From 49ec0026fc245f568c3520096a50c85801e1175a Mon Sep 17 00:00:00 2001 From: Steven Bellock Date: Thu, 18 Dec 2025 12:08:19 -0800 Subject: [PATCH] Add peer_used_cert_chain_slot_id to session_info Fix #3434 Signed-off-by: Steven Bellock --- include/internal/libspdm_common_lib.h | 4 + include/library/spdm_common_lib.h | 8 +- .../libspdm_com_context_data.c | 4 +- .../libspdm_com_crypto_service.c | 102 +++++------------- .../libspdm_com_crypto_service_session.c | 21 ++-- .../libspdm_req_challenge.c | 6 +- .../spdm_requester_lib/libspdm_req_finish.c | 48 ++++----- .../libspdm_req_get_endpoint_info.c | 2 +- .../libspdm_req_get_measurements.c | 7 +- .../libspdm_req_key_exchange.c | 35 +++--- .../libspdm_rsp_encap_challenge.c | 6 +- .../libspdm_rsp_encap_get_endpoint_info.c | 2 +- .../spdm_responder_lib/libspdm_rsp_finish.c | 58 +++++----- .../libspdm_rsp_key_exchange.c | 2 +- .../test_spdm_requester/encap_endpoint_info.c | 13 ++- unit_test/test_spdm_requester/finish.c | 3 +- unit_test/test_spdm_responder/endpoint_info.c | 12 ++- unit_test/test_spdm_responder/finish_rsp.c | 22 ++-- 18 files changed, 159 insertions(+), 196 deletions(-) diff --git a/include/internal/libspdm_common_lib.h b/include/internal/libspdm_common_lib.h index 47035109ada..137718cfed0 100644 --- a/include/internal/libspdm_common_lib.h +++ b/include/internal/libspdm_common_lib.h @@ -474,6 +474,7 @@ typedef struct { void *secured_message_context; /* Only present in session info as it is currently only used within a secure session. */ uint8_t local_used_cert_chain_slot_id; + uint8_t peer_used_cert_chain_slot_id; } libspdm_session_info_t; #define LIBSPDM_MAX_ENCAP_REQUEST_OP_CODE_SEQUENCE_COUNT 3 @@ -1036,6 +1037,7 @@ bool libspdm_generate_challenge_auth_signature(libspdm_context_t *spdm_context, * @retval false hash verification fail. **/ bool libspdm_verify_certificate_chain_hash(libspdm_context_t *spdm_context, + uint8_t slot_id, const void *certificate_chain_hash, size_t certificate_chain_hash_size); @@ -1066,6 +1068,7 @@ bool libspdm_verify_public_key_hash(libspdm_context_t *spdm_context, **/ bool libspdm_verify_challenge_auth_signature(libspdm_context_t *spdm_context, bool is_requester, + uint8_t slot_id, const void *sign_data, size_t sign_data_size); @@ -1115,6 +1118,7 @@ bool libspdm_generate_endpoint_info_signature(libspdm_context_t *spdm_context, bool libspdm_verify_endpoint_info_signature(libspdm_context_t *spdm_context, libspdm_session_info_t *session_info, bool is_requester, + uint8_t slot_id, const void *sign_data, size_t sign_data_size); diff --git a/include/library/spdm_common_lib.h b/include/library/spdm_common_lib.h index 732329e35f9..138ebf6268a 100644 --- a/include/library/spdm_common_lib.h +++ b/include/library/spdm_common_lib.h @@ -845,6 +845,7 @@ void *libspdm_get_secured_message_context_via_session_id(void *spdm_context, uin **/ void *libspdm_get_secured_message_context_via_session_info(void *spdm_session_info); +#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT /** * This function returns peer certificate chain buffer including spdm_cert_chain_t header. * @@ -855,7 +856,8 @@ void *libspdm_get_secured_message_context_via_session_info(void *spdm_session_in * @retval true Peer certificate chain buffer including spdm_cert_chain_t header is returned. * @retval false Peer certificate chain buffer including spdm_cert_chain_t header is not found. **/ -bool libspdm_get_peer_cert_chain_buffer(void *spdm_context, +void libspdm_get_peer_cert_chain_buffer(void *spdm_context, + uint8_t slot_id, const void **cert_chain_buffer, size_t *cert_chain_buffer_size); @@ -869,9 +871,11 @@ bool libspdm_get_peer_cert_chain_buffer(void *spdm_context, * @retval true Peer certificate chain data without spdm_cert_chain_t header is returned. * @retval false Peer certificate chain data without spdm_cert_chain_t header is not found. **/ -bool libspdm_get_peer_cert_chain_data(void *spdm_context, +void libspdm_get_peer_cert_chain_data(void *spdm_context, + uint8_t slot_id, const void **cert_chain_data, size_t *cert_chain_data_size); +#endif /* LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT */ /** * This function returns local used certificate chain buffer including spdm_cert_chain_t header. diff --git a/library/spdm_common_lib/libspdm_com_context_data.c b/library/spdm_common_lib/libspdm_com_context_data.c index f3d1ab5baae..7e4b6299249 100644 --- a/library/spdm_common_lib/libspdm_com_context_data.c +++ b/library/spdm_common_lib/libspdm_com_context_data.c @@ -1969,7 +1969,7 @@ libspdm_return_t libspdm_append_message_k(libspdm_context_t *spdm_context, if (spdm_session_info->session_transcript.digest_context_th == NULL) { if (!spdm_session_info->use_psk) { if (is_requester) { - slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; + slot_id = spdm_session_info->peer_used_cert_chain_slot_id; LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); if (slot_id == 0xFF) { result = libspdm_get_peer_public_key_buffer( @@ -2171,7 +2171,7 @@ libspdm_return_t