Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include <stdarg.h>
8 : #include <stddef.h>
9 : #include <setjmp.h>
10 : #include <stdint.h>
11 : #include <stdlib.h>
12 : #include <stdio.h>
13 : #include <assert.h>
14 : #include <string.h>
15 :
16 : #include <base.h>
17 : #include "library/memlib.h"
18 : #include "spdm_device_secret_lib_internal.h"
19 : #include "internal/libspdm_common_lib.h"
20 :
21 2 : bool libspdm_read_responder_root_public_certificate(uint32_t base_hash_algo,
22 : uint32_t base_asym_algo,
23 : void **data, size_t *size,
24 : void **hash,
25 : size_t *hash_size)
26 : {
27 : bool res;
28 : void *file_data;
29 : size_t file_size;
30 : spdm_cert_chain_t *cert_chain;
31 : size_t cert_chain_size;
32 : char *file;
33 : size_t digest_size;
34 :
35 2 : *data = NULL;
36 2 : *size = 0;
37 2 : if (hash != NULL) {
38 0 : *hash = NULL;
39 : }
40 2 : if (hash_size != NULL) {
41 0 : *hash_size = 0;
42 : }
43 :
44 2 : if (base_asym_algo == 0) {
45 0 : return false;
46 : }
47 :
48 2 : switch (base_asym_algo) {
49 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
50 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
51 0 : file = "rsa2048/ca.cert.der";
52 0 : break;
53 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
54 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
55 0 : file = "rsa3072/ca.cert.der";
56 0 : break;
57 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
58 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
59 0 : file = "rsa4096/ca.cert.der";
60 0 : break;
61 2 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
62 2 : file = "ecp256/ca.cert.der";
63 2 : break;
64 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
65 0 : file = "ecp384/ca.cert.der";
66 0 : break;
67 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
68 0 : file = "ecp521/ca.cert.der";
69 0 : break;
70 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
71 0 : file = "sm2/ca.cert.der";
72 0 : break;
73 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
74 0 : file = "ed25519/ca.cert.der";
75 0 : break;
76 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
77 0 : file = "ed448/ca.cert.der";
78 0 : break;
79 0 : default:
80 0 : LIBSPDM_ASSERT(false);
81 0 : return false;
82 : }
83 2 : res = libspdm_read_input_file(file, &file_data, &file_size);
84 2 : if (!res) {
85 0 : return res;
86 : }
87 :
88 2 : digest_size = libspdm_get_hash_size(base_hash_algo);
89 :
90 2 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
91 2 : cert_chain = (void *)malloc(cert_chain_size);
92 2 : if (cert_chain == NULL) {
93 0 : free(file_data);
94 0 : return false;
95 : }
96 2 : cert_chain->length = (uint32_t)cert_chain_size;
97 :
98 2 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
99 2 : (uint8_t *)(cert_chain + 1));
100 2 : if (!res) {
101 0 : free(file_data);
102 0 : free(cert_chain);
103 0 : return res;
104 : }
105 2 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
106 2 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
107 : file_data, file_size);
108 :
109 2 : *data = cert_chain;
110 2 : *size = cert_chain_size;
111 2 : if (hash != NULL) {
112 0 : *hash = (cert_chain + 1);
113 : }
114 2 : if (hash_size != NULL) {
115 0 : *hash_size = digest_size;
116 : }
117 :
118 2 : free(file_data);
119 2 : return true;
120 : }
121 :
122 0 : bool libspdm_read_responder_root_public_certificate_slot(uint8_t slot_id,
123 : uint32_t base_hash_algo,
124 : uint32_t base_asym_algo,
125 : void **data, size_t *size,
126 : void **hash,
127 : size_t *hash_size)
128 : {
129 : bool res;
130 : void *file_data;
131 : size_t file_size;
132 : spdm_cert_chain_t *cert_chain;
133 : size_t cert_chain_size;
134 : char *file;
135 : size_t digest_size;
136 :
137 0 : *data = NULL;
138 0 : *size = 0;
139 0 : if (hash != NULL) {
140 0 : *hash = NULL;
141 : }
142 0 : if (hash_size != NULL) {
143 0 : *hash_size = 0;
144 : }
145 :
146 0 : if (base_asym_algo == 0) {
147 0 : return false;
148 : }
149 :
150 0 : if (slot_id == 0) {
151 0 : switch (base_asym_algo) {
152 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
153 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
154 0 : file = "rsa2048/ca.cert.der";
155 0 : break;
156 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
157 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
158 0 : file = "rsa3072/ca.cert.der";
159 0 : break;
