Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include <stdarg.h>
8 : #include <stddef.h>
9 : #include <setjmp.h>
10 : #include <stdint.h>
11 : #include <stdlib.h>
12 : #include <stdio.h>
13 : #include <assert.h>
14 : #include <string.h>
15 :
16 : #include <base.h>
17 : #include "library/memlib.h"
18 : #include "internal/libspdm_device_secret_lib.h"
19 :
20 0 : bool libspdm_read_pqc_responder_root_public_certificate(uint32_t base_hash_algo,
21 : uint32_t pqc_asym_algo,
22 : void **data, size_t *size,
23 : void **hash,
24 : size_t *hash_size)
25 : {
26 : bool res;
27 : void *file_data;
28 : size_t file_size;
29 : spdm_cert_chain_t *cert_chain;
30 : size_t cert_chain_size;
31 : char *file;
32 : size_t digest_size;
33 :
34 0 : *data = NULL;
35 0 : *size = 0;
36 0 : if (hash != NULL) {
37 0 : *hash = NULL;
38 : }
39 0 : if (hash_size != NULL) {
40 0 : *hash_size = 0;
41 : }
42 :
43 0 : if (pqc_asym_algo == 0) {
44 0 : return false;
45 : }
46 :
47 0 : switch (pqc_asym_algo) {
48 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
49 0 : file = "mldsa44/ca.cert.der";
50 0 : break;
51 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
52 0 : file = "mldsa65/ca.cert.der";
53 0 : break;
54 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
55 0 : file = "mldsa87/ca.cert.der";
56 0 : break;
57 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
58 0 : file = "slh-dsa-sha2-128s/ca.cert.der";
59 0 : break;
60 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
61 0 : file = "slh-dsa-shake-128s/ca.cert.der";
62 0 : break;
63 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
64 0 : file = "slh-dsa-sha2-128f/ca.cert.der";
65 0 : break;
66 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
67 0 : file = "slh-dsa-shake-128f/ca.cert.der";
68 0 : break;
69 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
70 0 : file = "slh-dsa-sha2-192s/ca.cert.der";
71 0 : break;
72 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
73 0 : file = "slh-dsa-shake-192s/ca.cert.der";
74 0 : break;
75 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
76 0 : file = "slh-dsa-sha2-192f/ca.cert.der";
77 0 : break;
78 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
79 0 : file = "slh-dsa-shake-192f/ca.cert.der";
80 0 : break;
81 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
82 0 : file = "slh-dsa-sha2-256s/ca.cert.der";
83 0 : break;
84 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
85 0 : file = "slh-dsa-shake-256s/ca.cert.der";
86 0 : break;
87 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
88 0 : file = "slh-dsa-sha2-256f/ca.cert.der";
89 0 : break;
90 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
91 0 : file = "slh-dsa-shake-256f/ca.cert.der";
92 0 : break;
93 0 : default:
94 0 : LIBSPDM_ASSERT(false);
95 0 : return false;
96 : }
97 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
98 0 : if (!res) {
99 0 : return res;
100 : }
101 :
102 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
103 :
104 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
105 0 : cert_chain = (void *)malloc(cert_chain_size);
106 0 : if (cert_chain == NULL) {
107 0 : free(file_data);
108 0 : return false;
109 : }
110 0 : cert_chain->length = (uint32_t)cert_chain_size;
111 :
112 0 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
113 0 : (uint8_t *)(cert_chain + 1));
114 0 : if (!res) {
115 0 : free(file_data);
116 0 : free(cert_chain);
117 0 : return res;
118 : }
119 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
120 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
121 : file_data, file_size);
122 :
123 0 : *data = cert_chain;
124 0 : *size = cert_chain_size;
125 0 : if (hash != NULL) {
126 0 : *hash = (cert_chain + 1);
127 : }
128 0 : if (hash_size != NULL) {
129 0 : *hash_size = digest_size;
130 : }
131 :
132 0 : free(file_data);
133 0 : return true;
134 : }
135 :
136 0 : bool libspdm_read_pqc_responder_root_public_certificate_slot(uint8_t slot_id,
137 : uint32_t base_hash_algo,
138 : uint32_t pqc_asym_algo,
139 : void **data, size_t *size,
140 : void **hash,
141 : size_t *hash_size)
142 : {
143 : bool res;
144 : void *file_data;
145 : size_t file_size;
146 : spdm_cert_chain_t *cert_chain;
147 : size_t cert_chain_size;
148 : char *file;
149 : size_t digest_size;
150 :
151 0 : *data = NULL;
152 0 : *size = 0;
153 0 : if (hash != NULL) {
154 0 : *hash = NULL;
155 : }
156 0 : if (hash_size != NULL) {
157 0 : *hash_size = 0;
158 : }
159 :
160 0 : if (pqc_asym_algo == 0) {
161 0 : return false;
162 : }
163 :
164 0 : if (slot_id == 0) {
165 0 : switch (pqc_asym_algo) {
166 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
167 0 : file = "mldsa44/ca.cert.der";
168 0 : break;
169 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
170 0 : file = "mldsa65/ca.cert.der";
171 0 : break;
172 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
173 0 : file = "mldsa87/ca.cert.der";
174 0 : break;
175 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
176 0 : file = "slh-dsa-sha2-128s/ca.cert.der";
177 0 : break;
178 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
179 0 : file = "slh-dsa-shake-128s/ca.cert.der";
180 0 : break;
181 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
182 0 : file = "slh-dsa-sha2-128f/ca.cert.der";
183 0 : break;
184 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
185 0 : file = "slh-dsa-shake-128f/ca.cert.der";
186 0 : break;
187 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
188 0 : file = "slh-dsa-sha2-192s/ca.cert.der";
189 0 : break;
190 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
191 0 : file = "slh-dsa-shake-192s/ca.cert.der";
192 0 : break;
