Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2024-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_requester_lib.h"
8 :
9 : #if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
10 :
11 : typedef struct {
12 : spdm_message_header_t header;
13 : uint8_t total_key_pairs;
14 : uint8_t key_pair_id;
15 : uint16_t capabilities;
16 : uint16_t key_usage_capabilities;
17 : uint16_t current_key_usage;
18 : uint32_t asym_algo_capabilities;
19 : uint32_t current_asym_algo;
20 : uint16_t public_key_info_len;
21 : uint8_t assoc_cert_slot_mask;
22 : uint8_t public_key_info[SPDM_MAX_PUBLIC_KEY_INFO_LEN];
23 : uint8_t pqc_asym_algo_cap_len;
24 : uint32_t pqc_asym_algo_capabilities;
25 : uint8_t current_pqc_asym_algo_len;
26 : uint32_t current_pqc_asym_algo;
27 : } libspdm_key_pair_info_response_max_t;
28 :
29 : /**
30 : * This function sends GET_KEY_PAIR_INFO and receives KEY_PAIR_INFO *
31 : *
32 : * @param context A pointer to the SPDM context.
33 : *
34 : **/
35 2 : static libspdm_return_t libspdm_try_get_key_pair_info(libspdm_context_t *spdm_context,
36 : const uint32_t *session_id,
37 : uint8_t key_pair_id,
38 : uint8_t *total_key_pairs,
39 : uint16_t *capabilities,
40 : uint16_t *key_usage_capabilities,
41 : uint16_t *current_key_usage,
42 : uint32_t *asym_algo_capabilities,
43 : uint32_t *current_asym_algo,
44 : uint32_t *pqc_asym_algo_capabilities,
45 : uint32_t *current_pqc_asym_algo,
46 : uint8_t *assoc_cert_slot_mask,
47 : uint16_t *public_key_info_len,
48 : void *public_key_info
49 : )
50 : {
51 : libspdm_return_t status;
52 : spdm_get_key_pair_info_request_t *spdm_request;
53 : size_t spdm_request_size;
54 : libspdm_key_pair_info_response_max_t *spdm_response;
55 : size_t spdm_response_size;
56 : uint8_t *message;
57 : size_t message_size;
58 : size_t transport_header_size;
59 : libspdm_session_info_t *session_info;
60 : libspdm_session_state_t session_state;
61 : uint8_t pqc_asym_algo_cap_len;
62 : uint8_t current_pqc_asym_algo_len;
63 : uint8_t *ptr;
64 : uint32_t rsp_pqc_asym_algo_capabilities;
65 : uint32_t rsp_current_pqc_asym_algo;
66 :
67 : /* -=[Check Parameters Phase]=- */
68 2 : if (libspdm_get_connection_version(spdm_context) < SPDM_MESSAGE_VERSION_13) {
69 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
70 : }
71 :
72 2 : if (key_pair_id == 0) {
73 0 : return LIBSPDM_STATUS_INVALID_PARAMETER;
74 : }
75 :
76 : /* -=[Verify State Phase]=- */
77 2 : if (!libspdm_is_capabilities_flag_supported(
78 : spdm_context, true, 0,
79 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_GET_KEY_PAIR_INFO_CAP)) {
80 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
81 : }
82 2 : if (spdm_context->connection_info.connection_state < LIBSPDM_CONNECTION_STATE_NEGOTIATED) {
83 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
84 : }
85 :
86 2 : session_info = NULL;
87 2 : if (session_id != NULL) {
88 0 : session_info = libspdm_get_session_info_via_session_id(spdm_context, *session_id);
89 0 : if (session_info == NULL) {
90 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
91 : }
92 0 : session_state = libspdm_secured_message_get_session_state(
93 : session_info->secured_message_context);
94 0 : if (session_state != LIBSPDM_SESSION_STATE_ESTABLISHED) {
95 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
96 : }
97 : }
98 :
99 : /* -=[Construct Request Phase]=- */
100 2 : transport_header_size = spdm_context->local_context.capability.transport_header_size;
101 2 : status = libspdm_acquire_sender_buffer (spdm_context, &message_size, (void **)&message);
102 2 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
103 0 : return status;
104 : }
105 2 : LIBSPDM_ASSERT (message_size >= transport_header_size +
106 : spdm_context->local_context.capability.transport_tail_size);
