Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2024 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include <stdarg.h>
8 : #include <stddef.h>
9 : #include <setjmp.h>
10 : #include <stdint.h>
11 : #include <stdlib.h>
12 : #include <stdio.h>
13 : #include <assert.h>
14 : #include <string.h>
15 :
16 : #include <base.h>
17 : #include "library/memlib.h"
18 : #include "spdm_device_secret_lib_internal.h"
19 : #include "internal/libspdm_common_lib.h"
20 :
21 2 : bool libspdm_read_responder_root_public_certificate(uint32_t base_hash_algo,
22 : uint32_t base_asym_algo,
23 : void **data, size_t *size,
24 : void **hash,
25 : size_t *hash_size)
26 : {
27 : bool res;
28 : void *file_data;
29 : size_t file_size;
30 : spdm_cert_chain_t *cert_chain;
31 : size_t cert_chain_size;
32 : char *file;
33 : size_t digest_size;
34 :
35 2 : *data = NULL;
36 2 : *size = 0;
37 2 : if (hash != NULL) {
38 0 : *hash = NULL;
39 : }
40 2 : if (hash_size != NULL) {
41 0 : *hash_size = 0;
42 : }
43 :
44 2 : if (base_asym_algo == 0) {
45 0 : return false;
46 : }
47 :
48 2 : switch (base_asym_algo) {
49 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
50 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
51 0 : file = "rsa2048/ca.cert.der";
52 0 : break;
53 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
54 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
55 0 : file = "rsa3072/ca.cert.der";
56 0 : break;
57 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
58 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
59 0 : file = "rsa4096/ca.cert.der";
60 0 : break;
61 2 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
62 2 : file = "ecp256/ca.cert.der";
63 2 : break;
64 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
65 0 : file = "ecp384/ca.cert.der";
66 0 : break;
67 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
68 0 : file = "ecp521/ca.cert.der";
69 0 : break;
70 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
71 0 : file = "sm2/ca.cert.der";
72 0 : break;
73 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
74 0 : file = "ed25519/ca.cert.der";
75 0 : break;
76 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
77 0 : file = "ed448/ca.cert.der";
78 0 : break;
79 0 : default:
80 0 : LIBSPDM_ASSERT(false);
81 0 : return false;
82 : }
83 2 : res = libspdm_read_input_file(file, &file_data, &file_size);
84 2 : if (!res) {
85 0 : return res;
86 : }
87 :
88 2 : digest_size = libspdm_get_hash_size(base_hash_algo);
89 :
90 2 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
91 2 : cert_chain = (void *)malloc(cert_chain_size);
92 2 : if (cert_chain == NULL) {
93 0 : free(file_data);
94 0 : return false;
95 : }
96 2 : cert_chain->length = (uint16_t)cert_chain_size;
97 2 : cert_chain->reserved = 0;
98 :
99 2 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
100 2 : (uint8_t *)(cert_chain + 1));
101 2 : if (!res) {
102 0 : free(file_data);
103 0 : free(cert_chain);
104 0 : return res;
105 : }
106 2 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
107 2 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
108 : file_data, file_size);
109 :
110 2 : *data = cert_chain;
111 2 : *size = cert_chain_size;
112 2 : if (hash != NULL) {
113 0 : *hash = (cert_chain + 1);
114 : }
115 2 : if (hash_size != NULL) {
116 0 : *hash_size = digest_size;
117 : }
118 :
119 2 : free(file_data);
120 2 : return true;
121 : }
122 :
123 0 : bool libspdm_read_responder_root_public_certificate_slot(uint8_t slot_id,
124 : uint32_t base_hash_algo,
125 : uint32_t base_asym_algo,
126 : void **data, size_t *size,
127 : void **hash,
128 : size_t *hash_size)
129 : {
130 : bool res;
131 : void *file_data;
132 : size_t file_size;
133 : spdm_cert_chain_t *cert_chain;
134 : size_t cert_chain_size;
135 : char *file;
136 : size_t digest_size;
137 :
138 0 : *data = NULL;
139 0 : *size = 0;
140 0 : if (hash != NULL) {
141 0 : *hash = NULL;
142 : }
143 0 : if (hash_size != NULL) {
144 0 : *hash_size = 0;
145 : }
146 :
147 0 : if (base_asym_algo == 0) {
148 0 : return false;
149 : }
150 :
151 0 : if (slot_id == 0) {
152 0 : switch (base_asym_algo) {
153 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
154 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
155 0 : file = "rsa2048/ca.cert.der";
156 0 : break;
157 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
158 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
