LCOV - code coverage report
Current view: top level - os_stub/spdm_device_secret_lib_sample - read_pub_cert.c (source / functions) Coverage Total Hit
Test: coverage.info Lines: 33.0 % 706 233
Test Date: 2025-08-24 08:11:14 Functions: 77.8 % 9 7

            Line data    Source code
       1              : /**
       2              :  *  Copyright Notice:
       3              :  *  Copyright 2021-2025 DMTF. All rights reserved.
       4              :  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
       5              :  **/
       6              : 
       7              : #include <stdarg.h>
       8              : #include <stddef.h>
       9              : #include <setjmp.h>
      10              : #include <stdint.h>
      11              : #include <stdlib.h>
      12              : #include <stdio.h>
      13              : #include <assert.h>
      14              : #include <string.h>
      15              : 
      16              : #include <base.h>
      17              : #include "library/memlib.h"
      18              : #include "spdm_device_secret_lib_internal.h"
      19              : #include "internal/libspdm_common_lib.h"
      20              : 
      21            2 : bool libspdm_read_responder_root_public_certificate(uint32_t base_hash_algo,
      22              :                                                     uint32_t base_asym_algo,
      23              :                                                     void **data, size_t *size,
      24              :                                                     void **hash,
      25              :                                                     size_t *hash_size)
      26              : {
      27              :     bool res;
      28              :     void *file_data;
      29              :     size_t file_size;
      30              :     spdm_cert_chain_t *cert_chain;
      31              :     size_t cert_chain_size;
      32              :     char *file;
      33              :     size_t digest_size;
      34              : 
      35            2 :     *data = NULL;
      36            2 :     *size = 0;
      37            2 :     if (hash != NULL) {
      38            0 :         *hash = NULL;
      39              :     }
      40            2 :     if (hash_size != NULL) {
      41            0 :         *hash_size = 0;
      42              :     }
      43              : 
      44            2 :     if (base_asym_algo == 0) {
      45            0 :         return false;
      46              :     }
      47              : 
      48            2 :     switch (base_asym_algo) {
      49            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
      50              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
      51            0 :         file = "rsa2048/ca.cert.der";
      52            0 :         break;
      53            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
      54              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
      55            0 :         file = "rsa3072/ca.cert.der";
      56            0 :         break;
      57            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
      58              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
      59            0 :         file = "rsa4096/ca.cert.der";
      60            0 :         break;
      61            2 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
      62            2 :         file = "ecp256/ca.cert.der";
      63            2 :         break;
      64            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
      65            0 :         file = "ecp384/ca.cert.der";
      66            0 :         break;
      67            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
      68            0 :         file = "ecp521/ca.cert.der";
      69            0 :         break;
      70            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
      71            0 :         file = "sm2/ca.cert.der";
      72            0 :         break;
      73            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
      74            0 :         file = "ed25519/ca.cert.der";
      75            0 :         break;
      76            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
      77            0 :         file = "ed448/ca.cert.der";
      78            0 :         break;
      79            0 :     default:
      80            0 :         LIBSPDM_ASSERT(false);
      81            0 :         return false;
      82              :     }
      83            2 :     res = libspdm_read_input_file(file, &file_data, &file_size);
      84            2 :     if (!res) {
      85            0 :         return res;
      86              :     }
      87              : 
      88            2 :     digest_size = libspdm_get_hash_size(base_hash_algo);
      89              : 
      90            2 :     cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
      91            2 :     cert_chain = (void *)malloc(cert_chain_size);
      92            2 :     if (cert_chain == NULL) {
      93            0 :         free(file_data);
      94            0 :         return false;
      95              :     }
      96            2 :     cert_chain->length = (uint32_t)cert_chain_size;
      97              : 
      98            2 :     res = libspdm_hash_all(base_hash_algo, file_data, file_size,
      99            2 :                            (uint8_t *)(cert_chain + 1));
     100            2 :     if (!res) {
     101            0 :         free(file_data);
     102            0 :         free(cert_chain);
     103            0 :         return res;
     104              :     }
     105            2 :     libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
     106            2 :                      cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
     107              :                      file_data, file_size);
     108              : 
     109            2 :     *data = cert_chain;
     110            2 :     *size = cert_chain_size;
     111            2 :     if (hash != NULL) {
     112            0 :         *hash = (cert_chain + 1);
     113              :     }
     114            2 :     if (hash_size != NULL) {
     115            0 :         *hash_size = digest_size;
     116              :     }
     117              : 
     118            2 :     free(file_data);
     119            2 :     return true;
     120              : }
     121              : 
     122            0 : bool libspdm_read_responder_root_public_certificate_slot(uint8_t slot_id,
     123              :                                                          uint32_t base_hash_algo,
     124              :                                                          uint32_t base_asym_algo,
     125              :                                                          void **data, size_t *size,
     126              :                                                          void **hash,
     127              :                                                          size_t *hash_size)
     128              : {
     129              :     bool res;
     130              :     void *file_data;
     131              :     size_t file_size;
     132              :     spdm_cert_chain_t *cert_chain;
     133              :     size_t cert_chain_size;
     134              :     char *file;
     135              :     size_t digest_size;
     136              : 
     137            0 :     *data = NULL;
     138            0 :     *size = 0;
