Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include <stdarg.h>
8 : #include <stddef.h>
9 : #include <setjmp.h>
10 : #include <stdint.h>
11 : #include <stdlib.h>
12 : #include <stdio.h>
13 : #include <assert.h>
14 : #include <string.h>
15 :
16 : #include <base.h>
17 : #include "library/memlib.h"
18 : #include "spdm_device_secret_lib_internal.h"
19 :
20 0 : bool libspdm_read_pqc_responder_root_public_certificate(uint32_t base_hash_algo,
21 : uint32_t pqc_asym_algo,
22 : void **data, size_t *size,
23 : void **hash,
24 : size_t *hash_size)
25 : {
26 : bool res;
27 : void *file_data;
28 : size_t file_size;
29 : spdm_cert_chain_t *cert_chain;
30 : size_t cert_chain_size;
31 : char *file;
32 : size_t digest_size;
33 :
34 0 : *data = NULL;
35 0 : *size = 0;
36 0 : if (hash != NULL) {
37 0 : *hash = NULL;
38 : }
39 0 : if (hash_size != NULL) {
40 0 : *hash_size = 0;
41 : }
42 :
43 0 : if (pqc_asym_algo == 0) {
44 0 : return false;
45 : }
46 :
47 0 : switch (pqc_asym_algo) {
48 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
49 0 : file = "mldsa44/ca.cert.der";
50 0 : break;
51 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
52 0 : file = "mldsa65/ca.cert.der";
53 0 : break;
54 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
55 0 : file = "mldsa87/ca.cert.der";
56 0 : break;
57 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
58 0 : file = "slh-dsa-sha2-128s/ca.cert.der";
59 0 : break;
60 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
61 0 : file = "slh-dsa-shake-128s/ca.cert.der";
62 0 : break;
63 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
64 0 : file = "slh-dsa-sha2-128f/ca.cert.der";
65 0 : break;
66 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
67 0 : file = "slh-dsa-shake-128f/ca.cert.der";
68 0 : break;
69 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
70 0 : file = "slh-dsa-sha2-192s/ca.cert.der";
71 0 : break;
72 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
73 0 : file = "slh-dsa-shake-192s/ca.cert.der";
74 0 : break;
75 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
76 0 : file = "slh-dsa-sha2-192f/ca.cert.der";
77 0 : break;
78 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
79 0 : file = "slh-dsa-shake-192f/ca.cert.der";
80 0 : break;
81 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
82 0 : file = "slh-dsa-sha2-256s/ca.cert.der";
83 0 : break;
84 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
85 0 : file = "slh-dsa-shake-256s/ca.cert.der";
86 0 : break;
87 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
88 0 : file = "slh-dsa-sha2-256f/ca.cert.der";
89 0 : break;
90 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
91 0 : file = "slh-dsa-shake-256f/ca.cert.der";
92 0 : break;
93 0 : default:
94 0 : LIBSPDM_ASSERT(false);
95 0 : return false;
96 : }
97 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
98 0 : if (!res) {
99 0 : return res;
100 : }
101 :
102 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
103 :
104 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
105 0 : cert_chain = (void *)malloc(cert_chain_size);
106 0 : if (cert_chain == NULL) {
107 0 : free(file_data);
108 0 : return false;
109 : }
110 0 : cert_chain->length = (uint32_t)cert_chain_size;
111 :
112 0 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
113 0 : (uint8_t *)(cert_chain + 1));
114 0 : if (!res) {
115 0 : free(file_data);
116 0 : free(cert_chain);
117 0 : return res;
118 : }
119 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
120 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
121 : file_data, file_size);
122 :
123 0 : *data = cert_chain;
124 0 : *size = cert_chain_size;
125 0 : if (hash != NULL) {
126 0 : *hash = (cert_chain + 1);
127 : }
128 0 : if (hash_size != NULL) {
129 0 : *hash_size = digest_size;
130 : }
131 :
132 0 : free(file_data);
133 0 : return true;
134 : }
135 :
136 0 : bool libspdm_read_pqc_responder_root_public_certificate_slot(uint8_t slot_id,
137 : uint32_t base_hash_algo,
138 : uint32_t pqc_asym_algo,
139 : void **data, size_t *size,
140 : void **hash,
141 : size_t *hash_size)
142 : {
143 : bool res;
144 : void *file_data;
145 : size_t file_size;
146 : spdm_cert_chain_t *cert_chain;
147 : size_t cert_chain_size;
148 : char *file;
149 : size_t digest_size;
150 :
151 0 : *data = NULL;
152 0 : *size = 0;
153 0 : if (hash != NULL) {
154 0 : *hash = NULL;
155 : }
156 0 : if (hash_size != NULL) {
157 0 : *hash_size = 0;
158 : }
159 :
160 0 : if (pqc_asym_algo == 0) {
161 0 : return false;
162 : }
163 :
164 0 : if (slot_id == 0) {
165 0 : switch (pqc_asym_algo) {
166 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
167 0 : file = "mldsa44/ca.cert.der";
168 0 : break;
169 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
170 0 : file = "mldsa65/ca.cert.der";
171 0 : break;
172 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
173 0 : file = "mldsa87/ca.cert.der";
174 0 : break;
175 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
176 0 : file = "slh-dsa-sha2-128s/ca.cert.der";
177 0 : break;
178 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
179 0 : file = "slh-dsa-shake-128s/ca.cert.der";
180 0 : break;
181 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
182 0 : file = "slh-dsa-sha2-128f/ca.cert.der";
183 0 : break;
184 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
185 0 : file = "slh-dsa-shake-128f/ca.cert.der";
