Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_secured_message_lib.h"
8 :
9 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
10 : /*
11 : * This function calculates current TH data with message A and message K.
12 : *
13 : * @param spdm_context A pointer to the SPDM context.
14 : * @param session_info The SPDM session ID.
15 : * @param cert_chain_buffer Certificate chain buffer with spdm_cert_chain_t header.
16 : * @param cert_chain_buffer_size size in bytes of the certificate chain buffer.
17 : * @param th_data_buffer_size size in bytes of the th_data_buffer
18 : * @param th_data_buffer The buffer to store the th_data_buffer
19 : *
20 : * @retval RETURN_SUCCESS current TH data is calculated.
21 : */
22 : bool libspdm_calculate_th_for_exchange(
23 : libspdm_context_t *spdm_context, void *spdm_session_info, const uint8_t *cert_chain_buffer,
24 : size_t cert_chain_buffer_size,
25 : libspdm_th_managed_buffer_t *th_curr)
26 : {
27 : libspdm_session_info_t *session_info;
28 : uint8_t cert_chain_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
29 : uint32_t hash_size;
30 : libspdm_return_t status;
31 : bool result;
32 :
33 : session_info = spdm_session_info;
34 :
35 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
36 :
37 : libspdm_init_managed_buffer(th_curr, sizeof(th_curr->buffer));
38 :
39 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_a data :\n"));
40 : LIBSPDM_INTERNAL_DUMP_HEX(
41 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
42 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
43 : status = libspdm_append_managed_buffer(
44 : th_curr,
45 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
46 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
47 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
48 : return false;
49 : }
50 :
51 : if (cert_chain_buffer != NULL) {
52 : if (spdm_context->connection_info.multi_key_conn_rsp) {
53 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_d data :\n"));
54 : LIBSPDM_INTERNAL_DUMP_HEX(
55 : libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
56 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
57 : status = libspdm_append_managed_buffer(
58 : th_curr,
59 : libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
60 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
61 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
62 : return false;
63 : }
64 : }
65 :
66 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_message_ct data :\n"));
67 : LIBSPDM_INTERNAL_DUMP_HEX(cert_chain_buffer, cert_chain_buffer_size);
68 : result = libspdm_hash_all(
69 : spdm_context->connection_info.algorithm.base_hash_algo,
70 : cert_chain_buffer, cert_chain_buffer_size,
71 : cert_chain_buffer_hash);
72 : if (!result) {
73 : return false;
74 : }
75 : status = libspdm_append_managed_buffer(th_curr, cert_chain_buffer_hash, hash_size);
76 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
77 : return false;
78 : }
79 : }
80 :
81 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_k data :\n"));
82 : LIBSPDM_INTERNAL_DUMP_HEX(
83 : libspdm_get_managed_buffer(&session_info->session_transcript.message_k),
84 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_k));
85 : status = libspdm_append_managed_buffer(
86 : th_curr,
87 : libspdm_get_managed_buffer(&session_info->session_transcript.message_k),
88 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_k));
89 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
90 : return false;
91 : }
92 :
93 : return true;
94 : }
95 : #else
96 : /*
97 : * This function calculates current TH hash with message A and message K.
98 : *
99 : * @param spdm_context A pointer to the SPDM context.
100 : * @param session_info The SPDM session ID.
101 : * @param th_hash_buffer_size size in bytes of the th_hash_buffer
102 : * @param th_hash_buffer The buffer to store the th_hash_buffer
103 : *
104 : * @retval RETURN_SUCCESS current TH hash is calculated.
105 : */
106 90 : bool libspdm_calculate_th_hash_for_exchange(
107 : libspdm_context_t *spdm_context, void *spdm_session_info,
108 : size_t *th_hash_buffer_size, void *th_hash_buffer)
109 : {
110 : libspdm_session_info_t *session_info;
111 : uint32_t hash_size;
112 : void *digest_context_th;
113 : bool result;
114 :
115 90 : session_info = spdm_session_info;
116 :
117 90 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
118 :
119 90 : LIBSPDM_ASSERT(*th_hash_buffer_size >= hash_size);
120 :
121 : /* duplicate the th context, because we still need use original context to continue.*/
122 90 : digest_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo);
123 90 : if (digest_context_th == NULL) {
124 0 : return false;
125 : }
126 90 : result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo,
127 90 : session_info->session_transcript.digest_context_th,
128 : digest_context_th);
129 90 : if (!result) {
130 0 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo,
131 : digest_context_th);
132 0 : return false;
133 : }
134 90 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
135 : digest_context_th, th_hash_buffer);
136 90 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, digest_context_th);
137 90 : if (!result) {
138 0 : return false;
139 : }
140 :
141 90 : *th_hash_buffer_size = hash_size;
142 :
143 90 : return true;
144 : }
145 :
146 : /*
147 : * This function calculates current TH hmac with message A and message K, with response finished_key.
