Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_secured_message_lib.h"
8 :
9 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
10 : bool libspdm_calculate_th_for_exchange(
11 : libspdm_context_t *spdm_context, void *spdm_session_info, const uint8_t *cert_chain_buffer,
12 : size_t cert_chain_buffer_size,
13 : libspdm_th_managed_buffer_t *th_curr)
14 : {
15 : libspdm_session_info_t *session_info;
16 : uint8_t cert_chain_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
17 : uint32_t hash_size;
18 : libspdm_return_t status;
19 : bool result;
20 :
21 : session_info = spdm_session_info;
22 :
23 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
24 :
25 : libspdm_init_managed_buffer(th_curr, sizeof(th_curr->buffer));
26 :
27 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_a data :\n"));
28 : LIBSPDM_INTERNAL_DUMP_HEX(
29 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
30 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
31 : status = libspdm_append_managed_buffer(
32 : th_curr,
33 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
34 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
35 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
36 : return false;
37 : }
38 :
39 : if (cert_chain_buffer != NULL) {
40 : if (spdm_context->connection_info.multi_key_conn_rsp) {
41 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_d data :\n"));
42 : LIBSPDM_INTERNAL_DUMP_HEX(
43 : libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
44 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
45 : status = libspdm_append_managed_buffer(
46 : th_curr,
47 : libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
48 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
49 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
50 : return false;
51 : }
52 : }
53 :
54 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_message_ct data :\n"));
55 : LIBSPDM_INTERNAL_DUMP_HEX(cert_chain_buffer, cert_chain_buffer_size);
56 : result = libspdm_hash_all(
57 : spdm_context->connection_info.algorithm.base_hash_algo,
58 : cert_chain_buffer, cert_chain_buffer_size,
59 : cert_chain_buffer_hash);
60 : if (!result) {
61 : return false;
62 : }
63 : status = libspdm_append_managed_buffer(th_curr, cert_chain_buffer_hash, hash_size);
64 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
65 : return false;
66 : }
67 : }
68 :
69 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_k data :\n"));
70 : LIBSPDM_INTERNAL_DUMP_HEX(
71 : libspdm_get_managed_buffer(&session_info->session_transcript.message_k),
72 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_k));
73 : status = libspdm_append_managed_buffer(
74 : th_curr,
75 : libspdm_get_managed_buffer(&session_info->session_transcript.message_k),
76 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_k));
77 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
78 : return false;
79 : }
80 :
81 : return true;
82 : }
83 : #else
84 91 : bool libspdm_calculate_th_hash_for_exchange(
85 : libspdm_context_t *spdm_context, void *spdm_session_info,
86 : size_t *th_hash_buffer_size, void *th_hash_buffer)
87 : {
88 : libspdm_session_info_t *session_info;
89 : uint32_t hash_size;
90 : void *digest_context_th;
91 : bool result;
92 :
93 91 : session_info = spdm_session_info;
94 :
95 91 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
96 :
97 91 : LIBSPDM_ASSERT(*th_hash_buffer_size >= hash_size);
98 :
99 : /* duplicate the th context, because we still need use original context to continue.*/
100 91 : digest_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo);
101 91 : if (digest_context_th == NULL) {
102 0 : return false;
103 : }
104 91 : result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo,
105 91 : session_info->session_transcript.digest_context_th,
106 : digest_context_th);
107 91 : if (!result) {
108 0 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo,
109 : digest_context_th);
110 0 : return false;
111 : }
112 91 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
113 : digest_context_th, th_hash_buffer);
114 91 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, digest_context_th);
115 91 : if (!result) {
116 0 : return false;
117 : }
118 :
119 91 : *th_hash_buffer_size = hash_size;
120 :
121 91 : return true;
122 : }
123 :
124 54 : bool libspdm_calculate_th_hmac_for_exchange_rsp(
125 : libspdm_context_t *spdm_context, void *spdm_session_info,
126 : size_t *th_hmac_buffer_size, void *th_hmac_buffer)
127 : {
128 : libspdm_session_info_t *session_info;
129 : void *secured_message_context;
130 : uint32_t hash_size;
131 : void *hash_context_th;
132 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
