Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_requester_lib.h"
8 :
9 : #if LIBSPDM_SEND_GET_ENDPOINT_INFO_SUPPORT
10 :
11 : /**
12 : * This function sends GET_ENDPOINT_INFO and receives ENDPOINT_INFO *
13 : *
14 : *
15 : * @param context A pointer to the SPDM context.
16 : * @param session_id Indicates if it is a secured message protected via SPDM session.
17 : * If session_id is NULL, it is a normal message.
18 : * If session_id is not NULL, it is a secured message.
19 : * @param request_attributes The request attribute of the request message.
20 : * @param sub_code The subcode of endpoint info.
21 : * @param slot_id The number of slot for the endpoint info.
22 : * @param ep_info_len On input, indicate the size in bytes of the destination buffer
23 : * to store the endpoint info record.
24 : * On output, indicate the size in bytes of the endpoint info record.
25 : * @param ep_info A pointer to a destination buffer to store the endpoint info record.
26 : * @param requester_nonce_in If not NULL, a buffer that holds the requester nonce (32 bytes)
27 : * @param requester_nonce If not NULL, a buffer to hold the requester nonce (32 bytes).
28 : * @param responder_nonce If not NULL, a buffer to hold the responder nonce (32 bytes).
29 : *
30 : **/
31 48 : static libspdm_return_t libspdm_try_get_endpoint_info(libspdm_context_t *spdm_context,
32 : const uint32_t *session_id,
33 : uint8_t request_attributes,
34 : uint8_t sub_code,
35 : uint8_t slot_id,
36 : uint32_t *ep_info_len,
37 : void *ep_info,
38 : const void *requester_nonce_in,
39 : void *requester_nonce,
40 : void *responder_nonce)
41 : {
42 : bool result;
43 : libspdm_return_t status;
44 : spdm_get_endpoint_info_request_t *spdm_request;
45 : size_t spdm_request_size;
46 : spdm_endpoint_info_response_t *spdm_response;
47 : size_t spdm_response_size;
48 :
49 : uint8_t *message;
50 : size_t message_size;
51 : size_t transport_header_size;
52 : libspdm_session_info_t *session_info;
53 : libspdm_session_state_t session_state;
54 : uint8_t *spdm_nonce;
55 : void *signature;
56 : size_t signature_size;
57 : uint32_t ep_info_data_len;
58 : uint8_t *ep_info_data;
59 : uint8_t *ptr;
60 :
61 : /* -=[Check Parameters Phase]=- */
62 48 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xF));
63 48 : LIBSPDM_ASSERT((slot_id != 0xF) ||
64 : (spdm_context->local_context.peer_public_key_provision_size != 0));
65 :
66 : /* -=[Verify State Phase]=- */
67 48 : if (libspdm_get_connection_version(spdm_context) < SPDM_MESSAGE_VERSION_13) {
68 1 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
69 : }
70 :
71 47 : if (!libspdm_is_capabilities_flag_supported(
72 : spdm_context, true, 0,
73 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP)) {
74 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
75 : }
76 :
77 47 : if (spdm_context->connection_info.connection_state < LIBSPDM_CONNECTION_STATE_NEGOTIATED) {
78 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
79 : }
80 :
81 47 : if (session_id == NULL) {
82 46 : session_info = NULL;
83 : } else {
84 1 : session_info = libspdm_get_session_info_via_session_id(spdm_context, *session_id);
85 1 : if (session_info == NULL) {
86 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
87 : }
88 1 : session_state = libspdm_secured_message_get_session_state(
89 : session_info->secured_message_context);
90 1 : if (session_state != LIBSPDM_SESSION_STATE_ESTABLISHED) {
91 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
92 : }
93 : }
94 :
95 47 : if (libspdm_is_capabilities_flag_supported(
96 : spdm_context, true, 0,
97 6 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP_NO_SIG) &&
98 6 : ((request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) !=
99 : 0)) {
100 1 : return LIBSPDM_STATUS_INVALID_PARAMETER;
101 : }
102 :
103 46 : if ((slot_id != 0) &&
104 3 : (request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) == 0) {
105 1 : return LIBSPDM_STATUS_INVALID_PARAMETER;
106 : }
107 :
108 45 : if ((request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) != 0) {
109 41 : signature_size = libspdm_get_asym_signature_size(
110 : spdm_context->connection_info.algorithm.base_asym_algo);
111 : } else {
112 4 : signature_size = 0;
113 : }
114 :
115 45 : libspdm_reset_message_buffer_via_request_code(spdm_context, session_info,
116 : SPDM_GET_ENDPOINT_INFO);
117 :
118 : /* -=[Construct Request Phase]=- */
119 45 : spdm_context->connection_info.peer_used_cert_chain_slot_id = slot_id;
120 45 : transport_header_size = spdm_context->local_context.capability.transport_header_size;
121 45 : status = libspdm_acquire_sender_buffer (spdm_context, &message_size, (void **)&message);
