1.3 Add DIGEST to transcript.

Signed-off-by: Jiewen Yao <[email protected]>

Author: jyao1

include/internal/libspdm_common_lib.h

@@ -312,6 +312,7 @@ typedef struct {
 typedef struct {
     /* the message_a must be plan text because we do not know the algorithm yet.*/
     libspdm_vca_managed_buffer_t message_a;
+    libspdm_message_d_managed_buffer_t message_d;
 #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
     libspdm_message_b_managed_buffer_t message_b;
     libspdm_message_c_managed_buffer_t message_c;
@@ -383,6 +384,7 @@ typedef struct {
  * F  = Concatenate (PSK_FINISH request, PSK_FINISH response)*/
 
 typedef struct {
+    libspdm_message_d_managed_buffer_t message_encap_d;
 #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
     libspdm_message_k_managed_buffer_t message_k;
     libspdm_message_f_managed_buffer_t message_f;
@@ -1198,6 +1200,14 @@ void libspdm_append_msg_log(libspdm_context_t *spdm_context, void *message, size
  **/
 void libspdm_reset_message_a(libspdm_context_t *spdm_context);
 
+/**
+ * Reset message D cache in SPDM context.
+ *
+ * @param  spdm_context       A pointer to the SPDM context.
+ * @param  spdm_session_info  A pointer to the SPDM session context.
+ **/
+void libspdm_reset_message_d(libspdm_context_t *spdm_context);
+
 /**
  * Reset message B cache in SPDM context.
  *
@@ -1244,6 +1254,14 @@ void libspdm_reset_message_m(libspdm_context_t *spdm_context, void *session_info
  **/
 void libspdm_reset_message_k(libspdm_context_t *spdm_context, void *spdm_session_info);
 
+/**
+ * Reset message EncapD cache in SPDM context.
+ *
+ * @param  spdm_context       A pointer to the SPDM context.
+ * @param  spdm_session_info  A pointer to the SPDM session context.
+ **/
+void libspdm_reset_message_encap_d(libspdm_context_t *spdm_context, void *spdm_session_info);
+
 /**
  * Reset message F cache in SPDM context.
  *
@@ -1264,6 +1282,20 @@ void libspdm_reset_message_f(libspdm_context_t *spdm_context, void *spdm_session
  **/
 libspdm_return_t libspdm_append_message_a(libspdm_context_t *spdm_context, const void *message,
                                           size_t message_size);
+
+/**
+ * Append message D cache in SPDM context.
+ *
+ * @param  spdm_context  A pointer to the SPDM context.
+ * @param  message       Message buffer.
+ * @param  message_size  Size in bytes of message buffer.
+ *
+ * @return RETURN_SUCCESS          message is appended.
+ * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
+ **/
+libspdm_return_t libspdm_append_message_d(libspdm_context_t *spdm_context, const void *message,
+                                          size_t message_size);
+
 /**
  * Append message B cache in SPDM context.
  *
@@ -1350,6 +1382,23 @@ libspdm_return_t libspdm_append_message_k(libspdm_context_t *spdm_context,
                                           bool is_requester, const void *message,
                                           size_t message_size);
 
+/**
+ * Append message EncapD cache in SPDM context.
+ *
+ * @param  spdm_context       A pointer to the SPDM context.
+ * @param  spdm_session_info  A pointer to the SPDM session context.
+ * @param  is_requester       Indicate of the key generation for a requester or a responder.
+ * @param  message            Message buffer.
+ * @param  message_size       Size in bytes of message buffer.
+ *
+ * @return RETURN_SUCCESS          message is appended.
+ * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
+ **/
+libspdm_return_t libspdm_append_message_encap_d(libspdm_context_t *spdm_context,
+                                                void *spdm_session_info,
+                                                bool is_requester, const void *message,
+                                                size_t message_size);
+
 /**
  * Append message F cache in SPDM context.
  *

library/spdm_common_lib/libspdm_com_context_data.c

@@ -1089,6 +1089,16 @@ void libspdm_reset_message_a(libspdm_context_t *spdm_context)
     libspdm_reset_managed_buffer(&spdm_context->transcript.message_a);
 }
 
