Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2024 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "internal/libspdm_secured_message_lib.h"
8 :
9 : /**
10 : * This function concatenates binary data, which is used as info in HKDF expand later.
11 : *
12 : * @param label An ascii string label for the libspdm_bin_concat.
13 : * @param label_size The size in bytes of the ASCII string label, not including NULL terminator.
14 : * @param context A pre-defined hash value as the context for the libspdm_bin_concat.
15 : * @param length 16 bits length for the libspdm_bin_concat.
16 : * @param hash_size The size in bytes of the context hash.
17 : * @param out_bin The buffer to store the output binary.
18 : * @param out_bin_size The size in bytes for the out_bin.
19 : **/
20 1243 : void libspdm_bin_concat(spdm_version_number_t spdm_version,
21 : const char *label, size_t label_size,
22 : const uint8_t *context, uint16_t length,
23 : size_t hash_size, uint8_t *out_bin,
24 : size_t *out_bin_size)
25 : {
26 : size_t final_size;
27 :
28 : /* The correct version characters (1.1 or 1.2) will replace the x.x. */
29 : #define LIBSPDM_BIN_CONCAT_LABEL "spdmx.x "
30 :
31 1243 : final_size = sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1 + label_size;
32 1243 : if (context != NULL) {
33 271 : final_size += hash_size;
34 : }
35 :
36 1243 : LIBSPDM_ASSERT(*out_bin_size >= final_size);
37 :
38 1243 : *out_bin_size = final_size;
39 :
40 1243 : libspdm_copy_mem(out_bin, *out_bin_size, &length, sizeof(uint16_t));
41 1243 : libspdm_copy_mem(out_bin + sizeof(uint16_t), *out_bin_size - sizeof(uint16_t),
42 : LIBSPDM_BIN_CONCAT_LABEL, sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1);
43 :
44 : /* Patch the version. */
45 1243 : out_bin[6] = (char)('0' + ((spdm_version >> 12) & 0xF));
46 1243 : out_bin[8] = (char)('0' + ((spdm_version >> 8) & 0xF));
47 1243 : libspdm_copy_mem(out_bin + sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1,
48 1243 : *out_bin_size - (sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1),
49 : label, label_size);
50 :
51 1243 : if (context != NULL) {
52 271 : libspdm_copy_mem(out_bin + sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) -
53 271 : 1 + label_size,
54 271 : *out_bin_size - (sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) -
55 : 1 + label_size), context, hash_size);
56 : }
57 :
58 : #undef LIBSPDM_BIN_CONCAT_LABEL
59 1243 : }
60 :
61 : /**
62 : * This function generates SPDM AEAD key and IV for a session.
63 : *
64 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
65 : * @param major_secret The major secret.
66 : * @param key The buffer to store the AEAD key.
67 : * @param iv The buffer to store the AEAD IV.
68 : *
69 : * @retval RETURN_SUCCESS SPDM AEAD key and IV for a session is generated.
70 : **/
71 280 : bool libspdm_generate_aead_key_and_iv(
72 : libspdm_secured_message_context_t *secured_message_context,
73 : const uint8_t *major_secret, uint8_t *key, uint8_t *iv)
74 : {
75 : bool status;
76 : size_t hash_size;
77 : size_t key_length;
78 : size_t iv_length;
79 : uint8_t bin_str5[128];
80 : size_t bin_str5_size;
81 : uint8_t bin_str6[128];
82 : size_t bin_str6_size;
83 :
84 280 : hash_size = secured_message_context->hash_size;
85 280 : key_length = secured_message_context->aead_key_size;
86 280 : iv_length = secured_message_context->aead_iv_size;
87 :
88 280 : bin_str5_size = sizeof(bin_str5);
89 280 : libspdm_bin_concat(secured_message_context->version,
90 : SPDM_BIN_STR_5_LABEL, sizeof(SPDM_BIN_STR_5_LABEL) - 1,
91 280 : NULL, (uint16_t)key_length, hash_size, bin_str5,
92 : &bin_str5_size);
93 :
94 280 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str5 (0x%zx):\n", bin_str5_size));
95 280 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str5, bin_str5_size);
96 280 : status = libspdm_hkdf_expand(secured_message_context->base_hash_algo,
97 : major_secret, hash_size, bin_str5,
98 : bin_str5_size, key, key_length);
99 280 : if (!status) {
100 0 : return false;
101 : }
102 280 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "key (0x%zx) - ", key_length));
103 280 : LIBSPDM_INTERNAL_DUMP_DATA(key, key_length);
104 280 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
105 :
106 280 : bin_str6_size = sizeof(bin_str6);
107 280 : libspdm_bin_concat(secured_message_context->version,
108 : SPDM_BIN_STR_6_LABEL, sizeof(SPDM_BIN_STR_6_LABEL) - 1,
109 280 : NULL, (uint16_t)iv_length, hash_size, bin_str6,
110 : &bin_str6_size);
111 :
112 280 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str6 (0x%zx):\n", bin_str6_size));
113 280 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str6, bin_str6_size);
114 280 : status = libspdm_hkdf_expand(secured_message_context->base_hash_algo,
115 : major_secret, hash_size, bin_str6,
116 : bin_str6_size, iv, iv_length);
117 280 : if (!status) {
118 0 : return false;
119 : }
120 280 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "iv (0x%zx) - ", iv_length));
121 280 : LIBSPDM_INTERNAL_DUMP_DATA(iv, iv_length);
122 280 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
123 :
124 280 : return true;
125 : }
126 :
127 : /**
128 : * This function generates SPDM finished_key for a session.
129 : *
130 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
131 : * @param handshake_secret The handshake secret.
132 : * @param finished_key The buffer to store the finished key.
133 : *
134 : * @retval RETURN_SUCCESS SPDM finished_key for a session is generated.
