Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2026 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_secured_message_lib.h"
8 :
9 236 : size_t libspdm_secured_message_get_context_size(void)
10 : {
11 236 : return sizeof(libspdm_secured_message_context_t);
12 : }
13 :
14 1210 : void libspdm_secured_message_init_context(void *spdm_secured_message_context)
15 : {
16 : libspdm_secured_message_context_t *secured_message_context;
17 :
18 1210 : secured_message_context = spdm_secured_message_context;
19 1210 : libspdm_zero_mem(secured_message_context, sizeof(libspdm_secured_message_context_t));
20 1210 : }
21 :
22 742 : void libspdm_secured_message_set_use_psk(void *spdm_secured_message_context, bool use_psk)
23 : {
24 : libspdm_secured_message_context_t *secured_message_context;
25 :
26 742 : secured_message_context = spdm_secured_message_context;
27 742 : secured_message_context->use_psk = use_psk;
28 742 : }
29 :
30 448 : void libspdm_secured_message_set_session_state(
31 : void *spdm_secured_message_context,
32 : libspdm_session_state_t session_state)
33 : {
34 : libspdm_secured_message_context_t *secured_message_context;
35 :
36 448 : secured_message_context = spdm_secured_message_context;
37 448 : secured_message_context->session_state = session_state;
38 :
39 448 : if (session_state == LIBSPDM_SESSION_STATE_ESTABLISHED) {
40 : /* session handshake key should be zeroized after handshake phase. */
41 264 : libspdm_clear_handshake_secret(secured_message_context);
42 264 : libspdm_clear_master_secret(secured_message_context);
43 : }
44 448 : }
45 :
46 : libspdm_session_state_t
47 558 : libspdm_secured_message_get_session_state(void *spdm_secured_message_context)
48 : {
49 : libspdm_secured_message_context_t *secured_message_context;
50 :
51 558 : secured_message_context = spdm_secured_message_context;
52 558 : return secured_message_context->session_state;
53 : }
54 :
55 742 : void libspdm_secured_message_set_session_type(void *spdm_secured_message_context,
56 : libspdm_session_type_t session_type)
57 : {
58 : libspdm_secured_message_context_t *secured_message_context;
59 :
60 742 : secured_message_context = spdm_secured_message_context;
61 742 : secured_message_context->session_type = session_type;
62 742 : }
63 :
64 742 : void libspdm_secured_message_set_algorithms(void *spdm_secured_message_context,
65 : spdm_version_number_t version,
66 : spdm_version_number_t secured_message_version,
67 : uint32_t base_hash_algo,
68 : uint16_t dhe_named_group,
69 : uint32_t kem_alg,
70 : uint16_t aead_cipher_suite,
71 : uint16_t key_schedule)
72 : {
73 : libspdm_secured_message_context_t *secured_message_context;
74 :
75 742 : secured_message_context = spdm_secured_message_context;
76 742 : secured_message_context->version = version;
77 742 : secured_message_context->secured_message_version = secured_message_version;
78 742 : secured_message_context->base_hash_algo = base_hash_algo;
79 742 : secured_message_context->dhe_named_group = dhe_named_group;
80 742 : secured_message_context->kem_alg = kem_alg;
81 742 : secured_message_context->aead_cipher_suite = aead_cipher_suite;
82 742 : secured_message_context->key_schedule = key_schedule;
83 :
84 742 : secured_message_context->hash_size =
85 742 : libspdm_get_hash_size(secured_message_context->base_hash_algo);
86 742 : if (kem_alg != 0) {
87 0 : secured_message_context->shared_key_size = libspdm_get_kem_shared_secret_size(
88 : secured_message_context->kem_alg);
89 : } else {
90 742 : secured_message_context->shared_key_size = libspdm_get_dhe_shared_secret_size(
91 742 : secured_message_context->dhe_named_group);
92 : }
93 1484 : secured_message_context->aead_key_size = libspdm_get_aead_key_size(
94 742 : secured_message_context->aead_cipher_suite);
95 1484 : secured_message_context->aead_iv_size = libspdm_get_aead_iv_size(
96 742 : secured_message_context->aead_cipher_suite);
97 1484 : secured_message_context->aead_tag_size = libspdm_get_aead_tag_size(
98 742 : secured_message_context->aead_cipher_suite);
99 742 : }
100 :
101 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
102 77 : void libspdm_secured_message_set_psk_hint(void *spdm_secured_message_context,
103 : const void *psk_hint,
104 : size_t psk_hint_size)
105 : {
106 : libspdm_secured_message_context_t *secured_message_context;
107 :
108 77 : secured_message_context = spdm_secured_message_context;
109 77 : if ((psk_hint != NULL) && (psk_hint_size > 0)) {
110 75 : secured_message_context->psk_hint_size = psk_hint_size;
111 75 : libspdm_copy_mem(secured_message_context->psk_hint,
112 : LIBSPDM_PSK_MAX_HINT_LENGTH,
113 : psk_hint,
114 : psk_hint_size);