148 : *
149 : * @param spdm_context A pointer to the SPDM context.
150 : * @param session_info The SPDM session ID.
151 : * @param th_hmac_buffer_size size in bytes of the th_hmac_buffer
152 : * @param th_hmac_buffer The buffer to store the th_hmac_buffer
153 : *
154 : * @retval RETURN_SUCCESS current TH hmac is calculated.
155 : */
156 53 : bool libspdm_calculate_th_hmac_for_exchange_rsp(
157 : libspdm_context_t *spdm_context, void *spdm_session_info, bool is_requester,
158 : size_t *th_hmac_buffer_size, void *th_hmac_buffer)
159 : {
160 : libspdm_session_info_t *session_info;
161 : void *secured_message_context;
162 : uint32_t hash_size;
163 : void *hash_context_th;
164 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
165 : bool result;
166 :
167 53 : session_info = spdm_session_info;
168 53 : secured_message_context = session_info->secured_message_context;
169 :
170 53 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
171 :
172 53 : LIBSPDM_ASSERT(*th_hmac_buffer_size >= hash_size);
173 :
174 : /* duplicate the th context, because we still need use original context to continue.*/
175 53 : hash_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo);
176 53 : if (hash_context_th == NULL) {
177 0 : return false;
178 : }
179 53 : result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo,
180 53 : session_info->session_transcript.digest_context_th,
181 : hash_context_th);
182 53 : if (!result) {
183 0 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
184 0 : return false;
185 : }
186 53 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
187 : hash_context_th, hash_data);
188 53 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
189 53 : if (!result) {
190 0 : return false;
191 : }
192 :
193 53 : result = libspdm_hmac_all_with_response_finished_key (secured_message_context,
194 : hash_data, hash_size, th_hmac_buffer);
195 53 : if (!result) {
196 0 : return false;
197 : }
198 53 : *th_hmac_buffer_size = hash_size;
199 :
200 53 : return true;
201 : }
202 : #endif
203 :
204 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
205 : /*
206 : * This function calculates current TH data with message A, message K and message F.
207 : *
208 : * @param spdm_context A pointer to the SPDM context.
209 : * @param session_info The SPDM session ID.
210 : * @param cert_chain_buffer Certificate chain buffer with spdm_cert_chain_t header.
211 : * @param cert_chain_buffer_size size in bytes of the certificate chain buffer.
212 : * @param mut_cert_chain_buffer Certificate chain buffer with spdm_cert_chain_t header in mutual authentication.
213 : * @param mut_cert_chain_buffer_size size in bytes of the certificate chain buffer in mutual authentication.
214 : * @param th_data_buffer_size size in bytes of the th_data_buffer
215 : * @param th_data_buffer The buffer to store the th_data_buffer
216 : *
217 : * @retval RETURN_SUCCESS current TH data is calculated.
