Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_requester_lib.h"
8 : #include "internal/libspdm_secured_message_lib.h"
9 :
10 : #if LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP
11 :
12 : #pragma pack(1)
13 : typedef struct {
14 : spdm_message_header_t header;
15 : uint16_t opaque_length;
16 : uint8_t opaque_data[SPDM_MAX_OPAQUE_DATA_SIZE];
17 : uint8_t signature[LIBSPDM_REQ_SIGNATURE_DATA_MAX_SIZE];
18 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
19 : } libspdm_finish_request_mine_t;
20 :
21 : typedef struct {
22 : spdm_message_header_t header;
23 : uint16_t opaque_length;
24 : uint8_t opaque_data[SPDM_MAX_OPAQUE_DATA_SIZE];
25 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
26 : } libspdm_finish_response_mine_t;
27 : #pragma pack()
28 :
29 9 : bool libspdm_verify_finish_rsp_hmac(libspdm_context_t *spdm_context,
30 : libspdm_session_info_t *session_info,
31 : const void *hmac_data, size_t hmac_data_size)
32 : {
33 : size_t hash_size;
34 : uint8_t calc_hmac_data[LIBSPDM_MAX_HASH_SIZE];
35 : bool result;
36 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
37 : uint8_t slot_id;
38 : uint8_t *cert_chain_buffer;
39 : size_t cert_chain_buffer_size;
40 : uint8_t *mut_cert_chain_buffer;
41 : size_t mut_cert_chain_buffer_size;
42 : uint8_t *th_curr_data;
43 : size_t th_curr_data_size;
44 : libspdm_th_managed_buffer_t th_curr;
45 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
46 : #endif
47 :
48 9 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
49 9 : LIBSPDM_ASSERT(hash_size == hmac_data_size);
50 :
51 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
52 : slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id;
53 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
54 : if (slot_id == 0xFF) {
55 : result = libspdm_get_peer_public_key_buffer(
56 : spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
57 : } else {
58 : result = libspdm_get_peer_cert_chain_buffer(
59 : spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
60 : }
61 : if (!result) {
62 : return false;
63 : }
64 :
65 : if (session_info->mut_auth_requested != 0) {
66 : slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
67 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
68 : if (slot_id == 0xFF) {
69 : result = libspdm_get_local_public_key_buffer(
70 : spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size);
71 : } else {
72 : result = libspdm_get_local_cert_chain_buffer(
73 : spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size);
74 : }
75 : if (!result) {
76 : return false;
77 : }
78 : } else {
79 : mut_cert_chain_buffer = NULL;
80 : mut_cert_chain_buffer_size = 0;
81 : }
82 :
83 : result = libspdm_calculate_th_for_finish(
84 : spdm_context, session_info, cert_chain_buffer,
85 : cert_chain_buffer_size, mut_cert_chain_buffer,
86 : mut_cert_chain_buffer_size, &th_curr);
87 : if (!result) {
88 : return false;
89 : }
90 : th_curr_data = libspdm_get_managed_buffer(&th_curr);
91 : th_curr_data_size = libspdm_get_managed_buffer_size(&th_curr);
92 :
93 : result = libspdm_hash_all (spdm_context->connection_info.algorithm.base_hash_algo,
94 : th_curr_data, th_curr_data_size, hash_data);
95 : if (!result) {
96 : return false;
97 : }
98 :
99 : result = libspdm_hmac_all_with_response_finished_key(
100 : session_info->secured_message_context, hash_data,
101 : hash_size, calc_hmac_data);
102 : if (!result) {
103 : return false;
104 : }
105 : #else
106 9 : result = libspdm_calculate_th_hmac_for_finish_rsp(
107 : spdm_context, session_info, &hash_size, calc_hmac_data);
108 9 : if (!result) {
109 0 : return false;
110 : }
111 : #endif
112 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_curr hmac - "));
113 9 : LIBSPDM_INTERNAL_DUMP_DATA(calc_hmac_data, hash_size);
114 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
115 :
116 9 : if (!libspdm_consttime_is_mem_equal(calc_hmac_data, hmac_data, hash_size)) {
117 2 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "!!! verify_finish_rsp_hmac - FAIL !!!\n"));
118 2 : return false;
119 : }
120 7 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "!!! verify_finish_rsp_hmac - PASS !!!\n"));
