Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include <stdarg.h>
8 : #include <stddef.h>
9 : #include <setjmp.h>
10 : #include <stdint.h>
11 : #include <stdlib.h>
12 : #include <stdio.h>
13 : #include <assert.h>
14 : #include <string.h>
15 :
16 : #include <base.h>
17 : #include "library/memlib.h"
18 : #include "internal/libspdm_device_secret_lib.h"
19 : #include "internal/libspdm_common_lib.h"
20 :
21 2 : bool libspdm_read_responder_root_public_certificate(uint32_t base_hash_algo,
22 : uint32_t base_asym_algo,
23 : void **data, size_t *size,
24 : void **hash,
25 : size_t *hash_size)
26 : {
27 : bool res;
28 : void *file_data;
29 : size_t file_size;
30 : spdm_cert_chain_t *cert_chain;
31 : size_t cert_chain_size;
32 : char *file;
33 : size_t digest_size;
34 :
35 2 : *data = NULL;
36 2 : *size = 0;
37 2 : if (hash != NULL) {
38 0 : *hash = NULL;
39 : }
40 2 : if (hash_size != NULL) {
41 0 : *hash_size = 0;
42 : }
43 :
44 2 : if (base_asym_algo == 0) {
45 0 : return false;
46 : }
47 :
48 2 : switch (base_asym_algo) {
49 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
50 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
51 0 : file = "rsa2048/ca.cert.der";
52 0 : break;
53 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
54 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
55 0 : file = "rsa3072/ca.cert.der";
56 0 : break;
57 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
58 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
59 0 : file = "rsa4096/ca.cert.der";
60 0 : break;
61 2 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
62 2 : file = "ecp256/ca.cert.der";
63 2 : break;
64 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
65 0 : file = "ecp384/ca.cert.der";
66 0 : break;
67 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
68 0 : file = "ecp521/ca.cert.der";
69 0 : break;
70 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
71 0 : file = "sm2/ca.cert.der";
72 0 : break;
73 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
74 0 : file = "ed25519/ca.cert.der";
75 0 : break;
76 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
77 0 : file = "ed448/ca.cert.der";
78 0 : break;
79 0 : default:
80 0 : LIBSPDM_ASSERT(false);
81 0 : return false;
82 : }
83 2 : res = libspdm_read_input_file(file, &file_data, &file_size);
84 2 : if (!res) {
85 0 : return res;
86 : }
87 :
88 2 : digest_size = libspdm_get_hash_size(base_hash_algo);
89 :
90 2 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
91 2 : cert_chain = (void *)malloc(cert_chain_size);
92 2 : if (cert_chain == NULL) {
93 0 : free(file_data);
94 0 : return false;
95 : }
96 2 : cert_chain->length = (uint32_t)cert_chain_size;
97 :
98 2 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
99 2 : (uint8_t *)(cert_chain + 1));
100 2 : if (!res) {
101 0 : free(file_data);
102 0 : free(cert_chain);
103 0 : return res;
104 : }
105 2 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
106 2 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
107 : file_data, file_size);
108 :
109 2 : *data = cert_chain;
110 2 : *size = cert_chain_size;
111 2 : if (hash != NULL) {
112 0 : *hash = (cert_chain + 1);
113 : }
114 2 : if (hash_size != NULL) {
115 0 : *hash_size = digest_size;
116 : }
117 :
118 2 : free(file_data);
119 2 : return true;
120 : }
121 :
122 0 : bool libspdm_read_responder_root_public_certificate_slot(uint8_t slot_id,
123 : uint32_t base_hash_algo,
124 : uint32_t base_asym_algo,
125 : void **data, size_t *size,
126 : void **hash,
127 : size_t *hash_size)
128 : {
129 : bool res;
130 : void *file_data;
131 : size_t file_size;
132 : spdm_cert_chain_t *cert_chain;
133 : size_t cert_chain_size;
134 : char *file;
135 : size_t digest_size;
136 :
137 0 : *data = NULL;
138 0 : *size = 0;
139 0 : if (hash != NULL) {
140 0 : *hash = NULL;
141 : }
142 0 : if (hash_size != NULL) {
143 0 : *hash_size = 0;
144 : }
145 :
146 0 : if (base_asym_algo == 0) {
147 0 : return false;
148 : }
149 :
150 0 : if (slot_id == 0) {
151 0 : switch (base_asym_algo) {
152 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
153 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
154 0 : file = "rsa2048/ca.cert.der";
155 0 : break;
156 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
157 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
158 0 : file = "rsa3072/ca.cert.der";
159 0 : break;
160 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
161 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
162 0 : file = "rsa4096/ca.cert.der";
163 0 : break;
164 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
