LCOV - code coverage report
Current view: top level - library/spdm_secured_message_lib - libspdm_secmes_session.c (source / functions) Coverage Total Hit
Test: coverage.info Lines: 80.9 % 403 326
Test Date: 2025-08-24 08:11:14 Functions: 47.8 % 23 11

            Line data    Source code
       1              : /**
       2              :  *  Copyright Notice:
       3              :  *  Copyright 2021-2025 DMTF. All rights reserved.
       4              :  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
       5              :  **/
       6              : 
       7              : #include "internal/libspdm_secured_message_lib.h"
       8              : 
       9              : /**
      10              :  * This function concatenates binary data, which is used as info in HKDF expand later.
      11              :  *
      12              :  * @param  label        An ascii string label for the libspdm_bin_concat.
      13              :  * @param  label_size   The size in bytes of the ASCII string label, not including NULL terminator.
      14              :  * @param  context      A pre-defined hash value as the context for the libspdm_bin_concat.
      15              :  * @param  length       16 bits length for the libspdm_bin_concat.
      16              :  * @param  hash_size    The size in bytes of the context hash.
      17              :  * @param  out_bin      The buffer to store the output binary.
      18              :  * @param  out_bin_size The size in bytes for the out_bin.
      19              :  **/
      20         1273 : void libspdm_bin_concat(spdm_version_number_t spdm_version,
      21              :                         const char *label, size_t label_size,
      22              :                         const uint8_t *context, uint16_t length,
      23              :                         size_t hash_size, uint8_t *out_bin,
      24              :                         size_t *out_bin_size)
      25              : {
      26              :     size_t final_size;
      27              : 
      28              :     /* The correct version characters (1.1 or 1.2) will replace the x.x. */
      29              :     #define LIBSPDM_BIN_CONCAT_LABEL "spdmx.x "
      30              : 
      31         1273 :     final_size = sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1 + label_size;
      32         1273 :     if (context != NULL) {
      33          283 :         final_size += hash_size;
      34              :     }
      35              : 
      36         1273 :     LIBSPDM_ASSERT(*out_bin_size >= final_size);
      37              : 
      38         1273 :     *out_bin_size = final_size;
      39              : 
      40         1273 :     libspdm_copy_mem(out_bin, *out_bin_size, &length, sizeof(uint16_t));
      41         1273 :     libspdm_copy_mem(out_bin + sizeof(uint16_t), *out_bin_size - sizeof(uint16_t),
      42              :                      LIBSPDM_BIN_CONCAT_LABEL, sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1);
      43              : 
      44              :     /* Patch the version. */
      45         1273 :     out_bin[6] = (char)('0' + ((spdm_version >> 12) & 0xF));
      46         1273 :     out_bin[8] = (char)('0' + ((spdm_version >> 8) & 0xF));
      47         1273 :     libspdm_copy_mem(out_bin + sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1,
      48         1273 :                      *out_bin_size - (sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1),
      49              :                      label, label_size);
      50              : 
      51         1273 :     if (context != NULL) {
      52          283 :         libspdm_copy_mem(out_bin + sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) -
      53          283 :                          1 + label_size,
      54          283 :                          *out_bin_size - (sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) -
      55              :                                           1 + label_size), context, hash_size);
      56              :     }
      57              : 
      58              :     #undef LIBSPDM_BIN_CONCAT_LABEL
      59         1273 : }
      60              : 
      61              : /**
      62              :  * This function generates SPDM AEAD key and IV for a session.
      63              :  *
      64              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
      65              :  * @param  major_secret                  The major secret.
      66              :  * @param  key                          The buffer to store the AEAD key.
      67              :  * @param  iv                           The buffer to store the AEAD IV.
      68              :  *
      69              :  * @retval RETURN_SUCCESS  SPDM AEAD key and IV for a session is generated.
      70              :  **/
      71          288 : bool libspdm_generate_aead_key_and_iv(
      72              :     libspdm_secured_message_context_t *secured_message_context,
      73              :     const uint8_t *major_secret, uint8_t *key, uint8_t *iv)
      74              : {
      75              :     bool status;
      76              :     size_t hash_size;
      77              :     size_t key_length;
      78              :     size_t iv_length;
      79              :     uint8_t bin_str5[128];
      80              :     size_t bin_str5_size;
      81              :     uint8_t bin_str6[128];
      82              :     size_t bin_str6_size;
      83              : 
      84          288 :     hash_size = secured_message_context->hash_size;
      85          288 :     key_length = secured_message_context->aead_key_size;
      86          288 :     iv_length = secured_message_context->aead_iv_size;
      87              : 
      88          288 :     bin_str5_size = sizeof(bin_str5);
      89          288 :     libspdm_bin_concat(secured_message_context->version,
      90              :                        SPDM_BIN_STR_5_LABEL, sizeof(SPDM_BIN_STR_5_LABEL) - 1,
      91          288 :                        NULL, (uint16_t)key_length, hash_size, bin_str5,
      92              :                        &bin_str5_size);
      93              : 
      94          288 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str5 (0x%zx):\n", bin_str5_size));
      95          288 :     LIBSPDM_INTERNAL_DUMP_HEX(bin_str5, bin_str5_size);
      96          288 :     status = libspdm_hkdf_expand(secured_message_context->base_hash_algo,
      97              :                                  major_secret, hash_size, bin_str5,
      98              :                                  bin_str5_size, key, key_length);
      99          288 :     if (!status) {
     100            0 :         return false;
     101              :     }
     102          288 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "key (0x%zx) - ", key_length));
     103          288 :     LIBSPDM_INTERNAL_DUMP_DATA(key, key_length);
     104          288 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
     105              : 
     106          288 :     bin_str6_size = sizeof(bin_str6);
     107          288 :     libspdm_bin_concat(secured_message_context->version,
     108              :                        SPDM_BIN_STR_6_LABEL, sizeof(SPDM_BIN_STR_6_LABEL) - 1,
     109          288 :                        NULL, (uint16_t)iv_length, hash_size, bin_str6,
     110              :                        &bin_str6_size);
     111              : 
     112          288 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str6 (0x%zx):\n", bin_str6_size));
     113          288 :     LIBSPDM_INTERNAL_DUMP_HEX(bin_str6, bin_str6_size);
     114          288 :     status = libspdm_hkdf_expand(secured_message_context->base_hash_algo,
     115              :                                  major_secret, hash_size, bin_str6,
     116              :                                  bin_str6_size, iv, iv_length);
     117          288 :     if (!status) {
     118            0 :         return false;
     119              :     }
     120          288 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "iv (0x%zx) - ", iv_length));
     121          288 :     LIBSPDM_INTERNAL_DUMP_DATA(iv, iv_length);
     122          288 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
     123              : 
     124          288 :     return true;
     125              : }
     126              : 
     127              : /**
     128              :  * This function generates SPDM finished_key for a session.
