Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2024 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_responder_lib.h"
8 :
9 : #if LIBSPDM_ENABLE_CAPABILITY_CSR_CAP
10 :
11 31 : libspdm_return_t libspdm_get_response_csr(libspdm_context_t *spdm_context,
12 : size_t request_size, const void *request,
13 : size_t *response_size, void *response)
14 : {
15 : const spdm_get_csr_request_t *spdm_request;
16 : spdm_csr_response_t *spdm_response;
17 : bool result;
18 :
19 : libspdm_session_info_t *session_info;
20 : libspdm_session_state_t session_state;
21 :
22 : size_t csr_len;
23 : uint8_t *csr_p;
24 : uint16_t requester_info_length;
25 : uint16_t opaque_data_length;
26 : uint8_t *opaque_data;
27 : uint8_t *requester_info;
28 : bool need_reset;
29 : bool is_device_cert_model;
30 : bool is_busy;
31 : bool unexpected_request;
32 : uint8_t csr_tracking_tag;
33 :
34 31 : spdm_request = request;
35 :
36 : /* -=[Check Parameters Phase]=- */
37 31 : LIBSPDM_ASSERT(spdm_request->header.request_response_code == SPDM_GET_CSR);
38 :
39 31 : if (libspdm_get_connection_version(spdm_context) < SPDM_MESSAGE_VERSION_12) {
40 0 : return libspdm_generate_error_response(spdm_context,
41 : SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
42 : SPDM_GET_CSR,
43 : response_size, response);
44 : }
45 :
46 31 : if (spdm_request->header.spdm_version != libspdm_get_connection_version(spdm_context)) {
47 0 : return libspdm_generate_error_response(spdm_context,
48 : SPDM_ERROR_CODE_VERSION_MISMATCH, 0,
49 : response_size, response);
50 : }
51 :
52 31 : if (spdm_context->response_state != LIBSPDM_RESPONSE_STATE_NORMAL) {
53 0 : return libspdm_responder_handle_response_state(spdm_context,
54 0 : spdm_request->header.request_response_code,
55 : response_size, response);
56 : }
57 :
58 31 : if (request_size < sizeof(spdm_get_csr_request_t)) {
59 1 : return libspdm_generate_error_response(spdm_context,
60 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
61 : response_size, response);
62 : }
63 :
64 30 : if (spdm_context->connection_info.connection_state <
65 : LIBSPDM_CONNECTION_STATE_NEGOTIATED) {
66 0 : return libspdm_generate_error_response(
67 : spdm_context,
68 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST, 0,
69 : response_size, response);
70 : }
71 :
72 30 : if (spdm_context->last_spdm_request_session_id_valid) {
73 0 : session_info = libspdm_get_session_info_via_session_id(
74 : spdm_context,
75 : spdm_context->last_spdm_request_session_id);
76 0 : if (session_info == NULL) {
77 0 : return libspdm_generate_error_response(
78 : spdm_context,
79 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST, 0,
80 : response_size, response);
81 : }
82 0 : session_state = libspdm_secured_message_get_session_state(
83 : session_info->secured_message_context);
84 0 : if (session_state != LIBSPDM_SESSION_STATE_ESTABLISHED) {
85 0 : return libspdm_generate_error_response(
86 : spdm_context,
87 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST, 0,
88 : response_size, response);
89 : }
90 : }
91 :
92 30 : if (!libspdm_is_capabilities_flag_supported(
93 : spdm_context, false, 0,
94 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CSR_CAP)) {
95 0 : return libspdm_generate_error_response(
96 : spdm_context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
97 : SPDM_GET_CSR, response_size, response);
98 : }
99 :
100 30 : requester_info_length = spdm_request->requester_info_length;
101 30 : opaque_data_length = spdm_request->opaque_data_length;
102 :
103 30 : if (opaque_data_length > SPDM_MAX_OPAQUE_DATA_SIZE) {
104 0 : return libspdm_generate_error_response(spdm_context,