165 0 : file = "ecp256/ca.cert.der";
166 0 : break;
167 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
168 0 : file = "ecp384/ca.cert.der";
169 0 : break;
170 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
171 0 : file = "ecp521/ca.cert.der";
172 0 : break;
173 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
174 0 : file = "sm2/ca.cert.der";
175 0 : break;
176 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
177 0 : file = "ed25519/ca.cert.der";
178 0 : break;
179 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
180 0 : file = "ed448/ca.cert.der";
181 0 : break;
182 0 : default:
183 0 : LIBSPDM_ASSERT(false);
184 0 : return false;
185 : }
186 : } else {
187 0 : switch (base_asym_algo) {
188 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
189 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
190 0 : file = "rsa2048/ca1.cert.der";
191 0 : break;
192 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
193 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
194 0 : file = "rsa3072/ca1.cert.der";
195 0 : break;
196 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
197 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
198 0 : file = "rsa4096/ca1.cert.der";
199 0 : break;
200 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
201 0 : file = "ecp256/ca1.cert.der";
202 0 : break;
203 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
204 0 : file = "ecp384/ca1.cert.der";
205 0 : break;
206 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
207 0 : file = "ecp521/ca1.cert.der";
208 0 : break;
209 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
210 0 : file = "sm2/ca1.cert.der";
211 0 : break;
212 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
213 0 : file = "ed25519/ca1.cert.der";
214 0 : break;
215 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
216 0 : file = "ed448/ca1.cert.der";
217 0 : break;
218 0 : default:
219 0 : LIBSPDM_ASSERT(false);
220 0 : return false;
221 : }
222 : }
223 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
224 0 : if (!res) {
225 0 : return res;
226 : }
227 :
228 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
229 :
230 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
231 0 : cert_chain = (void *)malloc(cert_chain_size);
232 0 : if (cert_chain == NULL) {
233 0 : free(file_data);
234 0 : return false;
235 : }
236 0 : cert_chain->length = (uint32_t)cert_chain_size;
237 :
238 0 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
239 0 : (uint8_t *)(cert_chain + 1));
240 0 : if (!res) {
241 0 : free(file_data);
242 0 : free(cert_chain);
243 0 : return res;
244 : }
245 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
246 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
247 : file_data, file_size);
248 :
249 0 : *data = cert_chain;
250 0 : *size = cert_chain_size;
251 0 : if (hash != NULL) {
252 0 : *hash = (cert_chain + 1);
253 : }
254 0 : if (hash_size != NULL) {
255 0 : *hash_size = digest_size;
256 : }
257 :
258 0 : free(file_data);
259 0 : return true;
260 : }
261 :
262 0 : bool libspdm_read_requester_root_public_certificate(uint32_t base_hash_algo,
263 : uint16_t req_base_asym_alg,
264 : void **data, size_t *size,
265 : void **hash,
266 : size_t *hash_size)
267 : {
268 : bool res;
269 : void *file_data;
270 : size_t file_size;
271 : spdm_cert_chain_t *cert_chain;
272 : size_t cert_chain_size;
273 : char *file;
274 : size_t digest_size;
275 :
276 0 : *data = NULL;
277 0 : *size = 0;
278 0 : if (hash != NULL) {
279 0 : *hash = NULL;
280 : }
281 0 : if (hash_size != NULL) {
282 0 : *hash_size = 0;
283 : }
284 :
285 0 : if (req_base_asym_alg == 0) {
286 0 : return false;
287 : }
288 :
289 0 : switch (req_base_asym_alg) {
290 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
291 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
292 0 : file = "rsa2048/ca.cert.der";
293 0 : break;
294 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
295 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
296 0 : file = "rsa3072/ca.cert.der";
297 0 : break;
298 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
299 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
300 0 : file = "rsa4096/ca.cert.der";
301 0 : break;
302 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
303 0 : file = "ecp256/ca.cert.der";
304 0 : break;
305 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
306 0 : file = "ecp384/ca.cert.der";
307 0 : break;
308 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
309 0 : file = "ecp521/ca.cert.der";
310 0 : break;
311 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
312 0 : file = "sm2/ca.cert.der";
