Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include <stdarg.h>
8 : #include <stddef.h>
9 : #include <setjmp.h>
10 : #include <stdint.h>
11 : #include <stdlib.h>
12 : #include <stdio.h>
13 : #include <assert.h>
14 : #include <string.h>
15 :
16 : #include <base.h>
17 : #include "library/memlib.h"
18 : #include "spdm_device_secret_lib_internal.h"
19 : #include "internal/libspdm_common_lib.h"
20 :
21 2 : bool libspdm_read_responder_root_public_certificate(uint32_t base_hash_algo,
22 : uint32_t base_asym_algo,
23 : void **data, size_t *size,
24 : void **hash,
25 : size_t *hash_size)
26 : {
27 : bool res;
28 : void *file_data;
29 : size_t file_size;
30 : spdm_cert_chain_t *cert_chain;
31 : size_t cert_chain_size;
32 : char *file;
33 : size_t digest_size;
34 :
35 2 : *data = NULL;
36 2 : *size = 0;
37 2 : if (hash != NULL) {
38 0 : *hash = NULL;
39 : }
40 2 : if (hash_size != NULL) {
41 0 : *hash_size = 0;
42 : }
43 :
44 2 : if (base_asym_algo == 0) {
45 0 : return false;
46 : }
47 :
48 2 : switch (base_asym_algo) {
49 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
50 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
51 0 : file = "rsa2048/ca.cert.der";
52 0 : break;
53 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
54 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
55 0 : file = "rsa3072/ca.cert.der";
56 0 : break;
57 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
58 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
59 0 : file = "rsa4096/ca.cert.der";
60 0 : break;
61 2 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
62 2 : file = "ecp256/ca.cert.der";
63 2 : break;
64 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
65 0 : file = "ecp384/ca.cert.der";
66 0 : break;
67 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
68 0 : file = "ecp521/ca.cert.der";
69 0 : break;
70 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
71 0 : file = "sm2/ca.cert.der";
72 0 : break;
73 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
74 0 : file = "ed25519/ca.cert.der";
75 0 : break;
76 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
77 0 : file = "ed448/ca.cert.der";
78 0 : break;
79 0 : default:
80 0 : LIBSPDM_ASSERT(false);
81 0 : return false;
82 : }
83 2 : res = libspdm_read_input_file(file, &file_data, &file_size);
84 2 : if (!res) {
85 0 : return res;
86 : }
87 :
88 2 : digest_size = libspdm_get_hash_size(base_hash_algo);
89 :
90 2 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
91 2 : cert_chain = (void *)malloc(cert_chain_size);
92 2 : if (cert_chain == NULL) {
93 0 : free(file_data);
94 0 : return false;
95 : }
96 2 : cert_chain->length = (uint32_t)cert_chain_size;
97 :
98 2 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
99 2 : (uint8_t *)(cert_chain + 1));
100 2 : if (!res) {
101 0 : free(file_data);
102 0 : free(cert_chain);
103 0 : return res;
104 : }
105 2 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
106 2 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
107 : file_data, file_size);
108 :
109 2 : *data = cert_chain;
110 2 : *size = cert_chain_size;
111 2 : if (hash != NULL) {
112 0 : *hash = (cert_chain + 1);
113 : }
114 2 : if (hash_size != NULL) {
115 0 : *hash_size = digest_size;
116 : }
117 :
118 2 : free(file_data);
119 2 : return true;
120 : }
121 :
122 0 : bool libspdm_read_responder_root_public_certificate_slot(uint8_t slot_id,
123 : uint32_t base_hash_algo,
124 : uint32_t base_asym_algo,
125 : void **data, size_t *size,
126 : void **hash,
127 : size_t *hash_size)
128 : {
129 : bool res;
130 : void *file_data;
131 : size_t file_size;
132 : spdm_cert_chain_t *cert_chain;
133 : size_t cert_chain_size;
134 : char *file;
135 : size_t digest_size;
136 :
137 0 : *data = NULL;
138 0 : *size = 0;
139 0 : if (hash != NULL) {
140 0 : *hash = NULL;
141 : }
142 0 : if (hash_size != NULL) {
143 0 : *hash_size = 0;
144 : }
145 :
146 0 : if (base_asym_algo == 0) {
147 0 : return false;
148 : }
149 :
150 0 : if (slot_id == 0) {
151 0 : switch (base_asym_algo) {
152 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
153 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
154 0 : file = "rsa2048/ca.cert.der";
155 0 : break;
156 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
157 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
158 0 : file = "rsa3072/ca.cert.der";
159 0 : break;
160 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
