Skip to content

Commit

Permalink
1.3 Add DIGEST to transcript.
Browse files Browse the repository at this point in the history
Signed-off-by: Jiewen Yao <[email protected]>
  • Loading branch information
jyao1 committed Nov 19, 2023
1 parent d0a92d8 commit 70aedf5
Show file tree
Hide file tree
Showing 8 changed files with 256 additions and 0 deletions.
49 changes: 49 additions & 0 deletions include/internal/libspdm_common_lib.h
Original file line number Diff line number Diff line change
Expand Up @@ -312,6 +312,7 @@ typedef struct {
typedef struct {
/* the message_a must be plan text because we do not know the algorithm yet.*/
libspdm_vca_managed_buffer_t message_a;
libspdm_message_d_managed_buffer_t message_d;
#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
libspdm_message_b_managed_buffer_t message_b;
libspdm_message_c_managed_buffer_t message_c;
Expand Down Expand Up @@ -383,6 +384,7 @@ typedef struct {
* F = Concatenate (PSK_FINISH request, PSK_FINISH response)*/

typedef struct {
libspdm_message_d_managed_buffer_t message_encap_d;
#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
libspdm_message_k_managed_buffer_t message_k;
libspdm_message_f_managed_buffer_t message_f;
Expand Down Expand Up @@ -1198,6 +1200,14 @@ void libspdm_append_msg_log(libspdm_context_t *spdm_context, void *message, size
**/
void libspdm_reset_message_a(libspdm_context_t *spdm_context);

/**
* Reset message D cache in SPDM context.
*
* @param spdm_context A pointer to the SPDM context.
* @param spdm_session_info A pointer to the SPDM session context.
**/
void libspdm_reset_message_d(libspdm_context_t *spdm_context);

/**
* Reset message B cache in SPDM context.
*
Expand Down Expand Up @@ -1244,6 +1254,14 @@ void libspdm_reset_message_m(libspdm_context_t *spdm_context, void *session_info
**/
void libspdm_reset_message_k(libspdm_context_t *spdm_context, void *spdm_session_info);

/**
* Reset message EncapD cache in SPDM context.
*
* @param spdm_context A pointer to the SPDM context.
* @param spdm_session_info A pointer to the SPDM session context.
**/
void libspdm_reset_message_encap_d(libspdm_context_t *spdm_context, void *spdm_session_info);

/**
* Reset message F cache in SPDM context.
*
Expand All @@ -1264,6 +1282,20 @@ void libspdm_reset_message_f(libspdm_context_t *spdm_context, void *spdm_session
**/
libspdm_return_t libspdm_append_message_a(libspdm_context_t *spdm_context, const void *message,
size_t message_size);

/**
* Append message D cache in SPDM context.
*
* @param spdm_context A pointer to the SPDM context.
* @param message Message buffer.
* @param message_size Size in bytes of message buffer.
*
* @return RETURN_SUCCESS message is appended.
* @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
**/
libspdm_return_t libspdm_append_message_d(libspdm_context_t *spdm_context, const void *message,
size_t message_size);

/**
* Append message B cache in SPDM context.
*
Expand Down Expand Up @@ -1350,6 +1382,23 @@ libspdm_return_t libspdm_append_message_k(libspdm_context_t *spdm_context,
bool is_requester, const void *message,
size_t message_size);

/**
* Append message EncapD cache in SPDM context.
*
* @param spdm_context A pointer to the SPDM context.
* @param spdm_session_info A pointer to the SPDM session context.
* @param is_requester Indicate of the key generation for a requester or a responder.
* @param message Message buffer.
* @param message_size Size in bytes of message buffer.
*
* @return RETURN_SUCCESS message is appended.
* @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
**/
libspdm_return_t libspdm_append_message_encap_d(libspdm_context_t *spdm_context,
void *spdm_session_info,
bool is_requester, const void *message,
size_t message_size);

