Allow Requester to input opaque data for finish and psk_finish

Li-Aaron · Li-Aaron · commit d1e0bd611b67 · 2026-01-23T10:48:14.000+08:00
fix #3402 Signed-off-by: Aaron Li <aaron.li@intel.com>
diff --git a/include/library/spdm_requester_lib.h b/include/library/spdm_requester_lib.h
@@ -526,40 +526,46 @@ libspdm_return_t libspdm_get_supported_algorithms(void *spdm_context,
  * If encapsulated mutual authentication is requested from the responder,
  * this function also perform the encapsulated mutual authentication.
  *
- * @param  spdm_context               A pointer to the SPDM context.
- * @param  use_psk                    False means to use KEY_EXCHANGE/FINISH to start a session.
- *                                    True means to use PSK_EXCHANGE/PSK_FINISH to start a session.
- * @param  psk_hint                   The psk_hint in PSK_EXCHANGE. It is ignored if use_psk is false.
- * @param  psk_hint_size              The size in bytes of psk_hint. It is ignored if use_psk is false.
- * @param  measurement_hash_type      The type of the measurement hash.
- * @param  slot_id                    The number of slot for the certificate chain.
- * @param  session_policy             The policy for the session.
- * @param  session_id                 The session ID of the session.
- * @param  heartbeat_period           The heartbeat period for the session.
- * @param  measurement_hash           A pointer to a destination buffer to store the measurement hash.
- * @param  requester_random_in        A buffer to hold the requester random as input, if not NULL.
- * @param  requester_random_in_size   The size of requester_random_in.
- *                                    If use_psk is false, it must be 32 bytes.
- *                                    If use_psk is true, it means the PSK context and must be 32 bytes at least,
- *                                    but not exceed LIBSPDM_PSK_CONTEXT_LENGTH.
- * @param  requester_random           A buffer to hold the requester random, if not NULL.
- * @param  requester_random_size      On input, the size of requester_random buffer.
- *                                    On output, the size of data returned in requester_random buffer.
- *                                    If use_psk is false, it must be 32 bytes.
- *                                    If use_psk is true, it means the PSK context and must be 32 bytes at least.
- * @param  responder_random           A buffer to hold the responder random, if not NULL.
- * @param  responder_random_size      On input, the size of requester_random buffer.
- *                                    On output, the size of data returned in requester_random buffer.
- *                                    If use_psk is false, it must be 32 bytes.
- *                                    If use_psk is true, it means the PSK context. It could be 0 if device does not support context.
- * @param  requester_opaque_data      A buffer to hold the requester opaque data, if not NULL.
- *                                    If not NULL, this function will not generate any opaque data,
- *                                    including secured message versions.
- * @param  requester_opaque_data_size The size of the opaque data, if requester_opaque_data is not NULL.
- * @param  responder_opaque_data      A buffer to hold the responder opaque data, if not NULL.
- * @param  responder_opaque_data_size On input, the size of the opaque data buffer.
- *                                    Opaque data should be less than 1024 bytes.
- *                                    On output, the size of the opaque data.
+ * @param  spdm_context                        A pointer to the SPDM context.
+ * @param  use_psk                             False means to use KEY_EXCHANGE/FINISH to start a session.
+ *                                             True means to use PSK_EXCHANGE/PSK_FINISH to start a session.
+ * @param  psk_hint                            The psk_hint in PSK_EXCHANGE. It is ignored if use_psk is false.
+ * @param  psk_hint_size                       The size in bytes of psk_hint. It is ignored if use_psk is false.
+ * @param  measurement_hash_type               The type of the measurement hash.
+ * @param  slot_id                             The number of slot for the certificate chain.
+ * @param  session_policy                      The policy for the session.
+ * @param  session_id                          The session ID of the session.
+ * @param  heartbeat_period                    The heartbeat period for the session.
+ * @param  measurement_hash                    A pointer to a destination buffer to store the measurement hash.
+ * @param  requester_random_in                 A buffer to hold the requester random as input, if not NULL.
+ * @param  requester_random_in_size            The size of requester_random_in.
+ *                                             If use_psk is false, it must be 32 bytes.
+ *                                             If use_psk is true, it means the PSK context and must be 32 bytes at least,
+ *                                             but not exceed LIBSPDM_PSK_CONTEXT_LENGTH.
+ * @param  requester_random                    A buffer to hold the requester random, if not NULL.
+ * @param  requester_random_size               On input, the size of requester_random buffer.
+ *                                             On output, the size of data returned in requester_random buffer.
+ *                                             If use_psk is false, it must be 32 bytes.
+ *                                             If use_psk is true, it means the PSK context and must be 32 bytes at least.
+ * @param  responder_random                    A buffer to hold the responder random, if not NULL.
+ * @param  responder_random_size               On input, the size of requester_random buffer.
+ *                                             On output, the size of data returned in requester_random buffer.
+ *                                             If use_psk is false, it must be 32 bytes.
+ *                                             If use_psk is true, it means the PSK context. It could be 0 if device does not support context.
+ * @param  requester_ex_opaque_data            A buffer to hold the requester exchange opaque data, if not NULL.
+ *                                             If not NULL, this function will not generate any opaque data,
+ *                                             including secured message versions.
+ * @param  requester_ex_opaque_data_size       The size of the opaque data, if requester_ex_opaque_data is not NULL.
+ * @param  responder_ex_opaque_data            A buffer to hold the responder exchange opaque data, if not NULL.
+ * @param  responder_ex_opaque_data_size       On input, the size of the opaque data buffer.
