Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_requester_lib.h"
8 :
9 : #if LIBSPDM_SEND_GET_ENDPOINT_INFO_SUPPORT
10 :
11 : /**
12 : * This function sends GET_ENDPOINT_INFO and receives ENDPOINT_INFO *
13 : *
14 : *
15 : * @param context A pointer to the SPDM context.
16 : * @param session_id Indicates if it is a secured message protected via SPDM session.
17 : * If session_id is NULL, it is a normal message.
18 : * If session_id is not NULL, it is a secured message.
19 : * @param request_attributes The request attribute of the request message.
20 : * @param sub_code The subcode of endpoint info.
21 : * @param slot_id The number of slot for the endpoint info.
22 : * @param ep_info_len On input, indicate the size in bytes of the destination buffer
23 : * to store the endpoint info record.
24 : * On output, indicate the size in bytes of the endpoint info record.
25 : * @param ep_info A pointer to a destination buffer to store the endpoint info record.
26 : * @param requester_nonce_in If not NULL, a buffer that holds the requester nonce (32 bytes)
27 : * @param requester_nonce If not NULL, a buffer to hold the requester nonce (32 bytes).
28 : * @param responder_nonce If not NULL, a buffer to hold the responder nonce (32 bytes).
29 : *
30 : **/
31 48 : static libspdm_return_t libspdm_try_get_endpoint_info(libspdm_context_t *spdm_context,
32 : const uint32_t *session_id,
33 : uint8_t request_attributes,
34 : uint8_t sub_code,
35 : uint8_t slot_id,
36 : uint32_t *ep_info_len,
37 : void *ep_info,
38 : const void *requester_nonce_in,
39 : void *requester_nonce,
40 : void *responder_nonce)
41 : {
42 : bool result;
43 : libspdm_return_t status;
44 : spdm_get_endpoint_info_request_t *spdm_request;
45 : size_t spdm_request_size;
46 : spdm_endpoint_info_response_t *spdm_response;
47 : size_t spdm_response_size;
48 :
49 : uint8_t *message;
50 : size_t message_size;
51 : size_t transport_header_size;
52 : libspdm_session_info_t *session_info;
53 : libspdm_session_state_t session_state;
54 : uint8_t *spdm_nonce;
55 : void *signature;
56 : size_t signature_size;
57 : uint32_t ep_info_data_len;
58 : uint8_t *ep_info_data;
59 : uint8_t *ptr;
60 :
61 : /* -=[Check Parameters Phase]=- */
62 48 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xF));
63 48 : LIBSPDM_ASSERT((slot_id != 0xF) ||
64 : (spdm_context->local_context.peer_public_key_provision_size != 0));
65 :
66 : /* -=[Verify State Phase]=- */
67 48 : if (libspdm_get_connection_version(spdm_context) < SPDM_MESSAGE_VERSION_13) {
68 1 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
69 : }
70 :
71 47 : if (!libspdm_is_capabilities_flag_supported(
72 : spdm_context, true, 0,
73 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP)) {
74 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
75 : }
76 :
77 47 : if (spdm_context->connection_info.connection_state < LIBSPDM_CONNECTION_STATE_NEGOTIATED) {
78 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
79 : }
80 :
81 47 : if (session_id == NULL) {
82 46 : session_info = NULL;
83 : } else {
84 1 : session_info = libspdm_get_session_info_via_session_id(spdm_context, *session_id);
85 1 : if (session_info == NULL) {
86 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
87 : }
88 1 : session_state = libspdm_secured_message_get_session_state(
89 : session_info->secured_message_context);
90 1 : if (session_state != LIBSPDM_SESSION_STATE_ESTABLISHED) {
91 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
92 : }
93 : }
94 :
95 47 : if (libspdm_is_capabilities_flag_supported(
