diff --git a/include/library/spdm_requester_lib.h b/include/library/spdm_requester_lib.h index 5790da7fdf7..02e02b8c9da 100644 --- a/include/library/spdm_requester_lib.h +++ b/include/library/spdm_requester_lib.h @@ -521,14 +521,14 @@ libspdm_return_t libspdm_get_supported_algorithms(void *spdm_context, uint8_t *spdm_version); /** - * This function sends KEY_EXCHANGE/FINISH or PSK_EXCHANGE/PSK_FINISH to start an SPDM Session. + * This function sends KEY_EXCHANGE or PSK_EXCHANGE to start an SPDM Session. * * If encapsulated mutual authentication is requested from the responder, * this function also perform the encapsulated mutual authentication. * * @param spdm_context A pointer to the SPDM context. - * @param use_psk False means to use KEY_EXCHANGE/FINISH to start a session. - * True means to use PSK_EXCHANGE/PSK_FINISH to start a session. + * @param use_psk False means to use KEY_EXCHANGE to start a session. + * True means to use PSK_EXCHANGE to start a session. * @param psk_hint The psk_hint in PSK_EXCHANGE. It is ignored if use_psk is false. * @param psk_hint_size The size in bytes of psk_hint. It is ignored if use_psk is false. * @param measurement_hash_type The type of the measurement hash. @@ -561,25 +561,50 @@ libspdm_return_t libspdm_get_supported_algorithms(void *spdm_context, * Opaque data should be less than 1024 bytes. * On output, the size of the opaque data. **/ -libspdm_return_t libspdm_start_session_ex(void *spdm_context, bool use_psk, - const void *psk_hint, - uint16_t psk_hint_size, - uint8_t measurement_hash_type, - uint8_t slot_id, - uint8_t session_policy, - uint32_t *session_id, - uint8_t *heartbeat_period, - void *measurement_hash, - const void *requester_random_in, - size_t requester_random_in_size, - void *requester_random, - size_t *requester_random_size, - void *responder_random, - size_t *responder_random_size, - const void *requester_opaque_data, - size_t requester_opaque_data_size, - void *responder_opaque_data, - size_t *responder_opaque_data_size); +libspdm_return_t libspdm_start_session_exchange(void *spdm_context, bool use_psk, + const void *psk_hint, + uint16_t psk_hint_size, + uint8_t measurement_hash_type, + uint8_t slot_id, + uint8_t session_policy, + uint32_t *session_id, + uint8_t *heartbeat_period, + void *measurement_hash, + const void *requester_random_in, + size_t requester_random_in_size, + void *requester_random, + size_t *requester_random_size, + void *responder_random, + size_t *responder_random_size, + const void *requester_opaque_data, + size_t requester_opaque_data_size, + void *responder_opaque_data, + size_t *responder_opaque_data_size); + +/** + * This function sends FINISH or PSK_FINISH to start an SPDM Session. + * + * @param spdm_context A pointer to the SPDM context. + * @param session_id The session ID of the session. + * @param requester_opaque_data A buffer to hold the requester opaque data, if not NULL. + * If not NULL, this function will not generate any opaque data, + * including secured message versions. + * This parameter is only used for SPDM 1.4 and later + * @param requester_opaque_data_size The size of the opaque data, if requester_opaque_data is not NULL. + * This parameter is only used for SPDM 1.4 and later + * @param responder_opaque_data A buffer to hold the responder opaque data, if not NULL. + * This parameter is only used for SPDM 1.4 and later + * @param responder_opaque_data_size On input, the size of the opaque data buffer. + * Opaque data should be less than 1024 bytes. + * On output, the size of the opaque data. + * This parameter is only used for SPDM 1.4 and later + */ +libspdm_return_t libspdm_start_session_finish(void *spdm_context, + uint32_t session_id, + const void *requester_opaque_data, + size_t requester_opaque_data_size, + void *responder_opaque_data, + size_t *responder_opaque_data_size); /** * This function sends END_SESSION to stop an SPDM Session. diff --git a/library/spdm_requester_lib/libspdm_req_communication.c b/library/spdm_requester_lib/libspdm_req_communication.c index 4fcaed7d9b2..2023f839b3e 100644 --- a/library/spdm_requester_lib/libspdm_req_communication.c +++ b/library/spdm_requester_lib/libspdm_req_communication.c @@ -198,25 +198,25 @@ libspdm_return_t libspdm_start_session(void *spdm_context, bool use_psk, return status; } -libspdm_return_t libspdm_start_session_ex(void *spdm_context, bool use_psk, - const void *psk_hint, - uint16_t psk_hint_size, - uint8_t measurement_hash_type, - uint8_t slot_id, - uint8_t session_policy, - uint32_t *session_id, - uint8_t *heartbeat_period, - void *measurement_hash, - const void *requester_random_in, - size_t