135 : **/
136 114 : bool libspdm_generate_finished_key(
137 : libspdm_secured_message_context_t *secured_message_context,
138 : const uint8_t *handshake_secret, uint8_t *finished_key)
139 : {
140 : bool status;
141 : size_t hash_size;
142 : uint8_t bin_str7[128];
143 : size_t bin_str7_size;
144 :
145 114 : hash_size = secured_message_context->hash_size;
146 :
147 114 : bin_str7_size = sizeof(bin_str7);
148 114 : libspdm_bin_concat(secured_message_context->version,
149 : SPDM_BIN_STR_7_LABEL, sizeof(SPDM_BIN_STR_7_LABEL) - 1,
150 114 : NULL, (uint16_t)hash_size, hash_size, bin_str7,
151 : &bin_str7_size);
152 :
153 114 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str7 (0x%zx):\n", bin_str7_size));
154 114 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str7, bin_str7_size);
155 114 : status = libspdm_hkdf_expand(secured_message_context->base_hash_algo,
156 : handshake_secret, hash_size, bin_str7,
157 : bin_str7_size, finished_key, hash_size);
158 114 : if (!status) {
159 0 : return false;
160 : }
161 114 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "finished_key (0x%zx) - ", hash_size));
162 114 : LIBSPDM_INTERNAL_DUMP_DATA(finished_key, hash_size);
163 114 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
164 :
165 114 : return true;
166 : }
167 :
168 : /**
169 : * This function generates SPDM HandshakeKey for a session.
170 : *
171 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
172 : * @param th1_hash_data th1 hash
173 : *
174 : * @retval RETURN_SUCCESS SPDM HandshakeKey for a session is generated.
175 : **/
176 57 : bool libspdm_generate_session_handshake_key(void *spdm_secured_message_context,
177 : const uint8_t *th1_hash_data)
178 : {
179 : bool status;
180 : size_t hash_size;
181 : uint8_t bin_str1[128];
182 : size_t bin_str1_size;
183 : uint8_t bin_str2[128];
184 : size_t bin_str2_size;
185 : libspdm_secured_message_context_t *secured_message_context;
186 : uint8_t salt0[LIBSPDM_MAX_HASH_SIZE];
187 :
188 57 : secured_message_context = spdm_secured_message_context;
189 :
190 57 : hash_size = secured_message_context->hash_size;
191 :
192 57 : if (!(secured_message_context->use_psk)) {
193 31 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "[DHE Secret]: "));
194 31 : LIBSPDM_INTERNAL_DUMP_HEX_STR(
195 : secured_message_context->master_secret.dhe_secret,
196 : secured_message_context->dhe_key_size);
197 31 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
198 31 : libspdm_zero_mem(salt0, sizeof(salt0));
199 31 : status = libspdm_hkdf_extract(
200 : secured_message_context->base_hash_algo,
201 31 : secured_message_context->master_secret.dhe_secret,
202 : secured_message_context->dhe_key_size,
203 : salt0, hash_size,
204 31 : secured_message_context->master_secret.handshake_secret, hash_size);
205 31 : if (!status) {
206 0 : return false;
207 : }
208 31 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "handshake_secret (0x%zx) - ", hash_size));
209 31 : LIBSPDM_INTERNAL_DUMP_DATA(
210 : secured_message_context->master_secret.handshake_secret,
211 : hash_size);
212 31 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
213 : }
214 :
215 57 : bin_str1_size = sizeof(bin_str1);
216 57 : libspdm_bin_concat(secured_message_context->version,
217 : SPDM_BIN_STR_1_LABEL, sizeof(SPDM_BIN_STR_1_LABEL) - 1,
218 57 : th1_hash_data, (uint16_t)hash_size, hash_size,
219 : bin_str1, &bin_str1_size);
220 :
221 57 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str1 (0x%zx):\n", bin_str1_size));
222 57 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str1, bin_str1_size);
223 :
224 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
225 57 : if (secured_message_context->use_psk) {
226 26 : status = libspdm_psk_handshake_secret_hkdf_expand(
227 26 : secured_message_context->version,
228 : secured_message_context->base_hash_algo,
229 26 : secured_message_context->psk_hint,
230 : secured_message_context->psk_hint_size, bin_str1,
231 : bin_str1_size,
232 26 : secured_message_context->handshake_secret.request_handshake_secret,
233 : hash_size);
234 :
235 26 : if (!status) {
236 0 : return false;
237 : }
238 : }
239 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
240 57 : if (!(secured_message_context->use_psk)) {
241 31 : status = libspdm_hkdf_expand(
242 : secured_message_context->base_hash_algo,
243 31 : secured_message_context->master_secret.handshake_secret,
244 : hash_size, bin_str1, bin_str1_size,
245 31 : secured_message_context->handshake_secret.request_handshake_secret,
246 : hash_size);
247 :
248 31 : if (!status) {
249 0 : return false;
250 : }
251 : }
252 :
253 57 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "request_handshake_secret (0x%zx) - ", hash_size));
254 57 : LIBSPDM_INTERNAL_DUMP_DATA(secured_message_context->handshake_secret
255 : .request_handshake_secret,
256 : hash_size);
257 57 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
258 57 : bin_str2_size = sizeof(bin_str2);
259 57 : libspdm_bin_concat(secured_message_context->version,
260 : SPDM_BIN_STR_2_LABEL, sizeof(SPDM_BIN_STR_2_LABEL) - 1,
261 57 : th1_hash_data, (uint16_t)hash_size, hash_size,
262 : bin_str2, &bin_str2_size);
263 :
264 57 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str2 (0x%zx):\n", bin_str2_size));
265 57 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str2, bin_str2_size);
266 :
267 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
268 57 : if (secured_message_context->use_psk) {
269 26 : status = libspdm_psk_handshake_secret_hkdf_expand(
270 26 : secured_message_context->version,
271 : secured_message_context->base_hash_algo,
272 26 : secured_message_context->psk_hint,
273 : secured_message_context->psk_hint_size, bin_str2,
274 : bin_str2_size,
275 26 : secured_message_context->handshake_secret.response_handshake_secret,
