Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_requester_lib.h"
8 : #include "internal/libspdm_secured_message_lib.h"
9 :
10 : #if LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP
11 :
12 : #pragma pack(1)
13 : typedef struct {
14 : spdm_message_header_t header;
15 : uint16_t req_session_id;
16 : uint8_t session_policy;
17 : uint8_t reserved;
18 : uint8_t random_data[SPDM_RANDOM_DATA_SIZE];
19 : uint8_t exchange_data[LIBSPDM_REQ_EXCHANGE_DATA_MAX_SIZE];
20 : uint16_t opaque_length;
21 : uint8_t opaque_data[SPDM_MAX_OPAQUE_DATA_SIZE];
22 : } libspdm_key_exchange_request_mine_t;
23 :
24 : typedef struct {
25 : spdm_message_header_t header;
26 : uint16_t rsp_session_id;
27 : uint8_t mut_auth_requested;
28 : uint8_t req_slot_id_param;
29 : uint8_t random_data[SPDM_RANDOM_DATA_SIZE];
30 : uint8_t exchange_data[LIBSPDM_RSP_EXCHANGE_DATA_MAX_SIZE];
31 : uint8_t measurement_summary_hash[LIBSPDM_MAX_HASH_SIZE];
32 : uint16_t opaque_length;
33 : uint8_t opaque_data[SPDM_MAX_OPAQUE_DATA_SIZE];
34 : uint8_t signature[LIBSPDM_RSP_SIGNATURE_DATA_MAX_SIZE];
35 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
36 : } libspdm_key_exchange_response_max_t;
37 : #pragma pack()
38 :
39 19 : bool libspdm_verify_key_exchange_rsp_hmac(libspdm_context_t *spdm_context,
40 : libspdm_session_info_t *session_info,
41 : const void *hmac_data,
42 : size_t hmac_data_size)
43 : {
44 : size_t hash_size;
45 : uint8_t calc_hmac_data[LIBSPDM_MAX_HASH_SIZE];
46 : bool result;
47 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
48 : uint8_t slot_id;
49 : uint8_t *cert_chain_buffer;
50 : size_t cert_chain_buffer_size;
51 : uint8_t *th_curr_data;
52 : size_t th_curr_data_size;
53 : libspdm_th_managed_buffer_t th_curr;
54 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
55 : #endif
56 :
57 19 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
58 19 : LIBSPDM_ASSERT(hash_size == hmac_data_size);
59 :
60 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
61 : slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id;
62 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
63 : if (slot_id == 0xFF) {
64 : result = libspdm_get_peer_public_key_buffer(
65 : spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
66 : } else {
67 : result = libspdm_get_peer_cert_chain_buffer(
68 : spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
69 : }
70 : if (!result) {
71 : return false;
72 : }
73 :
74 : result = libspdm_calculate_th_for_exchange(
75 : spdm_context, session_info, cert_chain_buffer,
76 : cert_chain_buffer_size, &th_curr);
77 : if (!result) {
78 : return false;
79 : }
80 : th_curr_data = libspdm_get_managed_buffer(&th_curr);
81 : th_curr_data_size = libspdm_get_managed_buffer_size(&th_curr);
82 :
83 : result = libspdm_hash_all (spdm_context->connection_info.algorithm.base_hash_algo,
84 : th_curr_data, th_curr_data_size, hash_data);
85 : if (!result) {
86 : return false;
87 : }
88 :
89 : result = libspdm_hmac_all_with_response_finished_key(
90 : session_info->secured_message_context, hash_data,
91 : hash_size, calc_hmac_data);
92 : if (!result) {
93 : return false;
94 : }
95 : #else
96 19 : result = libspdm_calculate_th_hmac_for_exchange_rsp(
97 : spdm_context, session_info, &hash_size, calc_hmac_data);
98 19 : if (!result) {
99 0 : return false;
100 : }
101 : #endif
102 19 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_curr hmac - "));
103 19 : LIBSPDM_INTERNAL_DUMP_DATA(calc_hmac_data, hash_size);
104 19 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
105 :
106 19 : if (!libspdm_consttime_is_mem_equal(calc_hmac_data, hmac_data, hash_size)) {
107 0 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR, "!!! verify_key_exchange_hmac - FAIL !!!\n"));
108 0 : return false;
109 : }
110 19 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "!!! verify_key_exchange_hmac - PASS !!!\n"));
111 :
112 19 : return true;
113 : }
114 :
115 22 : bool libspdm_verify_key_exchange_rsp_signature(
116 : libspdm_context_t *spdm_context, libspdm_session_info_t *session_info,
117 : const void *sign_data, const size_t sign_data_size)
118 : {
119 : bool result;
120 : void *context;
121 : uint8_t slot_id;
122 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
123 : uint8_t *cert_chain_buffer;
124 : size_t cert_chain_buffer_size;
125 : uint8_t *th_curr_data;
126 : size_t th_curr_data_size;
127 : libspdm_th_managed_buffer_t th_curr;
128 : const uint8_t *cert_chain_data;
129 : size_t cert_chain_data_size;
130 : const uint8_t *cert_buffer;
131 : size_t cert_buffer_size;
132 : #endif
133 : #if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE)
134 : size_t hash_size;
135 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
136 :
137 22 : hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
138 : #endif
139 :
140 22 : slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id;
141 22 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
142 :
143 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
144 : if (slot_id == 0xFF) {
145 : result = libspdm_get_peer_public_key_buffer(
146 : spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
147 : } else {
148 : result = libspdm_get_peer_cert_chain_buffer(
149 : spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
150 : }
151 : if (!result) {
152 : return false;
153 : }
154 :
155 : result = libspdm_calculate_th_for_exchange(
156 : spdm_context, session_info, cert_chain_buffer,
