Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_secured_message_lib.h"
8 :
9 : /**
10 : * This function concatenates binary data, which is used as info in HKDF expand later.
11 : *
12 : * @param label An ascii string label for the libspdm_bin_concat.
13 : * @param label_size The size in bytes of the ASCII string label, not including NULL terminator.
14 : * @param context A pre-defined hash value as the context for the libspdm_bin_concat.
15 : * @param length 16 bits length for the libspdm_bin_concat.
16 : * @param hash_size The size in bytes of the context hash.
17 : * @param out_bin The buffer to store the output binary.
18 : * @param out_bin_size The size in bytes for the out_bin.
19 : **/
20 1273 : void libspdm_bin_concat(spdm_version_number_t spdm_version,
21 : const char *label, size_t label_size,
22 : const uint8_t *context, uint16_t length,
23 : size_t hash_size, uint8_t *out_bin,
24 : size_t *out_bin_size)
25 : {
26 : size_t final_size;
27 :
28 : /* The correct version characters (1.1 or 1.2) will replace the x.x. */
29 : #define LIBSPDM_BIN_CONCAT_LABEL "spdmx.x "
30 :
31 1273 : final_size = sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1 + label_size;
32 1273 : if (context != NULL) {
33 283 : final_size += hash_size;
34 : }
35 :
36 1273 : LIBSPDM_ASSERT(*out_bin_size >= final_size);
37 :
38 1273 : *out_bin_size = final_size;
39 :
40 1273 : libspdm_copy_mem(out_bin, *out_bin_size, &length, sizeof(uint16_t));
41 1273 : libspdm_copy_mem(out_bin + sizeof(uint16_t), *out_bin_size - sizeof(uint16_t),
42 : LIBSPDM_BIN_CONCAT_LABEL, sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1);
43 :
44 : /* Patch the version. */
45 1273 : out_bin[6] = (char)('0' + ((spdm_version >> 12) & 0xF));
46 1273 : out_bin[8] = (char)('0' + ((spdm_version >> 8) & 0xF));
47 1273 : libspdm_copy_mem(out_bin + sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1,
48 1273 : *out_bin_size - (sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1),
49 : label, label_size);
50 :
51 1273 : if (context != NULL) {
52 283 : libspdm_copy_mem(out_bin + sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) -
53 283 : 1 + label_size,
54 283 : *out_bin_size - (sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) -
55 : 1 + label_size), context, hash_size);
56 : }
57 :
58 : #undef LIBSPDM_BIN_CONCAT_LABEL
59 1273 : }
60 :
61 : /**
62 : * This function generates SPDM AEAD key and IV for a session.
63 : *
64 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
65 : * @param major_secret The major secret.
66 : * @param key The buffer to store the AEAD key.
67 : * @param iv The buffer to store the AEAD IV.
68 : *
69 : * @retval RETURN_SUCCESS SPDM AEAD key and IV for a session is generated.
70 : **/
71 288 : bool libspdm_generate_aead_key_and_iv(
72 : libspdm_secured_message_context_t *secured_message_context,
73 : const uint8_t *major_secret, uint8_t *key, uint8_t *iv)
74 : {
75 : bool status;
76 : size_t hash_size;
77 : size_t key_length;
78 : size_t iv_length;
79 : uint8_t bin_str5[128];
80 : size_t bin_str5_size;
81 : uint8_t bin_str6[128];
82 : size_t bin_str6_size;
83 :
84 288 : hash_size = secured_message_context->hash_size;
85 288 : key_length = secured_message_context->aead_key_size;
86 288 : iv_length = secured_message_context->aead_iv_size;
87 :
88 288 : bin_str5_size = sizeof(bin_str5);
89 288 : libspdm_bin_concat(secured_message_context->version,
90 : SPDM_BIN_STR_5_LABEL, sizeof(SPDM_BIN_STR_5_LABEL) - 1,
91 288 : NULL, (uint16_t)key_length, hash_size, bin_str5,
92 : &bin_str5_size);
93 :
94 288 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str5 (0x%zx):\n", bin_str5_size));
95 288 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str5, bin_str5_size);
96 288 : status = libspdm_hkdf_expand(secured_message_context->base_hash_algo,
97 : major_secret, hash_size, bin_str5,
98 : bin_str5_size, key, key_length);
99 288 : if (!status) {
100 0 : return false;
101 : }
102 288 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "key (0x%zx) - ", key_length));
103 288 : LIBSPDM_INTERNAL_DUMP_DATA(key, key_length);
104 288 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
105 :
106 288 : bin_str6_size = sizeof(bin_str6);
107 288 : libspdm_bin_concat(secured_message_context->version,
108 : SPDM_BIN_STR_6_LABEL, sizeof(SPDM_BIN_STR_6_LABEL) - 1,
109 288 : NULL, (uint16_t)iv_length, hash_size, bin_str6,
110 : &bin_str6_size);
111 :
112 288 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str6 (0x%zx):\n", bin_str6_size));
113 288 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str6, bin_str6_size);
114 288 : status = libspdm_hkdf_expand(secured_message_context->base_hash_algo,
115 : major_secret, hash_size, bin_str6,
116 : bin_str6_size, iv, iv_length);
117 288 : if (!status) {
118 0 : return false;
119 : }
120 288 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "iv (0x%zx) - ", iv_length));
121 288 : LIBSPDM_INTERNAL_DUMP_DATA(iv, iv_length);
122 288 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
123 :
124 288 : return true;
125 : }
126 :
127 : /**
128 : * This function generates SPDM finished_key for a session.
129 : *
130 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
131 : * @param handshake_secret The handshake secret.
132 : * @param finished_key The buffer to store the finished key.
133 : *
134 : * @retval RETURN_SUCCESS SPDM finished_key for a session is generated.