276 : hash_size);
277 :
278 26 : if (!status) {
279 0 : return false;
280 : }
281 : }
282 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
283 57 : if (!(secured_message_context->use_psk)) {
284 31 : status = libspdm_hkdf_expand(
285 : secured_message_context->base_hash_algo,
286 31 : secured_message_context->master_secret.handshake_secret,
287 : hash_size, bin_str2, bin_str2_size,
288 31 : secured_message_context->handshake_secret.response_handshake_secret,
289 : hash_size);
290 :
291 31 : if (!status) {
292 0 : return false;
293 : }
294 : }
295 :
296 57 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "response_handshake_secret (0x%zx) - ", hash_size));
297 57 : LIBSPDM_INTERNAL_DUMP_DATA(secured_message_context->handshake_secret.response_handshake_secret,
298 : hash_size);
299 57 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
300 :
301 57 : status = libspdm_generate_finished_key(
302 : secured_message_context,
303 : secured_message_context->handshake_secret
304 57 : .request_handshake_secret,
305 57 : secured_message_context->handshake_secret.request_finished_key);
306 57 : if (!status) {
307 0 : return status;
308 : }
309 :
310 57 : status = libspdm_generate_finished_key(
311 : secured_message_context,
312 57 : secured_message_context->handshake_secret.response_handshake_secret,
313 57 : secured_message_context->handshake_secret.response_finished_key);
314 57 : if (!status) {
315 0 : return status;
316 : }
317 :
318 57 : status = libspdm_generate_aead_key_and_iv(secured_message_context,
319 : secured_message_context->handshake_secret
320 57 : .request_handshake_secret,
321 : secured_message_context->handshake_secret
322 57 : .request_handshake_encryption_key,
323 : secured_message_context->handshake_secret
324 57 : .request_handshake_salt);
325 57 : if (!status) {
326 0 : return status;
327 : }
328 57 : secured_message_context->handshake_secret.request_handshake_sequence_number = 0;
329 :
330 57 : status = libspdm_generate_aead_key_and_iv(
331 : secured_message_context,
332 57 : secured_message_context->handshake_secret.response_handshake_secret,
333 57 : secured_message_context->handshake_secret.response_handshake_encryption_key,
334 57 : secured_message_context->handshake_secret.response_handshake_salt);
335 57 : if (!status) {
336 0 : return status;
337 : }
338 :
339 57 : secured_message_context->handshake_secret.response_handshake_sequence_number = 0;
340 57 : libspdm_zero_mem(secured_message_context->master_secret.dhe_secret, LIBSPDM_MAX_DHE_KEY_SIZE);
341 :
342 57 : return true;
343 : }
344 :
345 : /**
346 : * This function generates SPDM DataKey for a session.
347 : *
348 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
349 : * @param th2_hash_data th2 hash
350 : *
351 : * @retval RETURN_SUCCESS SPDM DataKey for a session is generated.
352 : **/
353 32 : bool libspdm_generate_session_data_key(void *spdm_secured_message_context,
354 : const uint8_t *th2_hash_data)
355 : {
356 : bool status;
357 : size_t hash_size;
358 : uint8_t salt1[LIBSPDM_MAX_HASH_SIZE];
359 : uint8_t bin_str0[128];
360 : size_t bin_str0_size;
361 : uint8_t bin_str3[128];
362 : size_t bin_str3_size;
363 : uint8_t bin_str4[128];
364 : size_t bin_str4_size;
365 : uint8_t bin_str8[128];
366 : size_t bin_str8_size;
367 : libspdm_secured_message_context_t *secured_message_context;
368 : uint8_t zero_filled_buffer[LIBSPDM_MAX_HASH_SIZE];
369 :
370 32 : secured_message_context = spdm_secured_message_context;
371 :
372 32 : hash_size = secured_message_context->hash_size;
373 :
374 32 : if (!(secured_message_context->use_psk)) {
375 21 : bin_str0_size = sizeof(bin_str0);
376 21 : libspdm_bin_concat(secured_message_context->version,
377 : SPDM_BIN_STR_0_LABEL,
378 : sizeof(SPDM_BIN_STR_0_LABEL) - 1, NULL,
379 21 : (uint16_t)hash_size, hash_size, bin_str0,
380 : &bin_str0_size);
381 :
382 21 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str0 (0x%zx):\n", bin_str0_size));
383 21 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str0, bin_str0_size);
384 :
385 21 : status = libspdm_hkdf_expand(
386 : secured_message_context->base_hash_algo,
387 21 : secured_message_context->master_secret.handshake_secret,
388 : hash_size, bin_str0, bin_str0_size, salt1, hash_size);
389 21 : if (!status) {
390 0 : return false;
391 : }
392 21 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "salt1 (0x%zx) - ", hash_size));
393 21 : LIBSPDM_INTERNAL_DUMP_DATA(salt1, hash_size);
394 21 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
395 :
396 21 : libspdm_zero_mem(zero_filled_buffer, sizeof(zero_filled_buffer));
397 21 : status = libspdm_hkdf_extract(
398 : secured_message_context->base_hash_algo,
399 : zero_filled_buffer, hash_size, salt1, hash_size,
400 21 : secured_message_context->master_secret.master_secret, hash_size);
401 21 : if (!status) {
402 0 : goto cleanup;
403 : }
404 21 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "master_secret (0x%zx) - ", hash_size));
405 21 : LIBSPDM_INTERNAL_DUMP_DATA(
406 : secured_message_context->master_secret.master_secret,
407 : hash_size);
408 21 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
409 : }
410 :
411 32 : bin_str3_size = sizeof(bin_str3);
412 32 : libspdm_bin_concat(secured_message_context->version,
413 : SPDM_BIN_STR_3_LABEL, sizeof(SPDM_BIN_STR_3_LABEL) - 1,
414 32 : th2_hash_data, (uint16_t)hash_size, hash_size,
415 : bin_str3, &bin_str3_size);
416 :
417 32 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str3 (0x%zx):\n", bin_str3_size));
418 32 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str3, bin_str3_size);
419 :
420 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
421 32 : if (secured_message_context->use_psk) {
422 11 : status = libspdm_psk_master_secret_hkdf_expand(
423 11 : secured_message_context->version,
