LCOV - coverage.info - library/spdm_requester_lib/libspdm_req_encap_challenge

LCOV - code coverage report

Current view:	top level - library/spdm_requester_lib - libspdm_req_encap_challenge_auth.c (source / functions)		Coverage	Total	Hit
Test:	coverage.info	Lines:	85.6 %	97	83
Test Date:	2026-01-18 08:10:21	Functions:	100.0 %	1	1

            Line data    Source code

       1              : /**
       2              :  *  Copyright Notice:
       3              :  *  Copyright 2021-2025 DMTF. All rights reserved.
       4              :  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
       5              :  **/
       6              : 
       7              : #include "internal/libspdm_requester_lib.h"
       8              : 
       9              : #if (LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP) && (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && \
      10              :     (LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP)
      11              : 
      12            7 : libspdm_return_t libspdm_get_encap_response_challenge_auth(
      13              :     void *spdm_context, size_t request_size, void *request,
      14              :     size_t *response_size, void *response)
      15              : {
      16              :     spdm_challenge_request_t *spdm_request;
      17              :     spdm_challenge_auth_response_t *spdm_response;
      18              :     bool result;
      19              :     size_t signature_size;
      20              :     uint8_t slot_id;
      21              :     uint32_t hash_size;
      22              :     uint32_t measurement_summary_hash_size;
      23              :     uint8_t *ptr;
      24              :     libspdm_context_t *context;
      25              :     uint8_t auth_attribute;
      26              :     libspdm_return_t status;
      27              :     uint8_t slot_mask;
      28              :     size_t request_context_size;
      29              :     const void *request_context;
      30              :     uint8_t *opaque_data;
      31              :     size_t opaque_data_size;
      32              :     size_t spdm_request_size;
      33              :     size_t spdm_response_size;
      34              : 
      35            7 :     context = spdm_context;
      36            7 :     spdm_request = request;
      37              : 
      38            7 :     if (libspdm_get_connection_version(context) < SPDM_MESSAGE_VERSION_11) {
      39            0 :         return libspdm_generate_encap_error_response(
      40              :             context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
      41              :             SPDM_CHALLENGE, response_size, response);
      42              :     }
      43              : 
      44            7 :     if (spdm_request->header.spdm_version != libspdm_get_connection_version(context)) {
      45            0 :         return libspdm_generate_encap_error_response(
      46              :             context, SPDM_ERROR_CODE_VERSION_MISMATCH,
      47              :             0, response_size, response);
      48              :     }
      49              : 
      50            7 :     if (!libspdm_is_capabilities_flag_supported(
      51              :             context, true,
      52              :             SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHAL_CAP, 0)) {
      53            1 :         return libspdm_generate_encap_error_response(
      54              :             context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
      55              :             SPDM_CHALLENGE, response_size, response);
      56              :     }
      57              : 
      58            6 :     if (request_size < sizeof(spdm_challenge_request_t)) {
      59            0 :         return libspdm_generate_encap_error_response(
      60              :             context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
      61              :             response_size, response);
      62              :     }
      63            6 :     spdm_request_size = sizeof(spdm_challenge_request_t);
      64            6 :     if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
      65            2 :         if (request_size < sizeof(spdm_challenge_request_t) + SPDM_REQ_CONTEXT_SIZE) {
      66            0 :             return libspdm_generate_encap_error_response(
      67              :                 context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
      68              :                 response_size, response);
      69              :         }
      70            2 :         spdm_request_size += SPDM_REQ_CONTEXT_SIZE;
      71              :     }
      72              : 
      73            6 :     if (spdm_request->header.param2 != SPDM_CHALLENGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH) {
      74            0 :         return libspdm_generate_encap_error_response(
      75              :             context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
      76              :             response_size, response);
      77              :     }
