Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_secured_message_lib.h"
8 :
9 : /**
10 : * This function concatenates binary data, which is used as info in HKDF expand later.
11 : *
12 : * @param label An ascii string label for the libspdm_bin_concat.
13 : * @param label_size The size in bytes of the ASCII string label, not including NULL terminator.
14 : * @param context A pre-defined hash value as the context for the libspdm_bin_concat.
15 : * @param length 16 bits length for the libspdm_bin_concat.
16 : * @param hash_size The size in bytes of the context hash.
17 : * @param out_bin The buffer to store the output binary.
18 : * @param out_bin_size The size in bytes for the out_bin.
19 : **/
20 1283 : void libspdm_bin_concat(spdm_version_number_t spdm_version,
21 : const char *label, size_t label_size,
22 : const uint8_t *context, uint16_t length,
23 : size_t hash_size, uint8_t *out_bin,
24 : size_t *out_bin_size)
25 : {
26 : size_t final_size;
27 :
28 : /* The correct version characters (1.1 or 1.2) will replace the x.x. */
29 : #define LIBSPDM_BIN_CONCAT_LABEL "spdmx.x "
30 :
31 1283 : final_size = sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1 + label_size;
32 1283 : if (context != NULL) {
33 286 : final_size += hash_size;
34 : }
35 :
36 1283 : LIBSPDM_ASSERT(*out_bin_size >= final_size);
37 :
38 1283 : *out_bin_size = final_size;
39 :
40 1283 : libspdm_copy_mem(out_bin, *out_bin_size, &length, sizeof(uint16_t));
41 1283 : libspdm_copy_mem(out_bin + sizeof(uint16_t), *out_bin_size - sizeof(uint16_t),
42 : LIBSPDM_BIN_CONCAT_LABEL, sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1);
43 :
44 : /* Patch the version. */
45 1283 : out_bin[6] = (char)('0' + ((spdm_version >> 12) & 0xF));
46 1283 : out_bin[8] = (char)('0' + ((spdm_version >> 8) & 0xF));
47 1283 : libspdm_copy_mem(out_bin + sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1,
48 1283 : *out_bin_size - (sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1),
49 : label, label_size);
50 :
51 1283 : if (context != NULL) {
52 286 : libspdm_copy_mem(out_bin + sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) -
53 286 : 1 + label_size,
54 286 : *out_bin_size - (sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) -
55 : 1 + label_size), context, hash_size);
56 : }
57 :
58 : #undef LIBSPDM_BIN_CONCAT_LABEL
59 1283 : }
60 :
61 290 : bool libspdm_generate_aead_key_and_iv(
62 : libspdm_secured_message_context_t *secured_message_context,
63 : const uint8_t *major_secret, uint8_t *key, uint8_t *iv)
64 : {
65 : bool status;
66 : size_t hash_size;
67 : size_t key_length;
68 : size_t iv_length;
69 : uint8_t bin_str5[128];
70 : size_t bin_str5_size;
71 : uint8_t bin_str6[128];
72 : size_t bin_str6_size;
73 :
74 290 : hash_size = secured_message_context->hash_size;
75 290 : key_length = secured_message_context->aead_key_size;
76 290 : iv_length = secured_message_context->aead_iv_size;
77 :
78 290 : bin_str5_size = sizeof(bin_str5);
79 290 : libspdm_bin_concat(secured_message_context->version,
80 : SPDM_BIN_STR_5_LABEL, sizeof(SPDM_BIN_STR_5_LABEL) - 1,
81 290 : NULL, (uint16_t)key_length, hash_size, bin_str5,
82 : &bin_str5_size);
83 :
84 290 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str5 (0x%zx):\n", bin_str5_size));
85 290 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str5, bin_str5_size);
86 290 : status = libspdm_hkdf_expand(secured_message_context->base_hash_algo,
87 : major_secret, hash_size, bin_str5,
88 : bin_str5_size, key, key_length);
89 290 : if (!status) {
90 0 : return false;
91 : }
92 290 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "key (0x%zx) - ", key_length));
93 290 : LIBSPDM_INTERNAL_DUMP_DATA(key, key_length);
94 290 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
95 :
96 290 : bin_str6_size = sizeof(bin_str6);
97 290 : libspdm_bin_concat(secured_message_context->version,
98 : SPDM_BIN_STR_6_LABEL, sizeof(SPDM_BIN_STR_6_LABEL) - 1,
99 290 : NULL, (uint16_t)iv_length, hash_size, bin_str6,
100 : &bin_str6_size);
101 :
102 290 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str6 (0x%zx):\n", bin_str6_size));
103 290 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str6, bin_str6_size);
104 290 : status = libspdm_hkdf_expand(secured_message_context->base_hash_algo,
105 : major_secret, hash_size, bin_str6,
106 : bin_str6_size, iv, iv_length);
107 290 : if (!status) {
108 0 : return false;
109 : }
110 290 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "iv (0x%zx) - ", iv_length));
111 290 : LIBSPDM_INTERNAL_DUMP_DATA(iv, iv_length);
112 290 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
113 :
114 290 : return true;
115 : }
116 :
117 116 : bool libspdm_generate_finished_key(
118 : libspdm_secured_message_context_t *secured_message_context,
119 : const uint8_t *handshake_secret, uint8_t *finished_key)
120 : {
121 : bool status;
122 : size_t hash_size;
123 : uint8_t bin_str7[128];
124 : size_t bin_str7_size;
125 :
126 116 : hash_size = secured_message_context->hash_size;
127 :
128 116 : bin_str7_size = sizeof(bin_str7);
129 116 : libspdm_bin_concat(secured_message_context->version,
130 : SPDM_BIN_STR_7_LABEL, sizeof(SPDM_BIN_STR_7_LABEL) - 1,
131 116 : NULL, (uint16_t)hash_size, hash_size, bin_str7,
132 : &bin_str7_size);
133 :
134 116 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str7 (0x%zx):\n", bin_str7_size));
135 116 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str7, bin_str7_size);