160 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
161 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
162 0 : file = "rsa4096/ca.cert.der";
163 0 : break;
164 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
165 0 : file = "ecp256/ca.cert.der";
166 0 : break;
167 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
168 0 : file = "ecp384/ca.cert.der";
169 0 : break;
170 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
171 0 : file = "ecp521/ca.cert.der";
172 0 : break;
173 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
174 0 : file = "sm2/ca.cert.der";
175 0 : break;
176 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
177 0 : file = "ed25519/ca.cert.der";
178 0 : break;
179 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
180 0 : file = "ed448/ca.cert.der";
181 0 : break;
182 0 : default:
183 0 : LIBSPDM_ASSERT(false);
184 0 : return false;
185 : }
186 : } else {
187 0 : switch (base_asym_algo) {
188 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
189 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
190 0 : file = "rsa2048/ca1.cert.der";
191 0 : break;
192 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
193 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
194 0 : file = "rsa3072/ca1.cert.der";
195 0 : break;
196 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
197 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
198 0 : file = "rsa4096/ca1.cert.der";
199 0 : break;
200 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
201 0 : file = "ecp256/ca1.cert.der";
202 0 : break;
203 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
204 0 : file = "ecp384/ca1.cert.der";
205 0 : break;
206 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
207 0 : file = "ecp521/ca1.cert.der";
208 0 : break;
209 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
210 0 : file = "sm2/ca1.cert.der";
211 0 : break;
212 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
213 0 : file = "ed25519/ca1.cert.der";
214 0 : break;
215 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
216 0 : file = "ed448/ca1.cert.der";
217 0 : break;
218 0 : default:
219 0 : LIBSPDM_ASSERT(false);
220 0 : return false;
221 : }
222 : }
223 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
224 0 : if (!res) {
225 0 : return res;
226 : }
227 :
228 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
229 :
230 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
231 0 : cert_chain = (void *)malloc(cert_chain_size);
232 0 : if (cert_chain == NULL) {
233 0 : free(file_data);
234 0 : return false;
235 : }
236 0 : cert_chain->length = (uint32_t)cert_chain_size;
237 :
238 0 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
239 0 : (uint8_t *)(cert_chain + 1));
240 0 : if (!res) {
241 0 : free(file_data);
242 0 : free(cert_chain);
243 0 : return res;
244 : }
245 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
246 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
247 : file_data, file_size);
248 :
249 0 : *data = cert_chain;
250 0 : *size = cert_chain_size;
251 0 : if (hash != NULL) {
252 0 : *hash = (cert_chain + 1);
253 : }
254 0 : if (hash_size != NULL) {
255 0 : *hash_size = digest_size;
256 : }
257 :
258 0 : free(file_data);
259 0 : return true;
260 : }
261 :
262 0 : bool libspdm_read_requester_root_public_certificate(uint32_t base_hash_algo,
263 : uint16_t req_base_asym_alg,
264 : void **data, size_t *size,
265 : void **hash,
266 : size_t *hash_size)
267 : {
268 : bool res;
269 : void *file_data;
270 : size_t file_size;
271 : spdm_cert_chain_t *cert_chain;
272 : size_t cert_chain_size;
273 : char *file;
274 : size_t digest_size;
275 :
276 0 : *data = NULL;
277 0 : *size = 0;
278 0 : if (hash != NULL) {
279 0 : *hash = NULL;
280 : }
281 0 : if (hash_size != NULL) {
282 0 : *hash_size = 0;
283 : }
284 :
285 0 : if (req_base_asym_alg == 0) {
286 0 : return false;
287 : }
288 :
289 0 : switch (req_base_asym_alg) {
290 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
291 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
292 0 : file = "rsa2048/ca.cert.der";
293 0 : break;
294 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
295 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
296 0 : file = "rsa3072/ca.cert.der";
297 0 : break;
298 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
299 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