      78              : 
      79            6 :     slot_id = spdm_request->header.param1;
      80              : 
      81            6 :     if ((slot_id != 0xFF) && (slot_id >= SPDM_MAX_SLOT_COUNT)) {
      82            2 :         return libspdm_generate_encap_error_response(
      83              :             context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
      84              :             response_size, response);
      85              :     }
      86              : 
      87            4 :     if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
      88            2 :         context->connection_info.multi_key_conn_req && (slot_id != 0xFF)) {
      89            1 :         if ((context->local_context.local_key_usage_bit_mask[slot_id] &
      90              :              SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE) == 0) {
      91            1 :             return libspdm_generate_encap_error_response(
      92              :                 context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
      93              :                 response_size, response);
      94              :         }
      95              :     }
      96              : 
      97            3 :     libspdm_reset_message_buffer_via_request_code(context, NULL,
      98            3 :                                                   spdm_request->header.request_response_code);
      99              : 
     100            3 :     if (context->connection_info.algorithm.req_pqc_asym_alg != 0) {
     101            0 :         signature_size = libspdm_get_req_pqc_asym_signature_size(
     102              :             context->connection_info.algorithm.req_pqc_asym_alg);
     103              :     } else {
     104            3 :         signature_size = libspdm_get_req_asym_signature_size(
     105            3 :             context->connection_info.algorithm.req_base_asym_alg);
     106              :     }
     107            3 :     hash_size = libspdm_get_hash_size(context->connection_info.algorithm.base_hash_algo);
     108              : 
     109              :     /* Requester does not support measurements,
     110              :      * hence the size of MeasurementSummaryHash is always 0. */
     111            3 :     measurement_summary_hash_size = 0;
     112              : 
     113              :     /* response_size should be large enough to hold a challenge response without opaque data. */
     114            3 :     LIBSPDM_ASSERT(*response_size >= sizeof(spdm_challenge_auth_response_t) + hash_size +
     115              :                    SPDM_NONCE_SIZE + measurement_summary_hash_size + sizeof(uint16_t) +
     116              :                    SPDM_REQ_CONTEXT_SIZE + signature_size);
     117              : 
     118            3 :     if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
     119            1 :         request_context_size = SPDM_REQ_CONTEXT_SIZE;
     120            1 :         request_context = spdm_request + 1;
     121              :     } else {
     122            2 :         request_context_size = 0;
     123            2 :         request_context = NULL;
     124              :     }
     125              : 
     126            3 :     libspdm_zero_mem(response, *response_size);
     127            3 :     spdm_response = response;
     128              : 
     129            3 :     spdm_response->header.spdm_version = spdm_request->header.spdm_version;
     130            3 :     spdm_response->header.request_response_code = SPDM_CHALLENGE_AUTH;
     131            3 :     auth_attribute = (uint8_t)(slot_id & 0xF);
     132            3 :     spdm_response->header.param1 = auth_attribute;
     133              : 
     134            3 :     if (slot_id == 0xFF) {
     135            1 :         spdm_response->header.param2 = 0;
     136              :     } else {
     137            2 :         slot_mask = libspdm_get_cert_slot_mask(context);
     138            2 :         if (slot_mask != 0) {
     139            2 :             spdm_response->header.param2 = slot_mask;
     140              :         } else {
     141            0 :             return libspdm_generate_encap_error_response(
     142              :                 context, SPDM_ERROR_CODE_UNSPECIFIED,
     143              :                 0, response_size, response);
     144              :         }
     145              :     }
     146              : 
     147            3 :     ptr = (void *)(spdm_response + 1);
     148            3 :     if (slot_id == 0xFF) {
     149            1 :         result = libspdm_generate_public_key_hash(context, ptr);
     150              :     } else {
     151            2 :         result = libspdm_generate_cert_chain_hash(context, slot_id, ptr);
     152              :     }
     153            3 :     if (!result) {
     154            0 :         return libspdm_generate_encap_error_response(
     155              :             context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
     156              :             response_size, response);
     157              :     }