122 45 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
123 0 : return status;
124 : }
125 45 : LIBSPDM_ASSERT (message_size >= transport_header_size +
126 : spdm_context->local_context.capability.transport_tail_size);
127 45 : spdm_request = (void *)(message + transport_header_size);
128 45 : spdm_request_size = message_size - transport_header_size -
129 45 : spdm_context->local_context.capability.transport_tail_size;
130 :
131 45 : LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_get_endpoint_info_request_t));
132 45 : spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
133 45 : spdm_request->header.request_response_code = SPDM_GET_ENDPOINT_INFO;
134 45 : spdm_request->header.param1 = sub_code;
135 45 : spdm_request->header.param2 = slot_id;
136 45 : spdm_request->request_attributes = request_attributes;
137 45 : libspdm_write_uint24(spdm_request->reserved, 0);
138 :
139 45 : if ((request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) != 0) {
140 41 : spdm_request_size = sizeof(spdm_get_endpoint_info_request_t) + SPDM_NONCE_SIZE;
141 41 : spdm_nonce = (uint8_t *)(spdm_request + 1);
142 :
143 41 : if (requester_nonce_in == NULL) {
144 0 : if(!libspdm_get_random_number(SPDM_NONCE_SIZE, spdm_nonce)) {
145 0 : libspdm_release_sender_buffer (spdm_context);
146 0 : return LIBSPDM_STATUS_LOW_ENTROPY;
147 : }
148 : } else {
149 41 : libspdm_copy_mem(spdm_nonce, SPDM_NONCE_SIZE,
150 : requester_nonce_in, SPDM_NONCE_SIZE);
151 : }
152 41 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "RequesterNonce - "));
153 41 : LIBSPDM_INTERNAL_DUMP_DATA(spdm_nonce, SPDM_NONCE_SIZE);
154 41 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
155 :
156 41 : if (requester_nonce != NULL) {
157 41 : libspdm_copy_mem(requester_nonce, SPDM_NONCE_SIZE,
158 : spdm_nonce, SPDM_NONCE_SIZE);
159 : }
160 : } else {
161 4 : spdm_request_size = sizeof(spdm_get_endpoint_info_request_t);
162 : }
163 :
164 : /* -=[Send Request Phase]=- */
165 45 : status = libspdm_send_spdm_request(spdm_context, session_id, spdm_request_size, spdm_request);
166 45 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
167 1 : libspdm_release_sender_buffer (spdm_context);
168 1 : return status;
169 : }
170 44 : libspdm_release_sender_buffer (spdm_context);
171 44 : spdm_request = (void *)spdm_context->last_spdm_request;
172 :
173 : /* -=[Receive Response Phase]=- */
174 44 : status = libspdm_acquire_receiver_buffer (spdm_context, &message_size, (void **)&message);
175 44 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
176 0 : return status;
177 : }
178 44 : LIBSPDM_ASSERT (message_size >= transport_header_size);
179 44 : spdm_response = (void *)(message);
180 44 : spdm_response_size = message_size;
181 :
182 44 : status = libspdm_receive_spdm_response(
183 : spdm_context, session_id, &spdm_response_size, (void **)&spdm_response);
184 44 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
185 0 : goto receive_done;
186 : }
187 :
188 : /* -=[Validate Response Phase]=- */
189 44 : if (spdm_response_size < sizeof(spdm_message_header_t)) {
190 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
191 0 : goto receive_done;
192 : }
193 44 : if (spdm_response->header.spdm_version != spdm_request->header.spdm_version) {
194 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
195 1 : goto receive_done;
196 : }
197 43 : if (spdm_response->header.request_response_code == SPDM_ERROR) {
198 27 : status = libspdm_handle_error_response_main(
199 : spdm_context, session_id,
200 : &spdm_response_size,
201 : (void **)&spdm_response, SPDM_GET_ENDPOINT_INFO, SPDM_ENDPOINT_INFO);
202 27 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
203 26 : goto receive_done;
204 : }
205 16 : } else if (spdm_response->header.request_response_code != SPDM_ENDPOINT_INFO) {
206 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
207 1 : goto receive_done;
208 : }
209 16 : if (spdm_response_size < sizeof(spdm_endpoint_info_response_t) + sizeof(uint32_t)) {
210 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
211 0 : goto receive_done;
212 : }
213 :
214 : /* -=[Process Response Phase]=- */
215 16 : if ((request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) != 0) {
216 12 : if ((spdm_response->header.param2 & SPDM_ENDPOINT_INFO_RESPONSE_SLOT_ID_MASK) != slot_id) {
217 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
218 1 : goto receive_done;
219 : }
220 :
221 : /* nonce and signature should present if signature is requested */
222 11 : if (spdm_response_size <
223 11 : sizeof(spdm_endpoint_info_response_t) + SPDM_NONCE_SIZE + signature_size) {
