Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_requester_lib.h"
8 :
9 : #if LIBSPDM_SEND_GET_ENDPOINT_INFO_SUPPORT
10 :
11 : /**
12 : * This function sends GET_ENDPOINT_INFO and receives ENDPOINT_INFO *
13 : *
14 : *
15 : * @param context A pointer to the SPDM context.
16 : * @param session_id Indicates if it is a secured message protected via SPDM session.
17 : * If session_id is NULL, it is a normal message.
18 : * If session_id is not NULL, it is a secured message.
19 : * @param request_attributes The request attribute of the request message.
20 : * @param sub_code The subcode of endpoint info.
21 : * @param slot_id The number of slot for the endpoint info.
22 : * @param ep_info_len On input, indicate the size in bytes of the destination buffer
23 : * to store the endpoint info record.
24 : * On output, indicate the size in bytes of the endpoint info record.
25 : * @param ep_info A pointer to a destination buffer to store the endpoint info record.
26 : * @param requester_nonce_in If not NULL, a buffer that holds the requester nonce (32 bytes)
27 : * @param requester_nonce If not NULL, a buffer to hold the requester nonce (32 bytes).
28 : * @param responder_nonce If not NULL, a buffer to hold the responder nonce (32 bytes).
29 : *
30 : **/
31 48 : static libspdm_return_t libspdm_try_get_endpoint_info(libspdm_context_t *spdm_context,
32 : const uint32_t *session_id,
33 : uint8_t request_attributes,
34 : uint8_t sub_code,
35 : uint8_t slot_id,
36 : uint32_t *ep_info_len,
37 : void *ep_info,
38 : const void *requester_nonce_in,
39 : void *requester_nonce,
40 : void *responder_nonce)
41 : {
42 : bool result;
43 : libspdm_return_t status;
44 : spdm_get_endpoint_info_request_t *spdm_request;
45 : size_t spdm_request_size;
46 : spdm_endpoint_info_response_t *spdm_response;
47 : size_t spdm_response_size;
48 :
49 : uint8_t *message;
50 : size_t message_size;
51 : size_t transport_header_size;
52 : libspdm_session_info_t *session_info;
53 : libspdm_session_state_t session_state;
54 : uint8_t *spdm_nonce;
55 : void *signature;
56 : size_t signature_size;
57 : uint32_t ep_info_data_len;
58 : uint8_t *ep_info_data;
59 : uint8_t *ptr;
60 :
61 : /* -=[Check Parameters Phase]=- */
62 48 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xF));
63 48 : LIBSPDM_ASSERT((slot_id != 0xF) ||
64 : (spdm_context->local_context.peer_public_key_provision_size != 0));
65 :
66 : /* -=[Verify State Phase]=- */
67 48 : if (libspdm_get_connection_version(spdm_context) < SPDM_MESSAGE_VERSION_13) {
68 1 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
69 : }
70 :
71 47 : if (!libspdm_is_capabilities_flag_supported(
72 : spdm_context, true, 0,
73 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP)) {
74 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
75 : }
76 :
77 47 : if (spdm_context->connection_info.connection_state < LIBSPDM_CONNECTION_STATE_NEGOTIATED) {
78 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
79 : }
80 :
81 47 : if (session_id == NULL) {
82 46 : session_info = NULL;
83 : } else {
84 1 : session_info = libspdm_get_session_info_via_session_id(spdm_context, *session_id);
85 1 : if (session_info == NULL) {
86 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
87 : }
88 1 : session_state = libspdm_secured_message_get_session_state(
89 : session_info->secured_message_context);
90 1 : if (session_state != LIBSPDM_SESSION_STATE_ESTABLISHED) {
91 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
92 : }
93 : }
94 :
