Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2024-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_requester_lib.h"
8 :
9 : #if LIBSPDM_ENABLE_CAPABILITY_SET_KEY_PAIR_INFO_CAP
10 :
11 : /**
12 : * This function sends SET_KEY_PAIR_INFO and receives SET_KEY_PAIR_INFO_ACK
13 : *
14 : * @param context A pointer to the SPDM context.
15 : *
16 : **/
17 5 : static libspdm_return_t libspdm_try_set_key_pair_info(libspdm_context_t *spdm_context,
18 : const uint32_t *session_id,
19 : uint8_t key_pair_id,
20 : uint8_t operation,
21 : uint16_t desired_key_usage,
22 : uint32_t desired_asym_algo,
23 : uint32_t desired_pqc_asym_algo,
24 : uint8_t desired_assoc_cert_slot_mask
25 : )
26 : {
27 : libspdm_return_t status;
28 : spdm_set_key_pair_info_request_t *spdm_request;
29 : size_t spdm_request_size;
30 : spdm_set_key_pair_info_ack_response_t *spdm_response;
31 : size_t spdm_response_size;
32 : uint8_t *message;
33 : size_t message_size;
34 : size_t transport_header_size;
35 : libspdm_session_info_t *session_info;
36 : libspdm_session_state_t session_state;
37 : uint8_t *ptr;
38 : uint8_t desired_pqc_asym_algo_len;
39 :
40 : /* -=[Check Parameters Phase]=- */
41 5 : if (libspdm_get_connection_version(spdm_context) < SPDM_MESSAGE_VERSION_13) {
42 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
43 : }
44 :
45 5 : if (key_pair_id == 0) {
46 0 : return LIBSPDM_STATUS_INVALID_PARAMETER;
47 : }
48 :
49 5 : if (operation > SPDM_SET_KEY_PAIR_INFO_GENERATE_OPERATION) {
50 0 : return LIBSPDM_STATUS_INVALID_PARAMETER;
51 : }
52 5 : if (operation == SPDM_SET_KEY_PAIR_INFO_ERASE_OPERATION) {
53 5 : if ((desired_key_usage != 0) || (desired_asym_algo != 0) ||
54 5 : (desired_pqc_asym_algo != 0) ||
55 : (desired_assoc_cert_slot_mask != 0)) {
56 1 : return LIBSPDM_STATUS_INVALID_PARAMETER;
57 : }
58 : }
59 :
60 : /* -=[Verify State Phase]=- */
61 4 : if (!libspdm_is_capabilities_flag_supported(
62 : spdm_context, true, 0,
63 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_INFO_CAP)) {
64 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
65 : }
66 4 : if (spdm_context->connection_info.connection_state < LIBSPDM_CONNECTION_STATE_NEGOTIATED) {
67 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
68 : }
69 :
70 4 : session_info = NULL;
71 4 : if (session_id != NULL) {
72 0 : session_info = libspdm_get_session_info_via_session_id(spdm_context, *session_id);
73 0 : if (session_info == NULL) {
74 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
75 : }
76 0 : session_state = libspdm_secured_message_get_session_state(
77 : session_info->secured_message_context);
78 0 : if (session_state != LIBSPDM_SESSION_STATE_ESTABLISHED) {
79 0 : return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
80 : }
81 : }
82 :
83 : /* -=[Construct Request Phase]=- */
84 4 : transport_header_size = spdm_context->local_context.capability.transport_header_size;
85 4 : status = libspdm_acquire_sender_buffer (spdm_context, &message_size, (void **)&message);
86 4 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
87 0 : return status;
88 : }
89 4 : LIBSPDM_ASSERT (message_size >= transport_header_size +
90 : spdm_context->local_context.capability.transport_tail_size);