107 2 : spdm_request = (void *)(message + transport_header_size);
108 2 : spdm_request_size = message_size - transport_header_size -
109 2 : spdm_context->local_context.capability.transport_tail_size;
110 :
111 2 : LIBSPDM_ASSERT(spdm_request_size >= sizeof(spdm_get_key_pair_info_request_t));
112 2 : spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
113 2 : spdm_request->header.request_response_code = SPDM_GET_KEY_PAIR_INFO;
114 2 : spdm_request->header.param1 = 0;
115 2 : spdm_request->header.param2 = 0;
116 2 : spdm_request->key_pair_id = key_pair_id;
117 2 : spdm_request_size = sizeof(spdm_get_key_pair_info_request_t);
118 :
119 : /* -=[Send Request Phase]=- */
120 2 : status = libspdm_send_spdm_request(spdm_context, session_id, spdm_request_size, spdm_request);
121 2 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
122 1 : libspdm_release_sender_buffer (spdm_context);
123 1 : return status;
124 : }
125 1 : libspdm_release_sender_buffer (spdm_context);
126 1 : spdm_request = (void *)spdm_context->last_spdm_request;
127 :
128 : /* -=[Receive Response Phase]=- */
129 1 : status = libspdm_acquire_receiver_buffer (spdm_context, &message_size, (void **)&message);
130 1 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
131 0 : return status;
132 : }
133 1 : LIBSPDM_ASSERT (message_size >= transport_header_size);
134 1 : spdm_response = (void *)(message);
135 1 : spdm_response_size = message_size;
136 :
137 1 : status = libspdm_receive_spdm_response(
138 : spdm_context, session_id, &spdm_response_size, (void **)&spdm_response);
139 1 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
140 0 : goto receive_done;
141 : }
142 :
143 : /* -=[Validate Response Phase]=- */
144 1 : if (spdm_response_size < sizeof(spdm_message_header_t)) {
145 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
146 0 : goto receive_done;
147 : }
148 1 : if (spdm_response->header.request_response_code == SPDM_ERROR) {
149 0 : status = libspdm_handle_error_response_main(
150 : spdm_context, session_id,
151 : &spdm_response_size,
152 : (void **)&spdm_response, SPDM_GET_KEY_PAIR_INFO, SPDM_KEY_PAIR_INFO);
153 0 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
154 0 : goto receive_done;
155 : }
156 1 : } else if (spdm_response->header.request_response_code != SPDM_KEY_PAIR_INFO) {
157 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
158 0 : goto receive_done;
159 : }
160 1 : if (spdm_response->header.spdm_version != spdm_request->header.spdm_version) {
161 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
162 0 : goto receive_done;
163 : }
164 :
165 1 : if ((spdm_response->key_pair_id != key_pair_id) ||
166 1 : (spdm_response->key_pair_id > (spdm_response->total_key_pairs))) {
167 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
168 0 : goto receive_done;
169 : }
170 :
171 1 : if (spdm_response_size < sizeof(spdm_key_pair_info_response_t)) {
172 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
173 0 : goto receive_done;
174 : }
175 :
176 1 : if (spdm_response_size < sizeof(spdm_key_pair_info_response_t) +
177 1 : spdm_response->public_key_info_len) {
178 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
179 0 : goto receive_done;
180 : }
181 :
182 1 : rsp_pqc_asym_algo_capabilities = 0;
183 1 : rsp_current_pqc_asym_algo = 0;
184 1 : if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_14) {
185 0 : if (spdm_response_size < sizeof(spdm_key_pair_info_response_t) +
186 0 : spdm_response->public_key_info_len + sizeof(uint8_t)) {
187 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
188 0 : goto receive_done;
189 : }
190 0 : ptr = (uint8_t *)spdm_response + sizeof(spdm_key_pair_info_response_t) + spdm_response->public_key_info_len;
