Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_secured_message_lib.h"
8 :
9 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
10 : bool libspdm_calculate_th_for_exchange(
11 : libspdm_context_t *spdm_context, void *spdm_session_info, const uint8_t *cert_chain_buffer,
12 : size_t cert_chain_buffer_size,
13 : libspdm_th_managed_buffer_t *th_curr)
14 : {
15 : libspdm_session_info_t *session_info;
16 : uint8_t cert_chain_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
17 : uint32_t hash_size;
18 : libspdm_return_t status;
19 : bool result;
20 :
21 : session_info = spdm_session_info;
22 :
23 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
24 :
25 : libspdm_init_managed_buffer(th_curr, sizeof(th_curr->buffer));
26 :
27 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_a data :\n"));
28 : LIBSPDM_INTERNAL_DUMP_HEX(
29 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
30 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
31 : status = libspdm_append_managed_buffer(
32 : th_curr,
33 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
34 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
35 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
36 : return false;
37 : }
38 :
39 : if (cert_chain_buffer != NULL) {
40 : if (spdm_context->connection_info.multi_key_conn_rsp) {
41 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_d data :\n"));
42 : LIBSPDM_INTERNAL_DUMP_HEX(
43 : libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
44 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
45 : status = libspdm_append_managed_buffer(
46 : th_curr,
47 : libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
48 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
49 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
50 : return false;
51 : }
52 : }
53 :
54 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_message_ct data :\n"));
55 : LIBSPDM_INTERNAL_DUMP_HEX(cert_chain_buffer, cert_chain_buffer_size);
56 : result = libspdm_hash_all(
57 : spdm_context->connection_info.algorithm.base_hash_algo,
58 : cert_chain_buffer, cert_chain_buffer_size,
59 : cert_chain_buffer_hash);
60 : if (!result) {
61 : return false;
62 : }
63 : status = libspdm_append_managed_buffer(th_curr, cert_chain_buffer_hash, hash_size);
64 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
65 : return false;
66 : }
67 : }
68 :
69 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_k data :\n"));
70 : LIBSPDM_INTERNAL_DUMP_HEX(
71 : libspdm_get_managed_buffer(&session_info->session_transcript.message_k),
72 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_k));
73 : status = libspdm_append_managed_buffer(
74 : th_curr,
75 : libspdm_get_managed_buffer(&session_info->session_transcript.message_k),
76 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_k));
77 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
78 : return false;
79 : }
80 :
81 : return true;
82 : }
83 : #else
84 91 : bool libspdm_calculate_th_hash_for_exchange(
85 : libspdm_context_t *spdm_context, void *spdm_session_info,
86 : size_t *th_hash_buffer_size, void *th_hash_buffer)
87 : {
88 : libspdm_session_info_t *session_info;
89 : uint32_t hash_size;
90 : void *digest_context_th;
91 : bool result;
92 :
93 91 : session_info = spdm_session_info;
94 :
95 91 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
96 :
97 91 : LIBSPDM_ASSERT(*th_hash_buffer_size >= hash_size);
98 :
99 : /* duplicate the th context, because we still need use original context to continue.*/
100 91 : digest_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo);
101 91 : if (digest_context_th == NULL) {
102 0 : return false;
103 : }
104 91 : result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo,
105 91 : session_info->session_transcript.digest_context_th,
106 : digest_context_th);
107 91 : if (!result) {
108 0 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo,
109 : digest_context_th);
110 0 : return false;
111 : }
112 91 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
113 : digest_context_th, th_hash_buffer);
114 91 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, digest_context_th);
115 91 : if (!result) {
116 0 : return false;
117 : }
118 :
119 91 : *th_hash_buffer_size = hash_size;
120 :
121 91 : return true;
122 : }
123 :
124 54 : bool libspdm_calculate_th_hmac_for_exchange_rsp(
125 : libspdm_context_t *spdm_context, void *spdm_session_info,
126 : size_t *th_hmac_buffer_size, void *th_hmac_buffer)
127 : {
128 : libspdm_session_info_t *session_info;
129 : void *secured_message_context;
130 : uint32_t hash_size;
131 : void *hash_context_th;
132 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