424 : secured_message_context->base_hash_algo,
425 11 : secured_message_context->psk_hint,
426 : secured_message_context->psk_hint_size, bin_str3,
427 : bin_str3_size,
428 11 : secured_message_context->application_secret.request_data_secret,
429 : hash_size);
430 :
431 11 : if (!status) {
432 0 : goto cleanup;
433 : }
434 : }
435 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
436 32 : if (!(secured_message_context->use_psk)) {
437 21 : status = libspdm_hkdf_expand(
438 : secured_message_context->base_hash_algo,
439 21 : secured_message_context->master_secret.master_secret,
440 : hash_size, bin_str3, bin_str3_size,
441 21 : secured_message_context->application_secret.request_data_secret,
442 : hash_size);
443 :
444 21 : if (!status) {
445 0 : goto cleanup;
446 : }
447 : }
448 :
449 32 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "request_data_secret (0x%zx) - ", hash_size));
450 32 : LIBSPDM_INTERNAL_DUMP_DATA(
451 : secured_message_context->application_secret.request_data_secret,
452 : hash_size);
453 32 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
454 32 : bin_str4_size = sizeof(bin_str4);
455 32 : libspdm_bin_concat(secured_message_context->version,
456 : SPDM_BIN_STR_4_LABEL, sizeof(SPDM_BIN_STR_4_LABEL) - 1,
457 32 : th2_hash_data, (uint16_t)hash_size, hash_size,
458 : bin_str4, &bin_str4_size);
459 :
460 32 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str4 (0x%zx):\n", bin_str4_size));
461 32 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str4, bin_str4_size);
462 :
463 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
464 32 : if (secured_message_context->use_psk) {
465 11 : status = libspdm_psk_master_secret_hkdf_expand(
466 11 : secured_message_context->version,
467 : secured_message_context->base_hash_algo,
468 11 : secured_message_context->psk_hint,
469 : secured_message_context->psk_hint_size, bin_str4,
470 : bin_str4_size,
471 11 : secured_message_context->application_secret.response_data_secret,
472 : hash_size);
473 :
474 11 : if (!status) {
475 0 : goto cleanup;
476 : }
477 : }
478 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
479 32 : if (!(secured_message_context->use_psk)) {
480 21 : status = libspdm_hkdf_expand(
481 : secured_message_context->base_hash_algo,
482 21 : secured_message_context->master_secret.master_secret,
483 : hash_size, bin_str4, bin_str4_size,
484 21 : secured_message_context->application_secret.response_data_secret,
485 : hash_size);
486 :
487 21 : if (!status) {
488 0 : goto cleanup;
489 : }
490 : }
491 :
492 32 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "response_data_secret (0x%zx) - ", hash_size));
493 32 : LIBSPDM_INTERNAL_DUMP_DATA(
494 : secured_message_context->application_secret.response_data_secret,
495 : hash_size);
496 32 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
497 :
498 32 : bin_str8_size = sizeof(bin_str8);
499 32 : libspdm_bin_concat(secured_message_context->version,
500 : SPDM_BIN_STR_8_LABEL, sizeof(SPDM_BIN_STR_8_LABEL) - 1,
501 32 : th2_hash_data, (uint16_t)hash_size, hash_size,
502 : bin_str8, &bin_str8_size);
503 :
504 32 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str8 (0x%zx):\n", bin_str8_size));
505 32 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str8, bin_str8_size);
506 :
507 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
508 32 : if (secured_message_context->use_psk) {
509 11 : status = libspdm_psk_master_secret_hkdf_expand(
510 11 : secured_message_context->version,
511 : secured_message_context->base_hash_algo,
512 11 : secured_message_context->psk_hint,
513 : secured_message_context->psk_hint_size, bin_str8,
514 : bin_str8_size,
515 11 : secured_message_context->export_master_secret,
516 : hash_size);
517 :
518 11 : if (!status) {
519 0 : goto cleanup;
520 : }
521 : }
522 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
523 32 : if (!(secured_message_context->use_psk)) {
524 21 : status = libspdm_hkdf_expand(
525 : secured_message_context->base_hash_algo,
526 21 : secured_message_context->master_secret.master_secret,
527 : hash_size, bin_str8, bin_str8_size,
528 21 : secured_message_context->export_master_secret,
529 : hash_size);
530 :
531 21 : if (!status) {
532 0 : goto cleanup;
533 : }
534 : }
535 :
536 32 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "export_master_secret (0x%zx) - ", hash_size));
537 32 : LIBSPDM_INTERNAL_DUMP_DATA(
538 : secured_message_context->export_master_secret, hash_size);
539 32 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
540 :
541 32 : status = libspdm_generate_aead_key_and_iv(
542 : secured_message_context,
543 32 : secured_message_context->application_secret.request_data_secret,
544 32 : secured_message_context->application_secret.request_data_encryption_key,
545 32 : secured_message_context->application_secret.request_data_salt);
546 32 : if (!status) {
547 0 : goto cleanup;
548 : }
549 32 : secured_message_context->application_secret.request_data_sequence_number = 0;
550 :
551 32 : status = libspdm_generate_aead_key_and_iv(
552 : secured_message_context,
553 32 : secured_message_context->application_secret.response_data_secret,
554 32 : secured_message_context->application_secret.response_data_encryption_key,
555 32 : secured_message_context->application_secret.response_data_salt);
556 32 : if (!status) {
557 0 : goto cleanup;
558 : }
559 32 : secured_message_context->application_secret.response_data_sequence_number = 0;
560 :
561 32 : cleanup:
562 : /*zero salt1 for security*/
563 32 : libspdm_zero_mem(salt1, hash_size);
564 32 : return status;
565 : }
566 :
567 : /**
568 : * This function creates the updates of SPDM DataKey for a session.
569 : *
570 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
571 : * @param action Indicate of the key update action.