157 : cert_chain_buffer_size, &th_curr);
158 : if (!result) {
159 : return false;
160 : }
161 : th_curr_data = libspdm_get_managed_buffer(&th_curr);
162 : th_curr_data_size = libspdm_get_managed_buffer_size(&th_curr);
163 :
164 : /* Debug code only - required for debug print of th_curr hash below*/
165 : LIBSPDM_DEBUG_CODE(
166 : if (!libspdm_hash_all(
167 : spdm_context->connection_info.algorithm.base_hash_algo,
168 : th_curr_data, th_curr_data_size, hash_data)) {
169 : return false;
170 : }
171 : );
172 : #else
173 22 : result = libspdm_calculate_th_hash_for_exchange(
174 : spdm_context, session_info, &hash_size, hash_data);
175 22 : if (!result) {
176 0 : return false;
177 : }
178 : #endif
179 22 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_curr hash - "));
180 22 : LIBSPDM_INTERNAL_DUMP_DATA(hash_data, hash_size);
181 22 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
182 :
183 22 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "signature - "));
184 22 : LIBSPDM_INTERNAL_DUMP_DATA(sign_data, sign_data_size);
185 22 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
186 :
187 22 : if (slot_id == 0xFF) {
188 1 : if (spdm_context->connection_info.algorithm.pqc_asym_algo != 0) {
189 0 : result = libspdm_pqc_asym_get_public_key_from_der(
190 : spdm_context->connection_info.algorithm.pqc_asym_algo,
191 0 : spdm_context->local_context.peer_public_key_provision,
192 : spdm_context->local_context.peer_public_key_provision_size,
193 : &context);
194 : } else {
195 1 : result = libspdm_asym_get_public_key_from_der(
196 : spdm_context->connection_info.algorithm.base_asym_algo,
197 1 : spdm_context->local_context.peer_public_key_provision,
198 : spdm_context->local_context.peer_public_key_provision_size,
199 : &context);
200 : }
201 1 : if (!result) {
202 0 : return false;
203 : }
204 : } else {
205 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
206 : /* Get leaf cert from cert chain*/
207 : result = libspdm_get_peer_cert_chain_data(
208 : spdm_context, (const void **)&cert_chain_data, &cert_chain_data_size);
209 : if (!result) {
210 : return false;
211 : }
212 : result = libspdm_x509_get_cert_from_cert_chain(
213 : cert_chain_data, cert_chain_data_size, -1, &cert_buffer, &cert_buffer_size);
214 : if (!result) {
215 : return false;
216 : }
217 :
218 : if (spdm_context->connection_info.algorithm.pqc_asym_algo != 0) {
219 : result = libspdm_pqc_asym_get_public_key_from_x509(
220 : spdm_context->connection_info.algorithm.pqc_asym_algo,
221 : cert_buffer, cert_buffer_size, &context);
222 : } else {
223 : result = libspdm_asym_get_public_key_from_x509(
224 : spdm_context->connection_info.algorithm.base_asym_algo,
225 : cert_buffer, cert_buffer_size, &context);
226 : }
227 : if (!result) {
228 : return false;
229 : }
230 : #else
231 21 : context = spdm_context->connection_info.peer_used_cert_chain[slot_id].leaf_cert_public_key;
232 21 : LIBSPDM_ASSERT(context != NULL);
233 : #endif
234 : }
235 :
236 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
237 : if (spdm_context->connection_info.algorithm.pqc_asym_algo != 0) {
238 : result = libspdm_pqc_asym_verify(
239 : spdm_context->connection_info.version, SPDM_KEY_EXCHANGE_RSP,
240 : spdm_context->connection_info.algorithm.pqc_asym_algo,
241 : spdm_context->connection_info.algorithm.base_hash_algo,
242 : context, th_curr_data, th_curr_data_size, sign_data, sign_data_size);
243 : libspdm_pqc_asym_free(spdm_context->connection_info.algorithm.pqc_asym_algo, context);
244 : } else {
245 : result = libspdm_asym_verify_ex(
246 : spdm_context->connection_info.version, SPDM_KEY_EXCHANGE_RSP,
247 : spdm_context->connection_info.algorithm.base_asym_algo,
248 : spdm_context->connection_info.algorithm.base_hash_algo,
249 : context, th_curr_data, th_curr_data_size, sign_data, sign_data_size,
250 : &spdm_context->spdm_10_11_verify_signature_endian);
251 : libspdm_asym_free(spdm_context->connection_info.algorithm.base_asym_algo, context);
252 : }
253 : #else
254 22 : if (spdm_context->connection_info.algorithm.pqc_asym_algo != 0) {
255 0 : result = libspdm_pqc_asym_verify_hash(
256 0 : spdm_context->connection_info.version, SPDM_KEY_EXCHANGE_RSP,
257 : spdm_context->connection_info.algorithm.pqc_asym_algo,
258 : spdm_context->connection_info.algorithm.base_hash_algo,
259 : context, hash_data, hash_size, sign_data, sign_data_size);
260 0 : if (slot_id == 0xFF) {
261 0 : libspdm_pqc_asym_free(spdm_context->connection_info.algorithm.pqc_asym_algo, context);
262 : }
263 : } else {
264 22 : result = libspdm_asym_verify_hash_ex(
265 22 : spdm_context->connection_info.version, SPDM_KEY_EXCHANGE_RSP,
266 : spdm_context->connection_info.algorithm.base_asym_algo,
267 : spdm_context->connection_info.algorithm.base_hash_algo,
268 : context, hash_data, hash_size, sign_data, sign_data_size,
269 : &spdm_context->spdm_10_11_verify_signature_endian);
270 22 : if (slot_id == 0xFF) {
271 1 : libspdm_asym_free(spdm_context->connection_info.algorithm.base_asym_algo, context);
272 : }
273 : }
274 : #endif
275 22 : if (!result) {
276 2 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR, "!!! verify_key_exchange_signature - FAIL !!!\n"));
277 2 : return false;
278 : }
279 20 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "!!! verify_key_exchange_signature - PASS !!!\n"));
280 :
281 20 : return true;
282 : }
283 :
284 : /**
285 : * This function sends KEY_EXCHANGE and receives KEY_EXCHANGE_RSP for SPDM key exchange.