218 : */
219 : bool libspdm_calculate_th_for_finish(libspdm_context_t *spdm_context,
220 : void *spdm_session_info,
221 : const uint8_t *cert_chain_buffer,
222 : size_t cert_chain_buffer_size,
223 : const uint8_t *mut_cert_chain_buffer,
224 : size_t mut_cert_chain_buffer_size,
225 : libspdm_th_managed_buffer_t *th_curr)
226 : {
227 : libspdm_session_info_t *session_info;
228 : uint8_t cert_chain_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
229 : uint8_t mut_cert_chain_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
230 : uint32_t hash_size;
231 : libspdm_return_t status;
232 : bool result;
233 :
234 : session_info = spdm_session_info;
235 :
236 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
237 :
238 : libspdm_init_managed_buffer(th_curr, sizeof(th_curr->buffer));
239 :
240 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_a data :\n"));
241 : LIBSPDM_INTERNAL_DUMP_HEX(
242 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
243 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
244 : status = libspdm_append_managed_buffer(
245 : th_curr,
246 : libspdm_get_managed_buffer(&spdm_context->transcript.message_a),
247 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_a));
248 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
249 : return false;
250 : }
251 :
252 : if (cert_chain_buffer != NULL) {
253 : if (spdm_context->connection_info.multi_key_conn_rsp) {
254 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_d data :\n"));
255 : LIBSPDM_INTERNAL_DUMP_HEX(
256 : libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
257 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
258 : status = libspdm_append_managed_buffer(
259 : th_curr,
260 : libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
261 : libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
262 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
263 : return false;
264 : }
265 : }
266 :
267 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_message_ct data :\n"));
268 : LIBSPDM_INTERNAL_DUMP_HEX(cert_chain_buffer, cert_chain_buffer_size);
269 : result = libspdm_hash_all(
270 : spdm_context->connection_info.algorithm.base_hash_algo,
271 : cert_chain_buffer, cert_chain_buffer_size,
272 : cert_chain_buffer_hash);
273 : if (!result) {
274 : return false;
275 : }
276 : status = libspdm_append_managed_buffer(th_curr, cert_chain_buffer_hash, hash_size);
277 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
278 : return false;
279 : }
280 : }
281 :
282 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_k data :\n"));
283 : LIBSPDM_INTERNAL_DUMP_HEX(
284 : libspdm_get_managed_buffer(&session_info->session_transcript.message_k),
285 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_k));
286 : status = libspdm_append_managed_buffer(
287 : th_curr,
288 : libspdm_get_managed_buffer(&session_info->session_transcript.message_k),
289 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_k));
290 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
291 : return false;
292 : }
293 :
294 : if (mut_cert_chain_buffer != NULL) {
295 : if (spdm_context->connection_info.multi_key_conn_req) {
296 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_encap_d data :\n"));
297 : LIBSPDM_INTERNAL_DUMP_HEX(
298 : libspdm_get_managed_buffer(&session_info->session_transcript.message_encap_d),
299 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_encap_d));
300 : status = libspdm_append_managed_buffer(
301 : th_curr,
302 : libspdm_get_managed_buffer(&session_info->session_transcript.message_encap_d),
303 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_encap_d));
304 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
305 : return false;
306 : }
307 : }
308 :
309 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_message_cm data :\n"));
310 : LIBSPDM_INTERNAL_DUMP_HEX(mut_cert_chain_buffer, mut_cert_chain_buffer_size);
311 : result = libspdm_hash_all(
312 : spdm_context->connection_info.algorithm.base_hash_algo,
313 : mut_cert_chain_buffer, mut_cert_chain_buffer_size,
314 : mut_cert_chain_buffer_hash);
315 : if (!result) {
316 : return false;
317 : }
318 : status = libspdm_append_managed_buffer(th_curr, mut_cert_chain_buffer_hash, hash_size);
319 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
320 : return false;
321 : }
322 : }
323 :
324 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_f data :\n"));
325 : LIBSPDM_INTERNAL_DUMP_HEX(
326 : libspdm_get_managed_buffer(&session_info->session_transcript.message_f),
327 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_f));
328 : status = libspdm_append_managed_buffer(
329 : th_curr,
330 : libspdm_get_managed_buffer(&session_info->session_transcript.message_f),
331 : libspdm_get_managed_buffer_size(&session_info->session_transcript.message_f));
332 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
333 : return false;
334 : }
335 :
336 : return true;
337 : }
338 : #else
339 : /*
340 : * This function calculates current TH hash with message A, message K and message F.
341 : *
342 : * @param spdm_context A pointer to the SPDM context.
343 : * @param session_info The SPDM session ID.
344 : * @param th_hash_buffer_size size in bytes of the th_hash_buffer
345 : * @param th_hash_buffer The buffer to store the th_hash_buffer
346 : *
347 : * @retval RETURN_SUCCESS current TH hash is calculated.
348 : */
349 48 : bool libspdm_calculate_th_hash_for_finish(libspdm_context_t *spdm_context,
350 : void *spdm_session_info,
351 : size_t *th_hash_buffer_size,
352 : void *th_hash_buffer)
353 : {
354 : libspdm_session_info_t *session_info;
355 : uint32_t hash_size;
356 : void *digest_context_th;
357 : bool result;
358 :
359 48 : session_info = spdm_session_info;
360 :
361 48 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
362 :
363 48 : LIBSPDM_ASSERT(*th_hash_buffer_size >= hash_size);
364 :
365 : /* duplicate the th context, because we still need use original context to continue.*/
366 48 : digest_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo);
367 48 : if (digest_context_th == NULL) {
368 0 : return false;
369 : }
370 48 : result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo,
371 48 : session_info->session_transcript.digest_context_th,
372 : digest_context_th);
373 48 : if (!result) {
374 0 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo,
375 : digest_context_th);
376 0 : return false;
377 : }
378 48 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
379 : digest_context_th, th_hash_buffer);
380 48 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, digest_context_th);
381 48 : if (!result) {
382 0 : return false;
383 : }
384 :
385 48 : *th_hash_buffer_size = hash_size;
386 :
387 48 : return true;
388 : }
389 :
390 : /*
391 : * This function calculates current TH hmac with message A, message K and message F, with response finished_key.