+/**
+ * Reset message D cache in SPDM context.
+ *
+ * @param  spdm_context                  A pointer to the SPDM context.
+ **/
+void libspdm_reset_message_d(libspdm_context_t *spdm_context)
+{
+    libspdm_reset_managed_buffer(&spdm_context->transcript.message_d);
+}
+
 /**
  * Reset message B cache in SPDM context.
  *
@@ -1226,6 +1236,20 @@ void libspdm_reset_message_k(libspdm_context_t *spdm_context, void *session_info
 #endif
 }
 
+/**
+ * Reset message EncapD cache in SPDM context.
+ *
+ * @param  spdm_context                  A pointer to the SPDM context.
+ * @param  spdm_session_info              A pointer to the SPDM session context.
+ **/
+void libspdm_reset_message_encap_d(libspdm_context_t *spdm_context, void *session_info)
+{
+    libspdm_session_info_t *spdm_session_info;
+
+    spdm_session_info = session_info;
+    libspdm_reset_managed_buffer(&spdm_session_info->session_transcript.message_encap_d);
+}
+
 /**
  * Reset message F cache in SPDM context.
  *
@@ -1327,6 +1351,24 @@ libspdm_return_t libspdm_append_message_a(libspdm_context_t *spdm_context, const
                                          message, message_size);
 }
 
+/**
+ * Append message D cache in SPDM context.
+ *
+ * @param  spdm_context  A pointer to the SPDM context.
+ * @param  message       Message buffer.
+ * @param  message_size  Size in bytes of message buffer.
+ *
+ * @return RETURN_SUCCESS          message is appended.
+ * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
+ **/
+libspdm_return_t libspdm_append_message_d(libspdm_context_t *spdm_context, const void *message,
+                                          size_t message_size)
+{
+    libspdm_reset_message_d (spdm_context);
+    return libspdm_append_managed_buffer(&spdm_context->transcript.message_d,
+                                         message, message_size);
+}
+
 /**
  * Append message B cache in SPDM context.
  *
@@ -1836,6 +1878,19 @@ libspdm_return_t libspdm_append_message_k(libspdm_context_t *spdm_context,
                 return LIBSPDM_STATUS_CRYPTO_ERROR;
             }
             if (!spdm_session_info->use_psk) {
+                if (spdm_context->connection_info.multi_key_conn_rsp) {
+                    result = libspdm_hash_update (
+                        spdm_context->connection_info.algorithm.base_hash_algo,
+                        spdm_session_info->session_transcript.digest_context_th,
+                        libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
+                        libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
+                    if (!result) {
+                        libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo,
+                                           spdm_session_info->session_transcript.digest_context_th);
+                        return LIBSPDM_STATUS_CRYPTO_ERROR;
+                    }
+                }
+
                 result = libspdm_hash_update (
                     spdm_context->connection_info.algorithm.base_hash_algo,
                     spdm_session_info->session_transcript.digest_context_th,
@@ -1861,6 +1916,32 @@ libspdm_return_t libspdm_append_message_k(libspdm_context_t *spdm_context,
 #endif
 }
 