186 0 : break;
187 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
188 0 : file = "slh-dsa-sha2-192s/ca.cert.der";
189 0 : break;
190 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
191 0 : file = "slh-dsa-shake-192s/ca.cert.der";
192 0 : break;
193 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
194 0 : file = "slh-dsa-sha2-192f/ca.cert.der";
195 0 : break;
196 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
197 0 : file = "slh-dsa-shake-192f/ca.cert.der";
198 0 : break;
199 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
200 0 : file = "slh-dsa-sha2-256s/ca.cert.der";
201 0 : break;
202 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
203 0 : file = "slh-dsa-shake-256s/ca.cert.der";
204 0 : break;
205 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
206 0 : file = "slh-dsa-sha2-256f/ca.cert.der";
207 0 : break;
208 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
209 0 : file = "slh-dsa-shake-256f/ca.cert.der";
210 0 : break;
211 0 : default:
212 0 : LIBSPDM_ASSERT(false);
213 0 : return false;
214 : }
215 : } else {
216 0 : switch (pqc_asym_algo) {
217 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
218 0 : file = "mldsa44/ca1.cert.der";
219 0 : break;
220 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
221 0 : file = "mldsa65/ca1.cert.der";
222 0 : break;
223 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
224 0 : file = "mldsa87/ca1.cert.der";
225 0 : break;
226 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
227 0 : file = "slh-dsa-sha2-128s/ca1.cert.der";
228 0 : break;
229 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
230 0 : file = "slh-dsa-shake-128s/ca1.cert.der";
231 0 : break;
232 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
233 0 : file = "slh-dsa-sha2-128f/ca1.cert.der";
234 0 : break;
235 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
236 0 : file = "slh-dsa-shake-128f/ca1.cert.der";
237 0 : break;
238 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
239 0 : file = "slh-dsa-sha2-192s/ca1.cert.der";
240 0 : break;
241 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
242 0 : file = "slh-dsa-shake-192s/ca1.cert.der";
243 0 : break;
244 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
245 0 : file = "slh-dsa-sha2-192f/ca1.cert.der";
246 0 : break;
247 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
248 0 : file = "slh-dsa-shake-192f/ca1.cert.der";
249 0 : break;
250 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
251 0 : file = "slh-dsa-sha2-256s/ca1.cert.der";
252 0 : break;
253 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
254 0 : file = "slh-dsa-shake-256s/ca1.cert.der";
255 0 : break;
256 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
257 0 : file = "slh-dsa-sha2-256f/ca1.cert.der";
258 0 : break;
259 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
260 0 : file = "slh-dsa-shake-256f/ca1.cert.der";
261 0 : break;
262 0 : default:
263 0 : LIBSPDM_ASSERT(false);
264 0 : return false;
265 : }
266 : }
267 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
268 0 : if (!res) {
269 0 : return res;
270 : }
271 :
272 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
273 :
274 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
275 0 : cert_chain = (void *)malloc(cert_chain_size);
276 0 : if (cert_chain == NULL) {
277 0 : free(file_data);
278 0 : return false;
279 : }
280 0 : cert_chain->length = (uint32_t)cert_chain_size;
281 :
282 0 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
283 0 : (uint8_t *)(cert_chain + 1));
284 0 : if (!res) {
285 0 : free(file_data);
286 0 : free(cert_chain);
287 0 : return res;
288 : }
289 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
290 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
291 : file_data, file_size);
292 :
293 0 : *data = cert_chain;
294 0 : *size = cert_chain_size;
295 0 : if (hash != NULL) {
296 0 : *hash = (cert_chain + 1);
297 : }
298 0 : if (hash_size != NULL) {
299 0 : *hash_size = digest_size;
300 : }
301 :
302 0 : free(file_data);
303 0 : return true;
304 : }
305 :
306 0 : bool libspdm_read_pqc_requester_root_public_certificate(uint32_t base_hash_algo,
307 : uint32_t req_pqc_asym_alg,
308 : void **data, size_t *size,
309 : void **hash,
310 : size_t *hash_size)
311 : {
312 : bool res;
313 : void *file_data;
314 : size_t file_size;
315 : spdm_cert_chain_t *cert_chain;
316 : size_t cert_chain_size;
317 : char *file;
318 : size_t digest_size;
319 :
320 0 : *data = NULL;
321 0 : *size = 0;
322 0 : if (hash != NULL) {
323 0 : *hash = NULL;
324 : }
325 0 : if (hash_size != NULL) {
326 0 : *hash_size = 0;
327 : }
328 :
329 0 : if (req_pqc_asym_alg == 0) {
330 0 : return false;
331 : }
332 :
333 0 : switch (req_pqc_asym_alg) {
334 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
335 0 : file = "mldsa44/ca.cert.der";
336 0 : break;
337 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
338 0 : file = "mldsa65/ca.cert.der";
339 0 : break;
340 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
341 0 : file = "mldsa87/ca.cert.der";
342 0 : break;
343 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
344 0 : file = "slh-dsa-sha2-128s/ca.cert.der";
345 0 : break;
346 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
347 0 : file = "slh-dsa-shake-128s/ca.cert.der";
348 0 : break;
349 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