135 : **/
136 114 : bool libspdm_generate_finished_key(
137 : libspdm_secured_message_context_t *secured_message_context,
138 : const uint8_t *handshake_secret, uint8_t *finished_key)
139 : {
140 : bool status;
141 : size_t hash_size;
142 : uint8_t bin_str7[128];
143 : size_t bin_str7_size;
144 :
145 114 : hash_size = secured_message_context->hash_size;
146 :
147 114 : bin_str7_size = sizeof(bin_str7);
148 114 : libspdm_bin_concat(secured_message_context->version,
149 : SPDM_BIN_STR_7_LABEL, sizeof(SPDM_BIN_STR_7_LABEL) - 1,
150 114 : NULL, (uint16_t)hash_size, hash_size, bin_str7,
151 : &bin_str7_size);
152 :
153 114 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str7 (0x%zx):\n", bin_str7_size));
154 114 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str7, bin_str7_size);
155 114 : status = libspdm_hkdf_expand(secured_message_context->base_hash_algo,
156 : handshake_secret, hash_size, bin_str7,
157 : bin_str7_size, finished_key, hash_size);
158 114 : if (!status) {
159 0 : return false;
160 : }
161 114 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "finished_key (0x%zx) - ", hash_size));
162 114 : LIBSPDM_INTERNAL_DUMP_DATA(finished_key, hash_size);
163 114 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
164 :
165 114 : return true;
166 : }
167 :
168 : /**
169 : * This function generates SPDM HandshakeKey for a session.
170 : *
171 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
172 : * @param th1_hash_data th1 hash
173 : *
174 : * @retval RETURN_SUCCESS SPDM HandshakeKey for a session is generated.
175 : **/
176 57 : bool libspdm_generate_session_handshake_key(void *spdm_secured_message_context,
177 : const uint8_t *th1_hash_data)
178 : {
179 : bool status;
180 : size_t hash_size;
181 : uint8_t bin_str1[128];
182 : size_t bin_str1_size;
183 : uint8_t bin_str2[128];
184 : size_t bin_str2_size;
185 : libspdm_secured_message_context_t *secured_message_context;
186 : uint8_t salt0[LIBSPDM_MAX_HASH_SIZE];
187 :
188 57 : secured_message_context = spdm_secured_message_context;
189 :
190 57 : hash_size = secured_message_context->hash_size;
191 :
192 57 : if (!(secured_message_context->use_psk)) {
193 31 : if (secured_message_context->kem_alg != 0) {
194 0 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "[KEM Secret]: "));
195 : } else {
196 31 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "[DHE Secret]: "));
197 : }
198 31 : LIBSPDM_INTERNAL_DUMP_HEX_STR(
199 : secured_message_context->master_secret.shared_secret,
200 : secured_message_context->shared_key_size);
201 31 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
202 31 : libspdm_zero_mem(salt0, sizeof(salt0));
203 31 : status = libspdm_hkdf_extract(
204 : secured_message_context->base_hash_algo,
205 31 : secured_message_context->master_secret.shared_secret,
206 : secured_message_context->shared_key_size,
207 : salt0, hash_size,
208 31 : secured_message_context->master_secret.handshake_secret, hash_size);
209 31 : if (!status) {
210 0 : return false;
211 : }
212 31 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "handshake_secret (0x%zx) - ", hash_size));
213 31 : LIBSPDM_INTERNAL_DUMP_DATA(
214 : secured_message_context->master_secret.handshake_secret,
215 : hash_size);
216 31 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
217 : }
218 :
219 57 : bin_str1_size = sizeof(bin_str1);
220 57 : libspdm_bin_concat(secured_message_context->version,
221 : SPDM_BIN_STR_1_LABEL, sizeof(SPDM_BIN_STR_1_LABEL) - 1,
222 57 : th1_hash_data, (uint16_t)hash_size, hash_size,
223 : bin_str1, &bin_str1_size);
224 :
225 57 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str1 (0x%zx):\n", bin_str1_size));
226 57 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str1, bin_str1_size);
227 :
228 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
229 57 : if (secured_message_context->use_psk) {
230 26 : status = libspdm_psk_handshake_secret_hkdf_expand(
231 26 : secured_message_context->version,
232 : secured_message_context->base_hash_algo,
233 26 : secured_message_context->psk_hint,
234 : secured_message_context->psk_hint_size, bin_str1,
235 : bin_str1_size,
236 26 : secured_message_context->handshake_secret.request_handshake_secret,
237 : hash_size);
238 :
239 26 : if (!status) {
240 0 : return false;
241 : }
242 : }
243 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
244 57 : if (!(secured_message_context->use_psk)) {
245 31 : status = libspdm_hkdf_expand(
246 : secured_message_context->base_hash_algo,
247 31 : secured_message_context->master_secret.handshake_secret,
248 : hash_size, bin_str1, bin_str1_size,
249 31 : secured_message_context->handshake_secret.request_handshake_secret,
250 : hash_size);
251 :
252 31 : if (!status) {
253 0 : return false;
254 : }
255 : }
256 :
257 57 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "request_handshake_secret (0x%zx) - ", hash_size));
258 57 : LIBSPDM_INTERNAL_DUMP_DATA(secured_message_context->handshake_secret
259 : .request_handshake_secret,
260 : hash_size);
261 57 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
262 57 : bin_str2_size = sizeof(bin_str2);
263 57 : libspdm_bin_concat(secured_message_context->version,
264 : SPDM_BIN_STR_2_LABEL, sizeof(SPDM_BIN_STR_2_LABEL) - 1,
265 57 : th1_hash_data, (uint16_t)hash_size, hash_size,
266 : bin_str2, &bin_str2_size);
267 :
268 57 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str2 (0x%zx):\n", bin_str2_size));
269 57 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str2, bin_str2_size);
270 :
271 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
272 57 : if (secured_message_context->use_psk) {
273 26 : status = libspdm_psk_handshake_secret_hkdf_expand(
274 26 : secured_message_context->version,
275 : secured_message_context->base_hash_algo,
276 26 : secured_message_context->psk_hint,