286 : *
287 : * @param spdm_context A pointer to the SPDM context.
288 : * @param measurement_hash_type Measurement_hash_type to the KEY_EXCHANGE request.
289 : * @param slot_id slot_id to the KEY_EXCHANGE request.
290 : * @param session_policy The policy for the session.
291 : * @param session_id session_id from the KEY_EXCHANGE_RSP response.
292 : * @param heartbeat_period Heartbeat_period from the KEY_EXCHANGE_RSP response.
293 : * @param req_slot_id_param req_slot_id_param from the KEY_EXCHANGE_RSP response.
294 : * @param measurement_hash Measurement_hash from the KEY_EXCHANGE_RSP response.
295 : * @param requester_nonce_in If not NULL, a buffer that holds the requester nonce (32 bytes)
296 : * @param requester_nonce If not NULL, a buffer to hold the requester nonce (32 bytes).
297 : * @param responder_nonce If not NULL, a buffer to hold the responder nonce (32 bytes).
298 : **/
299 95 : static libspdm_return_t libspdm_try_send_receive_key_exchange(
300 : libspdm_context_t *spdm_context, uint8_t measurement_hash_type,
301 : uint8_t slot_id, uint8_t session_policy, uint32_t *session_id,
302 : uint8_t *heartbeat_period,
303 : uint8_t *req_slot_id_param, void *measurement_hash,
304 : const void *requester_random_in,
305 : void *requester_random, void *responder_random,
306 : const void *requester_opaque_data, size_t requester_opaque_data_size,
307 : void *responder_opaque_data, size_t *responder_opaque_data_size)
308 : {
309 : bool result;
310 : libspdm_return_t status;
311 : libspdm_key_exchange_request_mine_t *spdm_request;
312 : size_t spdm_request_size;
313 : libspdm_key_exchange_response_max_t *spdm_response;
314 : size_t spdm_response_size;
315 : size_t dhe_key_size;
316 : size_t kem_encap_key_size;
317 : size_t kem_cipher_text_size;
318 : size_t req_key_exchange_size;
319 : size_t rsp_key_exchange_size;
320 : uint32_t measurement_summary_hash_size;
321 : uint32_t signature_size;
322 : uint32_t hmac_size;
323 : uint8_t *ptr;
324 : void *measurement_summary_hash;
325 : uint16_t opaque_length;
326 : uint8_t *signature;
327 : uint8_t *verify_data;
328 : void *dhe_context;
329 : void *kem_context;
330 : uint16_t req_session_id;
331 : uint16_t rsp_session_id;
332 : libspdm_session_info_t *session_info;
333 : size_t opaque_key_exchange_req_size;
334 : uint8_t th1_hash_data[LIBSPDM_MAX_HASH_SIZE];
335 : uint8_t *message;
336 : size_t message_size;
337 : size_t transport_header_size;
338 : uint8_t mut_auth_requested;
339 : spdm_version_number_t secured_message_version;
340 :
341 : /* -=[Check Parameters Phase]=- */
342 95 : LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xff));
343 95 : LIBSPDM_ASSERT((slot_id != 0xff) ||
344 : (spdm_context->local_context.peer_public_key_provision_size != 0));
345 95 : LIBSPDM_ASSERT(measurement_hash_type == SPDM_KEY_EXCHANGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH ||
346 : measurement_hash_type == SPDM_KEY_EXCHANGE_REQUEST_TCB_COMPONENT_MEASUREMENT_HASH ||
347 : measurement_hash_type == SPDM_KEY_EXCHANGE_REQUEST_ALL_MEASUREMENTS_HASH);
348 95 : LIBSPDM_ASSERT((libspdm_get_connection_version(spdm_context) < SPDM_MESSAGE_VERSION_13) ||
349 : ((session_policy & SPDM_KEY_EXCHANGE_REQUEST_SESSION_POLICY_EVENT_ALL_POLICY)
350 : == 0) ||
351 : libspdm_is_capabilities_flag_supported(
352 : spdm_context, true, 0, SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EVENT_CAP));
353 :
354 : /* -=[Verify State Phase]=- */
355 95 : if (libspdm_get_connection_version(spdm_context) < SPDM_MESSAGE_VERSION_11) {
356 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
357 : }
358 :
359 95 : if (!libspdm_is_capabilities_flag_supported(
360 : spdm_context, true,
361 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP,
362 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP)) {
363 1 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
364 : }
365 :
366 : /* While clearing MAC_CAP and setting ENCRYPT_CAP is legal according to DSP0274, libspdm
367 : * also implements DSP0277 secure messages, which requires at least MAC_CAP to be set.