193 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
194 0 : file = "slh-dsa-sha2-192f/ca.cert.der";
195 0 : break;
196 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
197 0 : file = "slh-dsa-shake-192f/ca.cert.der";
198 0 : break;
199 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
200 0 : file = "slh-dsa-sha2-256s/ca.cert.der";
201 0 : break;
202 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
203 0 : file = "slh-dsa-shake-256s/ca.cert.der";
204 0 : break;
205 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
206 0 : file = "slh-dsa-sha2-256f/ca.cert.der";
207 0 : break;
208 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
209 0 : file = "slh-dsa-shake-256f/ca.cert.der";
210 0 : break;
211 0 : default:
212 0 : LIBSPDM_ASSERT(false);
213 0 : return false;
214 : }
215 : } else {
216 0 : switch (pqc_asym_algo) {
217 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
218 0 : file = "mldsa44/ca1.cert.der";
219 0 : break;
220 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
221 0 : file = "mldsa65/ca1.cert.der";
222 0 : break;
223 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
224 0 : file = "mldsa87/ca1.cert.der";
225 0 : break;
226 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
227 0 : file = "slh-dsa-sha2-128s/ca1.cert.der";
228 0 : break;
229 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
230 0 : file = "slh-dsa-shake-128s/ca1.cert.der";
231 0 : break;
232 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
233 0 : file = "slh-dsa-sha2-128f/ca1.cert.der";
234 0 : break;
235 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
236 0 : file = "slh-dsa-shake-128f/ca1.cert.der";
237 0 : break;
238 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
239 0 : file = "slh-dsa-sha2-192s/ca1.cert.der";
240 0 : break;
241 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
242 0 : file = "slh-dsa-shake-192s/ca1.cert.der";
243 0 : break;
244 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
245 0 : file = "slh-dsa-sha2-192f/ca1.cert.der";
246 0 : break;
247 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
248 0 : file = "slh-dsa-shake-192f/ca1.cert.der";
249 0 : break;
250 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
251 0 : file = "slh-dsa-sha2-256s/ca1.cert.der";
252 0 : break;
253 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
254 0 : file = "slh-dsa-shake-256s/ca1.cert.der";
255 0 : break;
256 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
257 0 : file = "slh-dsa-sha2-256f/ca1.cert.der";
258 0 : break;
259 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
260 0 : file = "slh-dsa-shake-256f/ca1.cert.der";
261 0 : break;
262 0 : default:
263 0 : LIBSPDM_ASSERT(false);
264 0 : return false;
265 : }
266 : }
267 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
268 0 : if (!res) {
269 0 : return res;
270 : }
271 :
272 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
273 :
274 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
275 0 : cert_chain = (void *)malloc(cert_chain_size);
276 0 : if (cert_chain == NULL) {
277 0 : free(file_data);
278 0 : return false;
279 : }
280 0 : cert_chain->length = (uint32_t)cert_chain_size;
281 :
282 0 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
283 0 : (uint8_t *)(cert_chain + 1));
284 0 : if (!res) {
285 0 : free(file_data);
286 0 : free(cert_chain);
287 0 : return res;
288 : }
289 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
290 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
291 : file_data, file_size);
292 :
293 0 : *data = cert_chain;
294 0 : *size = cert_chain_size;
295 0 : if (hash != NULL) {
296 0 : *hash = (cert_chain + 1);
297 : }
298 0 : if (hash_size != NULL) {
299 0 : *hash_size = digest_size;
300 : }
301 :
302 0 : free(file_data);
303 0 : return true;
304 : }
305 :
306 0 : bool libspdm_read_pqc_requester_root_public_certificate(uint32_t base_hash_algo,
307 : uint32_t req_pqc_asym_alg,
308 : void **data, size_t *size,
309 : void **hash,
310 : size_t *hash_size)
311 : {
312 : bool res;
313 : void *file_data;
314 : size_t file_size;
315 : spdm_cert_chain_t *cert_chain;
316 : size_t cert_chain_size;
317 : char *file;
318 : size_t digest_size;
319 :
320 0 : *data = NULL;
321 0 : *size = 0;
322 0 : if (hash != NULL) {
323 0 : *hash = NULL;
324 : }
325 0 : if (hash_size != NULL) {
326 0 : *hash_size = 0;
327 : }
328 :
329 0 : if (req_pqc_asym_alg == 0) {
330 0 : return false;
331 : }
332 :
333 0 : switch (req_pqc_asym_alg) {
334 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
335 0 : file = "mldsa44/ca.cert.der";
336 0 : break;
337 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
338 0 : file = "mldsa65/ca.cert.der";
339 0 : break;
340 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
341 0 : file = "mldsa87/ca.cert.der";
342 0 : break;
343 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
344 0 : file = "slh-dsa-sha2-128s/ca.cert.der";
345 0 : break;
346 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
347 0 : file = "slh-dsa-shake-128s/ca.cert.der";
348 0 : break;
349 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
350 0 : file = "slh-dsa-sha2-128f/ca.cert.der";
351 0 : break;
352 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
353 0 : file = "slh-dsa-shake-128f/ca.cert.der";
354 0 : break;
355 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
356 0 : file = "slh-dsa-sha2-192s/ca.cert.der";
357 0 : break;
358 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
359 0 : file = "slh-dsa-shake-192s/ca.cert.der";
360 0 : break;
361 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
362 0 : file = "slh-dsa-sha2-192f/ca.cert.der";
363 0 : break;
364 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