96 : spdm_context, true, 0,
97 6 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP_NO_SIG) &&
98 6 : ((request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) !=
99 : 0)) {
100 1 : return LIBSPDM_STATUS_INVALID_PARAMETER;
101 : }
102 :
103 46 : if ((slot_id != 0) &&
104 3 : (request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) == 0) {
105 1 : return LIBSPDM_STATUS_INVALID_PARAMETER;
106 : }
107 :
108 45 : if ((request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) != 0) {
109 41 : if (spdm_context->connection_info.algorithm.base_asym_algo != 0) {
110 41 : signature_size = libspdm_get_asym_signature_size(
111 : spdm_context->connection_info.algorithm.base_asym_algo);
112 : }
113 41 : if (spdm_context->connection_info.algorithm.pqc_asym_algo != 0) {
114 0 : signature_size = libspdm_get_pqc_asym_signature_size(
115 : spdm_context->connection_info.algorithm.pqc_asym_algo);
116 : }
117 : } else {
118 4 : signature_size = 0;
119 : }
120 :
121 45 : libspdm_reset_message_buffer_via_request_code(spdm_context, session_info,
122 : SPDM_GET_ENDPOINT_INFO);
123 :
124 : /* -=[Construct Request Phase]=- */
125 45 : spdm_context->connection_info.peer_used_cert_chain_slot_id = slot_id;
126 45 : transport_header_size = spdm_context->local_context.capability.transport_header_size;
127 45 : status = libspdm_acquire_sender_buffer (spdm_context, &message_size, (void **)&message);
128 45 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
129 0 : return status;
130 : }
131 45 : LIBSPDM_ASSERT (message_size >= transport_header_size +
132 : spdm_context->local_context.capability.transport_tail_size);
133 45 : spdm_request = (void *)(message + transport_header_size);
134 45 : spdm_request_size = message_size - transport_header_size -
135 45 : spdm_context->local_context.capability.transport_tail_size;
136 :
137 45 : LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_get_endpoint_info_request_t));
138 45 : spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
139 45 : spdm_request->header.request_response_code = SPDM_GET_ENDPOINT_INFO;
140 45 : spdm_request->header.param1 = sub_code;
141 45 : spdm_request->header.param2 = slot_id;
142 45 : spdm_request->request_attributes = request_attributes;
143 45 : libspdm_write_uint24(spdm_request->reserved, 0);
144 :
145 45 : if ((request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) != 0) {
146 41 : spdm_request_size = sizeof(spdm_get_endpoint_info_request_t) + SPDM_NONCE_SIZE;
147 41 : spdm_nonce = (uint8_t *)(spdm_request + 1);
148 :
149 41 : if (requester_nonce_in == NULL) {
150 0 : if (!libspdm_get_random_number(SPDM_NONCE_SIZE, spdm_nonce)) {
151 0 : libspdm_release_sender_buffer (spdm_context);
152 0 : return LIBSPDM_STATUS_LOW_ENTROPY;
153 : }
154 : } else {
155 41 : libspdm_copy_mem(spdm_nonce, SPDM_NONCE_SIZE,
156 : requester_nonce_in, SPDM_NONCE_SIZE);
157 : }
158 41 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "RequesterNonce - "));
159 41 : LIBSPDM_INTERNAL_DUMP_DATA(spdm_nonce, SPDM_NONCE_SIZE);
160 41 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
161 :
162 41 : if (requester_nonce != NULL) {
163 41 : libspdm_copy_mem(requester_nonce, SPDM_NONCE_SIZE,
164 : spdm_nonce, SPDM_NONCE_SIZE);
165 : }
166 : } else {
167 4 : spdm_request_size = sizeof(spdm_get_endpoint_info_request_t);
168 : }
169 :
170 : /* -=[Send Request Phase]=- */
171 45 : status = libspdm_send_spdm_request(spdm_context, session_id, spdm_request_size, spdm_request);
172 45 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
