Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_requester_lib.h"
8 :
9 : #if (LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP) && (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && \
10 : (LIBSPDM_ENABLE_CAPABILITY_CERT_CAP)
11 :
12 1406 : libspdm_return_t libspdm_get_encap_response_certificate(void *spdm_context,
13 : size_t request_size,
14 : void *request,
15 : size_t *response_size,
16 : void *response)
17 : {
18 : spdm_get_certificate_large_request_t *spdm_request;
19 : spdm_certificate_large_response_t *spdm_response;
20 : uint32_t offset;
21 : uint32_t length;
22 : uint32_t remainder_length;
23 : uint8_t slot_id;
24 : libspdm_context_t *context;
25 : libspdm_return_t status;
26 : size_t response_capacity;
27 : bool use_large_cert_chain;
28 : uint32_t req_msg_header_size;
29 : uint32_t rsp_msg_header_size;
30 : size_t cert_chain_size;
31 :
32 1406 : context = spdm_context;
33 1406 : spdm_request = request;
34 :
35 1406 : if (libspdm_get_connection_version(context) < SPDM_MESSAGE_VERSION_11) {
36 0 : return libspdm_generate_encap_error_response(
37 : context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
38 : SPDM_GET_CERTIFICATE, response_size, response);
39 : }
40 :
41 1406 : if (spdm_request->header.spdm_version != libspdm_get_connection_version(context)) {
42 0 : return libspdm_generate_encap_error_response(
43 : context, SPDM_ERROR_CODE_VERSION_MISMATCH,
44 : 0, response_size, response);
45 : }
46 :
47 1406 : if (!libspdm_is_capabilities_flag_supported(
48 : context, true,
49 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP, 0)) {
50 0 : return libspdm_generate_encap_error_response(
51 : context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
52 : SPDM_GET_CERTIFICATE, response_size, response);
53 : }
54 :
55 1406 : if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_14) &&
56 0 : ((spdm_request->header.param1 & SPDM_GET_CERTIFICATE_REQUEST_LARGE_CERT_CHAIN) != 0)) {
57 0 : if (!libspdm_is_capabilities_flag_supported(
58 : context, true,
59 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_LARGE_RESP_CAP, 0)) {
60 0 : return libspdm_generate_encap_error_response(
61 : context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
62 : SPDM_GET_CERTIFICATE, response_size, response);
63 : }
64 0 : use_large_cert_chain = true;
65 : } else {
66 1406 : use_large_cert_chain = false;
67 : }
68 :
69 1406 : if (use_large_cert_chain) {
70 0 : req_msg_header_size = sizeof(spdm_get_certificate_large_request_t);
71 0 : rsp_msg_header_size = sizeof(spdm_certificate_large_response_t);
72 : } else {
73 1406 : req_msg_header_size = sizeof(spdm_get_certificate_request_t);
74 1406 : rsp_msg_header_size = sizeof(spdm_certificate_response_t);
75 : }
76 :
77 1406 : if (request_size < req_msg_header_size) {
78 0 : return libspdm_generate_encap_error_response(
79 : context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
80 : response_size, response);
81 : }
82 :
83 1406 : slot_id = spdm_request->header.param1 & SPDM_GET_CERTIFICATE_REQUEST_SLOT_ID_MASK;
84 :
85 1406 : if (slot_id >= SPDM_MAX_SLOT_COUNT) {
86 0 : return libspdm_generate_encap_error_response(
87 : context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
88 : response_size, response);
89 : }
90 :
91 1406 : if (context->local_context.local_cert_chain_provision[slot_id] == NULL) {
92 0 : return libspdm_generate_encap_error_response(
93 : context, SPDM_ERROR_CODE_UNSPECIFIED,
94 : 0, response_size, response);
95 : }
96 :
97 1406 : cert_chain_size = context->local_context.local_cert_chain_provision_size[slot_id];
98 :
99 1406 : if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_14) &&
100 0 : (!use_large_cert_chain) && (cert_chain_size > SPDM_MAX_CERTIFICATE_CHAIN_SIZE)) {
101 0 : return libspdm_generate_encap_extended_error_response(
