Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_crypt_lib.h"
8 : #include "library/spdm_common_lib.h"
9 :
10 0 : uint32_t libspdm_get_pqc_asym_signature_size(uint32_t pqc_asym_algo)
11 : {
12 0 : switch (pqc_asym_algo) {
13 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
14 : #if LIBSPDM_ML_DSA_44_SUPPORT
15 : return 2420;
16 : #else
17 0 : return 0;
18 : #endif
19 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
20 : #if LIBSPDM_ML_DSA_65_SUPPORT
21 : return 3309;
22 : #else
23 0 : return 0;
24 : #endif
25 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
26 : #if LIBSPDM_ML_DSA_87_SUPPORT
27 : return 4627;
28 : #else
29 0 : return 0;
30 : #endif
31 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
32 : #if LIBSPDM_SLH_DSA_SHA2_128S_SUPPORT
33 : return 7856;
34 : #else
35 0 : return 0;
36 : #endif
37 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
38 : #if LIBSPDM_SLH_DSA_SHAKE_128S_SUPPORT
39 : return 7856;
40 : #else
41 0 : return 0;
42 : #endif
43 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
44 : #if LIBSPDM_SLH_DSA_SHA2_128F_SUPPORT
45 : return 17088;
46 : #else
47 0 : return 0;
48 : #endif
49 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
50 : #if LIBSPDM_SLH_DSA_SHAKE_128F_SUPPORT
51 : return 17088;
52 : #else
53 0 : return 0;
54 : #endif
55 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
56 : #if LIBSPDM_SLH_DSA_SHA2_192S_SUPPORT
57 : return 16224;
58 : #else
59 0 : return 0;
60 : #endif
61 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
62 : #if LIBSPDM_SLH_DSA_SHAKE_192S_SUPPORT
63 : return 16224;
64 : #else
65 0 : return 0;
66 : #endif
67 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
68 : #if LIBSPDM_SLH_DSA_SHA2_192F_SUPPORT
69 : return 35664;
70 : #else
71 0 : return 0;
72 : #endif
73 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
74 : #if LIBSPDM_SLH_DSA_SHAKE_192F_SUPPORT
75 : return 35664;
76 : #else
77 0 : return 0;
78 : #endif
79 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
80 : #if LIBSPDM_SLH_DSA_SHA2_256S_SUPPORT
81 : return 29792;
82 : #else
83 0 : return 0;
84 : #endif
85 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
86 : #if LIBSPDM_SLH_DSA_SHAKE_256S_SUPPORT
87 : return 29792;
88 : #else
89 0 : return 0;
90 : #endif
91 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
92 : #if LIBSPDM_SLH_DSA_SHA2_256F_SUPPORT
93 : return 49856;
94 : #else
95 0 : return 0;
96 : #endif
97 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
98 : #if LIBSPDM_SLH_DSA_SHAKE_256F_SUPPORT
99 : return 49856;
100 : #else
101 0 : return 0;
102 : #endif
103 0 : default:
104 0 : return 0;
105 : }
106 : }
107 :
108 0 : bool libspdm_pqc_asym_get_public_key_from_x509(uint32_t pqc_asym_algo,
109 : const uint8_t *cert,
110 : size_t cert_size,
111 : void **context)
112 : {
113 0 : switch (pqc_asym_algo) {
114 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
115 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
116 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
117 : #if LIBSPDM_ML_DSA_SUPPORT
118 : return libspdm_mldsa_get_public_key_from_x509(cert, cert_size, context);
119 : #else
120 0 : LIBSPDM_ASSERT(false);
121 0 : return false;
122 : #endif
123 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
124 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
125 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
126 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
127 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
128 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
129 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
130 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
131 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
132 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
133 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
134 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
135 : #if LIBSPDM_SLH_DSA_SUPPORT
136 : return libspdm_slhdsa_get_public_key_from_x509(cert, cert_size, context);
137 : #else
138 0 : LIBSPDM_ASSERT(false);
139 0 : return false;
140 : #endif
141 0 : default:
142 0 : LIBSPDM_ASSERT(false);
143 0 : return false;
144 : }
145 : }
146 :
147 0 : bool libspdm_pqc_asym_get_public_key_from_der(uint32_t pqc_asym_algo,
148 : const uint8_t *der_data,
149 : size_t der_size,
150 : void **context)
151 : {
152 0 : switch (pqc_asym_algo) {
153 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
154 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
155 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
156 : #if LIBSPDM_ML_DSA_SUPPORT