173 1 : libspdm_release_sender_buffer (spdm_context);
174 1 : return status;
175 : }
176 44 : libspdm_release_sender_buffer (spdm_context);
177 44 : spdm_request = (void *)spdm_context->last_spdm_request;
178 :
179 : /* -=[Receive Response Phase]=- */
180 44 : status = libspdm_acquire_receiver_buffer (spdm_context, &message_size, (void **)&message);
181 44 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
182 0 : return status;
183 : }
184 44 : LIBSPDM_ASSERT (message_size >= transport_header_size);
185 44 : spdm_response = (void *)(message);
186 44 : spdm_response_size = message_size;
187 :
188 44 : status = libspdm_receive_spdm_response(
189 : spdm_context, session_id, &spdm_response_size, (void **)&spdm_response);
190 44 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
191 0 : goto receive_done;
192 : }
193 :
194 : /* -=[Validate Response Phase]=- */
195 44 : if (spdm_response_size < sizeof(spdm_message_header_t)) {
196 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
197 0 : goto receive_done;
198 : }
199 44 : if (spdm_response->header.request_response_code == SPDM_ERROR) {
200 27 : status = libspdm_handle_error_response_main(
201 : spdm_context, session_id,
202 : &spdm_response_size,
203 : (void **)&spdm_response, SPDM_GET_ENDPOINT_INFO, SPDM_ENDPOINT_INFO);
204 27 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
205 26 : goto receive_done;
206 : }
207 17 : } else if (spdm_response->header.request_response_code != SPDM_ENDPOINT_INFO) {
208 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
209 1 : goto receive_done;
210 : }
211 17 : if (spdm_response->header.spdm_version != spdm_request->header.spdm_version) {
212 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
213 1 : goto receive_done;
214 : }
215 16 : if (spdm_response_size < sizeof(spdm_endpoint_info_response_t) + sizeof(uint32_t)) {
216 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
217 0 : goto receive_done;
218 : }
219 :
220 : /* -=[Process Response Phase]=- */
221 16 : if ((request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) != 0) {
222 12 : if ((spdm_response->header.param2 & SPDM_ENDPOINT_INFO_RESPONSE_SLOT_ID_MASK) != slot_id) {
223 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
224 1 : goto receive_done;
225 : }
226 :
227 : /* nonce and signature should present if signature is requested */
228 11 : if (spdm_response_size <
229 11 : sizeof(spdm_endpoint_info_response_t) + SPDM_NONCE_SIZE + signature_size) {
230 1 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
231 1 : goto receive_done;
232 : }
233 :
234 10 : ptr = (uint8_t *)(spdm_response + 1);
235 10 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ResponderNonce (0x%x) - ", SPDM_NONCE_SIZE));
236 10 : LIBSPDM_INTERNAL_DUMP_DATA(ptr, SPDM_NONCE_SIZE);
237 10 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
238 :
239 10 : if (responder_nonce != NULL) {
240 10 : libspdm_copy_mem(responder_nonce, SPDM_NONCE_SIZE,
241 : ptr, SPDM_NONCE_SIZE);
242 : }
243 :
244 10 : ptr += SPDM_NONCE_SIZE;
245 10 : ep_info_data_len = *(uint32_t *) ptr;
246 10 : if (spdm_response_size !=
247 : sizeof(spdm_endpoint_info_response_t) + SPDM_NONCE_SIZE +
248 10 : signature_size + ep_info_data_len + sizeof(uint32_t)) {
249 1 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
250 1 : goto receive_done;
251 : }
252 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ep_info_data_len - 0x%06x\n",
253 : ep_info_data_len));
254 9 : ptr += sizeof(uint32_t);
255 9 : ep_info_data = ptr;
256 :