161 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
162 0 : file = "rsa4096/ca.cert.der";
163 0 : break;
164 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
165 0 : file = "ecp256/ca.cert.der";
166 0 : break;
167 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
168 0 : file = "ecp384/ca.cert.der";
169 0 : break;
170 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
171 0 : file = "ecp521/ca.cert.der";
172 0 : break;
173 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
174 0 : file = "sm2/ca.cert.der";
175 0 : break;
176 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
177 0 : file = "ed25519/ca.cert.der";
178 0 : break;
179 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
180 0 : file = "ed448/ca.cert.der";
181 0 : break;
182 0 : default:
183 0 : LIBSPDM_ASSERT(false);
184 0 : return false;
185 : }
186 : } else {
187 0 : switch (base_asym_algo) {
188 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
189 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
190 0 : file = "rsa2048/ca1.cert.der";
191 0 : break;
192 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
193 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
194 0 : file = "rsa3072/ca1.cert.der";
195 0 : break;
196 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
197 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
198 0 : file = "rsa4096/ca1.cert.der";
199 0 : break;
200 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
201 0 : file = "ecp256/ca1.cert.der";
202 0 : break;
203 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
204 0 : file = "ecp384/ca1.cert.der";
205 0 : break;
206 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
207 0 : file = "ecp521/ca1.cert.der";
208 0 : break;
209 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
210 0 : file = "sm2/ca1.cert.der";
211 0 : break;
212 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
213 0 : file = "ed25519/ca1.cert.der";
214 0 : break;
215 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
216 0 : file = "ed448/ca1.cert.der";
217 0 : break;
218 0 : default:
219 0 : LIBSPDM_ASSERT(false);
220 0 : return false;
221 : }
222 : }
223 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
224 0 : if (!res) {
225 0 : return res;
226 : }
227 :
228 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
229 :
230 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
231 0 : cert_chain = (void *)malloc(cert_chain_size);
232 0 : if (cert_chain == NULL) {
233 0 : free(file_data);
234 0 : return false;
235 : }
236 0 : cert_chain->length = (uint32_t)cert_chain_size;
237 :
238 0 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
239 0 : (uint8_t *)(cert_chain + 1));
240 0 : if (!res) {
241 0 : free(file_data);
242 0 : free(cert_chain);
243 0 : return res;
244 : }
245 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
246 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
247 : file_data, file_size);
248 :
249 0 : *data = cert_chain;
250 0 : *size = cert_chain_size;
251 0 : if (hash != NULL) {
252 0 : *hash = (cert_chain + 1);
253 : }
254 0 : if (hash_size != NULL) {
255 0 : *hash_size = digest_size;
256 : }
257 :
258 0 : free(file_data);
259 0 : return true;
260 : }
261 :
262 0 : bool libspdm_read_requester_root_public_certificate(uint32_t base_hash_algo,
263 : uint16_t req_base_asym_alg,
264 : void **data, size_t *size,
265 : void **hash,
266 : size_t *hash_size)
267 : {
268 : bool res;
269 : void *file_data;
270 : size_t file_size;
271 : spdm_cert_chain_t *cert_chain;
272 : size_t cert_chain_size;
273 : char *file;
274 : size_t digest_size;
275 :
276 0 : *data = NULL;
277 0 : *size = 0;
278 0 : if (hash != NULL) {
279 0 : *hash = NULL;
280 : }
281 0 : if (hash_size != NULL) {
282 0 : *hash_size = 0;
283 : }
284 :
285 0 : if (req_base_asym_alg == 0) {
286 0 : return false;
287 : }
288 :
289 0 : switch (req_base_asym_alg) {
290 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
291 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
292 0 : file = "rsa2048/ca.cert.der";
293 0 : break;
294 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
295 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
296 0 : file = "rsa3072/ca.cert.der";
297 0 : break;
298 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
299 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
300 0 : file = "rsa4096/ca.cert.der";
301 0 : break;
