Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_requester_lib.h"
8 :
9 : #if LIBSPDM_SEND_GET_ENDPOINT_INFO_SUPPORT
10 :
11 : /**
12 : * This function sends GET_ENDPOINT_INFO and receives ENDPOINT_INFO *
13 : *
14 : *
15 : * @param context A pointer to the SPDM context.
16 : * @param session_id Indicates if it is a secured message protected via SPDM session.
17 : * If session_id is NULL, it is a normal message.
18 : * If session_id is not NULL, it is a secured message.
19 : * @param request_attributes The request attribute of the request message.
20 : * @param sub_code The subcode of endpoint info.
21 : * @param slot_id The number of slot for the endpoint info.
22 : * @param ep_info_len On input, indicate the size in bytes of the destination buffer
23 : * to store the endpoint info record.
24 : * On output, indicate the size in bytes of the endpoint info record.
25 : * @param ep_info A pointer to a destination buffer to store the endpoint info record.
26 : * @param requester_nonce_in If not NULL, a buffer that holds the requester nonce (32 bytes)
27 : * @param requester_nonce If not NULL, a buffer to hold the requester nonce (32 bytes).
28 : * @param responder_nonce If not NULL, a buffer to hold the responder nonce (32 bytes).
29 : *
30 : **/
31 48 : static libspdm_return_t libspdm_try_get_endpoint_info(libspdm_context_t *spdm_context,
32 : const uint32_t *session_id,
33 : uint8_t request_attributes,
34 : uint8_t sub_code,
35 : uint8_t slot_id,
36 : uint32_t *ep_info_len,
37 : void *ep_info,
38 : const void *requester_nonce_in,
39 : void *requester_nonce,
40 : void *responder_nonce)
41 : {
42 : bool result;
43 : libspdm_return_t status;
44 : spdm_get_endpoint_info_request_t *spdm_request;
45 : size_t spdm_request_size;
46 : spdm_endpoint_info_response_t *spdm_response;
47 : size_t spdm_response_size;
48 :
49 : uint8_t *message;
50 : size_t message_size;
51 : size_t transport_header_size;
52 : libspdm_session_info_t *session_info;
53 : libspdm_session_state_t session_state;
54 : uint8_t *spdm_nonce;
55 : void *signature;
56 : size_t signature_size;
57 : uint32_t ep_info_data_len;
58 : uint8_t *ep_info_data;
59 : uint8_t *ptr;
60 :
61 : /* -=[Check Parameters Phase]=- */
62 48 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xF));
63 48 : LIBSPDM_ASSERT((slot_id != 0xF) ||
64 : (spdm_context->local_context.peer_public_key_provision_size != 0));
65 :
66 : /* -=[Verify State Phase]=- */
67 48 : if (libspdm_get_connection_version(spdm_context) < SPDM_MESSAGE_VERSION_13) {
68 1 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
69 : }
70 :
71 47 : if (!libspdm_is_capabilities_flag_supported(
72 : spdm_context, true, 0,
73 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP)) {
74 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
75 : }
76 :
77 47 : if (spdm_context->connection_info.connection_state < LIBSPDM_CONNECTION_STATE_NEGOTIATED) {
78 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
79 : }
80 :
81 47 : if (session_id == NULL) {
82 46 : session_info = NULL;
83 : } else {
84 1 : session_info = libspdm_get_session_info_via_session_id(spdm_context, *session_id);
85 1 : if (session_info == NULL) {
86 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
87 : }
88 1 : session_state = libspdm_secured_message_get_session_state(
89 : session_info->secured_message_context);
90 1 : if (session_state != LIBSPDM_SESSION_STATE_ESTABLISHED) {
91 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
92 : }
93 : }
94 :
95 47 : if (libspdm_is_capabilities_flag_supported(