368 : */
369 94 : if (!libspdm_is_capabilities_flag_supported(
370 : spdm_context, true,
371 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP,
372 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP)) {
373 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
374 : }
375 :
376 94 : if (spdm_context->connection_info.connection_state < LIBSPDM_CONNECTION_STATE_NEGOTIATED) {
377 2 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
378 : }
379 :
380 92 : if (libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_12) {
381 3 : if ((spdm_context->connection_info.algorithm.other_params_support &
382 : SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK) != SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1) {
383 0 : return LIBSPDM_STATUS_INVALID_STATE_PEER;
384 : }
385 : }
386 :
387 92 : req_session_id = libspdm_allocate_req_session_id(spdm_context, false);
388 92 : if (req_session_id == (INVALID_SESSION_ID & 0xFFFF)) {
389 0 : return LIBSPDM_STATUS_SESSION_NUMBER_EXCEED;
390 : }
391 :
392 92 : libspdm_reset_message_buffer_via_request_code(spdm_context, NULL, SPDM_KEY_EXCHANGE);
393 :
394 : /* -=[Construct Request Phase]=- */
395 92 : spdm_context->connection_info.peer_used_cert_chain_slot_id = slot_id;
396 92 : transport_header_size = spdm_context->local_context.capability.transport_header_size;
397 92 : status = libspdm_acquire_sender_buffer (spdm_context, &message_size, (void **)&message);
398 92 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
399 1 : return status;
400 : }
401 91 : LIBSPDM_ASSERT (message_size >= transport_header_size +
402 : spdm_context->local_context.capability.transport_tail_size);
403 91 : spdm_request = (void *)(message + transport_header_size);
404 91 : spdm_request_size = message_size - transport_header_size -
405 91 : spdm_context->local_context.capability.transport_tail_size;
406 :
407 91 : LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_key_exchange_request_t));
408 91 : spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
409 91 : spdm_request->header.request_response_code = SPDM_KEY_EXCHANGE;
410 91 : spdm_request->header.param1 = measurement_hash_type;
411 91 : spdm_request->header.param2 = slot_id;
412 91 : if (requester_random_in == NULL) {
413 90 : if (!libspdm_get_random_number(SPDM_RANDOM_DATA_SIZE, spdm_request->random_data)) {
414 0 : libspdm_release_sender_buffer (spdm_context);
415 0 : return LIBSPDM_STATUS_LOW_ENTROPY;
416 : }
417 : } else {
418 1 : libspdm_copy_mem(spdm_request->random_data, sizeof(spdm_request->random_data),
419 : requester_random_in, SPDM_RANDOM_DATA_SIZE);
420 : }
421 91 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "RequesterRandomData (0x%x) - ",
422 : SPDM_RANDOM_DATA_SIZE));
423 91 : LIBSPDM_INTERNAL_DUMP_DATA(spdm_request->random_data, SPDM_RANDOM_DATA_SIZE);
424 91 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
425 91 : if (requester_random != NULL) {
426 1 : libspdm_copy_mem(requester_random, SPDM_RANDOM_DATA_SIZE,
427 1 : spdm_request->random_data, SPDM_RANDOM_DATA_SIZE);
428 : }
429 :
430 91 : spdm_request->req_session_id = req_session_id;
431 91 : if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_12) {
432 3 : spdm_request->session_policy = session_policy;
433 : } else {
434 88 : spdm_request->session_policy = 0;
435 : }
436 91 : spdm_request->reserved = 0;
437 :
438 91 : ptr = spdm_request->exchange_data;
439 91 : dhe_context = NULL;
440 91 : kem_context = NULL;
441 91 : if (spdm_context->connection_info.algorithm.kem_alg != 0) {
442 0 : kem_encap_key_size = libspdm_get_kem_encap_key_size(
443 : spdm_context->connection_info.algorithm.kem_alg);
444 0 : kem_cipher_text_size = libspdm_get_kem_cipher_text_size(
445 : spdm_context->connection_info.algorithm.kem_alg);
446 0 : kem_context = libspdm_secured_message_kem_new(
447 0 : spdm_context->connection_info.version,
448 : spdm_context->connection_info.algorithm.kem_alg, true);
449 0 : if (kem_context == NULL) {
450 0 : libspdm_release_sender_buffer (spdm_context);
451 0 : return LIBSPDM_STATUS_CRYPTO_ERROR;
452 : }
453 :
454 0 : LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_key_exchange_request_t) + kem_encap_key_size);
455 0 : result = libspdm_secured_message_kem_generate_key(
456 : spdm_context->connection_info.algorithm.kem_alg,
457 : kem_context, ptr, &kem_encap_key_size);
458 0 : if (!result) {
459 0 : libspdm_secured_message_kem_free(
460 : spdm_context->connection_info.algorithm.kem_alg, kem_context);
461 0 : libspdm_release_sender_buffer (spdm_context);
462 0 : return LIBSPDM_STATUS_CRYPTO_ERROR;
463 : }
464 0 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "RequesterKey (0x%zx):\n", kem_encap_key_size));
465 0 : LIBSPDM_INTERNAL_DUMP_HEX(ptr, kem_encap_key_size);
466 0 : ptr += kem_encap_key_size;
467 0 : req_key_exchange_size = kem_encap_key_size;
468 0 : rsp_key_exchange_size = kem_cipher_text_size;
469 : } else {
470 182 : dhe_key_size = libspdm_get_dhe_pub_key_size(
471 91 : spdm_context->connection_info.algorithm.dhe_named_group);
472 91 : dhe_context = libspdm_secured_message_dhe_new(
473 91 : spdm_context->connection_info.version,
474 91 : spdm_context->connection_info.algorithm.dhe_named_group, true);
475 91 : if (dhe_context == NULL) {
476 0 : libspdm_release_sender_buffer (spdm_context);
477 0 : return LIBSPDM_STATUS_CRYPTO_ERROR;
478 : }
479 :
480 91 : LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_key_exchange_request_t) + dhe_key_size);
481 91 : result = libspdm_secured_message_dhe_generate_key(
482 91 : spdm_context->connection_info.algorithm.dhe_named_group,
483 : dhe_context, ptr, &dhe_key_size);
484 91 : if (!result) {
485 0 : libspdm_secured_message_dhe_free(
486 0 : spdm_context->connection_info.algorithm.dhe_named_group, dhe_context);