157 : return libspdm_mldsa_get_public_key_from_der(der_data, der_size, context);
158 : #else
159 0 : LIBSPDM_ASSERT(false);
160 0 : return false;
161 : #endif
162 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
163 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
164 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
165 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
166 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
167 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
168 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
169 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
170 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
171 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
172 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
173 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
174 : #if LIBSPDM_SLH_DSA_SUPPORT
175 : return libspdm_slhdsa_get_public_key_from_der(der_data, der_size, context);
176 : #else
177 0 : LIBSPDM_ASSERT(false);
178 0 : return false;
179 : #endif
180 0 : default:
181 0 : LIBSPDM_ASSERT(false);
182 0 : return false;
183 : }
184 : }
185 :
186 0 : void libspdm_pqc_asym_free(uint32_t pqc_asym_algo, void *context)
187 : {
188 0 : if (context == NULL) {
189 0 : return;
190 : }
191 0 : switch (pqc_asym_algo) {
192 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
193 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
194 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
195 : #if LIBSPDM_ML_DSA_SUPPORT
196 : libspdm_mldsa_free(context);
197 : #else
198 0 : LIBSPDM_ASSERT(false);
199 : #endif
200 0 : break;
201 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
202 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
203 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
204 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
205 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
206 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
207 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
208 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
209 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
210 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
211 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
212 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
213 : #if LIBSPDM_SLH_DSA_SUPPORT
214 : libspdm_slhdsa_free(context);
215 : #else
216 0 : LIBSPDM_ASSERT(false);
217 : #endif
218 0 : break;
219 0 : default:
220 0 : LIBSPDM_ASSERT(false);
221 0 : break;
222 : }
223 0 : return;
224 : }
225 :
226 0 : static bool libspdm_pqc_asym_sign_wrap (
227 : void *context, uint32_t pqc_asym_algo,
228 : const uint8_t *param, size_t param_size,
229 : const uint8_t *message, size_t message_size,
230 : uint8_t *signature, size_t *sig_size)
231 : {
232 0 : switch (pqc_asym_algo) {
233 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
234 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
235 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
236 : #if LIBSPDM_ML_DSA_SUPPORT
237 : return libspdm_mldsa_sign(context,
238 : param, param_size,
239 : message, message_size,
240 : signature, sig_size);
241 : #else
242 0 : LIBSPDM_ASSERT(false);
243 0 : return false;
244 : #endif
245 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
246 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
247 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
248 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
249 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
250 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
251 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
252 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
253 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
254 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
255 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
256 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
257 : #if LIBSPDM_SLH_DSA_SUPPORT
258 : return libspdm_slhdsa_sign(context,
259 : param, param_size,
260 : message, message_size,
261 : signature, sig_size);
262 : #else
263 0 : LIBSPDM_ASSERT(false);
264 0 : return false;
265 : #endif
266 0 : default:
267 0 : LIBSPDM_ASSERT(false);
268 0 : return false;
269 : }
270 : }
271 :
272 0 : static bool libspdm_pqc_asym_verify_wrap(
273 : void *context, uint32_t pqc_asym_algo,
274 : const uint8_t *param, size_t param_size,
275 : const uint8_t *message, size_t message_size,
276 : const uint8_t *signature, size_t sig_size)
277 : {
278 0 : switch (pqc_asym_algo) {
279 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