224 1 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
225 1 : goto receive_done;
226 : }
227 :
228 10 : ptr = (uint8_t *)(spdm_response + 1);
229 10 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ResponderNonce (0x%x) - ", SPDM_NONCE_SIZE));
230 10 : LIBSPDM_INTERNAL_DUMP_DATA(ptr, SPDM_NONCE_SIZE);
231 10 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
232 :
233 10 : if (responder_nonce != NULL) {
234 10 : libspdm_copy_mem(responder_nonce, SPDM_NONCE_SIZE,
235 : ptr, SPDM_NONCE_SIZE);
236 : }
237 :
238 10 : ptr += SPDM_NONCE_SIZE;
239 10 : ep_info_data_len = *(uint32_t *) ptr;
240 10 : if (spdm_response_size !=
241 : sizeof(spdm_endpoint_info_response_t) + SPDM_NONCE_SIZE +
242 10 : signature_size + ep_info_data_len + sizeof(uint32_t)) {
243 1 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
244 1 : goto receive_done;
245 : }
246 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ep_info_data_len - 0x%06x\n",
247 : ep_info_data_len));
248 9 : ptr += sizeof(uint32_t);
249 9 : ep_info_data = ptr;
250 :
251 9 : status = libspdm_append_message_e(spdm_context, session_info, spdm_request,
252 : spdm_request_size);
253 9 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
254 0 : goto receive_done;
255 : }
256 :
257 9 : status = libspdm_append_message_e(spdm_context, session_info, spdm_response,
258 : spdm_response_size - signature_size);
259 9 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
260 0 : goto receive_done;
261 : }
262 :
263 9 : ptr += ep_info_data_len;
264 9 : signature = ptr;
265 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "signature (0x%zx):\n", signature_size));
266 9 : LIBSPDM_INTERNAL_DUMP_HEX(signature, signature_size);
267 :
268 9 : result = libspdm_verify_endpoint_info_signature(
269 : spdm_context, session_info, true, signature, signature_size);
270 9 : if (!result) {
271 2 : status = LIBSPDM_STATUS_VERIF_FAIL;
272 2 : goto receive_done;
273 : }
274 :
275 7 : libspdm_reset_message_e(spdm_context, session_info);
276 : } else {
277 : /* responder's slot_id should be 0 */
278 4 : if ((spdm_response->header.param2 & SPDM_ENDPOINT_INFO_RESPONSE_SLOT_ID_MASK) != 0) {
279 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
280 1 : goto receive_done;
281 : }
282 :
283 : /* nonce and signature not present */
284 3 : ptr = (uint8_t *)(spdm_response + 1);
285 3 : ep_info_data_len = *(uint32_t *) ptr;
286 3 : if (spdm_response_size <
287 3 : sizeof(spdm_endpoint_info_response_t) + ep_info_data_len + sizeof(uint32_t)) {
288 2 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
289 2 : goto receive_done;
290 : }
291 :
292 1 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ep_info_data_len - 0x%06x\n",
293 : ep_info_data_len));
294 :
295 1 : ptr += sizeof(uint32_t);
296 1 : ep_info_data = ptr;
297 : }
298 :
299 :
300 8 : if (*ep_info_len < ep_info_data_len) {
301 1 : *ep_info_len = ep_info_data_len;
302 1 : status = LIBSPDM_STATUS_BUFFER_TOO_SMALL;
303 1 : goto receive_done;
304 : }
305 :
306 7 : *ep_info_len = ep_info_data_len;
307 7 : libspdm_copy_mem(ep_info, ep_info_data_len,
308 : ep_info_data, ep_info_data_len);
309 :
310 7 : status = LIBSPDM_STATUS_SUCCESS;
311 :
312 : /* -=[Log Message Phase]=- */
313 : #if LIBSPDM_ENABLE_MSG_LOG
314 7 : libspdm_append_msg_log(spdm_context, spdm_response, spdm_response_size);
315 : #endif /* LIBSPDM_ENABLE_MSG_LOG */
316 :
317 44 : receive_done:
318 44 : libspdm_release_receiver_buffer (spdm_context);
319 44 : return status;
320 : }
321 :
322 44 : libspdm_return_t libspdm_get_endpoint_info(void *spdm_context,
323 : const uint32_t *session_id,
324 : uint8_t request_attributes,
325 : uint8_t sub_code,
326 : uint8_t slot_id,
327 : uint32_t *ep_info_len,
328 : void *ep_info,
329 : const void *requester_nonce_in,
330 : void *requester_nonce,
331 : void *responder_nonce)
332 : {
333 : libspdm_context_t *context;
334 : size_t retry;
335 : uint64_t retry_delay_time;
336 : libspdm_return_t status;
337 :
338 44 : context = spdm_context;
339 44 : context->crypto_request = true;
340 44 : retry = context->retry_times;
341 44 : retry_delay_time = context->retry_delay_time;
342 : do {
343 48 : status = libspdm_try_get_endpoint_info(
344 : context, session_id, request_attributes, sub_code, slot_id,
345 : ep_info_len, ep_info, requester_nonce_in,
346 : requester_nonce, responder_nonce);
347 48 : if (status != LIBSPDM_STATUS_BUSY_PEER) {
348 43 : return status;
349 : }
350 :
351 5 : libspdm_sleep(retry_delay_time);
352 5 : } while (retry-- != 0);
353 :
354 1 : return status;
355 : }
356 :
357 : #endif /* LIBSPDM_SEND_GET_ENDPOINT_INFO_SUPPORT */
|
