From 8d158dba77bf16744bd9c16d5fe41e8771dda302 Mon Sep 17 00:00:00 2001 From: "Yang, Longlong" Date: Mon, 11 Dec 2023 04:10:22 -0500 Subject: [PATCH 1/2] replace hardcode with MAX_SUPPORTED_ALG_STRUCTURE_COUNT. Signed-off-by: Yang, Longlong --- spdmlib/src/message/algorithm.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/spdmlib/src/message/algorithm.rs b/spdmlib/src/message/algorithm.rs index 2479a579..e6335b48 100644 --- a/spdmlib/src/message/algorithm.rs +++ b/spdmlib/src/message/algorithm.rs @@ -11,6 +11,8 @@ use codec::{Codec, Reader, Writer}; use self::common::SpdmOpaqueSupport; +pub const MAX_SUPPORTED_ALG_STRUCTURE_COUNT: usize = 4; + #[derive(Debug, Clone, Default)] pub struct SpdmNegotiateAlgorithmsRequestPayload { pub measurement_specification: SpdmMeasurementSpecification, @@ -18,7 +20,7 @@ pub struct SpdmNegotiateAlgorithmsRequestPayload { pub base_asym_algo: SpdmBaseAsymAlgo, pub base_hash_algo: SpdmBaseHashAlgo, pub alg_struct_count: u8, - pub alg_struct: [SpdmAlgStruct; 4], + pub alg_struct: [SpdmAlgStruct; MAX_SUPPORTED_ALG_STRUCTURE_COUNT], } impl SpdmCodec for SpdmNegotiateAlgorithmsRequestPayload { From 4854ba0a2fb75e444c2cbfb381e619be9bafd23f Mon Sep 17 00:00:00 2001 From: "Yang, Longlong" Date: Mon, 11 Dec 2023 04:11:32 -0500 Subject: [PATCH 2/2] improve conformance for negotiating algorithms. fix #167 Signed-off-by: Yang, Longlong --- .../src/requester/negotiate_algorithms_req.rs | 104 +++++++++++++----- spdmlib/src/responder/algorithm_rsp.rs | 66 ++++++++++- 2 files changed, 139 insertions(+), 31 deletions(-) diff --git a/spdmlib/src/requester/negotiate_algorithms_req.rs b/spdmlib/src/requester/negotiate_algorithms_req.rs index 5fb7def0..766184fb 100644 --- a/spdmlib/src/requester/negotiate_algorithms_req.rs +++ b/spdmlib/src/requester/negotiate_algorithms_req.rs @@ -32,6 +32,34 @@ impl RequesterContext { pub fn encode_spdm_algorithm(&mut self, buf: &mut [u8]) -> SpdmResult { let other_params_support: SpdmOpaqueSupport = self.common.config_info.opaque_support; + let mut alg_struct_count = 0; + let mut alg_struct: [SpdmAlgStruct; MAX_SUPPORTED_ALG_STRUCTURE_COUNT] = + gen_array_clone(SpdmAlgStruct::default(), MAX_SUPPORTED_ALG_STRUCTURE_COUNT); + if self.common.config_info.dhe_algo.is_valid() { + alg_struct[alg_struct_count].alg_type = SpdmAlgType::SpdmAlgTypeDHE; + alg_struct[alg_struct_count].alg_supported = + SpdmAlg::SpdmAlgoDhe(self.common.config_info.dhe_algo); + alg_struct_count += 1; + } + if self.common.config_info.aead_algo.is_valid() { + alg_struct[alg_struct_count].alg_type = SpdmAlgType::SpdmAlgTypeAEAD; + alg_struct[alg_struct_count].alg_supported = + SpdmAlg::SpdmAlgoAead(self.common.config_info.aead_algo); + alg_struct_count += 1; + } + if self.common.config_info.req_asym_algo.is_valid() { + alg_struct[alg_struct_count].alg_type = SpdmAlgType::SpdmAlgTypeReqAsym; + alg_struct[alg_struct_count].alg_supported = + SpdmAlg::SpdmAlgoReqAsym(self.common.config_info.req_asym_algo); + alg_struct_count += 1; + } + if self.common.config_info.key_schedule_algo.is_valid() { + alg_struct[alg_struct_count].alg_type = SpdmAlgType::SpdmAlgTypeKeySchedule; + alg_struct[alg_struct_count].alg_supported = + SpdmAlg::SpdmAlgoKeySchedule(self.common.config_info.key_schedule_algo); + alg_struct_count += 1; + } + let mut writer = Writer::init(buf); let request = SpdmMessage { header: SpdmMessageHeader { @@ -44,29 +72,8 @@ impl RequesterContext { other_params_support, base_asym_algo: self.common.config_info.base_asym_algo, base_hash_algo: self.common.config_info.base_hash_algo, - alg_struct_count: 4, - alg_struct: [ - SpdmAlgStruct { - alg_type: SpdmAlgType::SpdmAlgTypeDHE, - alg_supported: SpdmAlg::SpdmAlgoDhe(self.common.config_info.dhe_algo), - }, - SpdmAlgStruct { - alg_type: SpdmAlgType::SpdmAlgTypeAEAD, - alg_supported: SpdmAlg::SpdmAlgoAead(self.common.config_info.aead_algo), - }, - SpdmAlgStruct { - alg_type: SpdmAlgType::SpdmAlgTypeReqAsym, - alg_supported: SpdmAlg::SpdmAlgoReqAsym( - self.common.config_info.req_asym_algo, - ), - }, - SpdmAlgStruct { - alg_type: SpdmAlgType::SpdmAlgTypeKeySchedule, - alg_supported: SpdmAlg::SpdmAlgoKeySchedule( - self.common.config_info.key_schedule_algo, - ), - }, - ], + alg_struct_count: alg_struct_count as u8, + alg_struct, }, ), }; @@ -116,16 +123,59 @@ impl RequesterContext { { match &alg.alg_supported { SpdmAlg::SpdmAlgoDhe(v) => { - self.common.negotiate_info.dhe_sel = *v + if v.is_no_more_than_one_selected() || v.bits() == 0 { + self.common.negotiate_info.dhe_sel = + self.common.config_info.dhe_algo; + self.common.negotiate_info.dhe_sel.prioritize(*v); + } else { + error!( + "unknown Dhe algorithm structure:{:X?}\n", + v.bits() + ); + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } } SpdmAlg::SpdmAlgoAead(v) => { - self.common.negotiate_info.aead_sel = *v + if v.is_no_more_than_one_selected() || v.bits() == 0 { + self.common.negotiate_info.aead_sel = + self.common.config_info.aead_algo; + self.common.negotiate_info.aead_sel.prioritize(*v); + } else { + error!( + "unknown aead algorithm structure:{:X?}\n", + v.bits() + ); + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } } SpdmAlg::SpdmAlgoReqAsym(v) => { - self.common.negotiate_info.req_asym_sel = *v + if v.is_no_more_than_one_selected() || v.bits() == 0 { + self.common.negotiate_info.req_asym_sel = + self.common.config_info.req_asym_algo; + self.common.negotiate_info.req_asym_sel.prioritize(*v); + } else { + error!( + "unknown req asym algorithm structure:{:X?}\n", + v.bits() + ); + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } } SpdmAlg::SpdmAlgoKeySchedule(v) => { - self.common.negotiate_info.key_schedule_sel = *v + if v.is_no_more_than_one_selected() || v.bits() == 0 { + self.common.negotiate_info.key_schedule_sel = + self.common.config_info.key_schedule_algo; + self.common + .negotiate_info + .key_schedule_sel + .prioritize(*v); + } else { + error!( + "unknown key schedule algorithm structure:{:X?}\n", + v.bits() + ); + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } } SpdmAlg::SpdmAlgoUnknown(_v) => {} } diff --git a/spdmlib/src/responder/algorithm_rsp.rs b/spdmlib/src/responder/algorithm_rsp.rs index 07d66a42..03c6757a 100644 --- a/spdmlib/src/responder/algorithm_rsp.rs +++ b/spdmlib/src/responder/algorithm_rsp.rs @@ -76,11 +76,69 @@ impl ResponderContext { .take(negotiate_algorithms.alg_struct_count as usize) { match &alg.alg_supported { - SpdmAlg::SpdmAlgoDhe(v) => self.common.negotiate_info.dhe_sel = *v, - SpdmAlg::SpdmAlgoAead(v) => self.common.negotiate_info.aead_sel = *v, - SpdmAlg::SpdmAlgoReqAsym(v) => self.common.negotiate_info.req_asym_sel = *v, + SpdmAlg::SpdmAlgoDhe(v) => { + if v.is_valid() { + self.common.negotiate_info.dhe_sel = *v; + } else { + error!("unknown Dhe algorithm structure:{:X?}\n", v.bits()); + self.write_spdm_error( + SpdmErrorCode::SpdmErrorInvalidRequest, + 0, + writer, + ); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } + SpdmAlg::SpdmAlgoAead(v) => { + if v.is_valid() { + self.common.negotiate_info.aead_sel = *v; + } else { + error!("unknown aead algorithm structure:{:X?}\n", v.bits()); + self.write_spdm_error( + SpdmErrorCode::SpdmErrorInvalidRequest, + 0, + writer, + ); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } + SpdmAlg::SpdmAlgoReqAsym(v) => { + if v.is_valid() { + self.common.negotiate_info.req_asym_sel = *v; + } else { + error!("unknown req asym algorithm structure:{:X?}\n", v.bits()); + self.write_spdm_error( + SpdmErrorCode::SpdmErrorInvalidRequest, + 0, + writer, + ); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } + } SpdmAlg::SpdmAlgoKeySchedule(v) => { - self.common.negotiate_info.key_schedule_sel = *v + if v.is_valid() { + self.common.negotiate_info.key_schedule_sel = *v; + } else { + error!("unknown key schedule algorithm structure:{:X?}\n", v.bits()); + self.write_spdm_error( + SpdmErrorCode::SpdmErrorInvalidRequest, + 0, + writer, + ); + return ( + Err(SPDM_STATUS_INVALID_MSG_FIELD), + Some(writer.used_slice()), + ); + } } SpdmAlg::SpdmAlgoUnknown(_v) => {} }