280 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
281 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
282 : #if LIBSPDM_ML_DSA_SUPPORT
283 : return libspdm_mldsa_verify(context,
284 : param, param_size,
285 : message, message_size,
286 : signature, sig_size);
287 : #else
288 0 : LIBSPDM_ASSERT(false);
289 0 : return false;
290 : #endif
291 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
292 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
293 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
294 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
295 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
296 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
297 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
298 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
299 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
300 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
301 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
302 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
303 : #if LIBSPDM_SLH_DSA_SUPPORT
304 : return libspdm_slhdsa_verify(context,
305 : param, param_size,
306 : message, message_size,
307 : signature, sig_size);
308 : #else
309 0 : LIBSPDM_ASSERT(false);
310 0 : return false;
311 : #endif
312 0 : default:
313 0 : LIBSPDM_ASSERT(false);
314 0 : return false;
315 : }
316 : }
317 :
318 0 : bool libspdm_pqc_asym_verify(
319 : spdm_version_number_t spdm_version, uint8_t op_code,
320 : uint32_t pqc_asym_algo, uint32_t base_hash_algo,
321 : void *context,
322 : const uint8_t *message, size_t message_size,
323 : const uint8_t *signature, size_t sig_size)
324 : {
325 : size_t hash_size;
326 : bool result;
327 : uint8_t spdm12_signing_context_with_hash[SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE +
328 : LIBSPDM_MAX_HASH_SIZE];
329 : const void *param;
330 : size_t param_size;
331 :
332 0 : param = libspdm_get_signing_context_string (spdm_version, op_code, false, ¶m_size);
333 :
334 0 : libspdm_create_signing_context (spdm_version, op_code, false,
335 : spdm12_signing_context_with_hash);
336 0 : hash_size = libspdm_get_hash_size(base_hash_algo);
337 0 : result = libspdm_hash_all(base_hash_algo, message, message_size,
338 : &spdm12_signing_context_with_hash[
339 : SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE]);
340 0 : if (!result) {
341 0 : return false;
342 : }
343 :
344 : /* re-assign message and message_size for signing */
345 0 : message = spdm12_signing_context_with_hash;
346 0 : message_size = SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE + hash_size;
347 :
348 0 : result = libspdm_pqc_asym_verify_wrap(context, pqc_asym_algo,
349 : param, param_size,
350 : message, message_size,
351 : signature, sig_size);
352 0 : return result;
353 : }
354 :
355 0 : bool libspdm_pqc_asym_verify_hash(
356 : spdm_version_number_t spdm_version, uint8_t op_code,
357 : uint32_t pqc_asym_algo, uint32_t base_hash_algo, void *context,
358 : const uint8_t *message_hash, size_t hash_size,
359 : const uint8_t *signature, size_t sig_size)
360 : {
361 : uint8_t *message;
362 : size_t message_size;
363 : uint8_t spdm12_signing_context_with_hash[SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE +
364 : LIBSPDM_MAX_HASH_SIZE];
365 : const void *param;
366 : size_t param_size;
367 :
368 0 : LIBSPDM_ASSERT (hash_size == libspdm_get_hash_size(base_hash_algo));
369 :
370 0 : param = libspdm_get_signing_context_string (spdm_version, op_code, false, ¶m_size);
371 :
372 0 : libspdm_create_signing_context (spdm_version, op_code, false,
373 : spdm12_signing_context_with_hash);
374 0 : libspdm_copy_mem(&spdm12_signing_context_with_hash[SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE],
375 : sizeof(spdm12_signing_context_with_hash) -
376 : SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE,
377 : message_hash, hash_size);
378 :
379 : /* assign message and message_size for signing */
380 0 : message = spdm12_signing_context_with_hash;
381 0 : message_size = SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE + hash_size;
382 :
383 0 : return libspdm_pqc_asym_verify_wrap(context, pqc_asym_algo,
384 : param, param_size,
385 : message, message_size,
386 : signature, sig_size);
387 : }
388 :
389 0 : bool libspdm_pqc_asym_sign(
390 : spdm_version_number_t spdm_version, uint8_t op_code,
391 : uint32_t pqc_asym_algo, uint32_t base_hash_algo,
392 : void *context, const uint8_t *message,
393 : size_t message_size, uint8_t *signature,
394 : size_t *sig_size)
395 : {
396 : size_t hash_size;
397 : bool result;
