Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2026 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_common_lib.h"
8 :
9 53 : uint8_t libspdm_slot_id_to_key_pair_id (
10 : void *spdm_context,
11 : uint8_t slot_id,
12 : bool is_requester)
13 : {
14 : libspdm_context_t *context;
15 :
16 53 : context = spdm_context;
17 53 : if (slot_id == 0xFF || slot_id == 0xF) {
18 6 : return 0;
19 : }
20 47 : if (is_requester) {
21 11 : if (!context->connection_info.multi_key_conn_req) {
22 11 : return 0;
23 : }
24 : } else {
25 36 : if (!context->connection_info.multi_key_conn_rsp) {
26 35 : return 0;
27 : }
28 : }
29 1 : LIBSPDM_ASSERT(slot_id < SPDM_MAX_SLOT_COUNT);
30 1 : return context->local_context.local_key_pair_id[slot_id];
31 : }
32 :
33 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
34 : void libspdm_get_peer_cert_chain_buffer(void *spdm_context,
35 : uint8_t slot_id,
36 : const void **cert_chain_buffer,
37 : size_t *cert_chain_buffer_size)
38 : {
39 :
40 : libspdm_context_t *context;
41 :
42 : context = spdm_context;
43 :
44 : LIBSPDM_ASSERT(slot_id < SPDM_MAX_SLOT_COUNT);
45 :
46 : *cert_chain_buffer = context->connection_info.peer_used_cert_chain[slot_id].buffer;
47 : *cert_chain_buffer_size = context->connection_info.peer_used_cert_chain[slot_id].buffer_size;
48 : }
49 :
50 : void libspdm_get_peer_cert_chain_data(void *spdm_context,
51 : uint8_t slot_id,
52 : const void **cert_chain_data,
53 : size_t *cert_chain_data_size)
54 : {
55 : libspdm_context_t *context;
56 : size_t hash_size;
57 :
58 : context = spdm_context;
59 : hash_size = libspdm_get_hash_size(context->connection_info.algorithm.base_hash_algo);
60 :
61 : libspdm_get_peer_cert_chain_buffer(context, slot_id, cert_chain_data, cert_chain_data_size);
62 : *cert_chain_data = (const uint8_t *)*cert_chain_data + sizeof(spdm_cert_chain_t) + hash_size;
63 : *cert_chain_data_size = *cert_chain_data_size - (sizeof(spdm_cert_chain_t) + hash_size);
64 : }
65 : #endif /* LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT */
66 :
67 34 : void libspdm_get_local_cert_chain_buffer(void *spdm_context,
68 : uint8_t slot_id,
69 : const void **cert_chain_buffer,
70 : size_t *cert_chain_buffer_size)
71 : {
72 : libspdm_context_t *context;
73 :
74 34 : context = spdm_context;
75 :
76 34 : LIBSPDM_ASSERT(context->local_context.local_cert_chain_provision[slot_id] != NULL);
77 34 : LIBSPDM_ASSERT(context->local_context.local_cert_chain_provision_size != 0);
78 :
79 34 : *cert_chain_buffer = context->local_context.local_cert_chain_provision[slot_id];
80 34 : *cert_chain_buffer_size = context->local_context.local_cert_chain_provision_size[slot_id];
81 34 : }
82 :
83 0 : bool libspdm_get_local_cert_chain_data(void *spdm_context,
84 : uint8_t slot_id,
85 : const void **cert_chain_data,
86 : size_t *cert_chain_data_size)
87 : {
88 : libspdm_context_t *context;
89 : size_t hash_size;
90 :
91 0 : context = spdm_context;
92 :
93 0 : libspdm_get_local_cert_chain_buffer(context, slot_id, cert_chain_data, cert_chain_data_size);
94 :
95 0 : hash_size = libspdm_get_hash_size(context->connection_info.algorithm.base_hash_algo);
96 :
97 0 : *cert_chain_data = (const uint8_t *)*cert_chain_data + sizeof(spdm_cert_chain_t) + hash_size;
98 0 : *cert_chain_data_size = *cert_chain_data_size - (sizeof(spdm_cert_chain_t) + hash_size);
99 :
100 0 : return true;
101 : }
102 :
103 3 : bool libspdm_get_peer_public_key_buffer(void *spdm_context,
104 : const void **peer_public_key_buffer,
105 : size_t *peer_public_key_buffer_size)
106 : {
107 : libspdm_context_t *context;
108 :
109 3 : context = spdm_context;
110 3 : if (context->local_context.peer_public_key_provision_size != 0) {
111 3 : *peer_public_key_buffer = context->local_context.peer_public_key_provision;
112 3 : *peer_public_key_buffer_size = context->local_context.peer_public_key_provision_size;
113 3 : return true;
114 : }
115 0 : return false;
116 : }
117 :
118 2 : bool libspdm_get_local_public_key_buffer(void *spdm_context,
119 : const void **local_public_key_buffer,
120 : size_t *local_public_key_buffer_size)
121 : {
122 : libspdm_context_t *context;
123 :
124 2 : context = spdm_context;
125 2 : if (context->local_context.local_public_key_provision_size != 0) {
126 2 : *local_public_key_buffer = context->local_context.local_public_key_provision;
127 2 : *local_public_key_buffer_size = context->local_context.local_public_key_provision_size;
128 2 : return true;
129 : }
130 0 : return false;
131 : }
132 :
133 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
134 : bool libspdm_calculate_l1l2(libspdm_context_t *spdm_context,
135 : void *session_info,
136 : libspdm_l1l2_managed_buffer_t *l1l2)
137 : {
138 : libspdm_return_t status;
139 : libspdm_session_info_t *spdm_session_info;
140 :
141 : spdm_session_info = session_info;
142 :
143 : libspdm_init_managed_buffer(l1l2, sizeof(l1l2->buffer));
144 :
145 : if ((spdm_context->connection_info.version >> SPDM_VERSION_NUMBER_SHIFT_BIT) >
146 : SPDM_MESSAGE_VERSION_11) {
147 :
148 : /* Need append VCA since 1.2 script*/
149 :
150 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_a data :\n"));
151 : LIBSPDM_INTERNAL_DUMP_HEX(
152 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
153 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
154 : status = libspdm_append_managed_buffer(
155 : l1l2,
156 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
157 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
158 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
159 : return false;
160 : }
161 : }
162 :
163 : if (spdm_session_info == NULL) {
164 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_m data :\n"));
165 : LIBSPDM_INTERNAL_DUMP_HEX(
166 : libspdm_get_managed_buffer(&spdm_context->transcript.message_m),
167 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_m));
168 : status = libspdm_append_managed_buffer(
169 : l1l2,
170 : libspdm_get_managed_buffer(&spdm_context->transcript.message_m),
171 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_m));
172 : } else {
173 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "use message_m in session :\n"));
174 : LIBSPDM_INTERNAL_DUMP_HEX(
175 : libspdm_get_managed_buffer(&spdm_session_info->session_transcript.message_m),
176 : libspdm_get_managed_buffer_size(&spdm_session_info->session_transcript.message_m));
177 : status = libspdm_append_managed_buffer(
178 : l1l2,
179 : libspdm_get_managed_buffer(&spdm_session_info->session_transcript.message_m),
180 : libspdm_get_managed_buffer_size(&spdm_session_info->session_transcript.message_m));
181 : }
182 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
183 : return false;
184 : }
185 :
186 : /* Debug code only - calculate and print value of l1l2 hash*/
187 : LIBSPDM_DEBUG_CODE(
188 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
189 : uint32_t hash_size = libspdm_get_hash_size(
190 : spdm_context->connection_info.algorithm.base_hash_algo);
191 : if (!libspdm_hash_all(
192 : spdm_context->connection_info.algorithm.base_hash_algo,
193 : libspdm_get_managed_buffer(l1l2),
194 : libspdm_get_managed_buffer_size(l1l2), hash_data)) {
195 : return false;
196 : }
197 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "l1l2 hash - "));
198 : LIBSPDM_INTERNAL_DUMP_DATA(hash_data, hash_size);
199 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
200 : );
201 :
202 : return true;
203 : }
204 : #else
205 39 : bool libspdm_calculate_l1l2_hash(libspdm_context_t *spdm_context,
206 : void *session_info,
207 : size_t *l1l2_hash_size, void *l1l2_hash)
208 : {
209 : libspdm_session_info_t *spdm_session_info;
210 : bool result;
211 :
212 : uint32_t hash_size;
213 :
214 39 : spdm_session_info = session_info;
215 :
216 39 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
217 :
218 39 : if (spdm_session_info == NULL) {
219 37 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
220 : spdm_context->transcript.digest_context_l1l2, l1l2_hash);
221 : } else {
222 2 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "use message_m in session :\n"));
223 2 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
224 : spdm_session_info->session_transcript.digest_context_l1l2,
225 : l1l2_hash);
226 : }
227 39 : if (!result) {
228 0 : return false;
229 : }
230 39 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "l1l2 hash - "));
231 39 : LIBSPDM_INTERNAL_DUMP_DATA(l1l2_hash, hash_size);
232 39 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
233 :
234 39 : *l1l2_hash_size = hash_size;
235 :
236 39 : return true;
237 : }
238 : #endif /* LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT */
239 :
240 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
241 : /*
242 : * This function calculates m1m2.
