Skip to content
This repository has been archived by the owner on Jul 29, 2024. It is now read-only.

add unexpected measurement record check. #88

Merged
merged 1 commit into from
Sep 16, 2023
Merged

add unexpected measurement record check. #88

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
112 changes: 58 additions & 54 deletions spdmlib/src/requester/get_measurements_req.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,68 +113,72 @@ impl RequesterContext {
let measurements = SpdmMeasurementsResponsePayload::spdm_read(
&mut self.common,
&mut reader,
);
)
.ok_or(SPDM_STATUS_INVALID_MSG_FIELD)?;
if measurement_operation
== SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber
&& measurements.measurement_record.number_of_blocks != 0
{
error!("measurement_operation == SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber &&
measurements.measurement_record.number_of_blocks != 0");
return Err(SPDM_STATUS_INVALID_MSG_FIELD);
}

let used = reader.used();
if let Some(measurements) = measurements {
debug!("!!! measurements : {:02x?}\n", measurements);

if self.common.negotiate_info.spdm_version_sel
>= SpdmVersion::SpdmVersion12
{
self.common.runtime_info.content_changed =
measurements.content_changed;
}
debug!("!!! measurements : {:02x?}\n", measurements);

if self.common.negotiate_info.spdm_version_sel >= SpdmVersion::SpdmVersion12
{
self.common.runtime_info.content_changed = measurements.content_changed;
}

let base_asym_size =
self.common.negotiate_info.base_asym_sel.get_size() as usize;
let temp_used = used
- if self.common.runtime_info.need_measurement_signature {
base_asym_size
} else {
0
};

let base_asym_size =
self.common.negotiate_info.base_asym_sel.get_size() as usize;
let temp_used = used
- if self.common.runtime_info.need_measurement_signature {
base_asym_size
} else {
0
};

self.common.append_message_m(session_id, send_buffer)?;
self.common
.append_message_m(session_id, &receive_buffer[..temp_used])?;

// verify signature
if measurement_attributes
.contains(SpdmMeasurementAttributes::SIGNATURE_REQUESTED)
self.common.append_message_m(session_id, send_buffer)?;
self.common
.append_message_m(session_id, &receive_buffer[..temp_used])?;

// verify signature
if measurement_attributes
.contains(SpdmMeasurementAttributes::SIGNATURE_REQUESTED)
{
if self
.verify_measurement_signature(
slot_id,
session_id,
&measurements.signature,
)
.is_err()
{
if self
.verify_measurement_signature(
slot_id,
session_id,
&measurements.signature,
)
.is_err()
{
error!("verify_measurement_signature fail");
self.common.reset_message_m(session_id);
return Err(SPDM_STATUS_VERIF_FAIL);
} else {
self.common.reset_message_m(session_id);
info!("verify_measurement_signature pass");
}
error!("verify_measurement_signature fail");
self.common.reset_message_m(session_id);
return Err(SPDM_STATUS_VERIF_FAIL);
} else {
self.common.reset_message_m(session_id);
info!("verify_measurement_signature pass");
}
}

*spdm_measurement_record_structure = SpdmMeasurementRecordStructure {
..measurements.measurement_record
};
*spdm_measurement_record_structure = SpdmMeasurementRecordStructure {
..measurements.measurement_record
};

match measurement_operation {
SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber => {
Ok(measurements.number_of_measurement)
}
SpdmMeasurementOperation::SpdmMeasurementRequestAll => {
Ok(measurements.measurement_record.number_of_blocks)
}
_ => Ok(measurements.measurement_record.number_of_blocks),
match measurement_operation {
SpdmMeasurementOperation::SpdmMeasurementQueryTotalNumber => {
Ok(measurements.number_of_measurement)
}
SpdmMeasurementOperation::SpdmMeasurementRequestAll => {
Ok(measurements.measurement_record.number_of_blocks)
}
} else {
error!("!!! measurements : fail !!!\n");
Err(SPDM_STATUS_INVALID_MSG_FIELD)
_ => Ok(measurements.measurement_record.number_of_blocks),
}
}
SpdmRequestResponseCode::SpdmResponseError => {
Expand Down
2 changes: 1 addition & 1 deletion test/spdmlib-test/src/requester_tests/get_measurements_req.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -208,7 +208,7 @@ fn test_handle_spdm_measurement_record_response() {
v.extend_from_slice(&[0x02; 16]);
v.into_boxed_slice()
})(),
expected_result: Ok(1), // should expect Err(SPDM_STATUS_INVALID_MSG_FIELD)
expected_result: Err(SPDM_STATUS_INVALID_MSG_FIELD),
},
Tc {
name: "requested certain index (0x05) but returned mismatch (0xFE)",
Expand Down