313 0 : break;
314 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
315 0 : file = "ed25519/ca.cert.der";
316 0 : break;
317 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
318 0 : file = "ed448/ca.cert.der";
319 0 : break;
320 0 : default:
321 0 : LIBSPDM_ASSERT(false);
322 0 : return false;
323 : }
324 :
325 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
326 :
327 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
328 0 : if (!res) {
329 0 : return res;
330 : }
331 :
332 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
333 0 : cert_chain = (void *)malloc(cert_chain_size);
334 0 : if (cert_chain == NULL) {
335 0 : free(file_data);
336 0 : return false;
337 : }
338 0 : cert_chain->length = (uint32_t)cert_chain_size;
339 0 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
340 0 : (uint8_t *)(cert_chain + 1));
341 0 : if (!res) {
342 0 : free(file_data);
343 0 : free(cert_chain);
344 0 : return res;
345 : }
346 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
347 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
348 : file_data, file_size);
349 :
350 0 : *data = cert_chain;
351 0 : *size = cert_chain_size;
352 0 : if (hash != NULL) {
353 0 : *hash = (cert_chain + 1);
354 : }
355 0 : if (hash_size != NULL) {
356 0 : *hash_size = digest_size;
357 : }
358 :
359 0 : free(file_data);
360 0 : return true;
361 : }
362 :
363 660 : bool libspdm_read_responder_public_certificate_chain(
364 : uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
365 : size_t *size, void **hash, size_t *hash_size)
366 : {
367 : bool res;
368 : void *file_data;
369 : size_t file_size;
370 : spdm_cert_chain_t *cert_chain;
371 : size_t cert_chain_size;
372 : char *file;
373 : const uint8_t *root_cert;
374 : size_t root_cert_len;
375 : size_t digest_size;
376 : bool is_requester_cert;
377 : uint8_t cert_model;
378 :
379 660 : is_requester_cert = false;
380 :
381 : /*default is device cert*/
382 660 : cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT;
383 :
384 660 : *data = NULL;
385 660 : *size = 0;
386 660 : if (hash != NULL) {
387 350 : *hash = NULL;
388 : }
389 660 : if (hash_size != NULL) {
390 350 : *hash_size = 0;
391 : }
392 :
393 660 : if (base_asym_algo == 0) {
394 0 : return false;
395 : }
396 :
397 660 : switch (base_asym_algo) {
398 5 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
399 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
400 5 : file = "rsa2048/bundle_responder.certchain.der";
401 5 : break;
402 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
403 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
404 0 : file = "rsa3072/bundle_responder.certchain.der";
405 0 : break;
406 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
407 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
408 0 : file = "rsa4096/bundle_responder.certchain.der";
409 0 : break;
410 655 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
411 655 : file = "ecp256/bundle_responder.certchain.der";
412 655 : break;
413 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
414 0 : file = "ecp384/bundle_responder.certchain.der";
415 0 : break;
416 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
417 0 : file = "ecp521/bundle_responder.certchain.der";
418 0 : break;
419 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
420 0 : file = "sm2/bundle_responder.certchain.der";
421 0 : break;
422 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
423 0 : file = "ed25519/bundle_responder.certchain.der";
424 0 : break;
425 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
426 0 : file = "ed448/bundle_responder.certchain.der";
427 0 : break;
428 0 : default:
429 0 : LIBSPDM_ASSERT(false);
430 0 : return false;
431 : }
432 660 : res = libspdm_read_input_file(file, &file_data, &file_size);
433 660 : if (!res) {
434 0 : return res;
435 : }
436 :
437 660 : digest_size = libspdm_get_hash_size(base_hash_algo);
438 :
439 660 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
440 660 : cert_chain = (void *)malloc(cert_chain_size);
441 660 : if (cert_chain == NULL) {
442 0 : free(file_data);
443 0 : return false;
444 : }
445 660 : cert_chain->length = (uint32_t)cert_chain_size;
446 :
447 660 : res = libspdm_verify_cert_chain_data(
448 : SPDM_MESSAGE_VERSION_12,
449 : file_data, file_size,
450 : base_asym_algo, 0, base_hash_algo,
451 : is_requester_cert, cert_model);
452 660 : if (!res) {
453 0 : free(file_data);
454 0 : free(cert_chain);
455 0 : return res;
456 : }
457 :
458 :
459 : /* Get Root Certificate and calculate hash value*/
460 :
461 660 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