487 0 : libspdm_release_sender_buffer (spdm_context);
488 0 : return LIBSPDM_STATUS_CRYPTO_ERROR;
489 : }
490 91 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "RequesterKey (0x%zx):\n", dhe_key_size));
491 91 : LIBSPDM_INTERNAL_DUMP_HEX(ptr, dhe_key_size);
492 91 : ptr += dhe_key_size;
493 91 : req_key_exchange_size = dhe_key_size;
494 91 : rsp_key_exchange_size = dhe_key_size;
495 : }
496 :
497 91 : if (requester_opaque_data != NULL) {
498 1 : LIBSPDM_ASSERT(requester_opaque_data_size <= SPDM_MAX_OPAQUE_DATA_SIZE);
499 :
500 1 : LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_key_exchange_request_t) +
501 : req_key_exchange_size +
502 : sizeof(uint16_t) + requester_opaque_data_size);
503 :
504 1 : libspdm_write_uint16(ptr, (uint16_t)requester_opaque_data_size);
505 1 : ptr += sizeof(uint16_t);
506 :
507 1 : libspdm_copy_mem(ptr,
508 1 : (spdm_request_size - (sizeof(spdm_key_exchange_request_t) +
509 : req_key_exchange_size)),
510 : requester_opaque_data, requester_opaque_data_size);
511 1 : opaque_key_exchange_req_size = requester_opaque_data_size;
512 : } else {
513 90 : opaque_key_exchange_req_size =
514 90 : libspdm_get_opaque_data_supported_version_data_size(spdm_context);
515 90 : LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_key_exchange_request_t) +
516 : req_key_exchange_size +
517 : sizeof(uint16_t) + opaque_key_exchange_req_size);
518 :
519 90 : libspdm_write_uint16(ptr, (uint16_t)opaque_key_exchange_req_size);
520 90 : ptr += sizeof(uint16_t);
521 :
522 90 : libspdm_build_opaque_data_supported_version_data(
523 : spdm_context, &opaque_key_exchange_req_size, ptr);
524 : }
525 91 : ptr += opaque_key_exchange_req_size;
526 :
527 91 : spdm_request_size = (size_t)ptr - (size_t)spdm_request;
528 :
529 : /* -=[Send Request Phase]=- */
530 91 : status = libspdm_send_spdm_request(spdm_context, NULL, spdm_request_size, spdm_request);
531 91 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
532 2 : libspdm_release_sender_buffer (spdm_context);
533 2 : goto free_exchange;
534 : }
535 89 : libspdm_release_sender_buffer (spdm_context);
536 89 : spdm_request = (void *)spdm_context->last_spdm_request;
537 :
538 : /* -=[Receive Response Phase]=- */
539 89 : status = libspdm_acquire_receiver_buffer (spdm_context, &message_size, (void **)&message);
540 89 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
541 1 : goto free_exchange;
542 : }
543 88 : LIBSPDM_ASSERT (message_size >= transport_header_size);
544 88 : spdm_response = (void *)(message);
545 88 : spdm_response_size = message_size;
546 :
547 88 : status = libspdm_receive_spdm_response(
548 : spdm_context, NULL, &spdm_response_size, (void **)&spdm_response);
549 88 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
550 0 : goto receive_done;
551 : }
552 :
553 : /* -=[Validate Response Phase]=- */
554 88 : if (spdm_response_size < sizeof(spdm_message_header_t)) {
555 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
556 0 : goto receive_done;
557 : }
558 88 : if (spdm_response->header.request_response_code == SPDM_ERROR) {
559 46 : status = libspdm_handle_error_response_main(
560 : spdm_context, NULL, &spdm_response_size,
561 : (void **)&spdm_response, SPDM_KEY_EXCHANGE,
562 : SPDM_KEY_EXCHANGE_RSP);
563 46 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
564 45 : goto receive_done;
565 : }
566 42 : } else if (spdm_response->header.request_response_code != SPDM_KEY_EXCHANGE_RSP) {
567 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
568 1 : goto receive_done;
569 : }
570 42 : if (spdm_response->header.spdm_version != spdm_request->header.spdm_version) {
571 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
572 1 : goto receive_done;
573 : }
574 41 : if (spdm_response_size < sizeof(spdm_key_exchange_response_t)) {
575 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
576 0 : goto receive_done;
577 : }
578 :
579 41 : if (!libspdm_is_capabilities_flag_supported(
580 : spdm_context, true,
581 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HBEAT_CAP,
582 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HBEAT_CAP)) {
583 39 : if (spdm_response->header.param1 != 0) {
584 2 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
585 2 : goto receive_done;
586 : }
587 : }
588 39 : if (heartbeat_period != NULL) {
589 35 : *heartbeat_period = spdm_response->header.param1;
590 : }
591 :
592 39 : *req_slot_id_param = spdm_response->req_slot_id_param & 0xf;
593 39 : mut_auth_requested = spdm_response->mut_auth_requested & 0x7;
594 :
595 39 : if (mut_auth_requested != 0) {
596 13 : const bool mut_auth_cap_both = libspdm_is_capabilities_flag_supported(
597 : spdm_context, true,
598 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MUT_AUTH_CAP,
599 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MUT_AUTH_CAP);
600 13 : const bool cert_cap = libspdm_is_capabilities_flag_supported(
601 : spdm_context, true,
602 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP,
603 : 0);
604 13 : const bool pub_key_id_cap = libspdm_is_capabilities_flag_supported(
605 : spdm_context, true,
606 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP,
607 : 0);
608 :
609 13 : if (!mut_auth_cap_both) {
610 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
611 1 : goto receive_done;
612 : }
613 12 : if ((mut_auth_requested != SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED) &&
614 : (mut_auth_requested !=
615 7 : SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST) &&
616 : (mut_auth_requested !=
617 : SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_GET_DIGESTS)) {
618 6 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
619 6 : goto receive_done;
620 : }
621 :
622 6 : if (mut_auth_requested == SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED) {
623 : /* Non-encapsulated flow.