     129              :  *
     130              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
     131              :  * @param  handshake_secret              The handshake secret.
     132              :  * @param  finished_key                  The buffer to store the finished key.
     133              :  *
     134              :  * @retval RETURN_SUCCESS  SPDM finished_key for a session is generated.
     135              :  **/
     136          114 : bool libspdm_generate_finished_key(
     137              :     libspdm_secured_message_context_t *secured_message_context,
     138              :     const uint8_t *handshake_secret, uint8_t *finished_key)
     139              : {
     140              :     bool status;
     141              :     size_t hash_size;
     142              :     uint8_t bin_str7[128];
     143              :     size_t bin_str7_size;
     144              : 
     145          114 :     hash_size = secured_message_context->hash_size;
     146              : 
     147          114 :     bin_str7_size = sizeof(bin_str7);
     148          114 :     libspdm_bin_concat(secured_message_context->version,
     149              :                        SPDM_BIN_STR_7_LABEL, sizeof(SPDM_BIN_STR_7_LABEL) - 1,
     150          114 :                        NULL, (uint16_t)hash_size, hash_size, bin_str7,
     151              :                        &bin_str7_size);
     152              : 
     153          114 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str7 (0x%zx):\n", bin_str7_size));
     154          114 :     LIBSPDM_INTERNAL_DUMP_HEX(bin_str7, bin_str7_size);
     155          114 :     status = libspdm_hkdf_expand(secured_message_context->base_hash_algo,
     156              :                                  handshake_secret, hash_size, bin_str7,
     157              :                                  bin_str7_size, finished_key, hash_size);
     158          114 :     if (!status) {
     159            0 :         return false;
     160              :     }
     161          114 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "finished_key (0x%zx) - ", hash_size));
     162          114 :     LIBSPDM_INTERNAL_DUMP_DATA(finished_key, hash_size);
     163          114 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
     164              : 
     165          114 :     return true;
     166              : }
     167              : 
     168              : /**
     169              :  * This function generates SPDM HandshakeKey for a session.
     170              :  *
     171              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
     172              :  * @param  th1_hash_data                  th1 hash
     173              :  *
     174              :  * @retval RETURN_SUCCESS  SPDM HandshakeKey for a session is generated.
     175              :  **/
     176           57 : bool libspdm_generate_session_handshake_key(void *spdm_secured_message_context,
     177              :                                             const uint8_t *th1_hash_data)
     178              : {
     179              :     bool status;
     180              :     size_t hash_size;
     181              :     uint8_t bin_str1[128];
     182              :     size_t bin_str1_size;
     183              :     uint8_t bin_str2[128];
     184              :     size_t bin_str2_size;
     185              :     libspdm_secured_message_context_t *secured_message_context;
     186              :     uint8_t salt0[LIBSPDM_MAX_HASH_SIZE];
     187              : 
     188           57 :     secured_message_context = spdm_secured_message_context;
     189              : 
     190           57 :     hash_size = secured_message_context->hash_size;
     191              : 
     192           57 :     if (!(secured_message_context->use_psk)) {
     193           31 :         if (secured_message_context->kem_alg != 0) {
     194            0 :             LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "[KEM Secret]: "));
     195              :         } else {
     196           31 :             LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "[DHE Secret]: "));
     197              :         }
     198           31 :         LIBSPDM_INTERNAL_DUMP_HEX_STR(
     199              :             secured_message_context->master_secret.shared_secret,
     200              :             secured_message_context->shared_key_size);
     201           31 :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
     202           31 :         libspdm_zero_mem(salt0, sizeof(salt0));
     203           31 :         status = libspdm_hkdf_extract(
     204              :             secured_message_context->base_hash_algo,
     205           31 :             secured_message_context->master_secret.shared_secret,
     206              :             secured_message_context->shared_key_size,
     207              :             salt0, hash_size,
     208           31 :             secured_message_context->master_secret.handshake_secret, hash_size);
     209           31 :         if (!status) {
     210            0 :             return false;
     211              :         }
     212           31 :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "handshake_secret (0x%zx) - ", hash_size));
     213           31 :         LIBSPDM_INTERNAL_DUMP_DATA(
     214              :             secured_message_context->master_secret.handshake_secret,
     215              :             hash_size);
     216           31 :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
     217              :     }
     218              : 
     219           57 :     bin_str1_size = sizeof(bin_str1);
     220           57 :     libspdm_bin_concat(secured_message_context->version,
     221              :                        SPDM_BIN_STR_1_LABEL, sizeof(SPDM_BIN_STR_1_LABEL) - 1,
     222           57 :                        th1_hash_data, (uint16_t)hash_size, hash_size,
     223              :                        bin_str1, &bin_str1_size);
     224              : 
     225           57 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str1 (0x%zx):\n", bin_str1_size));
     226           57 :     LIBSPDM_INTERNAL_DUMP_HEX(bin_str1, bin_str1_size);
     227              : 
     228              :     #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
     229           57 :     if (secured_message_context->use_psk) {
     230           26 :         status = libspdm_psk_handshake_secret_hkdf_expand(
     231           26 :             secured_message_context->version,
     232              :             secured_message_context->base_hash_algo,
     233           26 :             secured_message_context->psk_hint,
     234              :             secured_message_context->psk_hint_size, bin_str1,
     235              :             bin_str1_size,
     236           26 :             secured_message_context->handshake_secret.request_handshake_secret,
     237              :             hash_size);
     238              : 
     239           26 :         if (!status) {
     240            0 :             return false;
     241              :         }
     242              :     }
     243              :     #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
     244           57 :     if (!(secured_message_context->use_psk)) {
     245           31 :         status = libspdm_hkdf_expand(
     246              :             secured_message_context->base_hash_algo,
     247           31 :             secured_message_context->master_secret.handshake_secret,
     248              :             hash_size, bin_str1, bin_str1_size,
     249           31 :             secured_message_context->handshake_secret.request_handshake_secret,
     250              :             hash_size);
     251              : 
     252           31 :         if (!status) {
     253            0 :             return false;
     254              :         }
     255              :     }
     256              : 
     257           57 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "request_handshake_secret (0x%zx) - ", hash_size));
     258           57 :     LIBSPDM_INTERNAL_DUMP_DATA(secured_message_context->handshake_secret
     259              :                                .request_handshake_secret,
     260              :                                hash_size);
     261           57 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
     262           57 :     bin_str2_size = sizeof(bin_str2);
     263           57 :     libspdm_bin_concat(secured_message_context->version,
     264              :                        SPDM_BIN_STR_2_LABEL, sizeof(SPDM_BIN_STR_2_LABEL) - 1,
     265           57 :                        th1_hash_data, (uint16_t)hash_size, hash_size,
     266              :                        bin_str2, &bin_str2_size);
     267              : 
     268           57 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str2 (0x%zx):\n", bin_str2_size));
     269           57 :     LIBSPDM_INTERNAL_DUMP_HEX(bin_str2, bin_str2_size);
     270              : 
     271              :     #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
     272           57 :     if (secured_message_context->use_psk) {
     273           26 :         status = libspdm_psk_handshake_secret_hkdf_expand(
     274           26 :             secured_message_context->version,