159 0 : file = "rsa3072/ca.cert.der";
160 0 : break;
161 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
162 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
163 0 : file = "rsa4096/ca.cert.der";
164 0 : break;
165 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
166 0 : file = "ecp256/ca.cert.der";
167 0 : break;
168 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
169 0 : file = "ecp384/ca.cert.der";
170 0 : break;
171 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
172 0 : file = "ecp521/ca.cert.der";
173 0 : break;
174 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
175 0 : file = "sm2/ca.cert.der";
176 0 : break;
177 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
178 0 : file = "ed25519/ca.cert.der";
179 0 : break;
180 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
181 0 : file = "ed448/ca.cert.der";
182 0 : break;
183 0 : default:
184 0 : LIBSPDM_ASSERT(false);
185 0 : return false;
186 : }
187 : } else {
188 0 : switch (base_asym_algo) {
189 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
190 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
191 0 : file = "rsa2048/ca1.cert.der";
192 0 : break;
193 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
194 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
195 0 : file = "rsa3072/ca1.cert.der";
196 0 : break;
197 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
198 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
199 0 : file = "rsa4096/ca1.cert.der";
200 0 : break;
201 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
202 0 : file = "ecp256/ca1.cert.der";
203 0 : break;
204 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
205 0 : file = "ecp384/ca1.cert.der";
206 0 : break;
207 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
208 0 : file = "ecp521/ca1.cert.der";
209 0 : break;
210 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
211 0 : file = "sm2/ca1.cert.der";
212 0 : break;
213 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
214 0 : file = "ed25519/ca1.cert.der";
215 0 : break;
216 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
217 0 : file = "ed448/ca1.cert.der";
218 0 : break;
219 0 : default:
220 0 : LIBSPDM_ASSERT(false);
221 0 : return false;
222 : }
223 : }
224 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
225 0 : if (!res) {
226 0 : return res;
227 : }
228 :
229 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
230 :
231 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
232 0 : cert_chain = (void *)malloc(cert_chain_size);
233 0 : if (cert_chain == NULL) {
234 0 : free(file_data);
235 0 : return false;
236 : }
237 0 : cert_chain->length = (uint16_t)cert_chain_size;
238 0 : cert_chain->reserved = 0;
239 :
240 0 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
241 0 : (uint8_t *)(cert_chain + 1));
242 0 : if (!res) {
243 0 : free(file_data);
244 0 : free(cert_chain);
245 0 : return res;
246 : }
247 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
248 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
249 : file_data, file_size);
250 :
251 0 : *data = cert_chain;
252 0 : *size = cert_chain_size;
253 0 : if (hash != NULL) {
254 0 : *hash = (cert_chain + 1);
255 : }
256 0 : if (hash_size != NULL) {
257 0 : *hash_size = digest_size;
258 : }
259 :
260 0 : free(file_data);
261 0 : return true;
262 : }
263 :
264 0 : bool libspdm_read_requester_root_public_certificate(uint32_t base_hash_algo,
265 : uint16_t req_base_asym_alg,
266 : void **data, size_t *size,
267 : void **hash,
268 : size_t *hash_size)
269 : {
270 : bool res;
271 : void *file_data;
272 : size_t file_size;
273 : spdm_cert_chain_t *cert_chain;
274 : size_t cert_chain_size;
275 : char *file;
276 : size_t digest_size;
277 :
278 0 : *data = NULL;
279 0 : *size = 0;
280 0 : if (hash != NULL) {
281 0 : *hash = NULL;
282 : }
283 0 : if (hash_size != NULL) {
284 0 : *hash_size = 0;
285 : }
286 :
287 0 : if (req_base_asym_alg == 0) {
288 0 : return false;
289 : }
290 :
291 0 : switch (req_base_asym_alg) {
292 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
293 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
294 0 : file = "rsa2048/ca.cert.der";
295 0 : break;
296 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
297 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
298 0 : file = "rsa3072/ca.cert.der";
299 0 : break;
300 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