121 :
122 7 : return true;
123 : }
124 :
125 38 : bool libspdm_generate_finish_req_hmac(libspdm_context_t *spdm_context,
126 : libspdm_session_info_t *session_info,
127 : void *hmac)
128 : {
129 : size_t hash_size;
130 : uint8_t calc_hmac_data[LIBSPDM_MAX_HASH_SIZE];
131 : bool result;
132 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
133 : uint8_t slot_id;
134 : uint8_t *cert_chain_buffer;
135 : size_t cert_chain_buffer_size;
136 : uint8_t *mut_cert_chain_buffer;
137 : size_t mut_cert_chain_buffer_size;
138 : uint8_t *th_curr_data;
139 : size_t th_curr_data_size;
140 : libspdm_th_managed_buffer_t th_curr;
141 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
142 : #endif
143 :
144 38 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
145 :
146 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
147 : slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id;
148 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
149 : if (slot_id == 0xFF) {
150 : result = libspdm_get_peer_public_key_buffer(
151 : spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
152 : } else {
153 : result = libspdm_get_peer_cert_chain_buffer(
154 : spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
155 : }
156 : if (!result) {
157 : return false;
158 : }
159 :
160 : if (session_info->mut_auth_requested != 0) {
161 : slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
162 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
163 : if (slot_id == 0xFF) {
164 : result = libspdm_get_local_public_key_buffer(
165 : spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size);
166 : } else {
167 : result = libspdm_get_local_cert_chain_buffer(
168 : spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size);
169 : }
170 : if (!result) {
171 : return false;
172 : }
173 : } else {
174 : mut_cert_chain_buffer = NULL;
175 : mut_cert_chain_buffer_size = 0;
176 : }
177 :
178 : result = libspdm_calculate_th_for_finish(
179 : spdm_context, session_info, cert_chain_buffer,
180 : cert_chain_buffer_size, mut_cert_chain_buffer,
181 : mut_cert_chain_buffer_size, &th_curr);
182 : if (!result) {
183 : return false;
184 : }
185 : th_curr_data = libspdm_get_managed_buffer(&th_curr);
186 : th_curr_data_size = libspdm_get_managed_buffer_size(&th_curr);
187 :
188 : result = libspdm_hash_all (spdm_context->connection_info.algorithm.base_hash_algo,
189 : th_curr_data, th_curr_data_size, hash_data);
190 : if (!result) {
191 : return false;
192 : }
193 :
194 : result = libspdm_hmac_all_with_request_finished_key(
195 : session_info->secured_message_context, hash_data,
196 : hash_size, calc_hmac_data);
197 : if (!result) {
198 : return false;
199 : }
200 : #else
201 38 : result = libspdm_calculate_th_hmac_for_finish_req(
202 : spdm_context, session_info, &hash_size, calc_hmac_data);
203 38 : if (!result) {
204 0 : return false;
205 : }
206 : #endif
207 38 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_curr hmac - "));
208 38 : LIBSPDM_INTERNAL_DUMP_DATA(calc_hmac_data, hash_size);
209 38 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
210 :
211 38 : libspdm_copy_mem(hmac, hash_size, calc_hmac_data, hash_size);
212 :
213 38 : return true;
214 : }
215 :
216 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
217 :
218 5 : bool libspdm_generate_finish_req_signature(libspdm_context_t *spdm_context,
219 : libspdm_session_info_t *session_info,
220 : uint8_t *signature)
221 : {
222 : bool result;
223 : size_t signature_size;
224 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
225 : uint8_t slot_id;
226 : uint8_t *cert_chain_buffer;
227 : size_t cert_chain_buffer_size;
228 : uint8_t *mut_cert_chain_buffer;
229 : size_t mut_cert_chain_buffer_size;
230 : uint8_t *th_curr_data;
231 : size_t th_curr_data_size;
232 : libspdm_th_managed_buffer_t th_curr;
233 : #endif
234 : #if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE)
235 : size_t hash_size;
236 : #endif
237 : #if ((LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) && (LIBSPDM_DEBUG_BLOCK_ENABLE)) || \
238 : !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT)
