Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2024-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_requester_lib.h"
8 :
9 : #if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
10 :
11 : typedef struct {
12 : spdm_message_header_t header;
13 : uint8_t total_key_pairs;
14 : uint8_t key_pair_id;
15 : uint16_t capabilities;
16 : uint16_t key_usage_capabilities;
17 : uint16_t current_key_usage;
18 : uint32_t asym_algo_capabilities;
19 : uint32_t current_asym_algo;
20 : uint16_t public_key_info_len;
21 : uint8_t assoc_cert_slot_mask;
22 : uint8_t public_key_info[SPDM_MAX_PUBLIC_KEY_INFO_LEN];
23 : uint8_t pqc_asym_algo_cap_len;
24 : uint32_t pqc_asym_algo_capabilities;
25 : uint8_t current_pqc_asym_algo_len;
26 : uint32_t current_pqc_asym_algo;
27 : } libspdm_key_pair_info_response_max_t;
28 :
29 : /**
30 : * This function sends GET_KEY_PAIR_INFO and receives KEY_PAIR_INFO *
31 : *
32 : * @param context A pointer to the SPDM context.
33 : *
34 : **/
35 17 : static libspdm_return_t libspdm_try_get_key_pair_info(libspdm_context_t *spdm_context,
36 : const uint32_t *session_id,
37 : uint8_t key_pair_id,
38 : uint8_t *total_key_pairs,
39 : uint16_t *capabilities,
40 : uint16_t *key_usage_capabilities,
41 : uint16_t *current_key_usage,
42 : uint32_t *asym_algo_capabilities,
43 : uint32_t *current_asym_algo,
44 : uint32_t *pqc_asym_algo_capabilities,
45 : uint32_t *current_pqc_asym_algo,
46 : uint8_t *assoc_cert_slot_mask,
47 : uint16_t *public_key_info_len,
48 : void *public_key_info
49 : )
50 : {
51 : libspdm_return_t status;
52 : spdm_get_key_pair_info_request_t *spdm_request;
53 : size_t spdm_request_size;
54 : libspdm_key_pair_info_response_max_t *spdm_response;
55 : size_t spdm_response_size;
56 : uint8_t *message;
57 : size_t message_size;
58 : size_t transport_header_size;
59 : libspdm_session_info_t *session_info;
60 : libspdm_session_state_t session_state;
61 : uint8_t pqc_asym_algo_cap_len;
62 : uint8_t current_pqc_asym_algo_len;
63 : uint8_t *ptr;
64 : uint32_t rsp_pqc_asym_algo_capabilities;
65 : uint32_t rsp_current_pqc_asym_algo;
66 :
67 : /* -=[Check Parameters Phase]=- */
68 17 : if (libspdm_get_connection_version(spdm_context) < SPDM_MESSAGE_VERSION_13) {
69 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
70 : }
71 :
72 17 : if (key_pair_id == 0) {
73 0 : return LIBSPDM_STATUS_INVALID_PARAMETER;
74 : }
75 :
76 : /* -=[Verify State Phase]=- */
77 17 : if (!libspdm_is_capabilities_flag_supported(
78 : spdm_context, true, 0,
79 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_GET_KEY_PAIR_INFO_CAP)) {
80 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
81 : }
82 17 : if (spdm_context->connection_info.connection_state < LIBSPDM_CONNECTION_STATE_NEGOTIATED) {
83 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
84 : }
85 :
86 17 : session_info = NULL;
87 17 : if (session_id != NULL) {
88 0 : session_info = libspdm_get_session_info_via_session_id(spdm_context, *session_id);
89 0 : if (session_info == NULL) {
90 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
91 : }
92 0 : session_state = libspdm_secured_message_get_session_state(
93 : session_info->secured_message_context);
94 0 : if (session_state != LIBSPDM_SESSION_STATE_ESTABLISHED) {
95 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
96 : }
97 : }
98 :
99 : /* -=[Construct Request Phase]=- */
100 17 : transport_header_size = spdm_context->local_context.capability.transport_header_size;
101 17 : status = libspdm_acquire_sender_buffer (spdm_context, &message_size, (void **)&message);
102 17 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
103 0 : return status;
104 : }
105 17 : LIBSPDM_ASSERT (message_size >= transport_header_size +
106 : spdm_context->local_context.capability.transport_tail_size);
107 17 : spdm_request = (void *)(message + transport_header_size);
108 17 : spdm_request_size = message_size - transport_header_size -