301 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
302 0 : file = "rsa4096/ca.cert.der";
303 0 : break;
304 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
305 0 : file = "ecp256/ca.cert.der";
306 0 : break;
307 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
308 0 : file = "ecp384/ca.cert.der";
309 0 : break;
310 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
311 0 : file = "ecp521/ca.cert.der";
312 0 : break;
313 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
314 0 : file = "sm2/ca.cert.der";
315 0 : break;
316 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
317 0 : file = "ed25519/ca.cert.der";
318 0 : break;
319 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
320 0 : file = "ed448/ca.cert.der";
321 0 : break;
322 0 : default:
323 0 : LIBSPDM_ASSERT(false);
324 0 : return false;
325 : }
326 :
327 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
328 :
329 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
330 0 : if (!res) {
331 0 : return res;
332 : }
333 :
334 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
335 0 : cert_chain = (void *)malloc(cert_chain_size);
336 0 : if (cert_chain == NULL) {
337 0 : free(file_data);
338 0 : return false;
339 : }
340 0 : cert_chain->length = (uint16_t)cert_chain_size;
341 0 : cert_chain->reserved = 0;
342 0 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
343 0 : (uint8_t *)(cert_chain + 1));
344 0 : if (!res) {
345 0 : free(file_data);
346 0 : free(cert_chain);
347 0 : return res;
348 : }
349 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
350 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
351 : file_data, file_size);
352 :
353 0 : *data = cert_chain;
354 0 : *size = cert_chain_size;
355 0 : if (hash != NULL) {
356 0 : *hash = (cert_chain + 1);
357 : }
358 0 : if (hash_size != NULL) {
359 0 : *hash_size = digest_size;
360 : }
361 :
362 0 : free(file_data);
363 0 : return true;
364 : }
365 :
366 641 : bool libspdm_read_responder_public_certificate_chain(
367 : uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
368 : size_t *size, void **hash, size_t *hash_size)
369 : {
370 : bool res;
371 : void *file_data;
372 : size_t file_size;
373 : spdm_cert_chain_t *cert_chain;
374 : size_t cert_chain_size;
375 : char *file;
376 : const uint8_t *root_cert;
377 : size_t root_cert_len;
378 : size_t digest_size;
379 : bool is_requester_cert;
380 : bool is_device_cert_model;
381 :
382 641 : is_requester_cert = false;
383 :
384 : /*default is true*/
385 641 : is_device_cert_model = true;
386 :
387 641 : *data = NULL;
388 641 : *size = 0;
389 641 : if (hash != NULL) {
390 343 : *hash = NULL;
391 : }
392 641 : if (hash_size != NULL) {
393 343 : *hash_size = 0;
394 : }
395 :
396 641 : if (base_asym_algo == 0) {
397 0 : return false;
398 : }
399 :
400 641 : switch (base_asym_algo) {
401 5 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
402 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
403 5 : file = "rsa2048/bundle_responder.certchain.der";
404 5 : break;
405 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
406 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
407 0 : file = "rsa3072/bundle_responder.certchain.der";
408 0 : break;
409 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
410 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
411 0 : file = "rsa4096/bundle_responder.certchain.der";
412 0 : break;
413 636 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
414 636 : file = "ecp256/bundle_responder.certchain.der";
415 636 : break;
416 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
417 0 : file = "ecp384/bundle_responder.certchain.der";
418 0 : break;
419 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
420 0 : file = "ecp521/bundle_responder.certchain.der";
421 0 : break;
422 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
423 0 : file = "sm2/bundle_responder.certchain.der";
424 0 : break;
425 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
426 0 : file = "ed25519/bundle_responder.certchain.der";
427 0 : break;
428 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
429 0 : file = "ed448/bundle_responder.certchain.der";
430 0 : break;
431 0 : default:
432 0 : LIBSPDM_ASSERT(false);
433 0 : return false;
434 : }
435 641 : res = libspdm_read_input_file(file, &file_data, &file_size);
436 641 : if (!res) {
437 0 : return res;
438 : }
439 :