277 : secured_message_context->psk_hint_size, bin_str2,
278 : bin_str2_size,
279 26 : secured_message_context->handshake_secret.response_handshake_secret,
280 : hash_size);
281 :
282 26 : if (!status) {
283 0 : return false;
284 : }
285 : }
286 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
287 57 : if (!(secured_message_context->use_psk)) {
288 31 : status = libspdm_hkdf_expand(
289 : secured_message_context->base_hash_algo,
290 31 : secured_message_context->master_secret.handshake_secret,
291 : hash_size, bin_str2, bin_str2_size,
292 31 : secured_message_context->handshake_secret.response_handshake_secret,
293 : hash_size);
294 :
295 31 : if (!status) {
296 0 : return false;
297 : }
298 : }
299 :
300 57 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "response_handshake_secret (0x%zx) - ", hash_size));
301 57 : LIBSPDM_INTERNAL_DUMP_DATA(secured_message_context->handshake_secret.response_handshake_secret,
302 : hash_size);
303 57 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
304 :
305 57 : status = libspdm_generate_finished_key(
306 : secured_message_context,
307 : secured_message_context->handshake_secret
308 57 : .request_handshake_secret,
309 57 : secured_message_context->handshake_secret.request_finished_key);
310 57 : if (!status) {
311 0 : return status;
312 : }
313 :
314 57 : status = libspdm_generate_finished_key(
315 : secured_message_context,
316 57 : secured_message_context->handshake_secret.response_handshake_secret,
317 57 : secured_message_context->handshake_secret.response_finished_key);
318 57 : if (!status) {
319 0 : return status;
320 : }
321 :
322 57 : status = libspdm_generate_aead_key_and_iv(secured_message_context,
323 : secured_message_context->handshake_secret
324 57 : .request_handshake_secret,
325 : secured_message_context->handshake_secret
326 57 : .request_handshake_encryption_key,
327 : secured_message_context->handshake_secret
328 57 : .request_handshake_salt);
329 57 : if (!status) {
330 0 : return status;
331 : }
332 57 : secured_message_context->handshake_secret.request_handshake_sequence_number = 0;
333 :
334 57 : status = libspdm_generate_aead_key_and_iv(
335 : secured_message_context,
336 57 : secured_message_context->handshake_secret.response_handshake_secret,
337 57 : secured_message_context->handshake_secret.response_handshake_encryption_key,
338 57 : secured_message_context->handshake_secret.response_handshake_salt);
339 57 : if (!status) {
340 0 : return status;
341 : }
342 :
343 57 : secured_message_context->handshake_secret.response_handshake_sequence_number = 0;
344 57 : libspdm_zero_mem(secured_message_context->master_secret.shared_secret, LIBSPDM_MAX_SHARED_KEY_SIZE);
345 :
346 57 : return true;
347 : }
348 :
349 : /**
350 : * This function generates SPDM DataKey for a session.
351 : *
352 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
353 : * @param th2_hash_data th2 hash
354 : *
355 : * @retval RETURN_SUCCESS SPDM DataKey for a session is generated.
356 : **/
357 36 : bool libspdm_generate_session_data_key(void *spdm_secured_message_context,
358 : const uint8_t *th2_hash_data)
359 : {
360 : bool status;
361 : size_t hash_size;
362 : uint8_t salt1[LIBSPDM_MAX_HASH_SIZE];
363 : uint8_t bin_str0[128];
364 : size_t bin_str0_size;
365 : uint8_t bin_str3[128];
366 : size_t bin_str3_size;
367 : uint8_t bin_str4[128];
368 : size_t bin_str4_size;
369 : uint8_t bin_str8[128];
370 : size_t bin_str8_size;
371 : libspdm_secured_message_context_t *secured_message_context;
372 : uint8_t zero_filled_buffer[LIBSPDM_MAX_HASH_SIZE];
373 :
374 36 : secured_message_context = spdm_secured_message_context;
375 :
376 36 : hash_size = secured_message_context->hash_size;
377 :
378 36 : if (!(secured_message_context->use_psk)) {
379 23 : bin_str0_size = sizeof(bin_str0);
380 23 : libspdm_bin_concat(secured_message_context->version,
381 : SPDM_BIN_STR_0_LABEL,
382 : sizeof(SPDM_BIN_STR_0_LABEL) - 1, NULL,
383 23 : (uint16_t)hash_size, hash_size, bin_str0,
384 : &bin_str0_size);
385 :
386 23 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str0 (0x%zx):\n", bin_str0_size));
387 23 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str0, bin_str0_size);
388 :
389 23 : status = libspdm_hkdf_expand(
390 : secured_message_context->base_hash_algo,
391 23 : secured_message_context->master_secret.handshake_secret,
392 : hash_size, bin_str0, bin_str0_size, salt1, hash_size);
393 23 : if (!status) {
394 0 : return false;
395 : }
396 23 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "salt1 (0x%zx) - ", hash_size));
397 23 : LIBSPDM_INTERNAL_DUMP_DATA(salt1, hash_size);
398 23 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
399 :
400 23 : libspdm_zero_mem(zero_filled_buffer, sizeof(zero_filled_buffer));
401 23 : status = libspdm_hkdf_extract(
402 : secured_message_context->base_hash_algo,
403 : zero_filled_buffer, hash_size, salt1, hash_size,
404 23 : secured_message_context->master_secret.master_secret, hash_size);
405 23 : if (!status) {
406 0 : goto cleanup;
407 : }
408 23 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "master_secret (0x%zx) - ", hash_size));
409 23 : LIBSPDM_INTERNAL_DUMP_DATA(
410 : secured_message_context->master_secret.master_secret,
411 : hash_size);
412 23 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
413 : }
414 :
415 36 : bin_str3_size = sizeof(bin_str3);
416 36 : libspdm_bin_concat(secured_message_context->version,
417 : SPDM_BIN_STR_3_LABEL, sizeof(SPDM_BIN_STR_3_LABEL) - 1,
418 36 : th2_hash_data, (uint16_t)hash_size, hash_size,
419 : bin_str3, &bin_str3_size);
420 :
421 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str3 (0x%zx):\n", bin_str3_size));
422 36 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str3, bin_str3_size);
423 :
424 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