requester_random_in_size, - void *requester_random, - size_t *requester_random_size, - void *responder_random, - size_t *responder_random_size, - const void *requester_opaque_data, - size_t requester_opaque_data_size, - void *responder_opaque_data, - size_t *responder_opaque_data_size) +libspdm_return_t libspdm_start_session_exchange(void *spdm_context, bool use_psk, + const void *psk_hint, + uint16_t psk_hint_size, + uint8_t measurement_hash_type, + uint8_t slot_id, + uint8_t session_policy, + uint32_t *session_id, + uint8_t *heartbeat_period, + void *measurement_hash, + const void *requester_random_in, + size_t requester_random_in_size, + void *requester_random, + size_t *requester_random_size, + void *responder_random, + size_t *responder_random_size, + const void *requester_opaque_data, + size_t requester_opaque_data_size, + void *responder_opaque_data, + size_t *responder_opaque_data_size) { libspdm_return_t status; libspdm_context_t *context; @@ -293,13 +293,6 @@ libspdm_return_t libspdm_start_session_ex(void *spdm_context, bool use_psk, session_info->mut_auth_requested)); return LIBSPDM_STATUS_INVALID_MSG_FIELD; } - - if (req_slot_id_param == 0xF) { - req_slot_id_param = 0xFF; - } - status = libspdm_send_receive_finish(context, *session_id, req_slot_id_param); - LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, - "libspdm_start_session - libspdm_send_receive_finish - %xu\n", status)); #else /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/ LIBSPDM_ASSERT(false); return LIBSPDM_STATUS_UNSUPPORTED_CAP; @@ -321,12 +314,65 @@ libspdm_return_t libspdm_start_session_ex(void *spdm_context, bool use_psk, status)); return status; } + #else /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP*/ + LIBSPDM_ASSERT(false); + return LIBSPDM_STATUS_UNSUPPORTED_CAP; + #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP*/ + } + + return status; +} + +libspdm_return_t libspdm_start_session_finish(void *spdm_context, + uint32_t session_id, + const void *requester_opaque_data, + size_t requester_opaque_data_size, + void *responder_opaque_data, + size_t *responder_opaque_data_size) +{ + libspdm_return_t status; + libspdm_context_t *context; + libspdm_session_info_t *session_info; + + #if LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP + uint8_t req_slot_id_param; + #endif /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP */ + + context = spdm_context; + status = LIBSPDM_STATUS_UNSUPPORTED_CAP; + + session_info = libspdm_get_session_info_via_session_id(context, session_id); + if (session_info == NULL) { + LIBSPDM_ASSERT(false); + return LIBSPDM_STATUS_INVALID_STATE_LOCAL; + } + if (!session_info->use_psk) { + #if LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP + req_slot_id_param = session_info->local_used_cert_chain_slot_id; + if (req_slot_id_param == 0xF) { + req_slot_id_param = 0xFF; + } + status = libspdm_send_receive_finish_ex( + context, session_id, req_slot_id_param, + requester_opaque_data, requester_opaque_data_size, + responder_opaque_data, responder_opaque_data_size); + LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, + "libspdm_start_session - libspdm_send_receive_finish - %xu\n", status)); + #else /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/ + LIBSPDM_ASSERT(false); + return LIBSPDM_STATUS_UNSUPPORTED_CAP; + #endif /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/ + } else { + #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP /* send PSK_FINISH only if Responder supports context.*/ if (libspdm_is_capabilities_flag_supported( context, true, 0, SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP_RESPONDER_WITH_CONTEXT)) { - status = libspdm_send_receive_psk_finish(context, *session_id); + status = libspdm_send_receive_psk_finish_ex( + context, session_id, + requester_opaque_data, requester_opaque_data_size, + responder_opaque_data, responder_opaque_data_size); LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "libspdm_start_session - libspdm_send_receive_psk_finish - %xu\n", status)); diff --git a/library/spdm_requester_lib/libspdm_req_key_exchange.c b/library/spdm_requester_lib/libspdm_req_key_exchange.c index 466c2337dd8..4d0b29c5a34 100644 --- a/library/spdm_requester_lib/libspdm_req_key_exchange.c +++ b/library/spdm_requester_lib/libspdm_req_key_exchange.c @@ -748,6 +748,7 @@ static libspdm_return_t libspdm_try_send_receive_key_exchange( goto receive_done; } session_info->peer_used_cert_chain_slot_id = slot_id; + session_info->local_used_cert_chain_slot_id = *req_slot_id_param; /* -=[Process Response Phase]=- */ status = libspdm_append_message_k(spdm_context, session_info, true, spdm_request,