109 17 : spdm_context->local_context.capability.transport_tail_size;
110 :
111 17 : LIBSPDM_ASSERT(spdm_request_size >= sizeof(spdm_get_key_pair_info_request_t));
112 17 : spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
113 17 : spdm_request->header.request_response_code = SPDM_GET_KEY_PAIR_INFO;
114 17 : spdm_request->header.param1 = 0;
115 17 : spdm_request->header.param2 = 0;
116 17 : spdm_request->key_pair_id = key_pair_id;
117 17 : spdm_request_size = sizeof(spdm_get_key_pair_info_request_t);
118 :
119 : /* -=[Send Request Phase]=- */
120 17 : status = libspdm_send_spdm_request(spdm_context, session_id, spdm_request_size, spdm_request);
121 17 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
122 1 : libspdm_release_sender_buffer (spdm_context);
123 1 : return status;
124 : }
125 16 : libspdm_release_sender_buffer (spdm_context);
126 16 : spdm_request = (void *)spdm_context->last_spdm_request;
127 :
128 : /* -=[Receive Response Phase]=- */
129 16 : status = libspdm_acquire_receiver_buffer (spdm_context, &message_size, (void **)&message);
130 16 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
131 0 : return status;
132 : }
133 16 : LIBSPDM_ASSERT (message_size >= transport_header_size);
134 16 : spdm_response = (void *)(message);
135 16 : spdm_response_size = message_size;
136 :
137 16 : status = libspdm_receive_spdm_response(
138 : spdm_context, session_id, &spdm_response_size, (void **)&spdm_response);
139 16 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
140 0 : goto receive_done;
141 : }
142 :
143 : /* -=[Validate Response Phase]=- */
144 16 : if (spdm_response_size < sizeof(spdm_message_header_t)) {
145 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
146 0 : goto receive_done;
147 : }
148 16 : if (spdm_response->header.request_response_code == SPDM_ERROR) {
149 0 : status = libspdm_handle_error_response_main(
150 : spdm_context, session_id,
151 : &spdm_response_size,
152 : (void **)&spdm_response, SPDM_GET_KEY_PAIR_INFO, SPDM_KEY_PAIR_INFO);
153 0 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
154 0 : goto receive_done;
155 : }
156 16 : } else if (spdm_response->header.request_response_code != SPDM_KEY_PAIR_INFO) {
157 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
158 0 : goto receive_done;
159 : }
160 16 : if (spdm_response->header.spdm_version != spdm_request->header.spdm_version) {
161 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
162 0 : goto receive_done;
163 : }
164 :
165 16 : if ((spdm_response->key_pair_id != key_pair_id) ||
166 15 : (spdm_response->key_pair_id > (spdm_response->total_key_pairs))) {
167 2 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
168 2 : goto receive_done;
169 : }
170 :
171 14 : if (spdm_response_size < sizeof(spdm_key_pair_info_response_t)) {
172 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
173 0 : goto receive_done;
174 : }
175 :
176 14 : if (spdm_response_size < sizeof(spdm_key_pair_info_response_t) +
177 14 : spdm_response->public_key_info_len) {
178 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
179 0 : goto receive_done;
180 : }
181 :
182 14 : rsp_pqc_asym_algo_capabilities = 0;
183 14 : rsp_current_pqc_asym_algo = 0;
184 14 : if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_14) {
185 0 : if (spdm_response_size < sizeof(spdm_key_pair_info_response_t) +
186 0 : spdm_response->public_key_info_len + sizeof(uint8_t)) {
187 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
188 0 : goto receive_done;
189 : }
190 0 : ptr = (uint8_t *)spdm_response + sizeof(spdm_key_pair_info_response_t) + spdm_response->public_key_info_len;
191 :
192 0 : pqc_asym_algo_cap_len = *ptr;
193 0 : if (spdm_response_size < sizeof(spdm_key_pair_info_response_t) +
194 0 : spdm_response->public_key_info_len + sizeof(uint8_t) + pqc_asym_algo_cap_len + sizeof(uint8_t)) {
195 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