365 0 : file = "slh-dsa-shake-192f/ca.cert.der";
366 0 : break;
367 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
368 0 : file = "slh-dsa-sha2-256s/ca.cert.der";
369 0 : break;
370 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
371 0 : file = "slh-dsa-shake-256s/ca.cert.der";
372 0 : break;
373 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
374 0 : file = "slh-dsa-sha2-256f/ca.cert.der";
375 0 : break;
376 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
377 0 : file = "slh-dsa-shake-256f/ca.cert.der";
378 0 : break;
379 0 : default:
380 0 : LIBSPDM_ASSERT(false);
381 0 : return false;
382 : }
383 :
384 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
385 :
386 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
387 0 : if (!res) {
388 0 : return res;
389 : }
390 :
391 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
392 0 : cert_chain = (void *)malloc(cert_chain_size);
393 0 : if (cert_chain == NULL) {
394 0 : free(file_data);
395 0 : return false;
396 : }
397 0 : cert_chain->length = (uint32_t)cert_chain_size;
398 0 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
399 0 : (uint8_t *)(cert_chain + 1));
400 0 : if (!res) {
401 0 : free(file_data);
402 0 : free(cert_chain);
403 0 : return res;
404 : }
405 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
406 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
407 : file_data, file_size);
408 :
409 0 : *data = cert_chain;
410 0 : *size = cert_chain_size;
411 0 : if (hash != NULL) {
412 0 : *hash = (cert_chain + 1);
413 : }
414 0 : if (hash_size != NULL) {
415 0 : *hash_size = digest_size;
416 : }
417 :
418 0 : free(file_data);
419 0 : return true;
420 : }
421 :
422 0 : bool libspdm_read_pqc_responder_public_certificate_chain(
423 : uint32_t base_hash_algo, uint32_t pqc_asym_algo, void **data,
424 : size_t *size, void **hash, size_t *hash_size)
425 : {
426 : bool res;
427 : void *file_data;
428 : size_t file_size;
429 : spdm_cert_chain_t *cert_chain;
430 : size_t cert_chain_size;
431 : char *file;
432 : const uint8_t *root_cert;
433 : size_t root_cert_len;
434 : size_t digest_size;
435 : bool is_requester_cert;
436 : uint8_t cert_model;
437 :
438 0 : is_requester_cert = false;
439 :
440 : /*default is device cert*/
441 0 : cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT;
442 :
443 0 : *data = NULL;
444 0 : *size = 0;
445 0 : if (hash != NULL) {
446 0 : *hash = NULL;
447 : }
448 0 : if (hash_size != NULL) {
449 0 : *hash_size = 0;
450 : }
451 :
452 0 : if (pqc_asym_algo == 0) {
453 0 : return false;
454 : }
455 :
456 0 : switch (pqc_asym_algo) {
457 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
458 0 : file = "mldsa44/bundle_responder.certchain.der";
459 0 : break;
460 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
461 0 : file = "mldsa65/bundle_responder.certchain.der";
462 0 : break;
463 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
464 0 : file = "mldsa87/bundle_responder.certchain.der";
465 0 : break;
466 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
467 0 : file = "slh-dsa-sha2-128s/bundle_responder.certchain.der";
468 0 : break;
469 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
470 0 : file = "slh-dsa-shake-128s/bundle_responder.certchain.der";
471 0 : break;
472 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
473 0 : file = "slh-dsa-sha2-128f/bundle_responder.certchain.der";
474 0 : break;
475 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
476 0 : file = "slh-dsa-shake-128f/bundle_responder.certchain.der";
477 0 : break;
478 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
479 0 : file = "slh-dsa-sha2-192s/bundle_responder.certchain.der";
480 0 : break;
481 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
482 0 : file = "slh-dsa-shake-192s/bundle_responder.certchain.der";
483 0 : break;
484 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
485 0 : file = "slh-dsa-sha2-192f/bundle_responder.certchain.der";
486 0 : break;
487 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
488 0 : file = "slh-dsa-shake-192f/bundle_responder.certchain.der";
489 0 : break;
490 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
491 0 : file = "slh-dsa-sha2-256s/bundle_responder.certchain.der";
492 0 : break;
493 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
494 0 : file = "slh-dsa-shake-256s/bundle_responder.certchain.der";
495 0 : break;
496 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
497 0 : file = "slh-dsa-sha2-256f/bundle_responder.certchain.der";
498 0 : break;
499 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
500 0 : file = "slh-dsa-shake-256f/bundle_responder.certchain.der";
501 0 : break;
502 0 : default:
503 0 : LIBSPDM_ASSERT(false);
504 0 : return false;
505 : }
506 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
507 0 : if (!res) {
508 0 : return res;
509 : }
510 :
511 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
512 :
513 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
514 0 : cert_chain = (void *)malloc(cert_chain_size);
515 0 : if (cert_chain == NULL) {
516 0 : free(file_data);
517 0 : return false;
518 : }
519 0 : cert_chain->length = (uint32_t)cert_chain_size;
520 :
521 0 : res = libspdm_verify_cert_chain_data(
522 : SPDM_MESSAGE_VERSION_14,
523 : file_data, file_size,
524 : 0, pqc_asym_algo, base_hash_algo,
525 : is_requester_cert, cert_model);
526 0 : if (!res) {
527 0 : free(file_data);
528 0 : free(cert_chain);
529 0 : return res;
530 : }
531 :
532 :
533 : /* Get Root Certificate and calculate hash value*/
534 :
535 0 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
536 : &root_cert_len);
537 0 : if (!res) {