133 : bool result;
134 :
135 54 : session_info = spdm_session_info;
136 54 : secured_message_context = session_info->secured_message_context;
137 :
138 54 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
139 :
140 54 : LIBSPDM_ASSERT(*th_hmac_buffer_size >= hash_size);
141 :
142 : /* duplicate the th context, because we still need use original context to continue.*/
143 54 : hash_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo);
144 54 : if (hash_context_th == NULL) {
145 0 : return false;
146 : }
147 54 : result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo,
148 54 : session_info->session_transcript.digest_context_th,
149 : hash_context_th);
150 54 : if (!result) {
151 0 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
152 0 : return false;
153 : }
154 54 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
155 : hash_context_th, hash_data);
156 54 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
157 54 : if (!result) {
158 0 : return false;
159 : }
160 :
161 54 : result = libspdm_hmac_all_with_response_finished_key (secured_message_context,
162 : hash_data, hash_size, th_hmac_buffer);
163 54 : if (!result) {
164 0 : return false;
165 : }
166 54 : *th_hmac_buffer_size = hash_size;
167 :
168 54 : return true;
169 : }
170 : #endif
171 :
172 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
173 : bool libspdm_calculate_th_for_finish(libspdm_context_t *spdm_context,
174 : void *spdm_session_info,
175 : const uint8_t *cert_chain_buffer,
176 : size_t cert_chain_buffer_size,
177 : const uint8_t *mut_cert_chain_buffer,
178 : size_t mut_cert_chain_buffer_size,
179 : libspdm_th_managed_buffer_t *th_curr)
180 : {
181 : libspdm_session_info_t *session_info;
182 : uint8_t cert_chain_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
183 : uint8_t mut_cert_chain_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
184 : uint32_t hash_size;
185 : libspdm_return_t status;
186 : bool result;
187 :
188 : session_info = spdm_session_info;
189 :
190 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
191 :
192 : libspdm_init_managed_buffer(th_curr, sizeof(th_curr->buffer));
193 :
194 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_a data :\n"));
195 : LIBSPDM_INTERNAL_DUMP_HEX(
196 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
197 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
198 : status = libspdm_append_managed_buffer(
199 : th_curr,
200 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
201 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
202 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
203 : return false;
204 : }
205 :
206 : if (cert_chain_buffer != NULL) {
207 : if (spdm_context->connection_info.multi_key_conn_rsp) {
208 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_d data :\n"));
209 : LIBSPDM_INTERNAL_DUMP_HEX(
210 : libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
211 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
212 : status = libspdm_append_managed_buffer(
213 : th_curr,
214 : libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
215 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
216 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
217 : return false;
218 : }
219 : }
220 :
221 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_message_ct data :\n"));
222 : LIBSPDM_INTERNAL_DUMP_HEX(cert_chain_buffer, cert_chain_buffer_size);
223 : result = libspdm_hash_all(
224 : spdm_context->connection_info.algorithm.base_hash_algo,
225 : cert_chain_buffer, cert_chain_buffer_size,
226 : cert_chain_buffer_hash);
227 : if (!result) {
228 : return false;
229 : }
230 : status = libspdm_append_managed_buffer(th_curr, cert_chain_buffer_hash, hash_size);
231 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
232 : return false;
233 : }
234 : }
235 :
236 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_k data :\n"));
237 : LIBSPDM_INTERNAL_DUMP_HEX(
238 : libspdm_get_managed_buffer(&session_info->session_transcript.message_k),
239 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_k));
240 : status = libspdm_append_managed_buffer(
241 : th_curr,
242 : libspdm_get_managed_buffer(&session_info->session_transcript.message_k),
243 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_k));
244 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
245 : return false;
246 : }
247 :
248 : if (mut_cert_chain_buffer != NULL) {
249 : if (spdm_context->connection_info.multi_key_conn_req) {
250 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_encap_d data :\n"));
251 : LIBSPDM_INTERNAL_DUMP_HEX(
252 : libspdm_get_managed_buffer(&session_info->session_transcript.message_encap_d),