96 : spdm_context, true, 0,
97 6 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP_NO_SIG) &&
98 6 : ((request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) !=
99 : 0)) {
100 1 : return LIBSPDM_STATUS_INVALID_PARAMETER;
101 : }
102 :
103 46 : if ((slot_id != 0) &&
104 3 : (request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) == 0) {
105 1 : return LIBSPDM_STATUS_INVALID_PARAMETER;
106 : }
107 :
108 45 : if ((request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) != 0) {
109 41 : if (spdm_context->connection_info.algorithm.pqc_asym_algo != 0) {
110 0 : signature_size = libspdm_get_pqc_asym_signature_size(
111 : spdm_context->connection_info.algorithm.pqc_asym_algo);
112 : } else {
113 41 : signature_size = libspdm_get_asym_signature_size(
114 : spdm_context->connection_info.algorithm.base_asym_algo);
115 : }
116 : } else {
117 4 : signature_size = 0;
118 : }
119 :
120 45 : libspdm_reset_message_buffer_via_request_code(spdm_context, session_info,
121 : SPDM_GET_ENDPOINT_INFO);
122 :
123 : /* -=[Construct Request Phase]=- */
124 45 : spdm_context->connection_info.peer_used_cert_chain_slot_id = slot_id;
125 45 : transport_header_size = spdm_context->local_context.capability.transport_header_size;
126 45 : status = libspdm_acquire_sender_buffer (spdm_context, &message_size, (void **)&message);
127 45 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
128 0 : return status;
129 : }
130 45 : LIBSPDM_ASSERT (message_size >= transport_header_size +
131 : spdm_context->local_context.capability.transport_tail_size);
132 45 : spdm_request = (void *)(message + transport_header_size);
133 45 : spdm_request_size = message_size - transport_header_size -
134 45 : spdm_context->local_context.capability.transport_tail_size;
135 :
136 45 : LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_get_endpoint_info_request_t));
137 45 : spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
138 45 : spdm_request->header.request_response_code = SPDM_GET_ENDPOINT_INFO;
139 45 : spdm_request->header.param1 = sub_code;
140 45 : spdm_request->header.param2 = slot_id;
141 45 : spdm_request->request_attributes = request_attributes;
142 45 : libspdm_write_uint24(spdm_request->reserved, 0);
143 :
144 45 : if ((request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) != 0) {
145 41 : spdm_request_size = sizeof(spdm_get_endpoint_info_request_t) + SPDM_NONCE_SIZE;
146 41 : spdm_nonce = (uint8_t *)(spdm_request + 1);
147 :
148 41 : if (requester_nonce_in == NULL) {
149 0 : if (!libspdm_get_random_number(SPDM_NONCE_SIZE, spdm_nonce)) {
150 0 : libspdm_release_sender_buffer (spdm_context);
151 0 : return LIBSPDM_STATUS_LOW_ENTROPY;
152 : }
153 : } else {
154 41 : libspdm_copy_mem(spdm_nonce, SPDM_NONCE_SIZE,
155 : requester_nonce_in, SPDM_NONCE_SIZE);
156 : }
157 41 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "RequesterNonce - "));
158 41 : LIBSPDM_INTERNAL_DUMP_DATA(spdm_nonce, SPDM_NONCE_SIZE);
159 41 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
160 :
161 41 : if (requester_nonce != NULL) {
162 41 : libspdm_copy_mem(requester_nonce, SPDM_NONCE_SIZE,
163 : spdm_nonce, SPDM_NONCE_SIZE);
164 : }
165 : } else {
166 4 : spdm_request_size = sizeof(spdm_get_endpoint_info_request_t);
167 : }
168 :
169 : /* -=[Send Request Phase]=- */
170 45 : status = libspdm_send_spdm_request(spdm_context, session_id, spdm_request_size, spdm_request);
171 45 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
172 1 : libspdm_release_sender_buffer (spdm_context);
