Skip to content

Allow Requester to input opaque data for finish and psk_finish #3486

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Li-Aaron wants to merge 1 commit into
base: main
Choose a base branch
from
+121 −49
Open

Allow Requester to input opaque data for finish and psk_finish #3486

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 47 additions & 22 deletions include/library/spdm_requester_lib.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -521,14 +521,14 @@ libspdm_return_t libspdm_get_supported_algorithms(void *spdm_context,
uint8_t *spdm_version);

/**
* This function sends KEY_EXCHANGE/FINISH or PSK_EXCHANGE/PSK_FINISH to start an SPDM Session.
* This function sends KEY_EXCHANGE or PSK_EXCHANGE to start an SPDM Session.
*
* If encapsulated mutual authentication is requested from the responder,
* this function also perform the encapsulated mutual authentication.
*
* @param spdm_context A pointer to the SPDM context.
* @param use_psk False means to use KEY_EXCHANGE/FINISH to start a session.
* True means to use PSK_EXCHANGE/PSK_FINISH to start a session.
* @param use_psk False means to use KEY_EXCHANGE to start a session.
* True means to use PSK_EXCHANGE to start a session.
* @param psk_hint The psk_hint in PSK_EXCHANGE. It is ignored if use_psk is false.
* @param psk_hint_size The size in bytes of psk_hint. It is ignored if use_psk is false.
* @param measurement_hash_type The type of the measurement hash.
Expand Down Expand Up @@ -561,25 +561,50 @@ libspdm_return_t libspdm_get_supported_algorithms(void *spdm_context,
* Opaque data should be less than 1024 bytes.
* On output, the size of the opaque data.
**/
libspdm_return_t libspdm_start_session_ex(void *spdm_context, bool use_psk,
const void *psk_hint,
uint16_t psk_hint_size,
uint8_t measurement_hash_type,
uint8_t slot_id,
uint8_t session_policy,
uint32_t *session_id,
uint8_t *heartbeat_period,
void *measurement_hash,
const void *requester_random_in,
size_t requester_random_in_size,
void *requester_random,
size_t *requester_random_size,
void *responder_random,
size_t *responder_random_size,
const void *requester_opaque_data,
size_t requester_opaque_data_size,
void *responder_opaque_data,
size_t *responder_opaque_data_size);
libspdm_return_t libspdm_start_session_exchange(void *spdm_context, bool use_psk,
const void *psk_hint,
uint16_t psk_hint_size,
uint8_t measurement_hash_type,
uint8_t slot_id,
uint8_t session_policy,
uint32_t *session_id,
uint8_t *heartbeat_period,
void *measurement_hash,
const void *requester_random_in,
size_t requester_random_in_size,
void *requester_random,
size_t *requester_random_size,
void *responder_random,
size_t *responder_random_size,
const void *requester_opaque_data,
size_t requester_opaque_data_size,
void *responder_opaque_data,
size_t *responder_opaque_data_size);

/**
* This function sends FINISH or PSK_FINISH to start an SPDM Session.
*
* @param spdm_context A pointer to the SPDM context.
* @param session_id The session ID of the session.
* @param requester_opaque_data A buffer to hold the requester opaque data, if not NULL.
* If not NULL, this function will not generate any opaque data,
* including secured message versions.
* This parameter is only used for SPDM 1.4 and later
* @param requester_opaque_data_size The size of the opaque data, if requester_opaque_data is not NULL.
* This parameter is only used for SPDM 1.4 and later
* @param responder_opaque_data A buffer to hold the responder opaque data, if not NULL.
* This parameter is only used for SPDM 1.4 and later
* @param responder_opaque_data_size On input, the size of the opaque data buffer.
* Opaque data should be less than 1024 bytes.
* On output, the size of the opaque data.
* This parameter is only used for SPDM 1.4 and later
*/
libspdm_return_t libspdm_start_session_finish(void *spdm_context,
uint32_t session_id,
const void *requester_opaque_data,
size_t requester_opaque_data_size,
void *responder_opaque_data,
size_t *responder_opaque_data_size);