136 116 : status = libspdm_hkdf_expand(secured_message_context->base_hash_algo,
137 : handshake_secret, hash_size, bin_str7,
138 : bin_str7_size, finished_key, hash_size);
139 116 : if (!status) {
140 0 : return false;
141 : }
142 116 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "finished_key (0x%zx) - ", hash_size));
143 116 : LIBSPDM_INTERNAL_DUMP_DATA(finished_key, hash_size);
144 116 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
145 :
146 116 : return true;
147 : }
148 :
149 58 : bool libspdm_generate_session_handshake_key(void *spdm_secured_message_context,
150 : const uint8_t *th1_hash_data)
151 : {
152 : bool status;
153 : size_t hash_size;
154 : uint8_t bin_str1[128];
155 : size_t bin_str1_size;
156 : uint8_t bin_str2[128];
157 : size_t bin_str2_size;
158 : libspdm_secured_message_context_t *secured_message_context;
159 : uint8_t salt0[LIBSPDM_MAX_HASH_SIZE];
160 :
161 58 : secured_message_context = spdm_secured_message_context;
162 :
163 58 : hash_size = secured_message_context->hash_size;
164 :
165 58 : if (!(secured_message_context->use_psk)) {
166 31 : if (secured_message_context->kem_alg != 0) {
167 0 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "[KEM Secret]: "));
168 : } else {
169 31 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "[DHE Secret]: "));
170 : }
171 31 : LIBSPDM_INTERNAL_DUMP_HEX_STR(
172 : secured_message_context->master_secret.shared_secret,
173 : secured_message_context->shared_key_size);
174 31 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
175 31 : libspdm_zero_mem(salt0, sizeof(salt0));
176 31 : status = libspdm_hkdf_extract(
177 : secured_message_context->base_hash_algo,
178 31 : secured_message_context->master_secret.shared_secret,
179 : secured_message_context->shared_key_size,
180 : salt0, hash_size,
181 31 : secured_message_context->master_secret.handshake_secret, hash_size);
182 31 : if (!status) {
183 0 : return false;
184 : }
185 31 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "handshake_secret (0x%zx) - ", hash_size));
186 31 : LIBSPDM_INTERNAL_DUMP_DATA(
187 : secured_message_context->master_secret.handshake_secret,
188 : hash_size);
189 31 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
190 : }
191 :
192 58 : bin_str1_size = sizeof(bin_str1);
193 58 : libspdm_bin_concat(secured_message_context->version,
194 : SPDM_BIN_STR_1_LABEL, sizeof(SPDM_BIN_STR_1_LABEL) - 1,
195 58 : th1_hash_data, (uint16_t)hash_size, hash_size,
196 : bin_str1, &bin_str1_size);
197 :
198 58 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str1 (0x%zx):\n", bin_str1_size));
199 58 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str1, bin_str1_size);
200 :
201 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
202 58 : if (secured_message_context->use_psk) {
203 27 : status = libspdm_psk_handshake_secret_hkdf_expand(
204 27 : secured_message_context->version,
205 : secured_message_context->base_hash_algo,
206 27 : secured_message_context->psk_hint,
207 : secured_message_context->psk_hint_size, bin_str1,
208 : bin_str1_size,
209 27 : secured_message_context->handshake_secret.request_handshake_secret,
210 : hash_size);
211 :
212 27 : if (!status) {
213 0 : return false;
214 : }
215 : }
216 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
217 58 : if (!(secured_message_context->use_psk)) {
218 31 : status = libspdm_hkdf_expand(
219 : secured_message_context->base_hash_algo,
220 31 : secured_message_context->master_secret.handshake_secret,
221 : hash_size, bin_str1, bin_str1_size,
222 31 : secured_message_context->handshake_secret.request_handshake_secret,
223 : hash_size);
224 :
225 31 : if (!status) {
226 0 : return false;
227 : }
228 : }
229 :
230 58 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "request_handshake_secret (0x%zx) - ", hash_size));
231 58 : LIBSPDM_INTERNAL_DUMP_DATA(secured_message_context->handshake_secret
232 : .request_handshake_secret,
233 : hash_size);
234 58 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
235 58 : bin_str2_size = sizeof(bin_str2);
236 58 : libspdm_bin_concat(secured_message_context->version,
237 : SPDM_BIN_STR_2_LABEL, sizeof(SPDM_BIN_STR_2_LABEL) - 1,
238 58 : th1_hash_data, (uint16_t)hash_size, hash_size,
239 : bin_str2, &bin_str2_size);
240 :
241 58 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str2 (0x%zx):\n", bin_str2_size));
242 58 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str2, bin_str2_size);
243 :
244 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
245 58 : if (secured_message_context->use_psk) {
246 27 : status = libspdm_psk_handshake_secret_hkdf_expand(
247 27 : secured_message_context->version,
248 : secured_message_context->base_hash_algo,
249 27 : secured_message_context->psk_hint,
250 : secured_message_context->psk_hint_size, bin_str2,
251 : bin_str2_size,
252 27 : secured_message_context->handshake_secret.response_handshake_secret,
253 : hash_size);
254 :
255 27 : if (!status) {
256 0 : return false;
257 : }
258 : }
259 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
260 58 : if (!(secured_message_context->use_psk)) {
261 31 : status = libspdm_hkdf_expand(
262 : secured_message_context->base_hash_algo,
263 31 : secured_message_context->master_secret.handshake_secret,
264 : hash_size, bin_str2, bin_str2_size,
265 31 : secured_message_context->handshake_secret.response_handshake_secret,
266 : hash_size);
267 :