440 641 : digest_size = libspdm_get_hash_size(base_hash_algo);
441 :
442 641 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
443 641 : cert_chain = (void *)malloc(cert_chain_size);
444 641 : if (cert_chain == NULL) {
445 0 : free(file_data);
446 0 : return false;
447 : }
448 641 : cert_chain->length = (uint16_t)cert_chain_size;
449 641 : cert_chain->reserved = 0;
450 :
451 641 : res = libspdm_verify_cert_chain_data(file_data, file_size,
452 : base_asym_algo, base_hash_algo,
453 : is_requester_cert, is_device_cert_model);
454 641 : if (!res) {
455 0 : free(file_data);
456 0 : free(cert_chain);
457 0 : return res;
458 : }
459 :
460 :
461 : /* Get Root Certificate and calculate hash value*/
462 :
463 641 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
464 : &root_cert_len);
465 641 : if (!res) {
466 0 : free(file_data);
467 0 : free(cert_chain);
468 0 : return res;
469 : }
470 :
471 641 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
472 641 : (uint8_t *)(cert_chain + 1));
473 641 : if (!res) {
474 0 : free(file_data);
475 0 : free(cert_chain);
476 0 : return res;
477 : }
478 641 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
479 641 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
480 : file_data, file_size);
481 :
482 641 : *data = cert_chain;
483 641 : *size = cert_chain_size;
484 641 : if (hash != NULL) {
485 343 : *hash = (cert_chain + 1);
486 : }
487 641 : if (hash_size != NULL) {
488 343 : *hash_size = digest_size;
489 : }
490 :
491 641 : free(file_data);
492 641 : return true;
493 : }
494 :
495 : /*This alias cert chain is partial, from root CA to device certificate CA.*/
496 2 : bool libspdm_read_responder_public_certificate_chain_alias_cert_till_dev_cert_ca(
497 : uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
498 : size_t *size, void **hash, size_t *hash_size)
499 : {
500 : bool res;
501 : void *file_data;
502 : size_t file_size;
503 : spdm_cert_chain_t *cert_chain;
504 : size_t cert_chain_size;
505 : char *file;
506 : const uint8_t *root_cert;
507 : size_t root_cert_len;
508 : const uint8_t *leaf_cert;
509 : size_t leaf_cert_len;
510 : size_t digest_size;
511 : bool is_requester_cert;
512 : bool is_device_cert_model;
513 :
514 2 : is_requester_cert = false;
515 :
516 : /*default is false*/
517 2 : is_device_cert_model = false;
518 :
519 2 : *data = NULL;
520 2 : *size = 0;
521 2 : if (hash != NULL) {
522 0 : *hash = NULL;
523 : }
524 2 : if (hash_size != NULL) {
525 0 : *hash_size = 0;
526 : }
527 :
528 2 : if (base_asym_algo == 0) {
529 0 : return false;
530 : }
531 :
532 2 : switch (base_asym_algo) {
533 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
534 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
535 0 : file = "rsa2048/bundle_responder.certchain_alias_cert_partial_set.der";
536 0 : break;
537 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
538 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
539 0 : file = "rsa3072/bundle_responder.certchain_alias_cert_partial_set.der";
540 0 : break;
541 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
542 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
543 0 : file = "rsa4096/bundle_responder.certchain_alias_cert_partial_set.der";
544 0 : break;
545 2 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
546 2 : file = "ecp256/bundle_responder.certchain_alias_cert_partial_set.der";
547 2 : break;
548 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
549 0 : file = "ecp384/bundle_responder.certchain_alias_cert_partial_set.der";
550 0 : break;
551 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
552 0 : file = "ecp521/bundle_responder.certchain_alias_cert_partial_set.der";
553 0 : break;
554 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
555 0 : file = "sm2/bundle_responder.certchain_alias_cert_partial_set.der";
556 0 : break;
557 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
558 0 : file = "ed25519/bundle_responder.certchain_alias_cert_partial_set.der";
559 0 : break;
560 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
561 0 : file = "ed448/bundle_responder.certchain_alias_cert_partial_set.der";
562 0 : break;
563 0 : default:
564 0 : LIBSPDM_ASSERT(false);
565 0 : return false;
566 : }
567 2 : res = libspdm_read_input_file(file, &file_data, &file_size);
568 2 : if (!res) {
569 0 : return res;
570 : }
571 :
572 2 : digest_size = libspdm_get_hash_size(base_hash_algo);
573 :