     275              :             secured_message_context->base_hash_algo,
     276           26 :             secured_message_context->psk_hint,
     277              :             secured_message_context->psk_hint_size, bin_str2,
     278              :             bin_str2_size,
     279           26 :             secured_message_context->handshake_secret.response_handshake_secret,
     280              :             hash_size);
     281              : 
     282           26 :         if (!status) {
     283            0 :             return false;
     284              :         }
     285              :     }
     286              :     #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
     287           57 :     if (!(secured_message_context->use_psk)) {
     288           31 :         status = libspdm_hkdf_expand(
     289              :             secured_message_context->base_hash_algo,
     290           31 :             secured_message_context->master_secret.handshake_secret,
     291              :             hash_size, bin_str2, bin_str2_size,
     292           31 :             secured_message_context->handshake_secret.response_handshake_secret,
     293              :             hash_size);
     294              : 
     295           31 :         if (!status) {
     296            0 :             return false;
     297              :         }
     298              :     }
     299              : 
     300           57 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "response_handshake_secret (0x%zx) - ", hash_size));
     301           57 :     LIBSPDM_INTERNAL_DUMP_DATA(secured_message_context->handshake_secret.response_handshake_secret,
     302              :                                hash_size);
     303           57 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
     304              : 
     305           57 :     status = libspdm_generate_finished_key(
     306              :         secured_message_context,
     307              :         secured_message_context->handshake_secret
     308           57 :         .request_handshake_secret,
     309           57 :         secured_message_context->handshake_secret.request_finished_key);
     310           57 :     if (!status) {
     311            0 :         return status;
     312              :     }
     313              : 
     314           57 :     status = libspdm_generate_finished_key(
     315              :         secured_message_context,
     316           57 :         secured_message_context->handshake_secret.response_handshake_secret,
     317           57 :         secured_message_context->handshake_secret.response_finished_key);
     318           57 :     if (!status) {
     319            0 :         return status;
     320              :     }
     321              : 
     322           57 :     status = libspdm_generate_aead_key_and_iv(secured_message_context,
     323              :                                               secured_message_context->handshake_secret
     324           57 :                                               .request_handshake_secret,
     325              :                                               secured_message_context->handshake_secret
     326           57 :                                               .request_handshake_encryption_key,
     327              :                                               secured_message_context->handshake_secret
     328           57 :                                               .request_handshake_salt);
     329           57 :     if (!status) {
     330            0 :         return status;
     331              :     }
     332           57 :     secured_message_context->handshake_secret.request_handshake_sequence_number = 0;
     333              : 
     334           57 :     status = libspdm_generate_aead_key_and_iv(
     335              :         secured_message_context,
     336           57 :         secured_message_context->handshake_secret.response_handshake_secret,
     337           57 :         secured_message_context->handshake_secret.response_handshake_encryption_key,
     338           57 :         secured_message_context->handshake_secret.response_handshake_salt);
     339           57 :     if (!status) {
     340            0 :         return status;
     341              :     }
     342              : 
     343           57 :     secured_message_context->handshake_secret.response_handshake_sequence_number = 0;
     344           57 :     libspdm_zero_mem(secured_message_context->master_secret.shared_secret, LIBSPDM_MAX_SHARED_KEY_SIZE);
     345              : 
     346           57 :     return true;
     347              : }
     348              : 
     349              : /**
     350              :  * This function generates SPDM DataKey for a session.
     351              :  *
     352              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
     353              :  * @param  th2_hash_data                  th2 hash
     354              :  *
     355              :  * @retval RETURN_SUCCESS  SPDM DataKey for a session is generated.
     356              :  **/
     357           36 : bool libspdm_generate_session_data_key(void *spdm_secured_message_context,
     358              :                                        const uint8_t *th2_hash_data)
     359              : {
     360              :     bool status;
     361              :     size_t hash_size;
     362              :     uint8_t salt1[LIBSPDM_MAX_HASH_SIZE];
     363              :     uint8_t bin_str0[128];
     364              :     size_t bin_str0_size;
     365              :     uint8_t bin_str3[128];
     366              :     size_t bin_str3_size;
     367              :     uint8_t bin_str4[128];
     368              :     size_t bin_str4_size;
     369              :     uint8_t bin_str8[128];
     370              :     size_t bin_str8_size;
     371              :     libspdm_secured_message_context_t *secured_message_context;
     372              :     uint8_t zero_filled_buffer[LIBSPDM_MAX_HASH_SIZE];
     373              : 
     374           36 :     secured_message_context = spdm_secured_message_context;
     375              : 
     376           36 :     hash_size = secured_message_context->hash_size;
     377              : 
     378           36 :     if (!(secured_message_context->use_psk)) {
     379           23 :         bin_str0_size = sizeof(bin_str0);
     380           23 :         libspdm_bin_concat(secured_message_context->version,
     381              :                            SPDM_BIN_STR_0_LABEL,
     382              :                            sizeof(SPDM_BIN_STR_0_LABEL) - 1, NULL,
     383           23 :                            (uint16_t)hash_size, hash_size, bin_str0,
     384              :                            &bin_str0_size);
     385              : 
     386           23 :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str0 (0x%zx):\n", bin_str0_size));
     387           23 :         LIBSPDM_INTERNAL_DUMP_HEX(bin_str0, bin_str0_size);
     388              : 
     389           23 :         status = libspdm_hkdf_expand(
     390              :             secured_message_context->base_hash_algo,
     391           23 :             secured_message_context->master_secret.handshake_secret,
     392              :             hash_size, bin_str0, bin_str0_size, salt1, hash_size);
     393           23 :         if (!status) {
     394            0 :             return false;
     395              :         }
     396           23 :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "salt1 (0x%zx) - ", hash_size));
     397           23 :         LIBSPDM_INTERNAL_DUMP_DATA(salt1, hash_size);
     398           23 :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
     399              : 
     400           23 :         libspdm_zero_mem(zero_filled_buffer, sizeof(zero_filled_buffer));
     401           23 :         status = libspdm_hkdf_extract(
     402              :             secured_message_context->base_hash_algo,
     403              :             zero_filled_buffer, hash_size, salt1, hash_size,
     404           23 :             secured_message_context->master_secret.master_secret, hash_size);
     405           23 :         if (!status) {
     406            0 :             goto cleanup;
     407              :         }
     408           23 :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "master_secret (0x%zx) - ", hash_size));
     409           23 :         LIBSPDM_INTERNAL_DUMP_DATA(
     410              :             secured_message_context->master_secret.master_secret,
     411              :             hash_size);
     412           23 :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
     413              :     }
     414              : 
     415           36 :     bin_str3_size = sizeof(bin_str3);
     416           36 :     libspdm_bin_concat(secured_message_context->version,
     417              :                        SPDM_BIN_STR_3_LABEL, sizeof(SPDM_BIN_STR_3_LABEL) - 1,
     418           36 :                        th2_hash_data, (uint16_t)hash_size, hash_size,
     419              :                        bin_str3, &bin_str3_size);
     420              : 
     421           36 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str3 (0x%zx):\n", bin_str3_size));