302 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
303 0 : file = "ecp256/ca.cert.der";
304 0 : break;
305 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
306 0 : file = "ecp384/ca.cert.der";
307 0 : break;
308 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
309 0 : file = "ecp521/ca.cert.der";
310 0 : break;
311 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
312 0 : file = "sm2/ca.cert.der";
313 0 : break;
314 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
315 0 : file = "ed25519/ca.cert.der";
316 0 : break;
317 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
318 0 : file = "ed448/ca.cert.der";
319 0 : break;
320 0 : default:
321 0 : LIBSPDM_ASSERT(false);
322 0 : return false;
323 : }
324 :
325 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
326 :
327 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
328 0 : if (!res) {
329 0 : return res;
330 : }
331 :
332 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
333 0 : cert_chain = (void *)malloc(cert_chain_size);
334 0 : if (cert_chain == NULL) {
335 0 : free(file_data);
336 0 : return false;
337 : }
338 0 : cert_chain->length = (uint32_t)cert_chain_size;
339 0 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
340 0 : (uint8_t *)(cert_chain + 1));
341 0 : if (!res) {
342 0 : free(file_data);
343 0 : free(cert_chain);
344 0 : return res;
345 : }
346 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
347 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
348 : file_data, file_size);
349 :
350 0 : *data = cert_chain;
351 0 : *size = cert_chain_size;
352 0 : if (hash != NULL) {
353 0 : *hash = (cert_chain + 1);
354 : }
355 0 : if (hash_size != NULL) {
356 0 : *hash_size = digest_size;
357 : }
358 :
359 0 : free(file_data);
360 0 : return true;
361 : }
362 :
363 654 : bool libspdm_read_responder_public_certificate_chain(
364 : uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
365 : size_t *size, void **hash, size_t *hash_size)
366 : {
367 : bool res;
368 : void *file_data;
369 : size_t file_size;
370 : spdm_cert_chain_t *cert_chain;
371 : size_t cert_chain_size;
372 : char *file;
373 : const uint8_t *root_cert;
374 : size_t root_cert_len;
375 : size_t digest_size;
376 : bool is_requester_cert;
377 : uint8_t cert_model;
378 :
379 654 : is_requester_cert = false;
380 :
381 : /*default is device cert*/
382 654 : cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT;
383 :
384 654 : *data = NULL;
385 654 : *size = 0;
386 654 : if (hash != NULL) {
387 349 : *hash = NULL;
388 : }
389 654 : if (hash_size != NULL) {
390 349 : *hash_size = 0;
391 : }
392 :
393 654 : if (base_asym_algo == 0) {
394 0 : return false;
395 : }
396 :
397 654 : switch (base_asym_algo) {
398 5 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
399 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
400 5 : file = "rsa2048/bundle_responder.certchain.der";
401 5 : break;
402 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
403 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
404 0 : file = "rsa3072/bundle_responder.certchain.der";
405 0 : break;
406 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
407 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
408 0 : file = "rsa4096/bundle_responder.certchain.der";
409 0 : break;
410 649 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
411 649 : file = "ecp256/bundle_responder.certchain.der";
412 649 : break;
413 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
414 0 : file = "ecp384/bundle_responder.certchain.der";
415 0 : break;
416 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
417 0 : file = "ecp521/bundle_responder.certchain.der";
418 0 : break;
419 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
420 0 : file = "sm2/bundle_responder.certchain.der";
421 0 : break;
422 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
423 0 : file = "ed25519/bundle_responder.certchain.der";
424 0 : break;
425 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
426 0 : file = "ed448/bundle_responder.certchain.der";
427 0 : break;
428 0 : default:
429 0 : LIBSPDM_ASSERT(false);
430 0 : return false;
431 : }
432 654 : res = libspdm_read_input_file(file, &file_data, &file_size);
433 654 : if (!res) {
434 0 : return res;
435 : }
436 :
437 654 : digest_size = libspdm_get_hash_size(base_hash_algo);
438 :
439 654 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