574 2 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
575 2 : cert_chain = (void *)malloc(cert_chain_size);
576 2 : if (cert_chain == NULL) {
577 0 : free(file_data);
578 0 : return false;
579 : }
580 2 : cert_chain->length = (uint16_t)cert_chain_size;
581 2 : cert_chain->reserved = 0;
582 :
583 : /* Get leaf Certificate*/
584 2 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, -1, &leaf_cert,
585 : &leaf_cert_len);
586 2 : if (!res) {
587 0 : free(file_data);
588 0 : free(cert_chain);
589 0 : return res;
590 : }
591 2 : res = libspdm_x509_set_cert_certificate_check(leaf_cert, leaf_cert_len,
592 : base_asym_algo, base_hash_algo,
593 : is_requester_cert, is_device_cert_model);
594 2 : if (!res) {
595 0 : free(file_data);
596 0 : free(cert_chain);
597 0 : return res;
598 : }
599 :
600 : /* Get Root Certificate*/
601 2 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
602 : &root_cert_len);
603 2 : if (!res) {
604 0 : free(file_data);
605 0 : free(cert_chain);
606 0 : return res;
607 : }
608 :
609 : /*verify cert_chain*/
610 2 : res = libspdm_x509_verify_cert_chain(root_cert, root_cert_len, file_data, file_size);
611 2 : if (!res) {
612 0 : free(file_data);
613 0 : free(cert_chain);
614 0 : return res;
615 : }
616 :
617 : /*calculate hash value*/
618 2 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
619 2 : (uint8_t *)(cert_chain + 1));
620 2 : if (!res) {
621 0 : free(file_data);
622 0 : free(cert_chain);
623 0 : return res;
624 : }
625 2 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
626 2 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
627 : file_data, file_size);
628 :
629 2 : *data = cert_chain;
630 2 : *size = cert_chain_size;
631 2 : if (hash != NULL) {
632 0 : *hash = (cert_chain + 1);
633 : }
634 2 : if (hash_size != NULL) {
635 0 : *hash_size = digest_size;
636 : }
637 :
638 2 : free(file_data);
639 2 : return true;
640 : }
641 :
642 : /*This alias cert chain is entire, from root CA to leaf certificate.*/
643 3 : bool libspdm_read_responder_public_certificate_chain_alias_cert(
644 : uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
645 : size_t *size, void **hash, size_t *hash_size)
646 : {
647 : bool res;
648 : void *file_data;
649 : size_t file_size;
650 : spdm_cert_chain_t *cert_chain;
651 : size_t cert_chain_size;
652 : char *file;
653 : const uint8_t *root_cert;
654 : size_t root_cert_len;
655 : const uint8_t *leaf_cert;
656 : size_t leaf_cert_len;
657 : size_t digest_size;
658 : bool is_requester_cert;
659 : bool is_device_cert_model;
660 :
661 3 : is_requester_cert = false;
662 :
663 : /*default is false*/
664 3 : is_device_cert_model = false;
665 :
666 3 : *data = NULL;
667 3 : *size = 0;
668 3 : if (hash != NULL) {
669 2 : *hash = NULL;
670 : }
671 3 : if (hash_size != NULL) {
672 2 : *hash_size = 0;
673 : }
674 :
675 3 : if (base_asym_algo == 0) {
676 0 : return false;
677 : }
678 :
679 3 : switch (base_asym_algo) {
680 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
681 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
682 0 : file = "rsa2048/bundle_responder.certchain_alias.der";
683 0 : break;
684 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
685 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
686 0 : file = "rsa3072/bundle_responder.certchain_alias.der";
687 0 : break;
688 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
689 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
690 0 : file = "rsa4096/bundle_responder.certchain_alias.der";
691 0 : break;
692 3 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
693 3 : file = "ecp256/bundle_responder.certchain_alias.der";
694 3 : break;
695 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
696 0 : file = "ecp384/bundle_responder.certchain_alias.der";
697 0 : break;
698 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
699 0 : file = "ecp521/bundle_responder.certchain_alias.der";
700 0 : break;
701 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
702 0 : file = "sm2/bundle_responder.certchain_alias.der";
703 0 : break;
704 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
705 0 : file = "ed25519/bundle_responder.certchain_alias.der";
706 0 : break;
707 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
708 0 : file = "ed448/bundle_responder.certchain_alias.der";
709 0 : break;
710 0 : default:
711 0 : LIBSPDM_ASSERT(false);
712 0 : return false;
713 : }
714 3 : res = libspdm_read_input_file(file, &file_data, &file_size);