268 31 : if (!status) {
269 0 : return false;
270 : }
271 : }
272 :
273 58 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "response_handshake_secret (0x%zx) - ", hash_size));
274 58 : LIBSPDM_INTERNAL_DUMP_DATA(secured_message_context->handshake_secret.response_handshake_secret,
275 : hash_size);
276 58 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
277 :
278 58 : status = libspdm_generate_finished_key(
279 : secured_message_context,
280 : secured_message_context->handshake_secret
281 58 : .request_handshake_secret,
282 58 : secured_message_context->handshake_secret.request_finished_key);
283 58 : if (!status) {
284 0 : return status;
285 : }
286 :
287 58 : status = libspdm_generate_finished_key(
288 : secured_message_context,
289 58 : secured_message_context->handshake_secret.response_handshake_secret,
290 58 : secured_message_context->handshake_secret.response_finished_key);
291 58 : if (!status) {
292 0 : return status;
293 : }
294 :
295 58 : status = libspdm_generate_aead_key_and_iv(secured_message_context,
296 : secured_message_context->handshake_secret
297 58 : .request_handshake_secret,
298 : secured_message_context->handshake_secret
299 58 : .request_handshake_encryption_key,
300 : secured_message_context->handshake_secret
301 58 : .request_handshake_salt);
302 58 : if (!status) {
303 0 : return status;
304 : }
305 58 : secured_message_context->handshake_secret.request_handshake_sequence_number = 0;
306 :
307 58 : status = libspdm_generate_aead_key_and_iv(
308 : secured_message_context,
309 58 : secured_message_context->handshake_secret.response_handshake_secret,
310 58 : secured_message_context->handshake_secret.response_handshake_encryption_key,
311 58 : secured_message_context->handshake_secret.response_handshake_salt);
312 58 : if (!status) {
313 0 : return status;
314 : }
315 :
316 58 : secured_message_context->handshake_secret.response_handshake_sequence_number = 0;
317 58 : libspdm_zero_mem(secured_message_context->master_secret.shared_secret, LIBSPDM_MAX_SHARED_KEY_SIZE);
318 :
319 58 : return true;
320 : }
321 :
322 36 : bool libspdm_generate_session_data_key(void *spdm_secured_message_context,
323 : const uint8_t *th2_hash_data)
324 : {
325 : bool status;
326 : size_t hash_size;
327 : uint8_t salt1[LIBSPDM_MAX_HASH_SIZE];
328 : uint8_t bin_str0[128];
329 : size_t bin_str0_size;
330 : uint8_t bin_str3[128];
331 : size_t bin_str3_size;
332 : uint8_t bin_str4[128];
333 : size_t bin_str4_size;
334 : uint8_t bin_str8[128];
335 : size_t bin_str8_size;
336 : libspdm_secured_message_context_t *secured_message_context;
337 : uint8_t zero_filled_buffer[LIBSPDM_MAX_HASH_SIZE];
338 :
339 36 : secured_message_context = spdm_secured_message_context;
340 :
341 36 : hash_size = secured_message_context->hash_size;
342 :
343 36 : if (!(secured_message_context->use_psk)) {
344 23 : bin_str0_size = sizeof(bin_str0);
345 23 : libspdm_bin_concat(secured_message_context->version,
346 : SPDM_BIN_STR_0_LABEL,
347 : sizeof(SPDM_BIN_STR_0_LABEL) - 1, NULL,
348 23 : (uint16_t)hash_size, hash_size, bin_str0,
349 : &bin_str0_size);
350 :
351 23 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str0 (0x%zx):\n", bin_str0_size));
352 23 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str0, bin_str0_size);
353 :
354 23 : status = libspdm_hkdf_expand(
355 : secured_message_context->base_hash_algo,
356 23 : secured_message_context->master_secret.handshake_secret,
357 : hash_size, bin_str0, bin_str0_size, salt1, hash_size);
358 23 : if (!status) {
359 0 : return false;
360 : }
361 23 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "salt1 (0x%zx) - ", hash_size));
362 23 : LIBSPDM_INTERNAL_DUMP_DATA(salt1, hash_size);
363 23 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
364 :
365 23 : libspdm_zero_mem(zero_filled_buffer, sizeof(zero_filled_buffer));
366 23 : status = libspdm_hkdf_extract(
367 : secured_message_context->base_hash_algo,
368 : zero_filled_buffer, hash_size, salt1, hash_size,
369 23 : secured_message_context->master_secret.master_secret, hash_size);
370 23 : if (!status) {
371 0 : goto cleanup;
372 : }
373 23 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "master_secret (0x%zx) - ", hash_size));
374 23 : LIBSPDM_INTERNAL_DUMP_DATA(
375 : secured_message_context->master_secret.master_secret,
376 : hash_size);
377 23 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
378 : }
379 :
380 36 : bin_str3_size = sizeof(bin_str3);
381 36 : libspdm_bin_concat(secured_message_context->version,
382 : SPDM_BIN_STR_3_LABEL, sizeof(SPDM_BIN_STR_3_LABEL) - 1,
383 36 : th2_hash_data, (uint16_t)hash_size, hash_size,
384 : bin_str3, &bin_str3_size);
385 :
386 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str3 (0x%zx):\n", bin_str3_size));
387 36 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str3, bin_str3_size);
388 :
389 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
390 36 : if (secured_message_context->use_psk) {
391 13 : status = libspdm_psk_master_secret_hkdf_expand(
392 13 : secured_message_context->version,
393 : secured_message_context->base_hash_algo,
394 13 : secured_message_context->psk_hint,
395 : secured_message_context->psk_hint_size, bin_str3,
396 : bin_str3_size,
397 13 : secured_message_context->application_secret.request_data_secret,
398 : hash_size);
399 :
400 13 : if (!status) {
401 0 : goto cleanup;
402 : }
403 : }
404 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
