Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2024 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_requester_lib.h"
8 :
9 : #if (LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP) && (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && \
10 : (LIBSPDM_ENABLE_CAPABILITY_CERT_CAP)
11 :
12 8 : libspdm_return_t libspdm_get_encap_response_digest(void *spdm_context,
13 : size_t request_size,
14 : void *request,
15 : size_t *response_size,
16 : void *response)
17 : {
18 : spdm_get_digest_request_t *spdm_request;
19 : spdm_digest_response_t *spdm_response;
20 : size_t index;
21 : uint32_t hash_size;
22 : uint8_t *digest;
23 : libspdm_context_t *context;
24 : libspdm_return_t status;
25 : bool result;
26 : /*total populated slot count*/
27 : uint8_t slot_count;
28 : /*populated slot index*/
29 : uint8_t slot_index;
30 : uint32_t session_id;
31 : libspdm_session_info_t *session_info;
32 : size_t additional_size;
33 : spdm_key_pair_id_t *key_pair_id;
34 : spdm_certificate_info_t *cert_info;
35 : spdm_key_usage_bit_mask_t *key_usage_bit_mask;
36 :
37 8 : context = spdm_context;
38 8 : spdm_request = request;
39 :
40 8 : if (libspdm_get_connection_version(context) < SPDM_MESSAGE_VERSION_11) {
41 0 : return libspdm_generate_encap_error_response(
42 : context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
43 : SPDM_GET_DIGESTS, response_size, response);
44 : }
45 :
46 8 : if (spdm_request->header.spdm_version != libspdm_get_connection_version(context)) {
47 0 : return libspdm_generate_encap_error_response(
48 : context, SPDM_ERROR_CODE_VERSION_MISMATCH,
49 : 0, response_size, response);
50 : }
51 :
52 8 : if (!libspdm_is_capabilities_flag_supported(
53 : context, true,
54 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP, 0)) {
55 0 : return libspdm_generate_encap_error_response(
56 : context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
57 : SPDM_GET_DIGESTS, response_size, response);
58 : }
59 :
60 8 : if (request_size < sizeof(spdm_get_digest_request_t)) {
61 0 : return libspdm_generate_encap_error_response(
62 : context, SPDM_ERROR_CODE_INVALID_REQUEST, 0,
63 : response_size, response);
64 : }
65 :
66 8 : libspdm_reset_message_buffer_via_request_code(context, NULL,
67 8 : spdm_request->header.request_response_code);
68 :
69 8 : hash_size = libspdm_get_hash_size(
70 : context->connection_info.algorithm.base_hash_algo);
71 :
72 8 : slot_count = libspdm_get_cert_slot_count(context);
73 8 : additional_size = 0;
74 8 : if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
75 3 : context->connection_info.multi_key_conn_req) {
76 2 : additional_size = sizeof(spdm_key_pair_id_t) + sizeof(spdm_certificate_info_t) +
77 : sizeof(spdm_key_usage_bit_mask_t);
78 : }
79 8 : LIBSPDM_ASSERT(*response_size >=
80 : sizeof(spdm_digest_response_t) + (hash_size + additional_size) * slot_count);
81 8 : *response_size = sizeof(spdm_digest_response_t) + (hash_size + additional_size) * slot_count;
82 8 : libspdm_zero_mem(response, *response_size);
83 8 : spdm_response = response;
84 :
85 8 : spdm_response->header.spdm_version = spdm_request->header.spdm_version;
86 8 : spdm_response->header.request_response_code = SPDM_DIGESTS;
87 8 : spdm_response->header.param1 = 0;
88 8 : spdm_response->header.param2 = 0;
89 :
90 8 : if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
91 3 : spdm_response->header.param1 = context->local_context.local_supported_slot_mask;
92 : }
93 :
94 8 : digest = (void *)(spdm_response + 1);
95 8 : key_pair_id = (spdm_key_pair_id_t *)((uint8_t *)digest + hash_size * slot_count);
96 8 : cert_info = (spdm_certificate_info_t *)((uint8_t *)key_pair_id +
97 8 : sizeof(spdm_key_pair_id_t) * slot_count);
98 8 : key_usage_bit_mask = (spdm_key_usage_bit_mask_t *)((uint8_t *)cert_info +
99 8 : sizeof(spdm_certificate_info_t) *
100 : slot_count);
101 :
102 8 : slot_index = 0;
103 72 : for (index = 0; index < SPDM_MAX_SLOT_COUNT; index++) {
104 64 : if (context->local_context
105 64 : .local_cert_chain_provision[index] != NULL) {
106 12 : spdm_response->header.param2 |= (1 << index);
107 12 : result = libspdm_generate_cert_chain_hash(context, index,
108 12 : &digest[hash_size * slot_index]);
109 12 : if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
110 10 : context->connection_info.multi_key_conn_req) {
111 9 : key_pair_id[slot_index] = context->local_context.local_key_pair_id[index];
112 9 : cert_info[slot_index] = context->local_context.local_cert_info[index];
113 9 : key_usage_bit_mask[slot_index] =
114 9 : context->local_context.local_key_usage_bit_mask[index];
115 : }
116 12 : slot_index++;
117 12 : if (!result) {
118 0 : return libspdm_generate_encap_error_response(
119 : context, SPDM_ERROR_CODE_UNSPECIFIED,
120 : 0, response_size, response);
121 : }
122 : }
123 : }
124 :
125 : /* Cache*/
126 :
127 8 : status = libspdm_append_message_mut_b(context, spdm_request,
128 : request_size);
129 8 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
130 0 : return libspdm_generate_encap_error_response(
131 : context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
132 : response_size, response);
133 : }
134 :
135 8 : status = libspdm_append_message_mut_b(context, spdm_response,
136 : *response_size);
137 8 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
138 0 : return libspdm_generate_encap_error_response(
139 : context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
140 : response_size, response);
141 : }
142 :
143 8 : if (context->last_spdm_request_session_id_valid) {
144 3 : session_id = context->last_spdm_request_session_id;
145 : } else {
146 5 : session_id = context->latest_session_id;
147 : }
148 8 : if (session_id != INVALID_SESSION_ID) {
149 3 : session_info = libspdm_get_session_info_via_session_id(context, session_id);
150 : } else {
151 5 : session_info = NULL;
152 : }
153 8 : if (session_info != NULL) {
154 3 : if (context->connection_info.multi_key_conn_req) {
155 2 : status = libspdm_append_message_encap_d(context, session_info, true,
156 : spdm_response, *response_size);
157 2 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
158 0 : return libspdm_generate_encap_error_response(
159 : context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
160 : response_size, response);
161 : }
162 : }
163 : }
164 :
165 8 : return LIBSPDM_STATUS_SUCCESS;
166 : }
167 :
168 : #endif /* (LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP) && (..) */
|