     139            0 :     if (hash != NULL) {
     140            0 :         *hash = NULL;
     141              :     }
     142            0 :     if (hash_size != NULL) {
     143            0 :         *hash_size = 0;
     144              :     }
     145              : 
     146            0 :     if (base_asym_algo == 0) {
     147            0 :         return false;
     148              :     }
     149              : 
     150            0 :     if (slot_id == 0) {
     151            0 :         switch (base_asym_algo) {
     152            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
     153              :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
     154            0 :             file = "rsa2048/ca.cert.der";
     155            0 :             break;
     156            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
     157              :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
     158            0 :             file = "rsa3072/ca.cert.der";
     159            0 :             break;
     160            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
     161              :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
     162            0 :             file = "rsa4096/ca.cert.der";
     163            0 :             break;
     164            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
     165            0 :             file = "ecp256/ca.cert.der";
     166            0 :             break;
     167            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
     168            0 :             file = "ecp384/ca.cert.der";
     169            0 :             break;
     170            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
     171            0 :             file = "ecp521/ca.cert.der";
     172            0 :             break;
     173            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
     174            0 :             file = "sm2/ca.cert.der";
     175            0 :             break;
     176            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
     177            0 :             file = "ed25519/ca.cert.der";
     178            0 :             break;
     179            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
     180            0 :             file = "ed448/ca.cert.der";
     181            0 :             break;
     182            0 :         default:
     183            0 :             LIBSPDM_ASSERT(false);
     184            0 :             return false;
     185              :         }
     186              :     } else {
     187            0 :         switch (base_asym_algo) {
     188            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
     189              :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
     190            0 :             file = "rsa2048/ca1.cert.der";
     191            0 :             break;
     192            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
     193              :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
     194            0 :             file = "rsa3072/ca1.cert.der";
     195            0 :             break;
     196            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
     197              :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
     198            0 :             file = "rsa4096/ca1.cert.der";
     199            0 :             break;
     200            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
     201            0 :             file = "ecp256/ca1.cert.der";
     202            0 :             break;
     203            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
     204            0 :             file = "ecp384/ca1.cert.der";
     205            0 :             break;
     206            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
     207            0 :             file = "ecp521/ca1.cert.der";
     208            0 :             break;
     209            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
     210            0 :             file = "sm2/ca1.cert.der";
     211            0 :             break;
     212            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
     213            0 :             file = "ed25519/ca1.cert.der";
     214            0 :             break;
     215            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
     216            0 :             file = "ed448/ca1.cert.der";
     217            0 :             break;
     218            0 :         default:
     219            0 :             LIBSPDM_ASSERT(false);
     220            0 :             return false;
     221              :         }
     222              :     }
     223            0 :     res = libspdm_read_input_file(file, &file_data, &file_size);
     224            0 :     if (!res) {
     225            0 :         return res;
     226              :     }
     227              : 
     228            0 :     digest_size = libspdm_get_hash_size(base_hash_algo);
     229              : 
     230            0 :     cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
     231            0 :     cert_chain = (void *)malloc(cert_chain_size);
     232            0 :     if (cert_chain == NULL) {
     233            0 :         free(file_data);
     234            0 :         return false;
     235              :     }
     236            0 :     cert_chain->length = (uint32_t)cert_chain_size;
     237              : 
     238            0 :     res = libspdm_hash_all(base_hash_algo, file_data, file_size,
     239            0 :                            (uint8_t *)(cert_chain + 1));
     240            0 :     if (!res) {
     241            0 :         free(file_data);
     242            0 :         free(cert_chain);
     243            0 :         return res;
     244              :     }
     245            0 :     libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
     246            0 :                      cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
     247              :                      file_data, file_size);
     248              : 
     249            0 :     *data = cert_chain;
     250            0 :     *size = cert_chain_size;
     251            0 :     if (hash != NULL) {
     252            0 :         *hash = (cert_chain + 1);
     253              :     }
     254            0 :     if (hash_size != NULL) {
     255            0 :         *hash_size = digest_size;
     256              :     }
     257              : 
     258            0 :     free(file_data);
     259            0 :     return true;
     260              : }
     261              : 
     262            0 : bool libspdm_read_requester_root_public_certificate(uint32_t base_hash_algo,
     263              :                                                     uint16_t req_base_asym_alg,
     264              :                                                     void **data, size_t *size,
     265              :                                                     void **hash,
     266              :                                                     size_t *hash_size)
     267              : {
     268              :     bool res;
     269              :     void *file_data;
     270              :     size_t file_size;
     271              :     spdm_cert_chain_t *cert_chain;
     272              :     size_t cert_chain_size;
     273              :     char *file;
     274              :     size_t digest_size;
     275              : 
     276            0 :     *data = NULL;
     277            0 :     *size = 0;