253 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_encap_d));
254 : status = libspdm_append_managed_buffer(
255 : th_curr,
256 : libspdm_get_managed_buffer(&session_info->session_transcript.message_encap_d),
257 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_encap_d));
258 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
259 : return false;
260 : }
261 : }
262 :
263 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_message_cm data :\n"));
264 : LIBSPDM_INTERNAL_DUMP_HEX(mut_cert_chain_buffer, mut_cert_chain_buffer_size);
265 : result = libspdm_hash_all(
266 : spdm_context->connection_info.algorithm.base_hash_algo,
267 : mut_cert_chain_buffer, mut_cert_chain_buffer_size,
268 : mut_cert_chain_buffer_hash);
269 : if (!result) {
270 : return false;
271 : }
272 : status = libspdm_append_managed_buffer(th_curr, mut_cert_chain_buffer_hash, hash_size);
273 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
274 : return false;
275 : }
276 : }
277 :
278 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_f data :\n"));
279 : LIBSPDM_INTERNAL_DUMP_HEX(
280 : libspdm_get_managed_buffer(&session_info->session_transcript.message_f),
281 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_f));
282 : status = libspdm_append_managed_buffer(
283 : th_curr,
284 : libspdm_get_managed_buffer(&session_info->session_transcript.message_f),
285 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_f));
286 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
287 : return false;
288 : }
289 :
290 : return true;
291 : }
292 : #else
293 52 : bool libspdm_calculate_th_hash_for_finish(libspdm_context_t *spdm_context,
294 : void *spdm_session_info,
295 : size_t *th_hash_buffer_size,
296 : void *th_hash_buffer)
297 : {
298 : libspdm_session_info_t *session_info;
299 : uint32_t hash_size;
300 : void *digest_context_th;
301 : bool result;
302 :
303 52 : session_info = spdm_session_info;
304 :
305 52 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
306 :
307 52 : LIBSPDM_ASSERT(*th_hash_buffer_size >= hash_size);
308 :
309 : /* duplicate the th context, because we still need use original context to continue.*/
310 52 : digest_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo);
311 52 : if (digest_context_th == NULL) {
312 0 : return false;
313 : }
314 52 : result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo,
315 52 : session_info->session_transcript.digest_context_th,
316 : digest_context_th);
317 52 : if (!result) {
318 0 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo,
319 : digest_context_th);
320 0 : return false;
321 : }
322 52 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
323 : digest_context_th, th_hash_buffer);
324 52 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, digest_context_th);
325 52 : if (!result) {
326 0 : return false;
327 : }
328 :
329 52 : *th_hash_buffer_size = hash_size;
330 :
331 52 : return true;
332 : }
333 :
334 21 : bool libspdm_calculate_th_hmac_for_finish_rsp(libspdm_context_t *spdm_context,
335 : void *spdm_session_info,
336 : size_t *th_hmac_buffer_size,
337 : void *th_hmac_buffer)
338 : {
339 : libspdm_session_info_t *session_info;
340 : void *secured_message_context;
341 : uint32_t hash_size;
342 : void *hash_context_th;
343 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
344 : bool result;
345 :
346 21 : session_info = spdm_session_info;
347 21 : secured_message_context = session_info->secured_message_context;
348 :
349 21 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
350 :
351 21 : LIBSPDM_ASSERT(*th_hmac_buffer_size >= hash_size);
352 21 : LIBSPDM_ASSERT(session_info->session_transcript.digest_context_th != NULL);
353 :
354 : /* duplicate the th context, because we still need use original context to continue.*/
355 21 : hash_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo);
356 21 : if (hash_context_th == NULL) {
357 0 : return false;
358 : }
359 21 : result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo,
360 21 : session_info->session_transcript.digest_context_th,
361 : hash_context_th);
362 21 : if (!result) {
363 0 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
364 0 : return false;
365 : }
366 21 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
367 : hash_context_th, hash_data);
368 21 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
369 21 : if (!result) {
370 0 : return false;
371 : }
372 :
373 21 : result = libspdm_hmac_all_with_response_finished_key (secured_message_context,
374 : hash_data, hash_size, th_hmac_buffer);
375 21 : if (!result) {
376 0 : return false;
377 : }
378 21 : *th_hmac_buffer_size = hash_size;
379 :
380 21 : return true;
381 : }