243 : *
244 : * @param spdm_context A pointer to the SPDM context.
245 : * @param is_mut Indicate if this is from mutual authentication.
246 : * @param m1m2 The buffer to store the m1m2
247 : */
248 : static bool libspdm_calculate_m1m2(void *context, bool is_mut,
249 : libspdm_m1m2_managed_buffer_t *m1m2)
250 : {
251 : libspdm_context_t *spdm_context;
252 : libspdm_return_t status;
253 :
254 : spdm_context = context;
255 :
256 : libspdm_init_managed_buffer(m1m2, sizeof(m1m2->buffer));
257 :
258 : if (is_mut) {
259 : if ((spdm_context->connection_info.version >> SPDM_VERSION_NUMBER_SHIFT_BIT) >
260 : SPDM_MESSAGE_VERSION_11) {
261 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_a data :\n"));
262 : LIBSPDM_INTERNAL_DUMP_HEX(
263 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
264 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
265 : status = libspdm_append_managed_buffer(
266 : m1m2,
267 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
268 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
269 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
270 : return false;
271 : }
272 : }
273 :
274 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_mut_b data :\n"));
275 : LIBSPDM_INTERNAL_DUMP_HEX(
276 : libspdm_get_managed_buffer(&spdm_context->transcript.message_mut_b),
277 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_mut_b));
278 : status = libspdm_append_managed_buffer(
279 : m1m2,
280 : libspdm_get_managed_buffer(&spdm_context->transcript.message_mut_b),
281 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_mut_b));
282 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
283 : return false;
284 : }
285 :
286 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_mut_c data :\n"));
287 : LIBSPDM_INTERNAL_DUMP_HEX(
288 : libspdm_get_managed_buffer(&spdm_context->transcript.message_mut_c),
289 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_mut_c));
290 : status = libspdm_append_managed_buffer(
291 : m1m2,
292 : libspdm_get_managed_buffer(&spdm_context->transcript.message_mut_c),
293 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_mut_c));
294 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
295 : return false;
296 : }
297 :
298 : /* Debug code only - calculate and print value of m1m2 mut hash*/
299 : LIBSPDM_DEBUG_CODE(
300 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
301 : uint32_t hash_size = libspdm_get_hash_size(
302 : spdm_context->connection_info.algorithm.base_hash_algo);
303 : if (!libspdm_hash_all(
304 : spdm_context->connection_info.algorithm.base_hash_algo,
305 : libspdm_get_managed_buffer(m1m2),
306 : libspdm_get_managed_buffer_size(m1m2), hash_data)) {
307 : return false;
308 : }
309 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "m1m2 Mut hash - "));
310 : LIBSPDM_INTERNAL_DUMP_DATA(hash_data, hash_size);
311 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
312 : );
313 :
314 : } else {
315 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_a data :\n"));
316 : LIBSPDM_INTERNAL_DUMP_HEX(
317 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
318 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
319 : status = libspdm_append_managed_buffer(
320 : m1m2,
321 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
322 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
323 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
324 : return false;
325 : }
326 :
327 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_b data :\n"));
328 : LIBSPDM_INTERNAL_DUMP_HEX(
329 : libspdm_get_managed_buffer(&spdm_context->transcript.message_b),
330 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_b));
331 : status = libspdm_append_managed_buffer(
332 : m1m2,
333 : libspdm_get_managed_buffer(&spdm_context->transcript.message_b),
334 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_b));
335 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
336 : return false;
337 : }
338 :
339 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_c data :\n"));
340 : LIBSPDM_INTERNAL_DUMP_HEX(
341 : libspdm_get_managed_buffer(&spdm_context->transcript.message_c),
342 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_c));
343 : status = libspdm_append_managed_buffer(
344 : m1m2,
345 : libspdm_get_managed_buffer(&spdm_context->transcript.message_c),
346 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_c));
347 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
348 : return false;
349 : }
350 :
351 : /* Debug code only - calculate and print value of m1m2 hash*/
352 : LIBSPDM_DEBUG_CODE(
353 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
354 : uint32_t hash_size = libspdm_get_hash_size(
355 : spdm_context->connection_info.algorithm.base_hash_algo);
356 : if (!libspdm_hash_all(
357 : spdm_context->connection_info.algorithm.base_hash_algo,
358 : libspdm_get_managed_buffer(m1m2),
359 : libspdm_get_managed_buffer_size(m1m2), hash_data)) {
360 : return false;
361 : }
362 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "m1m2 hash - "));
363 : LIBSPDM_INTERNAL_DUMP_DATA(hash_data, hash_size);
364 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
365 : );
366 : }
367 :
368 : return true;
369 : }
370 : #else
371 : /*
372 : * This function calculates m1m2 hash.
373 : *
374 : * @param spdm_context A pointer to the SPDM context.
375 : * @param is_mut Indicate if this is from mutual authentication.
376 : * @param m1m2_hash_size size in bytes of the m1m2 hash
377 : * @param m1m2_hash The buffer to store the m1m2 hash
378 : */
379 32 : static bool libspdm_calculate_m1m2_hash(void *context, bool is_mut,
380 : size_t *m1m2_hash_size,
381 : void *m1m2_hash)
382 : {
383 : libspdm_context_t *spdm_context;
384 : uint32_t hash_size;
385 : bool result;
386 :
387 32 : spdm_context = context;
388 :
389 32 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
390 :
391 32 : if (is_mut) {
392 6 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
393 : spdm_context->transcript.digest_context_mut_m1m2, m1m2_hash);
394 6 : if (!result) {
395 0 : return false;
396 : }
397 6 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "m1m2 Mut hash - "));
398 6 : LIBSPDM_INTERNAL_DUMP_DATA(m1m2_hash, hash_size);
399 6 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
400 :
401 : } else {
402 26 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
403 : spdm_context->transcript.digest_context_m1m2, m1m2_hash);
404 26 : if (!result) {
405 0 : return false;
406 : }
407 26 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "m1m2 hash - "));
408 26 : LIBSPDM_INTERNAL_DUMP_DATA(m1m2_hash, hash_size);
409 26 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
410 : }
411 :
412 32 : *m1m2_hash_size = hash_size;
413 :
414 32 : return true;
415 : }
416 : #endif
417 :
418 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
419 : static bool libspdm_calculate_il1il2(libspdm_context_t *spdm_context,
420 : void *session_info,
421 : bool is_mut,
422 : libspdm_il1il2_managed_buffer_t *il1il2)
423 : {
424 : libspdm_return_t status;
425 : libspdm_session_info_t *spdm_session_info;
426 :
427 : spdm_session_info = session_info;
428 :
429 : libspdm_init_managed_buffer(il1il2, sizeof(il1il2->buffer));
430 :
431 :
432 : if (is_mut) {
433 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_a data :\n"));
434 : LIBSPDM_INTERNAL_DUMP_HEX(
435 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
436 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