115 : }
116 77 : }
117 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
118 :
119 742 : void libspdm_secured_message_set_max_spdm_session_sequence_number(
120 : void *spdm_secured_message_context,
121 : uint64_t max_spdm_session_sequence_number)
122 : {
123 : libspdm_secured_message_context_t *secured_message_context;
124 :
125 742 : secured_message_context = spdm_secured_message_context;
126 742 : secured_message_context->max_spdm_session_sequence_number = max_spdm_session_sequence_number;
127 742 : }
128 :
129 742 : void libspdm_secured_message_set_sequence_number_endian (
130 : void *spdm_secured_message_context,
131 : uint8_t endian_value)
132 : {
133 : libspdm_secured_message_context_t *secured_message_context;
134 :
135 742 : secured_message_context = spdm_secured_message_context;
136 742 : secured_message_context->sequence_number_endian = endian_value;
137 742 : }
138 :
139 0 : bool libspdm_secured_message_import_shared_secret(void *spdm_secured_message_context,
140 : const void *shared_secret,
141 : size_t shared_secret_size)
142 : {
143 : libspdm_secured_message_context_t *secured_message_context;
144 :
145 0 : secured_message_context = spdm_secured_message_context;
146 0 : if (shared_secret_size > secured_message_context->shared_key_size) {
147 0 : return false;
148 : }
149 0 : secured_message_context->shared_key_size = shared_secret_size;
150 0 : libspdm_copy_mem(secured_message_context->master_secret.shared_secret,
151 : sizeof(secured_message_context->master_secret.shared_secret),
152 : shared_secret, shared_secret_size);
153 0 : return true;
154 : }
155 :
156 3 : bool libspdm_secured_message_export_master_secret(
157 : void *spdm_secured_message_context, void *export_master_secret,
158 : size_t *export_master_secret_size)
159 : {
160 : libspdm_secured_message_context_t *secured_message_context;
161 :
162 3 : secured_message_context = spdm_secured_message_context;
163 :
164 3 : if (*export_master_secret_size > secured_message_context->hash_size) {
165 1 : *export_master_secret_size = secured_message_context->hash_size;
166 : }
167 :
168 3 : libspdm_copy_mem(export_master_secret, *export_master_secret_size,
169 3 : secured_message_context->export_master_secret,
170 : *export_master_secret_size);
171 :
172 3 : return true;
173 : }
174 :
175 1 : void libspdm_secured_message_clear_export_master_secret(void *spdm_secured_message_context)
176 : {
177 : libspdm_secured_message_context_t *secured_message_context;
178 :
179 1 : LIBSPDM_ASSERT(spdm_secured_message_context != NULL);
180 :
181 1 : secured_message_context = spdm_secured_message_context;
182 :
183 1 : libspdm_zero_mem(secured_message_context->export_master_secret,
184 : sizeof(secured_message_context->export_master_secret));
185 1 : }
186 :
187 0 : bool libspdm_secured_message_export_session_keys(void *spdm_secured_message_context,
188 : void *session_keys,
189 : size_t *session_keys_size)
190 : {
191 : libspdm_secured_message_context_t *secured_message_context;
192 : size_t struct_size;
193 : libspdm_secure_session_keys_struct_t *session_keys_struct;
194 : uint8_t *ptr;
195 :
196 0 : secured_message_context = spdm_secured_message_context;
197 0 : struct_size = sizeof(libspdm_secure_session_keys_struct_t) +
198 0 : (secured_message_context->aead_key_size +
199 0 : secured_message_context->aead_iv_size + sizeof(uint64_t)) * 2;
200 :
201 0 : if (*session_keys_size < struct_size) {
202 0 : *session_keys_size = struct_size;
203 0 : return false;
204 : }
205 :
206 0 : session_keys_struct = session_keys;
207 0 : session_keys_struct->version = LIBSPDM_SECURE_SESSION_KEYS_STRUCT_VERSION;
208 0 : session_keys_struct->aead_key_size = (uint32_t)secured_message_context->aead_key_size;
209 0 : session_keys_struct->aead_iv_size = (uint32_t)secured_message_context->aead_iv_size;
210 :
211 0 : ptr = (void *)(session_keys_struct + 1);
212 0 : libspdm_copy_mem(ptr,
213 0 : *session_keys_size - (ptr - (uint8_t*)session_keys),
214 0 : secured_message_context->application_secret.request_data_encryption_key,
215 : secured_message_context->aead_key_size);
216 0 : ptr += secured_message_context->aead_key_size;
217 0 : libspdm_copy_mem(ptr,
218 0 : *session_keys_size - (ptr - (uint8_t*)session_keys),
219 0 : secured_message_context->application_secret.request_data_salt,
220 : secured_message_context->aead_iv_size);
221 0 : ptr += secured_message_context->aead_iv_size;
222 0 : libspdm_copy_mem(ptr,
223 0 : *session_keys_size - (ptr - (uint8_t*)session_keys),
224 0 : &secured_message_context->application_secret.request_data_sequence_number,
225 : sizeof(uint64_t));
226 0 : ptr += sizeof(uint64_t);