715 3 : if (!res) {
716 0 : return res;
717 : }
718 :
719 3 : digest_size = libspdm_get_hash_size(base_hash_algo);
720 :
721 3 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
722 3 : cert_chain = (void *)malloc(cert_chain_size);
723 3 : if (cert_chain == NULL) {
724 0 : free(file_data);
725 0 : return false;
726 : }
727 3 : cert_chain->length = (uint16_t)cert_chain_size;
728 3 : cert_chain->reserved = 0;
729 :
730 : /* Get leaf Certificate*/
731 3 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, -1, &leaf_cert,
732 : &leaf_cert_len);
733 3 : if (!res) {
734 0 : free(file_data);
735 0 : free(cert_chain);
736 0 : return res;
737 : }
738 3 : res = libspdm_x509_certificate_check(leaf_cert, leaf_cert_len,
739 : base_asym_algo, base_hash_algo,
740 : is_requester_cert, is_device_cert_model);
741 3 : if (!res) {
742 0 : free(file_data);
743 0 : free(cert_chain);
744 0 : return res;
745 : }
746 :
747 : /* Get Root Certificate*/
748 3 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
749 : &root_cert_len);
750 3 : if (!res) {
751 0 : free(file_data);
752 0 : free(cert_chain);
753 0 : return res;
754 : }
755 :
756 : /*verify cert_chain*/
757 3 : res = libspdm_x509_verify_cert_chain(root_cert, root_cert_len, file_data, file_size);
758 3 : if (!res) {
759 0 : free(file_data);
760 0 : free(cert_chain);
761 0 : return res;
762 : }
763 :
764 : /*calculate hash value*/
765 3 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
766 3 : (uint8_t *)(cert_chain + 1));
767 3 : if (!res) {
768 0 : free(file_data);
769 0 : free(cert_chain);
770 0 : return res;
771 : }
772 3 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
773 3 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
774 : file_data, file_size);
775 :
776 3 : *data = cert_chain;
777 3 : *size = cert_chain_size;
778 3 : if (hash != NULL) {
779 2 : *hash = (cert_chain + 1);
780 : }
781 3 : if (hash_size != NULL) {
782 2 : *hash_size = digest_size;
783 : }
784 :
785 3 : free(file_data);
786 3 : return true;
787 : }
788 :
789 7 : bool libspdm_read_responder_public_certificate_chain_per_slot(
790 : uint8_t slot_id, uint32_t base_hash_algo, uint32_t base_asym_algo,
791 : void **data, size_t *size, void **hash, size_t *hash_size)
792 : {
793 : bool res;
794 : void *file_data;
795 : size_t file_size;
796 : spdm_cert_chain_t *cert_chain;
797 : size_t cert_chain_size;
798 : char *file;
799 : const uint8_t *root_cert;
800 : size_t root_cert_len;
801 : size_t digest_size;
802 : bool is_requester_cert;
803 : bool is_device_cert_model;
804 :
805 7 : is_requester_cert = false;
806 :
807 : /*default is true*/
808 7 : is_device_cert_model = true;
809 :
810 7 : *data = NULL;
811 7 : *size = 0;
812 7 : if (hash != NULL) {
813 3 : *hash = NULL;
814 : }
815 7 : if (hash_size != NULL) {
816 3 : *hash_size = 0;
817 : }
818 :
819 7 : if (base_asym_algo == 0) {
820 0 : return false;
821 : }
822 :
823 7 : if (slot_id == 0) {
824 0 : switch (base_asym_algo) {
825 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
826 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
827 0 : file = "rsa2048/bundle_responder.certchain.der";
828 0 : break;
829 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
830 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
831 0 : file = "rsa3072/bundle_responder.certchain.der";
832 0 : break;
833 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
834 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
835 0 : file = "rsa4096/bundle_responder.certchain.der";
836 0 : break;
837 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
838 0 : file = "ecp256/bundle_responder.certchain.der";
839 0 : break;
840 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
841 0 : file = "ecp384/bundle_responder.certchain.der";
842 0 : break;
843 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
844 0 : file = "ecp521/bundle_responder.certchain.der";
845 0 : break;
846 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
847 0 : file = "sm2/bundle_responder.certchain.der";
848 0 : break;
849 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
850 0 : file = "ed25519/bundle_responder.certchain.der";
851 0 : break;
852 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
853 0 : file = "ed448/bundle_responder.certchain.der";
854 0 : break;
855 0 : default:
856 0 : LIBSPDM_ASSERT(false);
857 0 : return false;
858 : }
859 : } else {