624 : * Requester has either CERT_CAP or PUB_KEY_ID_CAP set. */
625 :
626 2 : if ((cert_cap && (*req_slot_id_param >= SPDM_MAX_SLOT_COUNT)) ||
627 0 : (pub_key_id_cap && (*req_slot_id_param != 0xf))) {
628 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
629 1 : goto receive_done;
630 : }
631 1 : if ((spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
632 0 : spdm_context->connection_info.multi_key_conn_req &&
633 0 : (*req_slot_id_param != 0xf)) {
634 0 : if ((spdm_context->local_context.local_key_usage_bit_mask[*req_slot_id_param] &
635 : SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE) == 0) {
636 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
637 0 : goto receive_done;
638 : }
639 : }
640 : } else {
641 : /* Encapsulated flow. */
642 :
643 : /* If Responder has Requester's public key then it cannot use the encapsulated flow. */
644 4 : if (pub_key_id_cap) {
645 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
646 1 : goto receive_done;
647 : }
648 : /* Encapsulated flow requires support for encapsulated messages by both endpoints. */
649 3 : if (!libspdm_is_encap_supported(spdm_context)) {
650 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
651 1 : goto receive_done;
652 : }
653 : }
654 : }
655 :
656 29 : if (spdm_context->connection_info.algorithm.pqc_asym_algo != 0) {
657 0 : signature_size = libspdm_get_pqc_asym_signature_size(
658 : spdm_context->connection_info.algorithm.pqc_asym_algo);
659 : } else {
660 29 : signature_size = libspdm_get_asym_signature_size(
661 : spdm_context->connection_info.algorithm.base_asym_algo);
662 : }
663 29 : measurement_summary_hash_size = libspdm_get_measurement_summary_hash_size(
664 : spdm_context, true, measurement_hash_type);
665 29 : hmac_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
666 :
667 29 : if (libspdm_is_capabilities_flag_supported(
668 : spdm_context, true,
669 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP,
670 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP)) {
671 1 : hmac_size = 0;
672 : }
673 :
674 29 : if (spdm_response_size <
675 29 : sizeof(spdm_key_exchange_response_t) + rsp_key_exchange_size +
676 29 : measurement_summary_hash_size + sizeof(uint16_t) + signature_size + hmac_size) {
677 4 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
678 4 : goto receive_done;
679 : }
680 :
681 25 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ResponderRandomData (0x%x) - ", SPDM_RANDOM_DATA_SIZE));
682 25 : LIBSPDM_INTERNAL_DUMP_DATA(spdm_response->random_data, SPDM_RANDOM_DATA_SIZE);
683 25 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
684 25 : if (responder_random != NULL) {
685 1 : libspdm_copy_mem(responder_random, SPDM_RANDOM_DATA_SIZE,
686 1 : spdm_response->random_data, SPDM_RANDOM_DATA_SIZE);
687 : }
688 :
689 25 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ResponderKey (0x%zx):\n", rsp_key_exchange_size));
690 25 : LIBSPDM_INTERNAL_DUMP_HEX(spdm_response->exchange_data, rsp_key_exchange_size);
691 :
692 25 : ptr = spdm_response->exchange_data;
693 25 : ptr += rsp_key_exchange_size;
694 :
695 25 : measurement_summary_hash = ptr;
696 25 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "measurement_summary_hash (0x%x) - ",
697 : measurement_summary_hash_size));
698 25 : LIBSPDM_INTERNAL_DUMP_DATA(measurement_summary_hash, measurement_summary_hash_size);
699 25 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
700 :
701 25 : ptr += measurement_summary_hash_size;
702 :
703 25 : opaque_length = libspdm_read_uint16((const uint8_t *)ptr);
704 25 : if (opaque_length > SPDM_MAX_OPAQUE_DATA_SIZE) {
705 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
706 1 : goto receive_done;
707 : }
708 24 : ptr += sizeof(uint16_t);
709 24 : if (spdm_response_size <
710 24 : sizeof(spdm_key_exchange_response_t) + rsp_key_exchange_size +
711 24 : measurement_summary_hash_size + sizeof(uint16_t) +
712 24 : opaque_length + signature_size + hmac_size) {
713 2 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
714 2 : goto receive_done;
715 : }
716 22 : if (opaque_length != 0) {
717 22 : result = libspdm_process_general_opaque_data_check(spdm_context, opaque_length, ptr);
718 22 : if (!result) {
719 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
720 0 : goto receive_done;
721 : }
722 22 : status = libspdm_process_opaque_data_version_selection_data(
723 : spdm_context, opaque_length, ptr, &secured_message_version);
724 22 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