     158            3 :     ptr += hash_size;
     159              : 
     160            3 :     if (!libspdm_get_random_number(SPDM_NONCE_SIZE, ptr)) {
     161            0 :         return libspdm_generate_encap_error_response(
     162              :             context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
     163              :             response_size, response);
     164              :     }
     165            3 :     ptr += SPDM_NONCE_SIZE;
     166              : 
     167            3 :     ptr += measurement_summary_hash_size;
     168              : 
     169            3 :     opaque_data_size = *response_size - (sizeof(spdm_challenge_auth_response_t) + hash_size +
     170            3 :                                          SPDM_NONCE_SIZE + measurement_summary_hash_size +
     171            3 :                                          sizeof(uint16_t) + signature_size);
     172            3 :     opaque_data = (uint8_t *)response + sizeof(spdm_challenge_auth_response_t) + hash_size +
     173            3 :                   SPDM_NONCE_SIZE + measurement_summary_hash_size + sizeof(uint16_t);
     174              : 
     175            3 :     result = libspdm_encap_challenge_opaque_data(
     176              :         spdm_context,
     177            3 :         context->connection_info.version,
     178              :         slot_id,
     179              :         request_context_size,
     180              :         request_context,
     181              :         opaque_data, &opaque_data_size);
     182            3 :     if (!result) {
     183            0 :         return libspdm_generate_encap_error_response(
     184              :             context, SPDM_ERROR_CODE_UNSPECIFIED,
     185              :             0, response_size, response);
     186              :     }
     187              : 
     188              :     /*write opaque_data_size*/
     189            3 :     libspdm_write_uint16 (ptr, (uint16_t)opaque_data_size);
     190            3 :     ptr += sizeof(uint16_t);
     191              : 
     192              :     /*the opaque_data is stored by libspdm_encap_challenge_opaque_data*/
     193            3 :     ptr += opaque_data_size;
     194              : 
     195            3 :     if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
     196            1 :         libspdm_copy_mem(ptr, SPDM_REQ_CONTEXT_SIZE,
     197            1 :                          spdm_request + 1, SPDM_REQ_CONTEXT_SIZE);
     198            1 :         ptr += SPDM_REQ_CONTEXT_SIZE;
     199              :     }
     200              : 
     201              :     /*get actual response size*/
     202            3 :     spdm_response_size =
     203              :         sizeof(spdm_challenge_auth_response_t) + hash_size +
     204            3 :         SPDM_NONCE_SIZE + measurement_summary_hash_size +
     205            3 :         sizeof(uint16_t) + opaque_data_size + signature_size;
     206            3 :     if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
     207            1 :         spdm_response_size += SPDM_REQ_CONTEXT_SIZE;
     208              :     }
     209              : 
     210            3 :     LIBSPDM_ASSERT(*response_size >= spdm_response_size);
     211              : 
     212            3 :     *response_size = spdm_response_size;
     213              : 
     214            3 :     status = libspdm_append_message_mut_c(context, spdm_request, spdm_request_size);
     215            3 :     if (LIBSPDM_STATUS_IS_ERROR(status)) {
     216            0 :         return libspdm_generate_encap_error_response(
     217              :             context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
     218              :             response_size, response);
     219              :     }
     220              : 
     221            3 :     status = libspdm_append_message_mut_c(context, spdm_response,
     222            3 :                                           (size_t)ptr - (size_t)spdm_response);
     223            3 :     if (LIBSPDM_STATUS_IS_ERROR(status)) {
     224            0 :         libspdm_reset_message_mut_c(context);
     225            0 :         return libspdm_generate_encap_error_response(
     226              :             context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
     227              :             response_size, response);
     228              :     }
     229            3 :     result = libspdm_generate_challenge_auth_signature(context, true, slot_id, ptr);
     230            3 :     if (!result) {
     231            0 :         return libspdm_generate_encap_error_response(
     232              :             context, SPDM_ERROR_CODE_UNSPECIFIED,
     233              :             0, response_size, response);
     234              :     }
     235              : 
     236            3 :     return LIBSPDM_STATUS_SUCCESS;
     237              : }
     238              : 
     239              : #endif /* (LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP) && (..) */

Generated by: LCOV version 2.0-1