405 36 : if (!(secured_message_context->use_psk)) {
406 23 : status = libspdm_hkdf_expand(
407 : secured_message_context->base_hash_algo,
408 23 : secured_message_context->master_secret.master_secret,
409 : hash_size, bin_str3, bin_str3_size,
410 23 : secured_message_context->application_secret.request_data_secret,
411 : hash_size);
412 :
413 23 : if (!status) {
414 0 : goto cleanup;
415 : }
416 : }
417 :
418 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "request_data_secret (0x%zx) - ", hash_size));
419 36 : LIBSPDM_INTERNAL_DUMP_DATA(
420 : secured_message_context->application_secret.request_data_secret,
421 : hash_size);
422 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
423 36 : bin_str4_size = sizeof(bin_str4);
424 36 : libspdm_bin_concat(secured_message_context->version,
425 : SPDM_BIN_STR_4_LABEL, sizeof(SPDM_BIN_STR_4_LABEL) - 1,
426 36 : th2_hash_data, (uint16_t)hash_size, hash_size,
427 : bin_str4, &bin_str4_size);
428 :
429 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str4 (0x%zx):\n", bin_str4_size));
430 36 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str4, bin_str4_size);
431 :
432 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
433 36 : if (secured_message_context->use_psk) {
434 13 : status = libspdm_psk_master_secret_hkdf_expand(
435 13 : secured_message_context->version,
436 : secured_message_context->base_hash_algo,
437 13 : secured_message_context->psk_hint,
438 : secured_message_context->psk_hint_size, bin_str4,
439 : bin_str4_size,
440 13 : secured_message_context->application_secret.response_data_secret,
441 : hash_size);
442 :
443 13 : if (!status) {
444 0 : goto cleanup;
445 : }
446 : }
447 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
448 36 : if (!(secured_message_context->use_psk)) {
449 23 : status = libspdm_hkdf_expand(
450 : secured_message_context->base_hash_algo,
451 23 : secured_message_context->master_secret.master_secret,
452 : hash_size, bin_str4, bin_str4_size,
453 23 : secured_message_context->application_secret.response_data_secret,
454 : hash_size);
455 :
456 23 : if (!status) {
457 0 : goto cleanup;
458 : }
459 : }
460 :
461 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "response_data_secret (0x%zx) - ", hash_size));
462 36 : LIBSPDM_INTERNAL_DUMP_DATA(
463 : secured_message_context->application_secret.response_data_secret,
464 : hash_size);
465 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
466 :
467 36 : bin_str8_size = sizeof(bin_str8);
468 36 : libspdm_bin_concat(secured_message_context->version,
469 : SPDM_BIN_STR_8_LABEL, sizeof(SPDM_BIN_STR_8_LABEL) - 1,
470 36 : th2_hash_data, (uint16_t)hash_size, hash_size,
471 : bin_str8, &bin_str8_size);
472 :
473 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str8 (0x%zx):\n", bin_str8_size));
474 36 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str8, bin_str8_size);
475 :
476 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
477 36 : if (secured_message_context->use_psk) {
478 13 : status = libspdm_psk_master_secret_hkdf_expand(
479 13 : secured_message_context->version,
480 : secured_message_context->base_hash_algo,
481 13 : secured_message_context->psk_hint,
482 : secured_message_context->psk_hint_size, bin_str8,
483 : bin_str8_size,
484 13 : secured_message_context->export_master_secret,
485 : hash_size);
486 :
487 13 : if (!status) {
488 0 : goto cleanup;
489 : }
490 : }
491 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
492 36 : if (!(secured_message_context->use_psk)) {
493 23 : status = libspdm_hkdf_expand(
494 : secured_message_context->base_hash_algo,
495 23 : secured_message_context->master_secret.master_secret,
496 : hash_size, bin_str8, bin_str8_size,
497 23 : secured_message_context->export_master_secret,
498 : hash_size);
499 :
500 23 : if (!status) {
501 0 : goto cleanup;
502 : }
503 : }
504 :
505 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "export_master_secret (0x%zx) - ", hash_size));
506 36 : LIBSPDM_INTERNAL_DUMP_DATA(
507 : secured_message_context->export_master_secret, hash_size);
508 36 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
509 :
510 36 : status = libspdm_generate_aead_key_and_iv(
511 : secured_message_context,
512 36 : secured_message_context->application_secret.request_data_secret,
513 36 : secured_message_context->application_secret.request_data_encryption_key,
514 36 : secured_message_context->application_secret.request_data_salt);
515 36 : if (!status) {
516 0 : goto cleanup;
517 : }
518 36 : secured_message_context->application_secret.request_data_sequence_number = 0;
519 :
520 36 : status = libspdm_generate_aead_key_and_iv(
521 : secured_message_context,
522 36 : secured_message_context->application_secret.response_data_secret,
523 36 : secured_message_context->application_secret.response_data_encryption_key,
524 36 : secured_message_context->application_secret.response_data_salt);
525 36 : if (!status) {
526 0 : goto cleanup;
527 : }
528 36 : secured_message_context->application_secret.response_data_sequence_number = 0;
529 :
530 36 : cleanup:
531 : /*zero salt1 for security*/
532 36 : libspdm_zero_mem(salt1, hash_size);
533 36 : return status;
534 : }
535 :
536 102 : bool libspdm_create_update_session_data_key(void *spdm_secured_message_context,
537 : libspdm_key_update_action_t action)
538 : {
539 : bool status;
540 : size_t hash_size;
541 : uint8_t bin_str9[128];
542 : size_t bin_str9_size;