     422           36 :     LIBSPDM_INTERNAL_DUMP_HEX(bin_str3, bin_str3_size);
     423              : 
     424              :     #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
     425           36 :     if (secured_message_context->use_psk) {
     426           13 :         status = libspdm_psk_master_secret_hkdf_expand(
     427           13 :             secured_message_context->version,
     428              :             secured_message_context->base_hash_algo,
     429           13 :             secured_message_context->psk_hint,
     430              :             secured_message_context->psk_hint_size, bin_str3,
     431              :             bin_str3_size,
     432           13 :             secured_message_context->application_secret.request_data_secret,
     433              :             hash_size);
     434              : 
     435           13 :         if (!status) {
     436            0 :             goto cleanup;
     437              :         }
     438              :     }
     439              :     #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
     440           36 :     if (!(secured_message_context->use_psk)) {
     441           23 :         status = libspdm_hkdf_expand(
     442              :             secured_message_context->base_hash_algo,
     443           23 :             secured_message_context->master_secret.master_secret,
     444              :             hash_size, bin_str3, bin_str3_size,
     445           23 :             secured_message_context->application_secret.request_data_secret,
     446              :             hash_size);
     447              : 
     448           23 :         if (!status) {
     449            0 :             goto cleanup;
     450              :         }
     451              :     }
     452              : 
     453           36 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "request_data_secret (0x%zx) - ", hash_size));
     454           36 :     LIBSPDM_INTERNAL_DUMP_DATA(
     455              :         secured_message_context->application_secret.request_data_secret,
     456              :         hash_size);
     457           36 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
     458           36 :     bin_str4_size = sizeof(bin_str4);
     459           36 :     libspdm_bin_concat(secured_message_context->version,
     460              :                        SPDM_BIN_STR_4_LABEL, sizeof(SPDM_BIN_STR_4_LABEL) - 1,
     461           36 :                        th2_hash_data, (uint16_t)hash_size, hash_size,
     462              :                        bin_str4, &bin_str4_size);
     463              : 
     464           36 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str4 (0x%zx):\n", bin_str4_size));
     465           36 :     LIBSPDM_INTERNAL_DUMP_HEX(bin_str4, bin_str4_size);
     466              : 
     467              :     #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
     468           36 :     if (secured_message_context->use_psk) {
     469           13 :         status = libspdm_psk_master_secret_hkdf_expand(
     470           13 :             secured_message_context->version,
     471              :             secured_message_context->base_hash_algo,
     472           13 :             secured_message_context->psk_hint,
     473              :             secured_message_context->psk_hint_size, bin_str4,
     474              :             bin_str4_size,
     475           13 :             secured_message_context->application_secret.response_data_secret,
     476              :             hash_size);
     477              : 
     478           13 :         if (!status) {
     479            0 :             goto cleanup;
     480              :         }
     481              :     }
     482              :     #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
     483           36 :     if (!(secured_message_context->use_psk)) {
     484           23 :         status = libspdm_hkdf_expand(
     485              :             secured_message_context->base_hash_algo,
     486           23 :             secured_message_context->master_secret.master_secret,
     487              :             hash_size, bin_str4, bin_str4_size,
     488           23 :             secured_message_context->application_secret.response_data_secret,
     489              :             hash_size);
     490              : 
     491           23 :         if (!status) {
     492            0 :             goto cleanup;
     493              :         }
     494              :     }
     495              : 
     496           36 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "response_data_secret (0x%zx) - ", hash_size));
     497           36 :     LIBSPDM_INTERNAL_DUMP_DATA(
     498              :         secured_message_context->application_secret.response_data_secret,
     499              :         hash_size);
     500           36 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
     501              : 
     502           36 :     bin_str8_size = sizeof(bin_str8);
     503           36 :     libspdm_bin_concat(secured_message_context->version,
     504              :                        SPDM_BIN_STR_8_LABEL, sizeof(SPDM_BIN_STR_8_LABEL) - 1,
     505           36 :                        th2_hash_data, (uint16_t)hash_size, hash_size,
     506              :                        bin_str8, &bin_str8_size);
     507              : 
     508           36 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str8 (0x%zx):\n", bin_str8_size));
     509           36 :     LIBSPDM_INTERNAL_DUMP_HEX(bin_str8, bin_str8_size);
     510              : 
     511              :     #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
     512           36 :     if (secured_message_context->use_psk) {
     513           13 :         status = libspdm_psk_master_secret_hkdf_expand(
     514           13 :             secured_message_context->version,
     515              :             secured_message_context->base_hash_algo,
     516           13 :             secured_message_context->psk_hint,
     517              :             secured_message_context->psk_hint_size, bin_str8,
     518              :             bin_str8_size,
     519           13 :             secured_message_context->export_master_secret,
     520              :             hash_size);
     521              : 
     522           13 :         if (!status) {
     523            0 :             goto cleanup;
     524              :         }
     525              :     }
     526              :     #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
     527           36 :     if (!(secured_message_context->use_psk)) {
     528           23 :         status = libspdm_hkdf_expand(
     529              :             secured_message_context->base_hash_algo,
     530           23 :             secured_message_context->master_secret.master_secret,
     531              :             hash_size, bin_str8, bin_str8_size,
     532           23 :             secured_message_context->export_master_secret,
     533              :             hash_size);
     534              : 
     535           23 :         if (!status) {
     536            0 :             goto cleanup;
     537              :         }
     538              :     }
     539              : 
     540           36 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "export_master_secret (0x%zx) - ", hash_size));
     541           36 :     LIBSPDM_INTERNAL_DUMP_DATA(
     542              :         secured_message_context->export_master_secret, hash_size);
     543           36 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
     544              : 
     545           36 :     status = libspdm_generate_aead_key_and_iv(
     546              :         secured_message_context,
     547           36 :         secured_message_context->application_secret.request_data_secret,
     548           36 :         secured_message_context->application_secret.request_data_encryption_key,
     549           36 :         secured_message_context->application_secret.request_data_salt);
     550           36 :     if (!status) {
     551            0 :         goto cleanup;
     552              :     }
     553           36 :     secured_message_context->application_secret.request_data_sequence_number = 0;
     554              : 
     555           36 :     status = libspdm_generate_aead_key_and_iv(
     556              :         secured_message_context,
     557           36 :         secured_message_context->application_secret.response_data_secret,
     558           36 :         secured_message_context->application_secret.response_data_encryption_key,
     559           36 :         secured_message_context->application_secret.response_data_salt);
     560           36 :     if (!status) {
     561            0 :         goto cleanup;
     562              :     }
     563           36 :     secured_message_context->application_secret.response_data_sequence_number = 0;
     564              : 
     565           36 : cleanup:
     566              :     /*zero salt1 for security*/
     567           36 :     libspdm_zero_mem(salt1, hash_size);
     568           36 :     return status;
     569              : }
     570              : 
     571              : /**
     572              :  * This function creates the updates of SPDM DataKey for a session.
