Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_requester_lib.h"
8 :
9 : #if (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (LIBSPDM_ENABLE_CAPABILITY_CERT_CAP)
10 :
11 9 : libspdm_return_t libspdm_get_encap_response_digest(void *spdm_context,
12 : size_t request_size,
13 : void *request,
14 : size_t *response_size,
15 : void *response)
16 : {
17 : spdm_get_digest_request_t *spdm_request;
18 : spdm_digest_response_t *spdm_response;
19 : size_t index;
20 : uint32_t hash_size;
21 : uint8_t *digest;
22 : libspdm_context_t *context;
23 : libspdm_return_t status;
24 : bool result;
25 : /*total populated slot count*/
26 : uint8_t slot_count;
27 : /*populated slot index*/
28 : uint8_t slot_index;
29 : uint32_t session_id;
30 : libspdm_session_info_t *session_info;
31 : size_t additional_size;
32 : spdm_key_pair_id_t *key_pair_id;
33 : spdm_certificate_info_t *cert_info;
34 : spdm_key_usage_bit_mask_t *key_usage_bit_mask;
35 :
36 9 : context = spdm_context;
37 9 : spdm_request = request;
38 :
39 9 : if (libspdm_get_connection_version(context) < SPDM_MESSAGE_VERSION_11) {
40 0 : return libspdm_generate_encap_error_response(
41 : context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
42 : SPDM_GET_DIGESTS, response_size, response);
43 : }
44 :
45 9 : if (spdm_request->header.spdm_version != libspdm_get_connection_version(context)) {
46 0 : return libspdm_generate_encap_error_response(
47 : context, SPDM_ERROR_CODE_VERSION_MISMATCH,
48 : 0, response_size, response);
49 : }
50 :
51 9 : if (!libspdm_is_capabilities_flag_supported(
52 : context, true,
53 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP, 0)) {
54 0 : return libspdm_generate_encap_error_response(
55 : context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
56 : SPDM_GET_DIGESTS, response_size, response);
57 : }
58 :
59 9 : if (request_size < sizeof(spdm_get_digest_request_t)) {
60 0 : return libspdm_generate_encap_error_response(
61 : context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
62 : response_size, response);
63 : }
64 :
65 9 : libspdm_reset_message_buffer_via_request_code(context, NULL,
66 9 : spdm_request->header.request_response_code);
67 :
68 9 : hash_size = libspdm_get_hash_size(
69 : context->connection_info.algorithm.base_hash_algo);
70 :
71 9 : slot_count = libspdm_get_cert_slot_count(context);
72 9 : additional_size = 0;
73 9 : if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
74 3 : context->connection_info.multi_key_conn_req) {
75 2 : additional_size = sizeof(spdm_key_pair_id_t) + sizeof(spdm_certificate_info_t) +
76 : sizeof(spdm_key_usage_bit_mask_t);
77 : }
78 9 : LIBSPDM_ASSERT(*response_size >=
79 : sizeof(spdm_digest_response_t) + (hash_size + additional_size) * slot_count);
80 9 : *response_size = sizeof(spdm_digest_response_t) + (hash_size + additional_size) * slot_count;
81 9 : libspdm_zero_mem(response, *response_size);
82 9 : spdm_response = response;
83 :
84 9 : spdm_response->header.spdm_version = spdm_request->header.spdm_version;
85 9 : spdm_response->header.request_response_code = SPDM_DIGESTS;
86 9 : spdm_response->header.param1 = 0;
87 9 : spdm_response->header.param2 = 0;
88 :
89 9 : if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
90 3 : spdm_response->header.param1 = context->local_context.local_supported_slot_mask;
91 : }
92 :
93 9 : digest = (void *)(spdm_response + 1);
94 9 : key_pair_id = (spdm_key_pair_id_t *)((uint8_t *)digest + hash_size * slot_count);
95 9 : cert_info = (spdm_certificate_info_t *)((uint8_t *)key_pair_id +
96 9 : sizeof(spdm_key_pair_id_t) * slot_count);
97 9 : key_usage_bit_mask = (spdm_key_usage_bit_mask_t *)((uint8_t *)cert_info +
98 9 : sizeof(spdm_certificate_info_t) *
99 : slot_count);
100 :
101 9 : slot_index = 0;
102 81 : for (index = 0; index < SPDM_MAX_SLOT_COUNT; index++) {
103 72 : if (context->local_context
104 72 : .local_cert_chain_provision[index] != NULL) {
105 13 : spdm_response->header.param2 |= (1 << index);
106 13 : result = libspdm_generate_cert_chain_hash(context, index,
107 13 : &digest[hash_size * slot_index]);
108 13 : if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
109 10 : context->connection_info.multi_key_conn_req) {
110 9 : key_pair_id[slot_index] = context->local_context.local_key_pair_id[index];
111 9 : cert_info[slot_index] = context->local_context.local_cert_info[index];
112 9 : key_usage_bit_mask[slot_index] =
113 9 : context->local_context.local_key_usage_bit_mask[index];
114 : }
115 13 : slot_index++;
116 13 : if (!result) {
117 0 : return libspdm_generate_encap_error_response(
118 : context, SPDM_ERROR_CODE_UNSPECIFIED,
119 : 0, response_size, response);
120 : }
121 : }
122 : }
123 :
124 : /* Cache*/
125 :
126 9 : status = libspdm_append_message_mut_b(context, spdm_request,
127 : request_size);
128 9 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
129 0 : return libspdm_generate_encap_error_response(
130 : context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
131 : response_size, response);
132 : }
133 :
134 9 : status = libspdm_append_message_mut_b(context, spdm_response,
135 : *response_size);
136 9 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
137 0 : return libspdm_generate_encap_error_response(
138 : context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
139 : response_size, response);
140 : }
141 :
142 9 : if (context->last_spdm_request_session_id_valid) {
143 3 : session_id = context->last_spdm_request_session_id;
144 : } else {
145 6 : session_id = context->latest_session_id;
146 : }
147 9 : if (session_id != INVALID_SESSION_ID) {
148 3 : session_info = libspdm_get_session_info_via_session_id(context, session_id);
149 : } else {
150 6 : session_info = NULL;
151 : }
152 9 : if (session_info != NULL) {
153 3 : if (context->connection_info.multi_key_conn_req) {
154 2 : status = libspdm_append_message_encap_d(context, session_info, true,
155 : spdm_response, *response_size);
156 2 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
157 0 : return libspdm_generate_encap_error_response(
158 : context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
159 : response_size, response);
160 : }
161 : }
162 : }
163 :
164 9 : return LIBSPDM_STATUS_SUCCESS;
165 : }
166 :
167 : #endif /* (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (..) */
|