+/**
+ * Append message EncapD cache in SPDM context.
+ *
+ * @param  spdm_context       A pointer to the SPDM context.
+ * @param  spdm_session_info  A pointer to the SPDM session context.
+ * @param  is_requester       Indicate of the key generation for a requester or a responder.
+ * @param  message            Message buffer.
+ * @param  message_size       Size in bytes of message buffer.
+ *
+ * @return RETURN_SUCCESS          message is appended.
+ * @return RETURN_OUT_OF_RESOURCES message is not appended because the internal cache is full.
+ **/
+libspdm_return_t libspdm_append_message_encap_d(libspdm_context_t *spdm_context,
+                                                void *session_info,
+                                                bool is_requester, const void *message,
+                                                size_t message_size)
+{
+    libspdm_session_info_t *spdm_session_info;
+
+    spdm_session_info = session_info;
+    libspdm_reset_message_encap_d(spdm_context, session_info);
+    return libspdm_append_managed_buffer(
+        &spdm_session_info->session_transcript.message_encap_d, message,
+        message_size);
+}
+
 /**
  * Append message F cache in SPDM context.
  *
@@ -1993,6 +2074,22 @@ libspdm_return_t libspdm_append_message_f(libspdm_context_t *spdm_context,
         LIBSPDM_ASSERT (spdm_session_info->session_transcript.digest_context_th != NULL);
         if (!spdm_session_info->session_transcript.message_f_initialized) {
             if (!spdm_session_info->use_psk && spdm_session_info->mut_auth_requested) {
+                if (spdm_context->connection_info.multi_key_conn_req) {
+                    result = libspdm_hash_update (
+                        spdm_context->connection_info.algorithm.base_hash_algo,
+                        spdm_session_info->session_transcript.digest_context_th,
+                        libspdm_get_managed_buffer(&spdm_session_info->session_transcript.
+                                                   message_encap_d),
+                        libspdm_get_managed_buffer_size(&spdm_session_info->session_transcript.
+                                                        message_encap_d));
+                    if (!result) {
+                        libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo,
+                                           spdm_session_info->session_transcript.digest_context_th);
+                        spdm_session_info->session_transcript.digest_context_th = NULL;
+                        return LIBSPDM_STATUS_CRYPTO_ERROR;
+                    }
+                }
+
                 result = libspdm_hash_update (
                     spdm_context->connection_info.algorithm.base_hash_algo,
                     spdm_session_info->session_transcript.digest_context_th,
@@ -2636,6 +2733,8 @@ libspdm_return_t libspdm_init_context_with_secured_context(void *spdm_context,
     context->version = LIBSPDM_CONTEXT_STRUCT_VERSION;
     context->transcript.message_a.max_buffer_size =
         sizeof(context->transcript.message_a.buffer);
+    context->transcript.message_d.max_buffer_size =
+        sizeof(context->transcript.message_d.buffer);
 #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
     context->transcript.message_b.max_buffer_size =
         sizeof(context->transcript.message_b.buffer);
@@ -2818,13 +2917,15 @@ void libspdm_deinit_context(void *spdm_context)
 #endif
 
     libspdm_reset_message_a(context);
+    libspdm_reset_message_d(context);
     libspdm_reset_message_b(context);
     libspdm_reset_message_c(context);
     libspdm_reset_message_mut_b(context);
     libspdm_reset_message_mut_c(context);
     for (session_id = 0; session_id < LIBSPDM_MAX_SESSION_COUNT; session_id++) {
         session_info = &context->session_info[session_id];
         libspdm_reset_message_m(context, session_info);
+        libspdm_reset_message_encap_d(context, session_info);
         libspdm_reset_message_k(context, session_info);
         libspdm_reset_message_f(context, session_info);
     }

library/spdm_common_lib/libspdm_com_context_data_session.c

@@ -96,6 +96,8 @@ void libspdm_session_info_init(libspdm_context_t *spdm_context,
         spdm_context->connection_info.algorithm.dhe_named_group,
         spdm_context->connection_info.algorithm.aead_cipher_suite,
         spdm_context->connection_info.algorithm.key_schedule);
+    session_info->session_transcript.message_encap_d.max_buffer_size =
+        sizeof(session_info->session_transcript.message_encap_d.buffer);
 #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
     session_info->session_transcript.message_k.max_buffer_size =
         sizeof(session_info->session_transcript.message_k.buffer);

library/spdm_common_lib/libspdm_com_crypto_service_session.c

@@ -49,6 +49,20 @@ bool libspdm_calculate_th_for_exchange(
     }
 
     if (cert_chain_buffer != NULL) {
+        if (spdm_context->connection_info.multi_key_conn_rsp) {
+            LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_d data :\n"));
+            LIBSPDM_INTERNAL_DUMP_HEX(
+                libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
+                libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
+            status = libspdm_append_managed_buffer(
+                th_curr,
+                libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
+                libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
+            if (LIBSPDM_STATUS_IS_ERROR(status)) {
+                return false;
+            }
+        }
+
         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_message_ct data :\n"));
         LIBSPDM_INTERNAL_DUMP_HEX(cert_chain_buffer, cert_chain_buffer_size);
         result = libspdm_hash_all(
@@ -236,6 +250,20 @@ bool libspdm_calculate_th_for_finish(libspdm_context_t *spdm_context,
     }
 
     if (cert_chain_buffer != NULL) {
+        if (spdm_context->connection_info.multi_key_conn_rsp) {
+            LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_d data :\n"));
+            LIBSPDM_INTERNAL_DUMP_HEX(
+                libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
+                libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
+            status = libspdm_append_managed_buffer(
+                th_curr,
+                libspdm_get_managed_buffer(&spdm_context->transcript.message_d),
+                libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d));
+            if (LIBSPDM_STATUS_IS_ERROR(status)) {
+                return false;
+            }
+        }
+
         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_message_ct data :\n"));
         LIBSPDM_INTERNAL_DUMP_HEX(cert_chain_buffer, cert_chain_buffer_size);
         result = libspdm_hash_all(
@@ -264,6 +292,20 @@ bool libspdm_calculate_th_for_finish(libspdm_context_t *spdm_context,
     }
 