300 0 : file = "rsa4096/ca.cert.der";
301 0 : break;
302 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
303 0 : file = "ecp256/ca.cert.der";
304 0 : break;
305 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
306 0 : file = "ecp384/ca.cert.der";
307 0 : break;
308 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
309 0 : file = "ecp521/ca.cert.der";
310 0 : break;
311 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
312 0 : file = "sm2/ca.cert.der";
313 0 : break;
314 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
315 0 : file = "ed25519/ca.cert.der";
316 0 : break;
317 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
318 0 : file = "ed448/ca.cert.der";
319 0 : break;
320 0 : default:
321 0 : LIBSPDM_ASSERT(false);
322 0 : return false;
323 : }
324 :
325 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
326 :
327 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
328 0 : if (!res) {
329 0 : return res;
330 : }
331 :
332 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
333 0 : cert_chain = (void *)malloc(cert_chain_size);
334 0 : if (cert_chain == NULL) {
335 0 : free(file_data);
336 0 : return false;
337 : }
338 0 : cert_chain->length = (uint32_t)cert_chain_size;
339 0 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
340 0 : (uint8_t *)(cert_chain + 1));
341 0 : if (!res) {
342 0 : free(file_data);
343 0 : free(cert_chain);
344 0 : return res;
345 : }
346 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
347 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
348 : file_data, file_size);
349 :
350 0 : *data = cert_chain;
351 0 : *size = cert_chain_size;
352 0 : if (hash != NULL) {
353 0 : *hash = (cert_chain + 1);
354 : }
355 0 : if (hash_size != NULL) {
356 0 : *hash_size = digest_size;
357 : }
358 :
359 0 : free(file_data);
360 0 : return true;
361 : }
362 :
363 647 : bool libspdm_read_responder_public_certificate_chain(
364 : uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
365 : size_t *size, void **hash, size_t *hash_size)
366 : {
367 : bool res;
368 : void *file_data;
369 : size_t file_size;
370 : spdm_cert_chain_t *cert_chain;
371 : size_t cert_chain_size;
372 : char *file;
373 : const uint8_t *root_cert;
374 : size_t root_cert_len;
375 : size_t digest_size;
376 : bool is_requester_cert;
377 : bool is_device_cert_model;
378 :
379 647 : is_requester_cert = false;
380 :
381 : /*default is true*/
382 647 : is_device_cert_model = true;
383 :
384 647 : *data = NULL;
385 647 : *size = 0;
386 647 : if (hash != NULL) {
387 347 : *hash = NULL;
388 : }
389 647 : if (hash_size != NULL) {
390 347 : *hash_size = 0;
391 : }
392 :
393 647 : if (base_asym_algo == 0) {
394 0 : return false;
395 : }
396 :
397 647 : switch (base_asym_algo) {
398 5 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
399 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
400 5 : file = "rsa2048/bundle_responder.certchain.der";
401 5 : break;
402 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
403 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
404 0 : file = "rsa3072/bundle_responder.certchain.der";
405 0 : break;
406 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
407 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
408 0 : file = "rsa4096/bundle_responder.certchain.der";
409 0 : break;
410 642 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
411 642 : file = "ecp256/bundle_responder.certchain.der";
412 642 : break;
413 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
414 0 : file = "ecp384/bundle_responder.certchain.der";
415 0 : break;
416 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
417 0 : file = "ecp521/bundle_responder.certchain.der";
418 0 : break;
419 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
420 0 : file = "sm2/bundle_responder.certchain.der";
421 0 : break;
422 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
423 0 : file = "ed25519/bundle_responder.certchain.der";
424 0 : break;
425 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
426 0 : file = "ed448/bundle_responder.certchain.der";
427 0 : break;
428 0 : default:
429 0 : LIBSPDM_ASSERT(false);
430 0 : return false;
431 : }
432 647 : res = libspdm_read_input_file(file, &file_data, &file_size);
433 647 : if (!res) {
434 0 : return res;
435 : }
436 :
437 647 : digest_size = libspdm_get_hash_size(base_hash_algo);
438 :
