1From f17d1146a0da174ebdd9299e4ca7057a38df19c0 Mon Sep 17 00:00:00 2001 2From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> 3Date: Wed, 10 Jul 2024 11:17:08 +0100 4Subject: [PATCH 3/5] get_certificate: do not store cert_chain content 5 6Add support for NULL cert_chain argument to libspdm_try_get_certificate. 7 8Add LIBSPDM_DATA_PEER_USED_CERT_CHAIN_HASH to libspdm_set_data to 9set the spdm_cert_chain hash value. 10 11Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> 12--- 13 include/library/spdm_common_lib.h | 1 + 14 .../spdm_common_lib/libspdm_com_context_data.c | 15 +++++++++++++++ 15 .../libspdm_req_get_certificate.c | 7 ++++++- 16 3 files changed, 22 insertions(+), 1 deletion(-) 17 18diff --git a/include/library/spdm_common_lib.h b/include/library/spdm_common_lib.h 19index 992cef24..a1fa8cc3 100644 20--- a/include/library/spdm_common_lib.h 21+++ b/include/library/spdm_common_lib.h 22@@ -158,6 +158,7 @@ typedef enum { 23 LIBSPDM_DATA_MULTI_KEY_CONN_RSP, 24 25 LIBSPDM_DATA_TOTAL_KEY_PAIRS, 26+ LIBSPDM_DATA_PEER_USED_CERT_CHAIN_HASH, 27 28 /* MAX */ 29 LIBSPDM_DATA_MAX 30diff --git a/library/spdm_common_lib/libspdm_com_context_data.c b/library/spdm_common_lib/libspdm_com_context_data.c 31index 7476abfb..2307d192 100644 32--- a/library/spdm_common_lib/libspdm_com_context_data.c 33+++ b/library/spdm_common_lib/libspdm_com_context_data.c 34@@ -611,6 +611,21 @@ libspdm_return_t libspdm_set_data(void *spdm_context, libspdm_data_type_t data_t 35 #endif /* LIBSPDM_CERT_PARSE_SUPPORT */ 36 #endif /* LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT */ 37 break; 38+ case LIBSPDM_DATA_PEER_USED_CERT_CHAIN_HASH: 39+ if (parameter->location != LIBSPDM_DATA_LOCATION_CONNECTION) { 40+ return LIBSPDM_STATUS_INVALID_PARAMETER; 41+ } 42+ slot_id = parameter->additional_data[0]; 43+ if (slot_id >= SPDM_MAX_SLOT_COUNT) { 44+ return LIBSPDM_STATUS_INVALID_PARAMETER; 45+ } 46+ context->connection_info.peer_used_cert_chain_slot_id = slot_id; 47+ context->connection_info.peer_used_cert_chain[slot_id].buffer_hash_size = 48+ data_size; 49+ libspdm_copy_mem(context->connection_info.peer_used_cert_chain[slot_id].buffer_hash, 50+ sizeof(context->connection_info.peer_used_cert_chain[slot_id].buffer_hash), 51+ data, data_size); 52+ break; 53 case LIBSPDM_DATA_PEER_PUBLIC_KEY: 54 if (parameter->location != LIBSPDM_DATA_LOCATION_LOCAL) { 55 return LIBSPDM_STATUS_INVALID_PARAMETER; 56diff --git a/library/spdm_requester_lib/libspdm_req_get_certificate.c b/library/spdm_requester_lib/libspdm_req_get_certificate.c 57index 07d9b8ad..3e8554a0 100644 58--- a/library/spdm_requester_lib/libspdm_req_get_certificate.c 59+++ b/library/spdm_requester_lib/libspdm_req_get_certificate.c 60@@ -92,7 +92,6 @@ static libspdm_return_t libspdm_try_get_certificate(libspdm_context_t *spdm_cont 61 LIBSPDM_ASSERT(slot_id < SPDM_MAX_SLOT_COUNT); 62 LIBSPDM_ASSERT(cert_chain_size != NULL); 63 LIBSPDM_ASSERT(*cert_chain_size > 0); 64- LIBSPDM_ASSERT(cert_chain != NULL); 65 66 /* -=[Verify State Phase]=- */ 67 if (!libspdm_is_capabilities_flag_supported( 68@@ -329,10 +328,12 @@ static libspdm_return_t libspdm_try_get_certificate(libspdm_context_t *spdm_cont 69 spdm_request->offset, spdm_response->portion_length)); 70 LIBSPDM_INTERNAL_DUMP_HEX(spdm_response->cert_chain, spdm_response->portion_length); 71 72+ if (cert_chain != NULL) { 73 libspdm_copy_mem((uint8_t *)cert_chain + cert_chain_size_internal, 74 cert_chain_capacity - cert_chain_size_internal, 75 spdm_response->cert_chain, 76 spdm_response->portion_length); 77+ } 78 79 cert_chain_size_internal += spdm_response->portion_length; 80 81@@ -378,6 +379,10 @@ static libspdm_return_t libspdm_try_get_certificate(libspdm_context_t *spdm_cont 82 } 83 } 84 85+ if (cert_chain == NULL) { 86+ goto done; 87+ } 88+ 89 spdm_context->connection_info.peer_used_cert_chain_slot_id = slot_id; 90 #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 91 spdm_context->connection_info.peer_used_cert_chain[slot_id].buffer_size = 92-- 932.34.1 94 95