133 : bool result;
134 :
135 54 : session_info = spdm_session_info;
136 54 : secured_message_context = session_info->secured_message_context;
137 :
138 54 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
139 :
140 54 : LIBSPDM_ASSERT(*th_hmac_buffer_size >= hash_size);
141 :
142 : /* duplicate the th context, because we still need use original context to continue.*/
143 54 : hash_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo);
144 54 : if (hash_context_th == NULL) {
145 0 : return false;
146 : }
147 54 : result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo,
148 54 : session_info->session_transcript.digest_context_th,
149 : hash_context_th);
150 54 : if (!result) {
151 0 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
152 0 : return false;
153 : }
154 54 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
155 : hash_context_th, hash_data);
156 54 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
157 54 : if (!result) {
158 0 : return false;
159 : }
160 :
161 54 : result = libspdm_hmac_all_with_response_finished_key (secured_message_context,
162 : hash_data, hash_size, th_hmac_buffer);
163 54 : if (!result) {
164 0 : return false;
165 : }
166 54 : *th_hmac_buffer_size = hash_size;
167 :
168 54 : return true;
169 : }
170 : #endif
171 :
172 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
173 : bool libspdm_calculate_th_for_finish(libspdm_context_t *spdm_context,
174 : void *spdm_session_info,
175 : const uint8_t *cert_chain_buffer,
176 : size_t cert_chain_buffer_size,
177 : const uint8_t *mut_cert_chain_buffer,
178 : size_t mut_cert_chain_buffer_size,
179 : libspdm_th_managed_buffer_t *th_curr)
180 : {
181 : libspdm_session_info_t *session_info;
182 : uint8_t cert_chain_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
183 : uint8_t mut_cert_chain_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
184 : uint32_t hash_size;
185 : libspdm_return_t status;
186 : bool result;
187 :
188 : session_info = spdm_session_info;
189 :
190 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
191 :
192 : libspdm_init_managed_buffer(th_curr, sizeof(th_curr->buffer));
193 :
194 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_a data :\n"));
195 : LIBSPDM_INTERNAL_DUMP_HEX(
196 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
197 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
198 : status = libspdm_append_managed_buffer(
199 : th_curr,
200 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
201 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
202 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
203 : return false;
204 : }
205 :
206 : if (cert_chain_buffer != NULL) {
207 : if (spdm_context->connection_info.multi_key_conn_rsp) {
208 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_d data :\n"));
209 : LIBSPDM_INTERNAL_DUMP_HEX(
210 : libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
211 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
212 : status = libspdm_append_managed_buffer(
213 : th_curr,
214 : libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
215 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
216 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
217 : return false;
218 : }
219 : }
220 :
221 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_message_ct data :\n"));
222 : LIBSPDM_INTERNAL_DUMP_HEX(cert_chain_buffer, cert_chain_buffer_size);
223 : result = libspdm_hash_all(
224 : spdm_context->connection_info.algorithm.base_hash_algo,
225 : cert_chain_buffer, cert_chain_buffer_size,
226 : cert_chain_buffer_hash);
227 : if (!result) {
228 : return false;
229 : }
230 : status = libspdm_append_managed_buffer(th_curr, cert_chain_buffer_hash, hash_size);
231 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
232 : return false;
233 : }
234 : }
235 :
236 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_k data :\n"));
237 : LIBSPDM_INTERNAL_DUMP_HEX(
238 : libspdm_get_managed_buffer(&session_info->session_transcript.message_k),
239 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_k));
240 : status = libspdm_append_managed_buffer(
241 : th_curr,
242 : libspdm_get_managed_buffer(&session_info->session_transcript.message_k),
243 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_k));
244 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
245 : return false;
246 : }
247 :
248 : if (mut_cert_chain_buffer != NULL) {
249 : if (spdm_context->connection_info.multi_key_conn_req) {
250 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_encap_d data :\n"));
251 : LIBSPDM_INTERNAL_DUMP_HEX(
