DMTF
diff --git a/‎include/internal/libspdm_common_lib.h‎
Lines changed: 2 additions & 5 deletions b/‎include/internal/libspdm_common_lib.h‎
Lines changed: 2 additions & 5 deletions
diff --git a/‎include/library/spdm_common_lib.h‎
Lines changed: 3 additions & 4 deletions b/‎include/library/spdm_common_lib.h‎
Lines changed: 3 additions & 4 deletions
diff --git a/‎library/spdm_common_lib/libspdm_com_context_data.c‎
Lines changed: 12 additions & 13 deletions b/‎library/spdm_common_lib/libspdm_com_context_data.c‎
Lines changed: 12 additions & 13 deletions
diff --git a/‎library/spdm_common_lib/libspdm_com_crypto_service.c‎
Lines changed: 11 additions & 13 deletions b/‎library/spdm_common_lib/libspdm_com_crypto_service.c‎
Lines changed: 11 additions & 13 deletions
diff --git a/‎library/spdm_common_lib/libspdm_com_crypto_service_session.c‎
Lines changed: 12 additions & 9 deletions b/‎library/spdm_common_lib/libspdm_com_crypto_service_session.c‎
Lines changed: 12 additions & 9 deletions
diff --git a/‎library/spdm_requester_lib/libspdm_req_finish.c‎
Lines changed: 16 additions & 17 deletions b/‎library/spdm_requester_lib/libspdm_req_finish.c‎
Lines changed: 16 additions & 17 deletions
diff --git a/‎library/spdm_responder_lib/libspdm_rsp_finish.c‎
Lines changed: 16 additions & 15 deletions b/‎library/spdm_responder_lib/libspdm_rsp_finish.c‎
Lines changed: 16 additions & 15 deletions
@@ -150,11 +150,6 @@ typedef struct {
     libspdm_peer_used_cert_chain_t peer_used_cert_chain[SPDM_MAX_SLOT_COUNT];
     uint8_t peer_used_cert_chain_slot_id;
 
-    /* Local Used CertificateChain (for responder, or requester in mut auth) */
-    const uint8_t *local_used_cert_chain_buffer;
-    size_t local_used_cert_chain_buffer_size;
-    uint8_t local_used_cert_chain_slot_id;
-
     /* Specifies whether the cached negotiated state should be invalidated. (responder only)
      * This is a "sticky" bit wherein if it is set to 1 then it cannot be set to 0. */
     uint8_t end_session_attributes;
@@ -477,6 +472,8 @@ typedef struct {
     /* Register for the last KEY_UPDATE token and operation (responder only)*/
     spdm_key_update_request_t last_key_update_request;
     void *secured_message_context;
+    /* Only present in session info as it is currently only used within a secure session. */
+    uint8_t local_used_cert_chain_slot_id;
 } libspdm_session_info_t;
 
 #define LIBSPDM_MAX_ENCAP_REQUEST_OP_CODE_SEQUENCE_COUNT 3
 
@@ -879,11 +879,9 @@ bool libspdm_get_peer_cert_chain_data(void *spdm_context,
  * @param  spdm_context            A pointer to the SPDM context.
  * @param  cert_chain_buffer       Certificate chain buffer including spdm_cert_chain_t header.
  * @param  cert_chain_buffer_size  Size in bytes of the certificate chain buffer.
- *
- * @retval true  Local used certificate chain buffer including spdm_cert_chain_t header is returned.
- * @retval false Local used certificate chain buffer including spdm_cert_chain_t header is not found.
  **/
-bool libspdm_get_local_cert_chain_buffer(void *spdm_context,
+void libspdm_get_local_cert_chain_buffer(void *spdm_context,
+                                         uint8_t slot_id,
                                          const void **cert_chain_buffer,
                                          size_t *cert_chain_buffer_size);
 
@@ -898,6 +896,7 @@ bool libspdm_get_local_cert_chain_buffer(void *spdm_context,
  * @retval false Local used certificate chain data without spdm_cert_chain_t header is not found.
  **/
 bool libspdm_get_local_cert_chain_data(void *spdm_context,
+                                       uint8_t slot_id,
                                        const void **cert_chain_data,
                                        size_t *cert_chain_data_size);
 