543 : libspdm_secured_message_context_t *secured_message_context;
544 :
545 102 : secured_message_context = spdm_secured_message_context;
546 :
547 102 : hash_size = secured_message_context->hash_size;
548 :
549 102 : bin_str9_size = sizeof(bin_str9);
550 102 : libspdm_bin_concat(secured_message_context->version,
551 : SPDM_BIN_STR_9_LABEL, sizeof(SPDM_BIN_STR_9_LABEL) - 1,
552 102 : NULL, (uint16_t)hash_size, hash_size, bin_str9,
553 : &bin_str9_size);
554 :
555 102 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str9 (0x%zx):\n", bin_str9_size));
556 102 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str9, bin_str9_size);
557 :
558 102 : if (action == LIBSPDM_KEY_UPDATE_ACTION_REQUESTER) {
559 40 : libspdm_copy_mem(&secured_message_context->application_secret_backup
560 : .request_data_secret,
561 : sizeof(secured_message_context->application_secret_backup
562 : .request_data_secret),
563 40 : &secured_message_context->application_secret
564 : .request_data_secret,
565 : LIBSPDM_MAX_HASH_SIZE);
566 40 : libspdm_copy_mem(&secured_message_context->application_secret_backup
567 : .request_data_encryption_key,
568 : sizeof(secured_message_context->application_secret_backup
569 : .request_data_encryption_key),
570 40 : &secured_message_context->application_secret
571 : .request_data_encryption_key,
572 : LIBSPDM_MAX_AEAD_KEY_SIZE);
573 40 : libspdm_copy_mem(&secured_message_context->application_secret_backup
574 : .request_data_salt,
575 : sizeof(secured_message_context->application_secret_backup
576 : .request_data_salt),
577 40 : &secured_message_context->application_secret
578 : .request_data_salt,
579 : LIBSPDM_MAX_AEAD_IV_SIZE);
580 : secured_message_context->application_secret_backup
581 40 : .request_data_sequence_number =
582 40 : secured_message_context->application_secret.request_data_sequence_number;
583 :
584 40 : status = libspdm_hkdf_expand(
585 : secured_message_context->base_hash_algo,
586 40 : secured_message_context->application_secret.request_data_secret,
587 : hash_size, bin_str9, bin_str9_size,
588 40 : secured_message_context->application_secret.request_data_secret,
589 : hash_size);
590 40 : if (!status) {
591 0 : return false;
592 : }
593 40 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "RequestDataSecretUpdate (0x%zx) - ", hash_size));
594 40 : LIBSPDM_INTERNAL_DUMP_DATA(secured_message_context->application_secret.request_data_secret,
595 : hash_size);
596 40 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
597 :
598 40 : status = libspdm_generate_aead_key_and_iv(
599 : secured_message_context,
600 40 : secured_message_context->application_secret.request_data_secret,
601 40 : secured_message_context->application_secret.request_data_encryption_key,
602 40 : secured_message_context->application_secret.request_data_salt);
603 40 : if (!status) {
604 0 : return status;
605 : }
606 40 : secured_message_context->application_secret.request_data_sequence_number = 0;
607 :
608 40 : secured_message_context->requester_backup_valid = true;
609 62 : } else if (action == LIBSPDM_KEY_UPDATE_ACTION_RESPONDER) {
610 62 : libspdm_copy_mem(&secured_message_context->application_secret_backup
611 : .response_data_secret,
612 : sizeof(secured_message_context->application_secret_backup
613 : .response_data_secret),
614 62 : &secured_message_context->application_secret
615 : .response_data_secret,
616 : LIBSPDM_MAX_HASH_SIZE);
617 62 : libspdm_copy_mem(&secured_message_context->application_secret_backup
618 : .response_data_encryption_key,
619 : sizeof(secured_message_context->application_secret_backup
620 : .response_data_encryption_key),
621 62 : &secured_message_context->application_secret
622 : .response_data_encryption_key,
623 : LIBSPDM_MAX_AEAD_KEY_SIZE);
624 62 : libspdm_copy_mem(&secured_message_context->application_secret_backup
625 : .response_data_salt,
626 : sizeof(secured_message_context->application_secret_backup
627 : .response_data_salt),
628 62 : &secured_message_context->application_secret
629 : .response_data_salt,
630 : LIBSPDM_MAX_AEAD_IV_SIZE);
631 : secured_message_context->application_secret_backup
632 62 : .response_data_sequence_number =
633 62 : secured_message_context->application_secret.response_data_sequence_number;
634 :
635 62 : status = libspdm_hkdf_expand(
636 : secured_message_context->base_hash_algo,
637 62 : secured_message_context->application_secret.response_data_secret,
638 : hash_size, bin_str9, bin_str9_size,
639 62 : secured_message_context->application_secret.response_data_secret,
640 : hash_size);
641 62 : if (!status) {
642 0 : return false;
643 : }
644 62 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ResponseDataSecretUpdate (0x%zx) - ",
645 : hash_size));
646 62 : LIBSPDM_INTERNAL_DUMP_DATA(secured_message_context->application_secret.response_data_secret,
647 : hash_size);
648 62 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
649 :
650 62 : status = libspdm_generate_aead_key_and_iv(
651 : secured_message_context,
652 62 : secured_message_context->application_secret.response_data_secret,
653 62 : secured_message_context->application_secret.response_data_encryption_key,
654 62 : secured_message_context->application_secret.response_data_salt);
655 62 : if (!status) {
656 0 : return status;
657 : }
658 62 : secured_message_context->application_secret.response_data_sequence_number = 0;
659 :
660 62 : secured_message_context->responder_backup_valid = true;