440 654 : cert_chain = (void *)malloc(cert_chain_size);
441 654 : if (cert_chain == NULL) {
442 0 : free(file_data);
443 0 : return false;
444 : }
445 654 : cert_chain->length = (uint32_t)cert_chain_size;
446 :
447 654 : res = libspdm_verify_cert_chain_data(
448 : SPDM_MESSAGE_VERSION_12,
449 : file_data, file_size,
450 : base_asym_algo, 0, base_hash_algo,
451 : is_requester_cert, cert_model);
452 654 : if (!res) {
453 0 : free(file_data);
454 0 : free(cert_chain);
455 0 : return res;
456 : }
457 :
458 :
459 : /* Get Root Certificate and calculate hash value*/
460 :
461 654 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
462 : &root_cert_len);
463 654 : if (!res) {
464 0 : free(file_data);
465 0 : free(cert_chain);
466 0 : return res;
467 : }
468 :
469 654 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
470 654 : (uint8_t *)(cert_chain + 1));
471 654 : if (!res) {
472 0 : free(file_data);
473 0 : free(cert_chain);
474 0 : return res;
475 : }
476 654 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
477 654 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
478 : file_data, file_size);
479 :
480 654 : *data = cert_chain;
481 654 : *size = cert_chain_size;
482 654 : if (hash != NULL) {
483 349 : *hash = (cert_chain + 1);
484 : }
485 654 : if (hash_size != NULL) {
486 349 : *hash_size = digest_size;
487 : }
488 :
489 654 : free(file_data);
490 654 : return true;
491 : }
492 :
493 : /*This alias cert chain is partial, from root CA to device certificate CA.*/
494 2 : bool libspdm_read_responder_public_certificate_chain_alias_cert_till_dev_cert_ca(
495 : uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
496 : size_t *size, void **hash, size_t *hash_size)
497 : {
498 : bool res;
499 : void *file_data;
500 : size_t file_size;
501 : spdm_cert_chain_t *cert_chain;
502 : size_t cert_chain_size;
503 : char *file;
504 : const uint8_t *root_cert;
505 : size_t root_cert_len;
506 : const uint8_t *leaf_cert;
507 : size_t leaf_cert_len;
508 : size_t digest_size;
509 : bool is_requester_cert;
510 : uint8_t cert_model;
511 :
512 2 : is_requester_cert = false;
513 :
514 : /*default is alias cert*/
515 2 : cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT;
516 :
517 2 : *data = NULL;
518 2 : *size = 0;
519 2 : if (hash != NULL) {
520 0 : *hash = NULL;
521 : }
522 2 : if (hash_size != NULL) {
523 0 : *hash_size = 0;
524 : }
525 :
526 2 : if (base_asym_algo == 0) {
527 0 : return false;
528 : }
529 :
530 2 : switch (base_asym_algo) {
531 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
532 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
533 0 : file = "rsa2048/bundle_responder.certchain_alias_cert_partial_set.der";
534 0 : break;
535 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
536 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
537 0 : file = "rsa3072/bundle_responder.certchain_alias_cert_partial_set.der";
538 0 : break;
539 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
540 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
541 0 : file = "rsa4096/bundle_responder.certchain_alias_cert_partial_set.der";
542 0 : break;
543 2 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
544 2 : file = "ecp256/bundle_responder.certchain_alias_cert_partial_set.der";
545 2 : break;
546 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
547 0 : file = "ecp384/bundle_responder.certchain_alias_cert_partial_set.der";
548 0 : break;
549 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
550 0 : file = "ecp521/bundle_responder.certchain_alias_cert_partial_set.der";
551 0 : break;
552 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
553 0 : file = "sm2/bundle_responder.certchain_alias_cert_partial_set.der";
554 0 : break;
555 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
556 0 : file = "ed25519/bundle_responder.certchain_alias_cert_partial_set.der";
557 0 : break;
558 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
559 0 : file = "ed448/bundle_responder.certchain_alias_cert_partial_set.der";
560 0 : break;
561 0 : default:
562 0 : LIBSPDM_ASSERT(false);
563 0 : return false;
564 : }
565 2 : res = libspdm_read_input_file(file, &file_data, &file_size);
566 2 : if (!res) {
567 0 : return res;
568 : }
569 :
570 2 : digest_size = libspdm_get_hash_size(base_hash_algo);
571 :
572 2 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
573 2 : cert_chain = (void *)malloc(cert_chain_size);