252 : libspdm_get_managed_buffer(&session_info->session_transcript.message_encap_d),
253 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_encap_d));
254 : status = libspdm_append_managed_buffer(
255 : th_curr,
256 : libspdm_get_managed_buffer(&session_info->session_transcript.message_encap_d),
257 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_encap_d));
258 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
259 : return false;
260 : }
261 : }
262 :
263 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_message_cm data :\n"));
264 : LIBSPDM_INTERNAL_DUMP_HEX(mut_cert_chain_buffer, mut_cert_chain_buffer_size);
265 : result = libspdm_hash_all(
266 : spdm_context->connection_info.algorithm.base_hash_algo,
267 : mut_cert_chain_buffer, mut_cert_chain_buffer_size,
268 : mut_cert_chain_buffer_hash);
269 : if (!result) {
270 : return false;
271 : }
272 : status = libspdm_append_managed_buffer(th_curr, mut_cert_chain_buffer_hash, hash_size);
273 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
274 : return false;
275 : }
276 : }
277 :
278 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_f data :\n"));
279 : LIBSPDM_INTERNAL_DUMP_HEX(
280 : libspdm_get_managed_buffer(&session_info->session_transcript.message_f),
281 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_f));
282 : status = libspdm_append_managed_buffer(
283 : th_curr,
284 : libspdm_get_managed_buffer(&session_info->session_transcript.message_f),
285 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_f));
286 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
287 : return false;
288 : }
289 :
290 : return true;
291 : }
292 : #else
293 52 : bool libspdm_calculate_th_hash_for_finish(libspdm_context_t *spdm_context,
294 : void *spdm_session_info,
295 : size_t *th_hash_buffer_size,
296 : void *th_hash_buffer)
297 : {
298 : libspdm_session_info_t *session_info;
299 : uint32_t hash_size;
300 : void *digest_context_th;
301 : bool result;
302 :
303 52 : session_info = spdm_session_info;
304 :
305 52 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
306 :
307 52 : LIBSPDM_ASSERT(*th_hash_buffer_size >= hash_size);
308 :
309 : /* duplicate the th context, because we still need use original context to continue.*/
310 52 : digest_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo);
311 52 : if (digest_context_th == NULL) {
312 0 : return false;
313 : }
314 52 : result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo,
315 52 : session_info->session_transcript.digest_context_th,
316 : digest_context_th);
317 52 : if (!result) {
318 0 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo,
319 : digest_context_th);
320 0 : return false;
321 : }
322 52 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
323 : digest_context_th, th_hash_buffer);
324 52 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, digest_context_th);
325 52 : if (!result) {
326 0 : return false;
327 : }
328 :
329 52 : *th_hash_buffer_size = hash_size;
330 :
331 52 : return true;
332 : }
333 :
334 21 : bool libspdm_calculate_th_hmac_for_finish_rsp(libspdm_context_t *spdm_context,
335 : void *spdm_session_info,
336 : size_t *th_hmac_buffer_size,
337 : void *th_hmac_buffer)
338 : {
339 : libspdm_session_info_t *session_info;
340 : void *secured_message_context;
341 : uint32_t hash_size;
342 : void *hash_context_th;
343 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
344 : bool result;
345 :
346 21 : session_info = spdm_session_info;
347 21 : secured_message_context = session_info->secured_message_context;
348 :
349 21 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
350 :
351 21 : LIBSPDM_ASSERT(*th_hmac_buffer_size >= hash_size);
352 21 : LIBSPDM_ASSERT(session_info->session_transcript.digest_context_th != NULL);
353 :
354 : /* duplicate the th context, because we still need use original context to continue.*/
355 21 : hash_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo);
356 21 : if (hash_context_th == NULL) {
357 0 : return false;
358 : }
359 21 : result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo,
360 21 : session_info->session_transcript.digest_context_th,
361 : hash_context_th);
362 21 : if (!result) {
363 0 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
364 0 : return false;
365 : }
366 21 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
367 : hash_context_th, hash_data);
368 21 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
369 21 : if (!result) {
370 0 : return false;
371 : }
372 :
373 21 : result = libspdm_hmac_all_with_response_finished_key (secured_message_context,
374 : hash_data, hash_size, th_hmac_buffer);
375 21 : if (!result) {
376 0 : return false;
377 : }
