Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_requester_lib.h"
8 :
9 : #if (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (LIBSPDM_ENABLE_CAPABILITY_CERT_CAP)
10 :
11 1413 : libspdm_return_t libspdm_get_encap_response_certificate(void *spdm_context,
12 : size_t request_size,
13 : void *request,
14 : size_t *response_size,
15 : void *response)
16 : {
17 : spdm_get_certificate_large_request_t *spdm_request;
18 : spdm_certificate_large_response_t *spdm_response;
19 : uint32_t offset;
20 : uint32_t length;
21 : uint32_t remainder_length;
22 : uint8_t slot_id;
23 : libspdm_context_t *context;
24 : libspdm_return_t status;
25 : size_t response_capacity;
26 : bool use_large_cert_chain;
27 : uint32_t req_msg_header_size;
28 : uint32_t rsp_msg_header_size;
29 : size_t cert_chain_size;
30 : uint32_t max_cert_chain_block_size;
31 :
32 1413 : context = spdm_context;
33 1413 : spdm_request = request;
34 :
35 1413 : if (libspdm_get_connection_version(context) < SPDM_MESSAGE_VERSION_11) {
36 0 : return libspdm_generate_encap_error_response(
37 : context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
38 : SPDM_GET_CERTIFICATE, response_size, response);
39 : }
40 :
41 1413 : if (spdm_request->header.spdm_version != libspdm_get_connection_version(context)) {
42 0 : return libspdm_generate_encap_error_response(
43 : context, SPDM_ERROR_CODE_VERSION_MISMATCH,
44 : 0, response_size, response);
45 : }
46 :
47 1413 : if (!libspdm_is_capabilities_flag_supported(
48 : context, true,
49 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP, 0)) {
50 0 : return libspdm_generate_encap_error_response(
51 : context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
52 : SPDM_GET_CERTIFICATE, response_size, response);
53 : }
54 :
55 1413 : if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_14) &&
56 0 : ((spdm_request->header.param1 & SPDM_GET_CERTIFICATE_REQUEST_LARGE_CERT_CHAIN) != 0)) {
57 0 : if (!libspdm_is_capabilities_flag_supported(
58 : context, true,
59 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_LARGE_RESP_CAP, 0)) {
60 0 : return libspdm_generate_encap_error_response(
61 : context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
62 : SPDM_GET_CERTIFICATE, response_size, response);
63 : }
64 0 : use_large_cert_chain = true;
65 : } else {
66 1413 : use_large_cert_chain = false;
67 : }
68 :
69 1413 : if (use_large_cert_chain) {
70 0 : req_msg_header_size = sizeof(spdm_get_certificate_large_request_t);
71 0 : rsp_msg_header_size = sizeof(spdm_certificate_large_response_t);
72 : } else {
73 1413 : req_msg_header_size = sizeof(spdm_get_certificate_request_t);
74 1413 : rsp_msg_header_size = sizeof(spdm_certificate_response_t);
75 : }
76 :
77 1413 : if (request_size < req_msg_header_size) {
78 0 : return libspdm_generate_encap_error_response(
79 : context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
80 : response_size, response);
81 : }
82 :
83 1413 : slot_id = spdm_request->header.param1 & SPDM_GET_CERTIFICATE_REQUEST_SLOT_ID_MASK;
84 :
85 1413 : if (slot_id >= SPDM_MAX_SLOT_COUNT) {
86 0 : return libspdm_generate_encap_error_response(
87 : context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
88 : response_size, response);
89 : }
90 :
91 1413 : if (context->local_context.local_cert_chain_provision[slot_id] == NULL) {
92 0 : return libspdm_generate_encap_error_response(
93 : context, SPDM_ERROR_CODE_UNSPECIFIED,
94 : 0, response_size, response);
95 : }
96 :
97 1413 : cert_chain_size = context->local_context.local_cert_chain_provision_size[slot_id];
98 :
99 1413 : if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_14) &&
100 0 : (!use_large_cert_chain) && (cert_chain_size > SPDM_MAX_CERTIFICATE_CHAIN_SIZE)) {
101 0 : return libspdm_generate_encap_extended_error_response(
102 : context, SPDM_ERROR_CODE_DATA_TOO_LARGE, 0,
103 : sizeof(spdm_error_data_cert_chain_too_large_t),
104 : (const uint8_t *)&cert_chain_size,
105 : response_size, response);
106 : }
107 :