     573              :  *
     574              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
     575              :  * @param  action                       Indicate of the key update action.
     576              :  *
     577              :  * @retval RETURN_SUCCESS  SPDM DataKey update is created.
     578              :  **/
     579          102 : bool libspdm_create_update_session_data_key(void *spdm_secured_message_context,
     580              :                                             libspdm_key_update_action_t action)
     581              : {
     582              :     bool status;
     583              :     size_t hash_size;
     584              :     uint8_t bin_str9[128];
     585              :     size_t bin_str9_size;
     586              :     libspdm_secured_message_context_t *secured_message_context;
     587              : 
     588          102 :     secured_message_context = spdm_secured_message_context;
     589              : 
     590          102 :     hash_size = secured_message_context->hash_size;
     591              : 
     592          102 :     bin_str9_size = sizeof(bin_str9);
     593          102 :     libspdm_bin_concat(secured_message_context->version,
     594              :                        SPDM_BIN_STR_9_LABEL, sizeof(SPDM_BIN_STR_9_LABEL) - 1,
     595          102 :                        NULL, (uint16_t)hash_size, hash_size, bin_str9,
     596              :                        &bin_str9_size);
     597              : 
     598          102 :     LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str9 (0x%zx):\n", bin_str9_size));
     599          102 :     LIBSPDM_INTERNAL_DUMP_HEX(bin_str9, bin_str9_size);
     600              : 
     601          102 :     if (action == LIBSPDM_KEY_UPDATE_ACTION_REQUESTER) {
     602           40 :         libspdm_copy_mem(&secured_message_context->application_secret_backup
     603              :                          .request_data_secret,
     604              :                          sizeof(secured_message_context->application_secret_backup
     605              :                                 .request_data_secret),
     606           40 :                          &secured_message_context->application_secret
     607              :                          .request_data_secret,
     608              :                          LIBSPDM_MAX_HASH_SIZE);
     609           40 :         libspdm_copy_mem(&secured_message_context->application_secret_backup
     610              :                          .request_data_encryption_key,
     611              :                          sizeof(secured_message_context->application_secret_backup
     612              :                                 .request_data_encryption_key),
     613           40 :                          &secured_message_context->application_secret
     614              :                          .request_data_encryption_key,
     615              :                          LIBSPDM_MAX_AEAD_KEY_SIZE);
     616           40 :         libspdm_copy_mem(&secured_message_context->application_secret_backup
     617              :                          .request_data_salt,
     618              :                          sizeof(secured_message_context->application_secret_backup
     619              :                                 .request_data_salt),
     620           40 :                          &secured_message_context->application_secret
     621              :                          .request_data_salt,
     622              :                          LIBSPDM_MAX_AEAD_IV_SIZE);
     623              :         secured_message_context->application_secret_backup
     624           40 :         .request_data_sequence_number =
     625           40 :             secured_message_context->application_secret.request_data_sequence_number;
     626              : 
     627           40 :         status = libspdm_hkdf_expand(
     628              :             secured_message_context->base_hash_algo,
     629           40 :             secured_message_context->application_secret.request_data_secret,
     630              :             hash_size, bin_str9, bin_str9_size,
     631           40 :             secured_message_context->application_secret.request_data_secret,
     632              :             hash_size);
     633           40 :         if (!status) {
     634            0 :             return false;
     635              :         }
     636           40 :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "RequestDataSecretUpdate (0x%zx) - ", hash_size));
     637           40 :         LIBSPDM_INTERNAL_DUMP_DATA(secured_message_context->application_secret.request_data_secret,
     638              :                                    hash_size);
     639           40 :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
     640              : 
     641           40 :         status = libspdm_generate_aead_key_and_iv(
     642              :             secured_message_context,
     643           40 :             secured_message_context->application_secret.request_data_secret,
     644           40 :             secured_message_context->application_secret.request_data_encryption_key,
     645           40 :             secured_message_context->application_secret.request_data_salt);
     646           40 :         if (!status) {
     647            0 :             return status;
     648              :         }
     649           40 :         secured_message_context->application_secret.request_data_sequence_number = 0;
     650              : 
     651           40 :         secured_message_context->requester_backup_valid = true;
     652           62 :     } else if (action == LIBSPDM_KEY_UPDATE_ACTION_RESPONDER) {
     653           62 :         libspdm_copy_mem(&secured_message_context->application_secret_backup
     654              :                          .response_data_secret,
     655              :                          sizeof(secured_message_context->application_secret_backup
     656              :                                 .response_data_secret),
     657           62 :                          &secured_message_context->application_secret
     658              :                          .response_data_secret,
     659              :                          LIBSPDM_MAX_HASH_SIZE);
     660           62 :         libspdm_copy_mem(&secured_message_context->application_secret_backup
     661              :                          .response_data_encryption_key,
     662              :                          sizeof(secured_message_context->application_secret_backup
     663              :                                 .response_data_encryption_key),
     664           62 :                          &secured_message_context->application_secret
     665              :                          .response_data_encryption_key,
     666              :                          LIBSPDM_MAX_AEAD_KEY_SIZE);
     667           62 :         libspdm_copy_mem(&secured_message_context->application_secret_backup
     668              :                          .response_data_salt,
     669              :                          sizeof(secured_message_context->application_secret_backup
     670              :                                 .response_data_salt),
     671           62 :                          &secured_message_context->application_secret
     672              :                          .response_data_salt,
     673              :                          LIBSPDM_MAX_AEAD_IV_SIZE);
     674              :         secured_message_context->application_secret_backup
     675           62 :         .response_data_sequence_number =
     676           62 :             secured_message_context->application_secret.response_data_sequence_number;
     677              : 
     678           62 :         status = libspdm_hkdf_expand(
     679              :             secured_message_context->base_hash_algo,
     680           62 :             secured_message_context->application_secret.response_data_secret,
     681              :             hash_size, bin_str9, bin_str9_size,
     682           62 :             secured_message_context->application_secret.response_data_secret,
     683              :             hash_size);
     684           62 :         if (!status) {
     685            0 :             return false;
     686              :         }
     687           62 :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "ResponseDataSecretUpdate (0x%zx) - ",
     688              :                        hash_size));
     689           62 :         LIBSPDM_INTERNAL_DUMP_DATA(secured_message_context->application_secret.response_data_secret,
     690              :                                    hash_size);
     691           62 :         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
     692              : 
     693           62 :         status = libspdm_generate_aead_key_and_iv(
     694              :             secured_message_context,
     695           62 :             secured_message_context->application_secret.response_data_secret,
     696           62 :             secured_message_context->application_secret.response_data_encryption_key,
     697           62 :             secured_message_context->application_secret.response_data_salt);
     698           62 :         if (!status) {
     699            0 :             return status;
     700              :         }
     701           62 :         secured_message_context->application_secret.response_data_sequence_number = 0;
     702              : 
     703           62 :         secured_message_context->responder_backup_valid = true;
     704              :     } else {
     705            0 :         return false;
     706              :     }
     707              : 
     708          102 :     return true;
     709              : }
     710              : 
     711          221 : void libspdm_clear_handshake_secret(void *spdm_secured_message_context)
     712              : {
     713              :     libspdm_secured_message_context_t *secured_message_context;
     714              : 
     715          221 :     secured_message_context = spdm_secured_message_context;
     716              : 
     717          221 :     libspdm_zero_mem(secured_message_context->master_secret.handshake_secret,
     718              :                      LIBSPDM_MAX_HASH_SIZE);
     719          221 :     libspdm_zero_mem(&(secured_message_context->handshake_secret),
     720              :                      sizeof(libspdm_session_info_struct_handshake_secret_t));
     721              : 
     722          221 :     secured_message_context->requester_backup_valid = false;
     723          221 :     secured_message_context->responder_backup_valid = false;
     724          221 : }
     725              : 
     726          221 : void libspdm_clear_master_secret(void *spdm_secured_message_context)
     727              : {
     728              :     libspdm_secured_message_context_t *secured_message_context;
     729              : 
     730          221 :     secured_message_context = spdm_secured_message_context;
     731              : 
     732          221 :     libspdm_zero_mem(secured_message_context->master_secret.master_secret, LIBSPDM_MAX_HASH_SIZE);
     733          221 : }
     734              : 
     735              : /**
     736              :  * This function activates the update of SPDM DataKey for a session.