860 7 : switch (base_asym_algo) {
861 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
862 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
863 0 : file = "rsa2048/bundle_responder.certchain1.der";
864 0 : break;
865 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
866 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
867 0 : file = "rsa3072/bundle_responder.certchain1.der";
868 0 : break;
869 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
870 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
871 0 : file = "rsa4096/bundle_responder.certchain1.der";
872 0 : break;
873 7 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
874 7 : file = "ecp256/bundle_responder.certchain1.der";
875 7 : break;
876 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
877 0 : file = "ecp384/bundle_responder.certchain1.der";
878 0 : break;
879 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
880 0 : file = "ecp521/bundle_responder.certchain1.der";
881 0 : break;
882 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
883 0 : file = "sm2/bundle_responder.certchain1.der";
884 0 : break;
885 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
886 0 : file = "ed25519/bundle_responder.certchain1.der";
887 0 : break;
888 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
889 0 : file = "ed448/bundle_responder.certchain1.der";
890 0 : break;
891 0 : default:
892 0 : LIBSPDM_ASSERT(false);
893 0 : return false;
894 : }
895 : }
896 7 : res = libspdm_read_input_file(file, &file_data, &file_size);
897 7 : if (!res) {
898 0 : return res;
899 : }
900 :
901 7 : digest_size = libspdm_get_hash_size(base_hash_algo);
902 :
903 7 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
904 7 : cert_chain = (void *)malloc(cert_chain_size);
905 7 : if (cert_chain == NULL) {
906 0 : free(file_data);
907 0 : return false;
908 : }
909 7 : cert_chain->length = (uint16_t)cert_chain_size;
910 7 : cert_chain->reserved = 0;
911 :
912 7 : res = libspdm_verify_cert_chain_data(file_data, file_size,
913 : base_asym_algo, base_hash_algo,
914 : is_requester_cert, is_device_cert_model);
915 7 : if (!res) {
916 0 : free(file_data);
917 0 : free(cert_chain);
918 0 : return res;
919 : }
920 :
921 :
922 : /* Get Root Certificate and calculate hash value*/
923 :
924 7 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
925 : &root_cert_len);
926 7 : if (!res) {
927 0 : free(file_data);
928 0 : free(cert_chain);
929 0 : return res;
930 : }
931 :
932 7 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
933 7 : (uint8_t *)(cert_chain + 1));
934 7 : if (!res) {
935 0 : free(file_data);
936 0 : free(cert_chain);
937 0 : return res;
938 : }
939 7 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
940 7 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
941 : file_data, file_size);
942 :
943 7 : *data = cert_chain;
944 7 : *size = cert_chain_size;
945 7 : if (hash != NULL) {
946 3 : *hash = (cert_chain + 1);
947 : }
948 7 : if (hash_size != NULL) {
949 3 : *hash_size = digest_size;
950 : }
951 :
952 7 : free(file_data);
953 7 : return true;
954 : }
955 :
956 :
957 33 : bool libspdm_read_requester_public_certificate_chain(
958 : uint32_t base_hash_algo, uint16_t req_base_asym_alg, void **data,
959 : size_t *size, void **hash, size_t *hash_size)
960 : {
961 : bool res;
962 : void *file_data;
963 : size_t file_size;
964 : spdm_cert_chain_t *cert_chain;
965 : size_t cert_chain_size;
966 : char *file;
967 : const uint8_t *root_cert;
968 : size_t root_cert_len;
969 : size_t digest_size;
970 : bool is_requester_cert;
971 : bool is_device_cert_model;
972 :
973 33 : is_requester_cert = false;
974 :
975 : /*default is true*/
976 33 : is_device_cert_model = true;
977 :
978 33 : *data = NULL;
979 33 : *size = 0;
980 33 : if (hash != NULL) {
981 6 : *hash = NULL;
982 : }
983 33 : if (hash_size != NULL) {
984 6 : *hash_size = 0;
985 : }
986 :
987 33 : if (req_base_asym_alg == 0) {
988 0 : return false;
989 : }
990 :
991 33 : switch (req_base_asym_alg) {
992 33 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
993 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
994 33 : file = "rsa2048/bundle_requester.certchain.der";
995 33 : break;
996 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
997 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
998 0 : file = "rsa3072/bundle_requester.certchain.der";
999 0 : break;
1000 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