392 : *
393 : * @param spdm_context A pointer to the SPDM context.
394 : * @param session_info The SPDM session ID.
395 : * @param th_hmac_buffer_size size in bytes of the th_hmac_buffer
396 : * @param th_hmac_buffer The buffer to store the th_hmac_buffer
397 : *
398 : * @retval RETURN_SUCCESS current TH hmac is calculated.
399 : */
400 21 : bool libspdm_calculate_th_hmac_for_finish_rsp(libspdm_context_t *spdm_context,
401 : void *spdm_session_info,
402 : size_t *th_hmac_buffer_size,
403 : void *th_hmac_buffer)
404 : {
405 : libspdm_session_info_t *session_info;
406 : void *secured_message_context;
407 : uint32_t hash_size;
408 : void *hash_context_th;
409 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
410 : bool result;
411 :
412 21 : session_info = spdm_session_info;
413 21 : secured_message_context = session_info->secured_message_context;
414 :
415 21 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
416 :
417 21 : LIBSPDM_ASSERT(*th_hmac_buffer_size >= hash_size);
418 21 : LIBSPDM_ASSERT(session_info->session_transcript.digest_context_th != NULL);
419 :
420 : /* duplicate the th context, because we still need use original context to continue.*/
421 21 : hash_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo);
422 21 : if (hash_context_th == NULL) {
423 0 : return false;
424 : }
425 21 : result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo,
426 21 : session_info->session_transcript.digest_context_th,
427 : hash_context_th);
428 21 : if (!result) {
429 0 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
430 0 : return false;
431 : }
432 21 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
433 : hash_context_th, hash_data);
434 21 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
435 21 : if (!result) {
436 0 : return false;
437 : }
438 :
439 21 : result = libspdm_hmac_all_with_response_finished_key (secured_message_context,
440 : hash_data, hash_size, th_hmac_buffer);
441 21 : if (!result) {
442 0 : return false;
443 : }
444 21 : *th_hmac_buffer_size = hash_size;
445 :
446 21 : return true;
447 : }
448 :
449 : /*
450 : * This function calculates current TH hmac with message A, message K and message F, with request finished_key.
451 : *
452 : * @param spdm_context A pointer to the SPDM context.
453 : * @param session_info The SPDM session ID.
454 : * @param th_hmac_buffer_size size in bytes of the th_hmac_buffer
455 : * @param th_hmac_buffer The buffer to store the th_hmac_buffer
456 : *
457 : * @retval RETURN_SUCCESS current TH hmac is calculated.
458 : */
459 89 : bool libspdm_calculate_th_hmac_for_finish_req(libspdm_context_t *spdm_context,
460 : void *spdm_session_info,
461 : size_t *th_hmac_buffer_size,
462 : void *th_hmac_buffer)
463 : {
464 : libspdm_session_info_t *session_info;
465 : void *secured_message_context;
466 : uint32_t hash_size;
467 : void *hash_context_th;
468 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
469 : bool result;
470 :
471 89 : session_info = spdm_session_info;
472 89 : secured_message_context = session_info->secured_message_context;
473 :
474 89 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
475 :
476 89 : LIBSPDM_ASSERT(*th_hmac_buffer_size >= hash_size);
477 89 : LIBSPDM_ASSERT(session_info->session_transcript.digest_context_th != NULL);
478 :
479 : /* duplicate the th context, because we still need use original context to continue.*/
480 89 : hash_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo);
481 89 : if (hash_context_th == NULL) {
482 0 : return false;
483 : }
484 89 : result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo,
485 89 : session_info->session_transcript.digest_context_th,
486 : hash_context_th);
487 89 : if (!result) {
488 0 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
489 0 : return false;
490 : }
491 89 : result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo,
492 : hash_context_th, hash_data);
493 89 : libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th);
494 89 : if (!result) {
495 0 : return false;
496 : }
497 :
498 89 : result = libspdm_hmac_all_with_request_finished_key (secured_message_context,
499 : hash_data, hash_size, th_hmac_buffer);
500 89 : if (!result) {
501 0 : return false;
502 : }
503 89 : *th_hmac_buffer_size = hash_size;
504 :
505 89 : return true;
506 : }
507 : #endif
508 :
509 : /*
510 : * This function calculates th1 hash.