462 : &root_cert_len);
463 660 : if (!res) {
464 0 : free(file_data);
465 0 : free(cert_chain);
466 0 : return res;
467 : }
468 :
469 660 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
470 660 : (uint8_t *)(cert_chain + 1));
471 660 : if (!res) {
472 0 : free(file_data);
473 0 : free(cert_chain);
474 0 : return res;
475 : }
476 660 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
477 660 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
478 : file_data, file_size);
479 :
480 660 : *data = cert_chain;
481 660 : *size = cert_chain_size;
482 660 : if (hash != NULL) {
483 350 : *hash = (cert_chain + 1);
484 : }
485 660 : if (hash_size != NULL) {
486 350 : *hash_size = digest_size;
487 : }
488 :
489 660 : free(file_data);
490 660 : return true;
491 : }
492 :
493 : /*This alias cert chain is partial, from root CA to device certificate CA.*/
494 2 : bool libspdm_read_responder_public_certificate_chain_alias_cert_till_dev_cert_ca(
495 : uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
496 : size_t *size, void **hash, size_t *hash_size)
497 : {
498 : bool res;
499 : void *file_data;
500 : size_t file_size;
501 : spdm_cert_chain_t *cert_chain;
502 : size_t cert_chain_size;
503 : char *file;
504 : const uint8_t *root_cert;
505 : size_t root_cert_len;
506 : const uint8_t *leaf_cert;
507 : size_t leaf_cert_len;
508 : size_t digest_size;
509 : bool is_requester_cert;
510 : uint8_t cert_model;
511 :
512 2 : is_requester_cert = false;
513 :
514 : /*default is alias cert*/
515 2 : cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT;
516 :
517 2 : *data = NULL;
518 2 : *size = 0;
519 2 : if (hash != NULL) {
520 0 : *hash = NULL;
521 : }
522 2 : if (hash_size != NULL) {
523 0 : *hash_size = 0;
524 : }
525 :
526 2 : if (base_asym_algo == 0) {
527 0 : return false;
528 : }
529 :
530 2 : switch (base_asym_algo) {
531 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
532 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
533 0 : file = "rsa2048/bundle_responder.certchain_alias_cert_partial_set.der";
534 0 : break;
535 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
536 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
537 0 : file = "rsa3072/bundle_responder.certchain_alias_cert_partial_set.der";
538 0 : break;
539 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
540 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
541 0 : file = "rsa4096/bundle_responder.certchain_alias_cert_partial_set.der";
542 0 : break;
543 2 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
544 2 : file = "ecp256/bundle_responder.certchain_alias_cert_partial_set.der";
545 2 : break;
546 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
547 0 : file = "ecp384/bundle_responder.certchain_alias_cert_partial_set.der";
548 0 : break;
549 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
550 0 : file = "ecp521/bundle_responder.certchain_alias_cert_partial_set.der";
551 0 : break;
552 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
553 0 : file = "sm2/bundle_responder.certchain_alias_cert_partial_set.der";
554 0 : break;
555 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
556 0 : file = "ed25519/bundle_responder.certchain_alias_cert_partial_set.der";
557 0 : break;
558 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
559 0 : file = "ed448/bundle_responder.certchain_alias_cert_partial_set.der";
560 0 : break;
561 0 : default:
562 0 : LIBSPDM_ASSERT(false);
563 0 : return false;
564 : }
565 2 : res = libspdm_read_input_file(file, &file_data, &file_size);
566 2 : if (!res) {
567 0 : return res;
568 : }
569 :
570 2 : digest_size = libspdm_get_hash_size(base_hash_algo);
571 :
572 2 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
573 2 : cert_chain = (void *)malloc(cert_chain_size);
574 2 : if (cert_chain == NULL) {
575 0 : free(file_data);
576 0 : return false;
577 : }
578 2 : cert_chain->length = (uint32_t)cert_chain_size;
579 :
580 : /* Get leaf Certificate*/
581 2 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, -1, &leaf_cert,
582 : &leaf_cert_len);
583 2 : if (!res) {
584 0 : free(file_data);
585 0 : free(cert_chain);
586 0 : return res;
587 : }
588 2 : res = libspdm_x509_set_cert_certificate_check(
589 : SPDM_MESSAGE_VERSION_12,
590 : leaf_cert, leaf_cert_len,
591 : base_asym_algo, 0, base_hash_algo,
592 : is_requester_cert, cert_model);
593 2 : if (!res) {
594 0 : free(file_data);
595 0 : free(cert_chain);
596 0 : return res;
597 : }
598 :
599 : /* Get Root Certificate*/
600 2 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
601 : &root_cert_len);