574 2 : if (cert_chain == NULL) {
575 0 : free(file_data);
576 0 : return false;
577 : }
578 2 : cert_chain->length = (uint32_t)cert_chain_size;
579 :
580 : /* Get leaf Certificate*/
581 2 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, -1, &leaf_cert,
582 : &leaf_cert_len);
583 2 : if (!res) {
584 0 : free(file_data);
585 0 : free(cert_chain);
586 0 : return res;
587 : }
588 2 : res = libspdm_x509_set_cert_certificate_check(
589 : SPDM_MESSAGE_VERSION_12,
590 : leaf_cert, leaf_cert_len,
591 : base_asym_algo, 0, base_hash_algo,
592 : is_requester_cert, cert_model);
593 2 : if (!res) {
594 0 : free(file_data);
595 0 : free(cert_chain);
596 0 : return res;
597 : }
598 :
599 : /* Get Root Certificate*/
600 2 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
601 : &root_cert_len);
602 2 : if (!res) {
603 0 : free(file_data);
604 0 : free(cert_chain);
605 0 : return res;
606 : }
607 :
608 : /*verify cert_chain*/
609 2 : res = libspdm_x509_verify_cert_chain(root_cert, root_cert_len, file_data, file_size);
610 2 : if (!res) {
611 0 : free(file_data);
612 0 : free(cert_chain);
613 0 : return res;
614 : }
615 :
616 : /*calculate hash value*/
617 2 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
618 2 : (uint8_t *)(cert_chain + 1));
619 2 : if (!res) {
620 0 : free(file_data);
621 0 : free(cert_chain);
622 0 : return res;
623 : }
624 2 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
625 2 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
626 : file_data, file_size);
627 :
628 2 : *data = cert_chain;
629 2 : *size = cert_chain_size;
630 2 : if (hash != NULL) {
631 0 : *hash = (cert_chain + 1);
632 : }
633 2 : if (hash_size != NULL) {
634 0 : *hash_size = digest_size;
635 : }
636 :
637 2 : free(file_data);
638 2 : return true;
639 : }
640 :
641 : /*This alias cert chain is entire, from root CA to leaf certificate.*/
642 3 : bool libspdm_read_responder_public_certificate_chain_alias_cert(
643 : uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
644 : size_t *size, void **hash, size_t *hash_size)
645 : {
646 : bool res;
647 : void *file_data;
648 : size_t file_size;
649 : spdm_cert_chain_t *cert_chain;
650 : size_t cert_chain_size;
651 : char *file;
652 : const uint8_t *root_cert;
653 : size_t root_cert_len;
654 : const uint8_t *leaf_cert;
655 : size_t leaf_cert_len;
656 : size_t digest_size;
657 : bool is_requester_cert;
658 : uint8_t cert_model;
659 :
660 3 : is_requester_cert = false;
661 :
662 : /*default is alias cert*/
663 3 : cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT;
664 :
665 3 : *data = NULL;
666 3 : *size = 0;
667 3 : if (hash != NULL) {
668 2 : *hash = NULL;
669 : }
670 3 : if (hash_size != NULL) {
671 2 : *hash_size = 0;
672 : }
673 :
674 3 : if (base_asym_algo == 0) {
675 0 : return false;
676 : }
677 :
678 3 : switch (base_asym_algo) {
679 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
680 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
681 0 : file = "rsa2048/bundle_responder.certchain_alias.der";
682 0 : break;
683 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
684 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
685 0 : file = "rsa3072/bundle_responder.certchain_alias.der";
686 0 : break;
687 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
688 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
689 0 : file = "rsa4096/bundle_responder.certchain_alias.der";
690 0 : break;
691 3 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
692 3 : file = "ecp256/bundle_responder.certchain_alias.der";
693 3 : break;
694 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
695 0 : file = "ecp384/bundle_responder.certchain_alias.der";
696 0 : break;
697 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
698 0 : file = "ecp521/bundle_responder.certchain_alias.der";
699 0 : break;
700 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
701 0 : file = "sm2/bundle_responder.certchain_alias.der";
702 0 : break;
703 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
704 0 : file = "ed25519/bundle_responder.certchain_alias.der";
705 0 : break;
706 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
707 0 : file = "ed448/bundle_responder.certchain_alias.der";
708 0 : break;
709 0 : default:
710 0 : LIBSPDM_ASSERT(false);
711 0 : return false;
712 : }
713 3 : res = libspdm_read_input_file(file, &file_data, &file_size);
714 3 : if (!res) {
715 0 : return res;