191 :
192 0 : pqc_asym_algo_cap_len = *ptr;
193 0 : if (spdm_response_size < sizeof(spdm_key_pair_info_response_t) +
194 0 : spdm_response->public_key_info_len + sizeof(uint8_t) + pqc_asym_algo_cap_len + sizeof(uint8_t)) {
195 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
196 0 : goto receive_done;
197 : }
198 0 : if (pqc_asym_algo_cap_len > sizeof(uint32_t)) {
199 0 : pqc_asym_algo_cap_len = sizeof(uint32_t);
200 : }
201 0 : libspdm_copy_mem (&rsp_pqc_asym_algo_capabilities, sizeof(rsp_pqc_asym_algo_capabilities),
202 0 : ptr + sizeof(uint8_t), pqc_asym_algo_cap_len);
203 :
204 0 : current_pqc_asym_algo_len = *(ptr + sizeof(uint8_t) + pqc_asym_algo_cap_len);
205 0 : if (current_pqc_asym_algo_len > sizeof(uint32_t)) {
206 0 : current_pqc_asym_algo_len = sizeof(uint32_t);
207 : }
208 0 : libspdm_copy_mem (&rsp_current_pqc_asym_algo, sizeof(rsp_current_pqc_asym_algo),
209 0 : ptr + sizeof(uint8_t) + pqc_asym_algo_cap_len + sizeof(uint8_t), current_pqc_asym_algo_len);
210 :
211 0 : rsp_pqc_asym_algo_capabilities &= SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
212 0 : rsp_current_pqc_asym_algo &= SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_MASK;
213 : } else {
214 1 : spdm_response_size = sizeof(spdm_key_pair_info_response_t) + spdm_response->public_key_info_len;
215 : }
216 :
217 : /* -=[Process Response Phase]=- */
218 1 : *key_usage_capabilities = (spdm_response->key_usage_capabilities) & SPDM_KEY_USAGE_BIT_MASK;
219 1 : if (*key_usage_capabilities == 0) {
220 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
221 0 : goto receive_done;
222 : }
223 1 : *current_key_usage = (spdm_response->current_key_usage) & SPDM_KEY_USAGE_BIT_MASK;
224 1 : if ((*key_usage_capabilities | *current_key_usage) != *key_usage_capabilities) {
225 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
226 0 : goto receive_done;
227 : }
228 :
229 1 : *asym_algo_capabilities = (spdm_response->asym_algo_capabilities) &
230 : SPDM_KEY_PAIR_ASYM_ALGO_CAP_MASK;
231 1 : if (*asym_algo_capabilities == 0) {
232 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
233 0 : goto receive_done;
234 : }
235 1 : *current_asym_algo = (spdm_response->current_asym_algo) & SPDM_KEY_PAIR_ASYM_ALGO_CAP_MASK;
236 1 : if (!libspdm_onehot0(*current_asym_algo)) {
237 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
238 0 : goto receive_done;
239 : }
240 1 : if ((*asym_algo_capabilities | *current_asym_algo) != *asym_algo_capabilities) {
241 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
242 0 : goto receive_done;
243 : }
244 :
245 1 : if (!libspdm_onehot0(rsp_current_pqc_asym_algo)) {
246 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
247 0 : goto receive_done;
248 : }
249 1 : if ((rsp_pqc_asym_algo_capabilities | rsp_current_pqc_asym_algo) != rsp_pqc_asym_algo_capabilities) {
250 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
251 0 : goto receive_done;
252 : }
253 1 : if ((*current_asym_algo != 0) && (rsp_current_pqc_asym_algo != 0)) {
254 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
255 0 : goto receive_done;
256 : }
257 :
258 1 : if (pqc_asym_algo_capabilities != NULL) {
259 0 : *pqc_asym_algo_capabilities = rsp_pqc_asym_algo_capabilities;
260 : }
261 1 : if (current_pqc_asym_algo != NULL) {
262 0 : *current_pqc_asym_algo = rsp_current_pqc_asym_algo;
263 : }
264 :
265 : /*If responder doesn't support SET_KEY_PAIR_INFO_CAP,the capabilities should be 0*/
266 1 : if ((!libspdm_is_capabilities_flag_supported(
267 : spdm_context, true, 0,
268 0 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_INFO_CAP)) &&
269 0 : ((spdm_response->capabilities & SPDM_KEY_PAIR_CAP_MASK) != 0)) {
270 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