661 : } else {
662 0 : return false;
663 : }
664 :
665 102 : return true;
666 : }
667 :
668 264 : void libspdm_clear_handshake_secret(void *spdm_secured_message_context)
669 : {
670 : libspdm_secured_message_context_t *secured_message_context;
671 :
672 264 : secured_message_context = spdm_secured_message_context;
673 :
674 264 : libspdm_zero_mem(secured_message_context->master_secret.handshake_secret,
675 : LIBSPDM_MAX_HASH_SIZE);
676 264 : libspdm_zero_mem(&(secured_message_context->handshake_secret),
677 : sizeof(libspdm_session_info_struct_handshake_secret_t));
678 :
679 264 : secured_message_context->requester_backup_valid = false;
680 264 : secured_message_context->responder_backup_valid = false;
681 264 : }
682 :
683 264 : void libspdm_clear_master_secret(void *spdm_secured_message_context)
684 : {
685 : libspdm_secured_message_context_t *secured_message_context;
686 :
687 264 : secured_message_context = spdm_secured_message_context;
688 :
689 264 : libspdm_zero_mem(secured_message_context->master_secret.master_secret, LIBSPDM_MAX_HASH_SIZE);
690 264 : }
691 :
692 93 : bool libspdm_activate_update_session_data_key(void *spdm_secured_message_context,
693 : libspdm_key_update_action_t action,
694 : bool use_new_key)
695 : {
696 : libspdm_secured_message_context_t *secured_message_context;
697 :
698 93 : secured_message_context = spdm_secured_message_context;
699 :
700 93 : if (!use_new_key) {
701 52 : if ((action == LIBSPDM_KEY_UPDATE_ACTION_REQUESTER) &&
702 0 : secured_message_context->requester_backup_valid) {
703 0 : libspdm_copy_mem(&secured_message_context->application_secret
704 : .request_data_secret,
705 : sizeof(secured_message_context->application_secret
706 : .request_data_secret),
707 0 : &secured_message_context
708 : ->application_secret_backup
709 : .request_data_secret,
710 : LIBSPDM_MAX_HASH_SIZE);
711 0 : libspdm_copy_mem(&secured_message_context->application_secret
712 : .request_data_encryption_key,
713 : sizeof(secured_message_context->application_secret
714 : .request_data_encryption_key),
715 0 : &secured_message_context
716 : ->application_secret_backup
717 : .request_data_encryption_key,
718 : LIBSPDM_MAX_AEAD_KEY_SIZE);
719 0 : libspdm_copy_mem(&secured_message_context->application_secret
720 : .request_data_salt,
721 : sizeof(secured_message_context->application_secret
722 : .request_data_salt),
723 0 : &secured_message_context
724 : ->application_secret_backup
725 : .request_data_salt,
726 : LIBSPDM_MAX_AEAD_IV_SIZE);
727 : secured_message_context->application_secret
728 0 : .request_data_sequence_number =
729 0 : secured_message_context->application_secret_backup.request_data_sequence_number;
730 52 : } else if ((action == LIBSPDM_KEY_UPDATE_ACTION_RESPONDER) &&
731 52 : secured_message_context->responder_backup_valid) {
732 52 : libspdm_copy_mem(&secured_message_context->application_secret
733 : .response_data_secret,
734 : sizeof(secured_message_context->application_secret
735 : .response_data_secret),
736 52 : &secured_message_context
737 : ->application_secret_backup
738 : .response_data_secret,
739 : LIBSPDM_MAX_HASH_SIZE);
740 52 : libspdm_copy_mem(&secured_message_context->application_secret
741 : .response_data_encryption_key,
742 : sizeof(secured_message_context->application_secret
743 : .response_data_encryption_key),
744 52 : &secured_message_context
745 : ->application_secret_backup
746 : .response_data_encryption_key,
747 : LIBSPDM_MAX_AEAD_KEY_SIZE);
748 52 : libspdm_copy_mem(&secured_message_context->application_secret
749 : .response_data_salt,
750 : sizeof(secured_message_context->application_secret
751 : .response_data_salt),
752 52 : &secured_message_context
753 : ->application_secret_backup
754 : .response_data_salt,
755 : LIBSPDM_MAX_AEAD_IV_SIZE);
756 52 : secured_message_context->application_secret.response_data_sequence_number =
757 52 : secured_message_context->application_secret_backup.response_data_sequence_number;
758 : }
759 : }
760 :
761 93 : if (action == LIBSPDM_KEY_UPDATE_ACTION_REQUESTER) {
762 35 : libspdm_zero_mem(&secured_message_context->application_secret_backup.request_data_secret,
763 : LIBSPDM_MAX_HASH_SIZE);
764 35 : libspdm_zero_mem(&secured_message_context->application_secret_backup
765 : .request_data_encryption_key,
766 : LIBSPDM_MAX_AEAD_KEY_SIZE);
767 35 : libspdm_zero_mem(&secured_message_context->application_secret_backup.request_data_salt,
768 : LIBSPDM_MAX_AEAD_IV_SIZE);
769 35 : secured_message_context->application_secret_backup.request_data_sequence_number = 0;
770 35 : secured_message_context->requester_backup_valid = false;
771 58 : } else if (action == LIBSPDM_KEY_UPDATE_ACTION_RESPONDER) {
772 58 : libspdm_zero_mem(&secured_message_context->application_secret_backup.response_data_secret,
773 : LIBSPDM_MAX_HASH_SIZE);
774 58 : libspdm_zero_mem(&secured_message_context->application_secret_backup
775 : .response_data_encryption_key,
776 : LIBSPDM_MAX_AEAD_KEY_SIZE);
777 58 : libspdm_zero_mem(&secured_message_context->application_secret_backup.response_data_salt,
778 : LIBSPDM_MAX_AEAD_IV_SIZE);
779 58 : secured_message_context->application_secret_backup.response_data_sequence_number = 0;
780 58 : secured_message_context->responder_backup_valid = false;
781 : }
782 :
783 93 : return true;
784 : }
785 :
786 : /**
787 : * Allocates and initializes one HMAC context for subsequent use, with request_finished_key.
