Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2024-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_responder_lib.h"
8 :
9 : #if LIBSPDM_ENABLE_CAPABILITY_SET_KEY_PAIR_INFO_CAP
10 :
11 15 : libspdm_return_t libspdm_get_response_set_key_pair_info_ack(libspdm_context_t *spdm_context,
12 : size_t request_size,
13 : const void *request,
14 : size_t *response_size,
15 : void *response)
16 : {
17 : const spdm_set_key_pair_info_request_t *spdm_request;
18 : spdm_set_key_pair_info_ack_response_t *spdm_response;
19 :
20 : libspdm_session_info_t *session_info;
21 : libspdm_session_state_t session_state;
22 :
23 : uint16_t capabilities;
24 : uint16_t key_usage_capabilities;
25 : uint16_t current_key_usage;
26 : uint32_t asym_algo_capabilities;
27 : uint32_t current_asym_algo;
28 : uint8_t assoc_cert_slot_mask;
29 : uint8_t key_pair_id;
30 : uint8_t total_key_pairs;
31 : bool result;
32 :
33 : uint16_t desired_key_usage;
34 : uint32_t desired_asym_algo;
35 : uint8_t desired_assoc_cert_slot_mask;
36 : uint8_t operation;
37 : bool need_reset;
38 : const uint8_t *ptr;
39 :
40 15 : spdm_request = request;
41 :
42 : /* -=[Check Parameters Phase]=- */
43 15 : LIBSPDM_ASSERT(spdm_request->header.request_response_code == SPDM_SET_KEY_PAIR_INFO);
44 :
45 15 : if (libspdm_get_connection_version(spdm_context) < SPDM_MESSAGE_VERSION_13) {
46 0 : return libspdm_generate_error_response(spdm_context,
47 : SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
48 : SPDM_SET_KEY_PAIR_INFO,
49 : response_size, response);
50 : }
51 :
52 15 : if (spdm_request->header.spdm_version != libspdm_get_connection_version(spdm_context)) {
53 0 : return libspdm_generate_error_response(spdm_context,
54 : SPDM_ERROR_CODE_VERSION_MISMATCH, 0,
55 : response_size, response);
56 : }
57 :
58 15 : if (spdm_context->response_state != LIBSPDM_RESPONSE_STATE_NORMAL) {
59 0 : return libspdm_responder_handle_response_state(spdm_context,
60 0 : spdm_request->header.request_response_code,
61 : response_size, response);
62 : }
63 :
64 15 : if (request_size < sizeof(spdm_set_key_pair_info_request_t)) {
65 0 : return libspdm_generate_error_response(spdm_context,
66 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
67 : response_size, response);
68 : }
69 :
70 15 : if (spdm_context->connection_info.connection_state <
71 : LIBSPDM_CONNECTION_STATE_NEGOTIATED) {
72 0 : return libspdm_generate_error_response(
73 : spdm_context,
74 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST, 0,
75 : response_size, response);
76 : }
77 :
78 15 : if (spdm_context->last_spdm_request_session_id_valid) {
79 0 : session_info = libspdm_get_session_info_via_session_id(
80 : spdm_context,
81 : spdm_context->last_spdm_request_session_id);
82 0 : if (session_info == NULL) {
83 0 : return libspdm_generate_error_response(
84 : spdm_context,
85 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST, 0,
86 : response_size, response);
87 : }
88 0 : session_state = libspdm_secured_message_get_session_state(
89 : session_info->secured_message_context);
90 0 : if (session_state != LIBSPDM_SESSION_STATE_ESTABLISHED) {
91 0 : return libspdm_generate_error_response(
92 : spdm_context,
93 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST, 0,
94 : response_size, response);
95 : }
96 : }
97 :
98 15 : if (!libspdm_is_capabilities_flag_supported(
99 : spdm_context, false, 0,
100 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_INFO_CAP)) {
101 0 : return libspdm_generate_error_response(
102 : spdm_context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST,
103 : SPDM_SET_KEY_PAIR_INFO, response_size, response);
104 : }
105 :
106 15 : total_key_pairs = spdm_context->local_context.total_key_pairs;
107 15 : key_pair_id = spdm_request->key_pair_id;
108 15 : if ((key_pair_id == 0) || (key_pair_id > total_key_pairs)) {
109 1 : return libspdm_generate_error_response(spdm_context,
110 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
111 : response_size, response);
112 : }
113 :
114 14 : LIBSPDM_ASSERT(*response_size >= sizeof(spdm_set_key_pair_info_ack_response_t));
115 :
116 14 : libspdm_zero_mem(response, *response_size);
117 :
118 14 : result = libspdm_read_key_pair_info(
119 : spdm_context,
120 : key_pair_id,
121 : &capabilities,
122 : &key_usage_capabilities,
123 : ¤t_key_usage,
124 : &asym_algo_capabilities,
125 : ¤t_asym_algo,
126 : &assoc_cert_slot_mask,
127 : NULL, NULL);
128 14 : if (!result) {
129 0 : return libspdm_generate_error_response(spdm_context,
130 : SPDM_ERROR_CODE_UNSPECIFIED, 0,
131 : response_size, response);
132 : }
133 :
134 14 : operation = spdm_request->header.param1;
135 :
136 14 : if (operation != SPDM_SET_KEY_PAIR_INFO_ERASE_OPERATION) {
137 10 : if (request_size < sizeof(spdm_set_key_pair_info_request_t) +
138 : sizeof(uint8_t) + sizeof(uint16_t) + sizeof(uint32_t) + sizeof(uint8_t)) {
139 1 : return libspdm_generate_error_response(spdm_context,