398 : uint8_t spdm12_signing_context_with_hash[SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE +
399 : LIBSPDM_MAX_HASH_SIZE];
400 : const void *param;
401 : size_t param_size;
402 :
403 0 : param = libspdm_get_signing_context_string (spdm_version, op_code, false, ¶m_size);
404 :
405 0 : libspdm_create_signing_context (spdm_version, op_code, false,
406 : spdm12_signing_context_with_hash);
407 0 : hash_size = libspdm_get_hash_size(base_hash_algo);
408 0 : result = libspdm_hash_all(base_hash_algo, message, message_size,
409 : &spdm12_signing_context_with_hash[
410 : SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE]);
411 0 : if (!result) {
412 0 : return false;
413 : }
414 :
415 : /* re-assign message and message_size for signing */
416 0 : message = spdm12_signing_context_with_hash;
417 0 : message_size = SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE + hash_size;
418 :
419 0 : return libspdm_pqc_asym_sign_wrap(context, pqc_asym_algo,
420 : param, param_size,
421 : message, message_size,
422 : signature, sig_size);
423 : }
424 :
425 0 : bool libspdm_pqc_asym_sign_hash(
426 : spdm_version_number_t spdm_version, uint8_t op_code,
427 : uint32_t pqc_asym_algo, uint32_t base_hash_algo,
428 : void *context, const uint8_t *message_hash,
429 : size_t hash_size, uint8_t *signature,
430 : size_t *sig_size)
431 : {
432 : uint8_t *message;
433 : size_t message_size;
434 : uint8_t spdm12_signing_context_with_hash[SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE +
435 : LIBSPDM_MAX_HASH_SIZE];
436 : const void *param;
437 : size_t param_size;
438 :
439 0 : LIBSPDM_ASSERT (hash_size == libspdm_get_hash_size(base_hash_algo));
440 :
441 0 : param = libspdm_get_signing_context_string (spdm_version, op_code, false, ¶m_size);
442 :
443 0 : libspdm_create_signing_context (spdm_version, op_code, false,
444 : spdm12_signing_context_with_hash);
445 0 : libspdm_copy_mem(&spdm12_signing_context_with_hash[SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE],
446 : sizeof(spdm12_signing_context_with_hash) -
447 : SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE,
448 : message_hash, hash_size);
449 :
450 : /* assign message and message_size for signing */
451 0 : message = spdm12_signing_context_with_hash;
452 0 : message_size = SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE + hash_size;
453 :
454 0 : return libspdm_pqc_asym_sign_wrap(context, pqc_asym_algo,
455 : param, param_size,
456 : message, message_size,
457 : signature, sig_size);
458 :
459 : }
460 :
461 0 : uint32_t libspdm_get_req_pqc_asym_signature_size(uint32_t req_pqc_asym_alg)
462 : {
463 0 : return libspdm_get_pqc_asym_signature_size(req_pqc_asym_alg);
464 : }
465 :
466 0 : bool libspdm_req_pqc_asym_get_public_key_from_x509(uint32_t pqc_asym_algo,
467 : const uint8_t *cert,
468 : size_t cert_size,
469 : void **context)
470 : {
471 0 : return libspdm_pqc_asym_get_public_key_from_x509(
472 : pqc_asym_algo, cert, cert_size, context);
473 : }
474 :
475 0 : bool libspdm_req_pqc_asym_get_public_key_from_der(uint32_t req_pqc_asym_alg,
476 : const uint8_t *der_data,
477 : size_t der_size,
478 : void **context)
479 : {
480 0 : return libspdm_pqc_asym_get_public_key_from_der(
481 : req_pqc_asym_alg, der_data, der_size, context);
482 : }
483 :
484 0 : void libspdm_req_pqc_asym_free(uint32_t req_pqc_asym_alg, void *context)
485 : {
486 0 : libspdm_pqc_asym_free(req_pqc_asym_alg, context);
487 0 : }
488 :
489 0 : bool libspdm_req_pqc_asym_verify(
490 : spdm_version_number_t spdm_version, uint8_t op_code,
491 : uint32_t req_pqc_asym_alg,
492 : uint32_t base_hash_algo, void *context,
493 : const uint8_t *message, size_t message_size,
494 : const uint8_t *signature, size_t sig_size)
495 : {
496 : size_t hash_size;
497 : bool result;
498 : uint8_t spdm12_signing_context_with_hash[SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE +
499 : LIBSPDM_MAX_HASH_SIZE];
500 : const void *param;
501 : size_t param_size;
502 :
503 0 : param = libspdm_get_signing_context_string (spdm_version, op_code, true, ¶m_size);
504 :
505 0 : libspdm_create_signing_context (spdm_version, op_code, true,
506 : spdm12_signing_context_with_hash);
507 0 : hash_size = libspdm_get_hash_size(base_hash_algo);
508 0 : result = libspdm_hash_all(base_hash_algo, message, message_size,
509 : &spdm12_signing_context_with_hash[
510 : SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE]);
511 0 : if (!result) {
512 0 : return false;
513 : }
514 :
515 : /* re-assign message and message_size for signing */
516 0 : message = spdm12_signing_context_with_hash;