350 0 : file = "slh-dsa-sha2-128f/ca.cert.der";
351 0 : break;
352 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
353 0 : file = "slh-dsa-shake-128f/ca.cert.der";
354 0 : break;
355 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
356 0 : file = "slh-dsa-sha2-192s/ca.cert.der";
357 0 : break;
358 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
359 0 : file = "slh-dsa-shake-192s/ca.cert.der";
360 0 : break;
361 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
362 0 : file = "slh-dsa-sha2-192f/ca.cert.der";
363 0 : break;
364 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
365 0 : file = "slh-dsa-shake-192f/ca.cert.der";
366 0 : break;
367 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
368 0 : file = "slh-dsa-sha2-256s/ca.cert.der";
369 0 : break;
370 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
371 0 : file = "slh-dsa-shake-256s/ca.cert.der";
372 0 : break;
373 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
374 0 : file = "slh-dsa-sha2-256f/ca.cert.der";
375 0 : break;
376 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
377 0 : file = "slh-dsa-shake-256f/ca.cert.der";
378 0 : break;
379 0 : default:
380 0 : LIBSPDM_ASSERT(false);
381 0 : return false;
382 : }
383 :
384 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
385 :
386 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
387 0 : if (!res) {
388 0 : return res;
389 : }
390 :
391 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
392 0 : cert_chain = (void *)malloc(cert_chain_size);
393 0 : if (cert_chain == NULL) {
394 0 : free(file_data);
395 0 : return false;
396 : }
397 0 : cert_chain->length = (uint32_t)cert_chain_size;
398 0 : res = libspdm_hash_all(base_hash_algo, file_data, file_size,
399 0 : (uint8_t *)(cert_chain + 1));
400 0 : if (!res) {
401 0 : free(file_data);
402 0 : free(cert_chain);
403 0 : return res;
404 : }
405 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
406 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
407 : file_data, file_size);
408 :
409 0 : *data = cert_chain;
410 0 : *size = cert_chain_size;
411 0 : if (hash != NULL) {
412 0 : *hash = (cert_chain + 1);
413 : }
414 0 : if (hash_size != NULL) {
415 0 : *hash_size = digest_size;
416 : }
417 :
418 0 : free(file_data);
419 0 : return true;
420 : }
421 :
422 0 : bool libspdm_read_pqc_responder_public_certificate_chain(
423 : uint32_t base_hash_algo, uint32_t pqc_asym_algo, void **data,
424 : size_t *size, void **hash, size_t *hash_size)
425 : {
426 : bool res;
427 : void *file_data;
428 : size_t file_size;
429 : spdm_cert_chain_t *cert_chain;
430 : size_t cert_chain_size;
431 : char *file;
432 : const uint8_t *root_cert;
433 : size_t root_cert_len;
434 : size_t digest_size;
435 : bool is_requester_cert;
436 : bool is_device_cert_model;
437 :
438 0 : is_requester_cert = false;
439 :
440 : /*default is true*/
441 0 : is_device_cert_model = true;
442 :
443 0 : *data = NULL;
444 0 : *size = 0;
445 0 : if (hash != NULL) {
446 0 : *hash = NULL;
447 : }
448 0 : if (hash_size != NULL) {
449 0 : *hash_size = 0;
450 : }
451 :
452 0 : if (pqc_asym_algo == 0) {
453 0 : return false;
454 : }
455 :
456 0 : switch (pqc_asym_algo) {
457 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
458 0 : file = "mldsa44/bundle_responder.certchain.der";
459 0 : break;
460 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
461 0 : file = "mldsa65/bundle_responder.certchain.der";
462 0 : break;
463 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
464 0 : file = "mldsa87/bundle_responder.certchain.der";
465 0 : break;
466 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
467 0 : file = "slh-dsa-sha2-128s/bundle_responder.certchain.der";
468 0 : break;
469 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
470 0 : file = "slh-dsa-shake-128s/bundle_responder.certchain.der";
471 0 : break;
472 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
473 0 : file = "slh-dsa-sha2-128f/bundle_responder.certchain.der";
474 0 : break;
475 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
476 0 : file = "slh-dsa-shake-128f/bundle_responder.certchain.der";
477 0 : break;
478 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
479 0 : file = "slh-dsa-sha2-192s/bundle_responder.certchain.der";
480 0 : break;
481 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
482 0 : file = "slh-dsa-shake-192s/bundle_responder.certchain.der";
483 0 : break;
484 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
485 0 : file = "slh-dsa-sha2-192f/bundle_responder.certchain.der";
486 0 : break;
487 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
488 0 : file = "slh-dsa-shake-192f/bundle_responder.certchain.der";
489 0 : break;
490 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
491 0 : file = "slh-dsa-sha2-256s/bundle_responder.certchain.der";
492 0 : break;
493 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
494 0 : file = "slh-dsa-shake-256s/bundle_responder.certchain.der";
495 0 : break;
496 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
497 0 : file = "slh-dsa-sha2-256f/bundle_responder.certchain.der";
498 0 : break;
499 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
500 0 : file = "slh-dsa-shake-256f/bundle_responder.certchain.der";
501 0 : break;
502 0 : default:
503 0 : LIBSPDM_ASSERT(false);
504 0 : return false;
505 : }