437 : status = libspdm_append_managed_buffer(
438 : il1il2,
439 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
440 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
441 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
442 : return false;
443 : }
444 :
445 : if (spdm_session_info == NULL) {
446 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_encap_e data :\n"));
447 : LIBSPDM_INTERNAL_DUMP_HEX(
448 : libspdm_get_managed_buffer(&spdm_context->transcript.message_encap_e),
449 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_encap_e));
450 : status = libspdm_append_managed_buffer(
451 : il1il2,
452 : libspdm_get_managed_buffer(&spdm_context->transcript.message_encap_e),
453 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_encap_e));
454 : } else {
455 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "use message_encap_e in session :\n"));
456 : LIBSPDM_INTERNAL_DUMP_HEX(
457 : libspdm_get_managed_buffer(&spdm_session_info->session_transcript.message_encap_e),
458 : libspdm_get_managed_buffer_size(
459 : &spdm_session_info->session_transcript.message_encap_e));
460 : status = libspdm_append_managed_buffer(
461 : il1il2,
462 : libspdm_get_managed_buffer(&spdm_session_info->session_transcript.message_encap_e),
463 : libspdm_get_managed_buffer_size(
464 : &spdm_session_info->session_transcript.message_encap_e));
465 : }
466 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
467 : return false;
468 : }
469 :
470 : /* Debug code only - calculate and print value of il1il2 hash*/
471 : LIBSPDM_DEBUG_CODE(
472 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
473 : uint32_t hash_size = libspdm_get_hash_size(
474 : spdm_context->connection_info.algorithm.base_hash_algo);
475 : if (!libspdm_hash_all(
476 : spdm_context->connection_info.algorithm.base_hash_algo,
477 : libspdm_get_managed_buffer(il1il2),
478 : libspdm_get_managed_buffer_size(il1il2), hash_data)) {
479 : return false;
480 : }
481 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "il1il2 mut hash - "));
482 : LIBSPDM_INTERNAL_DUMP_DATA(hash_data, hash_size);
483 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
484 : );
485 : } else {
486 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_a data :\n"));
487 : LIBSPDM_INTERNAL_DUMP_HEX(
488 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
489 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
490 : status = libspdm_append_managed_buffer(
491 : il1il2,
492 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
493 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
494 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
495 : return false;
496 : }
497 :
498 : if (spdm_session_info == NULL) {
499 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_e data :\n"));
500 : LIBSPDM_INTERNAL_DUMP_HEX(
501 : libspdm_get_managed_buffer(&spdm_context->transcript.message_e),
502 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_e));
503 : status = libspdm_append_managed_buffer(
504 : il1il2,
505 : libspdm_get_managed_buffer(&spdm_context->transcript.message_e),
506 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_e));
507 : } else {
508 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "use message_e in session :\n"));
509 : LIBSPDM_INTERNAL_DUMP_HEX(
510 : libspdm_get_managed_buffer(&spdm_session_info->session_transcript.message_e),
511 : libspdm_get_managed_buffer_size(&spdm_session_info->session_transcript.message_e));
512 : status = libspdm_append_managed_buffer(
513 : il1il2,
514 : libspdm_get_managed_buffer(&spdm_session_info->session_transcript.message_e),
515 : libspdm_get_managed_buffer_size(&spdm_session_info->session_transcript.message_e));
516 : }
517 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
518 : return false;
519 : }
520 :
521 : /* Debug code only - calculate and print value of il1il2 hash*/
522 : LIBSPDM_DEBUG_CODE(
523 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
524 : uint32_t hash_size = libspdm_get_hash_size(
525 : spdm_context->connection_info.algorithm.base_hash_algo);
526 : if (!libspdm_hash_all(
527 : spdm_context->connection_info.algorithm.base_hash_algo,
528 : libspdm_get_managed_buffer(il1il2),
529 : libspdm_get_managed_buffer_size(il1il2), hash_data)) {
530 : return false;
531 : }
532 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "il1il2 hash - "));
533 : LIBSPDM_INTERNAL_DUMP_DATA(hash_data, hash_size);
534 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
535 : );
536 : }
537 :
538 : return true;
539 : }
540 : #else
541 31 : static bool libspdm_calculate_il1il2_hash(libspdm_context_t *spdm_context,
542 : void *session_info, bool is_encap,
543 : size_t *il1il2_hash_size, void *il1il2_hash)
544 : {
545 : libspdm_session_info_t *spdm_session_info;
546 : bool result;
547 :
548 : uint32_t hash_size;
549 :
550 31 : spdm_session_info = session_info;
551 :
552 31 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
553 :
554 31 : if (spdm_session_info == NULL) {
555 26 : if (is_encap) {
556 12 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
557 : spdm_context->transcript.digest_context_encap_il1il2,
558 : il1il2_hash);
559 : } else {
560 14 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
561 : spdm_context->transcript.digest_context_il1il2,
562 : il1il2_hash);
563 : }
564 : } else {
565 5 : if (is_encap) {
566 2 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
567 : spdm_session_info->session_transcript.digest_context_encap_il1il2,
568 : il1il2_hash);
569 : } else {
570 3 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
571 : spdm_session_info->session_transcript.digest_context_il1il2,
572 : il1il2_hash);
573 : }
574 : }
575 31 : if (!result) {
576 0 : return false;
577 : }
578 31 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "il1il2 hash - "));
579 31 : LIBSPDM_INTERNAL_DUMP_DATA(il1il2_hash, hash_size);
580 31 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
581 :
582 31 : *il1il2_hash_size = hash_size;
583 :
584 31 : return true;
585 : }
586 : #endif /* LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT */
587 :
588 35 : bool libspdm_generate_cert_chain_hash(libspdm_context_t *spdm_context,
589 : size_t slot_id, uint8_t *hash)
590 : {
591 35 : LIBSPDM_ASSERT(slot_id < SPDM_MAX_SLOT_COUNT);
592 35 : return libspdm_hash_all(
593 : spdm_context->connection_info.algorithm.base_hash_algo,
594 : spdm_context->local_context.local_cert_chain_provision[slot_id],
595 : spdm_context->local_context.local_cert_chain_provision_size[slot_id], hash);
596 : }
597 :
598 2 : bool libspdm_generate_public_key_hash(libspdm_context_t *spdm_context,
599 : uint8_t *hash)
600 : {
601 2 : return libspdm_hash_all(
602 : spdm_context->connection_info.algorithm.base_hash_algo,
603 : spdm_context->local_context.local_public_key_provision,
604 : spdm_context->local_context.local_public_key_provision_size, hash);
605 : }
606 :
607 10 : uint8_t libspdm_get_cert_slot_mask(libspdm_context_t *spdm_context)
608 : {
609 : size_t index;
610 : uint8_t slot_mask;
611 :
612 10 : slot_mask = 0;
613 90 : for (index = 0; index < SPDM_MAX_SLOT_COUNT; index++) {
614 80 : if (spdm_context->local_context.local_cert_chain_provision[index] != NULL) {
615 11 : slot_mask |= (1 << index);
616 : }
617 : }
618 :
619 10 : return slot_mask;
620 : }
621 :
622 15 : uint8_t libspdm_get_cert_slot_count(libspdm_context_t *spdm_context)
623 : {
624 : size_t index;
625 : uint8_t slot_count;
626 :
