Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_requester_lib.h"
8 :
9 : #if (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (LIBSPDM_ENABLE_CAPABILITY_CERT_CAP)
10 :
11 1406 : libspdm_return_t libspdm_get_encap_response_certificate(void *spdm_context,
12 : size_t request_size,
13 : void *request,
14 : size_t *response_size,
15 : void *response)
16 : {
17 : spdm_get_certificate_large_request_t *spdm_request;
18 : spdm_certificate_large_response_t *spdm_response;
19 : uint32_t offset;
20 : uint32_t length;
21 : uint32_t remainder_length;
22 : uint8_t slot_id;
23 : libspdm_context_t *context;
24 : libspdm_return_t status;
25 : size_t response_capacity;
26 : bool use_large_cert_chain;
27 : uint32_t req_msg_header_size;
28 : uint32_t rsp_msg_header_size;
29 : size_t cert_chain_size;
30 :
31 1406 : context = spdm_context;
32 1406 : spdm_request = request;
33 :
34 1406 : if (libspdm_get_connection_version(context) < SPDM_MESSAGE_VERSION_11) {
35 0 : return libspdm_generate_encap_error_response(
36 : context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
37 : SPDM_GET_CERTIFICATE, response_size, response);
38 : }
39 :
40 1406 : if (spdm_request->header.spdm_version != libspdm_get_connection_version(context)) {
41 0 : return libspdm_generate_encap_error_response(
42 : context, SPDM_ERROR_CODE_VERSION_MISMATCH,
43 : 0, response_size, response);
44 : }
45 :
46 1406 : if (!libspdm_is_capabilities_flag_supported(
47 : context, true,
48 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP, 0)) {
49 0 : return libspdm_generate_encap_error_response(
50 : context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
51 : SPDM_GET_CERTIFICATE, response_size, response);
52 : }
53 :
54 1406 : if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_14) &&
55 0 : ((spdm_request->header.param1 & SPDM_GET_CERTIFICATE_REQUEST_LARGE_CERT_CHAIN) != 0)) {
56 0 : if (!libspdm_is_capabilities_flag_supported(
57 : context, true,
58 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_LARGE_RESP_CAP, 0)) {
59 0 : return libspdm_generate_encap_error_response(
60 : context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
61 : SPDM_GET_CERTIFICATE, response_size, response);
62 : }
63 0 : use_large_cert_chain = true;
64 : } else {
65 1406 : use_large_cert_chain = false;
66 : }
67 :
68 1406 : if (use_large_cert_chain) {
69 0 : req_msg_header_size = sizeof(spdm_get_certificate_large_request_t);
70 0 : rsp_msg_header_size = sizeof(spdm_certificate_large_response_t);
71 : } else {
72 1406 : req_msg_header_size = sizeof(spdm_get_certificate_request_t);
73 1406 : rsp_msg_header_size = sizeof(spdm_certificate_response_t);
74 : }
75 :
76 1406 : if (request_size < req_msg_header_size) {
77 0 : return libspdm_generate_encap_error_response(
78 : context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
79 : response_size, response);
80 : }
81 :
82 1406 : slot_id = spdm_request->header.param1 & SPDM_GET_CERTIFICATE_REQUEST_SLOT_ID_MASK;
83 :
84 1406 : if (slot_id >= SPDM_MAX_SLOT_COUNT) {
85 0 : return libspdm_generate_encap_error_response(
86 : context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
87 : response_size, response);
88 : }
89 :
90 1406 : if (context->local_context.local_cert_chain_provision[slot_id] == NULL) {
91 0 : return libspdm_generate_encap_error_response(
92 : context, SPDM_ERROR_CODE_UNSPECIFIED,
93 : 0, response_size, response);
94 : }
95 :
96 1406 : cert_chain_size = context->local_context.local_cert_chain_provision_size[slot_id];
97 :
98 1406 : if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_14) &&
99 0 : (!use_large_cert_chain) && (cert_chain_size > SPDM_MAX_CERTIFICATE_CHAIN_SIZE)) {
100 0 : return libspdm_generate_encap_extended_error_response(