102 : context, SPDM_ERROR_CODE_DATA_TOO_LARGE, 0,
103 : sizeof(spdm_error_data_cert_chain_too_large_t),
104 : (const uint8_t *)&cert_chain_size,
105 : response_size, response);
106 : }
107 :
108 1406 : if (use_large_cert_chain) {
109 0 : offset = spdm_request->large_offset;
110 0 : length = spdm_request->large_length;
111 : } else {
112 1406 : offset = spdm_request->offset;
113 1406 : length = spdm_request->length;
114 : }
115 :
116 1406 : if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
117 1 : if (spdm_request->header.param2 &
118 : SPDM_GET_CERTIFICATE_REQUEST_ATTRIBUTES_SLOT_SIZE_REQUESTED) {
119 1 : offset = 0;
120 1 : length = 0;
121 : }
122 : }
123 :
124 1406 : if (length > LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN) {
125 0 : length = LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN;
126 : }
127 :
128 1406 : if (offset >= cert_chain_size) {
129 6 : return libspdm_generate_encap_error_response(
130 : context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
131 : response_size, response);
132 : }
133 :
134 1400 : if ((size_t)(offset + length) > cert_chain_size) {
135 2 : length = (uint32_t)(cert_chain_size - offset);
136 : }
137 1400 : remainder_length = (uint32_t)(cert_chain_size - (length + offset));
138 :
139 1400 : libspdm_reset_message_buffer_via_request_code(context, NULL,
140 1400 : spdm_request->header.request_response_code);
141 :
142 1400 : LIBSPDM_ASSERT(*response_size >= rsp_msg_header_size + length);
143 1400 : response_capacity = *response_size;
144 1400 : *response_size = rsp_msg_header_size + length;
145 1400 : libspdm_zero_mem(response, *response_size);
146 1400 : spdm_response = response;
147 :
148 1400 : spdm_response->header.spdm_version = spdm_request->header.spdm_version;
149 1400 : spdm_response->header.request_response_code = SPDM_CERTIFICATE;
150 1400 : spdm_response->header.param1 = slot_id;
151 1400 : spdm_response->header.param2 = 0;
152 1400 : if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
153 1 : context->connection_info.multi_key_conn_req) {
154 0 : spdm_response->header.param2 = context->local_context.local_cert_info[slot_id];
155 : }
156 1400 : if (use_large_cert_chain) {
157 0 : spdm_response->header.param1 |= SPDM_CERTIFICATE_RESPONSE_LARGE_CERT_CHAIN;
158 : }
159 :
160 1400 : if (use_large_cert_chain) {
161 0 : spdm_response->portion_length = 0;
162 0 : spdm_response->remainder_length = 0;
163 0 : spdm_response->large_portion_length = length;
164 0 : spdm_response->large_remainder_length = remainder_length;
165 : } else {
166 1400 : spdm_response->portion_length = (uint16_t)length;
167 1400 : spdm_response->remainder_length = (uint16_t)remainder_length;
168 : }
169 :
170 1400 : libspdm_copy_mem((uint8_t *)spdm_response + rsp_msg_header_size,
171 : response_capacity - rsp_msg_header_size,
172 : (const uint8_t *)context->local_context
173 1400 : .local_cert_chain_provision[slot_id] + offset, length);
174 :
175 : /* Cache*/
176 :
177 1400 : status = libspdm_append_message_mut_b(context, spdm_request,
178 : request_size);
179 1400 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
180 0 : return libspdm_generate_encap_error_response(
181 : context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
182 : response_size, response);
183 : }
184 :
185 1400 : status = libspdm_append_message_mut_b(context, spdm_response,
186 : *response_size);
187 1400 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
188 0 : return libspdm_generate_encap_error_response(
189 : context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
190 : response_size, response);
191 : }
192 :
193 1400 : return LIBSPDM_STATUS_SUCCESS;
194 : }
195 :
196 : #endif /* (LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP) && (..) */
|