     737              :  *
     738              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
     739              :  * @param  action                       Indicate of the key update action.
     740              :  * @param  use_new_key                    Indicate if the new key should be used.
     741              :  *
     742              :  * @retval RETURN_SUCCESS  SPDM DataKey update is activated.
     743              :  **/
     744           93 : bool libspdm_activate_update_session_data_key(void *spdm_secured_message_context,
     745              :                                               libspdm_key_update_action_t action,
     746              :                                               bool use_new_key)
     747              : {
     748              :     libspdm_secured_message_context_t *secured_message_context;
     749              : 
     750           93 :     secured_message_context = spdm_secured_message_context;
     751              : 
     752           93 :     if (!use_new_key) {
     753           52 :         if ((action == LIBSPDM_KEY_UPDATE_ACTION_REQUESTER) &&
     754            0 :             secured_message_context->requester_backup_valid) {
     755            0 :             libspdm_copy_mem(&secured_message_context->application_secret
     756              :                              .request_data_secret,
     757              :                              sizeof(secured_message_context->application_secret
     758              :                                     .request_data_secret),
     759            0 :                              &secured_message_context
     760              :                              ->application_secret_backup
     761              :                              .request_data_secret,
     762              :                              LIBSPDM_MAX_HASH_SIZE);
     763            0 :             libspdm_copy_mem(&secured_message_context->application_secret
     764              :                              .request_data_encryption_key,
     765              :                              sizeof(secured_message_context->application_secret
     766              :                                     .request_data_encryption_key),
     767            0 :                              &secured_message_context
     768              :                              ->application_secret_backup
     769              :                              .request_data_encryption_key,
     770              :                              LIBSPDM_MAX_AEAD_KEY_SIZE);
     771            0 :             libspdm_copy_mem(&secured_message_context->application_secret
     772              :                              .request_data_salt,
     773              :                              sizeof(secured_message_context->application_secret
     774              :                                     .request_data_salt),
     775            0 :                              &secured_message_context
     776              :                              ->application_secret_backup
     777              :                              .request_data_salt,
     778              :                              LIBSPDM_MAX_AEAD_IV_SIZE);
     779              :             secured_message_context->application_secret
     780            0 :             .request_data_sequence_number =
     781            0 :                 secured_message_context->application_secret_backup.request_data_sequence_number;
     782           52 :         } else if ((action == LIBSPDM_KEY_UPDATE_ACTION_RESPONDER) &&
     783           52 :                    secured_message_context->responder_backup_valid) {
     784           52 :             libspdm_copy_mem(&secured_message_context->application_secret
     785              :                              .response_data_secret,
     786              :                              sizeof(secured_message_context->application_secret
     787              :                                     .response_data_secret),
     788           52 :                              &secured_message_context
     789              :                              ->application_secret_backup
     790              :                              .response_data_secret,
     791              :                              LIBSPDM_MAX_HASH_SIZE);
     792           52 :             libspdm_copy_mem(&secured_message_context->application_secret
     793              :                              .response_data_encryption_key,
     794              :                              sizeof(secured_message_context->application_secret
     795              :                                     .response_data_encryption_key),
     796           52 :                              &secured_message_context
     797              :                              ->application_secret_backup
     798              :                              .response_data_encryption_key,
     799              :                              LIBSPDM_MAX_AEAD_KEY_SIZE);
     800           52 :             libspdm_copy_mem(&secured_message_context->application_secret
     801              :                              .response_data_salt,
     802              :                              sizeof(secured_message_context->application_secret
     803              :                                     .response_data_salt),
     804           52 :                              &secured_message_context
     805              :                              ->application_secret_backup
     806              :                              .response_data_salt,
     807              :                              LIBSPDM_MAX_AEAD_IV_SIZE);
     808           52 :             secured_message_context->application_secret.response_data_sequence_number =
     809           52 :                 secured_message_context->application_secret_backup.response_data_sequence_number;
     810              :         }
     811              :     }
     812              : 
     813           93 :     if (action == LIBSPDM_KEY_UPDATE_ACTION_REQUESTER) {
     814           35 :         libspdm_zero_mem(&secured_message_context->application_secret_backup.request_data_secret,
     815              :                          LIBSPDM_MAX_HASH_SIZE);
     816           35 :         libspdm_zero_mem(&secured_message_context->application_secret_backup
     817              :                          .request_data_encryption_key,
     818              :                          LIBSPDM_MAX_AEAD_KEY_SIZE);
     819           35 :         libspdm_zero_mem(&secured_message_context->application_secret_backup.request_data_salt,
     820              :                          LIBSPDM_MAX_AEAD_IV_SIZE);
     821           35 :         secured_message_context->application_secret_backup.request_data_sequence_number = 0;
     822           35 :         secured_message_context->requester_backup_valid = false;
     823           58 :     } else if (action == LIBSPDM_KEY_UPDATE_ACTION_RESPONDER) {
     824           58 :         libspdm_zero_mem(&secured_message_context->application_secret_backup.response_data_secret,
     825              :                          LIBSPDM_MAX_HASH_SIZE);
     826           58 :         libspdm_zero_mem(&secured_message_context->application_secret_backup
     827              :                          .response_data_encryption_key,
     828              :                          LIBSPDM_MAX_AEAD_KEY_SIZE);
     829           58 :         libspdm_zero_mem(&secured_message_context->application_secret_backup.response_data_salt,
     830              :                          LIBSPDM_MAX_AEAD_IV_SIZE);
     831           58 :         secured_message_context->application_secret_backup.response_data_sequence_number = 0;
     832           58 :         secured_message_context->responder_backup_valid = false;
     833              :     }
     834              : 
     835           93 :     return true;
     836              : }
     837              : 
     838              : /**
     839              :  * Allocates and initializes one HMAC context for subsequent use, with request_finished_key.