239 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
240 : #endif
241 :
242 5 : if (spdm_context->connection_info.algorithm.req_pqc_asym_alg != 0) {
243 0 : signature_size = libspdm_get_req_pqc_asym_signature_size(
244 : spdm_context->connection_info.algorithm.req_pqc_asym_alg);
245 : } else {
246 5 : signature_size = libspdm_get_req_asym_signature_size(
247 5 : spdm_context->connection_info.algorithm.req_base_asym_alg);
248 : }
249 :
250 : #if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE)
251 5 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
252 : #endif
253 :
254 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
255 : slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id;
256 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
257 : if (slot_id == 0xFF) {
258 : result = libspdm_get_peer_public_key_buffer(
259 : spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
260 : } else {
261 : result = libspdm_get_peer_cert_chain_buffer(
262 : spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
263 : }
264 : if (!result) {
265 : return false;
266 : }
267 :
268 : slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
269 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
270 : if (slot_id == 0xFF) {
271 : result = libspdm_get_local_public_key_buffer(
272 : spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size);
273 : } else {
274 : result = libspdm_get_local_cert_chain_buffer(
275 : spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size);
276 : }
277 : if (!result) {
278 : return false;
279 : }
280 :
281 : result = libspdm_calculate_th_for_finish(
282 : spdm_context, session_info, cert_chain_buffer,
283 : cert_chain_buffer_size, mut_cert_chain_buffer,
284 : mut_cert_chain_buffer_size, &th_curr);
285 : if (!result) {
286 : return false;
287 : }
288 : th_curr_data = libspdm_get_managed_buffer(&th_curr);
289 : th_curr_data_size = libspdm_get_managed_buffer_size(&th_curr);
290 :
291 : /* Debug code only - required for debug print of th_curr below*/
292 : LIBSPDM_DEBUG_CODE(
293 : if (!libspdm_hash_all(
294 : spdm_context->connection_info.algorithm.base_hash_algo,
295 : th_curr_data, th_curr_data_size, hash_data)) {
296 : return false;
297 : }
298 : );
299 : #else
300 5 : result = libspdm_calculate_th_hash_for_finish(
301 : spdm_context, session_info, &hash_size, hash_data);
302 5 : if (!result) {
303 0 : return false;
304 : }
305 : #endif
306 5 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_curr hash - "));
307 5 : LIBSPDM_INTERNAL_DUMP_DATA(hash_data, hash_size);
308 5 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
309 :
310 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
311 : result = libspdm_requester_data_sign(
312 : spdm_context,
313 : spdm_context->connection_info.version, SPDM_FINISH,
314 : spdm_context->connection_info.algorithm.req_base_asym_alg,
315 : spdm_context->connection_info.algorithm.req_pqc_asym_alg,
316 : spdm_context->connection_info.algorithm.base_hash_algo,
317 : false, th_curr_data, th_curr_data_size, signature, &signature_size);
318 : #else
319 5 : result = libspdm_requester_data_sign(
320 : spdm_context,
321 5 : spdm_context->connection_info.version, SPDM_FINISH,
322 5 : spdm_context->connection_info.algorithm.req_base_asym_alg,
323 : spdm_context->connection_info.algorithm.req_pqc_asym_alg,
324 : spdm_context->connection_info.algorithm.base_hash_algo,
325 : true, hash_data, hash_size, signature, &signature_size);
326 : #endif
327 5 : if (result) {
328 5 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "signature - "));
329 5 : LIBSPDM_INTERNAL_DUMP_DATA(signature, signature_size);
330 5 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
331 : }
332 :
333 5 : return result;
334 : }
335 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
336 :
337 : /**
338 : * This function sends FINISH and receives FINISH_RSP for SPDM finish.
339 : *
340 : * @param spdm_context A pointer to the SPDM context.
341 : * @param session_id session_id to the FINISH request.
342 : * @param req_slot_id_param req_slot_id_param to the FINISH request.