/**
* Append message F cache in SPDM context.
*
Expand Down
101 changes: 101 additions & 0 deletions library/spdm_common_lib/libspdm_com_context_data.c
Original file line number Diff line number Diff line change
Expand Up @@ -1089,6 +1089,16 @@ void libspdm_reset_message_a(libspdm_context_t *spdm_context)
libspdm_reset_managed_buffer(&spdm_context->transcript.message_a);
}

/**
* Reset message D cache in SPDM context.
*
* @param spdm_context A pointer to the SPDM context.
**/
void libspdm_reset_message_d(libspdm_context_t *spdm_context)
{
libspdm_reset_managed_buffer(&spdm_context->transcript.message_d);
}

/**
* Reset message B cache in SPDM context.
*
Expand Down Expand Up @@ -1226,6 +1236,20 @@ void libspdm_reset_message_k(libspdm_context_t *spdm_context, void *session_info
#endif
}

/**
* Reset message EncapD cache in SPDM context.
*
* @param spdm_context A pointer to the SPDM context.
* @param spdm_session_info A pointer to the SPDM session context.
**/
void libspdm_reset_message_encap_d(libspdm_context_t *spdm_context, void *session_info)
{
libspdm_session_info_t *spdm_session_info;

spdm_session_info = session_info;
libspdm_reset_managed_buffer(&spdm_session_info->session_transcript.message_encap_d);
}

/**
* Reset message F cache in SPDM context.
*
Expand Down Expand Up @@ -1327,6 +1351,24 @@ libspdm_return_t libspdm_append_message_a(libspdm_context_t *spdm_context, const
message, message_size);
}

/**
* Append message D cache in SPDM context.
*
* @param spdm_context A pointer to the SPDM context.
* @param message Message buffer.
* @param message_size Size in bytes of message buffer.
*
* @return RETURN_SUCCESS message is appended.
* @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
**/
libspdm_return_t libspdm_append_message_d(libspdm_context_t *spdm_context, const void *message,
size_t message_size)
{
libspdm_reset_message_d (spdm_context);
return libspdm_append_managed_buffer(&spdm_context->transcript.message_d,
message, message_size);
}

/**
* Append message B cache in SPDM context.
*
Expand Down Expand Up @@ -1836,6 +1878,19 @@ libspdm_return_t libspdm_append_message_k(libspdm_context_t *spdm_context,
return LIBSPDM_STATUS_CRYPTO_ERROR;
}
if (!spdm_session_info->use_psk) {
if (spdm_context->connection_info.multi_key_conn_rsp) {
result = libspdm_hash_update (
spdm_context->connection_info.algorithm.base_hash_algo,
spdm_session_info->session_transcript.digest_context_th,
libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
if (!result) {
libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo,
spdm_session_info->session_transcript.digest_context_th);
return LIBSPDM_STATUS_CRYPTO_ERROR;
}
}

result = libspdm_hash_update (
spdm_context->connection_info.algorithm.base_hash_algo,
spdm_session_info->session_transcript.digest_context_th,
Expand All @@ -1861,6 +1916,32 @@ libspdm_return_t libspdm_append_message_k(libspdm_context_t *spdm_context,
#endif
}

/**
* Append message EncapD cache in SPDM context.
*
* @param spdm_context A pointer to the SPDM context.
* @param spdm_session_info A pointer to the SPDM session context.
* @param is_requester Indicate of the key generation for a requester or a responder.
* @param message Message buffer.
* @param message_size Size in bytes of message buffer.
*
* @return RETURN_SUCCESS message is appended.
* @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
**/
libspdm_return_t libspdm_append_message_encap_d(libspdm_context_t *spdm_context,
void *session_info,
bool is_requester, const void *message,
size_t message_size)
{
libspdm_session_info_t *spdm_session_info;

spdm_session_info = session_info;
libspdm_reset_message_encap_d(spdm_context, session_info);
return libspdm_append_managed_buffer(
&spdm_session_info->session_transcript.message_encap_d, message,
message_size);
}