572 : *
573 : * @retval RETURN_SUCCESS SPDM DataKey update is created.
574 : **/
575 102 : bool libspdm_create_update_session_data_key(void *spdm_secured_message_context,
576 : libspdm_key_update_action_t action)
577 : {
578 : bool status;
579 : size_t hash_size;
580 : uint8_t bin_str9[128];
581 : size_t bin_str9_size;
582 : libspdm_secured_message_context_t *secured_message_context;
583 :
584 102 : secured_message_context = spdm_secured_message_context;
585 :
586 102 : hash_size = secured_message_context->hash_size;
587 :
588 102 : bin_str9_size = sizeof(bin_str9);
589 102 : libspdm_bin_concat(secured_message_context->version,
590 : SPDM_BIN_STR_9_LABEL, sizeof(SPDM_BIN_STR_9_LABEL) - 1,
591 102 : NULL, (uint16_t)hash_size, hash_size, bin_str9,
592 : &bin_str9_size);
593 :
594 102 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str9 (0x%zx):\n", bin_str9_size));
595 102 : LIBSPDM_INTERNAL_DUMP_HEX(bin_str9, bin_str9_size);
596 :
597 102 : if (action == LIBSPDM_KEY_UPDATE_ACTION_REQUESTER) {
598 40 : libspdm_copy_mem(&secured_message_context->application_secret_backup
599 : .request_data_secret,
600 : sizeof(secured_message_context->application_secret_backup
601 : .request_data_secret),
602 40 : &secured_message_context->application_secret
603 : .request_data_secret,
604 : LIBSPDM_MAX_HASH_SIZE);
605 40 : libspdm_copy_mem(&secured_message_context->application_secret_backup
606 : .request_data_encryption_key,
607 : sizeof(secured_message_context->application_secret_backup
608 : .request_data_encryption_key),
609 40 : &secured_message_context->application_secret
610 : .request_data_encryption_key,
611 : LIBSPDM_MAX_AEAD_KEY_SIZE);
612 40 : libspdm_copy_mem(&secured_message_context->application_secret_backup
613 : .request_data_salt,
614 : sizeof(secured_message_context->application_secret_backup
615 : .request_data_salt),
616 40 : &secured_message_context->application_secret
617 : .request_data_salt,
618 : LIBSPDM_MAX_AEAD_IV_SIZE);
619 : secured_message_context->application_secret_backup
620 40 : .request_data_sequence_number =
621 40 : secured_message_context->application_secret.request_data_sequence_number;
622 :
623 40 : status = libspdm_hkdf_expand(
624 : secured_message_context->base_hash_algo,
625 40 : secured_message_context->application_secret.request_data_secret,
626 : hash_size, bin_str9, bin_str9_size,
627 40 : secured_message_context->application_secret.request_data_secret,
628 : hash_size);
629 40 : if (!status) {
630 0 : return false;
631 : }
632 40 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "RequestDataSecretUpdate (0x%zx) - ", hash_size));
633 40 : LIBSPDM_INTERNAL_DUMP_DATA(secured_message_context->application_secret.request_data_secret,
634 : hash_size);
635 40 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
636 :
637 40 : status = libspdm_generate_aead_key_and_iv(
638 : secured_message_context,
639 40 : secured_message_context->application_secret.request_data_secret,
640 40 : secured_message_context->application_secret.request_data_encryption_key,
641 40 : secured_message_context->application_secret.request_data_salt);
642 40 : if (!status) {
643 0 : return status;
644 : }
645 40 : secured_message_context->application_secret.request_data_sequence_number = 0;
646 :
647 40 : secured_message_context->requester_backup_valid = true;
648 62 : } else if (action == LIBSPDM_KEY_UPDATE_ACTION_RESPONDER) {
649 62 : libspdm_copy_mem(&secured_message_context->application_secret_backup
650 : .response_data_secret,
651 : sizeof(secured_message_context->application_secret_backup
652 : .response_data_secret),
653 62 : &secured_message_context->application_secret
654 : .response_data_secret,
655 : LIBSPDM_MAX_HASH_SIZE);
656 62 : libspdm_copy_mem(&secured_message_context->application_secret_backup
657 : .response_data_encryption_key,
658 : sizeof(secured_message_context->application_secret_backup
659 : .response_data_encryption_key),
660 62 : &secured_message_context->application_secret
661 : .response_data_encryption_key,
662 : LIBSPDM_MAX_AEAD_KEY_SIZE);
663 62 : libspdm_copy_mem(&secured_message_context->application_secret_backup
664 : .response_data_salt,
665 : sizeof(secured_message_context->application_secret_backup
666 : .response_data_salt),
667 62 : &secured_message_context->application_secret
668 : .response_data_salt,
669 : LIBSPDM_MAX_AEAD_IV_SIZE);
670 : secured_message_context->application_secret_backup
671 62 : .response_data_sequence_number =
672 62 : secured_message_context->application_secret.response_data_sequence_number;
673 :
674 62 : status = libspdm_hkdf_expand(
675 : secured_message_context->base_hash_algo,
676 62 : secured_message_context->application_secret.response_data_secret,
677 : hash_size, bin_str9, bin_str9_size,
678 62 : secured_message_context->application_secret.response_data_secret,
679 : hash_size);
680 62 : if (!status) {
681 0 : return false;
682 : }
683 62 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ResponseDataSecretUpdate (0x%zx) - ",
684 : hash_size));
685 62 : LIBSPDM_INTERNAL_DUMP_DATA(secured_message_context->application_secret.response_data_secret,
686 : hash_size);
687 62 : LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
688 :
689 62 : status = libspdm_generate_aead_key_and_iv(
690 : secured_message_context,
691 62 : secured_message_context->application_secret.response_data_secret,
692 62 : secured_message_context->application_secret.response_data_encryption_key,
693 62 : secured_message_context->application_secret.response_data_salt);
694 62 : if (!status) {
695 0 : return status;
696 : }
697 62 : secured_message_context->application_secret.response_data_sequence_number = 0;
698 :
699 62 : secured_message_context->responder_backup_valid = true;
700 : } else {
701 0 : return false;
702 : }
703 :
704 102 : return true;
705 : }
706 :
707 215 : void libspdm_clear_handshake_secret(void *spdm_secured_message_context)
708 : {
709 : libspdm_secured_message_context_t *secured_message_context;
710 :
711 215 : secured_message_context = spdm_secured_message_context;
712 :
713 215 : libspdm_zero_mem(secured_message_context->master_secret.handshake_secret,
714 : LIBSPDM_MAX_HASH_SIZE);
715 215 : libspdm_zero_mem(&(secured_message_context->handshake_secret),
716 : sizeof(libspdm_session_info_struct_handshake_secret_t));
717 :
718 215 : secured_message_context->requester_backup_valid = false;
719 215 : secured_message_context->responder_backup_valid = false;
720 215 : }
721 :
722 215 : void libspdm_clear_master_secret(void *spdm_secured_message_context)
723 : {
724 : libspdm_secured_message_context_t *secured_message_context;
725 :
726 215 : secured_message_context = spdm_secured_message_context;
727 :
728 215 : libspdm_zero_mem(secured_message_context->master_secret.master_secret, LIBSPDM_MAX_HASH_SIZE);
729 215 : }
730 :
731 : /**
732 : * This function activates the update of SPDM DataKey for a session.