 
@@ -1999,20 +1999,20 @@ libspdm_return_t libspdm_append_message_k(libspdm_context_t *spdm_context,
                                          hash_size);
                     }
                 } else {
-                    slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
+                    slot_id = spdm_session_info->local_used_cert_chain_slot_id;
                     LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
                     if (slot_id == 0xFF) {
                         result = libspdm_get_local_public_key_buffer(
                             spdm_context, (const void **)&cert_chain_buffer,
                             &cert_chain_buffer_size);
+                        if (!result) {
+                            return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
+                        }
                     } else {
-                        result = libspdm_get_local_cert_chain_buffer(
-                            spdm_context, (const void **)&cert_chain_buffer,
+                        libspdm_get_local_cert_chain_buffer(
+                            spdm_context, slot_id, (const void **)&cert_chain_buffer,
                             &cert_chain_buffer_size);
                     }
-                    if (!result) {
-                        return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
-                    }
 
                     result = libspdm_hash_all(
                         spdm_context->connection_info.algorithm.base_hash_algo,
@@ -2145,22 +2145,23 @@ libspdm_return_t libspdm_append_message_f(libspdm_context_t *spdm_context,
 
             if (!spdm_session_info->use_psk && (spdm_session_info->mut_auth_requested != 0)) {
                 if (is_requester) {
-                    slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
+                    slot_id = spdm_session_info->local_used_cert_chain_slot_id;
                     LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
                     if (slot_id == 0xFF) {
                         result = libspdm_get_local_public_key_buffer(
                             spdm_context,
                             (const void **)&mut_cert_chain_buffer,
                             &mut_cert_chain_buffer_size);
+                        if (!result) {
+                            return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
+                        }
                     } else {
-                        result = libspdm_get_local_cert_chain_buffer(
+                        libspdm_get_local_cert_chain_buffer(
                             spdm_context,
+                            slot_id,
                             (const void **)&mut_cert_chain_buffer,
                             &mut_cert_chain_buffer_size);
                     }
-                    if (!result) {
-                        return LIBSPDM_STATUS_INVALID_STATE_LOCAL;
-                    }
 
                     result = libspdm_hash_all(
                         spdm_context->connection_info.algorithm.base_hash_algo,
@@ -3253,8 +3254,6 @@ void libspdm_reset_context(void *spdm_context)
     libspdm_zero_mem(&context->connection_info.algorithm, sizeof(libspdm_device_algorithm_t));
     libspdm_zero_mem(&context->last_spdm_error, sizeof(libspdm_error_struct_t));
     libspdm_zero_mem(&context->encap_context, sizeof(libspdm_encap_context_t));
-    context->connection_info.local_used_cert_chain_buffer_size = 0;
-    context->connection_info.local_used_cert_chain_buffer = NULL;
     context->connection_info.multi_key_conn_req = false;
     context->connection_info.multi_key_conn_rsp = false;
 #if LIBSPDM_RESPOND_IF_READY_SUPPORT
 
@@ -115,19 +115,20 @@ bool libspdm_get_peer_cert_chain_data(void *spdm_context,
  * @retval true  Local used certificate chain buffer including spdm_cert_chain_t header is returned.
  * @retval false Local used certificate chain buffer including spdm_cert_chain_t header is not found.
  **/
-bool libspdm_get_local_cert_chain_buffer(void *spdm_context,
+void libspdm_get_local_cert_chain_buffer(void *spdm_context,
+                                         uint8_t slot_id,
                                          const void **cert_chain_buffer,
                                          size_t *cert_chain_buffer_size)
 {
     libspdm_context_t *context;
 
     context = spdm_context;
-    if (context->connection_info.local_used_cert_chain_buffer_size != 0) {
-        *cert_chain_buffer = context->connection_info.local_used_cert_chain_buffer;
-        *cert_chain_buffer_size = context->connection_info.local_used_cert_chain_buffer_size;
-        return true;
-    }
-    return false;
+
+    LIBSPDM_ASSERT(context->local_context.local_cert_chain_provision[slot_id] != NULL);
+    LIBSPDM_ASSERT(context->local_context.local_cert_chain_provision_size != 0);
+
+    *cert_chain_buffer = context->local_context.local_cert_chain_provision[slot_id];
+    *cert_chain_buffer_size = context->local_context.local_cert_chain_provision_size[slot_id];
 }
 