425 36 : if (secured_message_context->use_psk) {
426 13 : status = libspdm_psk_master_secret_hkdf_expand(
427 13 : secured_message_context->version,
428 : secured_message_context->base_hash_algo,
429 13 : secured_message_context->psk_hint,
430 : secured_message_context->psk_hint_size, bin_str3,
431 : bin_str3_size,
432 13 : secured_message_context->application_secret.request_data_secret,
433 : hash_size);
434 :
435 13 : if (!status) {
436 0 : goto cleanup;
437 : }
438 : }
439 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
440 36 : if (!(secured_message_context->use_psk)) {
441 23 : status = libspdm_hkdf_expand(
442 : secured_message_context->base_hash_algo,
443 23 : secured_message_context->master_secret.master_secret,
444 : hash_size, bin_str3, bin_str3_size,
445 23 : secured_message_context->application_secret.request_data_secret,
446 : hash_size);
447 :
448 23 : if (!status) {
449 0 : goto cleanup;
450 : }
451 : }
452 :
453 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "request_data_secret (0x%zx) - ", hash_size));
454 36 : LIBSPDM_INTERNAL_DUMP_DATA(
455 : secured_message_context->application_secret.request_data_secret,
456 : hash_size);
457 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
458 36 : bin_str4_size = sizeof(bin_str4);
459 36 : libspdm_bin_concat(secured_message_context->version,
460 : SPDM_BIN_STR_4_LABEL, sizeof(SPDM_BIN_STR_4_LABEL) - 1,
461 36 : th2_hash_data, (uint16_t)hash_size, hash_size,
462 : bin_str4, &bin_str4_size);
463 :
464 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str4 (0x%zx):\n", bin_str4_size));
465 36 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str4, bin_str4_size);
466 :
467 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
468 36 : if (secured_message_context->use_psk) {
469 13 : status = libspdm_psk_master_secret_hkdf_expand(
470 13 : secured_message_context->version,
471 : secured_message_context->base_hash_algo,
472 13 : secured_message_context->psk_hint,
473 : secured_message_context->psk_hint_size, bin_str4,
474 : bin_str4_size,
475 13 : secured_message_context->application_secret.response_data_secret,
476 : hash_size);
477 :
478 13 : if (!status) {
479 0 : goto cleanup;
480 : }
481 : }
482 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
483 36 : if (!(secured_message_context->use_psk)) {
484 23 : status = libspdm_hkdf_expand(
485 : secured_message_context->base_hash_algo,
486 23 : secured_message_context->master_secret.master_secret,
487 : hash_size, bin_str4, bin_str4_size,
488 23 : secured_message_context->application_secret.response_data_secret,
489 : hash_size);
490 :
491 23 : if (!status) {
492 0 : goto cleanup;
493 : }
494 : }
495 :
496 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "response_data_secret (0x%zx) - ", hash_size));
497 36 : LIBSPDM_INTERNAL_DUMP_DATA(
498 : secured_message_context->application_secret.response_data_secret,
499 : hash_size);
500 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
501 :
502 36 : bin_str8_size = sizeof(bin_str8);
503 36 : libspdm_bin_concat(secured_message_context->version,
504 : SPDM_BIN_STR_8_LABEL, sizeof(SPDM_BIN_STR_8_LABEL) - 1,
505 36 : th2_hash_data, (uint16_t)hash_size, hash_size,
506 : bin_str8, &bin_str8_size);
507 :
508 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str8 (0x%zx):\n", bin_str8_size));
509 36 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str8, bin_str8_size);
510 :
511 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
512 36 : if (secured_message_context->use_psk) {
513 13 : status = libspdm_psk_master_secret_hkdf_expand(
514 13 : secured_message_context->version,
515 : secured_message_context->base_hash_algo,
516 13 : secured_message_context->psk_hint,
517 : secured_message_context->psk_hint_size, bin_str8,
518 : bin_str8_size,
519 13 : secured_message_context->export_master_secret,
520 : hash_size);
521 :
522 13 : if (!status) {
523 0 : goto cleanup;
524 : }
525 : }
526 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
527 36 : if (!(secured_message_context->use_psk)) {
528 23 : status = libspdm_hkdf_expand(
529 : secured_message_context->base_hash_algo,
530 23 : secured_message_context->master_secret.master_secret,
531 : hash_size, bin_str8, bin_str8_size,
532 23 : secured_message_context->export_master_secret,
533 : hash_size);
534 :
535 23 : if (!status) {
536 0 : goto cleanup;
537 : }
538 : }
539 :
540 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "export_master_secret (0x%zx) - ", hash_size));
541 36 : LIBSPDM_INTERNAL_DUMP_DATA(
542 : secured_message_context->export_master_secret, hash_size);
543 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
544 :
545 36 : status = libspdm_generate_aead_key_and_iv(
546 : secured_message_context,
547 36 : secured_message_context->application_secret.request_data_secret,
548 36 : secured_message_context->application_secret.request_data_encryption_key,
549 36 : secured_message_context->application_secret.request_data_salt);
550 36 : if (!status) {
551 0 : goto cleanup;
552 : }
553 36 : secured_message_context->application_secret.request_data_sequence_number = 0;
554 :
555 36 : status = libspdm_generate_aead_key_and_iv(
556 : secured_message_context,
557 36 : secured_message_context->application_secret.response_data_secret,
558 36 : secured_message_context->application_secret.response_data_encryption_key,
559 36 : secured_message_context->application_secret.response_data_salt);
560 36 : if (!status) {
561 0 : goto cleanup;
562 : }
563 36 : secured_message_context->application_secret.response_data_sequence_number = 0;
564 :
565 36 : cleanup:
566 : /*zero salt1 for security*/
567 36 : libspdm_zero_mem(salt1, hash_size);
568 36 : return status;
569 : }
570 :
571 : /**
572 : * This function creates the updates of SPDM DataKey for a session.