271 0 : goto receive_done;
272 : }
273 :
274 1 : *total_key_pairs = spdm_response->total_key_pairs;
275 1 : *capabilities = spdm_response->capabilities & SPDM_KEY_PAIR_CAP_MASK;
276 :
277 1 : if (*public_key_info_len < spdm_response->public_key_info_len) {
278 0 : status = LIBSPDM_STATUS_BUFFER_FULL;
279 0 : goto receive_done;
280 : }
281 1 : *public_key_info_len = spdm_response->public_key_info_len;
282 1 : *assoc_cert_slot_mask = spdm_response->assoc_cert_slot_mask;
283 :
284 1 : libspdm_copy_mem(public_key_info,
285 1 : spdm_response->public_key_info_len,
286 1 : spdm_response->public_key_info,
287 1 : spdm_response->public_key_info_len);
288 :
289 1 : status = LIBSPDM_STATUS_SUCCESS;
290 :
291 : /* -=[Log Message Phase]=- */
292 : #if LIBSPDM_ENABLE_MSG_LOG
293 1 : libspdm_append_msg_log(spdm_context, spdm_response, spdm_response_size);
294 : #endif /* LIBSPDM_ENABLE_MSG_LOG */
295 :
296 1 : receive_done:
297 1 : libspdm_release_receiver_buffer (spdm_context);
298 1 : return status;
299 : }
300 :
301 0 : libspdm_return_t libspdm_get_key_pair_info_with_pqc(void *spdm_context, const uint32_t *session_id,
302 : uint8_t key_pair_id, uint8_t *total_key_pairs,
303 : uint16_t *capabilities,
304 : uint16_t *key_usage_capabilities,
305 : uint16_t *current_key_usage,
306 : uint32_t *asym_algo_capabilities,
307 : uint32_t *current_asym_algo,
308 : uint32_t *pqc_asym_algo_capabilities,
309 : uint32_t *current_pqc_asym_algo,
310 : uint8_t *assoc_cert_slot_mask,
311 : uint16_t *public_key_info_len,
312 : void *public_key_info
313 : )
314 : {
315 : libspdm_context_t *context;
316 : size_t retry;
317 : uint64_t retry_delay_time;
318 : libspdm_return_t status;
319 :
320 0 : context = spdm_context;
321 0 : context->crypto_request = true;
322 0 : retry = context->retry_times;
323 0 : retry_delay_time = context->retry_delay_time;
324 : do {
325 0 : status = libspdm_try_get_key_pair_info(context, session_id, key_pair_id,
326 : total_key_pairs, capabilities,
327 : key_usage_capabilities, current_key_usage,
328 : asym_algo_capabilities, current_asym_algo,
329 : pqc_asym_algo_capabilities, current_pqc_asym_algo,
330 : assoc_cert_slot_mask, public_key_info_len,
331 : public_key_info);
332 0 : if (status != LIBSPDM_STATUS_BUSY_PEER) {
333 0 : return status;
334 : }
335 :
336 0 : libspdm_sleep(retry_delay_time);
337 0 : } while (retry-- != 0);
338 :
339 0 : return status;
340 : }
341 :
342 2 : libspdm_return_t libspdm_get_key_pair_info(void *spdm_context, const uint32_t *session_id,
343 : uint8_t key_pair_id, uint8_t *total_key_pairs,
344 : uint16_t *capabilities,
345 : uint16_t *key_usage_capabilities,
346 : uint16_t *current_key_usage,
347 : uint32_t *asym_algo_capabilities,
348 : uint32_t *current_asym_algo,
349 : uint8_t *assoc_cert_slot_mask,
350 : uint16_t *public_key_info_len,
351 : void *public_key_info
352 : )
353 : {
354 : libspdm_context_t *context;
355 : size_t retry;
356 : uint64_t retry_delay_time;
357 : libspdm_return_t status;
358 :
359 2 : context = spdm_context;
360 2 : context->crypto_request = true;
361 2 : retry = context->retry_times;
362 2 : retry_delay_time = context->retry_delay_time;
363 : do {
364 2 : status = libspdm_try_get_key_pair_info(context, session_id, key_pair_id,
365 : total_key_pairs, capabilities,
366 : key_usage_capabilities, current_key_usage,
367 : asym_algo_capabilities, current_asym_algo,
368 : NULL, NULL,
369 : assoc_cert_slot_mask, public_key_info_len,
370 : public_key_info);
371 2 : if (status != LIBSPDM_STATUS_BUSY_PEER) {
372 2 : return status;
373 : }
374 :
375 0 : libspdm_sleep(retry_delay_time);
376 0 : } while (retry-- != 0);
377 :
378 0 : return status;
379 : }
380 :
381 : #endif /* LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP */
|