439 647 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
440 647 : cert_chain = (void *)malloc(cert_chain_size);
441 647 : if (cert_chain == NULL) {
442 0 : free(file_data);
443 0 : return false;
444 : }
445 647 : cert_chain->length = (uint32_t)cert_chain_size;
446 :
447 647 : res = libspdm_verify_cert_chain_data(file_data, file_size,
448 : base_asym_algo, base_hash_algo,
449 : is_requester_cert, is_device_cert_model);
450 647 : if (!res) {
451 0 : free(file_data);
452 0 : free(cert_chain);
453 0 : return res;
454 : }
455 :
456 :
457 : /* Get Root Certificate and calculate hash value*/
458 :
459 647 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
460 : &root_cert_len);
461 647 : if (!res) {
462 0 : free(file_data);
463 0 : free(cert_chain);
464 0 : return res;
465 : }
466 :
467 647 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
468 647 : (uint8_t *)(cert_chain + 1));
469 647 : if (!res) {
470 0 : free(file_data);
471 0 : free(cert_chain);
472 0 : return res;
473 : }
474 647 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
475 647 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
476 : file_data, file_size);
477 :
478 647 : *data = cert_chain;
479 647 : *size = cert_chain_size;
480 647 : if (hash != NULL) {
481 347 : *hash = (cert_chain + 1);
482 : }
483 647 : if (hash_size != NULL) {
484 347 : *hash_size = digest_size;
485 : }
486 :
487 647 : free(file_data);
488 647 : return true;
489 : }
490 :
491 : /*This alias cert chain is partial, from root CA to device certificate CA.*/
492 2 : bool libspdm_read_responder_public_certificate_chain_alias_cert_till_dev_cert_ca(
493 : uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
494 : size_t *size, void **hash, size_t *hash_size)
495 : {
496 : bool res;
497 : void *file_data;
498 : size_t file_size;
499 : spdm_cert_chain_t *cert_chain;
500 : size_t cert_chain_size;
501 : char *file;
502 : const uint8_t *root_cert;
503 : size_t root_cert_len;
504 : const uint8_t *leaf_cert;
505 : size_t leaf_cert_len;
506 : size_t digest_size;
507 : bool is_requester_cert;
508 : bool is_device_cert_model;
509 :
510 2 : is_requester_cert = false;
511 :
512 : /*default is false*/
513 2 : is_device_cert_model = false;
514 :
515 2 : *data = NULL;
516 2 : *size = 0;
517 2 : if (hash != NULL) {
518 0 : *hash = NULL;
519 : }
520 2 : if (hash_size != NULL) {
521 0 : *hash_size = 0;
522 : }
523 :
524 2 : if (base_asym_algo == 0) {
525 0 : return false;
526 : }
527 :
528 2 : switch (base_asym_algo) {
529 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
530 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
531 0 : file = "rsa2048/bundle_responder.certchain_alias_cert_partial_set.der";
532 0 : break;
533 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
534 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
535 0 : file = "rsa3072/bundle_responder.certchain_alias_cert_partial_set.der";
536 0 : break;
537 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
538 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
539 0 : file = "rsa4096/bundle_responder.certchain_alias_cert_partial_set.der";
540 0 : break;
541 2 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
542 2 : file = "ecp256/bundle_responder.certchain_alias_cert_partial_set.der";
543 2 : break;
544 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
545 0 : file = "ecp384/bundle_responder.certchain_alias_cert_partial_set.der";
546 0 : break;
547 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
548 0 : file = "ecp521/bundle_responder.certchain_alias_cert_partial_set.der";
549 0 : break;
550 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
551 0 : file = "sm2/bundle_responder.certchain_alias_cert_partial_set.der";
552 0 : break;
553 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
554 0 : file = "ed25519/bundle_responder.certchain_alias_cert_partial_set.der";
555 0 : break;
556 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
557 0 : file = "ed448/bundle_responder.certchain_alias_cert_partial_set.der";
558 0 : break;
559 0 : default:
560 0 : LIBSPDM_ASSERT(false);
561 0 : return false;
562 : }
563 2 : res = libspdm_read_input_file(file, &file_data, &file_size);
564 2 : if (!res) {
565 0 : return res;
566 : }
567 :
568 2 : digest_size = libspdm_get_hash_size(base_hash_algo);
569 :
570 2 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