511 : *
512 : * @param spdm_context A pointer to the SPDM context.
513 : * @param session_info The SPDM session ID.
514 : * @param is_requester Indicate of the key generation for a requester or a responder.
515 : * @param th1_hash_data th1 hash
516 : *
517 : * @retval RETURN_SUCCESS th1 hash is calculated.
518 : */
519 57 : bool libspdm_calculate_th1_hash(libspdm_context_t *spdm_context,
520 : void *spdm_session_info,
521 : bool is_requester,
522 : uint8_t *th1_hash_data)
523 : {
524 : libspdm_session_info_t *session_info;
525 : bool result;
526 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
527 : uint8_t slot_id;
528 : uint8_t *cert_chain_buffer;
529 : size_t cert_chain_buffer_size;
530 : uint8_t *th_curr_data;
531 : size_t th_curr_data_size;
532 : libspdm_th_managed_buffer_t th_curr;
533 : #endif
534 : #if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE)
535 : size_t hash_size;
536 : #endif
537 :
538 57 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "Calc th1 hash ...\n"));
539 :
540 57 : session_info = spdm_session_info;
541 :
542 : #if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE)
543 57 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
544 : #endif
545 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
546 : if (!session_info->use_psk) {
547 : if (is_requester) {
548 : slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id;
549 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
550 : if (slot_id == 0xFF) {
551 : result = libspdm_get_peer_public_key_buffer(
552 : spdm_context, (const void **)&cert_chain_buffer,
553 : &cert_chain_buffer_size);
554 : } else {
555 : result = libspdm_get_peer_cert_chain_buffer(
556 : spdm_context, (const void **)&cert_chain_buffer,
557 : &cert_chain_buffer_size);
558 : }
559 : } else {
560 : slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
561 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
562 : if (slot_id == 0xFF) {
563 : result = libspdm_get_local_public_key_buffer(
564 : spdm_context, (const void **)&cert_chain_buffer,
565 : &cert_chain_buffer_size);
566 : } else {
567 : result = libspdm_get_local_cert_chain_buffer(
568 : spdm_context, (const void **)&cert_chain_buffer,
569 : &cert_chain_buffer_size);
570 : }
571 : }
572 : if (!result) {
573 : return false;
574 : }
575 : } else {
576 : cert_chain_buffer = NULL;
577 : cert_chain_buffer_size = 0;
578 : }
579 :
580 : result = libspdm_calculate_th_for_exchange(
581 : spdm_context, session_info, cert_chain_buffer,
582 : cert_chain_buffer_size, &th_curr);
583 : if (!result) {
584 : return false;
585 : }
586 : th_curr_data = libspdm_get_managed_buffer(&th_curr);
587 : th_curr_data_size = libspdm_get_managed_buffer_size(&th_curr);
588 :
589 : result = libspdm_hash_all(spdm_context->connection_info.algorithm.base_hash_algo,
590 : th_curr_data, th_curr_data_size, th1_hash_data);
591 : if (!result) {
592 : return false;
593 : }
594 : #else
595 57 : result = libspdm_calculate_th_hash_for_exchange(
596 : spdm_context, session_info, &hash_size, th1_hash_data);
597 57 : if (!result) {
598 0 : return false;
599 : }
600 : #endif
601 57 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th1 hash - "));
602 57 : LIBSPDM_INTERNAL_DUMP_DATA(th1_hash_data, hash_size);
603 57 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
604 :
605 57 : return true;
606 : }
607 :
608 : /*
609 : * This function calculates th2 hash.
610 : *
611 : * @param spdm_context A pointer to the SPDM context.
612 : * @param session_info The SPDM session ID.
613 : * @param is_requester Indicate of the key generation for a requester or a responder.
614 : * @param th1_hash_data th2 hash
615 : *
616 : * @retval RETURN_SUCCESS th2 hash is calculated.