627 15 : slot_count = 0;
628 135 : for (index = 0; index < SPDM_MAX_SLOT_COUNT; index++) {
629 120 : if (spdm_context->local_context.local_cert_chain_provision[index] != NULL) {
630 25 : slot_count++;
631 : }
632 : }
633 :
634 15 : return slot_count;
635 : }
636 :
637 : #if LIBSPDM_CERT_PARSE_SUPPORT
638 34 : bool libspdm_verify_peer_cert_chain_buffer_integrity(libspdm_context_t *spdm_context,
639 : const void *cert_chain_buffer,
640 : size_t cert_chain_buffer_size)
641 : {
642 : bool result;
643 : uint8_t cert_model;
644 : bool is_requester;
645 :
646 34 : is_requester = spdm_context->local_context.is_requester;
647 :
648 34 : cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT;
649 : /* Responder does not determine Requester's certificate model */
650 34 : if (is_requester) {
651 34 : if ((spdm_context->connection_info.capability.flags &
652 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP) == 0) {
653 31 : cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT;
654 : }
655 : }
656 :
657 34 : if (is_requester) {
658 34 : result = libspdm_verify_certificate_chain_buffer(
659 34 : libspdm_get_connection_version(spdm_context),
660 : spdm_context->connection_info.algorithm.base_hash_algo,
661 : spdm_context->connection_info.algorithm.base_asym_algo,
662 : spdm_context->connection_info.algorithm.pqc_asym_algo,
663 : cert_chain_buffer, cert_chain_buffer_size,
664 : false, cert_model);
665 : } else {
666 0 : result = libspdm_verify_certificate_chain_buffer(
667 0 : libspdm_get_connection_version(spdm_context),
668 : spdm_context->connection_info.algorithm.base_hash_algo,
669 0 : spdm_context->connection_info.algorithm.req_base_asym_alg,
670 : spdm_context->connection_info.algorithm.req_pqc_asym_alg,
671 : cert_chain_buffer, cert_chain_buffer_size,
672 : true, cert_model);
673 : }
674 :
675 34 : return result;
676 : }
677 :
678 29 : bool libspdm_verify_peer_cert_chain_buffer_authority(libspdm_context_t *spdm_context,
679 : const void *cert_chain_buffer,
680 : size_t cert_chain_buffer_size,
681 : const void **trust_anchor,
682 : size_t *trust_anchor_size)
683 : {
684 : const uint8_t *root_cert;
685 : size_t root_cert_size;
686 : uint8_t root_cert_index;
687 : size_t root_cert_hash_size;
688 : uint8_t root_cert_hash[LIBSPDM_MAX_HASH_SIZE];
689 : const uint8_t *received_root_cert;
690 : size_t received_root_cert_size;
691 : bool result;
692 :
693 29 : root_cert_index = 0;
694 29 : root_cert = spdm_context->local_context.peer_root_cert_provision[root_cert_index];
695 29 : root_cert_size = spdm_context->local_context.peer_root_cert_provision_size[root_cert_index];
696 :
697 29 : root_cert_hash_size = libspdm_get_hash_size(
698 : spdm_context->connection_info.algorithm.base_hash_algo);
699 :
700 29 : if ((root_cert != NULL) && (root_cert_size != 0)) {
701 60 : while ((root_cert != NULL) && (root_cert_size != 0)) {
702 60 : result = libspdm_hash_all(
703 : spdm_context->connection_info.algorithm.base_hash_algo,
704 : root_cert, root_cert_size, root_cert_hash);
705 60 : if (!result) {
706 0 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR,
707 : "!!! verify_peer_cert_chain_buffer - FAIL (hash calculation) !!!\n"));
708 0 : return false;
709 : }
710 :
711 60 : if (libspdm_consttime_is_mem_equal((const uint8_t *)cert_chain_buffer +
712 : sizeof(spdm_cert_chain_t),
713 : root_cert_hash, root_cert_hash_size)) {
714 21 : break;
715 : }
716 :
717 : #if (LIBSPDM_MAX_ROOT_CERT_SUPPORT) > 1
718 39 : if ((root_cert_index < ((LIBSPDM_MAX_ROOT_CERT_SUPPORT) -1)) &&
719 38 : (spdm_context->local_context.peer_root_cert_provision[root_cert_index + 1] !=
720 : NULL)) {
721 34 : root_cert_index++;
722 34 : root_cert = spdm_context->local_context.peer_root_cert_provision[root_cert_index];
723 34 : root_cert_size =
724 34 : spdm_context->local_context.peer_root_cert_provision_size[root_cert_index];
725 : } else
726 : #endif /* LIBSPDM_MAX_ROOT_CERT_SUPPORT */
727 : {
728 5 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR,
729 : "!!! verify_peer_cert_chain_buffer - "
730 : "FAIL (all root cert hash mismatch) !!!\n"));
731 5 : return false;
732 : }
733 : }
734 :
735 21 : result = libspdm_x509_get_cert_from_cert_chain(
736 21 : (const uint8_t *)cert_chain_buffer + sizeof(spdm_cert_chain_t) + root_cert_hash_size,
737 21 : cert_chain_buffer_size - sizeof(spdm_cert_chain_t) - root_cert_hash_size,
738 : 0, &received_root_cert, &received_root_cert_size);
739 21 : if (!result) {
740 0 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR,
741 : "!!! verify_peer_cert_chain_buffer - FAIL (cert retrieval fail) !!!\n"));
742 0 : return false;
743 : }
744 21 : if (libspdm_is_root_certificate(received_root_cert, received_root_cert_size)) {
745 20 : if ((root_cert != NULL) &&
746 20 : !libspdm_consttime_is_mem_equal(received_root_cert, root_cert, root_cert_size)) {
747 0 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR,
748 : "!!! verify_peer_cert_chain_buffer - "
749 : "FAIL (root cert mismatch) !!!\n"));
750 0 : return false;
751 : }
752 : } else {
753 1 : if (!libspdm_x509_verify_cert(received_root_cert, received_root_cert_size,
754 : root_cert, root_cert_size)) {
755 0 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR,
756 : "!!! verify_peer_cert_chain_buffer - "
757 : "FAIL (received root cert verify failed)!!!\n"));
758 0 : return false;
759 : }
760 : }
761 21 : if (trust_anchor != NULL) {
762 5 : *trust_anchor = root_cert;
763 : }
764 21 : if (trust_anchor_size != NULL) {
765 5 : *trust_anchor_size = root_cert_size;
766 : }
767 : }
768 : /*
769 : * When there is no root_cert in local_context, the return is true too.
770 : * No root_cert means the caller wants to verify the trust anchor of the cert chain.
771 : */
772 24 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "!!! verify_peer_cert_chain_buffer - PASS !!!\n"));
773 :
774 24 : return true;
775 : }
776 : #endif
777 :
778 12 : bool libspdm_generate_challenge_auth_signature(libspdm_context_t *spdm_context,
779 : bool is_requester,
780 : uint8_t slot_id,
781 : uint8_t *signature)
782 : {
783 : bool result;
784 : size_t signature_size;
785 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
786 : libspdm_m1m2_managed_buffer_t m1m2;
787 : uint8_t *m1m2_buffer;
788 : size_t m1m2_buffer_size;
789 : #else
790 : uint8_t m1m2_hash[LIBSPDM_MAX_HASH_SIZE];
791 : size_t m1m2_hash_size;
792 : #endif
793 :
794 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
795 : result = libspdm_calculate_m1m2(spdm_context, is_requester, &m1m2);
796 : m1m2_buffer = libspdm_get_managed_buffer(&m1m2);
797 : m1m2_buffer_size = libspdm_get_managed_buffer_size(&m1m2);
798 : #else
799 12 : m1m2_hash_size = sizeof(m1m2_hash);
800 12 : result = libspdm_calculate_m1m2_hash(spdm_context, is_requester, &m1m2_hash_size, &m1m2_hash);
801 : #endif
802 12 : if (is_requester) {
803 3 : libspdm_reset_message_mut_b(spdm_context);
804 3 : libspdm_reset_message_mut_c(spdm_context);
805 : } else {
806 9 : libspdm_reset_message_b(spdm_context);
807 9 : libspdm_reset_message_c(spdm_context);
808 : }
809 12 : if (!result) {
810 0 : return false;
811 : }
812 :
813 12 : if (is_requester) {
814 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
815 3 : if (spdm_context->connection_info.algorithm.req_pqc_asym_alg != 0) {
816 0 : signature_size = libspdm_get_req_pqc_asym_signature_size(
817 : spdm_context->connection_info.algorithm.req_pqc_asym_alg);
818 : } else {
819 3 : signature_size = libspdm_get_req_asym_signature_size(
