From be3a27d07e9bd2f4f19b690b011d84f0c54e25f9 Mon Sep 17 00:00:00 2001 From: "Yang, Longlong" Date: Thu, 14 Sep 2023 21:29:00 -0400 Subject: [PATCH] add unexpected measurement record check. fix #78 Signed-off-by: Yang, Longlong --- spdmlib/src/requester/get_measurements_req.rs | 112 +++++++++--------- .../requester_tests/get_measurements_req.rs | 2 +- 2 files changed, 59 insertions(+), 55 deletions(-) diff --git a/spdmlib/src/requester/get_measurements_req.rs b/spdmlib/src/requester/get_measurements_req.rs index 68740e35..6a72855b 100644 --- a/spdmlib/src/requester/get_measurements_req.rs +++ b/spdmlib/src/requester/get_measurements_req.rs @@ -113,68 +113,72 @@ impl RequesterContext { let measurements = SpdmMeasurementsResponsePayload::spdm_read( &mut self.common, &mut reader, - ); + ) + .ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?; + if measurement_operation + == SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber + && measurements.measurement_record.number_of_blocks != 0 + { + error!("measurement_operation == SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber && + measurements.measurement_record.number_of_blocks != 0"); + return Err(SPDM_STATUS_INVALID_MSG_FIELD); + } + let used = reader.used(); - if let Some(measurements) = measurements { - debug!("!!! measurements : {:02x?}\n", measurements); - if self.common.negotiate_info.spdm_version_sel - >= SpdmVersion::SpdmVersion12 - { - self.common.runtime_info.content_changed = - measurements.content_changed; - } + debug!("!!! measurements : {:02x?}\n", measurements); + + if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12 + { + self.common.runtime_info.content_changed = measurements.content_changed; + } + + let base_asym_size = + self.common.negotiate_info.base_asym_sel.get_size() as usize; + let temp_used = used + - if self.common.runtime_info.need_measurement_signature { + base_asym_size + } else { + 0 + }; - let base_asym_size = - self.common.negotiate_info.base_asym_sel.get_size() as usize; - let temp_used = used - - if self.common.runtime_info.need_measurement_signature { - base_asym_size - } else { - 0 - }; - - self.common.append_message_m(session_id, send_buffer)?; - self.common - .append_message_m(session_id, &receive_buffer[..temp_used])?; - - // verify signature - if measurement_attributes - .contains(SpdmMeasurementAttributes::SIGNATURE_REQUESTED) + self.common.append_message_m(session_id, send_buffer)?; + self.common + .append_message_m(session_id, &receive_buffer[..temp_used])?; + + // verify signature + if measurement_attributes + .contains(SpdmMeasurementAttributes::SIGNATURE_REQUESTED) + { + if self + .verify_measurement_signature( + slot_id, + session_id, + &measurements.signature, + ) + .is_err() { - if self - .verify_measurement_signature( - slot_id, - session_id, - &measurements.signature, - ) - .is_err() - { - error!("verify_measurement_signature fail"); - self.common.reset_message_m(session_id); - return Err(SPDM_STATUS_VERIF_FAIL); - } else { - self.common.reset_message_m(session_id); - info!("verify_measurement_signature pass"); - } + error!("verify_measurement_signature fail"); + self.common.reset_message_m(session_id); + return Err(SPDM_STATUS_VERIF_FAIL); + } else { + self.common.reset_message_m(session_id); + info!("verify_measurement_signature pass"); } + } - *spdm_measurement_record_structure = SpdmMeasurementRecordStructure { - ..measurements.measurement_record - }; + *spdm_measurement_record_structure = SpdmMeasurementRecordStructure { + ..measurements.measurement_record + }; - match measurement_operation { - SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber => { - Ok(measurements.number_of_measurement) - } - SpdmMeasurementOperation::SpdmMeasurementRequestAll => { - Ok(measurements.measurement_record.number_of_blocks) - } - _ => Ok(measurements.measurement_record.number_of_blocks), + match measurement_operation { + SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber => { + Ok(measurements.number_of_measurement) + } + SpdmMeasurementOperation::SpdmMeasurementRequestAll => { + Ok(measurements.measurement_record.number_of_blocks) } - } else { - error!("!!! measurements : fail !!!\n"); - Err(SPDM_STATUS_INVALID_MSG_FIELD) + _ => Ok(measurements.measurement_record.number_of_blocks), } } SpdmRequestResponseCode::SpdmResponseError => { diff --git a/test/spdmlib-test/src/requester_tests/get_measurements_req.rs b/test/spdmlib-test/src/requester_tests/get_measurements_req.rs index 92d389b2..cbeb7d1c 100644 --- a/test/spdmlib-test/src/requester_tests/get_measurements_req.rs +++ b/test/spdmlib-test/src/requester_tests/get_measurements_req.rs @@ -208,7 +208,7 @@ fn test_handle_spdm_measurement_record_response() { v.extend_from_slice(&[0x02; 16]); v.into_boxed_slice() })(), - expected_result: Ok(1), // should expect Err(SPDM_STATUS_INVALID_MSG_FIELD) + expected_result: Err(SPDM_STATUS_INVALID_MSG_FIELD), }, Tc { name: "requested certain index (0x05) but returned mismatch (0xFE)",