Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_responder_lib.h"
8 :
9 : #if (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (LIBSPDM_SEND_GET_CERTIFICATE_SUPPORT)
10 :
11 1 : libspdm_return_t libspdm_get_encap_request_get_digest(libspdm_context_t *spdm_context,
12 : size_t *encap_request_size,
13 : void *encap_request)
14 : {
15 : spdm_get_digest_request_t *spdm_request;
16 : libspdm_return_t status;
17 :
18 1 : spdm_context->encap_context.last_encap_request_size = 0;
19 :
20 1 : if (libspdm_get_connection_version(spdm_context) < SPDM_MESSAGE_VERSION_11) {
21 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
22 : }
23 :
24 1 : if (!libspdm_is_capabilities_flag_supported(
25 : spdm_context, false,
26 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CERT_CAP, 0)) {
27 0 : return LIBSPDM_STATUS_UNSUPPORTED_CAP;
28 : }
29 :
30 1 : LIBSPDM_ASSERT(*encap_request_size >= sizeof(spdm_get_digest_request_t));
31 1 : *encap_request_size = sizeof(spdm_get_digest_request_t);
32 :
33 1 : spdm_request = encap_request;
34 :
35 1 : libspdm_reset_message_buffer_via_request_code(spdm_context, NULL,
36 1 : spdm_request->header.request_response_code);
37 :
38 1 : spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
39 1 : spdm_request->header.request_response_code = SPDM_GET_DIGESTS;
40 1 : spdm_request->header.param1 = 0;
41 1 : spdm_request->header.param2 = 0;
42 :
43 1 : status = libspdm_append_message_mut_b(spdm_context, spdm_request, *encap_request_size);
44 1 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
45 0 : return LIBSPDM_STATUS_BUFFER_FULL;
46 : }
47 :
48 1 : libspdm_copy_mem(&spdm_context->encap_context.last_encap_request_header,
49 : sizeof(spdm_context->encap_context.last_encap_request_header),
50 1 : &spdm_request->header, sizeof(spdm_message_header_t));
51 1 : spdm_context->encap_context.last_encap_request_size = *encap_request_size;
52 :
53 1 : return LIBSPDM_STATUS_SUCCESS;
54 : }
55 :
56 11 : libspdm_return_t libspdm_process_encap_response_digest(
57 : libspdm_context_t *spdm_context, size_t encap_response_size,
58 : const void *encap_response, bool *need_continue)
59 : {
60 : const spdm_digest_response_t *spdm_response;
61 : size_t spdm_response_size;
62 : size_t digest_size;
63 : size_t digest_count;
64 : size_t index;
65 : libspdm_return_t status;
66 : uint32_t session_id;
67 : libspdm_session_info_t *session_info;
68 : size_t additional_size;
69 : spdm_key_pair_id_t *key_pair_id;
70 : spdm_certificate_info_t *cert_info;
71 : spdm_key_usage_bit_mask_t *key_usage_bit_mask;
72 : size_t slot_index;
73 : uint8_t cert_model;
74 11 : uint8_t zero_digest[LIBSPDM_MAX_HASH_SIZE] = {0};
75 :
76 11 : spdm_response = encap_response;
77 11 : spdm_response_size = encap_response_size;
78 :
79 11 : if (spdm_response_size < sizeof(spdm_message_header_t)) {
80 1 : return LIBSPDM_STATUS_INVALID_MSG_SIZE;
81 : }
82 10 : if (spdm_response->header.spdm_version != libspdm_get_connection_version (spdm_context)) {
83 1 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
84 : }
85 9 : if (spdm_response->header.request_response_code == SPDM_ERROR) {
86 2 : status = libspdm_handle_encap_error_response_main(
87 2 : spdm_context, spdm_response->header.param1);
88 2 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
89 2 : return status;
90 : }
91 7 : } else if (spdm_response->header.request_response_code != SPDM_DIGESTS) {
92 1 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
93 : }
94 6 : if (spdm_response_size < sizeof(spdm_digest_response_t)) {
95 0 : return LIBSPDM_STATUS_INVALID_MSG_SIZE;
96 : }
97 :
98 6 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "provisioned_slot_mask - 0x%02x\n",
99 : spdm_response->header.param2));
100 6 : if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
101 3 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "supported_slot_mask - 0x%02x\n",
102 : spdm_response->header.param1));
103 3 : if ((spdm_response->header.param1 & spdm_response->header.param2) !=
104 3 : spdm_response->header.param2) {
105 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
106 : }
107 : }
108 :
109 6 : digest_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
110 6 : digest_count = 0;
111 :
112 54 : for (index = 0; index < SPDM_MAX_SLOT_COUNT; index++) {
113 48 : if (spdm_response->header.param2 & (1 << index)) {
114 13 : digest_count++;
115 : }
116 : }
117 6 : if (digest_count == 0) {
118 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
119 : }
120 :
121 6 : additional_size = 0;
122 6 : if ((spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
123 3 : spdm_context->connection_info.multi_key_conn_req) {
124 2 : additional_size = sizeof(spdm_key_pair_id_t) + sizeof(spdm_certificate_info_t) +
125 : sizeof(spdm_key_usage_bit_mask_t);
126 : }
127 6 : if (spdm_response_size <
128 6 : sizeof(spdm_digest_response_t) + digest_count * (digest_size + additional_size)) {
129 0 : return LIBSPDM_STATUS_INVALID_MSG_SIZE;
130 : }
131 6 : spdm_response_size =
132 6 : sizeof(spdm_digest_response_t) + digest_count * (digest_size + additional_size);
133 :