725 0 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
726 0 : goto receive_done;
727 : }
728 : }
729 :
730 22 : if ((responder_opaque_data != NULL) && (responder_opaque_data_size != NULL)) {
731 1 : if (opaque_length >= *responder_opaque_data_size) {
732 0 : status = LIBSPDM_STATUS_BUFFER_TOO_SMALL;
733 0 : goto receive_done;
734 : }
735 1 : libspdm_copy_mem(responder_opaque_data, *responder_opaque_data_size, ptr, opaque_length);
736 1 : *responder_opaque_data_size = opaque_length;
737 : }
738 :
739 22 : ptr += opaque_length;
740 :
741 22 : spdm_response_size = sizeof(spdm_key_exchange_response_t) +
742 22 : rsp_key_exchange_size + measurement_summary_hash_size +
743 22 : sizeof(uint16_t) + opaque_length + signature_size + hmac_size;
744 :
745 22 : rsp_session_id = spdm_response->rsp_session_id;
746 22 : *session_id = libspdm_generate_session_id(req_session_id, rsp_session_id);
747 22 : session_info = libspdm_assign_session_id(spdm_context, *session_id, secured_message_version,
748 : false);
749 :
750 22 : if (session_info == NULL) {
751 0 : status = LIBSPDM_STATUS_SESSION_NUMBER_EXCEED;
752 0 : goto receive_done;
753 : }
754 :
755 : /* -=[Process Response Phase]=- */
756 22 : status = libspdm_append_message_k(spdm_context, session_info, true, spdm_request,
757 : spdm_request_size);
758 22 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
759 0 : libspdm_free_session_id(spdm_context, *session_id);
760 0 : goto receive_done;
761 : }
762 :
763 22 : status = libspdm_append_message_k(spdm_context, session_info, true, spdm_response,
764 22 : spdm_response_size - signature_size - hmac_size);
765 22 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
766 0 : libspdm_free_session_id(spdm_context, *session_id);
767 0 : goto receive_done;
768 : }
769 :
770 22 : signature = ptr;
771 22 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "signature (0x%x):\n", signature_size));
772 22 : LIBSPDM_INTERNAL_DUMP_HEX(signature, signature_size);
773 22 : ptr += signature_size;
774 22 : result = libspdm_verify_key_exchange_rsp_signature(
775 : spdm_context, session_info, signature, signature_size);
776 22 : if (!result) {
777 2 : libspdm_free_session_id(spdm_context, *session_id);
778 2 : status = LIBSPDM_STATUS_VERIF_FAIL;
779 2 : goto receive_done;
780 : }
781 :
782 20 : status = libspdm_append_message_k(spdm_context, session_info, true, signature, signature_size);
783 20 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
784 0 : libspdm_free_session_id(spdm_context, *session_id);
785 0 : goto receive_done;
786 : }
787 :
788 20 : if (spdm_context->connection_info.algorithm.kem_alg != 0) {
789 0 : result = libspdm_secured_message_kem_decapsulate(
790 : spdm_context->connection_info.algorithm.kem_alg,
791 0 : kem_context, spdm_response->exchange_data, kem_cipher_text_size,
792 : session_info->secured_message_context);
793 0 : libspdm_secured_message_kem_free(
794 : spdm_context->connection_info.algorithm.kem_alg, kem_context);
795 0 : kem_context = NULL;
796 : } else {
797 20 : result = libspdm_secured_message_dhe_compute_key(
798 20 : spdm_context->connection_info.algorithm.dhe_named_group,
799 20 : dhe_context, spdm_response->exchange_data, dhe_key_size,
800 : session_info->secured_message_context);
801 20 : libspdm_secured_message_dhe_free(
802 20 : spdm_context->connection_info.algorithm.dhe_named_group, dhe_context);
803 20 : dhe_context = NULL;
804 : }
805 20 : if (!result) {
806 0 : libspdm_free_session_id(spdm_context, *session_id);
807 0 : status = LIBSPDM_STATUS_CRYPTO_ERROR;
808 0 : goto receive_done;
809 : }
810 :
811 20 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "libspdm_generate_session_handshake_key[%x]\n",
812 : *session_id));
813 20 : result = libspdm_calculate_th1_hash(spdm_context, session_info, true, th1_hash_data);
814 20 : if (!result) {
815 0 : libspdm_free_session_id(spdm_context, *session_id);
816 0 : status = LIBSPDM_STATUS_CRYPTO_ERROR;
817 0 : goto receive_done;
818 : }
819 20 : result = libspdm_generate_session_handshake_key(
820 : session_info->secured_message_context, th1_hash_data);
821 20 : if (!result) {
822 0 : libspdm_free_session_id(spdm_context, *session_id);
823 0 : status = LIBSPDM_STATUS_CRYPTO_ERROR;
824 0 : goto receive_done;
825 : }
826 :
827 20 : if (!libspdm_is_capabilities_flag_supported(
828 : spdm_context, true,
829 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP,
830 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP)) {