571 2 : cert_chain = (void *)malloc(cert_chain_size);
572 2 : if (cert_chain == NULL) {
573 0 : free(file_data);
574 0 : return false;
575 : }
576 2 : cert_chain->length = (uint32_t)cert_chain_size;
577 :
578 : /* Get leaf Certificate*/
579 2 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, -1, &leaf_cert,
580 : &leaf_cert_len);
581 2 : if (!res) {
582 0 : free(file_data);
583 0 : free(cert_chain);
584 0 : return res;
585 : }
586 2 : res = libspdm_x509_set_cert_certificate_check(leaf_cert, leaf_cert_len,
587 : base_asym_algo, base_hash_algo,
588 : is_requester_cert, is_device_cert_model);
589 2 : if (!res) {
590 0 : free(file_data);
591 0 : free(cert_chain);
592 0 : return res;
593 : }
594 :
595 : /* Get Root Certificate*/
596 2 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
597 : &root_cert_len);
598 2 : if (!res) {
599 0 : free(file_data);
600 0 : free(cert_chain);
601 0 : return res;
602 : }
603 :
604 : /*verify cert_chain*/
605 2 : res = libspdm_x509_verify_cert_chain(root_cert, root_cert_len, file_data, file_size);
606 2 : if (!res) {
607 0 : free(file_data);
608 0 : free(cert_chain);
609 0 : return res;
610 : }
611 :
612 : /*calculate hash value*/
613 2 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
614 2 : (uint8_t *)(cert_chain + 1));
615 2 : if (!res) {
616 0 : free(file_data);
617 0 : free(cert_chain);
618 0 : return res;
619 : }
620 2 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
621 2 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
622 : file_data, file_size);
623 :
624 2 : *data = cert_chain;
625 2 : *size = cert_chain_size;
626 2 : if (hash != NULL) {
627 0 : *hash = (cert_chain + 1);
628 : }
629 2 : if (hash_size != NULL) {
630 0 : *hash_size = digest_size;
631 : }
632 :
633 2 : free(file_data);
634 2 : return true;
635 : }
636 :
637 : /*This alias cert chain is entire, from root CA to leaf certificate.*/
638 3 : bool libspdm_read_responder_public_certificate_chain_alias_cert(
639 : uint32_t base_hash_algo, uint32_t base_asym_algo, void **data,
640 : size_t *size, void **hash, size_t *hash_size)
641 : {
642 : bool res;
643 : void *file_data;
644 : size_t file_size;
645 : spdm_cert_chain_t *cert_chain;
646 : size_t cert_chain_size;
647 : char *file;
648 : const uint8_t *root_cert;
649 : size_t root_cert_len;
650 : const uint8_t *leaf_cert;
651 : size_t leaf_cert_len;
652 : size_t digest_size;
653 : bool is_requester_cert;
654 : bool is_device_cert_model;
655 :
656 3 : is_requester_cert = false;
657 :
658 : /*default is false*/
659 3 : is_device_cert_model = false;
660 :
661 3 : *data = NULL;
662 3 : *size = 0;
663 3 : if (hash != NULL) {
664 2 : *hash = NULL;
665 : }
666 3 : if (hash_size != NULL) {
667 2 : *hash_size = 0;
668 : }
669 :
670 3 : if (base_asym_algo == 0) {
671 0 : return false;
672 : }
673 :
674 3 : switch (base_asym_algo) {
675 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
676 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
677 0 : file = "rsa2048/bundle_responder.certchain_alias.der";
678 0 : break;
679 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
680 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
681 0 : file = "rsa3072/bundle_responder.certchain_alias.der";
682 0 : break;
683 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
684 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
685 0 : file = "rsa4096/bundle_responder.certchain_alias.der";
686 0 : break;
687 3 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
688 3 : file = "ecp256/bundle_responder.certchain_alias.der";
689 3 : break;
690 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
691 0 : file = "ecp384/bundle_responder.certchain_alias.der";
692 0 : break;
693 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
694 0 : file = "ecp521/bundle_responder.certchain_alias.der";
695 0 : break;
696 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
697 0 : file = "sm2/bundle_responder.certchain_alias.der";
698 0 : break;
699 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
700 0 : file = "ed25519/bundle_responder.certchain_alias.der";
701 0 : break;
702 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
703 0 : file = "ed448/bundle_responder.certchain_alias.der";
704 0 : break;
705 0 : default:
706 0 : LIBSPDM_ASSERT(false);
707 0 : return false;
708 : }
709 3 : res = libspdm_read_input_file(file, &file_data, &file_size);
710 3 : if (!res) {