517 0 : message_size = SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE + hash_size;
518 0 : result = libspdm_pqc_asym_verify_wrap(context, req_pqc_asym_alg,
519 : param, param_size,
520 : message, message_size,
521 : signature, sig_size);
522 :
523 0 : return result;
524 : }
525 :
526 0 : bool libspdm_req_pqc_asym_verify_hash(
527 : spdm_version_number_t spdm_version, uint8_t op_code,
528 : uint32_t req_pqc_asym_alg,
529 : uint32_t base_hash_algo, void *context,
530 : const uint8_t *message_hash, size_t hash_size,
531 : const uint8_t *signature, size_t sig_size)
532 : {
533 : uint8_t *message;
534 : size_t message_size;
535 : uint8_t spdm12_signing_context_with_hash[SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE +
536 : LIBSPDM_MAX_HASH_SIZE];
537 : const void *param;
538 : size_t param_size;
539 :
540 0 : LIBSPDM_ASSERT (hash_size == libspdm_get_hash_size(base_hash_algo));
541 :
542 0 : param = libspdm_get_signing_context_string (spdm_version, op_code, true, ¶m_size);
543 :
544 0 : libspdm_create_signing_context (spdm_version, op_code, true,
545 : spdm12_signing_context_with_hash);
546 0 : libspdm_copy_mem(&spdm12_signing_context_with_hash[SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE],
547 : sizeof(spdm12_signing_context_with_hash) -
548 : SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE,
549 : message_hash, hash_size);
550 :
551 : /* assign message and message_size for signing */
552 0 : message = spdm12_signing_context_with_hash;
553 0 : message_size = SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE + hash_size;
554 :
555 0 : return libspdm_pqc_asym_verify_wrap(context, req_pqc_asym_alg,
556 : param, param_size,
557 : message, message_size,
558 : signature, sig_size);
559 : }
560 :
561 0 : bool libspdm_req_pqc_asym_sign(
562 : spdm_version_number_t spdm_version, uint8_t op_code,
563 : uint32_t req_pqc_asym_alg,
564 : uint32_t base_hash_algo, void *context,
565 : const uint8_t *message, size_t message_size,
566 : uint8_t *signature, size_t *sig_size)
567 : {
568 : size_t hash_size;
569 : bool result;
570 : uint8_t spdm12_signing_context_with_hash[SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE +
571 : LIBSPDM_MAX_HASH_SIZE];
572 : const void *param;
573 : size_t param_size;
574 :
575 0 : param = libspdm_get_signing_context_string (spdm_version, op_code, true, ¶m_size);
576 :
577 0 : libspdm_create_signing_context (spdm_version, op_code, true,
578 : spdm12_signing_context_with_hash);
579 0 : hash_size = libspdm_get_hash_size(base_hash_algo);
580 0 : result = libspdm_hash_all(base_hash_algo, message, message_size,
581 : &spdm12_signing_context_with_hash[
582 : SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE]);
583 0 : if (!result) {
584 0 : return false;
585 : }
586 :
587 : /* re-assign message and message_size for signing */
588 0 : message = spdm12_signing_context_with_hash;
589 0 : message_size = SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE + hash_size;
590 :
591 0 : return libspdm_pqc_asym_sign_wrap(context, req_pqc_asym_alg,
592 : param, param_size,
593 : message, message_size,
594 : signature, sig_size);
595 : }
596 :
597 0 : bool libspdm_req_pqc_asym_sign_hash(
598 : spdm_version_number_t spdm_version, uint8_t op_code,
599 : uint32_t req_pqc_asym_alg,
600 : uint32_t base_hash_algo, void *context,
601 : const uint8_t *message_hash, size_t hash_size,
602 : uint8_t *signature, size_t *sig_size)
603 : {
604 : uint8_t *message;
605 : size_t message_size;
606 : uint8_t spdm12_signing_context_with_hash[SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE +
607 : LIBSPDM_MAX_HASH_SIZE];
608 : const void *param;
609 : size_t param_size;
610 :
611 0 : LIBSPDM_ASSERT (hash_size == libspdm_get_hash_size(base_hash_algo));
612 :
613 0 : param = libspdm_get_signing_context_string (spdm_version, op_code, true, ¶m_size);
614 :
615 0 : libspdm_create_signing_context (spdm_version, op_code, true,
616 : spdm12_signing_context_with_hash);
617 0 : libspdm_copy_mem(&spdm12_signing_context_with_hash[SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE],
618 : sizeof(spdm12_signing_context_with_hash) -
619 : SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE,
620 : message_hash, hash_size);
621 :
622 : /* assign message and message_size for signing */
623 0 : message = spdm12_signing_context_with_hash;
624 0 : message_size = SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE + hash_size;
625 :
626 0 : return libspdm_pqc_asym_sign_wrap(context, req_pqc_asym_alg,
627 : param, param_size,
628 : message, message_size,
629 : signature, sig_size);
630 : }
|