831 19 : verify_data = ptr;
832 19 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "verify_data (0x%x):\n", hmac_size));
833 19 : LIBSPDM_INTERNAL_DUMP_HEX(verify_data, hmac_size);
834 19 : result = libspdm_verify_key_exchange_rsp_hmac(
835 : spdm_context, session_info, verify_data, hmac_size);
836 19 : if (!result) {
837 0 : libspdm_free_session_id(spdm_context, *session_id);
838 0 : status = LIBSPDM_STATUS_VERIF_FAIL;
839 0 : goto receive_done;
840 : }
841 19 : ptr += hmac_size;
842 :
843 19 : status = libspdm_append_message_k(spdm_context, session_info, true, verify_data, hmac_size);
844 19 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
845 0 : libspdm_free_session_id(spdm_context, *session_id);
846 0 : goto receive_done;
847 : }
848 : }
849 :
850 20 : if (measurement_hash != NULL) {
851 20 : libspdm_copy_mem(measurement_hash, measurement_summary_hash_size,
852 : measurement_summary_hash, measurement_summary_hash_size);
853 : }
854 20 : session_info->heartbeat_period = spdm_response->header.param1;
855 20 : session_info->mut_auth_requested = mut_auth_requested;
856 20 : session_info->session_policy = session_policy;
857 :
858 : /* -=[Update State Phase]=- */
859 20 : libspdm_secured_message_set_session_state(
860 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
861 :
862 : /* -=[Log Message Phase]=- */
863 : #if LIBSPDM_ENABLE_MSG_LOG
864 20 : libspdm_append_msg_log(spdm_context, spdm_response, spdm_response_size);
865 : #endif /* LIBSPDM_ENABLE_MSG_LOG */
866 :
867 20 : status = LIBSPDM_STATUS_SUCCESS;
868 :
869 88 : receive_done:
870 88 : libspdm_release_receiver_buffer (spdm_context);
871 91 : free_exchange:
872 91 : if (dhe_context != NULL) {
873 71 : libspdm_secured_message_dhe_free(
874 71 : spdm_context->connection_info.algorithm.dhe_named_group, dhe_context);
875 : }
876 91 : if (kem_context != NULL) {
877 0 : libspdm_secured_message_kem_free(
878 : spdm_context->connection_info.algorithm.kem_alg, kem_context);
879 : }
880 91 : return status;
881 : }
882 :
883 93 : libspdm_return_t libspdm_send_receive_key_exchange(
884 : libspdm_context_t *spdm_context, uint8_t measurement_hash_type,
885 : uint8_t slot_id, uint8_t session_policy, uint32_t *session_id,
886 : uint8_t *heartbeat_period,
887 : uint8_t *req_slot_id_param, void *measurement_hash)
888 : {
889 : size_t retry;
890 : uint64_t retry_delay_time;
891 : libspdm_return_t status;
892 :
893 93 : spdm_context->crypto_request = true;
894 93 : retry = spdm_context->retry_times;
895 93 : retry_delay_time = spdm_context->retry_delay_time;
896 : do {
897 94 : status = libspdm_try_send_receive_key_exchange(
898 : spdm_context, measurement_hash_type, slot_id, session_policy,
899 : session_id, heartbeat_period, req_slot_id_param,
900 : measurement_hash,
901 : NULL, NULL, NULL, NULL, 0, NULL, NULL);
902 94 : if (status != LIBSPDM_STATUS_BUSY_PEER) {
903 91 : return status;
904 : }
905 :
906 3 : libspdm_sleep(retry_delay_time);
907 3 : } while (retry-- != 0);
908 :
909 2 : return status;
910 : }
911 :
912 1 : libspdm_return_t libspdm_send_receive_key_exchange_ex(
913 : libspdm_context_t *spdm_context, uint8_t measurement_hash_type,
914 : uint8_t slot_id, uint8_t session_policy, uint32_t *session_id,
915 : uint8_t *heartbeat_period,
916 : uint8_t *req_slot_id_param, void *measurement_hash,
917 : const void *requester_random_in,
918 : void *requester_random, void *responder_random,
919 : const void *requester_opaque_data,
920 : size_t requester_opaque_data_size,
921 : void *responder_opaque_data,
922 : size_t *responder_opaque_data_size)
923 : {
924 : size_t retry;
925 : uint64_t retry_delay_time;
926 : libspdm_return_t status;
927 :
928 1 : spdm_context->crypto_request = true;
929 1 : retry = spdm_context->retry_times;
930 1 : retry_delay_time = spdm_context->retry_delay_time;
931 : do {
932 1 : status = libspdm_try_send_receive_key_exchange(
933 : spdm_context, measurement_hash_type, slot_id, session_policy,
934 : session_id, heartbeat_period, req_slot_id_param,
935 : measurement_hash, requester_random_in,
936 : requester_random, responder_random,
937 : requester_opaque_data, requester_opaque_data_size,
938 : responder_opaque_data, responder_opaque_data_size);
939 1 : if (status != LIBSPDM_STATUS_BUSY_PEER) {
940 1 : return status;
941 : }
942 :
943 0 : libspdm_sleep(retry_delay_time);
944 0 : } while (retry-- != 0);
945 :
946 0 : return status;
947 : }
948 :
949 : #endif /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP */
|