711 0 : return res;
712 : }
713 :
714 3 : digest_size = libspdm_get_hash_size(base_hash_algo);
715 :
716 3 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
717 3 : cert_chain = (void *)malloc(cert_chain_size);
718 3 : if (cert_chain == NULL) {
719 0 : free(file_data);
720 0 : return false;
721 : }
722 3 : cert_chain->length = (uint32_t)cert_chain_size;
723 :
724 : /* Get leaf Certificate*/
725 3 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, -1, &leaf_cert,
726 : &leaf_cert_len);
727 3 : if (!res) {
728 0 : free(file_data);
729 0 : free(cert_chain);
730 0 : return res;
731 : }
732 3 : res = libspdm_x509_certificate_check(leaf_cert, leaf_cert_len,
733 : base_asym_algo, base_hash_algo,
734 : is_requester_cert, is_device_cert_model);
735 3 : if (!res) {
736 0 : free(file_data);
737 0 : free(cert_chain);
738 0 : return res;
739 : }
740 :
741 : /* Get Root Certificate*/
742 3 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
743 : &root_cert_len);
744 3 : if (!res) {
745 0 : free(file_data);
746 0 : free(cert_chain);
747 0 : return res;
748 : }
749 :
750 : /*verify cert_chain*/
751 3 : res = libspdm_x509_verify_cert_chain(root_cert, root_cert_len, file_data, file_size);
752 3 : if (!res) {
753 0 : free(file_data);
754 0 : free(cert_chain);
755 0 : return res;
756 : }
757 :
758 : /*calculate hash value*/
759 3 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
760 3 : (uint8_t *)(cert_chain + 1));
761 3 : if (!res) {
762 0 : free(file_data);
763 0 : free(cert_chain);
764 0 : return res;
765 : }
766 3 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
767 3 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
768 : file_data, file_size);
769 :
770 3 : *data = cert_chain;
771 3 : *size = cert_chain_size;
772 3 : if (hash != NULL) {
773 2 : *hash = (cert_chain + 1);
774 : }
775 3 : if (hash_size != NULL) {
776 2 : *hash_size = digest_size;
777 : }
778 :
779 3 : free(file_data);
780 3 : return true;
781 : }
782 :
783 7 : bool libspdm_read_responder_public_certificate_chain_per_slot(
784 : uint8_t slot_id, uint32_t base_hash_algo, uint32_t base_asym_algo,
785 : void **data, size_t *size, void **hash, size_t *hash_size)
786 : {
787 : bool res;
788 : void *file_data;
789 : size_t file_size;
790 : spdm_cert_chain_t *cert_chain;
791 : size_t cert_chain_size;
792 : char *file;
793 : const uint8_t *root_cert;
794 : size_t root_cert_len;
795 : size_t digest_size;
796 : bool is_requester_cert;
797 : bool is_device_cert_model;
798 :
799 7 : is_requester_cert = false;
800 :
801 : /*default is true*/
802 7 : is_device_cert_model = true;
803 :
804 7 : *data = NULL;
805 7 : *size = 0;
806 7 : if (hash != NULL) {
807 3 : *hash = NULL;
808 : }
809 7 : if (hash_size != NULL) {
810 3 : *hash_size = 0;
811 : }
812 :
813 7 : if (base_asym_algo == 0) {
814 0 : return false;
815 : }
816 :
817 7 : if (slot_id == 0) {
818 0 : switch (base_asym_algo) {
819 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
820 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
821 0 : file = "rsa2048/bundle_responder.certchain.der";
822 0 : break;
823 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
824 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
825 0 : file = "rsa3072/bundle_responder.certchain.der";
826 0 : break;
827 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
828 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
829 0 : file = "rsa4096/bundle_responder.certchain.der";
830 0 : break;
831 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
832 0 : file = "ecp256/bundle_responder.certchain.der";
833 0 : break;
834 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
835 0 : file = "ecp384/bundle_responder.certchain.der";
836 0 : break;
837 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
838 0 : file = "ecp521/bundle_responder.certchain.der";
839 0 : break;
840 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
841 0 : file = "sm2/bundle_responder.certchain.der";
842 0 : break;
843 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
844 0 : file = "ed25519/bundle_responder.certchain.der";
845 0 : break;
846 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
847 0 : file = "ed448/bundle_responder.certchain.der";
848 0 : break;
849 0 : default:
850 0 : LIBSPDM_ASSERT(false);
851 0 : return false;
852 : }
853 : } else {
854 7 : switch (base_asym_algo) {