538 0 : free(file_data);
539 0 : free(cert_chain);
540 0 : return res;
541 : }
542 :
543 0 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
544 0 : (uint8_t *)(cert_chain + 1));
545 0 : if (!res) {
546 0 : free(file_data);
547 0 : free(cert_chain);
548 0 : return res;
549 : }
550 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
551 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
552 : file_data, file_size);
553 :
554 0 : *data = cert_chain;
555 0 : *size = cert_chain_size;
556 0 : if (hash != NULL) {
557 0 : *hash = (cert_chain + 1);
558 : }
559 0 : if (hash_size != NULL) {
560 0 : *hash_size = digest_size;
561 : }
562 :
563 0 : free(file_data);
564 0 : return true;
565 : }
566 :
567 : /*This alias cert chain is partial, from root CA to device certificate CA.*/
568 0 : bool libspdm_read_pqc_responder_public_certificate_chain_alias_cert_till_dev_cert_ca(
569 : uint32_t base_hash_algo, uint32_t pqc_asym_algo, void **data,
570 : size_t *size, void **hash, size_t *hash_size)
571 : {
572 : bool res;
573 : void *file_data;
574 : size_t file_size;
575 : spdm_cert_chain_t *cert_chain;
576 : size_t cert_chain_size;
577 : char *file;
578 : const uint8_t *root_cert;
579 : size_t root_cert_len;
580 : const uint8_t *leaf_cert;
581 : size_t leaf_cert_len;
582 : size_t digest_size;
583 : bool is_requester_cert;
584 : uint8_t cert_model;
585 :
586 0 : is_requester_cert = false;
587 :
588 : /*default is alias cert*/
589 0 : cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT;
590 :
591 0 : *data = NULL;
592 0 : *size = 0;
593 0 : if (hash != NULL) {
594 0 : *hash = NULL;
595 : }
596 0 : if (hash_size != NULL) {
597 0 : *hash_size = 0;
598 : }
599 :
600 0 : if (pqc_asym_algo == 0) {
601 0 : return false;
602 : }
603 :
604 0 : switch (pqc_asym_algo) {
605 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
606 0 : file = "mldsa44/bundle_responder.certchain_alias_cert_partial_set.der";
607 0 : break;
608 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
609 0 : file = "mldsa65/bundle_responder.certchain_alias_cert_partial_set.der";
610 0 : break;
611 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
612 0 : file = "mldsa87/bundle_responder.certchain_alias_cert_partial_set.der";
613 0 : break;
614 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
615 0 : file = "slh-dsa-sha2-128s/bundle_responder.certchain_alias_cert_partial_set.der";
616 0 : break;
617 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
618 0 : file = "slh-dsa-shake-128s/bundle_responder.certchain_alias_cert_partial_set.der";
619 0 : break;
620 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
621 0 : file = "slh-dsa-sha2-128f/bundle_responder.certchain_alias_cert_partial_set.der";
622 0 : break;
623 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
624 0 : file = "slh-dsa-shake-128f/bundle_responder.certchain_alias_cert_partial_set.der";
625 0 : break;
626 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
627 0 : file = "slh-dsa-sha2-192s/bundle_responder.certchain_alias_cert_partial_set.der";
628 0 : break;
629 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
630 0 : file = "slh-dsa-shake-192s/bundle_responder.certchain_alias_cert_partial_set.der";
631 0 : break;
632 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
633 0 : file = "slh-dsa-sha2-192f/bundle_responder.certchain_alias_cert_partial_set.der";
634 0 : break;
635 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
636 0 : file = "slh-dsa-shake-192f/bundle_responder.certchain_alias_cert_partial_set.der";
637 0 : break;
638 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
639 0 : file = "slh-dsa-sha2-256s/bundle_responder.certchain_alias_cert_partial_set.der";
640 0 : break;
641 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
642 0 : file = "slh-dsa-shake-256s/bundle_responder.certchain_alias_cert_partial_set.der";
643 0 : break;
644 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
645 0 : file = "slh-dsa-sha2-256f/bundle_responder.certchain_alias_cert_partial_set.der";
646 0 : break;
647 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
648 0 : file = "slh-dsa-shake-256f/bundle_responder.certchain_alias_cert_partial_set.der";
649 0 : break;
650 0 : default:
651 0 : LIBSPDM_ASSERT(false);
652 0 : return false;
653 : }
654 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
655 0 : if (!res) {
656 0 : return res;
657 : }
658 :
659 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
660 :
661 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
662 0 : cert_chain = (void *)malloc(cert_chain_size);
663 0 : if (cert_chain == NULL) {
664 0 : free(file_data);
665 0 : return false;
666 : }
667 0 : cert_chain->length = (uint32_t)cert_chain_size;
668 :
669 : /* Get leaf Certificate*/
670 0 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, -1, &leaf_cert,
671 : &leaf_cert_len);
672 0 : if (!res) {
673 0 : free(file_data);
674 0 : free(cert_chain);
675 0 : return res;
676 : }
677 :
678 0 : res = libspdm_x509_set_cert_certificate_check(
679 : SPDM_MESSAGE_VERSION_14,
680 : leaf_cert, leaf_cert_len,
681 : 0, pqc_asym_algo, base_hash_algo,
682 : is_requester_cert, cert_model);
683 0 : if (!res) {
684 0 : free(file_data);
685 0 : free(cert_chain);
686 0 : return res;
687 : }
688 :
689 : /* Get Root Certificate*/
690 0 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
691 : &root_cert_len);
692 0 : if (!res) {
693 0 : free(file_data);
694 0 : free(cert_chain);
695 0 : return res;
696 : }
697 :
698 : /*verify cert_chain*/
699 0 : res = libspdm_x509_verify_cert_chain(root_cert, root_cert_len, file_data, file_size);
700 0 : if (!res) {
701 0 : free(file_data);
702 0 : free(cert_chain);