573 : *
574 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
575 : * @param action Indicate of the key update action.
576 : *
577 : * @retval RETURN_SUCCESS SPDM DataKey update is created.
578 : **/
579 102 : bool libspdm_create_update_session_data_key(void *spdm_secured_message_context,
580 : libspdm_key_update_action_t action)
581 : {
582 : bool status;
583 : size_t hash_size;
584 : uint8_t bin_str9[128];
585 : size_t bin_str9_size;
586 : libspdm_secured_message_context_t *secured_message_context;
587 :
588 102 : secured_message_context = spdm_secured_message_context;
589 :
590 102 : hash_size = secured_message_context->hash_size;
591 :
592 102 : bin_str9_size = sizeof(bin_str9);
593 102 : libspdm_bin_concat(secured_message_context->version,
594 : SPDM_BIN_STR_9_LABEL, sizeof(SPDM_BIN_STR_9_LABEL) - 1,
595 102 : NULL, (uint16_t)hash_size, hash_size, bin_str9,
596 : &bin_str9_size);
597 :
598 102 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str9 (0x%zx):\n", bin_str9_size));
599 102 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str9, bin_str9_size);
600 :
601 102 : if (action == LIBSPDM_KEY_UPDATE_ACTION_REQUESTER) {
602 40 : libspdm_copy_mem(&secured_message_context->application_secret_backup
603 : .request_data_secret,
604 : sizeof(secured_message_context->application_secret_backup
605 : .request_data_secret),
606 40 : &secured_message_context->application_secret
607 : .request_data_secret,
608 : LIBSPDM_MAX_HASH_SIZE);
609 40 : libspdm_copy_mem(&secured_message_context->application_secret_backup
610 : .request_data_encryption_key,
611 : sizeof(secured_message_context->application_secret_backup
612 : .request_data_encryption_key),
613 40 : &secured_message_context->application_secret
614 : .request_data_encryption_key,
615 : LIBSPDM_MAX_AEAD_KEY_SIZE);
616 40 : libspdm_copy_mem(&secured_message_context->application_secret_backup
617 : .request_data_salt,
618 : sizeof(secured_message_context->application_secret_backup
619 : .request_data_salt),
620 40 : &secured_message_context->application_secret
621 : .request_data_salt,
622 : LIBSPDM_MAX_AEAD_IV_SIZE);
623 : secured_message_context->application_secret_backup
624 40 : .request_data_sequence_number =
625 40 : secured_message_context->application_secret.request_data_sequence_number;
626 :
627 40 : status = libspdm_hkdf_expand(
628 : secured_message_context->base_hash_algo,
629 40 : secured_message_context->application_secret.request_data_secret,
630 : hash_size, bin_str9, bin_str9_size,
631 40 : secured_message_context->application_secret.request_data_secret,
632 : hash_size);
633 40 : if (!status) {
634 0 : return false;
635 : }
636 40 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "RequestDataSecretUpdate (0x%zx) - ", hash_size));
637 40 : LIBSPDM_INTERNAL_DUMP_DATA(secured_message_context->application_secret.request_data_secret,
638 : hash_size);
639 40 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
640 :
641 40 : status = libspdm_generate_aead_key_and_iv(
642 : secured_message_context,
643 40 : secured_message_context->application_secret.request_data_secret,
644 40 : secured_message_context->application_secret.request_data_encryption_key,
645 40 : secured_message_context->application_secret.request_data_salt);
646 40 : if (!status) {
647 0 : return status;
648 : }
649 40 : secured_message_context->application_secret.request_data_sequence_number = 0;
650 :
651 40 : secured_message_context->requester_backup_valid = true;
652 62 : } else if (action == LIBSPDM_KEY_UPDATE_ACTION_RESPONDER) {
653 62 : libspdm_copy_mem(&secured_message_context->application_secret_backup
654 : .response_data_secret,
655 : sizeof(secured_message_context->application_secret_backup
656 : .response_data_secret),
657 62 : &secured_message_context->application_secret
658 : .response_data_secret,
659 : LIBSPDM_MAX_HASH_SIZE);
660 62 : libspdm_copy_mem(&secured_message_context->application_secret_backup
661 : .response_data_encryption_key,
662 : sizeof(secured_message_context->application_secret_backup
663 : .response_data_encryption_key),
664 62 : &secured_message_context->application_secret
665 : .response_data_encryption_key,
666 : LIBSPDM_MAX_AEAD_KEY_SIZE);
667 62 : libspdm_copy_mem(&secured_message_context->application_secret_backup
668 : .response_data_salt,
669 : sizeof(secured_message_context->application_secret_backup
670 : .response_data_salt),
671 62 : &secured_message_context->application_secret
672 : .response_data_salt,
673 : LIBSPDM_MAX_AEAD_IV_SIZE);
674 : secured_message_context->application_secret_backup
675 62 : .response_data_sequence_number =
676 62 : secured_message_context->application_secret.response_data_sequence_number;
677 :
678 62 : status = libspdm_hkdf_expand(
679 : secured_message_context->base_hash_algo,
680 62 : secured_message_context->application_secret.response_data_secret,
681 : hash_size, bin_str9, bin_str9_size,
682 62 : secured_message_context->application_secret.response_data_secret,
683 : hash_size);
684 62 : if (!status) {
685 0 : return false;
686 : }
687 62 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ResponseDataSecretUpdate (0x%zx) - ",
688 : hash_size));
689 62 : LIBSPDM_INTERNAL_DUMP_DATA(secured_message_context->application_secret.response_data_secret,
690 : hash_size);
691 62 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
692 :
693 62 : status = libspdm_generate_aead_key_and_iv(
694 : secured_message_context,
695 62 : secured_message_context->application_secret.response_data_secret,
696 62 : secured_message_context->application_secret.response_data_encryption_key,
697 62 : secured_message_context->application_secret.response_data_salt);
698 62 : if (!status) {
699 0 : return status;
700 : }
701 62 : secured_message_context->application_secret.response_data_sequence_number = 0;
702 :
703 62 : secured_message_context->responder_backup_valid = true;
704 : } else {
705 0 : return false;
706 : }
707 :
708 102 : return true;
709 : }
710 :
711 221 : void libspdm_clear_handshake_secret(void *spdm_secured_message_context)
712 : {
713 : libspdm_secured_message_context_t *secured_message_context;
714 :
715 221 : secured_message_context = spdm_secured_message_context;
716 :
717 221 : libspdm_zero_mem(secured_message_context->master_secret.handshake_secret,
718 : LIBSPDM_MAX_HASH_SIZE);
719 221 : libspdm_zero_mem(&(secured_message_context->handshake_secret),
720 : sizeof(libspdm_session_info_struct_handshake_secret_t));
721 :
722 221 : secured_message_context->requester_backup_valid = false;
723 221 : secured_message_context->responder_backup_valid = false;
724 221 : }
725 :
726 221 : void libspdm_clear_master_secret(void *spdm_secured_message_context)
727 : {
728 : libspdm_secured_message_context_t *secured_message_context;
729 :
730 221 : secured_message_context = spdm_secured_message_context;
731 :
732 221 : libspdm_zero_mem(secured_message_context->master_secret.master_secret, LIBSPDM_MAX_HASH_SIZE);
733 221 : }
734 :
735 : /**
736 : * This function activates the update of SPDM DataKey for a session.