108 1413 : if (use_large_cert_chain) {
109 0 : offset = spdm_request->large_offset;
110 0 : length = spdm_request->large_length;
111 : } else {
112 1413 : offset = spdm_request->offset;
113 1413 : length = spdm_request->length;
114 : }
115 :
116 1413 : if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
117 1 : if (spdm_request->header.param2 &
118 : SPDM_GET_CERTIFICATE_REQUEST_ATTRIBUTES_SLOT_SIZE_REQUESTED) {
119 1 : offset = 0;
120 1 : length = 0;
121 : }
122 : }
123 :
124 1413 : if (!libspdm_is_capabilities_flag_supported(spdm_context, true,
125 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHUNK_CAP,
126 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHUNK_CAP)) {
127 1413 : max_cert_chain_block_size = (uint32_t) (*response_size - rsp_msg_header_size);
128 1413 : if (!use_large_cert_chain){
129 1413 : max_cert_chain_block_size = LIBSPDM_MIN(max_cert_chain_block_size, SPDM_MAX_CERTIFICATE_CHAIN_SIZE);
130 : }
131 :
132 1413 : if (length > max_cert_chain_block_size) {
133 3 : length = max_cert_chain_block_size;
134 : }
135 : }
136 :
137 1413 : if (offset >= cert_chain_size) {
138 6 : return libspdm_generate_encap_error_response(
139 : context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
140 : response_size, response);
141 : }
142 :
143 1407 : if ((size_t)(offset + length) > cert_chain_size) {
144 2 : length = (uint32_t)(cert_chain_size - offset);
145 : }
146 1407 : remainder_length = (uint32_t)(cert_chain_size - (length + offset));
147 :
148 1407 : libspdm_reset_message_buffer_via_request_code(context, NULL,
149 1407 : spdm_request->header.request_response_code);
150 :
151 1407 : LIBSPDM_ASSERT(*response_size >= rsp_msg_header_size + length);
152 1407 : response_capacity = *response_size;
153 1407 : *response_size = rsp_msg_header_size + length;
154 1407 : libspdm_zero_mem(response, *response_size);
155 1407 : spdm_response = response;
156 :
157 1407 : spdm_response->header.spdm_version = spdm_request->header.spdm_version;
158 1407 : spdm_response->header.request_response_code = SPDM_CERTIFICATE;
159 1407 : spdm_response->header.param1 = slot_id;
160 1407 : spdm_response->header.param2 = 0;
161 1407 : if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
162 1 : context->connection_info.multi_key_conn_req) {
163 0 : spdm_response->header.param2 = context->local_context.local_cert_info[slot_id];
164 : }
165 1407 : if (use_large_cert_chain) {
166 0 : spdm_response->header.param1 |= SPDM_CERTIFICATE_RESPONSE_LARGE_CERT_CHAIN;
167 : }
168 :
169 1407 : if (use_large_cert_chain) {
170 0 : spdm_response->portion_length = 0;
171 0 : spdm_response->remainder_length = 0;
172 0 : spdm_response->large_portion_length = length;
173 0 : spdm_response->large_remainder_length = remainder_length;
174 : } else {
175 1407 : spdm_response->portion_length = (uint16_t)length;
176 1407 : spdm_response->remainder_length = (uint16_t)remainder_length;
177 : }
178 :
179 1407 : libspdm_copy_mem((uint8_t *)spdm_response + rsp_msg_header_size,
180 : response_capacity - rsp_msg_header_size,
181 : (const uint8_t *)context->local_context
182 1407 : .local_cert_chain_provision[slot_id] + offset, length);
183 :
184 : /* Cache*/
185 :
186 1407 : status = libspdm_append_message_mut_b(context, spdm_request,
187 : request_size);
188 1407 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
189 0 : return libspdm_generate_encap_error_response(
190 : context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
191 : response_size, response);
192 : }
193 :
194 1407 : status = libspdm_append_message_mut_b(context, spdm_response,
195 : *response_size);
196 1407 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
197 0 : return libspdm_generate_encap_error_response(
198 : context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
199 : response_size, response);
200 : }
201 :
202 1407 : return LIBSPDM_STATUS_SUCCESS;
203 : }
204 :
205 : #endif /* (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (..) */
|