227 0 : libspdm_copy_mem(ptr,
228 0 : *session_keys_size - (ptr - (uint8_t*)session_keys),
229 0 : secured_message_context->application_secret.response_data_encryption_key,
230 : secured_message_context->aead_key_size);
231 0 : ptr += secured_message_context->aead_key_size;
232 0 : libspdm_copy_mem(ptr,
233 0 : *session_keys_size - (ptr - (uint8_t*)session_keys),
234 0 : secured_message_context->application_secret.response_data_salt,
235 : secured_message_context->aead_iv_size);
236 0 : ptr += secured_message_context->aead_iv_size;
237 0 : libspdm_copy_mem(ptr,
238 0 : *session_keys_size - (ptr - (uint8_t*)session_keys),
239 0 : &secured_message_context->application_secret.response_data_sequence_number,
240 : sizeof(uint64_t));
241 0 : ptr += sizeof(uint64_t);
242 0 : return true;
243 : }
244 :
245 0 : bool libspdm_secured_message_import_session_keys(void *spdm_secured_message_context,
246 : const void *session_keys,
247 : size_t session_keys_size)
248 : {
249 : libspdm_secured_message_context_t *secured_message_context;
250 : size_t struct_size;
251 : const libspdm_secure_session_keys_struct_t *session_keys_struct;
252 : const uint8_t *ptr;
253 :
254 0 : secured_message_context = spdm_secured_message_context;
255 0 : struct_size = sizeof(libspdm_secure_session_keys_struct_t) +
256 0 : (secured_message_context->aead_key_size +
257 0 : secured_message_context->aead_iv_size + sizeof(uint64_t)) * 2;
258 :
259 0 : if (session_keys_size != struct_size) {
260 0 : return false;
261 : }
262 :
263 0 : session_keys_struct = session_keys;
264 0 : if ((session_keys_struct->version !=
265 0 : LIBSPDM_SECURE_SESSION_KEYS_STRUCT_VERSION) ||
266 0 : (session_keys_struct->aead_key_size !=
267 0 : secured_message_context->aead_key_size) ||
268 0 : (session_keys_struct->aead_iv_size !=
269 0 : secured_message_context->aead_iv_size)) {
270 0 : return false;
271 : }
272 :
273 0 : ptr = (const void *)(session_keys_struct + 1);
274 0 : libspdm_copy_mem(secured_message_context->application_secret.request_data_encryption_key,
275 : sizeof(secured_message_context->application_secret
276 : .request_data_encryption_key),
277 : ptr, secured_message_context->aead_key_size);
278 0 : ptr += secured_message_context->aead_key_size;
279 0 : libspdm_copy_mem(secured_message_context->application_secret.request_data_salt,
280 : sizeof(secured_message_context->application_secret
281 : .request_data_salt),
282 : ptr, secured_message_context->aead_iv_size);
283 0 : ptr += secured_message_context->aead_iv_size;
284 0 : libspdm_copy_mem(&secured_message_context->application_secret.request_data_sequence_number,
285 : sizeof(secured_message_context->application_secret
286 : .request_data_sequence_number),
287 : ptr, sizeof(uint64_t));
288 0 : ptr += sizeof(uint64_t);
289 0 : libspdm_copy_mem(secured_message_context->application_secret
290 0 : .response_data_encryption_key,
291 : sizeof(secured_message_context->application_secret
292 : .response_data_encryption_key),
293 : ptr, secured_message_context->aead_key_size);
294 0 : ptr += secured_message_context->aead_key_size;
295 0 : libspdm_copy_mem(secured_message_context->application_secret.response_data_salt,
296 : sizeof(secured_message_context->application_secret.response_data_salt),
297 : ptr, secured_message_context->aead_iv_size);
298 0 : ptr += secured_message_context->aead_iv_size;
299 0 : libspdm_copy_mem(&secured_message_context->application_secret.response_data_sequence_number,
300 : sizeof(secured_message_context->application_secret
301 : .response_data_sequence_number),
302 : ptr, sizeof(uint64_t));
303 0 : ptr += sizeof(uint64_t);
304 0 : return true;
305 : }
306 :
307 28 : void libspdm_secured_message_get_last_spdm_error_struct(
308 : void *spdm_secured_message_context,
309 : libspdm_error_struct_t *last_spdm_error)
310 : {
311 : libspdm_secured_message_context_t *secured_message_context;
312 :
313 28 : secured_message_context = spdm_secured_message_context;
314 28 : libspdm_copy_mem(last_spdm_error, sizeof(libspdm_error_struct_t),
315 28 : &secured_message_context->last_spdm_error,
316 : sizeof(libspdm_error_struct_t));
317 28 : }
318 :
319 337 : void libspdm_secured_message_set_last_spdm_error_struct(
320 : void *spdm_secured_message_context,
321 : const libspdm_error_struct_t *last_spdm_error)
322 : {
323 : libspdm_secured_message_context_t *secured_message_context;
324 :
325 337 : secured_message_context = spdm_secured_message_context;
326 337 : libspdm_copy_mem(&secured_message_context->last_spdm_error,
327 : sizeof(secured_message_context->last_spdm_error),
328 : last_spdm_error,
329 : sizeof(libspdm_error_struct_t));
330 337 : }
|