/**
* This function sends END_SESSION to stop an SPDM Session.
Expand Down
100 changes: 73 additions & 27 deletions library/spdm_requester_lib/libspdm_req_communication.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,25 +198,25 @@ libspdm_return_t libspdm_start_session(void *spdm_context, bool use_psk,
return status;
}

libspdm_return_t libspdm_start_session_ex(void *spdm_context, bool use_psk,
const void *psk_hint,
uint16_t psk_hint_size,
uint8_t measurement_hash_type,
uint8_t slot_id,
uint8_t session_policy,
uint32_t *session_id,
uint8_t *heartbeat_period,
void *measurement_hash,
const void *requester_random_in,
size_t requester_random_in_size,
void *requester_random,
size_t *requester_random_size,
void *responder_random,
size_t *responder_random_size,
const void *requester_opaque_data,
size_t requester_opaque_data_size,
void *responder_opaque_data,
size_t *responder_opaque_data_size)
libspdm_return_t libspdm_start_session_exchange(void *spdm_context, bool use_psk,
const void *psk_hint,
uint16_t psk_hint_size,
uint8_t measurement_hash_type,
uint8_t slot_id,
uint8_t session_policy,
uint32_t *session_id,
uint8_t *heartbeat_period,
void *measurement_hash,
const void *requester_random_in,
size_t requester_random_in_size,
void *requester_random,
size_t *requester_random_size,
void *responder_random,
size_t *responder_random_size,
const void *requester_opaque_data,
size_t requester_opaque_data_size,
void *responder_opaque_data,
size_t *responder_opaque_data_size)
{
libspdm_return_t status;
libspdm_context_t *context;
Expand Down Expand Up @@ -293,13 +293,6 @@ libspdm_return_t libspdm_start_session_ex(void *spdm_context, bool use_psk,
session_info->mut_auth_requested));
return LIBSPDM_STATUS_INVALID_MSG_FIELD;
}

if (req_slot_id_param == 0xF) {
req_slot_id_param = 0xFF;
}
status = libspdm_send_receive_finish(context, *session_id, req_slot_id_param);
LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO,
"libspdm_start_session - libspdm_send_receive_finish - %xu\n", status));
#else /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/
LIBSPDM_ASSERT(false);
return LIBSPDM_STATUS_UNSUPPORTED_CAP;
Expand All @@ -321,12 +314,65 @@ libspdm_return_t libspdm_start_session_ex(void *spdm_context, bool use_psk,
status));
return status;
}
#else /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP*/
LIBSPDM_ASSERT(false);
return LIBSPDM_STATUS_UNSUPPORTED_CAP;
#endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP*/
}

return status;
}

libspdm_return_t libspdm_start_session_finish(void *spdm_context,
uint32_t session_id,
const void *requester_opaque_data,
size_t requester_opaque_data_size,
void *responder_opaque_data,
size_t *responder_opaque_data_size)
{
libspdm_return_t status;
libspdm_context_t *context;
libspdm_session_info_t *session_info;

#if LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP
uint8_t req_slot_id_param;
#endif /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP */

context = spdm_context;
status = LIBSPDM_STATUS_UNSUPPORTED_CAP;

session_info = libspdm_get_session_info_via_session_id(context, session_id);
if (session_info == NULL) {
LIBSPDM_ASSERT(false);
return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
}

if (!session_info->use_psk) {
#if LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP
req_slot_id_param = session_info->local_used_cert_chain_slot_id;
if (req_slot_id_param == 0xF) {
req_slot_id_param = 0xFF;
}
status = libspdm_send_receive_finish_ex(
context, session_id, req_slot_id_param,
requester_opaque_data, requester_opaque_data_size,
responder_opaque_data, responder_opaque_data_size);
LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO,
"libspdm_start_session - libspdm_send_receive_finish - %xu\n", status));
#else /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/
LIBSPDM_ASSERT(false);
return LIBSPDM_STATUS_UNSUPPORTED_CAP;
#endif /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/
} else {
#if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
/* send PSK_FINISH only if Responder supports context.*/
if (libspdm_is_capabilities_flag_supported(
context, true, 0,
SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP_RESPONDER_WITH_CONTEXT)) {
status = libspdm_send_receive_psk_finish(context, *session_id);
status = libspdm_send_receive_psk_finish_ex(
context, session_id,
requester_opaque_data, requester_opaque_data_size,
responder_opaque_data, responder_opaque_data_size);
LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO,
"libspdm_start_session - libspdm_send_receive_psk_finish - %xu\n",
status));
Expand Down
1 change: 1 addition & 0 deletions library/spdm_requester_lib/libspdm_req_key_exchange.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -748,6 +748,7 @@ static libspdm_return_t libspdm_try_send_receive_key_exchange(
goto receive_done;
}
session_info->peer_used_cert_chain_slot_id = slot_id;
session_info->local_used_cert_chain_slot_id = *req_slot_id_param;

/* -=[Process Response Phase]=- */
status = libspdm_append_message_k(spdm_context, session_info, true, spdm_request,
Expand Down