+ *                                             Opaque data should be less than 1024 bytes.
+ *                                             On output, the size of the opaque data.
+ * @param  requester_finish_opaque_data        A buffer to hold the requester finish opaque data, if not NULL.
+ * @param  requester_finish_opaque_data_size   The size of the opaque data, if requester_finish_opaque_data is not NULL.
+ * @param  responder_finish_opaque_data        A buffer to hold the responder finish opaque data, if not NULL.
+ * @param  responder_finish_opaque_data_size   On input, the size of the opaque data buffer.
+ *                                             Opaque data should be less than 1024 bytes.
+ *                                             On output, the size of the opaque data.
  **/
 libspdm_return_t libspdm_start_session_ex(void *spdm_context, bool use_psk,
                                           const void *psk_hint,
@@ -576,10 +582,15 @@ libspdm_return_t libspdm_start_session_ex(void *spdm_context, bool use_psk,
                                           size_t *requester_random_size,
                                           void *responder_random,
                                           size_t *responder_random_size,
-                                          const void *requester_opaque_data,
-                                          size_t requester_opaque_data_size,
-                                          void *responder_opaque_data,
-                                          size_t *responder_opaque_data_size);
+                                          const void *requester_ex_opaque_data,
+                                          size_t requester_ex_opaque_data_size,
+                                          void *responder_ex_opaque_data,
+                                          size_t *responder_ex_opaque_data_size,
+                                          const void *requester_finish_opaque_data,
+                                          size_t requester_finish_opaque_data_size,
+                                          void *responder_finish_opaque_data,
+                                          size_t *responder_finish_opaque_data_size);
+
 
 /**
  * This function sends END_SESSION to stop an SPDM Session.
diff --git a/library/spdm_requester_lib/libspdm_req_communication.c b/library/spdm_requester_lib/libspdm_req_communication.c
@@ -213,10 +213,14 @@ libspdm_return_t libspdm_start_session_ex(void *spdm_context, bool use_psk,
                                           size_t *requester_random_size,
                                           void *responder_random,
                                           size_t *responder_random_size,
-                                          const void *requester_opaque_data,
-                                          size_t requester_opaque_data_size,
-                                          void *responder_opaque_data,
-                                          size_t *responder_opaque_data_size)
+                                          const void *requester_ex_opaque_data,
+                                          size_t requester_ex_opaque_data_size,
+                                          void *responder_ex_opaque_data,
+                                          size_t *responder_ex_opaque_data_size,
+                                          const void *requester_finish_opaque_data,
+                                          size_t requester_finish_opaque_data_size,
+                                          void *responder_finish_opaque_data,
+                                          size_t *responder_finish_opaque_data_size)
 {
     libspdm_return_t status;
     libspdm_context_t *context;
@@ -242,8 +246,8 @@ libspdm_return_t libspdm_start_session_ex(void *spdm_context, bool use_psk,
             session_id, heartbeat_period, &req_slot_id_param,
             measurement_hash, requester_random_in,
             requester_random, responder_random,
-            requester_opaque_data, requester_opaque_data_size,
-            responder_opaque_data, responder_opaque_data_size);
+            requester_ex_opaque_data, requester_ex_opaque_data_size,
+            responder_ex_opaque_data, responder_ex_opaque_data_size);
         if (LIBSPDM_STATUS_IS_ERROR(status)) {
             LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO,
                            "libspdm_start_session - libspdm_send_receive_key_exchange - %xu\n",
@@ -297,7 +301,10 @@ libspdm_return_t libspdm_start_session_ex(void *spdm_context, bool use_psk,
         if (req_slot_id_param == 0xF) {
             req_slot_id_param = 0xFF;
         }
-        status = libspdm_send_receive_finish(context, *session_id, req_slot_id_param);
+        status = libspdm_send_receive_finish_ex(
+            context, *session_id, req_slot_id_param,
+            requester_finish_opaque_data, requester_finish_opaque_data_size,
+            responder_finish_opaque_data, responder_finish_opaque_data_size);
         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO,
                        "libspdm_start_session - libspdm_send_receive_finish - %xu\n", status));
     #else /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/
@@ -313,8 +320,8 @@ libspdm_return_t libspdm_start_session_ex(void *spdm_context, bool use_psk,
             requester_random_in, requester_random_in_size,
             requester_random, requester_random_size,
             responder_random, responder_random_size,
-            requester_opaque_data, requester_opaque_data_size,
-            responder_opaque_data, responder_opaque_data_size);
+            requester_ex_opaque_data, requester_ex_opaque_data_size,
+            responder_ex_opaque_data, responder_ex_opaque_data_size);
         if (LIBSPDM_STATUS_IS_ERROR(status)) {
             LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO,
                            "libspdm_start_session - libspdm_send_receive_psk_exchange - %xu\n",
@@ -326,7 +333,10 @@ libspdm_return_t libspdm_start_session_ex(void *spdm_context, bool use_psk,
         if (libspdm_is_capabilities_flag_supported(
                 context, true, 0,
                 SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP_RESPONDER_WITH_CONTEXT)) {
-            status = libspdm_send_receive_psk_finish(context, *session_id);
+            status = libspdm_send_receive_psk_finish_ex(
+                context, *session_id,
+                requester_finish_opaque_data, requester_finish_opaque_data_size,
+                responder_finish_opaque_data, responder_finish_opaque_data_size);
             LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO,
                            "libspdm_start_session - libspdm_send_receive_psk_finish - %xu\n",
                            status));