602 2 : if (!res) {
603 0 : free(file_data);
604 0 : free(cert_chain);
605 0 : return res;
606 : }
607 :
608 : /*verify cert_chain*/
609 2 : res = libspdm_x509_verify_cert_chain(root_cert, root_cert_len, file_data, file_size);
610 2 : if (!res) {
611 0 : free(file_data);
612 0 : free(cert_chain);
613 0 : return res;
614 : }
615 :
616 : /*calculate hash value*/
617 2 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
618 2 : (uint8_t *)(cert_chain + 1));
619 2 : if (!res) {
620 0 : free(file_data);
621 0 : free(cert_chain);
622 0 : return res;
623 : }
624 2 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
625 2 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
626 : file_data, file_size);
627 :
628 2 : *data = cert_chain;
629 2 : *size = cert_chain_size;
630 2 : if (hash != NULL) {
631 0 : *hash = (cert_chain + 1);
632 : }
633 2 : if (hash_size != NULL) {
634 0 : *hash_size = digest_size;
635 : }
636 :
637 2 : free(file_data);
638 2 : return true;
639 : }
640 :
641 : /*This alias cert chain is entire, from root CA to leaf certificate.*/
642 3 : bool libspdm_read_responder_public_certificate_chain_alias_cert(
643 : uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
644 : size_t *size, void **hash, size_t *hash_size)
645 : {
646 : bool res;
647 : void *file_data;
648 : size_t file_size;
649 : spdm_cert_chain_t *cert_chain;
650 : size_t cert_chain_size;
651 : char *file;
652 : const uint8_t *root_cert;
653 : size_t root_cert_len;
654 : const uint8_t *leaf_cert;
655 : size_t leaf_cert_len;
656 : size_t digest_size;
657 : bool is_requester_cert;
658 : uint8_t cert_model;
659 :
660 3 : is_requester_cert = false;
661 :
662 : /*default is alias cert*/
663 3 : cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT;
664 :
665 3 : *data = NULL;
666 3 : *size = 0;
667 3 : if (hash != NULL) {
668 2 : *hash = NULL;
669 : }
670 3 : if (hash_size != NULL) {
671 2 : *hash_size = 0;
672 : }
673 :
674 3 : if (base_asym_algo == 0) {
675 0 : return false;
676 : }
677 :
678 3 : switch (base_asym_algo) {
679 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
680 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
681 0 : file = "rsa2048/bundle_responder.certchain_alias.der";
682 0 : break;
683 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
684 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
685 0 : file = "rsa3072/bundle_responder.certchain_alias.der";
686 0 : break;
687 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
688 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
689 0 : file = "rsa4096/bundle_responder.certchain_alias.der";
690 0 : break;
691 3 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
692 3 : file = "ecp256/bundle_responder.certchain_alias.der";
693 3 : break;
694 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
695 0 : file = "ecp384/bundle_responder.certchain_alias.der";
696 0 : break;
697 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
698 0 : file = "ecp521/bundle_responder.certchain_alias.der";
699 0 : break;
700 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
701 0 : file = "sm2/bundle_responder.certchain_alias.der";
702 0 : break;
703 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
704 0 : file = "ed25519/bundle_responder.certchain_alias.der";
705 0 : break;
706 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
707 0 : file = "ed448/bundle_responder.certchain_alias.der";
708 0 : break;
709 0 : default:
710 0 : LIBSPDM_ASSERT(false);
711 0 : return false;
712 : }
713 3 : res = libspdm_read_input_file(file, &file_data, &file_size);
714 3 : if (!res) {
715 0 : return res;
716 : }
717 :
718 3 : digest_size = libspdm_get_hash_size(base_hash_algo);
719 :
720 3 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
721 3 : cert_chain = (void *)malloc(cert_chain_size);
722 3 : if (cert_chain == NULL) {
723 0 : free(file_data);
724 0 : return false;
725 : }
726 3 : cert_chain->length = (uint32_t)cert_chain_size;
727 :
728 : /* Get leaf Certificate*/
729 3 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, -1, &leaf_cert,
730 : &leaf_cert_len);
731 3 : if (!res) {
732 0 : free(file_data);
733 0 : free(cert_chain);
734 0 : return res;
735 : }
736 3 : res = libspdm_x509_certificate_check(
737 : SPDM_MESSAGE_VERSION_12,
738 : leaf_cert, leaf_cert_len,
739 : base_asym_algo, 0, base_hash_algo,
740 : is_requester_cert, cert_model);
741 3 : if (!res) {
742 0 : free(file_data);
743 0 : free(cert_chain);
744 0 : return res;
745 : }
746 :
747 : /* Get Root Certificate*/
748 3 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
749 : &root_cert_len);
750 3 : if (!res) {