733 : *
734 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
735 : * @param action Indicate of the key update action.
736 : * @param use_new_key Indicate if the new key should be used.
737 : *
738 : * @retval RETURN_SUCCESS SPDM DataKey update is activated.
739 : **/
740 93 : bool libspdm_activate_update_session_data_key(void *spdm_secured_message_context,
741 : libspdm_key_update_action_t action,
742 : bool use_new_key)
743 : {
744 : libspdm_secured_message_context_t *secured_message_context;
745 :
746 93 : secured_message_context = spdm_secured_message_context;
747 :
748 93 : if (!use_new_key) {
749 52 : if ((action == LIBSPDM_KEY_UPDATE_ACTION_REQUESTER) &&
750 0 : secured_message_context->requester_backup_valid) {
751 0 : libspdm_copy_mem(&secured_message_context->application_secret
752 : .request_data_secret,
753 : sizeof(secured_message_context->application_secret
754 : .request_data_secret),
755 0 : &secured_message_context
756 : ->application_secret_backup
757 : .request_data_secret,
758 : LIBSPDM_MAX_HASH_SIZE);
759 0 : libspdm_copy_mem(&secured_message_context->application_secret
760 : .request_data_encryption_key,
761 : sizeof(secured_message_context->application_secret
762 : .request_data_encryption_key),
763 0 : &secured_message_context
764 : ->application_secret_backup
765 : .request_data_encryption_key,
766 : LIBSPDM_MAX_AEAD_KEY_SIZE);
767 0 : libspdm_copy_mem(&secured_message_context->application_secret
768 : .request_data_salt,
769 : sizeof(secured_message_context->application_secret
770 : .request_data_salt),
771 0 : &secured_message_context
772 : ->application_secret_backup
773 : .request_data_salt,
774 : LIBSPDM_MAX_AEAD_IV_SIZE);
775 : secured_message_context->application_secret
776 0 : .request_data_sequence_number =
777 0 : secured_message_context->application_secret_backup.request_data_sequence_number;
778 52 : } else if ((action == LIBSPDM_KEY_UPDATE_ACTION_RESPONDER) &&
779 52 : secured_message_context->responder_backup_valid) {
780 52 : libspdm_copy_mem(&secured_message_context->application_secret
781 : .response_data_secret,
782 : sizeof(secured_message_context->application_secret
783 : .response_data_secret),
784 52 : &secured_message_context
785 : ->application_secret_backup
786 : .response_data_secret,
787 : LIBSPDM_MAX_HASH_SIZE);
788 52 : libspdm_copy_mem(&secured_message_context->application_secret
789 : .response_data_encryption_key,
790 : sizeof(secured_message_context->application_secret
791 : .response_data_encryption_key),
792 52 : &secured_message_context
793 : ->application_secret_backup
794 : .response_data_encryption_key,
795 : LIBSPDM_MAX_AEAD_KEY_SIZE);
796 52 : libspdm_copy_mem(&secured_message_context->application_secret
797 : .response_data_salt,
798 : sizeof(secured_message_context->application_secret
799 : .response_data_salt),
800 52 : &secured_message_context
801 : ->application_secret_backup
802 : .response_data_salt,
803 : LIBSPDM_MAX_AEAD_IV_SIZE);
804 52 : secured_message_context->application_secret.response_data_sequence_number =
805 52 : secured_message_context->application_secret_backup.response_data_sequence_number;
806 : }
807 : }
808 :
809 93 : if (action == LIBSPDM_KEY_UPDATE_ACTION_REQUESTER) {
810 35 : libspdm_zero_mem(&secured_message_context->application_secret_backup.request_data_secret,
811 : LIBSPDM_MAX_HASH_SIZE);
812 35 : libspdm_zero_mem(&secured_message_context->application_secret_backup
813 : .request_data_encryption_key,
814 : LIBSPDM_MAX_AEAD_KEY_SIZE);
815 35 : libspdm_zero_mem(&secured_message_context->application_secret_backup.request_data_salt,
816 : LIBSPDM_MAX_AEAD_IV_SIZE);
817 35 : secured_message_context->application_secret_backup.request_data_sequence_number = 0;
818 35 : secured_message_context->requester_backup_valid = false;
819 58 : } else if (action == LIBSPDM_KEY_UPDATE_ACTION_RESPONDER) {
820 58 : libspdm_zero_mem(&secured_message_context->application_secret_backup.response_data_secret,
821 : LIBSPDM_MAX_HASH_SIZE);
822 58 : libspdm_zero_mem(&secured_message_context->application_secret_backup
823 : .response_data_encryption_key,
824 : LIBSPDM_MAX_AEAD_KEY_SIZE);
825 58 : libspdm_zero_mem(&secured_message_context->application_secret_backup.response_data_salt,
826 : LIBSPDM_MAX_AEAD_IV_SIZE);
827 58 : secured_message_context->application_secret_backup.response_data_sequence_number = 0;
828 58 : secured_message_context->responder_backup_valid = false;
829 : }
830 :
831 93 : return true;
832 : }
833 :
834 : /**
835 : * Allocates and initializes one HMAC context for subsequent use, with request_finished_key.