     840              :  *
     841              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
     842              :  *
     843              :  * @return Pointer to the HMAC context that has been initialized.
     844              :  **/
     845            0 : void *libspdm_hmac_new_with_request_finished_key(void *spdm_secured_message_context)
     846              : {
     847              :     libspdm_secured_message_context_t *secured_message_context;
     848              : 
     849            0 :     secured_message_context = spdm_secured_message_context;
     850            0 :     return libspdm_hmac_new(secured_message_context->base_hash_algo);
     851              : }
     852              : 
     853              : /**
     854              :  * Release the specified HMAC context, with request_finished_key.
     855              :  *
     856              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
     857              :  * @param  hmac_ctx                   Pointer to the HMAC context to be released.
     858              :  **/
     859            0 : void libspdm_hmac_free_with_request_finished_key(
     860              :     void *spdm_secured_message_context, void *hmac_ctx)
     861              : {
     862              :     libspdm_secured_message_context_t *secured_message_context;
     863              : 
     864            0 :     secured_message_context = spdm_secured_message_context;
     865            0 :     libspdm_hmac_free(secured_message_context->base_hash_algo, hmac_ctx);
     866            0 : }
     867              : 
     868              : /**
     869              :  * Set request_finished_key for subsequent use. It must be done before any
     870              :  * calling to hmac_update().
     871              :  *
     872              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
     873              :  * @param  hmac_ctx  Pointer to HMAC context.
     874              :  *
     875              :  * @retval true   The key is set successfully.
     876              :  * @retval false  The key is set unsuccessfully.
     877              :  **/
     878            0 : bool libspdm_hmac_init_with_request_finished_key(
     879              :     void *spdm_secured_message_context, void *hmac_ctx)
     880              : {
     881              :     libspdm_secured_message_context_t *secured_message_context;
     882              : 
     883            0 :     secured_message_context = spdm_secured_message_context;
     884            0 :     return libspdm_hmac_init(
     885              :         secured_message_context->base_hash_algo, hmac_ctx,
     886            0 :         secured_message_context->handshake_secret.request_finished_key,
     887              :         secured_message_context->hash_size);
     888              : }
     889              : 
     890              : /**
     891              :  * Makes a copy of an existing HMAC context, with request_finished_key.
     892              :  *
     893              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
     894              :  * @param  hmac_ctx     Pointer to HMAC context being copied.
     895              :  * @param  new_hmac_ctx  Pointer to new HMAC context.
     896              :  *
     897              :  * @retval true   HMAC context copy succeeded.
     898              :  * @retval false  HMAC context copy failed.
     899              :  **/
     900            0 : bool libspdm_hmac_duplicate_with_request_finished_key(
     901              :     void *spdm_secured_message_context,
     902              :     const void *hmac_ctx, void *new_hmac_ctx)
     903              : {
     904              :     libspdm_secured_message_context_t *secured_message_context;
     905              : 
     906            0 :     secured_message_context = spdm_secured_message_context;
     907            0 :     return libspdm_hmac_duplicate(secured_message_context->base_hash_algo, hmac_ctx, new_hmac_ctx);
     908              : }
     909              : 
     910              : /**
     911              :  * Digests the input data and updates HMAC context, with request_finished_key.
     912              :  *
     913              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
     914              :  * @param  hmac_ctx     Pointer to HMAC context being copied.
     915              :  * @param  data              Pointer to the buffer containing the data to be digested.
     916              :  * @param  data_size          size of data buffer in bytes.
     917              :  *
     918              :  * @retval true   HMAC data digest succeeded.
     919              :  * @retval false  HMAC data digest failed.
     920              :  **/
     921            0 : bool libspdm_hmac_update_with_request_finished_key(
     922              :     void *spdm_secured_message_context,
     923              :     void *hmac_ctx, const void *data,
     924              :     size_t data_size)
     925              : {
     926              :     libspdm_secured_message_context_t *secured_message_context;
     927              : 
     928            0 :     secured_message_context = spdm_secured_message_context;
     929            0 :     return libspdm_hmac_update(secured_message_context->base_hash_algo, hmac_ctx, data, data_size);
     930              : }
     931              : 
     932              : /**
     933              :  * Completes computation of the HMAC digest value, with request_finished_key.
     934              :  *
     935              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
     936              :  * @param  hmac_ctx     Pointer to HMAC context being copied.
     937              :  * @param  hmac_value          Pointer to a buffer that receives the HMAC digest value
     938              :  *
     939              :  * @retval true   HMAC data digest succeeded.
     940              :  * @retval false  HMAC data digest failed.
     941              :  **/
     942            0 : bool libspdm_hmac_final_with_request_finished_key(
     943              :     void *spdm_secured_message_context,
     944              :     void *hmac_ctx,  uint8_t *hmac_value)
     945              : {
     946              :     libspdm_secured_message_context_t *secured_message_context;
     947              : 
     948            0 :     secured_message_context = spdm_secured_message_context;
     949            0 :     return libspdm_hmac_final(secured_message_context->base_hash_algo, hmac_ctx, hmac_value);
     950              : }
     951              : 
     952              : /**
     953              :  * Computes the HMAC of a input data buffer, with request_finished_key.
     954              :  *
     955              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
     956              :  * @param  data                         Pointer to the buffer containing the data to be HMACed.
     957              :  * @param  data_size                     size of data buffer in bytes.
     958              :  * @param  hash_value                    Pointer to a buffer that receives the HMAC value.
     959              :  *
     960              :  * @retval true   HMAC computation succeeded.
     961              :  * @retval false  HMAC computation failed.
     962              :  **/
     963           93 : bool libspdm_hmac_all_with_request_finished_key(void *spdm_secured_message_context,
     964              :                                                 const void *data, size_t data_size,
     965              :                                                 uint8_t *hmac_value)
     966              : {
     967              :     libspdm_secured_message_context_t *secured_message_context;
     968              : 
     969           93 :     secured_message_context = spdm_secured_message_context;
     970          186 :     return libspdm_hmac_all(
     971              :         secured_message_context->base_hash_algo, data, data_size,
     972           93 :         secured_message_context->handshake_secret.request_finished_key,
     973              :         secured_message_context->hash_size, hmac_value);
     974              : }
     975              : 
     976              : /**
     977              :  * Allocates and initializes one HMAC context for subsequent use, with response_finished_key.