820 3 : spdm_context->connection_info.algorithm.req_base_asym_alg);
821 : }
822 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
823 : result = libspdm_requester_data_sign(
824 : spdm_context,
825 : spdm_context->connection_info.version,
826 : libspdm_slot_id_to_key_pair_id(spdm_context, slot_id, true),
827 : SPDM_CHALLENGE_AUTH,
828 : spdm_context->connection_info.algorithm.req_base_asym_alg,
829 : spdm_context->connection_info.algorithm.req_pqc_asym_alg,
830 : spdm_context->connection_info.algorithm.base_hash_algo,
831 : false, m1m2_buffer, m1m2_buffer_size, signature, &signature_size);
832 : #else
833 6 : result = libspdm_requester_data_sign(
834 : spdm_context,
835 3 : spdm_context->connection_info.version,
836 3 : libspdm_slot_id_to_key_pair_id(spdm_context, slot_id, true),
837 : SPDM_CHALLENGE_AUTH,
838 3 : spdm_context->connection_info.algorithm.req_base_asym_alg,
839 : spdm_context->connection_info.algorithm.req_pqc_asym_alg,
840 : spdm_context->connection_info.algorithm.base_hash_algo,
841 : true, m1m2_hash, m1m2_hash_size, signature, &signature_size);
842 : #endif
843 : #else /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
844 : result = false;
845 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
846 : } else {
847 9 : if (spdm_context->connection_info.algorithm.pqc_asym_algo != 0) {
848 0 : signature_size = libspdm_get_pqc_asym_signature_size(
849 : spdm_context->connection_info.algorithm.pqc_asym_algo);
850 : } else {
851 9 : signature_size = libspdm_get_asym_signature_size(
852 : spdm_context->connection_info.algorithm.base_asym_algo);
853 : }
854 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
855 : result = libspdm_responder_data_sign(
856 : spdm_context,
857 : spdm_context->connection_info.version,
858 : libspdm_slot_id_to_key_pair_id(spdm_context, slot_id, false),
859 : SPDM_CHALLENGE_AUTH,
860 : spdm_context->connection_info.algorithm.base_asym_algo,
861 : spdm_context->connection_info.algorithm.pqc_asym_algo,
862 : spdm_context->connection_info.algorithm.base_hash_algo,
863 : false, m1m2_buffer, m1m2_buffer_size, signature,
864 : &signature_size);
865 : #else
866 18 : result = libspdm_responder_data_sign(
867 : spdm_context,
868 9 : spdm_context->connection_info.version,
869 9 : libspdm_slot_id_to_key_pair_id(spdm_context, slot_id, false),
870 : SPDM_CHALLENGE_AUTH,
871 : spdm_context->connection_info.algorithm.base_asym_algo,
872 : spdm_context->connection_info.algorithm.pqc_asym_algo,
873 : spdm_context->connection_info.algorithm.base_hash_algo,
874 : true, m1m2_hash, m1m2_hash_size, signature,
875 : &signature_size);
876 : #endif
877 : }
878 :
879 12 : return result;
880 : }
881 :
882 20 : bool libspdm_verify_certificate_chain_hash(libspdm_context_t *spdm_context,
883 : uint8_t slot_id,
884 : const void *certificate_chain_hash,
885 : size_t certificate_chain_hash_size)
886 : {
887 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
888 : size_t hash_size;
889 : uint8_t cert_chain_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
890 : const uint8_t *cert_chain_buffer;
891 : size_t cert_chain_buffer_size;
892 : bool result;
893 :
894 : libspdm_get_peer_cert_chain_buffer(spdm_context,
895 : slot_id,
896 : (const void **)&cert_chain_buffer,
897 : &cert_chain_buffer_size);
898 :
899 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
900 :
901 : result = libspdm_hash_all(spdm_context->connection_info.algorithm.base_hash_algo,
902 : cert_chain_buffer, cert_chain_buffer_size,
903 : cert_chain_buffer_hash);
904 : if (!result) {
905 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR,
906 : "!!! verify_certificate_chain_hash - FAIL (hash calculation) !!!\n"));
907 : return false;
908 : }
909 :
910 : if (hash_size != certificate_chain_hash_size) {
911 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR, "!!! verify_certificate_chain_hash - FAIL !!!\n"));
912 : return false;
913 : }
914 : if (!libspdm_consttime_is_mem_equal(certificate_chain_hash, cert_chain_buffer_hash,
915 : certificate_chain_hash_size)) {
916 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR, "!!! verify_certificate_chain_hash - FAIL !!!\n"));
917 : return false;
918 : }
919 : #else
920 20 : LIBSPDM_ASSERT(
921 : spdm_context->connection_info.peer_used_cert_chain[slot_id].buffer_hash_size != 0);
922 :
923 20 : if (spdm_context->connection_info.peer_used_cert_chain[slot_id].buffer_hash_size !=
924 : certificate_chain_hash_size) {
925 0 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR, "!!! verify_certificate_chain_hash - FAIL !!!\n"));
926 0 : return false;
927 : }
928 :
929 20 : if (!libspdm_consttime_is_mem_equal(certificate_chain_hash,
930 20 : spdm_context->connection_info.peer_used_cert_chain[slot_id].
931 : buffer_hash, certificate_chain_hash_size)) {
932 0 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR, "!!! verify_certificate_chain_hash - FAIL !!!\n"));
933 0 : return false;
934 : }
935 : #endif
936 20 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "!!! verify_certificate_chain_hash - PASS !!!\n"));
937 20 : return true;
938 : }
939 :
940 2 : bool libspdm_verify_public_key_hash(libspdm_context_t *spdm_context,
941 : const void *public_key_hash,
942 : size_t public_key_hash_size)
943 : {
944 : size_t hash_size;
945 : uint8_t public_key_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
946 : bool result;
947 :
948 2 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
949 :
950 2 : result = libspdm_hash_all(spdm_context->connection_info.algorithm.base_hash_algo,
951 : spdm_context->local_context.peer_public_key_provision,
952 : spdm_context->local_context.peer_public_key_provision_size,
953 : public_key_buffer_hash);
954 2 : if (!result) {
955 0 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR,
956 : "!!! verify_public_key_hash - FAIL (hash calculation) !!!\n"));
957 0 : return false;
958 : }
959 :
960 2 : if (hash_size != public_key_hash_size) {
961 0 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR, "!!! verify_public_key_hash - FAIL !!!\n"));
962 0 : return false;
963 : }
964 2 : if (!libspdm_consttime_is_mem_equal(public_key_hash, public_key_buffer_hash,
965 : public_key_hash_size)) {
966 0 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR, "!!! verify_public_key_hash - FAIL !!!\n"));
967 0 : return false;
968 : }
969 :
970 2 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "!!! verify_public_key_hash - PASS !!!\n"));
971 2 : return true;
972 : }
973 :
974 20 : bool libspdm_verify_challenge_auth_signature(libspdm_context_t *spdm_context,
975 : bool is_requester,
976 : uint8_t slot_id,
977 : const void *sign_data,
978 : size_t sign_data_size)
979 : {
980 : bool result;
981 : void *context;
982 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
983 : libspdm_m1m2_managed_buffer_t m1m2;
984 : uint8_t *m1m2_buffer;
985 : size_t m1m2_buffer_size;
986 : const uint8_t *cert_buffer;
987 : size_t cert_buffer_size;
988 : const uint8_t *cert_chain_data;
989 : size_t cert_chain_data_size;
990 : #else
991 : uint8_t m1m2_hash[LIBSPDM_MAX_HASH_SIZE];
992 : size_t m1m2_hash_size;
993 : #endif
994 :
995 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
996 : result = libspdm_calculate_m1m2(spdm_context, !is_requester, &m1m2);
997 : m1m2_buffer = libspdm_get_managed_buffer(&m1m2);
998 : m1m2_buffer_size = libspdm_get_managed_buffer_size(&m1m2);
999 : #else
1000 20 : m1m2_hash_size = sizeof(m1m2_hash);