     278            0 :     if (hash != NULL) {
     279            0 :         *hash = NULL;
     280              :     }
     281            0 :     if (hash_size != NULL) {
     282            0 :         *hash_size = 0;
     283              :     }
     284              : 
     285            0 :     if (req_base_asym_alg == 0) {
     286            0 :         return false;
     287              :     }
     288              : 
     289            0 :     switch (req_base_asym_alg) {
     290            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
     291              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
     292            0 :         file = "rsa2048/ca.cert.der";
     293            0 :         break;
     294            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
     295              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
     296            0 :         file = "rsa3072/ca.cert.der";
     297            0 :         break;
     298            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
     299              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
     300            0 :         file = "rsa4096/ca.cert.der";
     301            0 :         break;
     302            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
     303            0 :         file = "ecp256/ca.cert.der";
     304            0 :         break;
     305            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
     306            0 :         file = "ecp384/ca.cert.der";
     307            0 :         break;
     308            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
     309            0 :         file = "ecp521/ca.cert.der";
     310            0 :         break;
     311            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
     312            0 :         file = "sm2/ca.cert.der";
     313            0 :         break;
     314            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
     315            0 :         file = "ed25519/ca.cert.der";
     316            0 :         break;
     317            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
     318            0 :         file = "ed448/ca.cert.der";
     319            0 :         break;
     320            0 :     default:
     321            0 :         LIBSPDM_ASSERT(false);
     322            0 :         return false;
     323              :     }
     324              : 
     325            0 :     digest_size = libspdm_get_hash_size(base_hash_algo);
     326              : 
     327            0 :     res = libspdm_read_input_file(file, &file_data, &file_size);
     328            0 :     if (!res) {
     329            0 :         return res;
     330              :     }
     331              : 
     332            0 :     cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
     333            0 :     cert_chain = (void *)malloc(cert_chain_size);
     334            0 :     if (cert_chain == NULL) {
     335            0 :         free(file_data);
     336            0 :         return false;
     337              :     }
     338            0 :     cert_chain->length = (uint32_t)cert_chain_size;
     339            0 :     res = libspdm_hash_all(base_hash_algo, file_data, file_size,
     340            0 :                            (uint8_t *)(cert_chain + 1));
     341            0 :     if (!res) {
     342            0 :         free(file_data);
     343            0 :         free(cert_chain);
     344            0 :         return res;
     345              :     }
     346            0 :     libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
     347            0 :                      cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
     348              :                      file_data, file_size);
     349              : 
     350            0 :     *data = cert_chain;
     351            0 :     *size = cert_chain_size;
     352            0 :     if (hash != NULL) {
     353            0 :         *hash = (cert_chain + 1);
     354              :     }
     355            0 :     if (hash_size != NULL) {
     356            0 :         *hash_size = digest_size;
     357              :     }
     358              : 
     359            0 :     free(file_data);
     360            0 :     return true;
     361              : }
     362              : 
     363          647 : bool libspdm_read_responder_public_certificate_chain(
     364              :     uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
     365              :     size_t *size, void **hash, size_t *hash_size)
     366              : {
     367              :     bool res;
     368              :     void *file_data;
     369              :     size_t file_size;
     370              :     spdm_cert_chain_t *cert_chain;
     371              :     size_t cert_chain_size;
     372              :     char *file;
     373              :     const uint8_t *root_cert;
     374              :     size_t root_cert_len;
     375              :     size_t digest_size;
     376              :     bool is_requester_cert;
     377              :     bool is_device_cert_model;
     378              : 
     379          647 :     is_requester_cert = false;
     380              : 
     381              :     /*default is true*/
     382          647 :     is_device_cert_model = true;
     383              : 
     384          647 :     *data = NULL;
     385          647 :     *size = 0;
     386          647 :     if (hash != NULL) {
     387          347 :         *hash = NULL;
     388              :     }
     389          647 :     if (hash_size != NULL) {
     390          347 :         *hash_size = 0;
     391              :     }
     392              : 
     393          647 :     if (base_asym_algo == 0) {
     394            0 :         return false;
     395              :     }
     396              : 
     397          647 :     switch (base_asym_algo) {
     398            5 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
     399              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
     400            5 :         file = "rsa2048/bundle_responder.certchain.der";
     401            5 :         break;
     402            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
     403              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
     404            0 :         file = "rsa3072/bundle_responder.certchain.der";
     405            0 :         break;
     406            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
     407              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
     408            0 :         file = "rsa4096/bundle_responder.certchain.der";
     409            0 :         break;
     410          642 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
     411          642 :         file = "ecp256/bundle_responder.certchain.der";
     412          642 :         break;
     413            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
     414            0 :         file = "ecp384/bundle_responder.certchain.der";
     415            0 :         break;
     416            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
     417            0 :         file = "ecp521/bundle_responder.certchain.der";
     418            0 :         break;
     419            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
     420            0 :         file = "sm2/bundle_responder.certchain.der";
     421            0 :         break;