105 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
106 : response_size, response);
107 : }
108 30 : if (((spdm_context->connection_info.algorithm.other_params_support &
109 : SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK) == SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_NONE)
110 2 : && (opaque_data_length != 0)) {
111 0 : return libspdm_generate_error_response(spdm_context,
112 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
113 : response_size, response);
114 : }
115 :
116 30 : if (opaque_data_length >
117 30 : request_size - sizeof(spdm_get_csr_request_t)) {
118 0 : return libspdm_generate_error_response(spdm_context,
119 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
120 : response_size, response);
121 : }
122 :
123 30 : if (requester_info_length >
124 30 : request_size - sizeof(spdm_get_csr_request_t) - opaque_data_length) {
125 0 : return libspdm_generate_error_response(spdm_context,
126 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
127 : response_size, response);
128 : }
129 :
130 30 : requester_info = (void *)((size_t)(spdm_request + 1));
131 :
132 30 : opaque_data = (void *)(requester_info + requester_info_length);
133 30 : if (opaque_data_length != 0) {
134 5 : result = libspdm_process_general_opaque_data_check(spdm_context, opaque_data_length,
135 : opaque_data);
136 5 : if (!result) {
137 1 : return libspdm_generate_error_response(spdm_context,
138 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
139 : response_size, response);
140 : }
141 : }
142 :
143 29 : result = libspdm_verify_req_info(requester_info, requester_info_length);
144 29 : if (!result) {
145 2 : return libspdm_generate_error_response(
146 : spdm_context,
147 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
148 : response_size, response);
149 : }
150 :
151 27 : LIBSPDM_ASSERT(*response_size >= sizeof(spdm_csr_response_t));
152 :
153 27 : spdm_response = response;
154 27 : libspdm_zero_mem(response, *response_size);
155 :
156 27 : is_device_cert_model = false;
157 :
158 27 : if((spdm_context->local_context.capability.flags &
159 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP) == 0) {
160 8 : is_device_cert_model = true;
161 : }
162 :
163 27 : csr_len = *response_size - sizeof(spdm_csr_response_t);
164 27 : csr_p = (uint8_t*)(spdm_response + 1);
165 :
166 27 : need_reset = libspdm_is_capabilities_flag_supported(
167 : spdm_context, false, 0,
168 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP);
169 :
170 27 : is_busy = false;
171 27 : unexpected_request = false;
172 27 : csr_tracking_tag = 0;
173 :
174 27 : if (libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_13) {
175 : #if LIBSPDM_ENABLE_CAPABILITY_CSR_CAP_EX
176 17 : const bool overwrite =
177 17 : (spdm_request->header.param2 & SPDM_GET_CSR_REQUEST_ATTRIBUTES_OVERWRITE) != 0;
178 17 : const uint8_t req_cert_model =
179 17 : spdm_request->header.param2 & SPDM_GET_CSR_REQUEST_ATTRIBUTES_CERT_MODEL_MASK;
180 17 : const uint8_t key_pair_id = spdm_request->header.param1;
181 :
182 17 : csr_tracking_tag =
183 17 : (spdm_request->header.param2 & SPDM_GET_CSR_REQUEST_ATTRIBUTES_CSR_TRACKING_TAG_MASK) >>
184 : SPDM_GET_CSR_REQUEST_ATTRIBUTES_CSR_TRACKING_TAG_OFFSET;
185 :
186 : /* SPDM 1.3 parameters check. */
187 17 : if ((overwrite && (csr_tracking_tag != 0)) ||
188 16 : ((!need_reset) && (csr_tracking_tag != 0))) {
189 1 : return libspdm_generate_error_response(spdm_context,
190 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
191 : response_size, response);
192 : }
193 16 : if (spdm_context->connection_info.multi_key_conn_rsp) {
194 16 : if (key_pair_id == 0) {
195 0 : return libspdm_generate_error_response(spdm_context,