716 : }
717 :
718 3 : digest_size = libspdm_get_hash_size(base_hash_algo);
719 :
720 3 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
721 3 : cert_chain = (void *)malloc(cert_chain_size);
722 3 : if (cert_chain == NULL) {
723 0 : free(file_data);
724 0 : return false;
725 : }
726 3 : cert_chain->length = (uint32_t)cert_chain_size;
727 :
728 : /* Get leaf Certificate*/
729 3 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, -1, &leaf_cert,
730 : &leaf_cert_len);
731 3 : if (!res) {
732 0 : free(file_data);
733 0 : free(cert_chain);
734 0 : return res;
735 : }
736 3 : res = libspdm_x509_certificate_check(
737 : SPDM_MESSAGE_VERSION_12,
738 : leaf_cert, leaf_cert_len,
739 : base_asym_algo, 0, base_hash_algo,
740 : is_requester_cert, cert_model);
741 3 : if (!res) {
742 0 : free(file_data);
743 0 : free(cert_chain);
744 0 : return res;
745 : }
746 :
747 : /* Get Root Certificate*/
748 3 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
749 : &root_cert_len);
750 3 : if (!res) {
751 0 : free(file_data);
752 0 : free(cert_chain);
753 0 : return res;
754 : }
755 :
756 : /*verify cert_chain*/
757 3 : res = libspdm_x509_verify_cert_chain(root_cert, root_cert_len, file_data, file_size);
758 3 : if (!res) {
759 0 : free(file_data);
760 0 : free(cert_chain);
761 0 : return res;
762 : }
763 :
764 : /*calculate hash value*/
765 3 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
766 3 : (uint8_t *)(cert_chain + 1));
767 3 : if (!res) {
768 0 : free(file_data);
769 0 : free(cert_chain);
770 0 : return res;
771 : }
772 3 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
773 3 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
774 : file_data, file_size);
775 :
776 3 : *data = cert_chain;
777 3 : *size = cert_chain_size;
778 3 : if (hash != NULL) {
779 2 : *hash = (cert_chain + 1);
780 : }
781 3 : if (hash_size != NULL) {
782 2 : *hash_size = digest_size;
783 : }
784 :
785 3 : free(file_data);
786 3 : return true;
787 : }
788 :
789 7 : bool libspdm_read_responder_public_certificate_chain_per_slot(
790 : uint8_t slot_id, uint32_t base_hash_algo, uint32_t base_asym_algo,
791 : void **data, size_t *size, void **hash, size_t *hash_size)
792 : {
793 : bool res;
794 : void *file_data;
795 : size_t file_size;
796 : spdm_cert_chain_t *cert_chain;
797 : size_t cert_chain_size;
798 : char *file;
799 : const uint8_t *root_cert;
800 : size_t root_cert_len;
801 : size_t digest_size;
802 : bool is_requester_cert;
803 : uint8_t cert_model;
804 :
805 7 : is_requester_cert = false;
806 :
807 : /*default is device cert*/
808 7 : cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT;
809 :
810 7 : *data = NULL;
811 7 : *size = 0;
812 7 : if (hash != NULL) {
813 3 : *hash = NULL;
814 : }
815 7 : if (hash_size != NULL) {
816 3 : *hash_size = 0;
817 : }
818 :
819 7 : if (base_asym_algo == 0) {
820 0 : return false;
821 : }
822 :
823 7 : if (slot_id == 0) {
824 0 : switch (base_asym_algo) {
825 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
826 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
827 0 : file = "rsa2048/bundle_responder.certchain.der";
828 0 : break;
829 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
830 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
831 0 : file = "rsa3072/bundle_responder.certchain.der";
832 0 : break;
833 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
834 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
835 0 : file = "rsa4096/bundle_responder.certchain.der";
836 0 : break;
837 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
838 0 : file = "ecp256/bundle_responder.certchain.der";
839 0 : break;
840 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
841 0 : file = "ecp384/bundle_responder.certchain.der";
842 0 : break;
843 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
844 0 : file = "ecp521/bundle_responder.certchain.der";
845 0 : break;
846 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
847 0 : file = "sm2/bundle_responder.certchain.der";
848 0 : break;
849 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
850 0 : file = "ed25519/bundle_responder.certchain.der";
851 0 : break;
852 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
853 0 : file = "ed448/bundle_responder.certchain.der";
854 0 : break;
855 0 : default:
856 0 : LIBSPDM_ASSERT(false);
857 0 : return false;
858 : }
859 : } else {
860 7 : switch (base_asym_algo) {