95 47 : if (libspdm_is_capabilities_flag_supported(
96 : spdm_context, true, 0,
97 6 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EP_INFO_CAP_NO_SIG) &&
98 6 : ((request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) !=
99 : 0)) {
100 1 : return LIBSPDM_STATUS_INVALID_PARAMETER;
101 : }
102 :
103 46 : if ((slot_id != 0) &&
104 3 : (request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) == 0) {
105 1 : return LIBSPDM_STATUS_INVALID_PARAMETER;
106 : }
107 :
108 45 : if ((request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) != 0) {
109 41 : if (spdm_context->connection_info.algorithm.pqc_asym_algo != 0) {
110 0 : signature_size = libspdm_get_pqc_asym_signature_size(
111 : spdm_context->connection_info.algorithm.pqc_asym_algo);
112 : } else {
113 41 : signature_size = libspdm_get_asym_signature_size(
114 : spdm_context->connection_info.algorithm.base_asym_algo);
115 : }
116 : } else {
117 4 : signature_size = 0;
118 : }
119 :
120 45 : libspdm_reset_message_buffer_via_request_code(spdm_context, session_info,
121 : SPDM_GET_ENDPOINT_INFO);
122 :
123 : /* -=[Construct Request Phase]=- */
124 45 : transport_header_size = spdm_context->local_context.capability.transport_header_size;
125 45 : status = libspdm_acquire_sender_buffer (spdm_context, &message_size, (void **)&message);
126 45 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
127 0 : return status;
128 : }
129 45 : LIBSPDM_ASSERT (message_size >= transport_header_size +
130 : spdm_context->local_context.capability.transport_tail_size);
131 45 : spdm_request = (void *)(message + transport_header_size);
132 45 : spdm_request_size = message_size - transport_header_size -
133 45 : spdm_context->local_context.capability.transport_tail_size;
134 :
135 45 : LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_get_endpoint_info_request_t));
136 45 : spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
137 45 : spdm_request->header.request_response_code = SPDM_GET_ENDPOINT_INFO;
138 45 : spdm_request->header.param1 = sub_code;
139 45 : spdm_request->header.param2 = slot_id;
140 45 : spdm_request->request_attributes = request_attributes;
141 45 : libspdm_write_uint24(spdm_request->reserved, 0);
142 :
143 45 : if ((request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) != 0) {
144 41 : spdm_request_size = sizeof(spdm_get_endpoint_info_request_t) + SPDM_NONCE_SIZE;
145 41 : spdm_nonce = (uint8_t *)(spdm_request + 1);
146 :
147 41 : if (requester_nonce_in == NULL) {
148 0 : if (!libspdm_get_random_number(SPDM_NONCE_SIZE, spdm_nonce)) {
149 0 : libspdm_release_sender_buffer (spdm_context);
150 0 : return LIBSPDM_STATUS_LOW_ENTROPY;
151 : }
152 : } else {
153 41 : libspdm_copy_mem(spdm_nonce, SPDM_NONCE_SIZE,
154 : requester_nonce_in, SPDM_NONCE_SIZE);
155 : }
156 41 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "RequesterNonce - "));
157 41 : LIBSPDM_INTERNAL_DUMP_DATA(spdm_nonce, SPDM_NONCE_SIZE);
158 41 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
159 :
160 41 : if (requester_nonce != NULL) {
161 41 : libspdm_copy_mem(requester_nonce, SPDM_NONCE_SIZE,
162 : spdm_nonce, SPDM_NONCE_SIZE);
163 : }
164 : } else {
165 4 : spdm_request_size = sizeof(spdm_get_endpoint_info_request_t);
166 : }
167 :
168 : /* -=[Send Request Phase]=- */
169 45 : status = libspdm_send_spdm_request(spdm_context, session_id, spdm_request_size, spdm_request);
170 45 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
171 1 : libspdm_release_sender_buffer (spdm_context);
172 1 : return status;