1001 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
1002 0 : file = "rsa4096/bundle_requester.certchain.der";
1003 0 : break;
1004 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
1005 0 : file = "ecp256/bundle_requester.certchain.der";
1006 0 : break;
1007 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
1008 0 : file = "ecp384/bundle_requester.certchain.der";
1009 0 : break;
1010 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
1011 0 : file = "ecp521/bundle_requester.certchain.der";
1012 0 : break;
1013 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
1014 0 : file = "sm2/bundle_requester.certchain.der";
1015 0 : break;
1016 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
1017 0 : file = "ed25519/bundle_requester.certchain.der";
1018 0 : break;
1019 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
1020 0 : file = "ed448/bundle_requester.certchain.der";
1021 0 : break;
1022 0 : default:
1023 0 : LIBSPDM_ASSERT(false);
1024 0 : return false;
1025 : }
1026 33 : res = libspdm_read_input_file(file, &file_data, &file_size);
1027 33 : if (!res) {
1028 0 : return res;
1029 : }
1030 :
1031 33 : digest_size = libspdm_get_hash_size(base_hash_algo);
1032 :
1033 33 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
1034 33 : cert_chain = (void *)malloc(cert_chain_size);
1035 33 : if (cert_chain == NULL) {
1036 0 : free(file_data);
1037 0 : return false;
1038 : }
1039 33 : cert_chain->length = (uint16_t)cert_chain_size;
1040 33 : cert_chain->reserved = 0;
1041 :
1042 33 : res = libspdm_verify_cert_chain_data(file_data, file_size,
1043 : req_base_asym_alg, base_hash_algo,
1044 : is_requester_cert, is_device_cert_model);
1045 33 : if (!res) {
1046 0 : free(file_data);
1047 0 : free(cert_chain);
1048 0 : return res;
1049 : }
1050 :
1051 :
1052 : /* Get Root Certificate and calculate hash value*/
1053 :
1054 33 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
1055 : &root_cert_len);
1056 33 : if (!res) {
1057 0 : free(file_data);
1058 0 : free(cert_chain);
1059 0 : return res;
1060 : }
1061 :
1062 33 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
1063 33 : (uint8_t *)(cert_chain + 1));
1064 33 : if (!res) {
1065 0 : free(file_data);
1066 0 : free(cert_chain);
1067 0 : return res;
1068 : }
1069 33 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
1070 33 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
1071 : file_data, file_size);
1072 :
1073 33 : *data = cert_chain;
1074 33 : *size = cert_chain_size;
1075 33 : if (hash != NULL) {
1076 6 : *hash = (cert_chain + 1);
1077 : }
1078 33 : if (hash_size != NULL) {
1079 6 : *hash_size = digest_size;
1080 : }
1081 :
1082 33 : free(file_data);
1083 33 : return true;
1084 : }
1085 :
1086 6 : bool libspdm_read_responder_certificate(uint32_t base_asym_algo,
1087 : void **data, size_t *size)
1088 : {
1089 : bool res;
1090 : char *file;
1091 :
1092 6 : switch (base_asym_algo) {
1093 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
1094 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
1095 0 : file = "rsa2048/end_responder.cert.der";
1096 0 : break;
1097 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
1098 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
1099 0 : file = "rsa3072/end_responder.cert.der";
1100 0 : break;
1101 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
1102 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
1103 0 : file = "rsa4096/end_responder.cert.der";
1104 0 : break;
1105 6 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
1106 6 : file = "ecp256/end_responder.cert.der";
1107 6 : break;
1108 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
1109 0 : file = "ecp384/end_responder.cert.der";
1110 0 : break;
1111 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
1112 0 : file = "ecp521/end_responder.cert.der";
1113 0 : break;
1114 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
1115 0 : file = "sm2/end_responder.cert.der";
1116 0 : break;
1117 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
1118 0 : file = "ed25519/end_responder.cert.der";
1119 0 : break;
1120 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
1121 0 : file = "ed448/end_responder.cert.der";
1122 0 : break;
1123 0 : default:
1124 0 : LIBSPDM_ASSERT(false);
1125 0 : return false;
1126 : }
1127 6 : res = libspdm_read_input_file(file, data, size);
1128 6 : return res;
1129 : }
|