91 4 : spdm_request = (void *)(message + transport_header_size);
92 4 : spdm_request_size = message_size - transport_header_size -
93 4 : spdm_context->local_context.capability.transport_tail_size;
94 :
95 4 : LIBSPDM_ASSERT(spdm_request_size >= sizeof(spdm_set_key_pair_info_request_t));
96 4 : spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
97 4 : spdm_request->header.request_response_code = SPDM_SET_KEY_PAIR_INFO;
98 4 : spdm_request->header.param1 = operation;
99 4 : spdm_request->header.param2 = 0;
100 4 : spdm_request->key_pair_id = key_pair_id;
101 :
102 4 : if (operation != SPDM_SET_KEY_PAIR_INFO_ERASE_OPERATION) {
103 0 : LIBSPDM_ASSERT(spdm_request_size >= sizeof(spdm_set_key_pair_info_request_t) +
104 : sizeof(uint8_t) + sizeof(uint16_t) + sizeof(uint32_t) + sizeof(uint8_t));
105 0 : ptr = (uint8_t*)(spdm_request + 1);
106 0 : *ptr = 0;
107 0 : ptr += sizeof(uint8_t);
108 :
109 0 : libspdm_write_uint16 (ptr, desired_key_usage);
110 0 : ptr += sizeof(uint16_t);
111 :
112 0 : libspdm_write_uint32 (ptr, desired_asym_algo);
113 0 : ptr += sizeof(uint32_t);
114 :
115 0 : *ptr = desired_assoc_cert_slot_mask;
116 0 : ptr += sizeof(uint8_t);
117 :
118 0 : if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_14) {
119 0 : LIBSPDM_ASSERT(spdm_request_size >= sizeof(spdm_set_key_pair_info_request_t) +
120 : sizeof(uint8_t) + sizeof(uint16_t) + sizeof(uint32_t) + sizeof(uint8_t) +
121 : sizeof(uint8_t) + sizeof(uint32_t));
122 0 : desired_pqc_asym_algo_len = sizeof(uint32_t);
123 0 : *ptr = desired_pqc_asym_algo_len;
124 0 : ptr += sizeof(uint8_t);
125 0 : libspdm_write_uint32 (ptr, desired_pqc_asym_algo);
126 0 : ptr += sizeof(uint32_t);
127 : }
128 :
129 0 : spdm_request_size = ((size_t)ptr - (size_t)spdm_request);
130 : } else {
131 4 : spdm_request_size = sizeof(spdm_set_key_pair_info_request_t);
132 : }
133 :
134 : /* -=[Send Request Phase]=- */
135 4 : status = libspdm_send_spdm_request(spdm_context, session_id, spdm_request_size, spdm_request);
136 4 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
137 1 : libspdm_release_sender_buffer (spdm_context);
138 1 : return status;
139 : }
140 3 : libspdm_release_sender_buffer (spdm_context);
141 3 : spdm_request = (void *)spdm_context->last_spdm_request;
142 :
143 : /* -=[Receive Response Phase]=- */
144 3 : status = libspdm_acquire_receiver_buffer (spdm_context, &message_size, (void **)&message);
145 3 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
146 0 : return status;
147 : }
148 3 : LIBSPDM_ASSERT (message_size >= transport_header_size);
149 3 : spdm_response = (void *)(message);
150 3 : spdm_response_size = message_size;
151 :
152 3 : status = libspdm_receive_spdm_response(
153 : spdm_context, session_id, &spdm_response_size, (void **)&spdm_response);
154 3 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
155 0 : goto receive_done;
156 : }
157 :
158 : /* -=[Validate Response Phase]=- */
159 3 : if (spdm_response_size < sizeof(spdm_message_header_t)) {
160 0 : status = LIBSPDM_STATUS_INVALID_MSG_SIZE;
161 0 : goto receive_done;
162 : }
163 3 : if (spdm_response->header.request_response_code == SPDM_ERROR) {