     if (mut_cert_chain_buffer != NULL) {
+        if (spdm_context->connection_info.multi_key_conn_req) {
+            LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "message_encap_d data :\n"));
+            LIBSPDM_INTERNAL_DUMP_HEX(
+                libspdm_get_managed_buffer(&session_info->session_transcript.message_encap_d),
+                libspdm_get_managed_buffer_size(&session_info->session_transcript.message_encap_d));
+            status = libspdm_append_managed_buffer(
+                th_curr,
+                libspdm_get_managed_buffer(&session_info->session_transcript.message_encap_d),
+                libspdm_get_managed_buffer_size(&session_info->session_transcript.message_encap_d));
+            if (LIBSPDM_STATUS_IS_ERROR(status)) {
+                return false;
+            }
+        }
+
         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_message_cm data :\n"));
         LIBSPDM_INTERNAL_DUMP_HEX(mut_cert_chain_buffer, mut_cert_chain_buffer_size);
         result = libspdm_hash_all(

library/spdm_requester_lib/libspdm_req_encap_digests.c

@@ -27,6 +27,8 @@ libspdm_return_t libspdm_get_encap_response_digest(void *spdm_context,
     uint8_t slot_count;
     /*populated solt index*/
     uint8_t slot_index;
+    uint32_t session_id;
+    libspdm_session_info_t *session_info;
 
     context = spdm_context;
     spdm_request = request;
@@ -110,6 +112,28 @@ libspdm_return_t libspdm_get_encap_response_digest(void *spdm_context,
             response_size, response);
     }
 
+    if (context->last_spdm_request_session_id_valid) {
+        session_id = context->last_spdm_request_session_id;
+    } else {
+        session_id = context->latest_session_id;
+    }
+    if (session_id != INVALID_SESSION_ID) {
+        session_info = libspdm_get_session_info_via_session_id(context, session_id);
+    } else {
+        session_info = NULL;
+    }
+    if (session_info != NULL) {
+        if (context->connection_info.multi_key_conn_req) {
+            status = libspdm_append_message_encap_d(context, session_info, true,
+                                                    spdm_response, *response_size);
+            if (LIBSPDM_STATUS_IS_ERROR(status)) {
+                return libspdm_generate_encap_error_response(
+                    context, SPDM_ERROR_CODE_UNSPECIFIED, 0,
+                    response_size, response);
+            }
+        }
+    }
+
     return LIBSPDM_STATUS_SUCCESS;
 }
 

library/spdm_requester_lib/libspdm_req_get_digests.c

@@ -187,6 +187,13 @@ static libspdm_return_t libspdm_try_get_digest(libspdm_context_t *spdm_context,
         if (LIBSPDM_STATUS_IS_ERROR(status)) {
             goto receive_done;
         }
+
+        if (spdm_context->connection_info.multi_key_conn_rsp) {
+            status = libspdm_append_message_d(spdm_context, spdm_response, spdm_response_size);
+            if (LIBSPDM_STATUS_IS_ERROR(status)) {
+                goto receive_done;
+            }
+        }
     }
 
     for (index = 0; index < digest_count; index++) {

library/spdm_responder_lib/libspdm_rsp_digests.c

@@ -150,6 +150,15 @@ libspdm_return_t libspdm_get_response_digests(libspdm_context_t *spdm_context, s
                                                    SPDM_ERROR_CODE_UNSPECIFIED, 0,
                                                    response_size, response);
         }
+
+        if (spdm_context->connection_info.multi_key_conn_rsp) {
+            status = libspdm_append_message_d(spdm_context, spdm_response, *response_size);
+            if (LIBSPDM_STATUS_IS_ERROR(status)) {
+                return libspdm_generate_error_response(spdm_context,
+                                                       SPDM_ERROR_CODE_UNSPECIFIED, 0,
+                                                       response_size, response);
+            }
+        }
     }
 
     if (spdm_context->connection_info.connection_state <