343 : **/
344 42 : static libspdm_return_t libspdm_try_send_receive_finish(
345 : libspdm_context_t *spdm_context,
346 : uint32_t session_id,
347 : uint8_t req_slot_id_param,
348 : const void *requester_opaque_data,
349 : size_t requester_opaque_data_size,
350 : void *responder_opaque_data,
351 : size_t *responder_opaque_data_size)
352 : {
353 : libspdm_return_t status;
354 : libspdm_finish_request_mine_t *spdm_request;
355 : size_t spdm_request_size;
356 : size_t signature_size;
357 : size_t hmac_size;
358 : libspdm_finish_response_mine_t *spdm_response;
359 : size_t spdm_response_size;
360 : libspdm_session_info_t *session_info;
361 : uint8_t *ptr;
362 : bool result;
363 : uint8_t th2_hash_data[LIBSPDM_MAX_HASH_SIZE];
364 : libspdm_session_state_t session_state;
365 : uint8_t *message;
366 : size_t message_size;
367 : size_t transport_header_size;
368 : size_t opaque_data_entry_size;
369 : size_t opaque_data_size;
370 :
371 : /* -=[Check Parameters Phase]=- */
372 42 : if (libspdm_get_connection_version(spdm_context) < SPDM_MESSAGE_VERSION_11) {
373 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
374 : }
375 :
376 42 : session_info = libspdm_get_session_info_via_session_id(spdm_context, session_id);
377 42 : if (session_info == NULL) {
378 0 : status = LIBSPDM_STATUS_INVALID_PARAMETER;
379 0 : goto error;
380 : }
381 :
382 : /* -=[Verify State Phase]=- */
383 42 : if (!libspdm_is_capabilities_flag_supported(
384 : spdm_context, true,
385 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP,
386 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP)) {
387 1 : status = LIBSPDM_STATUS_UNSUPPORTED_CAP;
388 1 : goto error;
389 : }
390 :
391 41 : if (spdm_context->connection_info.connection_state < LIBSPDM_CONNECTION_STATE_NEGOTIATED) {
392 2 : status = LIBSPDM_STATUS_INVALID_STATE_LOCAL;
393 2 : goto error;
394 : }
395 :
396 39 : session_state = libspdm_secured_message_get_session_state(
397 : session_info->secured_message_context);
398 39 : if (session_state != LIBSPDM_SESSION_STATE_HANDSHAKING) {
399 1 : status = LIBSPDM_STATUS_INVALID_STATE_LOCAL;
400 1 : goto error;
401 : }
402 38 : if (session_info->mut_auth_requested != 0) {
403 5 : if ((req_slot_id_param >= SPDM_MAX_SLOT_COUNT) && (req_slot_id_param != 0xFF)) {
404 0 : status = LIBSPDM_STATUS_INVALID_PARAMETER;
405 0 : goto error;
406 : }
407 : } else {
408 33 : if (req_slot_id_param != 0) {
409 0 : status = LIBSPDM_STATUS_INVALID_PARAMETER;
410 0 : goto error;
411 : }
412 : }
413 :
414 : /* -=[Construct Request Phase]=- */
415 38 : transport_header_size = spdm_context->local_context.capability.transport_header_size;
416 38 : status = libspdm_acquire_sender_buffer (spdm_context, &message_size, (void **)&message);
417 38 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
418 0 : goto error;
419 : }
420 38 : LIBSPDM_ASSERT (message_size >= transport_header_size +
421 : spdm_context->local_context.capability.transport_tail_size);
422 38 : spdm_request = (void *)(message + transport_header_size);
423 38 : spdm_request_size = message_size - transport_header_size -
424 38 : spdm_context->local_context.capability.transport_tail_size;
425 :
426 38 : LIBSPDM_ASSERT(spdm_request_size >= sizeof(spdm_request->header));
427 38 : spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
428 38 : spdm_request->header.request_response_code = SPDM_FINISH;
429 38 : spdm_request->header.param1 = 0;
430 38 : spdm_request->header.param2 = 0;
431 :
432 38 : ptr = (uint8_t *)spdm_request + sizeof(spdm_finish_request_t);
433 38 : if (libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_14) {
434 1 : if (requester_opaque_data != NULL) {
435 0 : LIBSPDM_ASSERT(requester_opaque_data_size <= SPDM_MAX_OPAQUE_DATA_SIZE);
436 0 : LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_finish_request_t) +
437 : sizeof(uint16_t) + requester_opaque_data_size);
438 :
439 0 : libspdm_write_uint16(ptr, (uint16_t)requester_opaque_data_size);
440 0 : ptr += sizeof(uint16_t);
441 :
442 0 : libspdm_copy_mem(ptr,
443 : (spdm_request_size - (sizeof(spdm_finish_request_t) +