751 0 : free(file_data);
752 0 : free(cert_chain);
753 0 : return res;
754 : }
755 :
756 : /*verify cert_chain*/
757 3 : res = libspdm_x509_verify_cert_chain(root_cert, root_cert_len, file_data, file_size);
758 3 : if (!res) {
759 0 : free(file_data);
760 0 : free(cert_chain);
761 0 : return res;
762 : }
763 :
764 : /*calculate hash value*/
765 3 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
766 3 : (uint8_t *)(cert_chain + 1));
767 3 : if (!res) {
768 0 : free(file_data);
769 0 : free(cert_chain);
770 0 : return res;
771 : }
772 3 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
773 3 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
774 : file_data, file_size);
775 :
776 3 : *data = cert_chain;
777 3 : *size = cert_chain_size;
778 3 : if (hash != NULL) {
779 2 : *hash = (cert_chain + 1);
780 : }
781 3 : if (hash_size != NULL) {
782 2 : *hash_size = digest_size;
783 : }
784 :
785 3 : free(file_data);
786 3 : return true;
787 : }
788 :
789 7 : bool libspdm_read_responder_public_certificate_chain_per_slot(
790 : uint8_t slot_id, uint32_t base_hash_algo, uint32_t base_asym_algo,
791 : void **data, size_t *size, void **hash, size_t *hash_size)
792 : {
793 : bool res;
794 : void *file_data;
795 : size_t file_size;
796 : spdm_cert_chain_t *cert_chain;
797 : size_t cert_chain_size;
798 : char *file;
799 : const uint8_t *root_cert;
800 : size_t root_cert_len;
801 : size_t digest_size;
802 : bool is_requester_cert;
803 : uint8_t cert_model;
804 :
805 7 : is_requester_cert = false;
806 :
807 : /*default is device cert*/
808 7 : cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT;
809 :
810 7 : *data = NULL;
811 7 : *size = 0;
812 7 : if (hash != NULL) {
813 3 : *hash = NULL;
814 : }
815 7 : if (hash_size != NULL) {
816 3 : *hash_size = 0;
817 : }
818 :
819 7 : if (base_asym_algo == 0) {
820 0 : return false;
821 : }
822 :
823 7 : if (slot_id == 0) {
824 0 : switch (base_asym_algo) {
825 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
826 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
827 0 : file = "rsa2048/bundle_responder.certchain.der";
828 0 : break;
829 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
830 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
831 0 : file = "rsa3072/bundle_responder.certchain.der";
832 0 : break;
833 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
834 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
835 0 : file = "rsa4096/bundle_responder.certchain.der";
836 0 : break;
837 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
838 0 : file = "ecp256/bundle_responder.certchain.der";
839 0 : break;
840 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
841 0 : file = "ecp384/bundle_responder.certchain.der";
842 0 : break;
843 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
844 0 : file = "ecp521/bundle_responder.certchain.der";
845 0 : break;
846 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
847 0 : file = "sm2/bundle_responder.certchain.der";
848 0 : break;
849 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
850 0 : file = "ed25519/bundle_responder.certchain.der";
851 0 : break;
852 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
853 0 : file = "ed448/bundle_responder.certchain.der";
854 0 : break;
855 0 : default:
856 0 : LIBSPDM_ASSERT(false);
857 0 : return false;
858 : }
859 7 : } else if (slot_id == 4) {
860 : /* slot 4 uses a different leaf key than slot 0 / slot 1 (multi-key example). */
861 0 : switch (base_asym_algo) {
862 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
863 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
864 0 : file = "rsa2048/bundle_responder.certchain4.der";
865 0 : break;
866 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
867 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
868 0 : file = "rsa3072/bundle_responder.certchain4.der";
869 0 : break;
870 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
871 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
872 0 : file = "rsa4096/bundle_responder.certchain4.der";
873 0 : break;
874 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
875 0 : file = "ecp256/bundle_responder.certchain4.der";
876 0 : break;
877 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
878 0 : file = "ecp384/bundle_responder.certchain4.der";
879 0 : break;
880 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
881 0 : file = "ecp521/bundle_responder.certchain4.der";
882 0 : break;
883 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
884 0 : file = "sm2/bundle_responder.certchain4.der";
885 0 : break;