257 9 : status = libspdm_append_message_e(spdm_context, session_info, spdm_request,
258 : spdm_request_size);
259 9 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
260 0 : goto receive_done;
261 : }
262 :
263 9 : status = libspdm_append_message_e(spdm_context, session_info, spdm_response,
264 : spdm_response_size - signature_size);
265 9 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
266 0 : goto receive_done;
267 : }
268 :
269 9 : ptr += ep_info_data_len;
270 9 : signature = ptr;
271 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "signature (0x%zx):\n", signature_size));
272 9 : LIBSPDM_INTERNAL_DUMP_HEX(signature, signature_size);
273 :
274 9 : result = libspdm_verify_endpoint_info_signature(
275 : spdm_context, session_info, true, signature, signature_size);
276 9 : if (!result) {
277 2 : status = LIBSPDM_STATUS_VERIF_FAIL;
278 2 : goto receive_done;
279 : }
280 :
281 7 : libspdm_reset_message_e(spdm_context, session_info);
282 : } else {
283 : /* responder's slot_id should be 0 */
284 4 : if ((spdm_response->header.param2 & SPDM_ENDPOINT_INFO_RESPONSE_SLOT_ID_MASK) != 0) {
285 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
286 1 : goto receive_done;
287 : }
288 :
289 : /* nonce and signature not present */
290 3 : ptr = (uint8_t *)(spdm_response + 1);
291 3 : ep_info_data_len = *(uint32_t *) ptr;
292 3 : if (spdm_response_size <
293 3 : sizeof(spdm_endpoint_info_response_t) + ep_info_data_len + sizeof(uint32_t)) {
294 2 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
295 2 : goto receive_done;
296 : }
297 :
298 1 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ep_info_data_len - 0x%06x\n",
299 : ep_info_data_len));
300 :
301 1 : ptr += sizeof(uint32_t);
302 1 : ep_info_data = ptr;
303 : }
304 :
305 :
306 8 : if (*ep_info_len < ep_info_data_len) {
307 1 : *ep_info_len = ep_info_data_len;
308 1 : status = LIBSPDM_STATUS_BUFFER_TOO_SMALL;
309 1 : goto receive_done;
310 : }
311 :
312 7 : *ep_info_len = ep_info_data_len;
313 7 : libspdm_copy_mem(ep_info, ep_info_data_len,
314 : ep_info_data, ep_info_data_len);
315 :
316 7 : status = LIBSPDM_STATUS_SUCCESS;
317 :
318 : /* -=[Log Message Phase]=- */
319 : #if LIBSPDM_ENABLE_MSG_LOG
320 7 : libspdm_append_msg_log(spdm_context, spdm_response, spdm_response_size);
321 : #endif /* LIBSPDM_ENABLE_MSG_LOG */
322 :
323 44 : receive_done:
324 44 : libspdm_release_receiver_buffer (spdm_context);
325 44 : return status;
326 : }
327 :
328 44 : libspdm_return_t libspdm_get_endpoint_info(void *spdm_context,
329 : const uint32_t *session_id,
330 : uint8_t request_attributes,
331 : uint8_t sub_code,
332 : uint8_t slot_id,
333 : uint32_t *ep_info_len,
334 : void *ep_info,
335 : const void *requester_nonce_in,
336 : void *requester_nonce,
337 : void *responder_nonce)
338 : {
339 : libspdm_context_t *context;
340 : size_t retry;
341 : uint64_t retry_delay_time;
342 : libspdm_return_t status;
343 :
344 44 : context = spdm_context;
345 44 : context->crypto_request = true;
346 44 : retry = context->retry_times;
347 44 : retry_delay_time = context->retry_delay_time;
348 : do {
349 48 : status = libspdm_try_get_endpoint_info(
350 : context, session_id, request_attributes, sub_code, slot_id,
351 : ep_info_len, ep_info, requester_nonce_in,
352 : requester_nonce, responder_nonce);
353 48 : if (status != LIBSPDM_STATUS_BUSY_PEER) {
354 43 : return status;
355 : }
356 :
357 5 : libspdm_sleep(retry_delay_time);
358 5 : } while (retry-- != 0);
359 :
360 1 : return status;
361 : }
362 :
363 : #endif /* LIBSPDM_SEND_GET_ENDPOINT_INFO_SUPPORT */
|