444 : sizeof(uint16_t))),
445 : requester_opaque_data, requester_opaque_data_size);
446 0 : opaque_data_size = requester_opaque_data_size;
447 : } else {
448 1 : opaque_data_size = 0;
449 1 : LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_finish_request_t) +
450 : sizeof(uint16_t) + opaque_data_size);
451 :
452 1 : libspdm_write_uint16(ptr, (uint16_t)opaque_data_size);
453 1 : ptr += sizeof(uint16_t);
454 : }
455 1 : ptr += opaque_data_size;
456 1 : opaque_data_entry_size = sizeof(uint16_t) + opaque_data_size;
457 : } else {
458 37 : opaque_data_entry_size = 0;
459 : }
460 :
461 38 : signature_size = 0;
462 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
463 38 : if (session_info->mut_auth_requested != 0) {
464 5 : spdm_request->header.param1 = SPDM_FINISH_REQUEST_ATTRIBUTES_SIGNATURE_INCLUDED;
465 5 : spdm_request->header.param2 = req_slot_id_param;
466 5 : if (spdm_context->connection_info.algorithm.req_pqc_asym_alg != 0) {
467 0 : signature_size = libspdm_get_req_pqc_asym_signature_size(
468 : spdm_context->connection_info.algorithm.req_pqc_asym_alg);
469 : } else {
470 5 : signature_size = libspdm_get_req_asym_signature_size(
471 5 : spdm_context->connection_info.algorithm.req_base_asym_alg);
472 : }
473 : }
474 : #endif
475 :
476 38 : spdm_context->connection_info.local_used_cert_chain_slot_id = req_slot_id_param;
477 38 : if ((session_info->mut_auth_requested != 0) && (req_slot_id_param != 0xFF)) {
478 5 : LIBSPDM_ASSERT(req_slot_id_param < SPDM_MAX_SLOT_COUNT);
479 5 : spdm_context->connection_info.local_used_cert_chain_buffer =
480 5 : spdm_context->local_context.local_cert_chain_provision[req_slot_id_param];
481 5 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
482 5 : spdm_context->local_context.local_cert_chain_provision_size[req_slot_id_param];
483 : }
484 :
485 38 : hmac_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
486 38 : LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_finish_request_t) + opaque_data_entry_size +
487 : signature_size + hmac_size);
488 38 : spdm_request_size = sizeof(spdm_finish_request_t) + opaque_data_entry_size +
489 38 : signature_size + hmac_size;
490 :
491 38 : status = libspdm_append_message_f(spdm_context, session_info, true, (uint8_t *)spdm_request,
492 38 : spdm_request_size - signature_size - hmac_size);
493 38 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
494 0 : libspdm_release_sender_buffer (spdm_context);
495 0 : goto error;
496 : }
497 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
498 38 : if (session_info->mut_auth_requested != 0) {
499 5 : result = libspdm_generate_finish_req_signature(spdm_context, session_info, ptr);
500 5 : if (!result) {
501 0 : libspdm_release_sender_buffer (spdm_context);
502 0 : status = LIBSPDM_STATUS_CRYPTO_ERROR;
503 0 : goto error;
504 : }
505 5 : status = libspdm_append_message_f(spdm_context, session_info, true, ptr, signature_size);
506 5 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
507 0 : libspdm_release_sender_buffer (spdm_context);
508 0 : goto error;
509 : }
510 5 : ptr += signature_size;
511 : }
512 : #endif
513 :
514 38 : result = libspdm_generate_finish_req_hmac(spdm_context, session_info, ptr);
515 38 : if (!result) {
516 0 : libspdm_release_sender_buffer (spdm_context);
517 0 : status = LIBSPDM_STATUS_CRYPTO_ERROR;
518 0 : goto error;
519 : }
520 :
521 38 : status = libspdm_append_message_f(spdm_context, session_info, true, ptr, hmac_size);
522 38 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
523 0 : libspdm_release_sender_buffer (spdm_context);
524 0 : goto error;
525 : }
526 :
527 : /* -=[Send Request Phase]=- */
528 38 : status = libspdm_send_spdm_request(spdm_context, &session_id, spdm_request_size, spdm_request);
529 38 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
530 1 : libspdm_release_sender_buffer (spdm_context);
531 1 : goto error;
532 : }
533 :
534 37 : libspdm_reset_message_buffer_via_request_code(spdm_context, session_info, SPDM_FINISH);
535 :
536 37 : libspdm_release_sender_buffer (spdm_context);