861 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
862 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
863 0 : file = "rsa2048/bundle_responder.certchain1.der";
864 0 : break;
865 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
866 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
867 0 : file = "rsa3072/bundle_responder.certchain1.der";
868 0 : break;
869 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
870 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
871 0 : file = "rsa4096/bundle_responder.certchain1.der";
872 0 : break;
873 7 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
874 7 : file = "ecp256/bundle_responder.certchain1.der";
875 7 : break;
876 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
877 0 : file = "ecp384/bundle_responder.certchain1.der";
878 0 : break;
879 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
880 0 : file = "ecp521/bundle_responder.certchain1.der";
881 0 : break;
882 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
883 0 : file = "sm2/bundle_responder.certchain1.der";
884 0 : break;
885 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
886 0 : file = "ed25519/bundle_responder.certchain1.der";
887 0 : break;
888 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
889 0 : file = "ed448/bundle_responder.certchain1.der";
890 0 : break;
891 0 : default:
892 0 : LIBSPDM_ASSERT(false);
893 0 : return false;
894 : }
895 : }
896 7 : res = libspdm_read_input_file(file, &file_data, &file_size);
897 7 : if (!res) {
898 0 : return res;
899 : }
900 :
901 7 : digest_size = libspdm_get_hash_size(base_hash_algo);
902 :
903 7 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
904 7 : cert_chain = (void *)malloc(cert_chain_size);
905 7 : if (cert_chain == NULL) {
906 0 : free(file_data);
907 0 : return false;
908 : }
909 7 : cert_chain->length = (uint32_t)cert_chain_size;
910 :
911 7 : res = libspdm_verify_cert_chain_data(
912 : SPDM_MESSAGE_VERSION_12,
913 : file_data, file_size,
914 : base_asym_algo, 0, base_hash_algo,
915 : is_requester_cert, cert_model);
916 7 : if (!res) {
917 0 : free(file_data);
918 0 : free(cert_chain);
919 0 : return res;
920 : }
921 :
922 :
923 : /* Get Root Certificate and calculate hash value*/
924 :
925 7 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
926 : &root_cert_len);
927 7 : if (!res) {
928 0 : free(file_data);
929 0 : free(cert_chain);
930 0 : return res;
931 : }
932 :
933 7 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
934 7 : (uint8_t *)(cert_chain + 1));
935 7 : if (!res) {
936 0 : free(file_data);
937 0 : free(cert_chain);
938 0 : return res;
939 : }
940 7 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
941 7 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
942 : file_data, file_size);
943 :
944 7 : *data = cert_chain;
945 7 : *size = cert_chain_size;
946 7 : if (hash != NULL) {
947 3 : *hash = (cert_chain + 1);
948 : }
949 7 : if (hash_size != NULL) {
950 3 : *hash_size = digest_size;
951 : }
952 :
953 7 : free(file_data);
954 7 : return true;
955 : }
956 :
957 :
958 33 : bool libspdm_read_requester_public_certificate_chain(
959 : uint32_t base_hash_algo, uint16_t req_base_asym_alg, void **data,
960 : size_t *size, void **hash, size_t *hash_size)
961 : {
962 : bool res;
963 : void *file_data;
964 : size_t file_size;
965 : spdm_cert_chain_t *cert_chain;
966 : size_t cert_chain_size;
967 : char *file;
968 : const uint8_t *root_cert;
969 : size_t root_cert_len;
970 : size_t digest_size;
971 : bool is_requester_cert;
972 : uint8_t cert_model;
973 :
974 33 : is_requester_cert = false;
975 :
976 : /*default is device cert*/
977 33 : cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT;
978 :
979 33 : *data = NULL;
980 33 : *size = 0;
981 33 : if (hash != NULL) {
982 6 : *hash = NULL;
983 : }
984 33 : if (hash_size != NULL) {
985 6 : *hash_size = 0;
986 : }
987 :
988 33 : if (req_base_asym_alg == 0) {
989 0 : return false;
990 : }
991 :
992 33 : switch (req_base_asym_alg) {
993 33 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
994 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
995 33 : file = "rsa2048/bundle_requester.certchain.der";
996 33 : break;
997 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
998 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
999 0 : file = "rsa3072/bundle_requester.certchain.der";
1000 0 : break;
1001 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
