Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2026 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_responder_lib.h"
8 :
9 : #if (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (LIBSPDM_SEND_GET_CERTIFICATE_SUPPORT)
10 :
11 1 : libspdm_return_t libspdm_get_encap_request_get_digest(libspdm_context_t *spdm_context,
12 : size_t *encap_request_size,
13 : void *encap_request)
14 : {
15 : spdm_get_digest_request_t *spdm_request;
16 : libspdm_return_t status;
17 :
18 1 : spdm_context->encap_context.last_encap_request_size = 0;
19 :
20 1 : if (libspdm_get_connection_version(spdm_context) < SPDM_MESSAGE_VERSION_11) {
21 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
22 : }
23 :
24 1 : if (!libspdm_is_capabilities_flag_supported(
25 : spdm_context, false,
26 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP, 0)) {
27 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
28 : }
29 :
30 1 : LIBSPDM_ASSERT(*encap_request_size >= sizeof(spdm_get_digest_request_t));
31 1 : *encap_request_size = sizeof(spdm_get_digest_request_t);
32 :
33 1 : spdm_request = encap_request;
34 :
35 1 : libspdm_reset_message_buffer_via_request_code(spdm_context, NULL,
36 1 : spdm_request->header.request_response_code);
37 :
38 1 : spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
39 1 : spdm_request->header.request_response_code = SPDM_GET_DIGESTS;
40 1 : spdm_request->header.param1 = 0;
41 1 : spdm_request->header.param2 = 0;
42 :
43 1 : status = libspdm_append_message_mut_b(spdm_context, spdm_request, *encap_request_size);
44 1 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
45 0 : return LIBSPDM_STATUS_BUFFER_FULL;
46 : }
47 :
48 1 : libspdm_copy_mem(&spdm_context->encap_context.last_encap_request_header,
49 : sizeof(spdm_context->encap_context.last_encap_request_header),
50 1 : &spdm_request->header, sizeof(spdm_message_header_t));
51 1 : spdm_context->encap_context.last_encap_request_size = *encap_request_size;
52 :
53 1 : return LIBSPDM_STATUS_SUCCESS;
54 : }
55 :
56 11 : libspdm_return_t libspdm_process_encap_response_digest(
57 : libspdm_context_t *spdm_context, size_t encap_response_size,
58 : const void *encap_response, bool *need_continue)
59 : {
60 : const spdm_digest_response_t *spdm_response;
61 : size_t spdm_response_size;
62 : size_t digest_size;
63 : size_t digest_count;
64 : size_t index;
65 : libspdm_return_t status;
66 : uint32_t session_id;
67 : libspdm_session_info_t *session_info;
68 : size_t additional_size;
69 : spdm_key_pair_id_t *key_pair_id;
70 : spdm_certificate_info_t *cert_info;
71 : spdm_key_usage_bit_mask_t *key_usage_bit_mask;
72 : size_t slot_index;
73 : uint8_t cert_model;
74 11 : uint8_t zero_digest[LIBSPDM_MAX_HASH_SIZE] = {0};
75 :
76 11 : spdm_response = encap_response;
77 11 : spdm_response_size = encap_response_size;
78 :
79 11 : if (spdm_response_size < sizeof(spdm_message_header_t)) {
80 1 : return LIBSPDM_STATUS_INVALID_MSG_SIZE;
81 : }
82 10 : if (spdm_response->header.spdm_version != libspdm_get_connection_version (spdm_context)) {
83 1 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
84 : }
85 9 : if (spdm_response->header.request_response_code == SPDM_ERROR) {
86 2 : status = libspdm_handle_encap_error_response_main(spdm_response->header.param1);
87 2 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
88 2 : return status;
89 : }
90 7 : } else if (spdm_response->header.request_response_code != SPDM_DIGESTS) {
91 1 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
92 : }
93 6 : if (spdm_response_size < sizeof(spdm_digest_response_t)) {
94 0 : return LIBSPDM_STATUS_INVALID_MSG_SIZE;
95 : }
96 :
97 6 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "provisioned_slot_mask - 0x%02x\n",
98 : spdm_response->header.param2));
99 6 : if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
100 3 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "supported_slot_mask - 0x%02x\n",
101 : spdm_response->header.param1));
102 3 : if ((spdm_response->header.param1 & spdm_response->header.param2) !=
103 3 : spdm_response->header.param2) {
104 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
105 : }
106 : }
107 :
108 6 : digest_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
109 6 : digest_count = 0;
110 :
111 54 : for (index = 0; index < SPDM_MAX_SLOT_COUNT; index++) {
112 48 : if (spdm_response->header.param2 & (1 << index)) {
113 13 : digest_count++;
114 : }
115 : }
116 6 : if (digest_count == 0) {
117 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
118 : }
119 :
120 6 : additional_size = 0;
121 6 : if ((spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
122 3 : spdm_context->connection_info.multi_key_conn_req) {
123 2 : additional_size = sizeof(spdm_key_pair_id_t) + sizeof(spdm_certificate_info_t) +
124 : sizeof(spdm_key_usage_bit_mask_t);
125 : }
126 6 : if (spdm_response_size <
127 6 : sizeof(spdm_digest_response_t) + digest_count * (digest_size + additional_size)) {
128 0 : return LIBSPDM_STATUS_INVALID_MSG_SIZE;
129 : }
130 6 : spdm_response_size =
131 6 : sizeof(spdm_digest_response_t) + digest_count * (digest_size + additional_size);