506 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
507 0 : if (!res) {
508 0 : return res;
509 : }
510 :
511 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
512 :
513 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
514 0 : cert_chain = (void *)malloc(cert_chain_size);
515 0 : if (cert_chain == NULL) {
516 0 : free(file_data);
517 0 : return false;
518 : }
519 0 : cert_chain->length = (uint32_t)cert_chain_size;
520 :
521 0 : res = libspdm_verify_cert_chain_data_with_pqc(file_data, file_size,
522 : 0, pqc_asym_algo, base_hash_algo,
523 : is_requester_cert, is_device_cert_model);
524 0 : if (!res) {
525 0 : free(file_data);
526 0 : free(cert_chain);
527 0 : return res;
528 : }
529 :
530 :
531 : /* Get Root Certificate and calculate hash value*/
532 :
533 0 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
534 : &root_cert_len);
535 0 : if (!res) {
536 0 : free(file_data);
537 0 : free(cert_chain);
538 0 : return res;
539 : }
540 :
541 0 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
542 0 : (uint8_t *)(cert_chain + 1));
543 0 : if (!res) {
544 0 : free(file_data);
545 0 : free(cert_chain);
546 0 : return res;
547 : }
548 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
549 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
550 : file_data, file_size);
551 :
552 0 : *data = cert_chain;
553 0 : *size = cert_chain_size;
554 0 : if (hash != NULL) {
555 0 : *hash = (cert_chain + 1);
556 : }
557 0 : if (hash_size != NULL) {
558 0 : *hash_size = digest_size;
559 : }
560 :
561 0 : free(file_data);
562 0 : return true;
563 : }
564 :
565 : /*This alias cert chain is partial, from root CA to device certificate CA.*/
566 0 : bool libspdm_read_pqc_responder_public_certificate_chain_alias_cert_till_dev_cert_ca(
567 : uint32_t base_hash_algo, uint32_t pqc_asym_algo, void **data,
568 : size_t *size, void **hash, size_t *hash_size)
569 : {
570 : bool res;
571 : void *file_data;
572 : size_t file_size;
573 : spdm_cert_chain_t *cert_chain;
574 : size_t cert_chain_size;
575 : char *file;
576 : const uint8_t *root_cert;
577 : size_t root_cert_len;
578 : const uint8_t *leaf_cert;
579 : size_t leaf_cert_len;
580 : size_t digest_size;
581 : bool is_requester_cert;
582 : bool is_device_cert_model;
583 :
584 0 : is_requester_cert = false;
585 :
586 : /*default is false*/
587 0 : is_device_cert_model = false;
588 :
589 0 : *data = NULL;
590 0 : *size = 0;
591 0 : if (hash != NULL) {
592 0 : *hash = NULL;
593 : }
594 0 : if (hash_size != NULL) {
595 0 : *hash_size = 0;
596 : }
597 :
598 0 : if (pqc_asym_algo == 0) {
599 0 : return false;
600 : }
601 :
602 0 : switch (pqc_asym_algo) {
603 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
604 0 : file = "mldsa44/bundle_responder.certchain_alias_cert_partial_set.der";
605 0 : break;
606 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
607 0 : file = "mldsa65/bundle_responder.certchain_alias_cert_partial_set.der";
608 0 : break;
609 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
610 0 : file = "mldsa87/bundle_responder.certchain_alias_cert_partial_set.der";
611 0 : break;
612 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
613 0 : file = "slh-dsa-sha2-128s/bundle_responder.certchain_alias_cert_partial_set.der";
614 0 : break;
615 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
616 0 : file = "slh-dsa-shake-128s/bundle_responder.certchain_alias_cert_partial_set.der";
617 0 : break;
618 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
619 0 : file = "slh-dsa-sha2-128f/bundle_responder.certchain_alias_cert_partial_set.der";
620 0 : break;
621 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
622 0 : file = "slh-dsa-shake-128f/bundle_responder.certchain_alias_cert_partial_set.der";
623 0 : break;
624 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
625 0 : file = "slh-dsa-sha2-192s/bundle_responder.certchain_alias_cert_partial_set.der";
626 0 : break;
627 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
628 0 : file = "slh-dsa-shake-192s/bundle_responder.certchain_alias_cert_partial_set.der";
629 0 : break;
630 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
631 0 : file = "slh-dsa-sha2-192f/bundle_responder.certchain_alias_cert_partial_set.der";
632 0 : break;
633 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
634 0 : file = "slh-dsa-shake-192f/bundle_responder.certchain_alias_cert_partial_set.der";
635 0 : break;
636 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
637 0 : file = "slh-dsa-sha2-256s/bundle_responder.certchain_alias_cert_partial_set.der";
638 0 : break;
639 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
640 0 : file = "slh-dsa-shake-256s/bundle_responder.certchain_alias_cert_partial_set.der";
641 0 : break;
642 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
643 0 : file = "slh-dsa-sha2-256f/bundle_responder.certchain_alias_cert_partial_set.der";
644 0 : break;
645 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
646 0 : file = "slh-dsa-shake-256f/bundle_responder.certchain_alias_cert_partial_set.der";
647 0 : break;
648 0 : default:
649 0 : LIBSPDM_ASSERT(false);
650 0 : return false;
651 : }
652 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
653 0 : if (!res) {
654 0 : return res;
655 : }
656 :
657 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
658 :
659 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
