LCOV - code coverage report
Current view: top level - library/spdm_requester_lib - libspdm_req_encap_certificate.c (source / functions) Coverage Total Hit
Test: coverage.info Lines: 68.4 % 79 54
Test Date: 2025-08-24 08:11:14 Functions: 100.0 % 1 1

            Line data    Source code
       1              : /**
       2              :  *  Copyright Notice:
       3              :  *  Copyright 2021-2025 DMTF. All rights reserved.
       4              :  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
       5              :  **/
       6              : 
       7              : #include "internal/libspdm_requester_lib.h"
       8              : 
       9              : #if (LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP) && (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && \
      10              :     (LIBSPDM_ENABLE_CAPABILITY_CERT_CAP)
      11              : 
      12         1406 : libspdm_return_t libspdm_get_encap_response_certificate(void *spdm_context,
      13              :                                                         size_t request_size,
      14              :                                                         void *request,
      15              :                                                         size_t *response_size,
      16              :                                                         void *response)
      17              : {
      18              :     spdm_get_certificate_large_request_t *spdm_request;
      19              :     spdm_certificate_large_response_t *spdm_response;
      20              :     uint32_t offset;
      21              :     uint32_t length;
      22              :     uint32_t remainder_length;
      23              :     uint8_t slot_id;
      24              :     libspdm_context_t *context;
      25              :     libspdm_return_t status;
      26              :     size_t response_capacity;
      27              :     bool use_large_cert_chain;
      28              :     uint32_t req_msg_header_size;
      29              :     uint32_t rsp_msg_header_size;
      30              :     size_t cert_chain_size;
      31              : 
      32         1406 :     context = spdm_context;
      33         1406 :     spdm_request = request;
      34              : 
      35         1406 :     if (libspdm_get_connection_version(context) < SPDM_MESSAGE_VERSION_11) {
      36            0 :         return libspdm_generate_encap_error_response(
      37              :             context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
      38              :             SPDM_GET_CERTIFICATE, response_size, response);
      39              :     }
      40              : 
      41         1406 :     if (spdm_request->header.spdm_version != libspdm_get_connection_version(context)) {
      42            0 :         return libspdm_generate_encap_error_response(
      43              :             context, SPDM_ERROR_CODE_VERSION_MISMATCH,
      44              :             0, response_size, response);
      45              :     }
      46              : 
      47         1406 :     if (!libspdm_is_capabilities_flag_supported(
      48              :             context, true,
      49              :             SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP, 0)) {
      50            0 :         return libspdm_generate_encap_error_response(
      51              :             context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
      52              :             SPDM_GET_CERTIFICATE, response_size, response);
      53              :     }
      54              : 
      55         1406 :     if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_14) &&
      56            0 :         ((spdm_request->header.param1 & SPDM_GET_CERTIFICATE_REQUEST_LARGE_CERT_CHAIN) != 0)) {
      57            0 :         if (!libspdm_is_capabilities_flag_supported(
      58              :                 context, true,
      59              :                 SPDM_GET_CAPABILITIES_REQUEST_FLAGS_LARGE_RESP_CAP, 0)) {
      60            0 :             return libspdm_generate_encap_error_response(
      61              :                 context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
      62              :                 SPDM_GET_CERTIFICATE, response_size, response);
      63              :         }
      64            0 :         use_large_cert_chain = true;
      65              :     } else {
      66         1406 :         use_large_cert_chain = false;
      67              :     }
      68              : 
      69         1406 :     if (use_large_cert_chain) {
      70            0 :         req_msg_header_size = sizeof(spdm_get_certificate_large_request_t);
      71            0 :         rsp_msg_header_size = sizeof(spdm_certificate_large_response_t);
      72              :     } else {
      73         1406 :         req_msg_header_size = sizeof(spdm_get_certificate_request_t);
      74         1406 :         rsp_msg_header_size = sizeof(spdm_certificate_response_t);
      75              :     }
      76              : 
      77         1406 :     if (request_size < req_msg_header_size) {
      78            0 :         return libspdm_generate_encap_error_response(
      79              :             context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
      80              :             response_size, response);
      81              :     }
      82              : 
      83         1406 :     slot_id = spdm_request->header.param1 & SPDM_GET_CERTIFICATE_REQUEST_SLOT_ID_MASK;
      84              : 
      85         1406 :     if (slot_id >= SPDM_MAX_SLOT_COUNT) {
      86            0 :         return libspdm_generate_encap_error_response(
      87              :             context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
      88              :             response_size, response);
      89              :     }
      90              : 
      91         1406 :     if (context->local_context.local_cert_chain_provision[slot_id] == NULL) {
      92            0 :         return libspdm_generate_encap_error_response(
      93              :             context, SPDM_ERROR_CODE_UNSPECIFIED,
      94              :             0, response_size, response);
      95              :     }
      96              : 