886 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
887 0 : file = "ed25519/bundle_responder.certchain4.der";
888 0 : break;
889 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
890 0 : file = "ed448/bundle_responder.certchain4.der";
891 0 : break;
892 0 : default:
893 0 : LIBSPDM_ASSERT(false);
894 0 : return false;
895 : }
896 : } else {
897 7 : switch (base_asym_algo) {
898 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
899 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
900 0 : file = "rsa2048/bundle_responder.certchain1.der";
901 0 : break;
902 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
903 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
904 0 : file = "rsa3072/bundle_responder.certchain1.der";
905 0 : break;
906 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
907 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
908 0 : file = "rsa4096/bundle_responder.certchain1.der";
909 0 : break;
910 7 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
911 7 : file = "ecp256/bundle_responder.certchain1.der";
912 7 : break;
913 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
914 0 : file = "ecp384/bundle_responder.certchain1.der";
915 0 : break;
916 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
917 0 : file = "ecp521/bundle_responder.certchain1.der";
918 0 : break;
919 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
920 0 : file = "sm2/bundle_responder.certchain1.der";
921 0 : break;
922 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
923 0 : file = "ed25519/bundle_responder.certchain1.der";
924 0 : break;
925 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
926 0 : file = "ed448/bundle_responder.certchain1.der";
927 0 : break;
928 0 : default:
929 0 : LIBSPDM_ASSERT(false);
930 0 : return false;
931 : }
932 : }
933 7 : res = libspdm_read_input_file(file, &file_data, &file_size);
934 7 : if (!res) {
935 0 : return res;
936 : }
937 :
938 7 : digest_size = libspdm_get_hash_size(base_hash_algo);
939 :
940 7 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
941 7 : cert_chain = (void *)malloc(cert_chain_size);
942 7 : if (cert_chain == NULL) {
943 0 : free(file_data);
944 0 : return false;
945 : }
946 7 : cert_chain->length = (uint32_t)cert_chain_size;
947 :
948 7 : res = libspdm_verify_cert_chain_data(
949 : SPDM_MESSAGE_VERSION_12,
950 : file_data, file_size,
951 : base_asym_algo, 0, base_hash_algo,
952 : is_requester_cert, cert_model);
953 7 : if (!res) {
954 0 : free(file_data);
955 0 : free(cert_chain);
956 0 : return res;
957 : }
958 :
959 :
960 : /* Get Root Certificate and calculate hash value*/
961 :
962 7 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
963 : &root_cert_len);
964 7 : if (!res) {
965 0 : free(file_data);
966 0 : free(cert_chain);
967 0 : return res;
968 : }
969 :
970 7 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
971 7 : (uint8_t *)(cert_chain + 1));
972 7 : if (!res) {
973 0 : free(file_data);
974 0 : free(cert_chain);
975 0 : return res;
976 : }
977 7 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
978 7 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
979 : file_data, file_size);
980 :
981 7 : *data = cert_chain;
982 7 : *size = cert_chain_size;
983 7 : if (hash != NULL) {
984 3 : *hash = (cert_chain + 1);
985 : }
986 7 : if (hash_size != NULL) {
987 3 : *hash_size = digest_size;
988 : }
989 :
990 7 : free(file_data);
991 7 : return true;
992 : }
993 :
994 :
995 33 : bool libspdm_read_requester_public_certificate_chain(
996 : uint32_t base_hash_algo, uint16_t req_base_asym_alg, void **data,
997 : size_t *size, void **hash, size_t *hash_size)
998 : {
999 : bool res;
1000 : void *file_data;
1001 : size_t file_size;
1002 : spdm_cert_chain_t *cert_chain;
1003 : size_t cert_chain_size;
1004 : char *file;
1005 : const uint8_t *root_cert;
1006 : size_t root_cert_len;
1007 : size_t digest_size;
1008 : bool is_requester_cert;
1009 : uint8_t cert_model;
1010 :
1011 33 : is_requester_cert = false;
1012 :
1013 : /*default is device cert*/
1014 33 : cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT;
1015 :
1016 33 : *data = NULL;
1017 33 : *size = 0;
1018 33 : if (hash != NULL) {
1019 6 : *hash = NULL;
1020 : }
1021 33 : if (hash_size != NULL) {
1022 6 : *hash_size = 0;
1023 : }
1024 :
1025 33 : if (req_base_asym_alg == 0) {
1026 0 : return false;
1027 : }
1028 :
1029 33 : switch (req_base_asym_alg) {
1030 33 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
1031 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
1032 33 : file = "rsa2048/bundle_requester.certchain.der";
1033 33 : break;