703 0 : return res;
704 : }
705 :
706 : /*calculate hash value*/
707 0 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
708 0 : (uint8_t *)(cert_chain + 1));
709 0 : if (!res) {
710 0 : free(file_data);
711 0 : free(cert_chain);
712 0 : return res;
713 : }
714 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
715 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
716 : file_data, file_size);
717 :
718 0 : *data = cert_chain;
719 0 : *size = cert_chain_size;
720 0 : if (hash != NULL) {
721 0 : *hash = (cert_chain + 1);
722 : }
723 0 : if (hash_size != NULL) {
724 0 : *hash_size = digest_size;
725 : }
726 :
727 0 : free(file_data);
728 0 : return true;
729 : }
730 :
731 : /*This alias cert chain is entire, from root CA to leaf certificate.*/
732 0 : bool libspdm_read_pqc_responder_public_certificate_chain_alias_cert(
733 : uint32_t base_hash_algo, uint32_t pqc_asym_algo, void **data,
734 : size_t *size, void **hash, size_t *hash_size)
735 : {
736 : bool res;
737 : void *file_data;
738 : size_t file_size;
739 : spdm_cert_chain_t *cert_chain;
740 : size_t cert_chain_size;
741 : char *file;
742 : const uint8_t *root_cert;
743 : size_t root_cert_len;
744 : const uint8_t *leaf_cert;
745 : size_t leaf_cert_len;
746 : size_t digest_size;
747 : bool is_requester_cert;
748 : uint8_t cert_model;
749 :
750 0 : is_requester_cert = false;
751 :
752 : /*default is alias cert*/
753 0 : cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT;
754 :
755 0 : *data = NULL;
756 0 : *size = 0;
757 0 : if (hash != NULL) {
758 0 : *hash = NULL;
759 : }
760 0 : if (hash_size != NULL) {
761 0 : *hash_size = 0;
762 : }
763 :
764 0 : if (pqc_asym_algo == 0) {
765 0 : return false;
766 : }
767 :
768 0 : switch (pqc_asym_algo) {
769 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
770 0 : file = "mldsa44/bundle_responder.certchain_alias.der";
771 0 : break;
772 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
773 0 : file = "mldsa65/bundle_responder.certchain_alias.der";
774 0 : break;
775 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
776 0 : file = "mldsa87/bundle_responder.certchain_alias.der";
777 0 : break;
778 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
779 0 : file = "slh-dsa-sha2-128s/bundle_responder.certchain_alias.der";
780 0 : break;
781 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
782 0 : file = "slh-dsa-shake-128s/bundle_responder.certchain_alias.der";
783 0 : break;
784 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
785 0 : file = "slh-dsa-sha2-128f/bundle_responder.certchain_alias.der";
786 0 : break;
787 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
788 0 : file = "slh-dsa-shake-128f/bundle_responder.certchain_alias.der";
789 0 : break;
790 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
791 0 : file = "slh-dsa-sha2-192s/bundle_responder.certchain_alias.der";
792 0 : break;
793 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
794 0 : file = "slh-dsa-shake-192s/bundle_responder.certchain_alias.der";
795 0 : break;
796 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
797 0 : file = "slh-dsa-sha2-192f/bundle_responder.certchain_alias.der";
798 0 : break;
799 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
800 0 : file = "slh-dsa-shake-192f/bundle_responder.certchain_alias.der";
801 0 : break;
802 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
803 0 : file = "slh-dsa-sha2-256s/bundle_responder.certchain_alias.der";
804 0 : break;
805 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
806 0 : file = "slh-dsa-shake-256s/bundle_responder.certchain_alias.der";
807 0 : break;
808 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
809 0 : file = "slh-dsa-sha2-256f/bundle_responder.certchain_alias.der";
810 0 : break;
811 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
812 0 : file = "slh-dsa-shake-256f/bundle_responder.certchain_alias.der";
813 0 : break;
814 0 : default:
815 0 : LIBSPDM_ASSERT(false);
816 0 : return false;
817 : }
818 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
819 0 : if (!res) {
820 0 : return res;
821 : }
822 :
823 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
824 :
825 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
826 0 : cert_chain = (void *)malloc(cert_chain_size);
827 0 : if (cert_chain == NULL) {
828 0 : free(file_data);
829 0 : return false;
830 : }
831 0 : cert_chain->length = (uint32_t)cert_chain_size;
832 :
833 : /* Get leaf Certificate*/
834 0 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, -1, &leaf_cert,
835 : &leaf_cert_len);
836 0 : if (!res) {
837 0 : free(file_data);
838 0 : free(cert_chain);
839 0 : return res;
840 : }
841 :
842 0 : res = libspdm_x509_certificate_check(
843 : SPDM_MESSAGE_VERSION_14,
844 : leaf_cert, leaf_cert_len,
845 : 0, pqc_asym_algo, base_hash_algo,
846 : is_requester_cert, cert_model);
847 0 : if (!res) {
848 0 : free(file_data);
849 0 : free(cert_chain);
850 0 : return res;
851 : }
852 :
853 : /* Get Root Certificate*/
854 0 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
855 : &root_cert_len);
856 0 : if (!res) {
857 0 : free(file_data);
858 0 : free(cert_chain);
859 0 : return res;
860 : }
861 :
862 : /*verify cert_chain*/
863 0 : res = libspdm_x509_verify_cert_chain(root_cert, root_cert_len, file_data, file_size);
864 0 : if (!res) {
865 0 : free(file_data);
866 0 : free(cert_chain);
867 0 : return res;
868 : }
869 :
870 : /*calculate hash value*/
871 0 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
872 0 : (uint8_t *)(cert_chain + 1));
873 0 : if (!res) {
874 0 : free(file_data);
875 0 : free(cert_chain);
876 0 : return res;
877 : }
878 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
