Additional transport header length #2323
ssunder-xilinx
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
The libspdm_encode_secured_message() API shifts the message buffer pointer backward to add a 2-byte secure cipher header length. The message buffer in this case is the start address of the scratch buffer and going backward can cause serious memory corruption.
However, the SPDM emulator reserves the initial 64 bytes as the additional transport header but I doubt it considers the size of the spdm_secured_message_cipher_header_t structure. There may be a use case where the transport header length is zero i.e. the hardware has already removed the transport header.
In this scenario, the libspdm should make room for the additional cipher data and should not assume the space reserved by transport header length. I think it would be appropriate to handle this in the following function,
library/spdm_reponder_lib/libspdm_rsp_receive_send.c
`libspdm_build_response(......)
{
/* For secure message, setup my_response to scratch buffer
* For non-secure message, setup my_response to sender buffer*/
transport_header_size = context->local_context.capability.transport_header_size + (sizeof(spdm_secured_message_cipher_header_t);
}`
Also, in function ,
libspdm_encode_secured_message(........) { // Remove this line enc_msg_header = (void *)((uint8_t *)app_message - sizeof(spdm_secured_message_cipher_header_t)); }Thanks,
Shyam
Beta Was this translation helpful? Give feedback.
All reactions