537 37 : spdm_request = (void *)spdm_context->last_spdm_request;
538 :
539 : /* -=[Receive Response Phase]=- */
540 37 : status = libspdm_acquire_receiver_buffer (spdm_context, &message_size, (void **)&message);
541 37 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
542 0 : goto error;
543 : }
544 37 : LIBSPDM_ASSERT (message_size >= transport_header_size);
545 37 : spdm_response = (void *)(message);
546 37 : spdm_response_size = message_size;
547 :
548 37 : status = libspdm_receive_spdm_response(
549 : spdm_context, &session_id, &spdm_response_size, (void **)&spdm_response);
550 37 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
551 0 : goto receive_done;
552 : }
553 :
554 : /* -=[Validate Response Phase]=- */
555 37 : if (spdm_response_size < sizeof(spdm_message_header_t)) {
556 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
557 0 : goto receive_done;
558 : }
559 37 : if (spdm_response->header.request_response_code == SPDM_ERROR) {
560 25 : if (spdm_response->header.param1 == SPDM_ERROR_CODE_DECRYPT_ERROR) {
561 2 : status = LIBSPDM_STATUS_SESSION_MSG_ERROR;
562 2 : goto receive_done;
563 : }
564 23 : if (spdm_response->header.param1 != SPDM_ERROR_CODE_RESPONSE_NOT_READY) {
565 21 : libspdm_reset_message_f (spdm_context, session_info);
566 : }
567 23 : status = libspdm_handle_error_response_main(
568 : spdm_context, &session_id,
569 : &spdm_response_size, (void **)&spdm_response,
570 : SPDM_FINISH, SPDM_FINISH_RSP);
571 23 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
572 22 : goto receive_done;
573 : }
574 12 : } else if (spdm_response->header.request_response_code != SPDM_FINISH_RSP) {
575 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
576 1 : goto receive_done;
577 : }
578 12 : if (spdm_response->header.spdm_version != spdm_request->header.spdm_version) {
579 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
580 0 : goto receive_done;
581 : }
582 :
583 12 : if (!libspdm_is_capabilities_flag_supported(
584 : spdm_context, true,
585 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP,
586 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP)) {
587 2 : hmac_size = 0;
588 : }
589 :
590 12 : ptr = (uint8_t *)spdm_response + sizeof(spdm_finish_response_t);
591 :
592 12 : if (libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_14) {
593 1 : if (spdm_response_size < sizeof(spdm_finish_response_t) + sizeof(uint16_t) + hmac_size) {
594 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
595 0 : goto receive_done;
596 : }
597 1 : opaque_data_size = libspdm_read_uint16((const uint8_t *)ptr);
598 1 : ptr += sizeof(uint16_t);
599 1 : if (opaque_data_size > SPDM_MAX_OPAQUE_DATA_SIZE) {
600 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
601 0 : goto receive_done;
602 : }
603 1 : if (spdm_response_size < sizeof(spdm_finish_response_t) + sizeof(uint16_t) +
604 1 : opaque_data_size + hmac_size) {
605 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
606 0 : goto receive_done;
607 : }
608 :
609 1 : if ((responder_opaque_data != NULL) && (responder_opaque_data_size != NULL)) {
610 0 : if (opaque_data_size >= *responder_opaque_data_size) {
611 0 : status = LIBSPDM_STATUS_BUFFER_TOO_SMALL;
612 0 : goto receive_done;
613 : }
614 0 : libspdm_copy_mem(responder_opaque_data, *responder_opaque_data_size,
615 : ptr, opaque_data_size);
616 0 : *responder_opaque_data_size = opaque_data_size;
617 : }
618 :
619 1 : ptr += opaque_data_size;
620 1 : opaque_data_entry_size = sizeof(uint16_t) + opaque_data_size;
621 : } else {
622 11 : if (spdm_response_size < sizeof(spdm_finish_response_t) + hmac_size) {
623 1 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
624 1 : goto receive_done;
625 : }
626 10 : if ((responder_opaque_data != NULL) && (responder_opaque_data_size != NULL)) {
627 0 : *responder_opaque_data_size = 0;
628 : }
629 10 : opaque_data_entry_size = 0;
630 : }
631 11 : spdm_response_size = sizeof(spdm_finish_response_t) + opaque_data_entry_size + hmac_size;
632 :
633 11 : status = libspdm_append_message_f(spdm_context, session_info, true, spdm_response,