196 0 : goto receive_done;
197 : }
198 0 : if (pqc_asym_algo_cap_len > sizeof(uint32_t)) {
199 0 : pqc_asym_algo_cap_len = sizeof(uint32_t);
200 : }
201 0 : libspdm_copy_mem (&rsp_pqc_asym_algo_capabilities, sizeof(rsp_pqc_asym_algo_capabilities),
202 0 : ptr + sizeof(uint8_t), pqc_asym_algo_cap_len);
203 :
204 0 : current_pqc_asym_algo_len = *(ptr + sizeof(uint8_t) + pqc_asym_algo_cap_len);
205 0 : if (current_pqc_asym_algo_len > sizeof(uint32_t)) {
206 0 : current_pqc_asym_algo_len = sizeof(uint32_t);
207 : }
208 0 : libspdm_copy_mem (&rsp_current_pqc_asym_algo, sizeof(rsp_current_pqc_asym_algo),
209 0 : ptr + sizeof(uint8_t) + pqc_asym_algo_cap_len + sizeof(uint8_t), current_pqc_asym_algo_len);
210 :
211 0 : rsp_pqc_asym_algo_capabilities &= SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
212 0 : rsp_current_pqc_asym_algo &= SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
213 : } else {
214 14 : spdm_response_size = sizeof(spdm_key_pair_info_response_t) + spdm_response->public_key_info_len;
215 : }
216 :
217 : /* -=[Process Response Phase]=- */
218 :
219 : /*If responder doesn't support SET_KEY_PAIR_INFO_CAP,the capabilities should be 0*/
220 14 : if ((!libspdm_is_capabilities_flag_supported(
221 : spdm_context, true, 0,
222 0 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_INFO_CAP)) &&
223 0 : ((spdm_response->capabilities & SPDM_KEY_PAIR_CAP_MASK) != 0)) {
224 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
225 0 : goto receive_done;
226 : }
227 :
228 14 : *total_key_pairs = spdm_response->total_key_pairs;
229 14 : *capabilities = spdm_response->capabilities & SPDM_KEY_PAIR_CAP_MASK;
230 14 : if (((*capabilities & SPDM_KEY_PAIR_CAP_SHAREABLE_CAP) != 0) &&
231 1 : ((*capabilities & SPDM_KEY_PAIR_CAP_CERT_ASSOC_CAP) == 0)) {
232 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
233 1 : goto receive_done;
234 : }
235 :
236 13 : *key_usage_capabilities = (spdm_response->key_usage_capabilities) & SPDM_KEY_USAGE_BIT_MASK;
237 13 : if (*key_usage_capabilities == 0) {
238 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
239 1 : goto receive_done;
240 : }
241 12 : *current_key_usage = (spdm_response->current_key_usage) & SPDM_KEY_USAGE_BIT_MASK;
242 12 : if ((*key_usage_capabilities | *current_key_usage) != *key_usage_capabilities) {
243 2 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
244 2 : goto receive_done;
245 : }
246 :
247 10 : *asym_algo_capabilities = (spdm_response->asym_algo_capabilities) &
248 : SPDM_KEY_PAIR_ASYM_ALGO_CAP_MASK;
249 10 : if (*asym_algo_capabilities == 0) {
250 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
251 1 : goto receive_done;
252 : }
253 9 : *current_asym_algo = (spdm_response->current_asym_algo) & SPDM_KEY_PAIR_ASYM_ALGO_CAP_MASK;
254 9 : if (!libspdm_onehot0(*current_asym_algo)) {
255 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
256 1 : goto receive_done;
257 : }
258 8 : if ((*asym_algo_capabilities | *current_asym_algo) != *asym_algo_capabilities) {
259 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
260 1 : goto receive_done;
261 : }
262 :
263 7 : if (!libspdm_onehot0(rsp_current_pqc_asym_algo)) {
264 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
265 0 : goto receive_done;
266 : }
267 7 : if ((rsp_pqc_asym_algo_capabilities | rsp_current_pqc_asym_algo) != rsp_pqc_asym_algo_capabilities) {
268 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
269 0 : goto receive_done;
270 : }
271 7 : if ((*current_asym_algo != 0) && (rsp_current_pqc_asym_algo != 0)) {
272 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
273 0 : goto receive_done;
274 : }
275 :
276 7 : if (pqc_asym_algo_capabilities != NULL) {
277 0 : *pqc_asym_algo_capabilities = rsp_pqc_asym_algo_capabilities;
278 : }
279 7 : if (current_pqc_asym_algo != NULL) {
280 0 : *current_pqc_asym_algo = rsp_current_pqc_asym_algo;
281 : }
282 :