788 : *
789 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
790 : *
791 : * @return Pointer to the HMAC context that has been initialized.
792 : **/
793 0 : void *libspdm_hmac_new_with_request_finished_key(void *spdm_secured_message_context)
794 : {
795 : libspdm_secured_message_context_t *secured_message_context;
796 :
797 0 : secured_message_context = spdm_secured_message_context;
798 0 : return libspdm_hmac_new(secured_message_context->base_hash_algo);
799 : }
800 :
801 : /**
802 : * Release the specified HMAC context, with request_finished_key.
803 : *
804 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
805 : * @param hmac_ctx Pointer to the HMAC context to be released.
806 : **/
807 0 : void libspdm_hmac_free_with_request_finished_key(
808 : void *spdm_secured_message_context, void *hmac_ctx)
809 : {
810 : libspdm_secured_message_context_t *secured_message_context;
811 :
812 0 : secured_message_context = spdm_secured_message_context;
813 0 : libspdm_hmac_free(secured_message_context->base_hash_algo, hmac_ctx);
814 0 : }
815 :
816 : /**
817 : * Set request_finished_key for subsequent use. It must be done before any
818 : * calling to hmac_update().
819 : *
820 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
821 : * @param hmac_ctx Pointer to HMAC context.
822 : *
823 : * @retval true The key is set successfully.
824 : * @retval false The key is set unsuccessfully.
825 : **/
826 0 : bool libspdm_hmac_init_with_request_finished_key(
827 : void *spdm_secured_message_context, void *hmac_ctx)
828 : {
829 : libspdm_secured_message_context_t *secured_message_context;
830 :
831 0 : secured_message_context = spdm_secured_message_context;
832 0 : return libspdm_hmac_init(
833 : secured_message_context->base_hash_algo, hmac_ctx,
834 0 : secured_message_context->handshake_secret.request_finished_key,
835 : secured_message_context->hash_size);
836 : }
837 :
838 : /**
839 : * Makes a copy of an existing HMAC context, with request_finished_key.
840 : *
841 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
842 : * @param hmac_ctx Pointer to HMAC context being copied.
843 : * @param new_hmac_ctx Pointer to new HMAC context.
844 : *
845 : * @retval true HMAC context copy succeeded.
846 : * @retval false HMAC context copy failed.
847 : **/
848 0 : bool libspdm_hmac_duplicate_with_request_finished_key(
849 : void *spdm_secured_message_context,
850 : const void *hmac_ctx, void *new_hmac_ctx)
851 : {
852 : libspdm_secured_message_context_t *secured_message_context;
853 :
854 0 : secured_message_context = spdm_secured_message_context;
855 0 : return libspdm_hmac_duplicate(secured_message_context->base_hash_algo, hmac_ctx, new_hmac_ctx);
856 : }
857 :
858 : /**
859 : * Digests the input data and updates HMAC context, with request_finished_key.
860 : *
861 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
862 : * @param hmac_ctx Pointer to HMAC context being copied.
863 : * @param data Pointer to the buffer containing the data to be digested.
864 : * @param data_size size of data buffer in bytes.
865 : *
866 : * @retval true HMAC data digest succeeded.
867 : * @retval false HMAC data digest failed.
868 : **/
869 0 : bool libspdm_hmac_update_with_request_finished_key(
870 : void *spdm_secured_message_context,
871 : void *hmac_ctx, const void *data,
872 : size_t data_size)
873 : {
874 : libspdm_secured_message_context_t *secured_message_context;
875 :
876 0 : secured_message_context = spdm_secured_message_context;
877 0 : return libspdm_hmac_update(secured_message_context->base_hash_algo, hmac_ctx, data, data_size);
878 : }
879 :
880 : /**
881 : * Completes computation of the HMAC digest value, with request_finished_key.
882 : *
883 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
884 : * @param hmac_ctx Pointer to HMAC context being copied.
885 : * @param hmac_value Pointer to a buffer that receives the HMAC digest value
886 : *
887 : * @retval true HMAC data digest succeeded.
888 : * @retval false HMAC data digest failed.
889 : **/
890 0 : bool libspdm_hmac_final_with_request_finished_key(
891 : void *spdm_secured_message_context,
892 : void *hmac_ctx, uint8_t *hmac_value)
893 : {
894 : libspdm_secured_message_context_t *secured_message_context;
895 :
896 0 : secured_message_context = spdm_secured_message_context;
897 0 : return libspdm_hmac_final(secured_message_context->base_hash_algo, hmac_ctx, hmac_value);
898 : }
899 :
900 : /**
901 : * Computes the HMAC of a input data buffer, with request_finished_key.
902 : *
903 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
904 : * @param data Pointer to the buffer containing the data to be HMACed.
905 : * @param data_size size of data buffer in bytes.
906 : * @param hash_value Pointer to a buffer that receives the HMAC value.
907 : *
908 : * @retval true HMAC computation succeeded.
909 : * @retval false HMAC computation failed.
910 : **/
911 93 : bool libspdm_hmac_all_with_request_finished_key(void *spdm_secured_message_context,
912 : const void *data, size_t data_size,
913 : uint8_t *hmac_value)
914 : {
915 : libspdm_secured_message_context_t *secured_message_context;
916 :
917 93 : secured_message_context = spdm_secured_message_context;
918 186 : return libspdm_hmac_all(
919 : secured_message_context->base_hash_algo, data, data_size,
920 93 : secured_message_context->handshake_secret.request_finished_key,
921 : secured_message_context->hash_size, hmac_value);
922 : }
923 :
924 : /**
925 : * Allocates and initializes one HMAC context for subsequent use, with response_finished_key.