132 :
133 6 : status = libspdm_append_message_mut_b(spdm_context, spdm_response, spdm_response_size);
134 6 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
135 0 : return LIBSPDM_STATUS_BUFFER_FULL;
136 : }
137 :
138 6 : if (spdm_context->last_spdm_request_session_id_valid) {
139 5 : session_id = spdm_context->last_spdm_request_session_id;
140 : } else {
141 1 : session_id = spdm_context->latest_session_id;
142 : }
143 6 : if (session_id != INVALID_SESSION_ID) {
144 5 : session_info = libspdm_get_session_info_via_session_id(spdm_context, session_id);
145 : } else {
146 1 : session_info = NULL;
147 : }
148 6 : if (session_info != NULL) {
149 5 : if (spdm_context->connection_info.multi_key_conn_req) {
150 2 : status = libspdm_append_message_encap_d(session_info, spdm_response,
151 : spdm_response_size);
152 2 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
153 0 : return LIBSPDM_STATUS_BUFFER_FULL;
154 : }
155 : }
156 : }
157 :
158 6 : key_pair_id =
159 6 : (spdm_key_pair_id_t *)((size_t)(spdm_response + 1) + digest_size * digest_count);
160 6 : cert_info =
161 : (spdm_certificate_info_t *)((uint8_t *)key_pair_id + sizeof(spdm_key_pair_id_t) *
162 : digest_count);
163 6 : key_usage_bit_mask =
164 : (spdm_key_usage_bit_mask_t *)((uint8_t *)cert_info + sizeof(spdm_certificate_info_t) *
165 : digest_count);
166 19 : for (index = 0; index < digest_count; index++) {
167 13 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "digest (0x%zx) - ", index));
168 13 : LIBSPDM_INTERNAL_DUMP_DATA(
169 : (const uint8_t *)(spdm_response + 1) + (digest_size * index), digest_size);
170 13 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
171 : }
172 6 : if ((spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
173 3 : spdm_context->connection_info.multi_key_conn_req) {
174 11 : for (index = 0; index < digest_count; index++) {
175 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "key_pair_id (0x%zx) - 0x%02x\n", index,
176 : key_pair_id[index]));
177 : }
178 11 : for (index = 0; index < digest_count; index++) {
179 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "cert_info (0x%zx) - 0x%02x\n", index,
180 : cert_info[index]));
181 : }
182 11 : for (index = 0; index < digest_count; index++) {
183 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "key_usage_bit_mask (0x%zx) - 0x%04x\n", index,
184 : key_usage_bit_mask[index]));
185 : }
186 : }
187 :
188 6 : spdm_context->connection_info.peer_provisioned_slot_mask = spdm_response->header.param2;
189 6 : if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
190 3 : spdm_context->connection_info.peer_supported_slot_mask = spdm_response->header.param1;
191 : } else {
192 3 : spdm_context->connection_info.peer_supported_slot_mask = spdm_response->header.param2;
193 : }
194 :
195 6 : libspdm_zero_mem(spdm_context->connection_info.peer_key_pair_id,
196 : sizeof(spdm_context->connection_info.peer_key_pair_id));
197 6 : libspdm_zero_mem(spdm_context->connection_info.peer_cert_info,
198 : sizeof(spdm_context->connection_info.peer_cert_info));
199 6 : libspdm_zero_mem(spdm_context->connection_info.peer_key_usage_bit_mask,
200 : sizeof(spdm_context->connection_info.peer_key_usage_bit_mask));
201 :
202 6 : if ((spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
203 3 : spdm_context->connection_info.multi_key_conn_req) {
204 2 : slot_index = 0;
205 18 : for (index = 0; index < SPDM_MAX_SLOT_COUNT; index++) {
206 16 : if (spdm_response->header.param2 & (1 << index)) {
207 9 : spdm_context->connection_info.peer_key_pair_id[index] = key_pair_id[slot_index];
208 9 : cert_model = cert_info[slot_index] & SPDM_CERTIFICATE_INFO_CERT_MODEL_MASK;
209 9 : if (cert_model > SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT) {
210 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
211 : }
212 9 : if (index == 0) {
213 2 : if (cert_model == SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT) {
214 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
215 : }
216 2 : if ((key_usage_bit_mask[slot_index] &
217 : (SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE |
218 : SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE |
219 : SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE |
220 : SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE)) == 0) {
221 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
222 : }
223 : }
224 9 : if ((cert_model == SPDM_CERTIFICATE_INFO_CERT_MODEL_NONE) &&
225 0 : (!libspdm_consttime_is_mem_equal(
226 0 : (const uint8_t *)(spdm_response + 1) + digest_size * slot_index,
227 : zero_digest,
228 : digest_size))) {
229 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
230 : }
231 9 : spdm_context->connection_info.peer_cert_info[index] = cert_model;
232 9 : spdm_context->connection_info.peer_key_usage_bit_mask[index] =
233 9 : key_usage_bit_mask[slot_index];
234 9 : slot_index++;
235 : }
236 : }
237 : }
238 :
239 6 : *need_continue = false;
240 :
241 6 : return LIBSPDM_STATUS_SUCCESS;
242 : }
243 :
244 : #endif /* (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (...) */
|