660 0 : cert_chain = (void *)malloc(cert_chain_size);
661 0 : if (cert_chain == NULL) {
662 0 : free(file_data);
663 0 : return false;
664 : }
665 0 : cert_chain->length = (uint32_t)cert_chain_size;
666 :
667 : /* Get leaf Certificate*/
668 0 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, -1, &leaf_cert,
669 : &leaf_cert_len);
670 0 : if (!res) {
671 0 : free(file_data);
672 0 : free(cert_chain);
673 0 : return res;
674 : }
675 :
676 0 : res = libspdm_x509_set_cert_certificate_check_with_pqc(leaf_cert, leaf_cert_len,
677 : 0, pqc_asym_algo, base_hash_algo,
678 : is_requester_cert, is_device_cert_model);
679 0 : if (!res) {
680 0 : free(file_data);
681 0 : free(cert_chain);
682 0 : return res;
683 : }
684 :
685 : /* Get Root Certificate*/
686 0 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
687 : &root_cert_len);
688 0 : if (!res) {
689 0 : free(file_data);
690 0 : free(cert_chain);
691 0 : return res;
692 : }
693 :
694 : /*verify cert_chain*/
695 0 : res = libspdm_x509_verify_cert_chain(root_cert, root_cert_len, file_data, file_size);
696 0 : if (!res) {
697 0 : free(file_data);
698 0 : free(cert_chain);
699 0 : return res;
700 : }
701 :
702 : /*calculate hash value*/
703 0 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
704 0 : (uint8_t *)(cert_chain + 1));
705 0 : if (!res) {
706 0 : free(file_data);
707 0 : free(cert_chain);
708 0 : return res;
709 : }
710 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
711 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
712 : file_data, file_size);
713 :
714 0 : *data = cert_chain;
715 0 : *size = cert_chain_size;
716 0 : if (hash != NULL) {
717 0 : *hash = (cert_chain + 1);
718 : }
719 0 : if (hash_size != NULL) {
720 0 : *hash_size = digest_size;
721 : }
722 :
723 0 : free(file_data);
724 0 : return true;
725 : }
726 :
727 : /*This alias cert chain is entire, from root CA to leaf certificate.*/
728 0 : bool libspdm_read_pqc_responder_public_certificate_chain_alias_cert(
729 : uint32_t base_hash_algo, uint32_t pqc_asym_algo, void **data,
730 : size_t *size, void **hash, size_t *hash_size)
731 : {
732 : bool res;
733 : void *file_data;
734 : size_t file_size;
735 : spdm_cert_chain_t *cert_chain;
736 : size_t cert_chain_size;
737 : char *file;
738 : const uint8_t *root_cert;
739 : size_t root_cert_len;
740 : const uint8_t *leaf_cert;
741 : size_t leaf_cert_len;
742 : size_t digest_size;
743 : bool is_requester_cert;
744 : bool is_device_cert_model;
745 :
746 0 : is_requester_cert = false;
747 :
748 : /*default is false*/
749 0 : is_device_cert_model = false;
750 :
751 0 : *data = NULL;
752 0 : *size = 0;
753 0 : if (hash != NULL) {
754 0 : *hash = NULL;
755 : }
756 0 : if (hash_size != NULL) {
757 0 : *hash_size = 0;
758 : }
759 :
760 0 : if (pqc_asym_algo == 0) {
761 0 : return false;
762 : }
763 :
764 0 : switch (pqc_asym_algo) {
765 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
766 0 : file = "mldsa44/bundle_responder.certchain_alias.der";
767 0 : break;
768 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
769 0 : file = "mldsa65/bundle_responder.certchain_alias.der";
770 0 : break;
771 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
772 0 : file = "mldsa87/bundle_responder.certchain_alias.der";
773 0 : break;
774 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
775 0 : file = "slh-dsa-sha2-128s/bundle_responder.certchain_alias.der";
776 0 : break;
777 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
778 0 : file = "slh-dsa-shake-128s/bundle_responder.certchain_alias.der";
779 0 : break;
780 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
781 0 : file = "slh-dsa-sha2-128f/bundle_responder.certchain_alias.der";
782 0 : break;
783 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
784 0 : file = "slh-dsa-shake-128f/bundle_responder.certchain_alias.der";
785 0 : break;
786 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
787 0 : file = "slh-dsa-sha2-192s/bundle_responder.certchain_alias.der";
788 0 : break;
789 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
790 0 : file = "slh-dsa-shake-192s/bundle_responder.certchain_alias.der";
791 0 : break;
792 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
793 0 : file = "slh-dsa-sha2-192f/bundle_responder.certchain_alias.der";
794 0 : break;
795 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
796 0 : file = "slh-dsa-shake-192f/bundle_responder.certchain_alias.der";
797 0 : break;
798 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
799 0 : file = "slh-dsa-sha2-256s/bundle_responder.certchain_alias.der";
800 0 : break;
801 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
802 0 : file = "slh-dsa-shake-256s/bundle_responder.certchain_alias.der";
803 0 : break;
804 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
805 0 : file = "slh-dsa-sha2-256f/bundle_responder.certchain_alias.der";
806 0 : break;
807 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
808 0 : file = "slh-dsa-shake-256f/bundle_responder.certchain_alias.der";
809 0 : break;
810 0 : default:
811 0 : LIBSPDM_ASSERT(false);
812 0 : return false;
813 : }
814 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
815 0 : if (!res) {
816 0 : return res;
817 : }
818 :
819 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
820 :
821 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