101 : context, SPDM_ERROR_CODE_DATA_TOO_LARGE, 0,
102 : sizeof(spdm_error_data_cert_chain_too_large_t),
103 : (const uint8_t *)&cert_chain_size,
104 : response_size, response);
105 : }
106 :
107 1406 : if (use_large_cert_chain) {
108 0 : offset = spdm_request->large_offset;
109 0 : length = spdm_request->large_length;
110 : } else {
111 1406 : offset = spdm_request->offset;
112 1406 : length = spdm_request->length;
113 : }
114 :
115 1406 : if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
116 1 : if (spdm_request->header.param2 &
117 : SPDM_GET_CERTIFICATE_REQUEST_ATTRIBUTES_SLOT_SIZE_REQUESTED) {
118 1 : offset = 0;
119 1 : length = 0;
120 : }
121 : }
122 :
123 1406 : if (length > LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN) {
124 0 : length = LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN;
125 : }
126 :
127 1406 : if (offset >= cert_chain_size) {
128 6 : return libspdm_generate_encap_error_response(
129 : context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
130 : response_size, response);
131 : }
132 :
133 1400 : if ((size_t)(offset + length) > cert_chain_size) {
134 2 : length = (uint32_t)(cert_chain_size - offset);
135 : }
136 1400 : remainder_length = (uint32_t)(cert_chain_size - (length + offset));
137 :
138 1400 : libspdm_reset_message_buffer_via_request_code(context, NULL,
139 1400 : spdm_request->header.request_response_code);
140 :
141 1400 : LIBSPDM_ASSERT(*response_size >= rsp_msg_header_size + length);
142 1400 : response_capacity = *response_size;
143 1400 : *response_size = rsp_msg_header_size + length;
144 1400 : libspdm_zero_mem(response, *response_size);
145 1400 : spdm_response = response;
146 :
147 1400 : spdm_response->header.spdm_version = spdm_request->header.spdm_version;
148 1400 : spdm_response->header.request_response_code = SPDM_CERTIFICATE;
149 1400 : spdm_response->header.param1 = slot_id;
150 1400 : spdm_response->header.param2 = 0;
151 1400 : if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
152 1 : context->connection_info.multi_key_conn_req) {
153 0 : spdm_response->header.param2 = context->local_context.local_cert_info[slot_id];
154 : }
155 1400 : if (use_large_cert_chain) {
156 0 : spdm_response->header.param1 |= SPDM_CERTIFICATE_RESPONSE_LARGE_CERT_CHAIN;
157 : }
158 :
159 1400 : if (use_large_cert_chain) {
160 0 : spdm_response->portion_length = 0;
161 0 : spdm_response->remainder_length = 0;
162 0 : spdm_response->large_portion_length = length;
163 0 : spdm_response->large_remainder_length = remainder_length;
164 : } else {
165 1400 : spdm_response->portion_length = (uint16_t)length;
166 1400 : spdm_response->remainder_length = (uint16_t)remainder_length;
167 : }
168 :
169 1400 : libspdm_copy_mem((uint8_t *)spdm_response + rsp_msg_header_size,
170 : response_capacity - rsp_msg_header_size,
171 : (const uint8_t *)context->local_context
172 1400 : .local_cert_chain_provision[slot_id] + offset, length);
173 :
174 : /* Cache*/
175 :
176 1400 : status = libspdm_append_message_mut_b(context, spdm_request,
177 : request_size);
178 1400 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
179 0 : return libspdm_generate_encap_error_response(
180 : context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
181 : response_size, response);
182 : }
183 :
184 1400 : status = libspdm_append_message_mut_b(context, spdm_response,
185 : *response_size);
186 1400 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
187 0 : return libspdm_generate_encap_error_response(
188 : context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
189 : response_size, response);
190 : }
191 :
192 1400 : return LIBSPDM_STATUS_SUCCESS;
193 : }
194 :
195 : #endif /* (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (..) */
|