855 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
856 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
857 0 : file = "rsa2048/bundle_responder.certchain1.der";
858 0 : break;
859 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
860 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
861 0 : file = "rsa3072/bundle_responder.certchain1.der";
862 0 : break;
863 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
864 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
865 0 : file = "rsa4096/bundle_responder.certchain1.der";
866 0 : break;
867 7 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
868 7 : file = "ecp256/bundle_responder.certchain1.der";
869 7 : break;
870 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
871 0 : file = "ecp384/bundle_responder.certchain1.der";
872 0 : break;
873 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
874 0 : file = "ecp521/bundle_responder.certchain1.der";
875 0 : break;
876 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
877 0 : file = "sm2/bundle_responder.certchain1.der";
878 0 : break;
879 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
880 0 : file = "ed25519/bundle_responder.certchain1.der";
881 0 : break;
882 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
883 0 : file = "ed448/bundle_responder.certchain1.der";
884 0 : break;
885 0 : default:
886 0 : LIBSPDM_ASSERT(false);
887 0 : return false;
888 : }
889 : }
890 7 : res = libspdm_read_input_file(file, &file_data, &file_size);
891 7 : if (!res) {
892 0 : return res;
893 : }
894 :
895 7 : digest_size = libspdm_get_hash_size(base_hash_algo);
896 :
897 7 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
898 7 : cert_chain = (void *)malloc(cert_chain_size);
899 7 : if (cert_chain == NULL) {
900 0 : free(file_data);
901 0 : return false;
902 : }
903 7 : cert_chain->length = (uint32_t)cert_chain_size;
904 :
905 7 : res = libspdm_verify_cert_chain_data(file_data, file_size,
906 : base_asym_algo, base_hash_algo,
907 : is_requester_cert, is_device_cert_model);
908 7 : if (!res) {
909 0 : free(file_data);
910 0 : free(cert_chain);
911 0 : return res;
912 : }
913 :
914 :
915 : /* Get Root Certificate and calculate hash value*/
916 :
917 7 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
918 : &root_cert_len);
919 7 : if (!res) {
920 0 : free(file_data);
921 0 : free(cert_chain);
922 0 : return res;
923 : }
924 :
925 7 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
926 7 : (uint8_t *)(cert_chain + 1));
927 7 : if (!res) {
928 0 : free(file_data);
929 0 : free(cert_chain);
930 0 : return res;
931 : }
932 7 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
933 7 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
934 : file_data, file_size);
935 :
936 7 : *data = cert_chain;
937 7 : *size = cert_chain_size;
938 7 : if (hash != NULL) {
939 3 : *hash = (cert_chain + 1);
940 : }
941 7 : if (hash_size != NULL) {
942 3 : *hash_size = digest_size;
943 : }
944 :
945 7 : free(file_data);
946 7 : return true;
947 : }
948 :
949 :
950 33 : bool libspdm_read_requester_public_certificate_chain(
951 : uint32_t base_hash_algo, uint16_t req_base_asym_alg, void **data,
952 : size_t *size, void **hash, size_t *hash_size)
953 : {
954 : bool res;
955 : void *file_data;
956 : size_t file_size;
957 : spdm_cert_chain_t *cert_chain;
958 : size_t cert_chain_size;
959 : char *file;
960 : const uint8_t *root_cert;
961 : size_t root_cert_len;
962 : size_t digest_size;
963 : bool is_requester_cert;
964 : bool is_device_cert_model;
965 :
966 33 : is_requester_cert = false;
967 :
968 : /*default is true*/
969 33 : is_device_cert_model = true;
970 :
971 33 : *data = NULL;
972 33 : *size = 0;
973 33 : if (hash != NULL) {
974 6 : *hash = NULL;
975 : }
976 33 : if (hash_size != NULL) {
977 6 : *hash_size = 0;
978 : }
979 :
980 33 : if (req_base_asym_alg == 0) {
981 0 : return false;
982 : }
983 :
984 33 : switch (req_base_asym_alg) {
985 33 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
986 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
987 33 : file = "rsa2048/bundle_requester.certchain.der";
988 33 : break;
989 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
990 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
991 0 : file = "rsa3072/bundle_requester.certchain.der";
992 0 : break;
993 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