378 21 : *th_hmac_buffer_size = hash_size;
379 :
380 21 : return true;
381 : }
382 :
383 93 : bool libspdm_calculate_th_hmac_for_finish_req(libspdm_context_t *spdm_context,
384 : void *spdm_session_info,
385 : size_t *th_hmac_buffer_size,
386 : void *th_hmac_buffer)
387 : {
388 : libspdm_session_info_t *session_info;
389 : void *secured_message_context;
390 : uint32_t hash_size;
391 : void *hash_context_th;
392 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
393 : bool result;
394 :
395 93 : session_info = spdm_session_info;
396 93 : secured_message_context = session_info->secured_message_context;
397 :
398 93 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
399 :
400 93 : LIBSPDM_ASSERT(*th_hmac_buffer_size >= hash_size);
401 93 : LIBSPDM_ASSERT(session_info->session_transcript.digest_context_th != NULL);
402 :
403 : /* duplicate the th context, because we still need use original context to continue.*/
404 93 : hash_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo);
405 93 : if (hash_context_th == NULL) {
406 0 : return false;
407 : }
408 93 : result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo,
409 93 : session_info->session_transcript.digest_context_th,
410 : hash_context_th);
411 93 : if (!result) {
412 0 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
413 0 : return false;
414 : }
415 93 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
416 : hash_context_th, hash_data);
417 93 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
418 93 : if (!result) {
419 0 : return false;
420 : }
421 :
422 93 : result = libspdm_hmac_all_with_request_finished_key (secured_message_context,
423 : hash_data, hash_size, th_hmac_buffer);
424 93 : if (!result) {
425 0 : return false;
426 : }
427 93 : *th_hmac_buffer_size = hash_size;
428 :
429 93 : return true;
430 : }
431 : #endif
432 :
433 58 : bool libspdm_calculate_th1_hash(libspdm_context_t *spdm_context,
434 : void *spdm_session_info,
435 : bool is_requester,
436 : uint8_t *th1_hash_data)
437 : {
438 : libspdm_session_info_t *session_info;
439 : bool result;
440 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
441 : uint8_t slot_id;
442 : uint8_t *cert_chain_buffer;
443 : size_t cert_chain_buffer_size;
444 : uint8_t *th_curr_data;
445 : size_t th_curr_data_size;
446 : libspdm_th_managed_buffer_t th_curr;
447 : #endif
448 : #if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE)
449 : size_t hash_size;
450 : #endif
451 :
452 58 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "Calc th1 hash ...\n"));
453 :
454 58 : session_info = spdm_session_info;
455 :
456 : #if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE)
457 58 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
458 : #endif
459 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
460 : if (!session_info->use_psk) {
461 : if (is_requester) {
462 : slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id;
463 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
464 : if (slot_id == 0xFF) {
465 : result = libspdm_get_peer_public_key_buffer(
466 : spdm_context, (const void **)&cert_chain_buffer,
467 : &cert_chain_buffer_size);
468 : } else {
469 : result = libspdm_get_peer_cert_chain_buffer(
470 : spdm_context, (const void **)&cert_chain_buffer,
471 : &cert_chain_buffer_size);
472 : }
473 : } else {
474 : slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
475 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
476 : if (slot_id == 0xFF) {
477 : result = libspdm_get_local_public_key_buffer(
478 : spdm_context, (const void **)&cert_chain_buffer,
479 : &cert_chain_buffer_size);
480 : } else {
481 : result = libspdm_get_local_cert_chain_buffer(
482 : spdm_context, (const void **)&cert_chain_buffer,
483 : &cert_chain_buffer_size);
484 : }
485 : }
486 : if (!result) {
487 : return false;
488 : }
489 : } else {
490 : cert_chain_buffer = NULL;
491 : cert_chain_buffer_size = 0;
492 : }
493 :
494 : result = libspdm_calculate_th_for_exchange(
495 : spdm_context, session_info, cert_chain_buffer,
496 : cert_chain_buffer_size, &th_curr);
497 : if (!result) {
498 : return false;
499 : }
500 : th_curr_data = libspdm_get_managed_buffer(&th_curr);
501 : th_curr_data_size = libspdm_get_managed_buffer_size(&th_curr);
502 :
503 : result = libspdm_hash_all(spdm_context->connection_info.algorithm.base_hash_algo,
504 : th_curr_data, th_curr_data_size, th1_hash_data);
505 : if (!result) {
506 : return false;
507 : }
508 : #else
509 58 : result = libspdm_calculate_th_hash_for_exchange(
510 : spdm_context, session_info, &hash_size, th1_hash_data);
511 58 : if (!result) {
512 0 : return false;
513 : }
514 : #endif