 /**
@@ -141,25 +142,22 @@ bool libspdm_get_local_cert_chain_buffer(void *spdm_context,
  * @retval false Local used certificate chain data without spdm_cert_chain_t header is not found.
  **/
 bool libspdm_get_local_cert_chain_data(void *spdm_context,
+                                       uint8_t slot_id,
                                        const void **cert_chain_data,
                                        size_t *cert_chain_data_size)
 {
     libspdm_context_t *context;
-    bool result;
     size_t hash_size;
 
     context = spdm_context;
 
-    result = libspdm_get_local_cert_chain_buffer(context, cert_chain_data,
-                                                 cert_chain_data_size);
-    if (!result) {
-        return false;
-    }
+    libspdm_get_local_cert_chain_buffer(context, slot_id, cert_chain_data, cert_chain_data_size);
 
     hash_size = libspdm_get_hash_size(context->connection_info.algorithm.base_hash_algo);
 
     *cert_chain_data = (const uint8_t *)*cert_chain_data + sizeof(spdm_cert_chain_t) + hash_size;
     *cert_chain_data_size = *cert_chain_data_size - (sizeof(spdm_cert_chain_t) + hash_size);
+
     return true;
 }
 
 
@@ -471,16 +471,17 @@ bool libspdm_calculate_th1_hash(libspdm_context_t *spdm_context,
                     &cert_chain_buffer_size);
             }
         } else {
-            slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
+            slot_id = session_info->local_used_cert_chain_slot_id;
             LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
             if (slot_id == 0xFF) {
                 result = libspdm_get_local_public_key_buffer(
                     spdm_context, (const void **)&cert_chain_buffer,
                     &cert_chain_buffer_size);
             } else {
-                result = libspdm_get_local_cert_chain_buffer(
-                    spdm_context, (const void **)&cert_chain_buffer,
+                libspdm_get_local_cert_chain_buffer(
+                    spdm_context, slot_id, (const void **)&cert_chain_buffer,
                     &cert_chain_buffer_size);
+                result = true;
             }
         }
         if (!result) {
@@ -563,33 +564,35 @@ bool libspdm_calculate_th2_hash(libspdm_context_t *spdm_context,
                     &cert_chain_buffer_size);
             }
         } else {
-            slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
+            slot_id = session_info->local_used_cert_chain_slot_id;
             LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
             if (slot_id == 0xFF) {
                 result = libspdm_get_local_public_key_buffer(
                     spdm_context, (const void **)&cert_chain_buffer,
                     &cert_chain_buffer_size);
             } else {
-                result = libspdm_get_local_cert_chain_buffer(
-                    spdm_context, (const void **)&cert_chain_buffer,
+                libspdm_get_local_cert_chain_buffer(
+                    spdm_context, slot_id, (const void **)&cert_chain_buffer,
                     &cert_chain_buffer_size);
+                result = true;
             }
         }
         if (!result) {
             return false;
         }
         if (session_info->mut_auth_requested != 0) {
             if (is_requester) {
-                slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
+                slot_id = session_info->local_used_cert_chain_slot_id;
                 LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
                 if (slot_id == 0xFF) {
                     result = libspdm_get_local_public_key_buffer(
                         spdm_context, (const void **)&mut_cert_chain_buffer,
                         &mut_cert_chain_buffer_size);
                 } else {
-                    result = libspdm_get_local_cert_chain_buffer(
-                        spdm_context, (const void **)&mut_cert_chain_buffer,
+                    libspdm_get_local_cert_chain_buffer(
+                        spdm_context, slot_id, (const void **)&mut_cert_chain_buffer,
                         &mut_cert_chain_buffer_size);
+                    result = true;
                 }
             } else {
                 slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id;
 
@@ -63,14 +63,16 @@ bool libspdm_verify_finish_rsp_hmac(libspdm_context_t *spdm_context,
     }
 
     if (session_info->mut_auth_requested != 0) {
-        slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
+        slot_id = session_info->local_used_cert_chain_slot_id;
         LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
         if (slot_id == 0xFF) {
             result = libspdm_get_local_public_key_buffer(
                 spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size);
         } else {
-            result = libspdm_get_local_cert_chain_buffer(
-                spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size);
+            libspdm_get_local_cert_chain_buffer(
+                spdm_context, slot_id, (const void **)&mut_cert_chain_buffer,
+                &mut_cert_chain_buffer_size);
+            result = true;
         }
         if (!result) {
             return false;
@@ -158,14 +160,16 @@ bool libspdm_generate_finish_req_hmac(libspdm_context_t *spdm_context,
     }
 