283 7 : *assoc_cert_slot_mask = spdm_response->assoc_cert_slot_mask;
284 7 : if (!libspdm_onehot0(*assoc_cert_slot_mask) &&
285 2 : (((*capabilities & SPDM_KEY_PAIR_CAP_SHAREABLE_CAP) == 0) &&
286 1 : (libspdm_is_capabilities_flag_supported(
287 : spdm_context, true, 0,
288 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_INFO_CAP)))) {
289 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
290 1 : goto receive_done;
291 : }
292 :
293 6 : if (*public_key_info_len < spdm_response->public_key_info_len) {
294 0 : status = LIBSPDM_STATUS_BUFFER_FULL;
295 0 : goto receive_done;
296 : }
297 6 : *public_key_info_len = spdm_response->public_key_info_len;
298 :
299 6 : libspdm_copy_mem(public_key_info,
300 6 : spdm_response->public_key_info_len,
301 6 : spdm_response->public_key_info,
302 6 : spdm_response->public_key_info_len);
303 :
304 6 : status = LIBSPDM_STATUS_SUCCESS;
305 :
306 : /* -=[Log Message Phase]=- */
307 : #if LIBSPDM_ENABLE_MSG_LOG
308 6 : libspdm_append_msg_log(spdm_context, spdm_response, spdm_response_size);
309 : #endif /* LIBSPDM_ENABLE_MSG_LOG */
310 :
311 16 : receive_done:
312 16 : libspdm_release_receiver_buffer (spdm_context);
313 16 : return status;
314 : }
315 :
316 0 : libspdm_return_t libspdm_get_key_pair_info_with_pqc(void *spdm_context, const uint32_t *session_id,
317 : uint8_t key_pair_id, uint8_t *total_key_pairs,
318 : uint16_t *capabilities,
319 : uint16_t *key_usage_capabilities,
320 : uint16_t *current_key_usage,
321 : uint32_t *asym_algo_capabilities,
322 : uint32_t *current_asym_algo,
323 : uint32_t *pqc_asym_algo_capabilities,
324 : uint32_t *current_pqc_asym_algo,
325 : uint8_t *assoc_cert_slot_mask,
326 : uint16_t *public_key_info_len,
327 : void *public_key_info
328 : )
329 : {
330 : libspdm_context_t *context;
331 : size_t retry;
332 : uint64_t retry_delay_time;
333 : libspdm_return_t status;
334 :
335 0 : context = spdm_context;
336 0 : context->crypto_request = true;
337 0 : retry = context->retry_times;
338 0 : retry_delay_time = context->retry_delay_time;
339 : do {
340 0 : status = libspdm_try_get_key_pair_info(context, session_id, key_pair_id,
341 : total_key_pairs, capabilities,
342 : key_usage_capabilities, current_key_usage,
343 : asym_algo_capabilities, current_asym_algo,
344 : pqc_asym_algo_capabilities, current_pqc_asym_algo,
345 : assoc_cert_slot_mask, public_key_info_len,
346 : public_key_info);
347 0 : if (status != LIBSPDM_STATUS_BUSY_PEER) {
348 0 : return status;
349 : }
350 :
351 0 : libspdm_sleep(retry_delay_time);
352 0 : } while (retry-- != 0);
353 :
354 0 : return status;
355 : }
356 :
357 17 : libspdm_return_t libspdm_get_key_pair_info(void *spdm_context, const uint32_t *session_id,
358 : uint8_t key_pair_id, uint8_t *total_key_pairs,
359 : uint16_t *capabilities,
360 : uint16_t *key_usage_capabilities,
361 : uint16_t *current_key_usage,
362 : uint32_t *asym_algo_capabilities,
363 : uint32_t *current_asym_algo,
364 : uint8_t *assoc_cert_slot_mask,
365 : uint16_t *public_key_info_len,
366 : void *public_key_info
367 : )
368 : {
369 : libspdm_context_t *context;
370 : size_t retry;
371 : uint64_t retry_delay_time;
372 : libspdm_return_t status;
373 :
374 17 : context = spdm_context;
375 17 : context->crypto_request = true;
376 17 : retry = context->retry_times;
377 17 : retry_delay_time = context->retry_delay_time;
378 : do {
379 17 : status = libspdm_try_get_key_pair_info(context, session_id, key_pair_id,
380 : total_key_pairs, capabilities,
381 : key_usage_capabilities, current_key_usage,
382 : asym_algo_capabilities, current_asym_algo,
383 : NULL, NULL,
384 : assoc_cert_slot_mask, public_key_info_len,
385 : public_key_info);
386 17 : if (status != LIBSPDM_STATUS_BUSY_PEER) {
387 17 : return status;
388 : }
389 :
390 0 : libspdm_sleep(retry_delay_time);
391 0 : } while (retry-- != 0);
392 :
393 0 : return status;
394 : }
395 :
396 : #endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */
|