196 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
197 : response_size, response);
198 : }
199 16 : if ((req_cert_model == SPDM_CERTIFICATE_INFO_CERT_MODEL_NONE) ||
200 : (req_cert_model > SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT)) {
201 1 : return libspdm_generate_error_response(spdm_context,
202 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
203 : response_size, response);
204 : }
205 : } else {
206 0 : if ((key_pair_id != 0) || (req_cert_model != 0)) {
207 0 : return libspdm_generate_error_response(spdm_context,
208 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
209 : response_size, response);
210 : }
211 : }
212 :
213 15 : result = libspdm_gen_csr_ex(
214 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
215 : spdm_context,
216 : #endif
217 : spdm_context->connection_info.algorithm.base_hash_algo,
218 : spdm_context->connection_info.algorithm.base_asym_algo,
219 : &need_reset, request, request_size,
220 : requester_info, requester_info_length,
221 : opaque_data, opaque_data_length,
222 : &csr_len, csr_p, req_cert_model,
223 : &csr_tracking_tag, key_pair_id, overwrite
224 : #if LIBSPDM_SET_CERT_CSR_PARAMS
225 : , &is_busy, &unexpected_request
226 : #endif
227 : );
228 : #else
229 : return libspdm_generate_error_response(
230 : spdm_context,
231 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST, 0,
232 : response_size, response);
233 : #endif /*LIBSPDM_ENABLE_CAPABILITY_CSR_CAP_EX*/
234 : } else {
235 10 : result = libspdm_gen_csr(
236 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
237 : spdm_context,
238 : #endif
239 : spdm_context->connection_info.algorithm.base_hash_algo,
240 : spdm_context->connection_info.algorithm.base_asym_algo,
241 : &need_reset, request, request_size,
242 : requester_info, requester_info_length,
243 : opaque_data, opaque_data_length,
244 : &csr_len, csr_p, is_device_cert_model
245 : #if LIBSPDM_SET_CERT_CSR_PARAMS
246 : , &is_busy, &unexpected_request
247 : #endif
248 : );
249 : }
250 :
251 25 : LIBSPDM_ASSERT(!(is_busy && unexpected_request));
252 25 : LIBSPDM_ASSERT(!(is_busy || unexpected_request) || !result);
253 :
254 25 : if (!result) {
255 4 : if (is_busy) {
256 0 : return libspdm_generate_error_response(
257 : spdm_context,
258 : SPDM_ERROR_CODE_BUSY, 0,
259 : response_size, response);
260 4 : } else if (unexpected_request) {
261 0 : return libspdm_generate_error_response(
262 : spdm_context,
263 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST, 0,
264 : response_size, response);
265 : } else {
266 4 : return libspdm_generate_error_response(
267 : spdm_context,
268 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
269 : response_size, response);
270 : }
271 : }
272 :
273 21 : LIBSPDM_ASSERT(*response_size >= sizeof(spdm_csr_response_t) + csr_len);
274 21 : *response_size = sizeof(spdm_csr_response_t) + csr_len;
275 :
276 21 : if (libspdm_is_capabilities_flag_supported(
277 : spdm_context, false, 0,
278 15 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP) && need_reset) {
279 13 : return libspdm_generate_error_response(spdm_context,
280 : SPDM_ERROR_CODE_RESET_REQUIRED, csr_tracking_tag,
281 : response_size, response);
282 : } else {
283 8 : spdm_response->header.spdm_version = spdm_request->header.spdm_version;
284 8 : spdm_response->header.request_response_code = SPDM_CSR;
285 8 : spdm_response->header.param1 = 0;
286 8 : spdm_response->header.param2 = 0;
287 8 : spdm_response->csr_length = (uint16_t)csr_len;
288 8 : spdm_response->reserved = 0;
289 : }
290 :
291 8 : return LIBSPDM_STATUS_SUCCESS;
292 : }
293 :
294 : #endif /*LIBSPDM_ENABLE_CAPABILITY_CSR_CAP*/
|