382 :
383 93 : bool libspdm_calculate_th_hmac_for_finish_req(libspdm_context_t *spdm_context,
384 : void *spdm_session_info,
385 : size_t *th_hmac_buffer_size,
386 : void *th_hmac_buffer)
387 : {
388 : libspdm_session_info_t *session_info;
389 : void *secured_message_context;
390 : uint32_t hash_size;
391 : void *hash_context_th;
392 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
393 : bool result;
394 :
395 93 : session_info = spdm_session_info;
396 93 : secured_message_context = session_info->secured_message_context;
397 :
398 93 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
399 :
400 93 : LIBSPDM_ASSERT(*th_hmac_buffer_size >= hash_size);
401 93 : LIBSPDM_ASSERT(session_info->session_transcript.digest_context_th != NULL);
402 :
403 : /* duplicate the th context, because we still need use original context to continue.*/
404 93 : hash_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo);
405 93 : if (hash_context_th == NULL) {
406 0 : return false;
407 : }
408 93 : result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo,
409 93 : session_info->session_transcript.digest_context_th,
410 : hash_context_th);
411 93 : if (!result) {
412 0 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
413 0 : return false;
414 : }
415 93 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
416 : hash_context_th, hash_data);
417 93 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
418 93 : if (!result) {
419 0 : return false;
420 : }
421 :
422 93 : result = libspdm_hmac_all_with_request_finished_key (secured_message_context,
423 : hash_data, hash_size, th_hmac_buffer);
424 93 : if (!result) {
425 0 : return false;
426 : }
427 93 : *th_hmac_buffer_size = hash_size;
428 :
429 93 : return true;
430 : }
431 : #endif
432 :
433 58 : bool libspdm_calculate_th1_hash(libspdm_context_t *spdm_context,
434 : void *spdm_session_info,
435 : bool is_requester,
436 : uint8_t *th1_hash_data)
437 : {
438 : libspdm_session_info_t *session_info;
439 : bool result;
440 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
441 : uint8_t slot_id;
442 : uint8_t *cert_chain_buffer;
443 : size_t cert_chain_buffer_size;
444 : uint8_t *th_curr_data;
445 : size_t th_curr_data_size;
446 : libspdm_th_managed_buffer_t th_curr;
447 : #endif
448 : #if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE)
449 : size_t hash_size;
450 : #endif
451 :
452 58 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "Calc th1 hash ...\n"));
453 :
454 58 : session_info = spdm_session_info;
455 :
456 : #if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE)
457 58 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
458 : #endif
459 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
460 : if (!session_info->use_psk) {
461 : if (is_requester) {
462 : slot_id = session_info->peer_used_cert_chain_slot_id;
463 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
464 : if (slot_id == 0xFF) {
465 : result = libspdm_get_peer_public_key_buffer(
466 : spdm_context, (const void **)&cert_chain_buffer,
467 : &cert_chain_buffer_size);
468 : } else {
469 : libspdm_get_peer_cert_chain_buffer(
470 : spdm_context, slot_id, (const void **)&cert_chain_buffer,
471 : &cert_chain_buffer_size);
472 : result = true;
473 : }
474 : } else {
475 : slot_id = session_info->local_used_cert_chain_slot_id;
476 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
477 : if (slot_id == 0xFF) {
478 : result = libspdm_get_local_public_key_buffer(
479 : spdm_context, (const void **)&cert_chain_buffer,
480 : &cert_chain_buffer_size);
481 : } else {
482 : libspdm_get_local_cert_chain_buffer(
483 : spdm_context, slot_id, (const void **)&cert_chain_buffer,
484 : &cert_chain_buffer_size);
485 : result = true;
486 : }
487 : }
488 : if (!result) {
489 : return false;
490 : }
491 : } else {
492 : cert_chain_buffer = NULL;
493 : cert_chain_buffer_size = 0;
494 : }
495 :
496 : result = libspdm_calculate_th_for_exchange(
497 : spdm_context, session_info, cert_chain_buffer,
498 : cert_chain_buffer_size, &th_curr);
499 : if (!result) {
500 : return false;
501 : }
502 : th_curr_data = libspdm_get_managed_buffer(&th_curr);
503 : th_curr_data_size = libspdm_get_managed_buffer_size(&th_curr);
504 :
505 : result = libspdm_hash_all(spdm_context->connection_info.algorithm.base_hash_algo,
506 : th_curr_data, th_curr_data_size, th1_hash_data);
507 : if (!result) {
508 : return false;
509 : }
510 : #else
511 58 : result = libspdm_calculate_th_hash_for_exchange(
512 : spdm_context, session_info, &hash_size, th1_hash_data);
513 58 : if (!result) {
514 0 : return false;
515 : }
516 : #endif
517 58 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th1 hash - "));