     422            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
     423            0 :         file = "ed25519/bundle_responder.certchain.der";
     424            0 :         break;
     425            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
     426            0 :         file = "ed448/bundle_responder.certchain.der";
     427            0 :         break;
     428            0 :     default:
     429            0 :         LIBSPDM_ASSERT(false);
     430            0 :         return false;
     431              :     }
     432          647 :     res = libspdm_read_input_file(file, &file_data, &file_size);
     433          647 :     if (!res) {
     434            0 :         return res;
     435              :     }
     436              : 
     437          647 :     digest_size = libspdm_get_hash_size(base_hash_algo);
     438              : 
     439          647 :     cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
     440          647 :     cert_chain = (void *)malloc(cert_chain_size);
     441          647 :     if (cert_chain == NULL) {
     442            0 :         free(file_data);
     443            0 :         return false;
     444              :     }
     445          647 :     cert_chain->length = (uint32_t)cert_chain_size;
     446              : 
     447          647 :     res = libspdm_verify_cert_chain_data(file_data, file_size,
     448              :                                          base_asym_algo, base_hash_algo,
     449              :                                          is_requester_cert, is_device_cert_model);
     450          647 :     if (!res) {
     451            0 :         free(file_data);
     452            0 :         free(cert_chain);
     453            0 :         return res;
     454              :     }
     455              : 
     456              : 
     457              :     /* Get Root Certificate and calculate hash value*/
     458              : 
     459          647 :     res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
     460              :                                                 &root_cert_len);
     461          647 :     if (!res) {
     462            0 :         free(file_data);
     463            0 :         free(cert_chain);
     464            0 :         return res;
     465              :     }
     466              : 
     467          647 :     res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
     468          647 :                            (uint8_t *)(cert_chain + 1));
     469          647 :     if (!res) {
     470            0 :         free(file_data);
     471            0 :         free(cert_chain);
     472            0 :         return res;
     473              :     }
     474          647 :     libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
     475          647 :                      cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
     476              :                      file_data, file_size);
     477              : 
     478          647 :     *data = cert_chain;
     479          647 :     *size = cert_chain_size;
     480          647 :     if (hash != NULL) {
     481          347 :         *hash = (cert_chain + 1);
     482              :     }
     483          647 :     if (hash_size != NULL) {
     484          347 :         *hash_size = digest_size;
     485              :     }
     486              : 
     487          647 :     free(file_data);
     488          647 :     return true;
     489              : }
     490              : 
     491              : /*This alias cert chain is partial, from root CA to device certificate CA.*/
     492            2 : bool libspdm_read_responder_public_certificate_chain_alias_cert_till_dev_cert_ca(
     493              :     uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
     494              :     size_t *size, void **hash, size_t *hash_size)
     495              : {
     496              :     bool res;
     497              :     void *file_data;
     498              :     size_t file_size;
     499              :     spdm_cert_chain_t *cert_chain;
     500              :     size_t cert_chain_size;
     501              :     char *file;
     502              :     const uint8_t *root_cert;
     503              :     size_t root_cert_len;
     504              :     const uint8_t *leaf_cert;
     505              :     size_t leaf_cert_len;
     506              :     size_t digest_size;
     507              :     bool is_requester_cert;
     508              :     bool is_device_cert_model;
     509              : 
     510            2 :     is_requester_cert = false;
     511              : 
     512              :     /*default is false*/
     513            2 :     is_device_cert_model = false;
     514              : 
     515            2 :     *data = NULL;
     516            2 :     *size = 0;
     517            2 :     if (hash != NULL) {
     518            0 :         *hash = NULL;
     519              :     }
     520            2 :     if (hash_size != NULL) {
     521            0 :         *hash_size = 0;
     522              :     }
     523              : 
     524            2 :     if (base_asym_algo == 0) {
     525            0 :         return false;
     526              :     }
     527              : 
     528            2 :     switch (base_asym_algo) {
     529            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
     530              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
     531            0 :         file = "rsa2048/bundle_responder.certchain_alias_cert_partial_set.der";
     532            0 :         break;
     533            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
     534              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
     535            0 :         file = "rsa3072/bundle_responder.certchain_alias_cert_partial_set.der";
     536            0 :         break;
     537            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
     538              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
     539            0 :         file = "rsa4096/bundle_responder.certchain_alias_cert_partial_set.der";
     540            0 :         break;
     541            2 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
     542            2 :         file = "ecp256/bundle_responder.certchain_alias_cert_partial_set.der";
     543            2 :         break;
     544            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
     545            0 :         file = "ecp384/bundle_responder.certchain_alias_cert_partial_set.der";
     546            0 :         break;
     547            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
     548            0 :         file = "ecp521/bundle_responder.certchain_alias_cert_partial_set.der";
     549            0 :         break;
     550            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
     551            0 :         file = "sm2/bundle_responder.certchain_alias_cert_partial_set.der";
     552            0 :         break;
     553            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
     554            0 :         file = "ed25519/bundle_responder.certchain_alias_cert_partial_set.der";
     555            0 :         break;
     556            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
     557            0 :         file = "ed448/bundle_responder.certchain_alias_cert_partial_set.der";
     558            0 :         break;
     559            0 :     default:
     560            0 :         LIBSPDM_ASSERT(false);