173 : }
174 44 : libspdm_release_sender_buffer (spdm_context);
175 44 : spdm_request = (void *)spdm_context->last_spdm_request;
176 :
177 : /* -=[Receive Response Phase]=- */
178 44 : status = libspdm_acquire_receiver_buffer (spdm_context, &message_size, (void **)&message);
179 44 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
180 0 : return status;
181 : }
182 44 : LIBSPDM_ASSERT (message_size >= transport_header_size);
183 44 : spdm_response = (void *)(message);
184 44 : spdm_response_size = message_size;
185 :
186 44 : status = libspdm_receive_spdm_response(
187 : spdm_context, session_id, &spdm_response_size, (void **)&spdm_response);
188 44 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
189 0 : goto receive_done;
190 : }
191 :
192 : /* -=[Validate Response Phase]=- */
193 44 : if (spdm_response_size < sizeof(spdm_message_header_t)) {
194 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
195 0 : goto receive_done;
196 : }
197 44 : if (spdm_response->header.request_response_code == SPDM_ERROR) {
198 27 : status = libspdm_handle_error_response_main(
199 : spdm_context, session_id,
200 : &spdm_response_size,
201 : (void **)&spdm_response, SPDM_GET_ENDPOINT_INFO, SPDM_ENDPOINT_INFO);
202 27 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
203 26 : goto receive_done;
204 : }
205 17 : } else if (spdm_response->header.request_response_code != SPDM_ENDPOINT_INFO) {
206 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
207 1 : goto receive_done;
208 : }
209 17 : if (spdm_response->header.spdm_version != spdm_request->header.spdm_version) {
210 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
211 1 : goto receive_done;
212 : }
213 16 : if (spdm_response_size < sizeof(spdm_endpoint_info_response_t) + sizeof(uint32_t)) {
214 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
215 0 : goto receive_done;
216 : }
217 :
218 : /* -=[Process Response Phase]=- */
219 16 : if ((request_attributes & SPDM_GET_ENDPOINT_INFO_REQUEST_ATTRIBUTE_SIGNATURE_REQUESTED) != 0) {
220 12 : if ((spdm_response->header.param2 & SPDM_ENDPOINT_INFO_RESPONSE_SLOT_ID_MASK) != slot_id) {
221 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
222 1 : goto receive_done;
223 : }
224 :
225 : /* nonce and signature should present if signature is requested */
226 11 : if (spdm_response_size <
227 11 : sizeof(spdm_endpoint_info_response_t) + SPDM_NONCE_SIZE + signature_size) {
228 1 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
229 1 : goto receive_done;
230 : }
231 :
232 10 : ptr = (uint8_t *)(spdm_response + 1);
233 10 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ResponderNonce (0x%x) - ", SPDM_NONCE_SIZE));
234 10 : LIBSPDM_INTERNAL_DUMP_DATA(ptr, SPDM_NONCE_SIZE);
235 10 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
236 :
237 10 : if (responder_nonce != NULL) {
238 10 : libspdm_copy_mem(responder_nonce, SPDM_NONCE_SIZE,
239 : ptr, SPDM_NONCE_SIZE);
240 : }
241 :
242 10 : ptr += SPDM_NONCE_SIZE;
243 10 : ep_info_data_len = *(uint32_t *) ptr;
244 10 : if (spdm_response_size !=
245 : sizeof(spdm_endpoint_info_response_t) + SPDM_NONCE_SIZE +
246 10 : signature_size + ep_info_data_len + sizeof(uint32_t)) {
247 1 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
248 1 : goto receive_done;
249 : }
250 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ep_info_data_len - 0x%06x\n",
251 : ep_info_data_len));
252 9 : ptr += sizeof(uint32_t);
253 9 : ep_info_data = ptr;
254 :
255 9 : status = libspdm_append_message_e(spdm_context, session_info, spdm_request,