/**
* Append message F cache in SPDM context.
*
Expand Down Expand Up @@ -1993,6 +2074,22 @@ libspdm_return_t libspdm_append_message_f(libspdm_context_t *spdm_context,
LIBSPDM_ASSERT (spdm_session_info->session_transcript.digest_context_th != NULL);
if (!spdm_session_info->session_transcript.message_f_initialized) {
if (!spdm_session_info->use_psk && spdm_session_info->mut_auth_requested) {
if (spdm_context->connection_info.multi_key_conn_req) {
result = libspdm_hash_update (
spdm_context->connection_info.algorithm.base_hash_algo,
spdm_session_info->session_transcript.digest_context_th,
libspdm_get_managed_buffer(&spdm_session_info->session_transcript.
message_encap_d),
libspdm_get_managed_buffer_size(&spdm_session_info->session_transcript.
message_encap_d));
if (!result) {
libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo,
spdm_session_info->session_transcript.digest_context_th);
spdm_session_info->session_transcript.digest_context_th = NULL;
return LIBSPDM_STATUS_CRYPTO_ERROR;
}
}

result = libspdm_hash_update (
spdm_context->connection_info.algorithm.base_hash_algo,
spdm_session_info->session_transcript.digest_context_th,
Expand Down Expand Up @@ -2636,6 +2733,8 @@ libspdm_return_t libspdm_init_context_with_secured_context(void *spdm_context,
context->version = LIBSPDM_CONTEXT_STRUCT_VERSION;
context->transcript.message_a.max_buffer_size =
sizeof(context->transcript.message_a.buffer);
context->transcript.message_d.max_buffer_size =
sizeof(context->transcript.message_d.buffer);
#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
context->transcript.message_b.max_buffer_size =
sizeof(context->transcript.message_b.buffer);
Expand Down Expand Up @@ -2818,13 +2917,15 @@ void libspdm_deinit_context(void *spdm_context)
#endif

libspdm_reset_message_a(context);
libspdm_reset_message_d(context);
libspdm_reset_message_b(context);
libspdm_reset_message_c(context);
libspdm_reset_message_mut_b(context);
libspdm_reset_message_mut_c(context);
for (session_id = 0; session_id < LIBSPDM_MAX_SESSION_COUNT; session_id++) {
session_info = &context->session_info[session_id];
libspdm_reset_message_m(context, session_info);
libspdm_reset_message_encap_d(context, session_info);
libspdm_reset_message_k(context, session_info);
libspdm_reset_message_f(context, session_info);
}
Expand Down
2 changes: 2 additions & 0 deletions library/spdm_common_lib/libspdm_com_context_data_session.c
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,8 @@ void libspdm_session_info_init(libspdm_context_t *spdm_context,
spdm_context->connection_info.algorithm.dhe_named_group,
spdm_context->connection_info.algorithm.aead_cipher_suite,
spdm_context->connection_info.algorithm.key_schedule);
session_info->session_transcript.message_encap_d.max_buffer_size =
sizeof(session_info->session_transcript.message_encap_d.buffer);
#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
session_info->session_transcript.message_k.max_buffer_size =
sizeof(session_info->session_transcript.message_k.buffer);
Expand Down
42 changes: 42 additions & 0 deletions library/spdm_common_lib/libspdm_com_crypto_service_session.c
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,20 @@ bool libspdm_calculate_th_for_exchange(
}

if (cert_chain_buffer != NULL) {
if (spdm_context->connection_info.multi_key_conn_rsp) {
LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_d data :\n"));
LIBSPDM_INTERNAL_DUMP_HEX(
libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
status = libspdm_append_managed_buffer(
th_curr,
libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
if (LIBSPDM_STATUS_IS_ERROR(status)) {
return false;
}
}

LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_message_ct data :\n"));
LIBSPDM_INTERNAL_DUMP_HEX(cert_chain_buffer, cert_chain_buffer_size);
result = libspdm_hash_all(
Expand Down Expand Up @@ -236,6 +250,20 @@ bool libspdm_calculate_th_for_finish(libspdm_context_t *spdm_context,
}

if (cert_chain_buffer != NULL) {
if (spdm_context->connection_info.multi_key_conn_rsp) {
LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_d data :\n"));
LIBSPDM_INTERNAL_DUMP_HEX(
libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
status = libspdm_append_managed_buffer(
th_curr,
libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
if (LIBSPDM_STATUS_IS_ERROR(status)) {
return false;
}
}

LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_message_ct data :\n"));
LIBSPDM_INTERNAL_DUMP_HEX(cert_chain_buffer, cert_chain_buffer_size);
result = libspdm_hash_all(
Expand Down Expand Up @@ -264,6 +292,20 @@ bool libspdm_calculate_th_for_finish(libspdm_context_t *spdm_context,
}

if (mut_cert_chain_buffer != NULL) {
if (spdm_context->connection_info.multi_key_conn_req) {
LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_encap_d data :\n"));
LIBSPDM_INTERNAL_DUMP_HEX(
libspdm_get_managed_buffer(&session_info->session_transcript.message_encap_d),
libspdm_get_managed_buffer_size(&session_info->session_transcript.message_encap_d));
status = libspdm_append_managed_buffer(
th_curr,
libspdm_get_managed_buffer(&session_info->session_transcript.message_encap_d),
libspdm_get_managed_buffer_size(&session_info->session_transcript.message_encap_d));
if (LIBSPDM_STATUS_IS_ERROR(status)) {
return false;
}
}

LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_message_cm data :\n"));
LIBSPDM_INTERNAL_DUMP_HEX(mut_cert_chain_buffer, mut_cert_chain_buffer_size);
result = libspdm_hash_all(
Expand Down
24 changes: 24 additions & 0 deletions library/spdm_requester_lib/libspdm_req_encap_digests.c
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ libspdm_return_t libspdm_get_encap_response_digest(void *spdm_context,
uint8_t slot_count;
/*populated solt index*/
uint8_t slot_index;
uint32_t session_id;
libspdm_session_info_t *session_info;

context = spdm_context;
spdm_request = request;
Expand Down Expand Up @@ -110,6 +112,28 @@ libspdm_return_t libspdm_get_encap_response_digest(void *spdm_context,
response_size, response);
}

if (context->last_spdm_request_session_id_valid) {
session_id = context->last_spdm_request_session_id;
} else {
session_id = context->latest_session_id;
}
if (session_id != INVALID_SESSION_ID) {
session_info = libspdm_get_session_info_via_session_id(context, session_id);
} else {
session_info = NULL;
}
if (session_info != NULL) {
if (context->connection_info.multi_key_conn_req) {
status = libspdm_append_message_encap_d(context, session_info, true,
spdm_response, *response_size);
if (LIBSPDM_STATUS_IS_ERROR(status)) {
return libspdm_generate_encap_error_response(
context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
response_size, response);
}
}
}

return LIBSPDM_STATUS_SUCCESS;
}

Expand Down
7 changes: 7 additions & 0 deletions library/spdm_requester_lib/libspdm_req_get_digests.c
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,13 @@ static libspdm_return_t libspdm_try_get_digest(libspdm_context_t *spdm_context,
if (LIBSPDM_STATUS_IS_ERROR(status)) {
goto receive_done;
}

if (spdm_context->connection_info.multi_key_conn_rsp) {
status = libspdm_append_message_d(spdm_context, spdm_response, spdm_response_size);
if (LIBSPDM_STATUS_IS_ERROR(status)) {
goto receive_done;
}
}
}

for (index = 0; index < digest_count; index++) {
Expand Down
9 changes: 9 additions & 0 deletions library/spdm_responder_lib/libspdm_rsp_digests.c
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,15 @@ libspdm_return_t libspdm_get_response_digests(libspdm_context_t *spdm_context, s
SPDM_ERROR_CODE_UNSPECIFIED, 0,
response_size, response);
}

if (spdm_context->connection_info.multi_key_conn_rsp) {
status = libspdm_append_message_d(spdm_context, spdm_response, *response_size);
if (LIBSPDM_STATUS_IS_ERROR(status)) {
return libspdm_generate_error_response(spdm_context,
SPDM_ERROR_CODE_UNSPECIFIED, 0,
response_size, response);
}
}
}

if (spdm_context->connection_info.connection_state <
Expand Down
Loading

0 comments on commit 70aedf5

Please sign in to comment.