1002 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
1003 0 : file = "rsa4096/bundle_requester.certchain.der";
1004 0 : break;
1005 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
1006 0 : file = "ecp256/bundle_requester.certchain.der";
1007 0 : break;
1008 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
1009 0 : file = "ecp384/bundle_requester.certchain.der";
1010 0 : break;
1011 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
1012 0 : file = "ecp521/bundle_requester.certchain.der";
1013 0 : break;
1014 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
1015 0 : file = "sm2/bundle_requester.certchain.der";
1016 0 : break;
1017 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
1018 0 : file = "ed25519/bundle_requester.certchain.der";
1019 0 : break;
1020 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
1021 0 : file = "ed448/bundle_requester.certchain.der";
1022 0 : break;
1023 0 : default:
1024 0 : LIBSPDM_ASSERT(false);
1025 0 : return false;
1026 : }
1027 33 : res = libspdm_read_input_file(file, &file_data, &file_size);
1028 33 : if (!res) {
1029 0 : return res;
1030 : }
1031 :
1032 33 : digest_size = libspdm_get_hash_size(base_hash_algo);
1033 :
1034 33 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
1035 33 : cert_chain = (void *)malloc(cert_chain_size);
1036 33 : if (cert_chain == NULL) {
1037 0 : free(file_data);
1038 0 : return false;
1039 : }
1040 33 : cert_chain->length = (uint32_t)cert_chain_size;
1041 :
1042 33 : res = libspdm_verify_cert_chain_data(
1043 : SPDM_MESSAGE_VERSION_12,
1044 : file_data, file_size,
1045 : req_base_asym_alg, 0, base_hash_algo,
1046 : is_requester_cert, cert_model);
1047 33 : if (!res) {
1048 0 : free(file_data);
1049 0 : free(cert_chain);
1050 0 : return res;
1051 : }
1052 :
1053 :
1054 : /* Get Root Certificate and calculate hash value*/
1055 :
1056 33 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
1057 : &root_cert_len);
1058 33 : if (!res) {
1059 0 : free(file_data);
1060 0 : free(cert_chain);
1061 0 : return res;
1062 : }
1063 :
1064 33 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
1065 33 : (uint8_t *)(cert_chain + 1));
1066 33 : if (!res) {
1067 0 : free(file_data);
1068 0 : free(cert_chain);
1069 0 : return res;
1070 : }
1071 33 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
1072 33 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
1073 : file_data, file_size);
1074 :
1075 33 : *data = cert_chain;
1076 33 : *size = cert_chain_size;
1077 33 : if (hash != NULL) {
1078 6 : *hash = (cert_chain + 1);
1079 : }
1080 33 : if (hash_size != NULL) {
1081 6 : *hash_size = digest_size;
1082 : }
1083 :
1084 33 : free(file_data);
1085 33 : return true;
1086 : }
1087 :
1088 6 : bool libspdm_read_responder_certificate(uint32_t base_asym_algo,
1089 : void **data, size_t *size)
1090 : {
1091 : bool res;
1092 : char *file;
1093 :
1094 6 : switch (base_asym_algo) {
1095 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
1096 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
1097 0 : file = "rsa2048/end_responder.cert.der";
1098 0 : break;
1099 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
1100 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
1101 0 : file = "rsa3072/end_responder.cert.der";
1102 0 : break;
1103 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
1104 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
1105 0 : file = "rsa4096/end_responder.cert.der";
1106 0 : break;
1107 6 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
1108 6 : file = "ecp256/end_responder.cert.der";
1109 6 : break;
1110 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
1111 0 : file = "ecp384/end_responder.cert.der";
1112 0 : break;
1113 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
1114 0 : file = "ecp521/end_responder.cert.der";
1115 0 : break;
1116 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
1117 0 : file = "sm2/end_responder.cert.der";
1118 0 : break;
1119 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
1120 0 : file = "ed25519/end_responder.cert.der";
1121 0 : break;
1122 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
1123 0 : file = "ed448/end_responder.cert.der";
1124 0 : break;
1125 0 : default:
1126 0 : LIBSPDM_ASSERT(false);
1127 0 : return false;
1128 : }
1129 6 : res = libspdm_read_input_file(file, data, size);
1130 6 : return res;
1131 : }
|