617 : */
618 32 : bool libspdm_calculate_th2_hash(libspdm_context_t *spdm_context,
619 : void *spdm_session_info,
620 : bool is_requester,
621 : uint8_t *th2_hash_data)
622 : {
623 : libspdm_session_info_t *session_info;
624 : bool result;
625 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
626 : uint8_t slot_id;
627 : uint8_t *cert_chain_buffer;
628 : size_t cert_chain_buffer_size;
629 : uint8_t *mut_cert_chain_buffer;
630 : size_t mut_cert_chain_buffer_size;
631 : uint8_t *th_curr_data;
632 : size_t th_curr_data_size;
633 : libspdm_th_managed_buffer_t th_curr;
634 : #endif
635 : #if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE)
636 : size_t hash_size;
637 : #endif
638 :
639 32 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "Calc th2 hash ...\n"));
640 :
641 32 : session_info = spdm_session_info;
642 :
643 : #if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE)
644 32 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
645 : #endif
646 :
647 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
648 : if (!session_info->use_psk) {
649 : if (is_requester) {
650 : slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id;
651 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
652 : if (slot_id == 0xFF) {
653 : result = libspdm_get_peer_public_key_buffer(
654 : spdm_context, (const void **)&cert_chain_buffer,
655 : &cert_chain_buffer_size);
656 : } else {
657 : result = libspdm_get_peer_cert_chain_buffer(
658 : spdm_context, (const void **)&cert_chain_buffer,
659 : &cert_chain_buffer_size);
660 : }
661 : } else {
662 : slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
663 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
664 : if (slot_id == 0xFF) {
665 : result = libspdm_get_local_public_key_buffer(
666 : spdm_context, (const void **)&cert_chain_buffer,
667 : &cert_chain_buffer_size);
668 : } else {
669 : result = libspdm_get_local_cert_chain_buffer(
670 : spdm_context, (const void **)&cert_chain_buffer,
671 : &cert_chain_buffer_size);
672 : }
673 : }
674 : if (!result) {
675 : return false;
676 : }
677 : if (session_info->mut_auth_requested != 0) {
678 : if (is_requester) {
679 : slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
680 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
681 : if (slot_id == 0xFF) {
682 : result = libspdm_get_local_public_key_buffer(
683 : spdm_context, (const void **)&mut_cert_chain_buffer,
684 : &mut_cert_chain_buffer_size);
685 : } else {
686 : result = libspdm_get_local_cert_chain_buffer(
687 : spdm_context, (const void **)&mut_cert_chain_buffer,
688 : &mut_cert_chain_buffer_size);
689 : }
690 : } else {
691 : slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id;
692 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
693 : if (slot_id == 0xFF) {
694 : result = libspdm_get_peer_public_key_buffer(
695 : spdm_context, (const void **)&mut_cert_chain_buffer,
696 : &mut_cert_chain_buffer_size);
697 : } else {
698 : result = libspdm_get_peer_cert_chain_buffer(
699 : spdm_context, (const void **)&mut_cert_chain_buffer,
700 : &mut_cert_chain_buffer_size);
701 : }
702 : }
703 : if (!result) {
704 : return false;
705 : }
706 : } else {
707 : mut_cert_chain_buffer = NULL;
708 : mut_cert_chain_buffer_size = 0;
709 : }
710 : } else {
711 : cert_chain_buffer = NULL;
712 : cert_chain_buffer_size = 0;
713 : mut_cert_chain_buffer = NULL;
714 : mut_cert_chain_buffer_size = 0;
715 : }
716 :
717 : result = libspdm_calculate_th_for_finish(
718 : spdm_context, session_info, cert_chain_buffer,
719 : cert_chain_buffer_size, mut_cert_chain_buffer,
720 : mut_cert_chain_buffer_size, &th_curr);
721 : if (!result) {
722 : return false;
723 : }
724 : th_curr_data = libspdm_get_managed_buffer(&th_curr);
725 : th_curr_data_size = libspdm_get_managed_buffer_size(&th_curr);
726 :
727 : result = libspdm_hash_all(spdm_context->connection_info.algorithm.base_hash_algo,
728 : th_curr_data, th_curr_data_size, th2_hash_data);
729 : if (!result) {
730 : return false;
731 : }
732 : #else
733 32 : result = libspdm_calculate_th_hash_for_finish(
734 : spdm_context, session_info, &hash_size, th2_hash_data);
735 32 : if (!result) {
736 0 : return false;
737 : }
738 : #endif
739 32 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th2 hash - "));
740 32 : LIBSPDM_INTERNAL_DUMP_DATA(th2_hash_data, hash_size);
741 32 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
742 :
743 32 : return true;
744 : }
|