879 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
880 : file_data, file_size);
881 :
882 0 : *data = cert_chain;
883 0 : *size = cert_chain_size;
884 0 : if (hash != NULL) {
885 0 : *hash = (cert_chain + 1);
886 : }
887 0 : if (hash_size != NULL) {
888 0 : *hash_size = digest_size;
889 : }
890 :
891 0 : free(file_data);
892 0 : return true;
893 : }
894 :
895 0 : bool libspdm_read_pqc_responder_public_certificate_chain_per_slot(
896 : uint8_t slot_id, uint32_t base_hash_algo, uint32_t pqc_asym_algo,
897 : void **data, size_t *size, void **hash, size_t *hash_size)
898 : {
899 : bool res;
900 : void *file_data;
901 : size_t file_size;
902 : spdm_cert_chain_t *cert_chain;
903 : size_t cert_chain_size;
904 : char *file;
905 : const uint8_t *root_cert;
906 : size_t root_cert_len;
907 : size_t digest_size;
908 : bool is_requester_cert;
909 : uint8_t cert_model;
910 :
911 0 : is_requester_cert = false;
912 :
913 : /*default is device cert*/
914 0 : cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT;
915 :
916 0 : *data = NULL;
917 0 : *size = 0;
918 0 : if (hash != NULL) {
919 0 : *hash = NULL;
920 : }
921 0 : if (hash_size != NULL) {
922 0 : *hash_size = 0;
923 : }
924 :
925 0 : if (pqc_asym_algo == 0) {
926 0 : return false;
927 : }
928 :
929 0 : if (slot_id == 0) {
930 0 : switch (pqc_asym_algo) {
931 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
932 0 : file = "mldsa44/bundle_responder.certchain.der";
933 0 : break;
934 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
935 0 : file = "mldsa65/bundle_responder.certchain.der";
936 0 : break;
937 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
938 0 : file = "mldsa87/bundle_responder.certchain.der";
939 0 : break;
940 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
941 0 : file = "slh-dsa-sha2-128s/bundle_responder.certchain.der";
942 0 : break;
943 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
944 0 : file = "slh-dsa-shake-128s/bundle_responder.certchain.der";
945 0 : break;
946 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
947 0 : file = "slh-dsa-sha2-128f/bundle_responder.certchain.der";
948 0 : break;
949 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
950 0 : file = "slh-dsa-shake-128f/bundle_responder.certchain.der";
951 0 : break;
952 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
953 0 : file = "slh-dsa-sha2-192s/bundle_responder.certchain.der";
954 0 : break;
955 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
956 0 : file = "slh-dsa-shake-192s/bundle_responder.certchain.der";
957 0 : break;
958 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
959 0 : file = "slh-dsa-sha2-192f/bundle_responder.certchain.der";
960 0 : break;
961 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
962 0 : file = "slh-dsa-shake-192f/bundle_responder.certchain.der";
963 0 : break;
964 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
965 0 : file = "slh-dsa-sha2-256s/bundle_responder.certchain.der";
966 0 : break;
967 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
968 0 : file = "slh-dsa-shake-256s/bundle_responder.certchain.der";
969 0 : break;
970 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
971 0 : file = "slh-dsa-sha2-256f/bundle_responder.certchain.der";
972 0 : break;
973 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
974 0 : file = "slh-dsa-shake-256f/bundle_responder.certchain.der";
975 0 : break;
976 0 : default:
977 0 : LIBSPDM_ASSERT(false);
978 0 : return false;
979 : }
980 0 : } else if (slot_id == 4) {
981 : /* slot 4 uses a different leaf key than slot 0 / slot 1 (multi-key example). */
982 0 : switch (pqc_asym_algo) {
983 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
984 0 : file = "mldsa44/bundle_responder.certchain4.der";
985 0 : break;
986 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
987 0 : file = "mldsa65/bundle_responder.certchain4.der";
988 0 : break;
989 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
990 0 : file = "mldsa87/bundle_responder.certchain4.der";
991 0 : break;
992 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
993 0 : file = "slh-dsa-sha2-128s/bundle_responder.certchain4.der";
994 0 : break;
995 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
996 0 : file = "slh-dsa-shake-128s/bundle_responder.certchain4.der";
997 0 : break;
998 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
999 0 : file = "slh-dsa-sha2-128f/bundle_responder.certchain4.der";
1000 0 : break;
1001 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
1002 0 : file = "slh-dsa-shake-128f/bundle_responder.certchain4.der";
1003 0 : break;
1004 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
1005 0 : file = "slh-dsa-sha2-192s/bundle_responder.certchain4.der";
1006 0 : break;
1007 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
1008 0 : file = "slh-dsa-shake-192s/bundle_responder.certchain4.der";
1009 0 : break;
1010 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
1011 0 : file = "slh-dsa-sha2-192f/bundle_responder.certchain4.der";
1012 0 : break;
1013 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
1014 0 : file = "slh-dsa-shake-192f/bundle_responder.certchain4.der";
1015 0 : break;
1016 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
1017 0 : file = "slh-dsa-sha2-256s/bundle_responder.certchain4.der";
1018 0 : break;
1019 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
1020 0 : file = "slh-dsa-shake-256s/bundle_responder.certchain4.der";
1021 0 : break;
1022 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
1023 0 : file = "slh-dsa-sha2-256f/bundle_responder.certchain4.der";
1024 0 : break;
1025 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