1001 20 : result = libspdm_calculate_m1m2_hash(spdm_context, !is_requester, &m1m2_hash_size, &m1m2_hash);
1002 : #endif
1003 20 : if (is_requester) {
1004 17 : libspdm_reset_message_b(spdm_context);
1005 17 : libspdm_reset_message_c(spdm_context);
1006 : } else {
1007 3 : libspdm_reset_message_mut_b(spdm_context);
1008 3 : libspdm_reset_message_mut_c(spdm_context);
1009 : }
1010 20 : if (!result) {
1011 0 : return false;
1012 : }
1013 :
1014 20 : if (slot_id == 0xFF) {
1015 2 : if (is_requester) {
1016 1 : if (spdm_context->connection_info.algorithm.pqc_asym_algo != 0) {
1017 0 : result = libspdm_pqc_asym_get_public_key_from_der(
1018 : spdm_context->connection_info.algorithm.pqc_asym_algo,
1019 0 : spdm_context->local_context.peer_public_key_provision,
1020 : spdm_context->local_context.peer_public_key_provision_size,
1021 : &context);
1022 : } else {
1023 1 : result = libspdm_asym_get_public_key_from_der(
1024 : spdm_context->connection_info.algorithm.base_asym_algo,
1025 1 : spdm_context->local_context.peer_public_key_provision,
1026 : spdm_context->local_context.peer_public_key_provision_size,
1027 : &context);
1028 : }
1029 : } else {
1030 1 : if (spdm_context->connection_info.algorithm.req_pqc_asym_alg != 0) {
1031 0 : result = libspdm_req_pqc_asym_get_public_key_from_der(
1032 : spdm_context->connection_info.algorithm.req_pqc_asym_alg,
1033 0 : spdm_context->local_context.peer_public_key_provision,
1034 : spdm_context->local_context.peer_public_key_provision_size,
1035 : &context);
1036 : } else {
1037 1 : result = libspdm_req_asym_get_public_key_from_der(
1038 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
1039 1 : spdm_context->local_context.peer_public_key_provision,
1040 : spdm_context->local_context.peer_public_key_provision_size,
1041 : &context);
1042 : }
1043 : }
1044 2 : if (!result) {
1045 0 : return false;
1046 : }
1047 : } else {
1048 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1049 : libspdm_get_peer_cert_chain_data(
1050 : spdm_context, slot_id, (const void **)&cert_chain_data, &cert_chain_data_size);
1051 :
1052 : /* Get leaf cert from cert chain*/
1053 : result = libspdm_x509_get_cert_from_cert_chain(
1054 : cert_chain_data, cert_chain_data_size, -1, &cert_buffer, &cert_buffer_size);
1055 : if (!result) {
1056 : return false;
1057 : }
1058 :
1059 : if (is_requester) {
1060 : if (spdm_context->connection_info.algorithm.pqc_asym_algo != 0) {
1061 : result = libspdm_pqc_asym_get_public_key_from_x509(
1062 : spdm_context->connection_info.algorithm.pqc_asym_algo,
1063 : cert_buffer, cert_buffer_size, &context);
1064 : } else {
1065 : result = libspdm_asym_get_public_key_from_x509(
1066 : spdm_context->connection_info.algorithm.base_asym_algo,
1067 : cert_buffer, cert_buffer_size, &context);
1068 : }
1069 : } else {
1070 : if (spdm_context->connection_info.algorithm.req_pqc_asym_alg != 0) {
1071 : result = libspdm_req_pqc_asym_get_public_key_from_x509(
1072 : spdm_context->connection_info.algorithm.req_pqc_asym_alg,
1073 : cert_buffer, cert_buffer_size, &context);
1074 : } else {
1075 : result = libspdm_req_asym_get_public_key_from_x509(
1076 : spdm_context->connection_info.algorithm.req_base_asym_alg,
1077 : cert_buffer, cert_buffer_size, &context);
1078 : }
1079 : }
1080 : if (!result) {
1081 : return false;
1082 : }
1083 : #else
1084 18 : context = spdm_context->connection_info.peer_used_cert_chain[slot_id].leaf_cert_public_key;
1085 18 : LIBSPDM_ASSERT(context != NULL);
1086 : #endif
1087 : }
1088 :
1089 20 : if (is_requester) {
1090 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1091 : if (spdm_context->connection_info.algorithm.pqc_asym_algo != 0) {
1092 : result = libspdm_pqc_asym_verify(
1093 : spdm_context->connection_info.version, SPDM_CHALLENGE_AUTH,
1094 : spdm_context->connection_info.algorithm.pqc_asym_algo,
1095 : spdm_context->connection_info.algorithm.base_hash_algo,
1096 : context, m1m2_buffer, m1m2_buffer_size, sign_data, sign_data_size);
1097 : libspdm_pqc_asym_free(
1098 : spdm_context->connection_info.algorithm.pqc_asym_algo, context);
1099 : } else {
1100 : result = libspdm_asym_verify_ex(
1101 : spdm_context->connection_info.version, SPDM_CHALLENGE_AUTH,
1102 : spdm_context->connection_info.algorithm.base_asym_algo,
1103 : spdm_context->connection_info.algorithm.base_hash_algo,
1104 : context, m1m2_buffer, m1m2_buffer_size, sign_data, sign_data_size,
1105 : &spdm_context->spdm_10_11_verify_signature_endian);
1106 : libspdm_asym_free(
1107 : spdm_context->connection_info.algorithm.base_asym_algo, context);
1108 : }
1109 : #else
1110 17 : if (spdm_context->connection_info.algorithm.pqc_asym_algo != 0) {
1111 0 : result = libspdm_pqc_asym_verify_hash(
1112 0 : spdm_context->connection_info.version, SPDM_CHALLENGE_AUTH,
1113 : spdm_context->connection_info.algorithm.pqc_asym_algo,
1114 : spdm_context->connection_info.algorithm.base_hash_algo,
1115 : context, m1m2_hash, m1m2_hash_size, sign_data, sign_data_size);
1116 0 : if (slot_id == 0xFF) {
1117 0 : libspdm_pqc_asym_free(
1118 : spdm_context->connection_info.algorithm.pqc_asym_algo, context);
1119 : }
1120 : } else {
1121 17 : result = libspdm_asym_verify_hash_ex(
1122 17 : spdm_context->connection_info.version, SPDM_CHALLENGE_AUTH,
1123 : spdm_context->connection_info.algorithm.base_asym_algo,
1124 : spdm_context->connection_info.algorithm.base_hash_algo,
1125 : context, m1m2_hash, m1m2_hash_size, sign_data, sign_data_size,
1126 : &spdm_context->spdm_10_11_verify_signature_endian);
1127 17 : if (slot_id == 0xFF) {
1128 1 : libspdm_asym_free(
1129 : spdm_context->connection_info.algorithm.base_asym_algo, context);
1130 : }
1131 : }
1132 : #endif
1133 : } else {
1134 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1135 : if (spdm_context->connection_info.algorithm.req_pqc_asym_alg != 0) {
1136 : result = libspdm_req_pqc_asym_verify(
1137 : spdm_context->connection_info.version, SPDM_CHALLENGE_AUTH,
1138 : spdm_context->connection_info.algorithm.req_pqc_asym_alg,
1139 : spdm_context->connection_info.algorithm.base_hash_algo,
1140 : context, m1m2_buffer, m1m2_buffer_size, sign_data, sign_data_size);
1141 : libspdm_req_pqc_asym_free(
1142 : spdm_context->connection_info.algorithm.req_pqc_asym_alg, context);
1143 : } else {
1144 : result = libspdm_req_asym_verify_ex(
1145 : spdm_context->connection_info.version, SPDM_CHALLENGE_AUTH,
1146 : spdm_context->connection_info.algorithm.req_base_asym_alg,
1147 : spdm_context->connection_info.algorithm.base_hash_algo,
1148 : context, m1m2_buffer, m1m2_buffer_size, sign_data, sign_data_size,
1149 : &spdm_context->spdm_10_11_verify_signature_endian);
1150 : libspdm_req_asym_free(
1151 : spdm_context->connection_info.algorithm.req_base_asym_alg, context);
1152 : }
1153 : #else
1154 3 : if (spdm_context->connection_info.algorithm.req_pqc_asym_alg != 0) {
1155 0 : result = libspdm_req_pqc_asym_verify_hash(
1156 0 : spdm_context->connection_info.version, SPDM_CHALLENGE_AUTH,
1157 : spdm_context->connection_info.algorithm.req_pqc_asym_alg,
1158 : spdm_context->connection_info.algorithm.base_hash_algo,
1159 : context, m1m2_hash, m1m2_hash_size, sign_data, sign_data_size);
1160 0 : if (slot_id == 0xFF) {
1161 0 : libspdm_req_pqc_asym_free(
1162 : spdm_context->connection_info.algorithm.req_pqc_asym_alg, context);
1163 : }
1164 : } else {
1165 3 : result = libspdm_req_asym_verify_hash_ex(
1166 3 : spdm_context->connection_info.version, SPDM_CHALLENGE_AUTH,