822 0 : cert_chain = (void *)malloc(cert_chain_size);
823 0 : if (cert_chain == NULL) {
824 0 : free(file_data);
825 0 : return false;
826 : }
827 0 : cert_chain->length = (uint32_t)cert_chain_size;
828 :
829 : /* Get leaf Certificate*/
830 0 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, -1, &leaf_cert,
831 : &leaf_cert_len);
832 0 : if (!res) {
833 0 : free(file_data);
834 0 : free(cert_chain);
835 0 : return res;
836 : }
837 :
838 0 : res = libspdm_x509_certificate_check_with_pqc(leaf_cert, leaf_cert_len,
839 : 0, pqc_asym_algo, base_hash_algo,
840 : is_requester_cert, is_device_cert_model);
841 0 : if (!res) {
842 0 : free(file_data);
843 0 : free(cert_chain);
844 0 : return res;
845 : }
846 :
847 : /* Get Root Certificate*/
848 0 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
849 : &root_cert_len);
850 0 : if (!res) {
851 0 : free(file_data);
852 0 : free(cert_chain);
853 0 : return res;
854 : }
855 :
856 : /*verify cert_chain*/
857 0 : res = libspdm_x509_verify_cert_chain(root_cert, root_cert_len, file_data, file_size);
858 0 : if (!res) {
859 0 : free(file_data);
860 0 : free(cert_chain);
861 0 : return res;
862 : }
863 :
864 : /*calculate hash value*/
865 0 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
866 0 : (uint8_t *)(cert_chain + 1));
867 0 : if (!res) {
868 0 : free(file_data);
869 0 : free(cert_chain);
870 0 : return res;
871 : }
872 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
873 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
874 : file_data, file_size);
875 :
876 0 : *data = cert_chain;
877 0 : *size = cert_chain_size;
878 0 : if (hash != NULL) {
879 0 : *hash = (cert_chain + 1);
880 : }
881 0 : if (hash_size != NULL) {
882 0 : *hash_size = digest_size;
883 : }
884 :
885 0 : free(file_data);
886 0 : return true;
887 : }
888 :
889 0 : bool libspdm_read_pqc_responder_public_certificate_chain_per_slot(
890 : uint8_t slot_id, uint32_t base_hash_algo, uint32_t pqc_asym_algo,
891 : void **data, size_t *size, void **hash, size_t *hash_size)
892 : {
893 : bool res;
894 : void *file_data;
895 : size_t file_size;
896 : spdm_cert_chain_t *cert_chain;
897 : size_t cert_chain_size;
898 : char *file;
899 : const uint8_t *root_cert;
900 : size_t root_cert_len;
901 : size_t digest_size;
902 : bool is_requester_cert;
903 : bool is_device_cert_model;
904 :
905 0 : is_requester_cert = false;
906 :
907 : /*default is true*/
908 0 : is_device_cert_model = true;
909 :
910 0 : *data = NULL;
911 0 : *size = 0;
912 0 : if (hash != NULL) {
913 0 : *hash = NULL;
914 : }
915 0 : if (hash_size != NULL) {
916 0 : *hash_size = 0;
917 : }
918 :
919 0 : if (pqc_asym_algo == 0) {
920 0 : return false;
921 : }
922 :
923 0 : if (slot_id == 0) {
924 0 : switch (pqc_asym_algo) {
925 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
926 0 : file = "mldsa44/bundle_responder.certchain.der";
927 0 : break;
928 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
929 0 : file = "mldsa65/bundle_responder.certchain.der";
930 0 : break;
931 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
932 0 : file = "mldsa87/bundle_responder.certchain.der";
933 0 : break;
934 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
935 0 : file = "slh-dsa-sha2-128s/bundle_responder.certchain.der";
936 0 : break;
937 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
938 0 : file = "slh-dsa-shake-128s/bundle_responder.certchain.der";
939 0 : break;
940 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
941 0 : file = "slh-dsa-sha2-128f/bundle_responder.certchain.der";
942 0 : break;
943 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
944 0 : file = "slh-dsa-shake-128f/bundle_responder.certchain.der";
945 0 : break;
946 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
947 0 : file = "slh-dsa-sha2-192s/bundle_responder.certchain.der";
948 0 : break;
949 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
950 0 : file = "slh-dsa-shake-192s/bundle_responder.certchain.der";
951 0 : break;
952 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
953 0 : file = "slh-dsa-sha2-192f/bundle_responder.certchain.der";
954 0 : break;
955 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
956 0 : file = "slh-dsa-shake-192f/bundle_responder.certchain.der";
957 0 : break;
958 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
959 0 : file = "slh-dsa-sha2-256s/bundle_responder.certchain.der";
960 0 : break;
961 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
962 0 : file = "slh-dsa-shake-256s/bundle_responder.certchain.der";
963 0 : break;
964 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
965 0 : file = "slh-dsa-sha2-256f/bundle_responder.certchain.der";
966 0 : break;
967 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
968 0 : file = "slh-dsa-shake-256f/bundle_responder.certchain.der";
969 0 : break;
970 0 : default:
971 0 : LIBSPDM_ASSERT(false);
972 0 : return false;
973 : }
974 : } else {
975 0 : switch (pqc_asym_algo) {
976 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
977 0 : file = "mldsa44/bundle_responder.certchain1.der";
978 0 : break;
979 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
980 0 : file = "mldsa65/bundle_responder.certchain1.der";
981 0 : break;
982 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
983 0 : file = "mldsa87/bundle_responder.certchain1.der";
984 0 : break;
985 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