     if (session_info->mut_auth_requested != 0) {
-        slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
+        slot_id = session_info->local_used_cert_chain_slot_id;
         LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
         if (slot_id == 0xFF) {
             result = libspdm_get_local_public_key_buffer(
                 spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size);
         } else {
-            result = libspdm_get_local_cert_chain_buffer(
-                spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size);
+            libspdm_get_local_cert_chain_buffer(
+                spdm_context, slot_id, (const void **)&mut_cert_chain_buffer,
+                &mut_cert_chain_buffer_size);
+            result = true;
         }
         if (!result) {
             return false;
@@ -264,14 +268,16 @@ bool libspdm_generate_finish_req_signature(libspdm_context_t *spdm_context,
         return false;
     }
 
-    slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
+    slot_id = session_info->local_used_cert_chain_slot_id;
     LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
     if (slot_id == 0xFF) {
         result = libspdm_get_local_public_key_buffer(
             spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size);
     } else {
-        result = libspdm_get_local_cert_chain_buffer(
-            spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size);
+        libspdm_get_local_cert_chain_buffer(
+            spdm_context, slot_id, (const void **)&mut_cert_chain_buffer,
+            &mut_cert_chain_buffer_size);
+        result = true;
     }
     if (!result) {
         return false;
@@ -476,14 +482,7 @@ static libspdm_return_t libspdm_try_send_receive_finish(
     }
 #endif
 
-    spdm_context->connection_info.local_used_cert_chain_slot_id = req_slot_id_param;
-    if ((session_info->mut_auth_requested != 0) && (req_slot_id_param != 0xFF)) {
-        LIBSPDM_ASSERT(req_slot_id_param < SPDM_MAX_SLOT_COUNT);
-        spdm_context->connection_info.local_used_cert_chain_buffer =
-            spdm_context->local_context.local_cert_chain_provision[req_slot_id_param];
-        spdm_context->connection_info.local_used_cert_chain_buffer_size =
-            spdm_context->local_context.local_cert_chain_provision_size[req_slot_id_param];
-    }
+    session_info->local_used_cert_chain_slot_id = req_slot_id_param;
 
     hmac_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
     LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_finish_request_t) + opaque_data_entry_size +
 
@@ -32,14 +32,15 @@ bool libspdm_verify_finish_req_hmac(libspdm_context_t *spdm_context,
     LIBSPDM_ASSERT(hmac_size == hash_size);
 
 #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
-    slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
+    slot_id = session_info->local_used_cert_chain_slot_id;
     LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
     if (slot_id == 0xFF) {
         result = libspdm_get_local_public_key_buffer(
             spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
     } else {
-        result = libspdm_get_local_cert_chain_buffer(
-            spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
+        libspdm_get_local_cert_chain_buffer(
+            spdm_context, slot_id, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
+        result = true;
     }
     if (!result) {
         return false;
@@ -136,17 +137,17 @@ bool libspdm_verify_finish_req_signature(libspdm_context_t *spdm_context,
 #endif
 
 #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
-    slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
+    slot_id = session_info->local_used_cert_chain_slot_id;
     LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
     if (slot_id == 0xFF) {
         result = libspdm_get_local_public_key_buffer(
             spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
+        if (!result) {
+           return false;
+        }
     } else {
-        result = libspdm_get_local_cert_chain_buffer(
-            spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
-    }
-    if (!result) {
-        return false;
+        libspdm_get_local_cert_chain_buffer(
+            spdm_context, slot_id, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
     }
 
     slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id;
@@ -323,17 +324,17 @@ bool libspdm_generate_finish_rsp_hmac(libspdm_context_t *spdm_context,
     hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
 
 #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
-    slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id;
+    slot_id = session_info->local_used_cert_chain_slot_id;
     LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF));
     if (slot_id == 0xFF) {
         result = libspdm_get_local_public_key_buffer(
             spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
+        if (!result) {
+            return false;
+        }
     } else {
-        result = libspdm_get_local_cert_chain_buffer(
-            spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
-    }
-    if (!result) {
-        return false;
+        libspdm_get_local_cert_chain_buffer(
+            spdm_context, slot_id, (const void **)&cert_chain_buffer, &cert_chain_buffer_size);
     }
 
     if (session_info->mut_auth_requested != 0) {