836 : *
837 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
838 : *
839 : * @return Pointer to the HMAC context that has been initialized.
840 : **/
841 0 : void *libspdm_hmac_new_with_request_finished_key(void *spdm_secured_message_context)
842 : {
843 : libspdm_secured_message_context_t *secured_message_context;
844 :
845 0 : secured_message_context = spdm_secured_message_context;
846 0 : return libspdm_hmac_new(secured_message_context->base_hash_algo);
847 : }
848 :
849 : /**
850 : * Release the specified HMAC context, with request_finished_key.
851 : *
852 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
853 : * @param hmac_ctx Pointer to the HMAC context to be released.
854 : **/
855 0 : void libspdm_hmac_free_with_request_finished_key(
856 : void *spdm_secured_message_context, void *hmac_ctx)
857 : {
858 : libspdm_secured_message_context_t *secured_message_context;
859 :
860 0 : secured_message_context = spdm_secured_message_context;
861 0 : libspdm_hmac_free(secured_message_context->base_hash_algo, hmac_ctx);
862 0 : }
863 :
864 : /**
865 : * Set request_finished_key for subsequent use. It must be done before any
866 : * calling to hmac_update().
867 : *
868 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
869 : * @param hmac_ctx Pointer to HMAC context.
870 : *
871 : * @retval true The key is set successfully.
872 : * @retval false The key is set unsuccessfully.
873 : **/
874 0 : bool libspdm_hmac_init_with_request_finished_key(
875 : void *spdm_secured_message_context, void *hmac_ctx)
876 : {
877 : libspdm_secured_message_context_t *secured_message_context;
878 :
879 0 : secured_message_context = spdm_secured_message_context;
880 0 : return libspdm_hmac_init(
881 : secured_message_context->base_hash_algo, hmac_ctx,
882 0 : secured_message_context->handshake_secret.request_finished_key,
883 : secured_message_context->hash_size);
884 : }
885 :
886 : /**
887 : * Makes a copy of an existing HMAC context, with request_finished_key.
888 : *
889 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
890 : * @param hmac_ctx Pointer to HMAC context being copied.
891 : * @param new_hmac_ctx Pointer to new HMAC context.
892 : *
893 : * @retval true HMAC context copy succeeded.
894 : * @retval false HMAC context copy failed.
895 : **/
896 0 : bool libspdm_hmac_duplicate_with_request_finished_key(
897 : void *spdm_secured_message_context,
898 : const void *hmac_ctx, void *new_hmac_ctx)
899 : {
900 : libspdm_secured_message_context_t *secured_message_context;
901 :
902 0 : secured_message_context = spdm_secured_message_context;
903 0 : return libspdm_hmac_duplicate(secured_message_context->base_hash_algo, hmac_ctx, new_hmac_ctx);
904 : }
905 :
906 : /**
907 : * Digests the input data and updates HMAC context, with request_finished_key.
908 : *
909 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
910 : * @param hmac_ctx Pointer to HMAC context being copied.
911 : * @param data Pointer to the buffer containing the data to be digested.
912 : * @param data_size size of data buffer in bytes.
913 : *
914 : * @retval true HMAC data digest succeeded.
915 : * @retval false HMAC data digest failed.
916 : **/
917 0 : bool libspdm_hmac_update_with_request_finished_key(
918 : void *spdm_secured_message_context,
919 : void *hmac_ctx, const void *data,
920 : size_t data_size)
921 : {
922 : libspdm_secured_message_context_t *secured_message_context;
923 :
924 0 : secured_message_context = spdm_secured_message_context;
925 0 : return libspdm_hmac_update(secured_message_context->base_hash_algo, hmac_ctx, data, data_size);
926 : }
927 :
928 : /**
929 : * Completes computation of the HMAC digest value, with request_finished_key.
930 : *
931 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
932 : * @param hmac_ctx Pointer to HMAC context being copied.
933 : * @param hmac_value Pointer to a buffer that receives the HMAC digest value
934 : *
935 : * @retval true HMAC data digest succeeded.
936 : * @retval false HMAC data digest failed.
937 : **/
938 0 : bool libspdm_hmac_final_with_request_finished_key(
939 : void *spdm_secured_message_context,
940 : void *hmac_ctx, uint8_t *hmac_value)
941 : {
942 : libspdm_secured_message_context_t *secured_message_context;
943 :
944 0 : secured_message_context = spdm_secured_message_context;
945 0 : return libspdm_hmac_final(secured_message_context->base_hash_algo, hmac_ctx, hmac_value);
946 : }
947 :
948 : /**
949 : * Computes the HMAC of a input data buffer, with request_finished_key.
950 : *
951 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
952 : * @param data Pointer to the buffer containing the data to be HMACed.
953 : * @param data_size size of data buffer in bytes.
954 : * @param hash_value Pointer to a buffer that receives the HMAC value.
955 : *
956 : * @retval true HMAC computation succeeded.
957 : * @retval false HMAC computation failed.
958 : **/
959 89 : bool libspdm_hmac_all_with_request_finished_key(void *spdm_secured_message_context,
960 : const void *data, size_t data_size,
961 : uint8_t *hmac_value)
962 : {
963 : libspdm_secured_message_context_t *secured_message_context;
964 :
965 89 : secured_message_context = spdm_secured_message_context;
966 178 : return libspdm_hmac_all(
967 : secured_message_context->base_hash_algo, data, data_size,
968 89 : secured_message_context->handshake_secret.request_finished_key,
969 : secured_message_context->hash_size, hmac_value);
970 : }
971 :
972 : /**
973 : * Allocates and initializes one HMAC context for subsequent use, with response_finished_key.