1167 3 : spdm_context->connection_info.algorithm.req_base_asym_alg,
1168 : spdm_context->connection_info.algorithm.base_hash_algo,
1169 : context, m1m2_hash, m1m2_hash_size, sign_data, sign_data_size,
1170 : &spdm_context->spdm_10_11_verify_signature_endian);
1171 3 : if (slot_id == 0xFF) {
1172 1 : libspdm_req_asym_free(
1173 1 : spdm_context->connection_info.algorithm.req_base_asym_alg, context);
1174 : }
1175 : }
1176 : #endif
1177 : }
1178 20 : if (!result) {
1179 1 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR,
1180 : "!!! verify_challenge_signature - FAIL !!!\n"));
1181 1 : return false;
1182 : }
1183 :
1184 19 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "!!! verify_challenge_signature - PASS !!!\n"));
1185 :
1186 19 : return true;
1187 : }
1188 :
1189 : uint32_t
1190 108 : libspdm_get_measurement_summary_hash_size(libspdm_context_t *spdm_context,
1191 : bool is_requester,
1192 : uint8_t measurement_summary_hash_type)
1193 : {
1194 108 : if (!libspdm_is_capabilities_flag_supported(
1195 : spdm_context, is_requester, 0,
1196 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP)) {
1197 57 : return 0;
1198 : }
1199 :
1200 51 : switch (measurement_summary_hash_type) {
1201 25 : case SPDM_REQUEST_NO_MEASUREMENT_SUMMARY_HASH:
1202 25 : return 0;
1203 : break;
1204 :
1205 24 : case SPDM_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH:
1206 : case SPDM_REQUEST_ALL_MEASUREMENTS_HASH:
1207 24 : return libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
1208 : break;
1209 2 : default:
1210 2 : return 0;
1211 : break;
1212 : }
1213 : }
1214 :
1215 : #if LIBSPDM_ENABLE_CAPABILITY_ENDPOINT_INFO_CAP
1216 9 : bool libspdm_generate_endpoint_info_signature(libspdm_context_t *spdm_context,
1217 : libspdm_session_info_t *session_info,
1218 : bool is_requester,
1219 : uint8_t slot_id,
1220 : uint8_t *signature)
1221 : {
1222 : bool result;
1223 : size_t signature_size;
1224 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1225 : libspdm_il1il2_managed_buffer_t il1il2;
1226 : uint8_t *il1il2_buffer;
1227 : size_t il1il2_buffer_size;
1228 : #else
1229 : uint8_t il1il2_hash[LIBSPDM_MAX_HASH_SIZE];
1230 : size_t il1il2_hash_size;
1231 : #endif
1232 :
1233 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1234 : result = libspdm_calculate_il1il2(spdm_context, session_info, is_requester, &il1il2);
1235 : il1il2_buffer = libspdm_get_managed_buffer(&il1il2);
1236 : il1il2_buffer_size = libspdm_get_managed_buffer_size(&il1il2);
1237 : #else
1238 9 : il1il2_hash_size = sizeof(il1il2_hash);
1239 9 : result = libspdm_calculate_il1il2_hash(spdm_context, session_info, is_requester,
1240 : &il1il2_hash_size, &il1il2_hash);
1241 : #endif
1242 9 : if (is_requester) {
1243 5 : libspdm_reset_message_encap_e(spdm_context, session_info);
1244 : } else {
1245 4 : libspdm_reset_message_e(spdm_context, session_info);
1246 : }
1247 9 : if (!result) {
1248 0 : return false;
1249 : }
1250 :
1251 9 : if (is_requester) {
1252 5 : if (spdm_context->connection_info.algorithm.req_pqc_asym_alg != 0) {
1253 0 : signature_size = libspdm_get_req_pqc_asym_signature_size(
1254 : spdm_context->connection_info.algorithm.req_pqc_asym_alg);
1255 : } else {
1256 5 : signature_size = libspdm_get_req_asym_signature_size(
1257 5 : spdm_context->connection_info.algorithm.req_base_asym_alg);
1258 : }
1259 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1260 : result = libspdm_requester_data_sign(
1261 : spdm_context,
1262 : spdm_context->connection_info.version,
1263 : libspdm_slot_id_to_key_pair_id(spdm_context, slot_id, true),
1264 : SPDM_ENDPOINT_INFO,
1265 : spdm_context->connection_info.algorithm.req_base_asym_alg,
1266 : spdm_context->connection_info.algorithm.req_pqc_asym_alg,
1267 : spdm_context->connection_info.algorithm.base_hash_algo,
1268 : false, il1il2_buffer, il1il2_buffer_size, signature, &signature_size);
1269 : #else
1270 10 : result = libspdm_requester_data_sign(
1271 : spdm_context,
1272 5 : spdm_context->connection_info.version,
1273 5 : libspdm_slot_id_to_key_pair_id(spdm_context, slot_id, true),
1274 : SPDM_ENDPOINT_INFO,
1275 5 : spdm_context->connection_info.algorithm.req_base_asym_alg,
1276 : spdm_context->connection_info.algorithm.req_pqc_asym_alg,
1277 : spdm_context->connection_info.algorithm.base_hash_algo,
1278 : true, il1il2_hash, il1il2_hash_size, signature, &signature_size);
1279 : #endif
1280 : } else {
1281 4 : if (spdm_context->connection_info.algorithm.pqc_asym_algo != 0) {
1282 0 : signature_size = libspdm_get_pqc_asym_signature_size(
1283 : spdm_context->connection_info.algorithm.pqc_asym_algo);
1284 : } else {
1285 4 : signature_size = libspdm_get_asym_signature_size(
1286 : spdm_context->connection_info.algorithm.base_asym_algo);
1287 : }
1288 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1289 : result = libspdm_responder_data_sign(
1290 : spdm_context,
1291 : spdm_context->connection_info.version,
1292 : libspdm_slot_id_to_key_pair_id(spdm_context, slot_id, false),
1293 : SPDM_ENDPOINT_INFO,
1294 : spdm_context->connection_info.algorithm.base_asym_algo,
1295 : spdm_context->connection_info.algorithm.pqc_asym_algo,
1296 : spdm_context->connection_info.algorithm.base_hash_algo,
1297 : false, il1il2_buffer, il1il2_buffer_size, signature,
1298 : &signature_size);
1299 : #else
1300 8 : result = libspdm_responder_data_sign(
1301 : spdm_context,
1302 4 : spdm_context->connection_info.version,
1303 4 : libspdm_slot_id_to_key_pair_id(spdm_context, slot_id, false),
1304 : SPDM_ENDPOINT_INFO,
1305 : spdm_context->connection_info.algorithm.base_asym_algo,
1306 : spdm_context->connection_info.algorithm.pqc_asym_algo,
1307 : spdm_context->connection_info.algorithm.base_hash_algo,
1308 : true, il1il2_hash, il1il2_hash_size, signature,
1309 : &signature_size);
1310 : #endif
1311 : }
1312 :
1313 9 : return result;
1314 : }
1315 : #endif /* LIBSPDM_ENABLE_CAPABILITY_ENDPOINT_INFO_CAP */
1316 :
1317 22 : bool libspdm_verify_endpoint_info_signature(libspdm_context_t *spdm_context,
1318 : libspdm_session_info_t *session_info,
1319 : bool is_requester,
1320 : uint8_t slot_id,
1321 : const void *sign_data,
1322 : size_t sign_data_size)
1323 : {
1324 : bool result;
1325 : void *context;
1326 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1327 : libspdm_il1il2_managed_buffer_t il1il2;
1328 : uint8_t *il1il2_buffer;
1329 : size_t il1il2_buffer_size;
1330 : const uint8_t *cert_chain_data;
1331 : size_t cert_chain_data_size;
1332 : const uint8_t *cert_buffer;
1333 : size_t cert_buffer_size;
1334 : #else
1335 : uint8_t il1il2_hash[LIBSPDM_MAX_HASH_SIZE];
1336 : size_t il1il2_hash_size;
1337 : #endif
1338 :
1339 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1340 : result = libspdm_calculate_il1il2(spdm_context, session_info,!is_requester, &il1il2);
1341 : il1il2_buffer = libspdm_get_managed_buffer(&il1il2);
1342 : il1il2_buffer_size = libspdm_get_managed_buffer_size(&il1il2);
1343 : #else
1344 22 : il1il2_hash_size = sizeof(il1il2_hash);
1345 22 : result = libspdm_calculate_il1il2_hash(spdm_context, session_info, !is_requester,
1346 22 : &il1il2_hash_size, il1il2_hash);
1347 : #endif
1348 22 : if (is_requester) {
1349 13 : libspdm_reset_message_e(spdm_context, session_info);
1350 : } else {
1351 9 : libspdm_reset_message_encap_e(spdm_context, session_info);
1352 : }
1353 22 : if (!result) {
1354 0 : return false;
1355 : }
1356 :
1357 22 : if (slot_id == 0xF) {
1358 4 : if (is_requester) {