173 1 : return status;
174 : }
175 44 : libspdm_release_sender_buffer (spdm_context);
176 44 : spdm_request = (void *)spdm_context->last_spdm_request;
177 :
178 : /* -=[Receive Response Phase]=- */
179 44 : status = libspdm_acquire_receiver_buffer (spdm_context, &message_size, (void **)&message);
180 44 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
181 0 : return status;
182 : }
183 44 : LIBSPDM_ASSERT (message_size >= transport_header_size);
184 44 : spdm_response = (void *)(message);
185 44 : spdm_response_size = message_size;
186 :
187 44 : status = libspdm_receive_spdm_response(
188 : spdm_context, session_id, &spdm_response_size, (void **)&spdm_response);
189 44 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
190 0 : goto receive_done;
191 : }
192 :
193 : /* -=[Validate Response Phase]=- */
194 44 : if (spdm_response_size < sizeof(spdm_message_header_t)) {
195 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
196 0 : goto receive_done;
197 : }
198 44 : if (spdm_response->header.request_response_code == SPDM_ERROR) {
199 27 : status = libspdm_handle_error_response_main(
200 : spdm_context, session_id,
201 : &spdm_response_size,
202 : (void **)&spdm_response, SPDM_GET_ENDPOINT_INFO, SPDM_ENDPOINT_INFO);
203 27 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
204 26 : goto receive_done;
205 : }
206 17 : } else if (spdm_response->header.request_response_code != SPDM_ENDPOINT_INFO) {
207 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
208 1 : goto receive_done;
209 : }
210 17 : if (spdm_response->header.spdm_version != spdm_request->header.spdm_version) {
211 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
212 1 : goto receive_done;
213 : }
214 16 : if (spdm_response_size < sizeof(spdm_endpoint_info_response_t) + sizeof(uint32_t)) {
215 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
216 0 : goto receive_done;
217 : }
218 :
219 : /* -=[Process Response Phase]=- */
220 16 : if ((request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) != 0) {
221 12 : if ((spdm_response->header.param2 & SPDM_ENDPOINT_INFO_RESPONSE_SLOT_ID_MASK) != slot_id) {
222 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
223 1 : goto receive_done;
224 : }
225 :
226 : /* nonce and signature should present if signature is requested */
227 11 : if (spdm_response_size <
228 11 : sizeof(spdm_endpoint_info_response_t) + SPDM_NONCE_SIZE + signature_size) {
229 1 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
230 1 : goto receive_done;
231 : }
232 :
233 10 : ptr = (uint8_t *)(spdm_response + 1);
234 10 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ResponderNonce (0x%x) - ", SPDM_NONCE_SIZE));
235 10 : LIBSPDM_INTERNAL_DUMP_DATA(ptr, SPDM_NONCE_SIZE);
236 10 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
237 :
238 10 : if (responder_nonce != NULL) {
239 10 : libspdm_copy_mem(responder_nonce, SPDM_NONCE_SIZE,
240 : ptr, SPDM_NONCE_SIZE);
241 : }
242 :
243 10 : ptr += SPDM_NONCE_SIZE;
244 10 : ep_info_data_len = *(uint32_t *) ptr;
245 10 : if (spdm_response_size !=
246 : sizeof(spdm_endpoint_info_response_t) + SPDM_NONCE_SIZE +
247 10 : signature_size + ep_info_data_len + sizeof(uint32_t)) {
248 1 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
249 1 : goto receive_done;
250 : }
251 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ep_info_data_len - 0x%06x\n",
252 : ep_info_data_len));
253 9 : ptr += sizeof(uint32_t);
254 9 : ep_info_data = ptr;
255 :