256 : spdm_request_size);
257 9 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
258 0 : goto receive_done;
259 : }
260 :
261 9 : status = libspdm_append_message_e(spdm_context, session_info, spdm_response,
262 : spdm_response_size - signature_size);
263 9 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
264 0 : goto receive_done;
265 : }
266 :
267 9 : ptr += ep_info_data_len;
268 9 : signature = ptr;
269 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "signature (0x%zx):\n", signature_size));
270 9 : LIBSPDM_INTERNAL_DUMP_HEX(signature, signature_size);
271 :
272 9 : result = libspdm_verify_endpoint_info_signature(
273 : spdm_context, session_info, true, slot_id, signature, signature_size);
274 9 : if (!result) {
275 2 : status = LIBSPDM_STATUS_VERIF_FAIL;
276 2 : goto receive_done;
277 : }
278 :
279 7 : libspdm_reset_message_e(spdm_context, session_info);
280 : } else {
281 : /* responder's slot_id should be 0 */
282 4 : if ((spdm_response->header.param2 & SPDM_ENDPOINT_INFO_RESPONSE_SLOT_ID_MASK) != 0) {
283 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
284 1 : goto receive_done;
285 : }
286 :
287 : /* nonce and signature not present */
288 3 : ptr = (uint8_t *)(spdm_response + 1);
289 3 : ep_info_data_len = *(uint32_t *) ptr;
290 3 : if (spdm_response_size <
291 3 : sizeof(spdm_endpoint_info_response_t) + ep_info_data_len + sizeof(uint32_t)) {
292 2 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
293 2 : goto receive_done;
294 : }
295 :
296 1 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ep_info_data_len - 0x%06x\n",
297 : ep_info_data_len));
298 :
299 1 : ptr += sizeof(uint32_t);
300 1 : ep_info_data = ptr;
301 : }
302 :
303 :
304 8 : if (*ep_info_len < ep_info_data_len) {
305 1 : *ep_info_len = ep_info_data_len;
306 1 : status = LIBSPDM_STATUS_BUFFER_TOO_SMALL;
307 1 : goto receive_done;
308 : }
309 :
310 7 : *ep_info_len = ep_info_data_len;
311 7 : libspdm_copy_mem(ep_info, ep_info_data_len,
312 : ep_info_data, ep_info_data_len);
313 :
314 7 : status = LIBSPDM_STATUS_SUCCESS;
315 :
316 : /* -=[Log Message Phase]=- */
317 : #if LIBSPDM_ENABLE_MSG_LOG
318 7 : libspdm_append_msg_log(spdm_context, spdm_response, spdm_response_size);
319 : #endif /* LIBSPDM_ENABLE_MSG_LOG */
320 :
321 44 : receive_done:
322 44 : libspdm_release_receiver_buffer (spdm_context);
323 44 : return status;
324 : }
325 :
326 44 : libspdm_return_t libspdm_get_endpoint_info(void *spdm_context,
327 : const uint32_t *session_id,
328 : uint8_t request_attributes,
329 : uint8_t sub_code,
330 : uint8_t slot_id,
331 : uint32_t *ep_info_len,
332 : void *ep_info,
333 : const void *requester_nonce_in,
334 : void *requester_nonce,
335 : void *responder_nonce)
336 : {
337 : libspdm_context_t *context;
338 : size_t retry;
339 : uint64_t retry_delay_time;
340 : libspdm_return_t status;
341 :
342 44 : context = spdm_context;
343 44 : context->crypto_request = true;
344 44 : retry = context->retry_times;
345 44 : retry_delay_time = context->retry_delay_time;
346 : do {
347 48 : status = libspdm_try_get_endpoint_info(
348 : context, session_id, request_attributes, sub_code, slot_id,
349 : ep_info_len, ep_info, requester_nonce_in,
350 : requester_nonce, responder_nonce);
351 48 : if (status != LIBSPDM_STATUS_BUSY_PEER) {
352 43 : return status;
353 : }
354 :
355 5 : libspdm_sleep(retry_delay_time);
356 5 : } while (retry-- != 0);
357 :
358 1 : return status;
359 : }
360 :
361 : #endif /* LIBSPDM_SEND_GET_ENDPOINT_INFO_SUPPORT */
|