140 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
141 : response_size, response);
142 : }
143 :
144 9 : ptr = (const uint8_t*)(spdm_request + 1);
145 9 : ptr += sizeof(uint8_t);
146 :
147 9 : desired_key_usage = libspdm_read_uint16((const uint8_t *)ptr);
148 9 : ptr += sizeof(uint16_t);
149 :
150 9 : desired_asym_algo = libspdm_read_uint32((const uint8_t *)ptr);
151 9 : ptr += sizeof(uint32_t);
152 :
153 9 : desired_assoc_cert_slot_mask = *ptr;
154 : } else {
155 4 : desired_key_usage = 0;
156 4 : desired_asym_algo = 0;
157 4 : desired_assoc_cert_slot_mask = 0;
158 : }
159 :
160 13 : if (((capabilities & SPDM_KEY_PAIR_CAP_GEN_KEY_CAP) == 0) &&
161 : (operation == SPDM_SET_KEY_PAIR_INFO_GENERATE_OPERATION)) {
162 0 : return libspdm_generate_error_response(spdm_context,
163 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
164 : response_size, response);
165 : }
166 13 : if (((capabilities & SPDM_KEY_PAIR_CAP_ERASABLE_CAP) == 0) &&
167 : (operation == SPDM_SET_KEY_PAIR_INFO_ERASE_OPERATION)) {
168 0 : return libspdm_generate_error_response(spdm_context,
169 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
170 : response_size, response);
171 : }
172 13 : if (((capabilities & SPDM_KEY_PAIR_CAP_CERT_ASSOC_CAP) == 0) &&
173 0 : (desired_assoc_cert_slot_mask != 0) &&
174 0 : (desired_assoc_cert_slot_mask != assoc_cert_slot_mask)) {
175 0 : return libspdm_generate_error_response(spdm_context,
176 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
177 : response_size, response);
178 : }
179 :
180 13 : if (((capabilities & SPDM_KEY_PAIR_CAP_KEY_USAGE_CAP) == 0) && (desired_key_usage != 0)) {
181 0 : return libspdm_generate_error_response(spdm_context,
182 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
183 : response_size, response);
184 : }
185 13 : if ((desired_key_usage != 0) &&
186 4 : ((key_usage_capabilities | desired_key_usage) != key_usage_capabilities)) {
187 0 : return libspdm_generate_error_response(spdm_context,
188 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
189 : response_size, response);
190 : }
191 :
192 13 : if (((capabilities & SPDM_KEY_PAIR_CAP_ASYM_ALGO_CAP) == 0) && (desired_asym_algo != 0)) {
193 0 : return libspdm_generate_error_response(spdm_context,
194 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
195 : response_size, response);
196 : }
197 13 : if(!libspdm_onehot0(desired_asym_algo)) {
198 1 : return libspdm_generate_error_response(spdm_context,
199 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
200 : response_size, response);
201 : }
202 12 : if ((desired_asym_algo != 0) &&
203 3 : ((asym_algo_capabilities | desired_asym_algo) != asym_algo_capabilities)) {
204 0 : return libspdm_generate_error_response(spdm_context,
205 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
206 : response_size, response);
207 : }
208 12 : if (((capabilities & SPDM_KEY_PAIR_CAP_SHAREABLE_CAP) == 0) &&
209 0 : (!libspdm_onehot0(desired_assoc_cert_slot_mask))) {
210 0 : return libspdm_generate_error_response(spdm_context,
211 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
212 : response_size, response);
213 : }
214 12 : if (operation > SPDM_SET_KEY_PAIR_INFO_GENERATE_OPERATION) {
215 0 : return libspdm_generate_error_response(spdm_context,
216 : SPDM_ERROR_CODE_INVALID_REQUEST, 0,
217 : response_size, response);
218 : }
219 12 : if ((operation == SPDM_SET_KEY_PAIR_INFO_ERASE_OPERATION) ||
220 : (operation == SPDM_SET_KEY_PAIR_INFO_GENERATE_OPERATION)) {
221 4 : if (assoc_cert_slot_mask != 0) {
222 1 : return libspdm_generate_error_response(spdm_context,
223 : SPDM_ERROR_CODE_OPERATION_FAILED, 0,
224 : response_size, response);
225 : }
226 : }
227 :
228 11 : need_reset = libspdm_is_capabilities_flag_supported(
229 : spdm_context, false, 0,
230 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP);
231 11 : result = libspdm_write_key_pair_info(
232 : spdm_context,
233 : key_pair_id,
234 : operation,
235 : desired_key_usage,
236 : desired_asym_algo,
237 : desired_assoc_cert_slot_mask,
238 : &need_reset);
239 11 : if (!result) {
240 0 : return libspdm_generate_error_response(spdm_context,
241 : SPDM_ERROR_CODE_OPERATION_FAILED, 0,
242 : response_size, response);
243 : }
244 :
245 11 : spdm_response = response;
246 11 : *response_size = sizeof(spdm_set_key_pair_info_ack_response_t);
247 :
248 11 : if (need_reset) {
249 5 : return libspdm_generate_error_response(spdm_context,
250 : SPDM_ERROR_CODE_RESET_REQUIRED, 0,
251 : response_size, response);
252 : } else {
253 6 : spdm_response->header.spdm_version = spdm_request->header.spdm_version;
254 6 : spdm_response->header.request_response_code = SPDM_SET_KEY_PAIR_INFO_ACK;
255 6 : spdm_response->header.param1 = 0;
256 6 : spdm_response->header.param2 = 0;
257 : }
258 :
259 6 : return LIBSPDM_STATUS_SUCCESS;
260 : }
261 :
262 : #endif /*LIBSPDM_ENABLE_CAPABILITY_SET_KEY_PAIR_INFO_CAP*/
|