     561            0 :         return false;
     562              :     }
     563            2 :     res = libspdm_read_input_file(file, &file_data, &file_size);
     564            2 :     if (!res) {
     565            0 :         return res;
     566              :     }
     567              : 
     568            2 :     digest_size = libspdm_get_hash_size(base_hash_algo);
     569              : 
     570            2 :     cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
     571            2 :     cert_chain = (void *)malloc(cert_chain_size);
     572            2 :     if (cert_chain == NULL) {
     573            0 :         free(file_data);
     574            0 :         return false;
     575              :     }
     576            2 :     cert_chain->length = (uint32_t)cert_chain_size;
     577              : 
     578              :     /* Get leaf Certificate*/
     579            2 :     res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, -1, &leaf_cert,
     580              :                                                 &leaf_cert_len);
     581            2 :     if (!res) {
     582            0 :         free(file_data);
     583            0 :         free(cert_chain);
     584            0 :         return res;
     585              :     }
     586            2 :     res = libspdm_x509_set_cert_certificate_check(leaf_cert, leaf_cert_len,
     587              :                                                   base_asym_algo, base_hash_algo,
     588              :                                                   is_requester_cert, is_device_cert_model);
     589            2 :     if (!res) {
     590            0 :         free(file_data);
     591            0 :         free(cert_chain);
     592            0 :         return res;
     593              :     }
     594              : 
     595              :     /* Get Root Certificate*/
     596            2 :     res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
     597              :                                                 &root_cert_len);
     598            2 :     if (!res) {
     599            0 :         free(file_data);
     600            0 :         free(cert_chain);
     601            0 :         return res;
     602              :     }
     603              : 
     604              :     /*verify cert_chain*/
     605            2 :     res = libspdm_x509_verify_cert_chain(root_cert, root_cert_len, file_data, file_size);
     606            2 :     if (!res) {
     607            0 :         free(file_data);
     608            0 :         free(cert_chain);
     609            0 :         return res;
     610              :     }
     611              : 
     612              :     /*calculate hash value*/
     613            2 :     res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
     614            2 :                            (uint8_t *)(cert_chain + 1));
     615            2 :     if (!res) {
     616            0 :         free(file_data);
     617            0 :         free(cert_chain);
     618            0 :         return res;
     619              :     }
     620            2 :     libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
     621            2 :                      cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
     622              :                      file_data, file_size);
     623              : 
     624            2 :     *data = cert_chain;
     625            2 :     *size = cert_chain_size;
     626            2 :     if (hash != NULL) {
     627            0 :         *hash = (cert_chain + 1);
     628              :     }
     629            2 :     if (hash_size != NULL) {
     630            0 :         *hash_size = digest_size;
     631              :     }
     632              : 
     633            2 :     free(file_data);
     634            2 :     return true;
     635              : }
     636              : 
     637              : /*This alias cert chain is entire, from root CA to leaf certificate.*/
     638            3 : bool libspdm_read_responder_public_certificate_chain_alias_cert(
     639              :     uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
     640              :     size_t *size, void **hash, size_t *hash_size)
     641              : {
     642              :     bool res;
     643              :     void *file_data;
     644              :     size_t file_size;
     645              :     spdm_cert_chain_t *cert_chain;
     646              :     size_t cert_chain_size;
     647              :     char *file;
     648              :     const uint8_t *root_cert;
     649              :     size_t root_cert_len;
     650              :     const uint8_t *leaf_cert;
     651              :     size_t leaf_cert_len;
     652              :     size_t digest_size;
     653              :     bool is_requester_cert;
     654              :     bool is_device_cert_model;
     655              : 
     656            3 :     is_requester_cert = false;
     657              : 
     658              :     /*default is false*/
     659            3 :     is_device_cert_model = false;
     660              : 
     661            3 :     *data = NULL;
     662            3 :     *size = 0;
     663            3 :     if (hash != NULL) {
     664            2 :         *hash = NULL;
     665              :     }
     666            3 :     if (hash_size != NULL) {
     667            2 :         *hash_size = 0;
     668              :     }
     669              : 
     670            3 :     if (base_asym_algo == 0) {
     671            0 :         return false;
     672              :     }
     673              : 
     674            3 :     switch (base_asym_algo) {
     675            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
     676              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
     677            0 :         file = "rsa2048/bundle_responder.certchain_alias.der";
     678            0 :         break;
     679            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
     680              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
     681            0 :         file = "rsa3072/bundle_responder.certchain_alias.der";
     682            0 :         break;
     683            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
     684              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
     685            0 :         file = "rsa4096/bundle_responder.certchain_alias.der";
     686            0 :         break;
     687            3 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
     688            3 :         file = "ecp256/bundle_responder.certchain_alias.der";
     689            3 :         break;
     690            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
     691            0 :         file = "ecp384/bundle_responder.certchain_alias.der";
     692            0 :         break;
     693            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
     694            0 :         file = "ecp521/bundle_responder.certchain_alias.der";
     695            0 :         break;
     696            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
     697            0 :         file = "sm2/bundle_responder.certchain_alias.der";
     698            0 :         break;
     699            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
     700            0 :         file = "ed25519/bundle_responder.certchain_alias.der";
     701            0 :         break;