1034 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
1035 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
1036 0 : file = "rsa3072/bundle_requester.certchain.der";
1037 0 : break;
1038 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
1039 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
1040 0 : file = "rsa4096/bundle_requester.certchain.der";
1041 0 : break;
1042 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
1043 0 : file = "ecp256/bundle_requester.certchain.der";
1044 0 : break;
1045 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
1046 0 : file = "ecp384/bundle_requester.certchain.der";
1047 0 : break;
1048 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
1049 0 : file = "ecp521/bundle_requester.certchain.der";
1050 0 : break;
1051 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
1052 0 : file = "sm2/bundle_requester.certchain.der";
1053 0 : break;
1054 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
1055 0 : file = "ed25519/bundle_requester.certchain.der";
1056 0 : break;
1057 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
1058 0 : file = "ed448/bundle_requester.certchain.der";
1059 0 : break;
1060 0 : default:
1061 0 : LIBSPDM_ASSERT(false);
1062 0 : return false;
1063 : }
1064 33 : res = libspdm_read_input_file(file, &file_data, &file_size);
1065 33 : if (!res) {
1066 0 : return res;
1067 : }
1068 :
1069 33 : digest_size = libspdm_get_hash_size(base_hash_algo);
1070 :
1071 33 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
1072 33 : cert_chain = (void *)malloc(cert_chain_size);
1073 33 : if (cert_chain == NULL) {
1074 0 : free(file_data);
1075 0 : return false;
1076 : }
1077 33 : cert_chain->length = (uint32_t)cert_chain_size;
1078 :
1079 33 : res = libspdm_verify_cert_chain_data(
1080 : SPDM_MESSAGE_VERSION_12,
1081 : file_data, file_size,
1082 : req_base_asym_alg, 0, base_hash_algo,
1083 : is_requester_cert, cert_model);
1084 33 : if (!res) {
1085 0 : free(file_data);
1086 0 : free(cert_chain);
1087 0 : return res;
1088 : }
1089 :
1090 :
1091 : /* Get Root Certificate and calculate hash value*/
1092 :
1093 33 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
1094 : &root_cert_len);
1095 33 : if (!res) {
1096 0 : free(file_data);
1097 0 : free(cert_chain);
1098 0 : return res;
1099 : }
1100 :
1101 33 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
1102 33 : (uint8_t *)(cert_chain + 1));
1103 33 : if (!res) {
1104 0 : free(file_data);
1105 0 : free(cert_chain);
1106 0 : return res;
1107 : }
1108 33 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
1109 33 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
1110 : file_data, file_size);
1111 :
1112 33 : *data = cert_chain;
1113 33 : *size = cert_chain_size;
1114 33 : if (hash != NULL) {
1115 6 : *hash = (cert_chain + 1);
1116 : }
1117 33 : if (hash_size != NULL) {
1118 6 : *hash_size = digest_size;
1119 : }
1120 :
1121 33 : free(file_data);
1122 33 : return true;
1123 : }
1124 :
1125 6 : bool libspdm_read_responder_certificate(uint32_t base_asym_algo,
1126 : void **data, size_t *size)
1127 : {
1128 : bool res;
1129 : char *file;
1130 :
1131 6 : switch (base_asym_algo) {
1132 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
1133 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
1134 0 : file = "rsa2048/end_responder.cert.der";
1135 0 : break;
1136 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
1137 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
1138 0 : file = "rsa3072/end_responder.cert.der";
1139 0 : break;
1140 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
1141 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
1142 0 : file = "rsa4096/end_responder.cert.der";
1143 0 : break;
1144 6 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
1145 6 : file = "ecp256/end_responder.cert.der";
1146 6 : break;
1147 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
1148 0 : file = "ecp384/end_responder.cert.der";
1149 0 : break;
1150 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
1151 0 : file = "ecp521/end_responder.cert.der";
1152 0 : break;
1153 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
1154 0 : file = "sm2/end_responder.cert.der";
1155 0 : break;
1156 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
1157 0 : file = "ed25519/end_responder.cert.der";
1158 0 : break;
1159 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
1160 0 : file = "ed448/end_responder.cert.der";
1161 0 : break;
1162 0 : default:
1163 0 : LIBSPDM_ASSERT(false);
1164 0 : return false;
1165 : }
1166 6 : res = libspdm_read_input_file(file, data, size);
1167 6 : return res;
1168 : }
|