1026 0 : file = "slh-dsa-shake-256f/bundle_responder.certchain4.der";
1027 0 : break;
1028 0 : default:
1029 0 : LIBSPDM_ASSERT(false);
1030 0 : return false;
1031 : }
1032 : } else {
1033 0 : switch (pqc_asym_algo) {
1034 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
1035 0 : file = "mldsa44/bundle_responder.certchain1.der";
1036 0 : break;
1037 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
1038 0 : file = "mldsa65/bundle_responder.certchain1.der";
1039 0 : break;
1040 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
1041 0 : file = "mldsa87/bundle_responder.certchain1.der";
1042 0 : break;
1043 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
1044 0 : file = "slh-dsa-sha2-128s/bundle_responder.certchain1.der";
1045 0 : break;
1046 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
1047 0 : file = "slh-dsa-shake-128s/bundle_responder.certchain1.der";
1048 0 : break;
1049 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
1050 0 : file = "slh-dsa-sha2-128f/bundle_responder.certchain1.der";
1051 0 : break;
1052 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
1053 0 : file = "slh-dsa-shake-128f/bundle_responder.certchain1.der";
1054 0 : break;
1055 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
1056 0 : file = "slh-dsa-sha2-192s/bundle_responder.certchain1.der";
1057 0 : break;
1058 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
1059 0 : file = "slh-dsa-shake-192s/bundle_responder.certchain1.der";
1060 0 : break;
1061 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
1062 0 : file = "slh-dsa-sha2-192f/bundle_responder.certchain1.der";
1063 0 : break;
1064 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
1065 0 : file = "slh-dsa-shake-192f/bundle_responder.certchain1.der";
1066 0 : break;
1067 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
1068 0 : file = "slh-dsa-sha2-256s/bundle_responder.certchain1.der";
1069 0 : break;
1070 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
1071 0 : file = "slh-dsa-shake-256s/bundle_responder.certchain1.der";
1072 0 : break;
1073 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
1074 0 : file = "slh-dsa-sha2-256f/bundle_responder.certchain1.der";
1075 0 : break;
1076 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
1077 0 : file = "slh-dsa-shake-256f/bundle_responder.certchain1.der";
1078 0 : break;
1079 0 : default:
1080 0 : LIBSPDM_ASSERT(false);
1081 0 : return false;
1082 : }
1083 : }
1084 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
1085 0 : if (!res) {
1086 0 : return res;
1087 : }
1088 :
1089 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
1090 :
1091 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
1092 0 : cert_chain = (void *)malloc(cert_chain_size);
1093 0 : if (cert_chain == NULL) {
1094 0 : free(file_data);
1095 0 : return false;
1096 : }
1097 0 : cert_chain->length = (uint32_t)cert_chain_size;
1098 :
1099 0 : res = libspdm_verify_cert_chain_data(
1100 : SPDM_MESSAGE_VERSION_14,
1101 : file_data, file_size,
1102 : 0, pqc_asym_algo, base_hash_algo,
1103 : is_requester_cert, cert_model);
1104 0 : if (!res) {
1105 0 : free(file_data);
1106 0 : free(cert_chain);
1107 0 : return res;
1108 : }
1109 :
1110 :
1111 : /* Get Root Certificate and calculate hash value*/
1112 :
1113 0 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
1114 : &root_cert_len);
1115 0 : if (!res) {
1116 0 : free(file_data);
1117 0 : free(cert_chain);
1118 0 : return res;
1119 : }
1120 :
1121 0 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
1122 0 : (uint8_t *)(cert_chain + 1));
1123 0 : if (!res) {
1124 0 : free(file_data);
1125 0 : free(cert_chain);
1126 0 : return res;
1127 : }
1128 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
1129 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
1130 : file_data, file_size);
1131 :
1132 0 : *data = cert_chain;
1133 0 : *size = cert_chain_size;
1134 0 : if (hash != NULL) {
1135 0 : *hash = (cert_chain + 1);
1136 : }
1137 0 : if (hash_size != NULL) {
1138 0 : *hash_size = digest_size;
1139 : }
1140 :
1141 0 : free(file_data);
1142 0 : return true;
1143 : }
1144 :
1145 :
1146 0 : bool libspdm_read_pqc_requester_public_certificate_chain(
1147 : uint32_t base_hash_algo, uint32_t req_pqc_asym_alg, void **data,
1148 : size_t *size, void **hash, size_t *hash_size)
1149 : {
1150 : bool res;
1151 : void *file_data;
1152 : size_t file_size;
1153 : spdm_cert_chain_t *cert_chain;
1154 : size_t cert_chain_size;
1155 : char *file;
1156 : const uint8_t *root_cert;
1157 : size_t root_cert_len;
1158 : size_t digest_size;
1159 : bool is_requester_cert;
1160 : uint8_t cert_model;
1161 :
1162 0 : is_requester_cert = false;
1163 :
1164 : /*default is device cert*/
1165 0 : cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT;
1166 :
1167 0 : *data = NULL;
1168 0 : *size = 0;
1169 0 : if (hash != NULL) {
1170 0 : *hash = NULL;
1171 : }
1172 0 : if (hash_size != NULL) {
1173 0 : *hash_size = 0;
1174 : }
1175 :
1176 0 : if (req_pqc_asym_alg == 0) {
1177 0 : return false;
1178 : }
1179 :
1180 0 : switch (req_pqc_asym_alg) {
1181 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
1182 0 : file = "mldsa44/bundle_requester.certchain.der";
1183 0 : break;
1184 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
1185 0 : file = "mldsa65/bundle_requester.certchain.der";
1186 0 : break;
1187 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
1188 0 : file = "mldsa87/bundle_requester.certchain.der";
1189 0 : break;
1190 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
1191 0 : file = "slh-dsa-sha2-128s/bundle_requester.certchain.der";
1192 0 : break;
1193 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