737 : *
738 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
739 : * @param action Indicate of the key update action.
740 : * @param use_new_key Indicate if the new key should be used.
741 : *
742 : * @retval RETURN_SUCCESS SPDM DataKey update is activated.
743 : **/
744 93 : bool libspdm_activate_update_session_data_key(void *spdm_secured_message_context,
745 : libspdm_key_update_action_t action,
746 : bool use_new_key)
747 : {
748 : libspdm_secured_message_context_t *secured_message_context;
749 :
750 93 : secured_message_context = spdm_secured_message_context;
751 :
752 93 : if (!use_new_key) {
753 52 : if ((action == LIBSPDM_KEY_UPDATE_ACTION_REQUESTER) &&
754 0 : secured_message_context->requester_backup_valid) {
755 0 : libspdm_copy_mem(&secured_message_context->application_secret
756 : .request_data_secret,
757 : sizeof(secured_message_context->application_secret
758 : .request_data_secret),
759 0 : &secured_message_context
760 : ->application_secret_backup
761 : .request_data_secret,
762 : LIBSPDM_MAX_HASH_SIZE);
763 0 : libspdm_copy_mem(&secured_message_context->application_secret
764 : .request_data_encryption_key,
765 : sizeof(secured_message_context->application_secret
766 : .request_data_encryption_key),
767 0 : &secured_message_context
768 : ->application_secret_backup
769 : .request_data_encryption_key,
770 : LIBSPDM_MAX_AEAD_KEY_SIZE);
771 0 : libspdm_copy_mem(&secured_message_context->application_secret
772 : .request_data_salt,
773 : sizeof(secured_message_context->application_secret
774 : .request_data_salt),
775 0 : &secured_message_context
776 : ->application_secret_backup
777 : .request_data_salt,
778 : LIBSPDM_MAX_AEAD_IV_SIZE);
779 : secured_message_context->application_secret
780 0 : .request_data_sequence_number =
781 0 : secured_message_context->application_secret_backup.request_data_sequence_number;
782 52 : } else if ((action == LIBSPDM_KEY_UPDATE_ACTION_RESPONDER) &&
783 52 : secured_message_context->responder_backup_valid) {
784 52 : libspdm_copy_mem(&secured_message_context->application_secret
785 : .response_data_secret,
786 : sizeof(secured_message_context->application_secret
787 : .response_data_secret),
788 52 : &secured_message_context
789 : ->application_secret_backup
790 : .response_data_secret,
791 : LIBSPDM_MAX_HASH_SIZE);
792 52 : libspdm_copy_mem(&secured_message_context->application_secret
793 : .response_data_encryption_key,
794 : sizeof(secured_message_context->application_secret
795 : .response_data_encryption_key),
796 52 : &secured_message_context
797 : ->application_secret_backup
798 : .response_data_encryption_key,
799 : LIBSPDM_MAX_AEAD_KEY_SIZE);
800 52 : libspdm_copy_mem(&secured_message_context->application_secret
801 : .response_data_salt,
802 : sizeof(secured_message_context->application_secret
803 : .response_data_salt),
804 52 : &secured_message_context
805 : ->application_secret_backup
806 : .response_data_salt,
807 : LIBSPDM_MAX_AEAD_IV_SIZE);
808 52 : secured_message_context->application_secret.response_data_sequence_number =
809 52 : secured_message_context->application_secret_backup.response_data_sequence_number;
810 : }
811 : }
812 :
813 93 : if (action == LIBSPDM_KEY_UPDATE_ACTION_REQUESTER) {
814 35 : libspdm_zero_mem(&secured_message_context->application_secret_backup.request_data_secret,
815 : LIBSPDM_MAX_HASH_SIZE);
816 35 : libspdm_zero_mem(&secured_message_context->application_secret_backup
817 : .request_data_encryption_key,
818 : LIBSPDM_MAX_AEAD_KEY_SIZE);
819 35 : libspdm_zero_mem(&secured_message_context->application_secret_backup.request_data_salt,
820 : LIBSPDM_MAX_AEAD_IV_SIZE);
821 35 : secured_message_context->application_secret_backup.request_data_sequence_number = 0;
822 35 : secured_message_context->requester_backup_valid = false;
823 58 : } else if (action == LIBSPDM_KEY_UPDATE_ACTION_RESPONDER) {
824 58 : libspdm_zero_mem(&secured_message_context->application_secret_backup.response_data_secret,
825 : LIBSPDM_MAX_HASH_SIZE);
826 58 : libspdm_zero_mem(&secured_message_context->application_secret_backup
827 : .response_data_encryption_key,
828 : LIBSPDM_MAX_AEAD_KEY_SIZE);
829 58 : libspdm_zero_mem(&secured_message_context->application_secret_backup.response_data_salt,
830 : LIBSPDM_MAX_AEAD_IV_SIZE);
831 58 : secured_message_context->application_secret_backup.response_data_sequence_number = 0;
832 58 : secured_message_context->responder_backup_valid = false;
833 : }
834 :
835 93 : return true;
836 : }
837 :
838 : /**
839 : * Allocates and initializes one HMAC context for subsequent use, with request_finished_key.