634 : spdm_response_size - hmac_size);
635 11 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
636 0 : goto receive_done;
637 : }
638 :
639 11 : if (libspdm_is_capabilities_flag_supported(
640 : spdm_context, true,
641 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP,
642 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP)) {
643 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "verify_data (0x%zx):\n", hmac_size));
644 9 : LIBSPDM_INTERNAL_DUMP_HEX(ptr, hmac_size);
645 9 : result = libspdm_verify_finish_rsp_hmac(spdm_context, session_info,
646 : ptr, hmac_size);
647 9 : if (!result) {
648 2 : status = LIBSPDM_STATUS_VERIF_FAIL;
649 2 : goto receive_done;
650 : }
651 :
652 7 : status = libspdm_append_message_f(
653 : spdm_context, session_info, true,
654 : ptr, hmac_size);
655 7 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
656 0 : goto receive_done;
657 : }
658 : }
659 :
660 : /* -=[Process Response Phase]=- */
661 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "libspdm_generate_session_data_key[%x]\n", session_id));
662 9 : result = libspdm_calculate_th2_hash(spdm_context, session_info, true, th2_hash_data);
663 9 : if (!result) {
664 0 : status = LIBSPDM_STATUS_CRYPTO_ERROR;
665 0 : goto receive_done;
666 : }
667 9 : result = libspdm_generate_session_data_key(
668 : session_info->secured_message_context, th2_hash_data);
669 9 : if (!result) {
670 0 : status = LIBSPDM_STATUS_CRYPTO_ERROR;
671 0 : goto receive_done;
672 : }
673 :
674 : /* -=[Update State Phase]=- */
675 9 : libspdm_secured_message_set_session_state(
676 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_ESTABLISHED);
677 :
678 : /* -=[Log Message Phase]=- */
679 : #if LIBSPDM_ENABLE_MSG_LOG
680 9 : libspdm_append_msg_log(spdm_context, spdm_response, spdm_response_size);
681 : #endif /* LIBSPDM_ENABLE_MSG_LOG */
682 :
683 9 : libspdm_release_receiver_buffer (spdm_context);
684 :
685 9 : return LIBSPDM_STATUS_SUCCESS;
686 :
687 28 : receive_done:
688 28 : libspdm_release_receiver_buffer (spdm_context);
689 33 : error:
690 33 : if (status != LIBSPDM_STATUS_BUSY_PEER) {
691 31 : libspdm_free_session_id(spdm_context, session_id);
692 : }
693 :
694 33 : return status;
695 : }
696 :
697 41 : libspdm_return_t libspdm_send_receive_finish(libspdm_context_t *spdm_context,
698 : uint32_t session_id,
699 : uint8_t req_slot_id_param)
700 : {
701 : size_t retry;
702 : uint64_t retry_delay_time;
703 : libspdm_return_t status;
704 :
705 41 : spdm_context->crypto_request = true;
706 41 : retry = spdm_context->retry_times;
707 41 : retry_delay_time = spdm_context->retry_delay_time;
708 : do {
709 42 : status = libspdm_try_send_receive_finish(spdm_context, session_id,
710 : req_slot_id_param,
711 : NULL, 0, NULL, NULL);
712 42 : if (status != LIBSPDM_STATUS_BUSY_PEER) {
713 40 : return status;
714 : }
715 :
716 2 : libspdm_sleep(retry_delay_time);
717 2 : } while (retry-- != 0);
718 :
719 1 : return status;
720 : }
721 :
722 0 : libspdm_return_t libspdm_send_receive_finish_ex(
723 : libspdm_context_t *spdm_context,
724 : uint32_t session_id,
725 : uint8_t req_slot_id_param,
726 : const void *requester_opaque_data,
727 : size_t requester_opaque_data_size,
728 : void *responder_opaque_data,
729 : size_t *responder_opaque_data_size)
730 : {
731 : size_t retry;
732 : uint64_t retry_delay_time;
733 : libspdm_return_t status;
734 :
735 0 : spdm_context->crypto_request = true;
736 0 : retry = spdm_context->retry_times;
737 0 : retry_delay_time = spdm_context->retry_delay_time;
738 : do {
739 0 : status = libspdm_try_send_receive_finish(spdm_context, session_id,
740 : req_slot_id_param,
741 : requester_opaque_data,
742 : requester_opaque_data_size,
743 : responder_opaque_data,
744 : responder_opaque_data_size);
745 0 : if (status != LIBSPDM_STATUS_BUSY_PEER) {
746 0 : return status;
747 : }
748 :
749 0 : libspdm_sleep(retry_delay_time);
750 0 : } while (retry-- != 0);
751 :
752 0 : return status;
753 : }
754 :
755 : #endif /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/
|