     702            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
     703            0 :         file = "ed448/bundle_responder.certchain_alias.der";
     704            0 :         break;
     705            0 :     default:
     706            0 :         LIBSPDM_ASSERT(false);
     707            0 :         return false;
     708              :     }
     709            3 :     res = libspdm_read_input_file(file, &file_data, &file_size);
     710            3 :     if (!res) {
     711            0 :         return res;
     712              :     }
     713              : 
     714            3 :     digest_size = libspdm_get_hash_size(base_hash_algo);
     715              : 
     716            3 :     cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
     717            3 :     cert_chain = (void *)malloc(cert_chain_size);
     718            3 :     if (cert_chain == NULL) {
     719            0 :         free(file_data);
     720            0 :         return false;
     721              :     }
     722            3 :     cert_chain->length = (uint32_t)cert_chain_size;
     723              : 
     724              :     /* Get leaf Certificate*/
     725            3 :     res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, -1, &leaf_cert,
     726              :                                                 &leaf_cert_len);
     727            3 :     if (!res) {
     728            0 :         free(file_data);
     729            0 :         free(cert_chain);
     730            0 :         return res;
     731              :     }
     732            3 :     res = libspdm_x509_certificate_check(leaf_cert, leaf_cert_len,
     733              :                                          base_asym_algo, base_hash_algo,
     734              :                                          is_requester_cert, is_device_cert_model);
     735            3 :     if (!res) {
     736            0 :         free(file_data);
     737            0 :         free(cert_chain);
     738            0 :         return res;
     739              :     }
     740              : 
     741              :     /* Get Root Certificate*/
     742            3 :     res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
     743              :                                                 &root_cert_len);
     744            3 :     if (!res) {
     745            0 :         free(file_data);
     746            0 :         free(cert_chain);
     747            0 :         return res;
     748              :     }
     749              : 
     750              :     /*verify cert_chain*/
     751            3 :     res = libspdm_x509_verify_cert_chain(root_cert, root_cert_len, file_data, file_size);
     752            3 :     if (!res) {
     753            0 :         free(file_data);
     754            0 :         free(cert_chain);
     755            0 :         return res;
     756              :     }
     757              : 
     758              :     /*calculate hash value*/
     759            3 :     res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
     760            3 :                            (uint8_t *)(cert_chain + 1));
     761            3 :     if (!res) {
     762            0 :         free(file_data);
     763            0 :         free(cert_chain);
     764            0 :         return res;
     765              :     }
     766            3 :     libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
     767            3 :                      cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
     768              :                      file_data, file_size);
     769              : 
     770            3 :     *data = cert_chain;
     771            3 :     *size = cert_chain_size;
     772            3 :     if (hash != NULL) {
     773            2 :         *hash = (cert_chain + 1);
     774              :     }
     775            3 :     if (hash_size != NULL) {
     776            2 :         *hash_size = digest_size;
     777              :     }
     778              : 
     779            3 :     free(file_data);
     780            3 :     return true;
     781              : }
     782              : 
     783            7 : bool libspdm_read_responder_public_certificate_chain_per_slot(
     784              :     uint8_t slot_id, uint32_t base_hash_algo, uint32_t base_asym_algo,
     785              :     void **data, size_t *size, void **hash, size_t *hash_size)
     786              : {
     787              :     bool res;
     788              :     void *file_data;
     789              :     size_t file_size;
     790              :     spdm_cert_chain_t *cert_chain;
     791              :     size_t cert_chain_size;
     792              :     char *file;
     793              :     const uint8_t *root_cert;
     794              :     size_t root_cert_len;
     795              :     size_t digest_size;
     796              :     bool is_requester_cert;
     797              :     bool is_device_cert_model;
     798              : 
     799            7 :     is_requester_cert = false;
     800              : 
     801              :     /*default is true*/
     802            7 :     is_device_cert_model = true;
     803              : 
     804            7 :     *data = NULL;
     805            7 :     *size = 0;
     806            7 :     if (hash != NULL) {
     807            3 :         *hash = NULL;
     808              :     }
     809            7 :     if (hash_size != NULL) {
     810            3 :         *hash_size = 0;
     811              :     }
     812              : 
     813            7 :     if (base_asym_algo == 0) {
     814            0 :         return false;
     815              :     }
     816              : 
     817            7 :     if (slot_id == 0) {
     818            0 :         switch (base_asym_algo) {
     819            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
     820              :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
     821            0 :             file = "rsa2048/bundle_responder.certchain.der";
     822            0 :             break;
     823            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
     824              :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
     825            0 :             file = "rsa3072/bundle_responder.certchain.der";
     826            0 :             break;
     827            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
     828              :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
     829            0 :             file = "rsa4096/bundle_responder.certchain.der";
     830            0 :             break;
     831            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
     832            0 :             file = "ecp256/bundle_responder.certchain.der";
     833            0 :             break;
     834            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
     835            0 :             file = "ecp384/bundle_responder.certchain.der";
     836            0 :             break;
     837            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
     838            0 :             file = "ecp521/bundle_responder.certchain.der";
     839            0 :             break;
     840            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
     841            0 :             file = "sm2/bundle_responder.certchain.der";
     842            0 :             break;
     843            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
     844            0 :             file = "ed25519/bundle_responder.certchain.der";