974 : *
975 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
976 : *
977 : * @return Pointer to the HMAC context that has been initialized.
978 : **/
979 0 : void *libspdm_hmac_new_with_response_finished_key(void *spdm_secured_message_context)
980 : {
981 : libspdm_secured_message_context_t *secured_message_context;
982 :
983 0 : secured_message_context = spdm_secured_message_context;
984 0 : return libspdm_hmac_new(secured_message_context->base_hash_algo);
985 : }
986 :
987 : /**
988 : * Release the specified HMAC context, with response_finished_key.
989 : *
990 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
991 : * @param hmac_ctx Pointer to the HMAC context to be released.
992 : **/
993 0 : void libspdm_hmac_free_with_response_finished_key(
994 : void *spdm_secured_message_context, void *hmac_ctx)
995 : {
996 : libspdm_secured_message_context_t *secured_message_context;
997 :
998 0 : secured_message_context = spdm_secured_message_context;
999 0 : libspdm_hmac_free(secured_message_context->base_hash_algo, hmac_ctx);
1000 0 : }
1001 :
1002 : /**
1003 : * Set response_finished_key for subsequent use. It must be done before any
1004 : * calling to hmac_update().
1005 : *
1006 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
1007 : * @param hmac_ctx Pointer to HMAC context.
1008 : *
1009 : * @retval true The key is set successfully.
1010 : * @retval false The key is set unsuccessfully.
1011 : **/
1012 0 : bool libspdm_hmac_init_with_response_finished_key(
1013 : void *spdm_secured_message_context, void *hmac_ctx)
1014 : {
1015 : libspdm_secured_message_context_t *secured_message_context;
1016 :
1017 0 : secured_message_context = spdm_secured_message_context;
1018 0 : return libspdm_hmac_init(
1019 : secured_message_context->base_hash_algo, hmac_ctx,
1020 0 : secured_message_context->handshake_secret.response_finished_key,
1021 : secured_message_context->hash_size);
1022 : }
1023 :
1024 : /**
1025 : * Makes a copy of an existing HMAC context, with response_finished_key.
1026 : *
1027 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
1028 : * @param hmac_ctx Pointer to HMAC context being copied.
1029 : * @param new_hmac_ctx Pointer to new HMAC context.
1030 : *
1031 : * @retval true HMAC context copy succeeded.
1032 : * @retval false HMAC context copy failed.
1033 : **/
1034 0 : bool libspdm_hmac_duplicate_with_response_finished_key(
1035 : void *spdm_secured_message_context,
1036 : const void *hmac_ctx, void *new_hmac_ctx)
1037 : {
1038 : libspdm_secured_message_context_t *secured_message_context;
1039 :
1040 0 : secured_message_context = spdm_secured_message_context;
1041 0 : return libspdm_hmac_duplicate(secured_message_context->base_hash_algo, hmac_ctx, new_hmac_ctx);
1042 : }
1043 :
1044 : /**
1045 : * Digests the input data and updates HMAC context, with response_finished_key.
1046 : *
1047 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
1048 : * @param hmac_ctx Pointer to HMAC context being copied.
1049 : * @param data Pointer to the buffer containing the data to be digested.
1050 : * @param data_size size of data buffer in bytes.
1051 : *
1052 : * @retval true HMAC data digest succeeded.
1053 : * @retval false HMAC data digest failed.
1054 : **/
1055 0 : bool libspdm_hmac_update_with_response_finished_key(
1056 : void *spdm_secured_message_context,
1057 : void *hmac_ctx, const void *data,
1058 : size_t data_size)
1059 : {
1060 : libspdm_secured_message_context_t *secured_message_context;
1061 :
1062 0 : secured_message_context = spdm_secured_message_context;
1063 0 : return libspdm_hmac_update(secured_message_context->base_hash_algo, hmac_ctx, data, data_size);
1064 : }
1065 :
1066 : /**
1067 : * Completes computation of the HMAC digest value, with response_finished_key.
1068 : *
1069 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
1070 : * @param hmac_ctx Pointer to HMAC context being copied.
1071 : * @param hmac_value Pointer to a buffer that receives the HMAC digest value
1072 : *
1073 : * @retval true HMAC data digest succeeded.
1074 : * @retval false HMAC data digest failed.
1075 : **/
1076 0 : bool libspdm_hmac_final_with_response_finished_key(
1077 : void *spdm_secured_message_context,
1078 : void *hmac_ctx, uint8_t *hmac_value)
1079 : {
1080 : libspdm_secured_message_context_t *secured_message_context;
1081 :
1082 0 : secured_message_context = spdm_secured_message_context;
1083 0 : return libspdm_hmac_final(secured_message_context->base_hash_algo, hmac_ctx, hmac_value);
1084 : }
1085 :
1086 : /**
1087 : * Computes the HMAC of a input data buffer, with response_finished_key.
1088 : *
1089 : * @param spdm_secured_message_context A pointer to the SPDM secured message context.
1090 : * @param data Pointer to the buffer containing the data to be HMACed.
1091 : * @param data_size size of data buffer in bytes.
1092 : * @param hash_value Pointer to a buffer that receives the HMAC value.
1093 : *
1094 : * @retval true HMAC computation succeeded.
1095 : * @retval false HMAC computation failed.
1096 : **/
1097 74 : bool libspdm_hmac_all_with_response_finished_key(
1098 : void *spdm_secured_message_context, const void *data,
1099 : size_t data_size, uint8_t *hmac_value)
1100 : {
1101 : libspdm_secured_message_context_t *secured_message_context;
1102 :
1103 74 : secured_message_context = spdm_secured_message_context;
1104 148 : return libspdm_hmac_all(
1105 : secured_message_context->base_hash_algo, data, data_size,
1106 74 : secured_message_context->handshake_secret.response_finished_key,
1107 : secured_message_context->hash_size, hmac_value);
1108 : }
|