926 : *
927 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
928 : *
929 : * @return Pointer to the HMAC context that has been initialized.
930 : **/
931 0 : void *libspdm_hmac_new_with_response_finished_key(void *spdm_secured_message_context)
932 : {
933 : libspdm_secured_message_context_t *secured_message_context;
934 :
935 0 : secured_message_context = spdm_secured_message_context;
936 0 : return libspdm_hmac_new(secured_message_context->base_hash_algo);
937 : }
938 :
939 : /**
940 : * Release the specified HMAC context, with response_finished_key.
941 : *
942 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
943 : * @param hmac_ctx Pointer to the HMAC context to be released.
944 : **/
945 0 : void libspdm_hmac_free_with_response_finished_key(
946 : void *spdm_secured_message_context, void *hmac_ctx)
947 : {
948 : libspdm_secured_message_context_t *secured_message_context;
949 :
950 0 : secured_message_context = spdm_secured_message_context;
951 0 : libspdm_hmac_free(secured_message_context->base_hash_algo, hmac_ctx);
952 0 : }
953 :
954 : /**
955 : * Set response_finished_key for subsequent use. It must be done before any
956 : * calling to hmac_update().
957 : *
958 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
959 : * @param hmac_ctx Pointer to HMAC context.
960 : *
961 : * @retval true The key is set successfully.
962 : * @retval false The key is set unsuccessfully.
963 : **/
964 0 : bool libspdm_hmac_init_with_response_finished_key(
965 : void *spdm_secured_message_context, void *hmac_ctx)
966 : {
967 : libspdm_secured_message_context_t *secured_message_context;
968 :
969 0 : secured_message_context = spdm_secured_message_context;
970 0 : return libspdm_hmac_init(
971 : secured_message_context->base_hash_algo, hmac_ctx,
972 0 : secured_message_context->handshake_secret.response_finished_key,
973 : secured_message_context->hash_size);
974 : }
975 :
976 : /**
977 : * Makes a copy of an existing HMAC context, with response_finished_key.
978 : *
979 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
980 : * @param hmac_ctx Pointer to HMAC context being copied.
981 : * @param new_hmac_ctx Pointer to new HMAC context.
982 : *
983 : * @retval true HMAC context copy succeeded.
984 : * @retval false HMAC context copy failed.
985 : **/
986 0 : bool libspdm_hmac_duplicate_with_response_finished_key(
987 : void *spdm_secured_message_context,
988 : const void *hmac_ctx, void *new_hmac_ctx)
989 : {
990 : libspdm_secured_message_context_t *secured_message_context;
991 :
992 0 : secured_message_context = spdm_secured_message_context;
993 0 : return libspdm_hmac_duplicate(secured_message_context->base_hash_algo, hmac_ctx, new_hmac_ctx);
994 : }
995 :
996 : /**
997 : * Digests the input data and updates HMAC context, with response_finished_key.
998 : *
999 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
1000 : * @param hmac_ctx Pointer to HMAC context being copied.
1001 : * @param data Pointer to the buffer containing the data to be digested.
1002 : * @param data_size size of data buffer in bytes.
1003 : *
1004 : * @retval true HMAC data digest succeeded.
1005 : * @retval false HMAC data digest failed.
1006 : **/
1007 0 : bool libspdm_hmac_update_with_response_finished_key(
1008 : void *spdm_secured_message_context,
1009 : void *hmac_ctx, const void *data,
1010 : size_t data_size)
1011 : {
1012 : libspdm_secured_message_context_t *secured_message_context;
1013 :
1014 0 : secured_message_context = spdm_secured_message_context;
1015 0 : return libspdm_hmac_update(secured_message_context->base_hash_algo, hmac_ctx, data, data_size);
1016 : }
1017 :
1018 : /**
1019 : * Completes computation of the HMAC digest value, with response_finished_key.
1020 : *
1021 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
1022 : * @param hmac_ctx Pointer to HMAC context being copied.
1023 : * @param hmac_value Pointer to a buffer that receives the HMAC digest value
1024 : *
1025 : * @retval true HMAC data digest succeeded.
1026 : * @retval false HMAC data digest failed.
1027 : **/
1028 0 : bool libspdm_hmac_final_with_response_finished_key(
1029 : void *spdm_secured_message_context,
1030 : void *hmac_ctx, uint8_t *hmac_value)
1031 : {
1032 : libspdm_secured_message_context_t *secured_message_context;
1033 :
1034 0 : secured_message_context = spdm_secured_message_context;
1035 0 : return libspdm_hmac_final(secured_message_context->base_hash_algo, hmac_ctx, hmac_value);
1036 : }
1037 :
1038 : /**
1039 : * Computes the HMAC of a input data buffer, with response_finished_key.
1040 : *
1041 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
1042 : * @param data Pointer to the buffer containing the data to be HMACed.
1043 : * @param data_size size of data buffer in bytes.
1044 : * @param hash_value Pointer to a buffer that receives the HMAC value.
1045 : *
1046 : * @retval true HMAC computation succeeded.
1047 : * @retval false HMAC computation failed.
1048 : **/
1049 75 : bool libspdm_hmac_all_with_response_finished_key(
1050 : void *spdm_secured_message_context, const void *data,
1051 : size_t data_size, uint8_t *hmac_value)
1052 : {
1053 : libspdm_secured_message_context_t *secured_message_context;
1054 :
1055 75 : secured_message_context = spdm_secured_message_context;
1056 150 : return libspdm_hmac_all(
1057 : secured_message_context->base_hash_algo, data, data_size,
1058 75 : secured_message_context->handshake_secret.response_finished_key,
1059 : secured_message_context->hash_size, hmac_value);
1060 : }
|