986 0 : file = "slh-dsa-sha2-128s/bundle_responder.certchain1.der";
987 0 : break;
988 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
989 0 : file = "slh-dsa-shake-128s/bundle_responder.certchain1.der";
990 0 : break;
991 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
992 0 : file = "slh-dsa-sha2-128f/bundle_responder.certchain1.der";
993 0 : break;
994 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
995 0 : file = "slh-dsa-shake-128f/bundle_responder.certchain1.der";
996 0 : break;
997 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
998 0 : file = "slh-dsa-sha2-192s/bundle_responder.certchain1.der";
999 0 : break;
1000 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
1001 0 : file = "slh-dsa-shake-192s/bundle_responder.certchain1.der";
1002 0 : break;
1003 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
1004 0 : file = "slh-dsa-sha2-192f/bundle_responder.certchain1.der";
1005 0 : break;
1006 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
1007 0 : file = "slh-dsa-shake-192f/bundle_responder.certchain1.der";
1008 0 : break;
1009 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
1010 0 : file = "slh-dsa-sha2-256s/bundle_responder.certchain1.der";
1011 0 : break;
1012 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
1013 0 : file = "slh-dsa-shake-256s/bundle_responder.certchain1.der";
1014 0 : break;
1015 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
1016 0 : file = "slh-dsa-sha2-256f/bundle_responder.certchain1.der";
1017 0 : break;
1018 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
1019 0 : file = "slh-dsa-shake-256f/bundle_responder.certchain1.der";
1020 0 : break;
1021 0 : default:
1022 0 : LIBSPDM_ASSERT(false);
1023 0 : return false;
1024 : }
1025 : }
1026 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
1027 0 : if (!res) {
1028 0 : return res;
1029 : }
1030 :
1031 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
1032 :
1033 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
1034 0 : cert_chain = (void *)malloc(cert_chain_size);
1035 0 : if (cert_chain == NULL) {
1036 0 : free(file_data);
1037 0 : return false;
1038 : }
1039 0 : cert_chain->length = (uint32_t)cert_chain_size;
1040 :
1041 0 : res = libspdm_verify_cert_chain_data_with_pqc(file_data, file_size,
1042 : 0, pqc_asym_algo, base_hash_algo,
1043 : is_requester_cert, is_device_cert_model);
1044 0 : if (!res) {
1045 0 : free(file_data);
1046 0 : free(cert_chain);
1047 0 : return res;
1048 : }
1049 :
1050 :
1051 : /* Get Root Certificate and calculate hash value*/
1052 :
1053 0 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
1054 : &root_cert_len);
1055 0 : if (!res) {
1056 0 : free(file_data);
1057 0 : free(cert_chain);
1058 0 : return res;
1059 : }
1060 :
1061 0 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
1062 0 : (uint8_t *)(cert_chain + 1));
1063 0 : if (!res) {
1064 0 : free(file_data);
1065 0 : free(cert_chain);
1066 0 : return res;
1067 : }
1068 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
1069 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
1070 : file_data, file_size);
1071 :
1072 0 : *data = cert_chain;
1073 0 : *size = cert_chain_size;
1074 0 : if (hash != NULL) {
1075 0 : *hash = (cert_chain + 1);
1076 : }
1077 0 : if (hash_size != NULL) {
1078 0 : *hash_size = digest_size;
1079 : }
1080 :
1081 0 : free(file_data);
1082 0 : return true;
1083 : }
1084 :
1085 :
1086 0 : bool libspdm_read_pqc_requester_public_certificate_chain(
1087 : uint32_t base_hash_algo, uint32_t req_pqc_asym_alg, void **data,
1088 : size_t *size, void **hash, size_t *hash_size)
1089 : {
1090 : bool res;
1091 : void *file_data;
1092 : size_t file_size;
1093 : spdm_cert_chain_t *cert_chain;
1094 : size_t cert_chain_size;
1095 : char *file;
1096 : const uint8_t *root_cert;
1097 : size_t root_cert_len;
1098 : size_t digest_size;
1099 : bool is_requester_cert;
1100 : bool is_device_cert_model;
1101 :
1102 0 : is_requester_cert = false;
1103 :
1104 : /*default is true*/
1105 0 : is_device_cert_model = true;
1106 :
1107 0 : *data = NULL;
1108 0 : *size = 0;
1109 0 : if (hash != NULL) {
1110 0 : *hash = NULL;
1111 : }
1112 0 : if (hash_size != NULL) {
1113 0 : *hash_size = 0;
1114 : }
1115 :
1116 0 : if (req_pqc_asym_alg == 0) {
1117 0 : return false;
1118 : }
1119 :
1120 0 : switch (req_pqc_asym_alg) {
1121 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
1122 0 : file = "mldsa44/bundle_requester.certchain.der";
1123 0 : break;
1124 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
1125 0 : file = "mldsa65/bundle_requester.certchain.der";
1126 0 : break;
1127 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
1128 0 : file = "mldsa87/bundle_requester.certchain.der";
1129 0 : break;
1130 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
1131 0 : file = "slh-dsa-sha2-128s/bundle_requester.certchain.der";
1132 0 : break;
1133 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
1134 0 : file = "slh-dsa-shake-128s/bundle_requester.certchain.der";
1135 0 : break;
1136 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
1137 0 : file = "slh-dsa-sha2-128f/bundle_requester.certchain.der";
1138 0 : break;
1139 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
1140 0 : file = "slh-dsa-shake-128f/bundle_requester.certchain.der";
1141 0 : break;
1142 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