     978              :  *
     979              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
     980              :  *
     981              :  * @return Pointer to the HMAC context that has been initialized.
     982              :  **/
     983            0 : void *libspdm_hmac_new_with_response_finished_key(void *spdm_secured_message_context)
     984              : {
     985              :     libspdm_secured_message_context_t *secured_message_context;
     986              : 
     987            0 :     secured_message_context = spdm_secured_message_context;
     988            0 :     return libspdm_hmac_new(secured_message_context->base_hash_algo);
     989              : }
     990              : 
     991              : /**
     992              :  * Release the specified HMAC context, with response_finished_key.
     993              :  *
     994              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
     995              :  * @param  hmac_ctx                   Pointer to the HMAC context to be released.
     996              :  **/
     997            0 : void libspdm_hmac_free_with_response_finished_key(
     998              :     void *spdm_secured_message_context, void *hmac_ctx)
     999              : {
    1000              :     libspdm_secured_message_context_t *secured_message_context;
    1001              : 
    1002            0 :     secured_message_context = spdm_secured_message_context;
    1003            0 :     libspdm_hmac_free(secured_message_context->base_hash_algo, hmac_ctx);
    1004            0 : }
    1005              : 
    1006              : /**
    1007              :  * Set response_finished_key for subsequent use. It must be done before any
    1008              :  * calling to hmac_update().
    1009              :  *
    1010              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
    1011              :  * @param  hmac_ctx  Pointer to HMAC context.
    1012              :  *
    1013              :  * @retval true   The key is set successfully.
    1014              :  * @retval false  The key is set unsuccessfully.
    1015              :  **/
    1016            0 : bool libspdm_hmac_init_with_response_finished_key(
    1017              :     void *spdm_secured_message_context, void *hmac_ctx)
    1018              : {
    1019              :     libspdm_secured_message_context_t *secured_message_context;
    1020              : 
    1021            0 :     secured_message_context = spdm_secured_message_context;
    1022            0 :     return libspdm_hmac_init(
    1023              :         secured_message_context->base_hash_algo, hmac_ctx,
    1024            0 :         secured_message_context->handshake_secret.response_finished_key,
    1025              :         secured_message_context->hash_size);
    1026              : }
    1027              : 
    1028              : /**
    1029              :  * Makes a copy of an existing HMAC context, with response_finished_key.
    1030              :  *
    1031              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
    1032              :  * @param  hmac_ctx     Pointer to HMAC context being copied.
    1033              :  * @param  new_hmac_ctx  Pointer to new HMAC context.
    1034              :  *
    1035              :  * @retval true   HMAC context copy succeeded.
    1036              :  * @retval false  HMAC context copy failed.
    1037              :  **/
    1038            0 : bool libspdm_hmac_duplicate_with_response_finished_key(
    1039              :     void *spdm_secured_message_context,
    1040              :     const void *hmac_ctx, void *new_hmac_ctx)
    1041              : {
    1042              :     libspdm_secured_message_context_t *secured_message_context;
    1043              : 
    1044            0 :     secured_message_context = spdm_secured_message_context;
    1045            0 :     return libspdm_hmac_duplicate(secured_message_context->base_hash_algo, hmac_ctx, new_hmac_ctx);
    1046              : }
    1047              : 
    1048              : /**
    1049              :  * Digests the input data and updates HMAC context, with response_finished_key.
    1050              :  *
    1051              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
    1052              :  * @param  hmac_ctx     Pointer to HMAC context being copied.
    1053              :  * @param  data              Pointer to the buffer containing the data to be digested.
    1054              :  * @param  data_size          size of data buffer in bytes.
    1055              :  *
    1056              :  * @retval true   HMAC data digest succeeded.
    1057              :  * @retval false  HMAC data digest failed.
    1058              :  **/
    1059            0 : bool libspdm_hmac_update_with_response_finished_key(
    1060              :     void *spdm_secured_message_context,
    1061              :     void *hmac_ctx, const void *data,
    1062              :     size_t data_size)
    1063              : {
    1064              :     libspdm_secured_message_context_t *secured_message_context;
    1065              : 
    1066            0 :     secured_message_context = spdm_secured_message_context;
    1067            0 :     return libspdm_hmac_update(secured_message_context->base_hash_algo, hmac_ctx, data, data_size);
    1068              : }
    1069              : 
    1070              : /**
    1071              :  * Completes computation of the HMAC digest value, with response_finished_key.
    1072              :  *
    1073              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
    1074              :  * @param  hmac_ctx     Pointer to HMAC context being copied.
    1075              :  * @param  hmac_value          Pointer to a buffer that receives the HMAC digest value
    1076              :  *
    1077              :  * @retval true   HMAC data digest succeeded.
    1078              :  * @retval false  HMAC data digest failed.
    1079              :  **/
    1080            0 : bool libspdm_hmac_final_with_response_finished_key(
    1081              :     void *spdm_secured_message_context,
    1082              :     void *hmac_ctx,  uint8_t *hmac_value)
    1083              : {
    1084              :     libspdm_secured_message_context_t *secured_message_context;
    1085              : 
    1086            0 :     secured_message_context = spdm_secured_message_context;
    1087            0 :     return libspdm_hmac_final(secured_message_context->base_hash_algo, hmac_ctx, hmac_value);
    1088              : }
    1089              : 
    1090              : /**
    1091              :  * Computes the HMAC of a input data buffer, with response_finished_key.
    1092              :  *
    1093              :  * @param  spdm_secured_message_context    A pointer to the SPDM secured message context.
    1094              :  * @param  data                         Pointer to the buffer containing the data to be HMACed.
    1095              :  * @param  data_size                     size of data buffer in bytes.
    1096              :  * @param  hash_value                    Pointer to a buffer that receives the HMAC value.
    1097              :  *
    1098              :  * @retval true   HMAC computation succeeded.
    1099              :  * @retval false  HMAC computation failed.
    1100              :  **/
    1101           74 : bool libspdm_hmac_all_with_response_finished_key(
    1102              :     void *spdm_secured_message_context, const void *data,
    1103              :     size_t data_size, uint8_t *hmac_value)
    1104              : {
    1105              :     libspdm_secured_message_context_t *secured_message_context;
    1106              : 
    1107           74 :     secured_message_context = spdm_secured_message_context;
    1108          148 :     return libspdm_hmac_all(
    1109              :         secured_message_context->base_hash_algo, data, data_size,
    1110           74 :         secured_message_context->handshake_secret.response_finished_key,
    1111              :         secured_message_context->hash_size, hmac_value);
    1112              : }
        

Generated by: LCOV version 2.0-1