840 : *
841 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
842 : *
843 : * @return Pointer to the HMAC context that has been initialized.
844 : **/
845 0 : void *libspdm_hmac_new_with_request_finished_key(void *spdm_secured_message_context)
846 : {
847 : libspdm_secured_message_context_t *secured_message_context;
848 :
849 0 : secured_message_context = spdm_secured_message_context;
850 0 : return libspdm_hmac_new(secured_message_context->base_hash_algo);
851 : }
852 :
853 : /**
854 : * Release the specified HMAC context, with request_finished_key.
855 : *
856 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
857 : * @param hmac_ctx Pointer to the HMAC context to be released.
858 : **/
859 0 : void libspdm_hmac_free_with_request_finished_key(
860 : void *spdm_secured_message_context, void *hmac_ctx)
861 : {
862 : libspdm_secured_message_context_t *secured_message_context;
863 :
864 0 : secured_message_context = spdm_secured_message_context;
865 0 : libspdm_hmac_free(secured_message_context->base_hash_algo, hmac_ctx);
866 0 : }
867 :
868 : /**
869 : * Set request_finished_key for subsequent use. It must be done before any
870 : * calling to hmac_update().
871 : *
872 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
873 : * @param hmac_ctx Pointer to HMAC context.
874 : *
875 : * @retval true The key is set successfully.
876 : * @retval false The key is set unsuccessfully.
877 : **/
878 0 : bool libspdm_hmac_init_with_request_finished_key(
879 : void *spdm_secured_message_context, void *hmac_ctx)
880 : {
881 : libspdm_secured_message_context_t *secured_message_context;
882 :
883 0 : secured_message_context = spdm_secured_message_context;
884 0 : return libspdm_hmac_init(
885 : secured_message_context->base_hash_algo, hmac_ctx,
886 0 : secured_message_context->handshake_secret.request_finished_key,
887 : secured_message_context->hash_size);
888 : }
889 :
890 : /**
891 : * Makes a copy of an existing HMAC context, with request_finished_key.
892 : *
893 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
894 : * @param hmac_ctx Pointer to HMAC context being copied.
895 : * @param new_hmac_ctx Pointer to new HMAC context.
896 : *
897 : * @retval true HMAC context copy succeeded.
898 : * @retval false HMAC context copy failed.
899 : **/
900 0 : bool libspdm_hmac_duplicate_with_request_finished_key(
901 : void *spdm_secured_message_context,
902 : const void *hmac_ctx, void *new_hmac_ctx)
903 : {
904 : libspdm_secured_message_context_t *secured_message_context;
905 :
906 0 : secured_message_context = spdm_secured_message_context;
907 0 : return libspdm_hmac_duplicate(secured_message_context->base_hash_algo, hmac_ctx, new_hmac_ctx);
908 : }
909 :
910 : /**
911 : * Digests the input data and updates HMAC context, with request_finished_key.
912 : *
913 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
914 : * @param hmac_ctx Pointer to HMAC context being copied.
915 : * @param data Pointer to the buffer containing the data to be digested.
916 : * @param data_size size of data buffer in bytes.
917 : *
918 : * @retval true HMAC data digest succeeded.
919 : * @retval false HMAC data digest failed.
920 : **/
921 0 : bool libspdm_hmac_update_with_request_finished_key(
922 : void *spdm_secured_message_context,
923 : void *hmac_ctx, const void *data,
924 : size_t data_size)
925 : {
926 : libspdm_secured_message_context_t *secured_message_context;
927 :
928 0 : secured_message_context = spdm_secured_message_context;
929 0 : return libspdm_hmac_update(secured_message_context->base_hash_algo, hmac_ctx, data, data_size);
930 : }
931 :
932 : /**
933 : * Completes computation of the HMAC digest value, with request_finished_key.
934 : *
935 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
936 : * @param hmac_ctx Pointer to HMAC context being copied.
937 : * @param hmac_value Pointer to a buffer that receives the HMAC digest value
938 : *
939 : * @retval true HMAC data digest succeeded.
940 : * @retval false HMAC data digest failed.
941 : **/
942 0 : bool libspdm_hmac_final_with_request_finished_key(
943 : void *spdm_secured_message_context,
944 : void *hmac_ctx, uint8_t *hmac_value)
945 : {
946 : libspdm_secured_message_context_t *secured_message_context;
947 :
948 0 : secured_message_context = spdm_secured_message_context;
949 0 : return libspdm_hmac_final(secured_message_context->base_hash_algo, hmac_ctx, hmac_value);
950 : }
951 :
952 : /**
953 : * Computes the HMAC of a input data buffer, with request_finished_key.
954 : *
955 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
956 : * @param data Pointer to the buffer containing the data to be HMACed.
957 : * @param data_size size of data buffer in bytes.
958 : * @param hash_value Pointer to a buffer that receives the HMAC value.
959 : *
960 : * @retval true HMAC computation succeeded.
961 : * @retval false HMAC computation failed.
962 : **/
963 93 : bool libspdm_hmac_all_with_request_finished_key(void *spdm_secured_message_context,
964 : const void *data, size_t data_size,
965 : uint8_t *hmac_value)
966 : {
967 : libspdm_secured_message_context_t *secured_message_context;
968 :
969 93 : secured_message_context = spdm_secured_message_context;
970 186 : return libspdm_hmac_all(
971 : secured_message_context->base_hash_algo, data, data_size,
972 93 : secured_message_context->handshake_secret.request_finished_key,
973 : secured_message_context->hash_size, hmac_value);
974 : }
975 :
976 : /**
977 : * Allocates and initializes one HMAC context for subsequent use, with response_finished_key.