1143 0 : file = "slh-dsa-sha2-192s/bundle_requester.certchain.der";
1144 0 : break;
1145 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
1146 0 : file = "slh-dsa-shake-192s/bundle_requester.certchain.der";
1147 0 : break;
1148 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
1149 0 : file = "slh-dsa-sha2-192f/bundle_requester.certchain.der";
1150 0 : break;
1151 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
1152 0 : file = "slh-dsa-shake-192f/bundle_requester.certchain.der";
1153 0 : break;
1154 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
1155 0 : file = "slh-dsa-sha2-256s/bundle_requester.certchain.der";
1156 0 : break;
1157 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
1158 0 : file = "slh-dsa-shake-256s/bundle_requester.certchain.der";
1159 0 : break;
1160 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
1161 0 : file = "slh-dsa-sha2-256f/bundle_requester.certchain.der";
1162 0 : break;
1163 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
1164 0 : file = "slh-dsa-shake-256f/bundle_requester.certchain.der";
1165 0 : break;
1166 0 : default:
1167 0 : LIBSPDM_ASSERT(false);
1168 0 : return false;
1169 : }
1170 0 : res = libspdm_read_input_file(file, &file_data, &file_size);
1171 0 : if (!res) {
1172 0 : return res;
1173 : }
1174 :
1175 0 : digest_size = libspdm_get_hash_size(base_hash_algo);
1176 :
1177 0 : cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size;
1178 0 : cert_chain = (void *)malloc(cert_chain_size);
1179 0 : if (cert_chain == NULL) {
1180 0 : free(file_data);
1181 0 : return false;
1182 : }
1183 0 : cert_chain->length = (uint32_t)cert_chain_size;
1184 :
1185 0 : res = libspdm_verify_cert_chain_data_with_pqc(file_data, file_size,
1186 : 0, req_pqc_asym_alg, base_hash_algo,
1187 : is_requester_cert, is_device_cert_model);
1188 0 : if (!res) {
1189 0 : free(file_data);
1190 0 : free(cert_chain);
1191 0 : return res;
1192 : }
1193 :
1194 :
1195 : /* Get Root Certificate and calculate hash value*/
1196 :
1197 0 : res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert,
1198 : &root_cert_len);
1199 0 : if (!res) {
1200 0 : free(file_data);
1201 0 : free(cert_chain);
1202 0 : return res;
1203 : }
1204 :
1205 0 : res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len,
1206 0 : (uint8_t *)(cert_chain + 1));
1207 0 : if (!res) {
1208 0 : free(file_data);
1209 0 : free(cert_chain);
1210 0 : return res;
1211 : }
1212 0 : libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size,
1213 0 : cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size),
1214 : file_data, file_size);
1215 :
1216 0 : *data = cert_chain;
1217 0 : *size = cert_chain_size;
1218 0 : if (hash != NULL) {
1219 0 : *hash = (cert_chain + 1);
1220 : }
1221 0 : if (hash_size != NULL) {
1222 0 : *hash_size = digest_size;
1223 : }
1224 :
1225 0 : free(file_data);
1226 0 : return true;
1227 : }
1228 :
1229 0 : bool libspdm_read_responder_pqc_certificate(uint32_t pqc_asym_algo,
1230 : void **data, size_t *size)
1231 : {
1232 : bool res;
1233 : char *file;
1234 :
1235 0 : switch (pqc_asym_algo) {
1236 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_44:
1237 0 : file = "mldsa44/end_responder.cert.der";
1238 0 : break;
1239 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_65:
1240 0 : file = "mldsa65/end_responder.cert.der";
1241 0 : break;
1242 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_ML_DSA_87:
1243 0 : file = "mldsa87/end_responder.cert.der";
1244 0 : break;
1245 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128S:
1246 0 : file = "slh-dsa-sha2-128s/end_responder.cert.der";
1247 0 : break;
1248 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128S:
1249 0 : file = "slh-dsa-shake-128s/end_responder.cert.der";
1250 0 : break;
1251 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_128F:
1252 0 : file = "slh-dsa-sha2-128f/end_responder.cert.der";
1253 0 : break;
1254 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_128F:
1255 0 : file = "slh-dsa-shake-128f/end_responder.cert.der";
1256 0 : break;
1257 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192S:
1258 0 : file = "slh-dsa-sha2-192s/end_responder.cert.der";
1259 0 : break;
1260 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192S:
1261 0 : file = "slh-dsa-shake-192s/end_responder.cert.der";
1262 0 : break;
1263 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_192F:
1264 0 : file = "slh-dsa-sha2-192f/end_responder.cert.der";
1265 0 : break;
1266 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_192F:
1267 0 : file = "slh-dsa-shake-192f/end_responder.cert.der";
1268 0 : break;
1269 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256S:
1270 0 : file = "slh-dsa-sha2-256s/end_responder.cert.der";
1271 0 : break;
1272 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256S:
1273 0 : file = "slh-dsa-shake-256s/end_responder.cert.der";
1274 0 : break;
1275 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHA2_256F:
1276 0 : file = "slh-dsa-sha2-256f/end_responder.cert.der";
1277 0 : break;
1278 0 : case SPDM_ALGORITHMS_PQC_ASYM_ALGO_SLH_DSA_SHAKE_256F:
1279 0 : file = "slh-dsa-shake-256f/end_responder.cert.der";
1280 0 : break;
1281 0 : default:
1282 0 : LIBSPDM_ASSERT(false);
1283 0 : return false;
1284 : }
1285 0 : res = libspdm_read_input_file(file, data, size);
1286 0 : return res;
1287 : }
|