134 6 : status = libspdm_append_message_mut_b(spdm_context, spdm_response, spdm_response_size);
135 6 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
136 0 : return LIBSPDM_STATUS_BUFFER_FULL;
137 : }
138 :
139 6 : if (spdm_context->last_spdm_request_session_id_valid) {
140 5 : session_id = spdm_context->last_spdm_request_session_id;
141 : } else {
142 1 : session_id = spdm_context->latest_session_id;
143 : }
144 6 : if (session_id != INVALID_SESSION_ID) {
145 5 : session_info = libspdm_get_session_info_via_session_id(spdm_context, session_id);
146 : } else {
147 1 : session_info = NULL;
148 : }
149 6 : if (session_info != NULL) {
150 5 : if (spdm_context->connection_info.multi_key_conn_req) {
151 2 : status = libspdm_append_message_encap_d(spdm_context, session_info, false,
152 : spdm_response, spdm_response_size);
153 2 : if (LIBSPDM_STATUS_IS_ERROR(status)) {
154 0 : return LIBSPDM_STATUS_BUFFER_FULL;
155 : }
156 : }
157 : }
158 :
159 6 : key_pair_id =
160 6 : (spdm_key_pair_id_t *)((size_t)(spdm_response + 1) + digest_size * digest_count);
161 6 : cert_info =
162 : (spdm_certificate_info_t *)((uint8_t *)key_pair_id + sizeof(spdm_key_pair_id_t) *
163 : digest_count);
164 6 : key_usage_bit_mask =
165 : (spdm_key_usage_bit_mask_t *)((uint8_t *)cert_info + sizeof(spdm_certificate_info_t) *
166 : digest_count);
167 19 : for (index = 0; index < digest_count; index++) {
168 13 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "digest (0x%zx) - ", index));
169 13 : LIBSPDM_INTERNAL_DUMP_DATA(
170 : (const uint8_t *)(spdm_response + 1) + (digest_size * index), digest_size);
171 13 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
172 : }
173 6 : if ((spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
174 3 : spdm_context->connection_info.multi_key_conn_req) {
175 11 : for (index = 0; index < digest_count; index++) {
176 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "key_pair_id (0x%zx) - 0x%02x\n", index,
177 : key_pair_id[index]));
178 : }
179 11 : for (index = 0; index < digest_count; index++) {
180 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "cert_info (0x%zx) - 0x%02x\n", index,
181 : cert_info[index]));
182 : }
183 11 : for (index = 0; index < digest_count; index++) {
184 9 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "key_usage_bit_mask (0x%zx) - 0x%04x\n", index,
185 : key_usage_bit_mask[index]));
186 : }
187 : }
188 :
189 6 : spdm_context->connection_info.peer_provisioned_slot_mask = spdm_response->header.param2;
190 6 : if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
191 3 : spdm_context->connection_info.peer_supported_slot_mask = spdm_response->header.param1;
192 : } else {
193 3 : spdm_context->connection_info.peer_supported_slot_mask = spdm_response->header.param2;
194 : }
195 :
196 6 : libspdm_zero_mem(spdm_context->connection_info.peer_key_pair_id,
197 : sizeof(spdm_context->connection_info.peer_key_pair_id));
198 6 : libspdm_zero_mem(spdm_context->connection_info.peer_cert_info,
199 : sizeof(spdm_context->connection_info.peer_cert_info));
200 6 : libspdm_zero_mem(spdm_context->connection_info.peer_key_usage_bit_mask,
201 : sizeof(spdm_context->connection_info.peer_key_usage_bit_mask));
202 :
203 6 : if ((spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_13) &&
204 3 : spdm_context->connection_info.multi_key_conn_req) {
205 2 : slot_index = 0;
206 18 : for (index = 0; index < SPDM_MAX_SLOT_COUNT; index++) {
207 16 : if (spdm_response->header.param2 & (1 << index)) {
208 9 : spdm_context->connection_info.peer_key_pair_id[index] = key_pair_id[slot_index];
209 9 : cert_model = cert_info[slot_index] & SPDM_CERTIFICATE_INFO_CERT_MODEL_MASK;
210 9 : if (cert_model > SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT) {
211 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
212 : }
213 9 : if (index == 0) {
214 2 : if (cert_model == SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT) {
215 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
216 : }
217 2 : if ((key_usage_bit_mask[slot_index] &
218 : (SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE |
219 : SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE |
220 : SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE |
221 : SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE)) == 0) {
222 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
223 : }
224 : }
225 9 : if ((cert_model == SPDM_CERTIFICATE_INFO_CERT_MODEL_NONE) &&
226 0 : (!libspdm_consttime_is_mem_equal(
227 0 : (const uint8_t *)(spdm_response + 1) + digest_size * slot_index,
228 : zero_digest,
229 : digest_size))) {
230 0 : return LIBSPDM_STATUS_INVALID_MSG_FIELD;
231 : }
232 9 : spdm_context->connection_info.peer_cert_info[index] = cert_model;
233 9 : spdm_context->connection_info.peer_key_usage_bit_mask[index] =
234 9 : key_usage_bit_mask[slot_index];
235 9 : slot_index++;
236 : }
237 : }
238 : }
239 :
240 6 : *need_continue = false;
241 :
242 6 : return LIBSPDM_STATUS_SUCCESS;
243 : }
244 :
245 : #endif /* (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && (...) */
|