994 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
995 0 : file = "rsa4096/bundle_requester.certchain.der";
996 0 : break;
997 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
998 0 : file = "ecp256/bundle_requester.certchain.der";
999 0 : break;
1000 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
1001 0 : file = "ecp384/bundle_requester.certchain.der";
1002 0 : break;
1003 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
1004 0 : file = "ecp521/bundle_requester.certchain.der";
1005 0 : break;
1006 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
1007 0 : file = "sm2/bundle_requester.certchain.der";
1008 0 : break;
1009 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
1010 0 : file = "ed25519/bundle_requester.certchain.der";
1011 0 : break;
1012 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
1013 0 : file = "ed448/bundle_requester.certchain.der";
1014 0 : break;
1015 0 : default:
1016 0 : LIBSPDM_ASSERT(false);
1017 0 : return false;
1018 : }
1019 33 : res = libspdm_read_input_file(file, &file_data, &file_size);
1020 33 : if (!res) {
1021 0 : return res;
1022 : }
1023 :
1024 33 : digest_size = libspdm_get_hash_size(base_hash_algo);
1025 :
1026 33 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
1027 33 : cert_chain = (void *)malloc(cert_chain_size);
1028 33 : if (cert_chain == NULL) {
1029 0 : free(file_data);
1030 0 : return false;
1031 : }
1032 33 : cert_chain->length = (uint32_t)cert_chain_size;
1033 :
1034 33 : res = libspdm_verify_cert_chain_data(file_data, file_size,
1035 : req_base_asym_alg, base_hash_algo,
1036 : is_requester_cert, is_device_cert_model);
1037 33 : if (!res) {
1038 0 : free(file_data);
1039 0 : free(cert_chain);
1040 0 : return res;
1041 : }
1042 :
1043 :
1044 : /* Get Root Certificate and calculate hash value*/
1045 :
1046 33 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
1047 : &root_cert_len);
1048 33 : if (!res) {
1049 0 : free(file_data);
1050 0 : free(cert_chain);
1051 0 : return res;
1052 : }
1053 :
1054 33 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
1055 33 : (uint8_t *)(cert_chain + 1));
1056 33 : if (!res) {
1057 0 : free(file_data);
1058 0 : free(cert_chain);
1059 0 : return res;
1060 : }
1061 33 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
1062 33 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
1063 : file_data, file_size);
1064 :
1065 33 : *data = cert_chain;
1066 33 : *size = cert_chain_size;
1067 33 : if (hash != NULL) {
1068 6 : *hash = (cert_chain + 1);
1069 : }
1070 33 : if (hash_size != NULL) {
1071 6 : *hash_size = digest_size;
1072 : }
1073 :
1074 33 : free(file_data);
1075 33 : return true;
1076 : }
1077 :
1078 6 : bool libspdm_read_responder_certificate(uint32_t base_asym_algo,
1079 : void **data, size_t *size)
1080 : {
1081 : bool res;
1082 : char *file;
1083 :
1084 6 : switch (base_asym_algo) {
1085 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048:
1086 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048:
1087 0 : file = "rsa2048/end_responder.cert.der";
1088 0 : break;
1089 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072:
1090 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072:
1091 0 : file = "rsa3072/end_responder.cert.der";
1092 0 : break;
1093 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096:
1094 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096:
1095 0 : file = "rsa4096/end_responder.cert.der";
1096 0 : break;
1097 6 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256:
1098 6 : file = "ecp256/end_responder.cert.der";
1099 6 : break;
1100 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384:
1101 0 : file = "ecp384/end_responder.cert.der";
1102 0 : break;
1103 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521:
1104 0 : file = "ecp521/end_responder.cert.der";
1105 0 : break;
1106 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256:
1107 0 : file = "sm2/end_responder.cert.der";
1108 0 : break;
1109 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519:
1110 0 : file = "ed25519/end_responder.cert.der";
1111 0 : break;
1112 0 : case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448:
1113 0 : file = "ed448/end_responder.cert.der";
1114 0 : break;
1115 0 : default:
1116 0 : LIBSPDM_ASSERT(false);
1117 0 : return false;
1118 : }
1119 6 : res = libspdm_read_input_file(file, data, size);
1120 6 : return res;
1121 : }
|