515 58 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th1 hash - "));
516 58 : LIBSPDM_INTERNAL_DUMP_DATA(th1_hash_data, hash_size);
517 58 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
518 :
519 58 : return true;
520 : }
521 :
522 36 : bool libspdm_calculate_th2_hash(libspdm_context_t *spdm_context,
523 : void *spdm_session_info,
524 : bool is_requester,
525 : uint8_t *th2_hash_data)
526 : {
527 : libspdm_session_info_t *session_info;
528 : bool result;
529 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
530 : uint8_t slot_id;
531 : uint8_t *cert_chain_buffer;
532 : size_t cert_chain_buffer_size;
533 : uint8_t *mut_cert_chain_buffer;
534 : size_t mut_cert_chain_buffer_size;
535 : uint8_t *th_curr_data;
536 : size_t th_curr_data_size;
537 : libspdm_th_managed_buffer_t th_curr;
538 : #endif
539 : #if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE)
540 : size_t hash_size;
541 : #endif
542 :
543 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "Calc th2 hash ...\n"));
544 :
545 36 : session_info = spdm_session_info;
546 :
547 : #if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE)
548 36 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
549 : #endif
550 :
551 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
552 : if (!session_info->use_psk) {
553 : if (is_requester) {
554 : slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id;
555 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
556 : if (slot_id == 0xFF) {
557 : result = libspdm_get_peer_public_key_buffer(
558 : spdm_context, (const void **)&cert_chain_buffer,
559 : &cert_chain_buffer_size);
560 : } else {
561 : result = libspdm_get_peer_cert_chain_buffer(
562 : spdm_context, (const void **)&cert_chain_buffer,
563 : &cert_chain_buffer_size);
564 : }
565 : } else {
566 : slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
567 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
568 : if (slot_id == 0xFF) {
569 : result = libspdm_get_local_public_key_buffer(
570 : spdm_context, (const void **)&cert_chain_buffer,
571 : &cert_chain_buffer_size);
572 : } else {
573 : result = libspdm_get_local_cert_chain_buffer(
574 : spdm_context, (const void **)&cert_chain_buffer,
575 : &cert_chain_buffer_size);
576 : }
577 : }
578 : if (!result) {
579 : return false;
580 : }
581 : if (session_info->mut_auth_requested != 0) {
582 : if (is_requester) {
583 : slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
584 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
585 : if (slot_id == 0xFF) {
586 : result = libspdm_get_local_public_key_buffer(
587 : spdm_context, (const void **)&mut_cert_chain_buffer,
588 : &mut_cert_chain_buffer_size);
589 : } else {
590 : result = libspdm_get_local_cert_chain_buffer(
591 : spdm_context, (const void **)&mut_cert_chain_buffer,
592 : &mut_cert_chain_buffer_size);
593 : }
594 : } else {
595 : slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id;
596 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
597 : if (slot_id == 0xFF) {
598 : result = libspdm_get_peer_public_key_buffer(
599 : spdm_context, (const void **)&mut_cert_chain_buffer,
600 : &mut_cert_chain_buffer_size);
601 : } else {
602 : result = libspdm_get_peer_cert_chain_buffer(
603 : spdm_context, (const void **)&mut_cert_chain_buffer,
604 : &mut_cert_chain_buffer_size);
605 : }
606 : }
607 : if (!result) {
608 : return false;
609 : }
610 : } else {
611 : mut_cert_chain_buffer = NULL;
612 : mut_cert_chain_buffer_size = 0;
613 : }
614 : } else {
615 : cert_chain_buffer = NULL;
616 : cert_chain_buffer_size = 0;
617 : mut_cert_chain_buffer = NULL;
618 : mut_cert_chain_buffer_size = 0;
619 : }
620 :
621 : result = libspdm_calculate_th_for_finish(
622 : spdm_context, session_info, cert_chain_buffer,
623 : cert_chain_buffer_size, mut_cert_chain_buffer,
624 : mut_cert_chain_buffer_size, &th_curr);
625 : if (!result) {
626 : return false;
627 : }
628 : th_curr_data = libspdm_get_managed_buffer(&th_curr);
629 : th_curr_data_size = libspdm_get_managed_buffer_size(&th_curr);
630 :
631 : result = libspdm_hash_all(spdm_context->connection_info.algorithm.base_hash_algo,
632 : th_curr_data, th_curr_data_size, th2_hash_data);
633 : if (!result) {
634 : return false;
635 : }
636 : #else
637 36 : result = libspdm_calculate_th_hash_for_finish(
638 : spdm_context, session_info, &hash_size, th2_hash_data);
639 36 : if (!result) {
640 0 : return false;
641 : }
642 : #endif
643 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th2 hash - "));
644 36 : LIBSPDM_INTERNAL_DUMP_DATA(th2_hash_data, hash_size);
645 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
646 :
647 36 : return true;
648 : }
|