518 58 : LIBSPDM_INTERNAL_DUMP_DATA(th1_hash_data, hash_size);
519 58 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
520 :
521 58 : return true;
522 : }
523 :
524 36 : bool libspdm_calculate_th2_hash(libspdm_context_t *spdm_context,
525 : void *spdm_session_info,
526 : bool is_requester,
527 : uint8_t *th2_hash_data)
528 : {
529 : libspdm_session_info_t *session_info;
530 : bool result;
531 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
532 : uint8_t slot_id;
533 : uint8_t *cert_chain_buffer;
534 : size_t cert_chain_buffer_size;
535 : uint8_t *mut_cert_chain_buffer;
536 : size_t mut_cert_chain_buffer_size;
537 : uint8_t *th_curr_data;
538 : size_t th_curr_data_size;
539 : libspdm_th_managed_buffer_t th_curr;
540 : #endif
541 : #if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE)
542 : size_t hash_size;
543 : #endif
544 :
545 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "Calc th2 hash ...\n"));
546 :
547 36 : session_info = spdm_session_info;
548 :
549 : #if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE)
550 36 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
551 : #endif
552 :
553 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
554 : if (!session_info->use_psk) {
555 : if (is_requester) {
556 : slot_id = session_info->peer_used_cert_chain_slot_id;
557 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
558 : if (slot_id == 0xFF) {
559 : result = libspdm_get_peer_public_key_buffer(
560 : spdm_context, (const void **)&cert_chain_buffer,
561 : &cert_chain_buffer_size);
562 : } else {
563 : libspdm_get_peer_cert_chain_buffer(
564 : spdm_context, slot_id, (const void **)&cert_chain_buffer,
565 : &cert_chain_buffer_size);
566 : result = true;
567 : }
568 : } else {
569 : slot_id = session_info->local_used_cert_chain_slot_id;
570 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
571 : if (slot_id == 0xFF) {
572 : result = libspdm_get_local_public_key_buffer(
573 : spdm_context, (const void **)&cert_chain_buffer,
574 : &cert_chain_buffer_size);
575 : } else {
576 : libspdm_get_local_cert_chain_buffer(
577 : spdm_context, slot_id, (const void **)&cert_chain_buffer,
578 : &cert_chain_buffer_size);
579 : result = true;
580 : }
581 : }
582 : if (!result) {
583 : return false;
584 : }
585 : if (session_info->mut_auth_requested != 0) {
586 : if (is_requester) {
587 : slot_id = session_info->local_used_cert_chain_slot_id;
588 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
589 : if (slot_id == 0xFF) {
590 : result = libspdm_get_local_public_key_buffer(
591 : spdm_context, (const void **)&mut_cert_chain_buffer,
592 : &mut_cert_chain_buffer_size);
593 : } else {
594 : libspdm_get_local_cert_chain_buffer(
595 : spdm_context, slot_id, (const void **)&mut_cert_chain_buffer,
596 : &mut_cert_chain_buffer_size);
597 : result = true;
598 : }
599 : } else {
600 : slot_id = session_info->peer_used_cert_chain_slot_id;
601 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
602 : if (slot_id == 0xFF) {
603 : result = libspdm_get_peer_public_key_buffer(
604 : spdm_context, (const void **)&mut_cert_chain_buffer,
605 : &mut_cert_chain_buffer_size);
606 : } else {
607 : libspdm_get_peer_cert_chain_buffer(
608 : spdm_context, slot_id, (const void **)&mut_cert_chain_buffer,
609 : &mut_cert_chain_buffer_size);
610 : result = true;
611 : }
612 : }
613 : if (!result) {
614 : return false;
615 : }
616 : } else {
617 : mut_cert_chain_buffer = NULL;
618 : mut_cert_chain_buffer_size = 0;
619 : }
620 : } else {
621 : cert_chain_buffer = NULL;
622 : cert_chain_buffer_size = 0;
623 : mut_cert_chain_buffer = NULL;
624 : mut_cert_chain_buffer_size = 0;
625 : }
626 :
627 : result = libspdm_calculate_th_for_finish(
628 : spdm_context, session_info, cert_chain_buffer,
629 : cert_chain_buffer_size, mut_cert_chain_buffer,
630 : mut_cert_chain_buffer_size, &th_curr);
631 : if (!result) {
632 : return false;
633 : }
634 : th_curr_data = libspdm_get_managed_buffer(&th_curr);
635 : th_curr_data_size = libspdm_get_managed_buffer_size(&th_curr);
636 :
637 : result = libspdm_hash_all(spdm_context->connection_info.algorithm.base_hash_algo,
638 : th_curr_data, th_curr_data_size, th2_hash_data);
639 : if (!result) {
640 : return false;
641 : }
642 : #else
643 36 : result = libspdm_calculate_th_hash_for_finish(
644 : spdm_context, session_info, &hash_size, th2_hash_data);
645 36 : if (!result) {
646 0 : return false;
647 : }
648 : #endif
649 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th2 hash - "));
650 36 : LIBSPDM_INTERNAL_DUMP_DATA(th2_hash_data, hash_size);
651 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
652 :
653 36 : return true;
654 : }
|