1359 2 : if (spdm_context->connection_info.algorithm.base_asym_algo != 0) {
1360 2 : result = libspdm_asym_get_public_key_from_der(
1361 : spdm_context->connection_info.algorithm.base_asym_algo,
1362 2 : spdm_context->local_context.peer_public_key_provision,
1363 : spdm_context->local_context.peer_public_key_provision_size,
1364 : &context);
1365 : }
1366 2 : if (spdm_context->connection_info.algorithm.pqc_asym_algo != 0) {
1367 0 : result = libspdm_pqc_asym_get_public_key_from_der(
1368 : spdm_context->connection_info.algorithm.pqc_asym_algo,
1369 0 : spdm_context->local_context.peer_public_key_provision,
1370 : spdm_context->local_context.peer_public_key_provision_size,
1371 : &context);
1372 : }
1373 : } else {
1374 2 : if (spdm_context->connection_info.algorithm.req_base_asym_alg != 0) {
1375 2 : result = libspdm_req_asym_get_public_key_from_der(
1376 2 : spdm_context->connection_info.algorithm.req_base_asym_alg,
1377 2 : spdm_context->local_context.peer_public_key_provision,
1378 : spdm_context->local_context.peer_public_key_provision_size,
1379 : &context);
1380 : }
1381 2 : if (spdm_context->connection_info.algorithm.req_pqc_asym_alg != 0) {
1382 0 : result = libspdm_req_pqc_asym_get_public_key_from_der(
1383 : spdm_context->connection_info.algorithm.req_pqc_asym_alg,
1384 0 : spdm_context->local_context.peer_public_key_provision,
1385 : spdm_context->local_context.peer_public_key_provision_size,
1386 : &context);
1387 : }
1388 : }
1389 4 : if (!result) {
1390 0 : return false;
1391 : }
1392 : } else {
1393 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1394 : libspdm_get_peer_cert_chain_data(
1395 : spdm_context, slot_id, (const void **)&cert_chain_data, &cert_chain_data_size);
1396 :
1397 : /* Get leaf cert from cert chain*/
1398 : result = libspdm_x509_get_cert_from_cert_chain(cert_chain_data,
1399 : cert_chain_data_size, -1,
1400 : &cert_buffer, &cert_buffer_size);
1401 : if (!result) {
1402 : return false;
1403 : }
1404 :
1405 : if (is_requester) {
1406 : result = libspdm_asym_get_public_key_from_x509(
1407 : spdm_context->connection_info.algorithm.base_asym_algo,
1408 : cert_buffer, cert_buffer_size, &context);
1409 : } else {
1410 : result = libspdm_req_asym_get_public_key_from_x509(
1411 : spdm_context->connection_info.algorithm.req_base_asym_alg,
1412 : cert_buffer, cert_buffer_size, &context);
1413 : }
1414 : if (!result) {
1415 : return false;
1416 : }
1417 : #else
1418 18 : context = spdm_context->connection_info.peer_used_cert_chain[slot_id].leaf_cert_public_key;
1419 18 : LIBSPDM_ASSERT(context != NULL);
1420 : #endif
1421 : }
1422 :
1423 22 : if (is_requester) {
1424 13 : if (spdm_context->connection_info.algorithm.base_asym_algo != 0) {
1425 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1426 : result = libspdm_asym_verify_ex(
1427 : spdm_context->connection_info.version, SPDM_ENDPOINT_INFO,
1428 : spdm_context->connection_info.algorithm.base_asym_algo,
1429 : spdm_context->connection_info.algorithm.base_hash_algo,
1430 : context, il1il2_buffer, il1il2_buffer_size, sign_data, sign_data_size,
1431 : &spdm_context->spdm_10_11_verify_signature_endian);
1432 : libspdm_asym_free(
1433 : spdm_context->connection_info.algorithm.base_asym_algo, context);
1434 : #else
1435 13 : result = libspdm_asym_verify_hash_ex(
1436 13 : spdm_context->connection_info.version, SPDM_ENDPOINT_INFO,
1437 : spdm_context->connection_info.algorithm.base_asym_algo,
1438 : spdm_context->connection_info.algorithm.base_hash_algo,
1439 : context, il1il2_hash, il1il2_hash_size, sign_data, sign_data_size,
1440 : &spdm_context->spdm_10_11_verify_signature_endian);
1441 13 : if (slot_id == 0xF) {
1442 2 : libspdm_asym_free(
1443 : spdm_context->connection_info.algorithm.base_asym_algo, context);
1444 : }
1445 : #endif
1446 : }
1447 13 : if (spdm_context->connection_info.algorithm.pqc_asym_algo != 0) {
1448 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1449 : result = libspdm_pqc_asym_verify(
1450 : spdm_context->connection_info.version, SPDM_ENDPOINT_INFO,
1451 : spdm_context->connection_info.algorithm.pqc_asym_algo,
1452 : spdm_context->connection_info.algorithm.base_hash_algo,
1453 : context, il1il2_buffer, il1il2_buffer_size, sign_data, sign_data_size);
1454 : libspdm_pqc_asym_free(
1455 : spdm_context->connection_info.algorithm.pqc_asym_algo, context);
1456 : #else
1457 0 : result = libspdm_pqc_asym_verify_hash(
1458 0 : spdm_context->connection_info.version, SPDM_ENDPOINT_INFO,
1459 : spdm_context->connection_info.algorithm.pqc_asym_algo,
1460 : spdm_context->connection_info.algorithm.base_hash_algo,
1461 : context, il1il2_hash, il1il2_hash_size, sign_data, sign_data_size);
1462 0 : if (slot_id == 0xFF) {
1463 0 : libspdm_pqc_asym_free(
1464 : spdm_context->connection_info.algorithm.pqc_asym_algo, context);
1465 : }
1466 : #endif
1467 : }
1468 : } else {
1469 9 : if (spdm_context->connection_info.algorithm.req_base_asym_alg != 0) {
1470 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1471 : result = libspdm_req_asym_verify_ex(
1472 : spdm_context->connection_info.version, SPDM_ENDPOINT_INFO,
1473 : spdm_context->connection_info.algorithm.req_base_asym_alg,
1474 : spdm_context->connection_info.algorithm.base_hash_algo,
1475 : context, il1il2_buffer, il1il2_buffer_size, sign_data, sign_data_size,
1476 : &spdm_context->spdm_10_11_verify_signature_endian);
1477 : libspdm_req_asym_free(
1478 : spdm_context->connection_info.algorithm.req_base_asym_alg, context);
1479 : #else
1480 9 : result = libspdm_req_asym_verify_hash_ex(
1481 9 : spdm_context->connection_info.version, SPDM_ENDPOINT_INFO,
1482 9 : spdm_context->connection_info.algorithm.req_base_asym_alg,
1483 : spdm_context->connection_info.algorithm.base_hash_algo,
1484 : context, il1il2_hash, il1il2_hash_size, sign_data, sign_data_size,
1485 : &spdm_context->spdm_10_11_verify_signature_endian);
1486 9 : if (slot_id == 0xF) {
1487 2 : libspdm_req_asym_free(
1488 2 : spdm_context->connection_info.algorithm.req_base_asym_alg, context);
1489 : }
1490 : #endif
1491 : }
1492 9 : if (spdm_context->connection_info.algorithm.req_pqc_asym_alg != 0) {
1493 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1494 : result = libspdm_req_pqc_asym_verify(
1495 : spdm_context->connection_info.version, SPDM_ENDPOINT_INFO,
1496 : spdm_context->connection_info.algorithm.req_pqc_asym_alg,
1497 : spdm_context->connection_info.algorithm.base_hash_algo,
1498 : context, il1il2_buffer, il1il2_buffer_size, sign_data, sign_data_size);
1499 : libspdm_req_pqc_asym_free(
1500 : spdm_context->connection_info.algorithm.req_pqc_asym_alg, context);
1501 : #else
1502 0 : result = libspdm_req_pqc_asym_verify_hash(
1503 0 : spdm_context->connection_info.version, SPDM_ENDPOINT_INFO,
1504 : spdm_context->connection_info.algorithm.req_pqc_asym_alg,
1505 : spdm_context->connection_info.algorithm.base_hash_algo,
1506 : context, il1il2_hash, il1il2_hash_size, sign_data, sign_data_size);
1507 0 : if (slot_id == 0xFF) {
1508 0 : libspdm_req_pqc_asym_free(
1509 : spdm_context->connection_info.algorithm.req_pqc_asym_alg, context);
1510 : }
1511 : #endif
1512 : }
1513 : }
1514 22 : if (!result) {
1515 3 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR, "!!! verify_endpoint_info_signature - FAIL !!!\n"));
1516 3 : return false;
1517 : }
1518 :
1519 19 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "!!! verify_endpoint_info_signature - PASS !!!\n"));
1520 19 : return true;
1521 : }
|