      97         1406 :     cert_chain_size = context->local_context.local_cert_chain_provision_size[slot_id];
      98              : 
      99         1406 :     if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_14) &&
     100            0 :         (!use_large_cert_chain) && (cert_chain_size > SPDM_MAX_CERTIFICATE_CHAIN_SIZE)) {
     101            0 :         return libspdm_generate_encap_extended_error_response(
     102              :             context, SPDM_ERROR_CODE_DATA_TOO_LARGE, 0,
     103              :             sizeof(spdm_error_data_cert_chain_too_large_t),
     104              :             (const uint8_t *)&cert_chain_size,
     105              :             response_size, response);
     106              :     }
     107              : 
     108         1406 :     if (use_large_cert_chain) {
     109            0 :         offset = spdm_request->large_offset;
     110            0 :         length = spdm_request->large_length;
     111              :     } else {
     112         1406 :         offset = spdm_request->offset;
     113         1406 :         length = spdm_request->length;
     114              :     }
     115              : 
     116         1406 :     if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
     117            1 :         if (spdm_request->header.param2 &
     118              :             SPDM_GET_CERTIFICATE_REQUEST_ATTRIBUTES_SLOT_SIZE_REQUESTED) {
     119            1 :             offset = 0;
     120            1 :             length = 0;
     121              :         }
     122              :     }
     123              : 
     124         1406 :     if (length > LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN) {
     125            0 :         length = LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN;
     126              :     }
     127              : 
     128         1406 :     if (offset >= cert_chain_size) {
     129            6 :         return libspdm_generate_encap_error_response(
     130              :             context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
     131              :             response_size, response);
     132              :     }
     133              : 
     134         1400 :     if ((size_t)(offset + length) > cert_chain_size) {
     135            2 :         length = (uint32_t)(cert_chain_size - offset);
     136              :     }
     137         1400 :     remainder_length = (uint32_t)(cert_chain_size - (length + offset));
     138              : 
     139         1400 :     libspdm_reset_message_buffer_via_request_code(context, NULL,
     140         1400 :                                                   spdm_request->header.request_response_code);
     141              : 
     142         1400 :     LIBSPDM_ASSERT(*response_size >= rsp_msg_header_size + length);
     143         1400 :     response_capacity = *response_size;
     144         1400 :     *response_size = rsp_msg_header_size + length;
     145         1400 :     libspdm_zero_mem(response, *response_size);
     146         1400 :     spdm_response = response;
     147              : 
     148         1400 :     spdm_response->header.spdm_version = spdm_request->header.spdm_version;
     149         1400 :     spdm_response->header.request_response_code = SPDM_CERTIFICATE;
     150         1400 :     spdm_response->header.param1 = slot_id;
     151         1400 :     spdm_response->header.param2 = 0;
     152         1400 :     if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
     153            1 :         context->connection_info.multi_key_conn_req) {
     154            0 :         spdm_response->header.param2 = context->local_context.local_cert_info[slot_id];
     155              :     }
     156         1400 :     if (use_large_cert_chain) {
     157            0 :         spdm_response->header.param1 |= SPDM_CERTIFICATE_RESPONSE_LARGE_CERT_CHAIN;
     158              :     }
     159              : 
     160         1400 :     if (use_large_cert_chain) {
     161            0 :         spdm_response->portion_length = 0;
     162            0 :         spdm_response->remainder_length = 0;
     163            0 :         spdm_response->large_portion_length = length;
     164            0 :         spdm_response->large_remainder_length = remainder_length;
     165              :     } else {
     166         1400 :         spdm_response->portion_length = (uint16_t)length;
     167         1400 :         spdm_response->remainder_length = (uint16_t)remainder_length;
     168              :     }
     169              : 
     170         1400 :     libspdm_copy_mem((uint8_t *)spdm_response + rsp_msg_header_size,
     171              :                      response_capacity - rsp_msg_header_size,
     172              :                      (const uint8_t *)context->local_context
     173         1400 :                      .local_cert_chain_provision[slot_id] + offset, length);
     174              : 
     175              :     /* Cache*/
     176              : 
     177         1400 :     status = libspdm_append_message_mut_b(context, spdm_request,
     178              :                                           request_size);
     179         1400 :     if (LIBSPDM_STATUS_IS_ERROR(status)) {
     180            0 :         return libspdm_generate_encap_error_response(
     181              :             context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
     182              :             response_size, response);
     183              :     }
     184              : 
     185         1400 :     status = libspdm_append_message_mut_b(context, spdm_response,
     186              :                                           *response_size);
     187         1400 :     if (LIBSPDM_STATUS_IS_ERROR(status)) {
     188            0 :         return libspdm_generate_encap_error_response(
     189              :             context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
     190              :             response_size, response);
     191              :     }
     192              : 
     193         1400 :     return LIBSPDM_STATUS_SUCCESS;
     194              : }
     195              : 
     196              : #endif /* (LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP) && (..) */
        

Generated by: LCOV version 2.0-1