Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_responder_lib.h"
8 :
9 : #if (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (LIBSPDM_SEND_GET_CERTIFICATE_SUPPORT)
10 :
11 1 : libspdm_return_t libspdm_get_encap_request_get_digest(libspdm_context_t *spdm_context,
12 : size_t *encap_request_size,
13 : void *encap_request)
14 : {
15 : spdm_get_digest_request_t *spdm_request;
16 : libspdm_return_t status;
17 :
18 1 : spdm_context->encap_context.last_encap_request_size = 0;
19 :
20 1 : if (libspdm_get_connection_version(spdm_context) < SPDM_MESSAGE_VERSION_11) {
21 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
22 : }
23 :
24 1 : if (!libspdm_is_capabilities_flag_supported(
25 : spdm_context, false,
26 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP, 0)) {
27 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
28 : }
29 :
30 1 : LIBSPDM_ASSERT(*encap_request_size >= sizeof(spdm_get_digest_request_t));
31 1 : *encap_request_size = sizeof(spdm_get_digest_request_t);
32 :
33 1 : spdm_request = encap_request;
34 :
35 1 : libspdm_reset_message_buffer_via_request_code(spdm_context, NULL,
36 1 : spdm_request->header.request_response_code);
37 :
38 1 : spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
39 1 : spdm_request->header.request_response_code = SPDM_GET_DIGESTS;
40 1 : spdm_request->header.param1 = 0;
41 1 : spdm_request->header.param2 = 0;
42 :
43 :
44 : /* Cache data*/
45 :
46 1 : status = libspdm_append_message_mut_b(spdm_context, spdm_request,
47 : *encap_request_size);
48 1 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
49 0 : return LIBSPDM_STATUS_BUFFER_FULL;
50 : }
51 :
52 1 : libspdm_copy_mem(&spdm_context->encap_context.last_encap_request_header,
53 : sizeof(spdm_context->encap_context.last_encap_request_header),
54 1 : &spdm_request->header, sizeof(spdm_message_header_t));
55 1 : spdm_context->encap_context.last_encap_request_size =
56 1 : *encap_request_size;
57 :
58 1 : return LIBSPDM_STATUS_SUCCESS;
59 : }
60 :
61 11 : libspdm_return_t libspdm_process_encap_response_digest(
62 : libspdm_context_t *spdm_context, size_t encap_response_size,
63 : const void *encap_response, bool *need_continue)
64 : {
65 : const spdm_digest_response_t *spdm_response;
66 : size_t spdm_response_size;
67 : size_t digest_size;
68 : size_t digest_count;
69 : size_t index;
70 : libspdm_return_t status;
71 : uint32_t session_id;
72 : libspdm_session_info_t *session_info;
73 : size_t additional_size;
74 : spdm_key_pair_id_t *key_pair_id;
75 : spdm_certificate_info_t *cert_info;
76 : spdm_key_usage_bit_mask_t *key_usage_bit_mask;
77 : size_t slot_index;
78 : uint8_t cert_model;
79 11 : uint8_t zero_digest[LIBSPDM_MAX_HASH_SIZE] = {0};
80 :
81 11 : spdm_response = encap_response;
82 11 : spdm_response_size = encap_response_size;
83 :
84 11 : if (spdm_response_size < sizeof(spdm_message_header_t)) {
85 1 : return LIBSPDM_STATUS_INVALID_MSG_SIZE;
86 : }
87 10 : if (spdm_response->header.spdm_version != libspdm_get_connection_version (spdm_context)) {
88 1 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
89 : }
90 9 : if (spdm_response->header.request_response_code == SPDM_ERROR) {
91 2 : status = libspdm_handle_encap_error_response_main(
92 : spdm_context,
93 2 : spdm_response->header.param1);
94 2 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
95 2 : return status;
96 : }
97 7 : } else if (spdm_response->header.request_response_code !=
98 : SPDM_DIGESTS) {
99 1 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
100 : }
101 6 : if (spdm_response_size < sizeof(spdm_digest_response_t)) {
102 0 : return LIBSPDM_STATUS_INVALID_MSG_SIZE;
103 : }
104 :
105 6 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "provisioned_slot_mask - 0x%02x\n",
106 : spdm_response->header.param2));
107 6 : if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
108 3 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "supported_slot_mask - 0x%02x\n",
109 : spdm_response->header.param1));
110 3 : if ((spdm_response->header.param1 & spdm_response->header.param2) !=
111 3 : spdm_response->header.param2) {
112 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
113 : }
114 : }
115 :
116 6 : digest_size = libspdm_get_hash_size(
117 : spdm_context->connection_info.algorithm.base_hash_algo);
118 6 : digest_count = 0;
119 54 : for (index = 0; index < SPDM_MAX_SLOT_COUNT; index++) {
120 48 : if (spdm_response->header.param2 & (1 << index)) {
121 13 : digest_count++;
122 : }
123 : }
124 6 : if (digest_count == 0) {
125 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
126 : }
127 :
128 6 : additional_size = 0;
129 6 : if ((spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
130 3 : spdm_context->connection_info.multi_key_conn_req) {
131 2 : additional_size = sizeof(spdm_key_pair_id_t) + sizeof(spdm_certificate_info_t) +
132 : sizeof(spdm_key_usage_bit_mask_t);
133 : }
134 6 : if (spdm_response_size <
135 6 : sizeof(spdm_digest_response_t) + digest_count * (digest_size + additional_size)) {
136 0 : return LIBSPDM_STATUS_INVALID_MSG_SIZE;
137 : }
138 6 : spdm_response_size =
139 6 : sizeof(spdm_digest_response_t) + digest_count * (digest_size + additional_size);
140 :
141 : /* Cache data*/
142 :
143 6 : status = libspdm_append_message_mut_b(spdm_context, spdm_response,