1194 0 : file = "slh-dsa-shake-128s/bundle_requester.certchain.der";
1195 0 : break;
1196 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
1197 0 : file = "slh-dsa-sha2-128f/bundle_requester.certchain.der";
1198 0 : break;
1199 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
1200 0 : file = "slh-dsa-shake-128f/bundle_requester.certchain.der";
1201 0 : break;
1202 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
1203 0 : file = "slh-dsa-sha2-192s/bundle_requester.certchain.der";
1204 0 : break;
1205 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
1206 0 : file = "slh-dsa-shake-192s/bundle_requester.certchain.der";
1207 0 : break;
1208 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
1209 0 : file = "slh-dsa-sha2-192f/bundle_requester.certchain.der";
1210 0 : break;
1211 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
1212 0 : file = "slh-dsa-shake-192f/bundle_requester.certchain.der";
1213 0 : break;
1214 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
1215 0 : file = "slh-dsa-sha2-256s/bundle_requester.certchain.der";
1216 0 : break;
1217 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
1218 0 : file = "slh-dsa-shake-256s/bundle_requester.certchain.der";
1219 0 : break;
1220 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
1221 0 : file = "slh-dsa-sha2-256f/bundle_requester.certchain.der";
1222 0 : break;
1223 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
1224 0 : file = "slh-dsa-shake-256f/bundle_requester.certchain.der";
1225 0 : break;
1226 0 : default:
1227 0 : LIBSPDM_ASSERT(false);
1228 0 : return false;
1229 : }
1230 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
1231 0 : if (!res) {
1232 0 : return res;
1233 : }
1234 :
1235 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
1236 :
1237 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
1238 0 : cert_chain = (void *)malloc(cert_chain_size);
1239 0 : if (cert_chain == NULL) {
1240 0 : free(file_data);
1241 0 : return false;
1242 : }
1243 0 : cert_chain->length = (uint32_t)cert_chain_size;
1244 :
1245 0 : res = libspdm_verify_cert_chain_data(
1246 : SPDM_MESSAGE_VERSION_14,
1247 : file_data, file_size,
1248 : 0, req_pqc_asym_alg, base_hash_algo,
1249 : is_requester_cert, cert_model);
1250 0 : if (!res) {
1251 0 : free(file_data);
1252 0 : free(cert_chain);
1253 0 : return res;
1254 : }
1255 :
1256 :
1257 : /* Get Root Certificate and calculate hash value*/
1258 :
1259 0 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
1260 : &root_cert_len);
1261 0 : if (!res) {
1262 0 : free(file_data);
1263 0 : free(cert_chain);
1264 0 : return res;
1265 : }
1266 :
1267 0 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
1268 0 : (uint8_t *)(cert_chain + 1));
1269 0 : if (!res) {
1270 0 : free(file_data);
1271 0 : free(cert_chain);
1272 0 : return res;
1273 : }
1274 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
1275 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
1276 : file_data, file_size);
1277 :
1278 0 : *data = cert_chain;
1279 0 : *size = cert_chain_size;
1280 0 : if (hash != NULL) {
1281 0 : *hash = (cert_chain + 1);
1282 : }
1283 0 : if (hash_size != NULL) {
1284 0 : *hash_size = digest_size;
1285 : }
1286 :
1287 0 : free(file_data);
1288 0 : return true;
1289 : }
1290 :
1291 0 : bool libspdm_read_responder_pqc_certificate(uint32_t pqc_asym_algo,
1292 : void **data, size_t *size)
1293 : {
1294 : bool res;
1295 : char *file;
1296 :
1297 0 : switch (pqc_asym_algo) {
1298 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
1299 0 : file = "mldsa44/end_responder.cert.der";
1300 0 : break;
1301 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
1302 0 : file = "mldsa65/end_responder.cert.der";
1303 0 : break;
1304 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
1305 0 : file = "mldsa87/end_responder.cert.der";
1306 0 : break;
1307 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
1308 0 : file = "slh-dsa-sha2-128s/end_responder.cert.der";
1309 0 : break;
1310 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
1311 0 : file = "slh-dsa-shake-128s/end_responder.cert.der";
1312 0 : break;
1313 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
1314 0 : file = "slh-dsa-sha2-128f/end_responder.cert.der";
1315 0 : break;
1316 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
1317 0 : file = "slh-dsa-shake-128f/end_responder.cert.der";
1318 0 : break;
1319 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
1320 0 : file = "slh-dsa-sha2-192s/end_responder.cert.der";
1321 0 : break;
1322 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
1323 0 : file = "slh-dsa-shake-192s/end_responder.cert.der";
1324 0 : break;
1325 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
1326 0 : file = "slh-dsa-sha2-192f/end_responder.cert.der";
1327 0 : break;
1328 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
1329 0 : file = "slh-dsa-shake-192f/end_responder.cert.der";
1330 0 : break;
1331 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
1332 0 : file = "slh-dsa-sha2-256s/end_responder.cert.der";
1333 0 : break;
1334 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
1335 0 : file = "slh-dsa-shake-256s/end_responder.cert.der";
1336 0 : break;
1337 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
1338 0 : file = "slh-dsa-sha2-256f/end_responder.cert.der";
1339 0 : break;
1340 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
1341 0 : file = "slh-dsa-shake-256f/end_responder.cert.der";
1342 0 : break;
1343 0 : default:
1344 0 : LIBSPDM_ASSERT(false);
1345 0 : return false;
1346 : }
1347 0 : res = libspdm_read_input_file(file, data, size);
1348 0 : return res;
1349 : }
|