164 0 : status = libspdm_handle_error_response_main(
165 : spdm_context, session_id,
166 : &spdm_response_size,
167 : (void **)&spdm_response, SPDM_SET_KEY_PAIR_INFO, SPDM_SET_KEY_PAIR_INFO_ACK);
168 0 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
169 0 : goto receive_done;
170 : }
171 3 : } else if (spdm_response->header.request_response_code != SPDM_SET_KEY_PAIR_INFO_ACK) {
172 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
173 1 : goto receive_done;
174 : }
175 2 : if (spdm_response->header.spdm_version != spdm_request->header.spdm_version) {
176 1 : status = LIBSPDM_STATUS_INVALID_MSG_FIELD;
177 1 : goto receive_done;
178 : }
179 :
180 1 : spdm_response_size = sizeof(spdm_set_key_pair_info_ack_response_t);
181 :
182 1 : status = LIBSPDM_STATUS_SUCCESS;
183 :
184 : /* -=[Log Message Phase]=- */
185 : #if LIBSPDM_ENABLE_MSG_LOG
186 1 : libspdm_append_msg_log(spdm_context, spdm_response, spdm_response_size);
187 : #endif /* LIBSPDM_ENABLE_MSG_LOG */
188 :
189 3 : receive_done:
190 3 : libspdm_release_receiver_buffer (spdm_context);
191 3 : return status;
192 : }
193 :
194 0 : libspdm_return_t libspdm_set_key_pair_info_pqc(void *spdm_context, const uint32_t *session_id,
195 : uint8_t key_pair_id,
196 : uint8_t operation,
197 : uint16_t desired_key_usage,
198 : uint32_t desired_asym_algo,
199 : uint32_t desired_pqc_asym_algo,
200 : uint8_t desired_assoc_cert_slot_mask
201 : )
202 : {
203 : libspdm_context_t *context;
204 : size_t retry;
205 : uint64_t retry_delay_time;
206 : libspdm_return_t status;
207 :
208 0 : context = spdm_context;
209 0 : context->crypto_request = true;
210 0 : retry = context->retry_times;
211 0 : retry_delay_time = context->retry_delay_time;
212 : do {
213 0 : status = libspdm_try_set_key_pair_info(context, session_id, key_pair_id,
214 : operation,
215 : desired_key_usage,
216 : desired_asym_algo,
217 : desired_pqc_asym_algo,
218 : desired_assoc_cert_slot_mask);
219 0 : if (status != LIBSPDM_STATUS_BUSY_PEER) {
220 0 : return status;
221 : }
222 :
223 0 : libspdm_sleep(retry_delay_time);
224 0 : } while (retry-- != 0);
225 :
226 0 : return status;
227 : }
228 :
229 5 : libspdm_return_t libspdm_set_key_pair_info(void *spdm_context, const uint32_t *session_id,
230 : uint8_t key_pair_id,
231 : uint8_t operation,
232 : uint16_t desired_key_usage,
233 : uint32_t desired_asym_algo,
234 : uint8_t desired_assoc_cert_slot_mask
235 : )
236 : {
237 : libspdm_context_t *context;
238 : size_t retry;
239 : uint64_t retry_delay_time;
240 : libspdm_return_t status;
241 :
242 5 : context = spdm_context;
243 5 : context->crypto_request = true;
244 5 : retry = context->retry_times;
245 5 : retry_delay_time = context->retry_delay_time;
246 : do {
247 5 : status = libspdm_try_set_key_pair_info(context, session_id, key_pair_id,
248 : operation,
249 : desired_key_usage,
250 : desired_asym_algo,
251 : 0,
252 : desired_assoc_cert_slot_mask);
253 5 : if (status != LIBSPDM_STATUS_BUSY_PEER) {
254 5 : return status;
255 : }
256 :
257 0 : libspdm_sleep(retry_delay_time);
258 0 : } while (retry-- != 0);
259 :
260 0 : return status;
261 : }
262 :
263 : #endif /* LIBSPDM_ENABLE_CAPABILITY_SET_KEY_PAIR_INFO_CAP */
|