144 : spdm_response_size);
145 6 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
146 0 : return LIBSPDM_STATUS_BUFFER_FULL;
147 : }
148 :
149 6 : if (spdm_context->last_spdm_request_session_id_valid) {
150 5 : session_id = spdm_context->last_spdm_request_session_id;
151 : } else {
152 1 : session_id = spdm_context->latest_session_id;
153 : }
154 6 : if (session_id != INVALID_SESSION_ID) {
155 5 : session_info = libspdm_get_session_info_via_session_id(spdm_context, session_id);
156 : } else {
157 1 : session_info = NULL;
158 : }
159 6 : if (session_info != NULL) {
160 5 : if (spdm_context->connection_info.multi_key_conn_req) {
161 2 : status = libspdm_append_message_encap_d(spdm_context, session_info, false,
162 : spdm_response, spdm_response_size);
163 2 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
164 0 : return LIBSPDM_STATUS_BUFFER_FULL;
165 : }
166 : }
167 : }
168 :
169 6 : key_pair_id =
170 6 : (spdm_key_pair_id_t *)((size_t)(spdm_response + 1) + digest_size * digest_count);
171 6 : cert_info =
172 : (spdm_certificate_info_t *)((uint8_t *)key_pair_id + sizeof(spdm_key_pair_id_t) *
173 : digest_count);
174 6 : key_usage_bit_mask =
175 : (spdm_key_usage_bit_mask_t *)((uint8_t *)cert_info + sizeof(spdm_certificate_info_t) *
176 : digest_count);
177 19 : for (index = 0; index < digest_count; index++) {
178 13 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "digest (0x%zx) - ", index));
179 13 : LIBSPDM_INTERNAL_DUMP_DATA(
180 : (const uint8_t *)(spdm_response + 1) + (digest_size * index), digest_size);
181 13 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
182 : }
183 6 : if ((spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
184 3 : spdm_context->connection_info.multi_key_conn_req) {
185 11 : for (index = 0; index < digest_count; index++) {
186 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "key_pair_id (0x%zx) - 0x%02x\n", index,
187 : key_pair_id[index]));
188 : }
189 11 : for (index = 0; index < digest_count; index++) {
190 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "cert_info (0x%zx) - 0x%02x\n", index,
191 : cert_info[index]));
192 : }
193 11 : for (index = 0; index < digest_count; index++) {
194 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "key_usage_bit_mask (0x%zx) - 0x%04x\n", index,
195 : key_usage_bit_mask[index]));
196 : }
197 : }
198 :
199 6 : spdm_context->connection_info.peer_provisioned_slot_mask = spdm_response->header.param2;
200 6 : if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
201 3 : spdm_context->connection_info.peer_supported_slot_mask = spdm_response->header.param1;
202 : } else {
203 3 : spdm_context->connection_info.peer_supported_slot_mask = spdm_response->header.param2;
204 : }
205 6 : libspdm_copy_mem(
206 6 : spdm_context->connection_info.peer_total_digest_buffer,
207 : sizeof(spdm_context->connection_info.peer_total_digest_buffer),
208 6 : spdm_response + 1, digest_size * digest_count);
209 6 : libspdm_zero_mem(spdm_context->connection_info.peer_key_pair_id,
210 : sizeof(spdm_context->connection_info.peer_key_pair_id));
211 6 : libspdm_zero_mem(spdm_context->connection_info.peer_cert_info,
212 : sizeof(spdm_context->connection_info.peer_cert_info));
213 6 : libspdm_zero_mem(spdm_context->connection_info.peer_key_usage_bit_mask,
214 : sizeof(spdm_context->connection_info.peer_key_usage_bit_mask));
215 6 : if ((spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
216 3 : spdm_context->connection_info.multi_key_conn_req) {
217 2 : slot_index = 0;
218 18 : for (index = 0; index < SPDM_MAX_SLOT_COUNT; index++) {
219 16 : if (spdm_response->header.param2 & (1 << index)) {
220 9 : spdm_context->connection_info.peer_key_pair_id[index] = key_pair_id[slot_index];
221 9 : cert_model = cert_info[slot_index] & SPDM_CERTIFICATE_INFO_CERT_MODEL_MASK;
222 9 : if (cert_model > SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT) {
223 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
224 : }
225 9 : if (index == 0) {
226 2 : if (cert_model == SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT) {
227 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
228 : }
229 2 : if ((key_usage_bit_mask[slot_index] &
230 : (SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE |
231 : SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE |
232 : SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE |
233 : SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE)) == 0) {
234 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
235 : }
236 : }
237 9 : if ((cert_model == SPDM_CERTIFICATE_INFO_CERT_MODEL_NONE) &&
238 0 : (!libspdm_consttime_is_mem_equal(
239 0 : (const uint8_t *)(spdm_response + 1) + digest_size * slot_index,
240 : zero_digest,
241 : digest_size))) {
242 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
243 : }
244 9 : spdm_context->connection_info.peer_cert_info[index] = cert_model;
245 9 : spdm_context->connection_info.peer_key_usage_bit_mask[index] =
246 9 : key_usage_bit_mask[slot_index];
247 9 : slot_index++;
248 : }
249 : }
250 : }
251 :
252 6 : *need_continue = false;
253 :
254 6 : return LIBSPDM_STATUS_SUCCESS;
255 : }
256 :
257 : #endif /* (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (...) */
|