256 9 : status = libspdm_append_message_e(spdm_context, session_info, spdm_request,
257 : spdm_request_size);
258 9 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
259 0 : goto receive_done;
260 : }
261 :
262 9 : status = libspdm_append_message_e(spdm_context, session_info, spdm_response,
263 : spdm_response_size - signature_size);
264 9 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
265 0 : goto receive_done;
266 : }
267 :
268 9 : ptr += ep_info_data_len;
269 9 : signature = ptr;
270 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "signature (0x%zx):\n", signature_size));
271 9 : LIBSPDM_INTERNAL_DUMP_HEX(signature, signature_size);
272 :
273 9 : result = libspdm_verify_endpoint_info_signature(
274 : spdm_context, session_info, true, signature, signature_size);
275 9 : if (!result) {
276 2 : status = LIBSPDM_STATUS_VERIF_FAIL;
277 2 : goto receive_done;
278 : }
279 :
280 7 : libspdm_reset_message_e(spdm_context, session_info);
281 : } else {
282 : /* responder's slot_id should be 0 */
283 4 : if ((spdm_response->header.param2 & SPDM_ENDPOINT_INFO_RESPONSE_SLOT_ID_MASK) != 0) {
284 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
285 1 : goto receive_done;
286 : }
287 :
288 : /* nonce and signature not present */
289 3 : ptr = (uint8_t *)(spdm_response + 1);
290 3 : ep_info_data_len = *(uint32_t *) ptr;
291 3 : if (spdm_response_size <
292 3 : sizeof(spdm_endpoint_info_response_t) + ep_info_data_len + sizeof(uint32_t)) {
293 2 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
294 2 : goto receive_done;
295 : }
296 :
297 1 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ep_info_data_len - 0x%06x\n",
298 : ep_info_data_len));
299 :
300 1 : ptr += sizeof(uint32_t);
301 1 : ep_info_data = ptr;
302 : }
303 :
304 :
305 8 : if (*ep_info_len < ep_info_data_len) {
306 1 : *ep_info_len = ep_info_data_len;
307 1 : status = LIBSPDM_STATUS_BUFFER_TOO_SMALL;
308 1 : goto receive_done;
309 : }
310 :
311 7 : *ep_info_len = ep_info_data_len;
312 7 : libspdm_copy_mem(ep_info, ep_info_data_len,
313 : ep_info_data, ep_info_data_len);
314 :
315 7 : status = LIBSPDM_STATUS_SUCCESS;
316 :
317 : /* -=[Log Message Phase]=- */
318 : #if LIBSPDM_ENABLE_MSG_LOG
319 7 : libspdm_append_msg_log(spdm_context, spdm_response, spdm_response_size);
320 : #endif /* LIBSPDM_ENABLE_MSG_LOG */
321 :
322 44 : receive_done:
323 44 : libspdm_release_receiver_buffer (spdm_context);
324 44 : return status;
325 : }
326 :
327 44 : libspdm_return_t libspdm_get_endpoint_info(void *spdm_context,
328 : const uint32_t *session_id,
329 : uint8_t request_attributes,
330 : uint8_t sub_code,
331 : uint8_t slot_id,
332 : uint32_t *ep_info_len,
333 : void *ep_info,
334 : const void *requester_nonce_in,
335 : void *requester_nonce,
336 : void *responder_nonce)
337 : {
338 : libspdm_context_t *context;
339 : size_t retry;
340 : uint64_t retry_delay_time;
341 : libspdm_return_t status;
342 :
343 44 : context = spdm_context;
344 44 : context->crypto_request = true;
345 44 : retry = context->retry_times;
346 44 : retry_delay_time = context->retry_delay_time;
347 : do {
348 48 : status = libspdm_try_get_endpoint_info(
349 : context, session_id, request_attributes, sub_code, slot_id,
350 : ep_info_len, ep_info, requester_nonce_in,
351 : requester_nonce, responder_nonce);
352 48 : if (status != LIBSPDM_STATUS_BUSY_PEER) {
353 43 : return status;
354 : }
355 :
356 5 : libspdm_sleep(retry_delay_time);
357 5 : } while (retry-- != 0);
358 :
359 1 : return status;
360 : }
361 :
362 : #endif /* LIBSPDM_SEND_GET_ENDPOINT_INFO_SUPPORT */
|