978 : *
979 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
980 : *
981 : * @return Pointer to the HMAC context that has been initialized.
982 : **/
983 0 : void *libspdm_hmac_new_with_response_finished_key(void *spdm_secured_message_context)
984 : {
985 : libspdm_secured_message_context_t *secured_message_context;
986 :
987 0 : secured_message_context = spdm_secured_message_context;
988 0 : return libspdm_hmac_new(secured_message_context->base_hash_algo);
989 : }
990 :
991 : /**
992 : * Release the specified HMAC context, with response_finished_key.
993 : *
994 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
995 : * @param hmac_ctx Pointer to the HMAC context to be released.
996 : **/
997 0 : void libspdm_hmac_free_with_response_finished_key(
998 : void *spdm_secured_message_context, void *hmac_ctx)
999 : {
1000 : libspdm_secured_message_context_t *secured_message_context;
1001 :
1002 0 : secured_message_context = spdm_secured_message_context;
1003 0 : libspdm_hmac_free(secured_message_context->base_hash_algo, hmac_ctx);
1004 0 : }
1005 :
1006 : /**
1007 : * Set response_finished_key for subsequent use. It must be done before any
1008 : * calling to hmac_update().
1009 : *
1010 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
1011 : * @param hmac_ctx Pointer to HMAC context.
1012 : *
1013 : * @retval true The key is set successfully.
1014 : * @retval false The key is set unsuccessfully.
1015 : **/
1016 0 : bool libspdm_hmac_init_with_response_finished_key(
1017 : void *spdm_secured_message_context, void *hmac_ctx)
1018 : {
1019 : libspdm_secured_message_context_t *secured_message_context;
1020 :
1021 0 : secured_message_context = spdm_secured_message_context;
1022 0 : return libspdm_hmac_init(
1023 : secured_message_context->base_hash_algo, hmac_ctx,
1024 0 : secured_message_context->handshake_secret.response_finished_key,
1025 : secured_message_context->hash_size);
1026 : }
1027 :
1028 : /**
1029 : * Makes a copy of an existing HMAC context, with response_finished_key.
1030 : *
1031 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
1032 : * @param hmac_ctx Pointer to HMAC context being copied.
1033 : * @param new_hmac_ctx Pointer to new HMAC context.
1034 : *
1035 : * @retval true HMAC context copy succeeded.
1036 : * @retval false HMAC context copy failed.
1037 : **/
1038 0 : bool libspdm_hmac_duplicate_with_response_finished_key(
1039 : void *spdm_secured_message_context,
1040 : const void *hmac_ctx, void *new_hmac_ctx)
1041 : {
1042 : libspdm_secured_message_context_t *secured_message_context;
1043 :
1044 0 : secured_message_context = spdm_secured_message_context;
1045 0 : return libspdm_hmac_duplicate(secured_message_context->base_hash_algo, hmac_ctx, new_hmac_ctx);
1046 : }
1047 :
1048 : /**
1049 : * Digests the input data and updates HMAC context, with response_finished_key.
1050 : *
1051 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
1052 : * @param hmac_ctx Pointer to HMAC context being copied.
1053 : * @param data Pointer to the buffer containing the data to be digested.
1054 : * @param data_size size of data buffer in bytes.
1055 : *
1056 : * @retval true HMAC data digest succeeded.
1057 : * @retval false HMAC data digest failed.
1058 : **/
1059 0 : bool libspdm_hmac_update_with_response_finished_key(
1060 : void *spdm_secured_message_context,
1061 : void *hmac_ctx, const void *data,
1062 : size_t data_size)
1063 : {
1064 : libspdm_secured_message_context_t *secured_message_context;
1065 :
1066 0 : secured_message_context = spdm_secured_message_context;
1067 0 : return libspdm_hmac_update(secured_message_context->base_hash_algo, hmac_ctx, data, data_size);
1068 : }
1069 :
1070 : /**
1071 : * Completes computation of the HMAC digest value, with response_finished_key.
1072 : *
1073 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
1074 : * @param hmac_ctx Pointer to HMAC context being copied.
1075 : * @param hmac_value Pointer to a buffer that receives the HMAC digest value
1076 : *
1077 : * @retval true HMAC data digest succeeded.
1078 : * @retval false HMAC data digest failed.
1079 : **/
1080 0 : bool libspdm_hmac_final_with_response_finished_key(
1081 : void *spdm_secured_message_context,
1082 : void *hmac_ctx, uint8_t *hmac_value)
1083 : {
1084 : libspdm_secured_message_context_t *secured_message_context;
1085 :
1086 0 : secured_message_context = spdm_secured_message_context;
1087 0 : return libspdm_hmac_final(secured_message_context->base_hash_algo, hmac_ctx, hmac_value);
1088 : }
1089 :
1090 : /**
1091 : * Computes the HMAC of a input data buffer, with response_finished_key.
1092 : *
1093 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
1094 : * @param data Pointer to the buffer containing the data to be HMACed.
1095 : * @param data_size size of data buffer in bytes.
1096 : * @param hash_value Pointer to a buffer that receives the HMAC value.
1097 : *
1098 : * @retval true HMAC computation succeeded.
1099 : * @retval false HMAC computation failed.
1100 : **/
1101 74 : bool libspdm_hmac_all_with_response_finished_key(
1102 : void *spdm_secured_message_context, const void *data,
1103 : size_t data_size, uint8_t *hmac_value)
1104 : {
1105 : libspdm_secured_message_context_t *secured_message_context;
1106 :
1107 74 : secured_message_context = spdm_secured_message_context;
1108 148 : return libspdm_hmac_all(
1109 : secured_message_context->base_hash_algo, data, data_size,
1110 74 : secured_message_context->handshake_secret.response_finished_key,
1111 : secured_message_context->hash_size, hmac_value);
1112 : }
|