     845            0 :             break;
     846            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
     847            0 :             file = "ed448/bundle_responder.certchain.der";
     848            0 :             break;
     849            0 :         default:
     850            0 :             LIBSPDM_ASSERT(false);
     851            0 :             return false;
     852              :         }
     853              :     } else {
     854            7 :         switch (base_asym_algo) {
     855            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
     856              :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
     857            0 :             file = "rsa2048/bundle_responder.certchain1.der";
     858            0 :             break;
     859            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
     860              :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
     861            0 :             file = "rsa3072/bundle_responder.certchain1.der";
     862            0 :             break;
     863            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
     864              :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
     865            0 :             file = "rsa4096/bundle_responder.certchain1.der";
     866            0 :             break;
     867            7 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
     868            7 :             file = "ecp256/bundle_responder.certchain1.der";
     869            7 :             break;
     870            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
     871            0 :             file = "ecp384/bundle_responder.certchain1.der";
     872            0 :             break;
     873            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
     874            0 :             file = "ecp521/bundle_responder.certchain1.der";
     875            0 :             break;
     876            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
     877            0 :             file = "sm2/bundle_responder.certchain1.der";
     878            0 :             break;
     879            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
     880            0 :             file = "ed25519/bundle_responder.certchain1.der";
     881            0 :             break;
     882            0 :         case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
     883            0 :             file = "ed448/bundle_responder.certchain1.der";
     884            0 :             break;
     885            0 :         default:
     886            0 :             LIBSPDM_ASSERT(false);
     887            0 :             return false;
     888              :         }
     889              :     }
     890            7 :     res = libspdm_read_input_file(file, &file_data, &file_size);
     891            7 :     if (!res) {
     892            0 :         return res;
     893              :     }
     894              : 
     895            7 :     digest_size = libspdm_get_hash_size(base_hash_algo);
     896              : 
     897            7 :     cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
     898            7 :     cert_chain = (void *)malloc(cert_chain_size);
     899            7 :     if (cert_chain == NULL) {
     900            0 :         free(file_data);
     901            0 :         return false;
     902              :     }
     903            7 :     cert_chain->length = (uint32_t)cert_chain_size;
     904              : 
     905            7 :     res = libspdm_verify_cert_chain_data(file_data, file_size,
     906              :                                          base_asym_algo, base_hash_algo,
     907              :                                          is_requester_cert, is_device_cert_model);
     908            7 :     if (!res) {
     909            0 :         free(file_data);
     910            0 :         free(cert_chain);
     911            0 :         return res;
     912              :     }
     913              : 
     914              : 
     915              :     /* Get Root Certificate and calculate hash value*/
     916              : 
     917            7 :     res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
     918              :                                                 &root_cert_len);
     919            7 :     if (!res) {
     920            0 :         free(file_data);
     921            0 :         free(cert_chain);
     922            0 :         return res;
     923              :     }
     924              : 
     925            7 :     res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
     926            7 :                            (uint8_t *)(cert_chain + 1));
     927            7 :     if (!res) {
     928            0 :         free(file_data);
     929            0 :         free(cert_chain);
     930            0 :         return res;
     931              :     }
     932            7 :     libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
     933            7 :                      cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
     934              :                      file_data, file_size);
     935              : 
     936            7 :     *data = cert_chain;
     937            7 :     *size = cert_chain_size;
     938            7 :     if (hash != NULL) {
     939            3 :         *hash = (cert_chain + 1);
     940              :     }
     941            7 :     if (hash_size != NULL) {
     942            3 :         *hash_size = digest_size;
     943              :     }
     944              : 
     945            7 :     free(file_data);
     946            7 :     return true;
     947              : }
     948              : 
     949              : 
     950           33 : bool libspdm_read_requester_public_certificate_chain(
     951              :     uint32_t base_hash_algo, uint16_t req_base_asym_alg, void **data,
     952              :     size_t *size, void **hash, size_t *hash_size)
     953              : {
     954              :     bool res;
     955              :     void *file_data;
     956              :     size_t file_size;
     957              :     spdm_cert_chain_t *cert_chain;
     958              :     size_t cert_chain_size;
     959              :     char *file;
     960              :     const uint8_t *root_cert;
     961              :     size_t root_cert_len;
     962              :     size_t digest_size;
     963              :     bool is_requester_cert;
     964              :     bool is_device_cert_model;
     965              : 
     966           33 :     is_requester_cert = false;
     967              : 
     968              :     /*default is true*/
     969           33 :     is_device_cert_model = true;
     970              : 
     971           33 :     *data = NULL;
     972           33 :     *size = 0;
     973           33 :     if (hash != NULL) {
     974            6 :         *hash = NULL;
     975              :     }
     976           33 :     if (hash_size != NULL) {
     977            6 :         *hash_size = 0;
     978              :     }
     979              : 
     980           33 :     if (req_base_asym_alg == 0) {
     981            0 :         return false;
     982              :     }
     983              : 
     984           33 :     switch (req_base_asym_alg) {
     985           33 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
     986              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
