm_context_t *spdm_context,
1914 : bool is_request_flags, uint32_t flags);
1915 :
1916 : /**
1917 : * Return capability extended flags that are masked by the negotiated SPDM version.
1918 : *
1919 : * @param spdm_context A pointer to the SPDM context.
1920 : * @param is_request_flags If true then flags are from a request message or Requester.
1921 : * If false then flags are from a response message or Responder.
1922 : * @param ext_flags A bitmask of capability extended flags.
1923 : *
1924 : * @return The masked capability extended flags.
1925 : */
1926 : uint16_t libspdm_mask_capability_ext_flags(libspdm_context_t *spdm_context,
1927 : bool is_request_flags, uint16_t ext_flags);
1928 :
1929 : /**
1930 : * Return BaseHashAlgo that is masked by the negotiated SPDM version.
1931 : *
1932 : * @param spdm_context A pointer to the SPDM context.
1933 : * @param base_hash_algo Unmasked BaseHashAlgo.
1934 : *
1935 : * @return The masked BaseHashAlgo.
1936 : */
1937 : uint32_t libspdm_mask_base_hash_algo(libspdm_context_t *spdm_context, uint32_t base_hash_algo);
1938 :
1939 : /**
1940 : * Return MeasurementHashAlgo that is masked by the negotiated SPDM version.
1941 : *
1942 : * @param spdm_context A pointer to the SPDM context.
1943 : * @param measurement_hash_algo Unmasked MeasurementHashAlgo.
1944 : *
1945 : * @return The masked MeasurementHashAlgo.
1946 : */
1947 : uint32_t libspdm_mask_measurement_hash_algo(libspdm_context_t *spdm_context,
1948 : uint32_t measurement_hash_algo);
1949 :
1950 : /**
1951 : * Return MeasurementSpecification that is masked by the negotiated SPDM version.
1952 : *
1953 : * @param spdm_context A pointer to the SPDM context.
1954 : * @param measurement_specification Unmasked MeasurementSpecification.
1955 : *
1956 : * @return The masked MeasurementSpecification.
1957 : */
1958 : uint8_t libspdm_mask_measurement_specification(libspdm_context_t *spdm_context,
1959 : uint8_t measurement_specification);
1960 :
1961 : /**
1962 : * Return MELspecification that is masked by the negotiated SPDM version.
1963 : *
1964 : * @param spdm_context A pointer to the SPDM context.
1965 : * @param mel_specification Unmasked MELspecification.
1966 : *
1967 : * @return The masked MELspecification.
1968 : */
1969 : uint8_t libspdm_mask_mel_specification(libspdm_context_t *spdm_context, uint8_t mel_specification);
1970 :
1971 : /**
1972 : * Return BaseAsymAlgo that is masked by the negotiated SPDM version.
1973 : *
1974 : * @param spdm_context A pointer to the SPDM context.
1975 : * @param base_asym_algo Unmasked BaseAsymAlgo.
1976 : *
1977 : * @return The masked BaseAsymAlgo.
1978 : */
1979 : uint32_t libspdm_mask_base_asym_algo(libspdm_context_t *spdm_context, uint32_t base_asym_algo);
1980 :
1981 : /**
1982 : * Check if the combination of SVH ID and VendorIDLen are legal.
1983 : *
1984 : * @param id Registry or standards body identifier (SPDM_REGISTRY_ID_*).
1985 : * Its size is two bytes due to the vendor-defined messages.
1986 : * @param vendor_id_len Length, in bytes, of the VendorID field.
1987 : * @retval true The ID and VendorIDLen are legal.
1988 : * @retval false The ID and VendorIDLen are illegal.
1989 : */
1990 : bool libspdm_validate_svh_vendor_id_len(uint16_t id, uint8_t vendor_id_len);
1991 :
1992 : /**
1993 : * Map slot ID to key pair ID.
1994 : *
1995 : * @param spdm_context A pointer to the SPDM context.
1996 : * @param slot_id The slot ID.
1997 : * @param is_requester Indicate of the key generation for a requester or a responder.
1998 : *
1999 : * @return key pair ID.
2000 : */
2001 : uint8_t libspdm_slot_id_to_key_pair_id (
2002 : void *spdm_context,
2003 : uint8_t slot_id,
2004 : bool is_requester);
2005 :
2006 : #if LIBSPDM_EVENT_RECIPIENT_SUPPORT
2007 : /**
2008 : * Check if the combination of DMTF EventTypeId and EventDetailLen is legal in a SEND_EVENT message.
2009 : *
2010 : * @param event_type_id Value of the DMTF EventTypeId.
2011 : * @param event_detail_len Size, in bytes, of EventDetail.
2012 : *
2013 : * @retval true The EventTypeId and EventDetailLen are legal.
2014 : * @retval false The EventTypeId and EventDetailLen are illegal.
2015 : */
2016 : bool libspdm_validate_dmtf_event_type(uint16_t event_type_id, uint16_t event_detail_len);
2017 :
2018 : /**
2019 : * Given a list of events, finds the event identified by the target EventInstanceID.
2020 : *
2021 : * @param events_list_start Pointer to list of events.
2022 : * @param event_count Number of events in the list.
2023 : * @param target_event_instance_id EventInstanceID to be found.
2024 : *
2025 : * @retval NULL Could not find the EventInstanceID.
2026 : * @retval non-NULL Pointer to the event corresponding to the target EventInstanceID
2027 : */
2028 : const void *libspdm_find_event_instance_id(const void *events_list_start, uint32_t event_count,
2029 : uint32_t target_event_instance_id);
2030 : /**
2031 : * Parses and sends an event to the Integrator. This function shall not be called if the Integrator
2032 : * has not registered an event handler via libspdm_register_event_callback.
2033 : *
2034 : * @param context A pointer to the SPDM context.
2035 : * @param session_id Secure session identifier.
2036 : * @param event_data A pointer to the event do be parsed and sent to Integrator.
2037 : * @param next_event_data On output, returns a pointer to the next event in event_data.
2038 : *
2039 : * @retval true The event was successfully parsed and sent to the Integrator.
2040 : * @retval false Unable to parse the event or the Integrator returned an error for the event.
2041 : */
2042 : bool libspdm_parse_and_send_event(libspdm_context_t *context, uint32_t session_id,
2043 : const void *event_data, const void **next_event_data);
2044 : #endif /* LIBSPDM_EVENT_RECIPIENT_SUPPORT */
2045 :
2046 : /**
2047 : * Given a buffer that spans from ptr to end_ptr, check if ptr + increment is within the buffer.
2048 : *
2049 : * @retval true There is enough space in the buffer.
2050 : * @retval false There is not enough space in the buffer.
2051 : */
2052 : bool libspdm_check_for_space(const uint8_t *ptr, const uint8_t *end_ptr, size_t increment);
2053 :
2054 : #endif /* SPDM_COMMON_LIB_INTERNAL_H */
|