     987           33 :         file = "rsa2048/bundle_requester.certchain.der";
     988           33 :         break;
     989            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
     990              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
     991            0 :         file = "rsa3072/bundle_requester.certchain.der";
     992            0 :         break;
     993            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
     994              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
     995            0 :         file = "rsa4096/bundle_requester.certchain.der";
     996            0 :         break;
     997            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
     998            0 :         file = "ecp256/bundle_requester.certchain.der";
     999            0 :         break;
    1000            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
    1001            0 :         file = "ecp384/bundle_requester.certchain.der";
    1002            0 :         break;
    1003            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
    1004            0 :         file = "ecp521/bundle_requester.certchain.der";
    1005            0 :         break;
    1006            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
    1007            0 :         file = "sm2/bundle_requester.certchain.der";
    1008            0 :         break;
    1009            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
    1010            0 :         file = "ed25519/bundle_requester.certchain.der";
    1011            0 :         break;
    1012            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
    1013            0 :         file = "ed448/bundle_requester.certchain.der";
    1014            0 :         break;
    1015            0 :     default:
    1016            0 :         LIBSPDM_ASSERT(false);
    1017            0 :         return false;
    1018              :     }
    1019           33 :     res = libspdm_read_input_file(file, &file_data, &file_size);
    1020           33 :     if (!res) {
    1021            0 :         return res;
    1022              :     }
    1023              : 
    1024           33 :     digest_size = libspdm_get_hash_size(base_hash_algo);
    1025              : 
    1026           33 :     cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
    1027           33 :     cert_chain = (void *)malloc(cert_chain_size);
    1028           33 :     if (cert_chain == NULL) {
    1029            0 :         free(file_data);
    1030            0 :         return false;
    1031              :     }
    1032           33 :     cert_chain->length = (uint32_t)cert_chain_size;
    1033              : 
    1034           33 :     res = libspdm_verify_cert_chain_data(file_data, file_size,
    1035              :                                          req_base_asym_alg, base_hash_algo,
    1036              :                                          is_requester_cert, is_device_cert_model);
    1037           33 :     if (!res) {
    1038            0 :         free(file_data);
    1039            0 :         free(cert_chain);
    1040            0 :         return res;
    1041              :     }
    1042              : 
    1043              : 
    1044              :     /* Get Root Certificate and calculate hash value*/
    1045              : 
    1046           33 :     res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
    1047              :                                                 &root_cert_len);
    1048           33 :     if (!res) {
    1049            0 :         free(file_data);
    1050            0 :         free(cert_chain);
    1051            0 :         return res;
    1052              :     }
    1053              : 
    1054           33 :     res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
    1055           33 :                            (uint8_t *)(cert_chain + 1));
    1056           33 :     if (!res) {
    1057            0 :         free(file_data);
    1058            0 :         free(cert_chain);
    1059            0 :         return res;
    1060              :     }
    1061           33 :     libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
    1062           33 :                      cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
    1063              :                      file_data, file_size);
    1064              : 
    1065           33 :     *data = cert_chain;
    1066           33 :     *size = cert_chain_size;
    1067           33 :     if (hash != NULL) {
    1068            6 :         *hash = (cert_chain + 1);
    1069              :     }
    1070           33 :     if (hash_size != NULL) {
    1071            6 :         *hash_size = digest_size;
    1072              :     }
    1073              : 
    1074           33 :     free(file_data);
    1075           33 :     return true;
    1076              : }
    1077              : 
    1078            6 : bool libspdm_read_responder_certificate(uint32_t base_asym_algo,
    1079              :                                         void **data, size_t *size)
    1080              : {
    1081              :     bool res;
    1082              :     char *file;
    1083              : 
    1084            6 :     switch (base_asym_algo) {
    1085            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
    1086              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
    1087            0 :         file = "rsa2048/end_responder.cert.der";
    1088            0 :         break;
    1089            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
    1090              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
    1091            0 :         file = "rsa3072/end_responder.cert.der";
    1092            0 :         break;
    1093            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
    1094              :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
    1095            0 :         file = "rsa4096/end_responder.cert.der";
    1096            0 :         break;
    1097            6 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
    1098            6 :         file = "ecp256/end_responder.cert.der";
    1099            6 :         break;
    1100            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
    1101            0 :         file = "ecp384/end_responder.cert.der";
    1102            0 :         break;
    1103            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
    1104            0 :         file = "ecp521/end_responder.cert.der";
    1105            0 :         break;
    1106            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
    1107            0 :         file = "sm2/end_responder.cert.der";
    1108            0 :         break;
    1109            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
    1110            0 :         file = "ed25519/end_responder.cert.der";
    1111            0 :         break;
    1112            0 :     case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
    1113            0 :         file = "ed448/end_responder.cert.der";
    1114            0 :         break;
    1115            0 :     default:
    1116            0 :         LIBSPDM_ASSERT(false);
    1117            0 :         return false;
    1118              :     }
    1119            6 :     res = libspdm_read_input_file(file, data, size);
    1120            6 :     return res;
    1121              : }
        

Generated by: LCOV version 2.0-1