libspdm_append_message_f(libspdm_context_t *spdm_context, return LIBSPDM_STATUS_CRYPTO_ERROR; } } else { - slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; + slot_id = spdm_session_info->peer_used_cert_chain_slot_id; LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); if (slot_id == 0xFF) { result = libspdm_get_peer_public_key_buffer( diff --git a/library/spdm_common_lib/libspdm_com_crypto_service.c b/library/spdm_common_lib/libspdm_com_crypto_service.c index 817722e8dd2..94714e710aa 100644 --- a/library/spdm_common_lib/libspdm_com_crypto_service.c +++ b/library/spdm_common_lib/libspdm_com_crypto_service.c @@ -39,71 +39,39 @@ uint8_t libspdm_slot_id_to_key_pair_id ( return context->local_context.local_key_pair_id[slot_id]; } -/** - * This function returns peer certificate chain buffer including spdm_cert_chain_t header. - * - * @param spdm_context A pointer to the SPDM context. - * @param cert_chain_buffer Certificate chain buffer including spdm_cert_chain_t header. - * @param cert_chain_buffer_size size in bytes of the certificate chain buffer. - * - * @retval true Peer certificate chain buffer including spdm_cert_chain_t header is returned. - * @retval false Peer certificate chain buffer including spdm_cert_chain_t header is not found. - **/ -bool libspdm_get_peer_cert_chain_buffer(void *spdm_context, +#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT +void libspdm_get_peer_cert_chain_buffer(void *spdm_context, + uint8_t slot_id, const void **cert_chain_buffer, size_t *cert_chain_buffer_size) { -#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT + libspdm_context_t *context; - uint8_t slot_id; context = spdm_context; - slot_id = context->connection_info.peer_used_cert_chain_slot_id; + LIBSPDM_ASSERT(slot_id < SPDM_MAX_SLOT_COUNT); - if (context->connection_info.peer_used_cert_chain[slot_id].buffer_size != 0) { - *cert_chain_buffer = context->connection_info.peer_used_cert_chain[slot_id].buffer; - *cert_chain_buffer_size = context->connection_info - .peer_used_cert_chain[slot_id].buffer_size; - return true; - } -#endif - return false; + + *cert_chain_buffer = context->connection_info.peer_used_cert_chain[slot_id].buffer; + *cert_chain_buffer_size = context->connection_info.peer_used_cert_chain[slot_id].buffer_size; } -/** - * This function returns peer certificate chain data without spdm_cert_chain_t header. - * - * @param spdm_context A pointer to the SPDM context. - * @param cert_chain_data Certificate chain data without spdm_cert_chain_t header. - * @param cert_chain_data_size size in bytes of the certificate chain data. - * - * @retval true Peer certificate chain data without spdm_cert_chain_t header is returned. - * @retval false Peer certificate chain data without spdm_cert_chain_t header is not found. - **/ -bool libspdm_get_peer_cert_chain_data(void *spdm_context, +void libspdm_get_peer_cert_chain_data(void *spdm_context, + uint8_t slot_id, const void **cert_chain_data, size_t *cert_chain_data_size) { -#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT libspdm_context_t *context; size_t hash_size; - bool result; context = spdm_context; hash_size = libspdm_get_hash_size(context->connection_info.algorithm.base_hash_algo); - result = libspdm_get_peer_cert_chain_buffer(context, cert_chain_data, - cert_chain_data_size); - if (result) { - *cert_chain_data = - (const uint8_t *)*cert_chain_data + sizeof(spdm_cert_chain_t) + hash_size; - *cert_chain_data_size = - *cert_chain_data_size - (sizeof(spdm_cert_chain_t) + hash_size); - return true; - } -#endif - return false; + libspdm_get_peer_cert_chain_buffer(context, slot_id, cert_chain_data, cert_chain_data_size); + *cert_chain_data = (const uint8_t *)*cert_chain_data + sizeof(spdm_cert_chain_t) + hash_size; + *cert_chain_data_size = *cert_chain_data_size - (sizeof(spdm_cert_chain_t) + hash_size); } +#endif /* LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT */ /** * This function returns local used certificate chain buffer including spdm_cert_chain_t header. @@ -1038,6 +1006,7 @@ bool libspdm_generate_challenge_auth_signature(libspdm_context_t *spdm_context, * @retval false hash verification fail. **/ bool libspdm_verify_certificate_chain_hash(libspdm_context_t *spdm_context, + uint8_t slot_id, const void *certificate_chain_hash, size_t certificate_chain_hash_size) { @@ -1047,17 +1016,11 @@ bool libspdm_verify_certificate_chain_hash(libspdm_context_t *spdm_context, const uint8_t *cert_chain_buffer; size_t cert_chain_buffer_size; bool result; -#else - uint8_t slot_id; -#endif -#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT - result = libspdm_get_peer_cert_chain_buffer(spdm_context, - (const void **)&cert_chain_buffer, - &cert_chain_buffer_size); - if (!result) { - return false; - } + libspdm_get_peer_cert_chain_buffer(spdm_context, + slot_id, + (const void **)&cert_chain_buffer, + &cert_chain_buffer_size); hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo); @@ -1080,9 +1043,6 @@ bool libspdm_verify_certificate_chain_hash(libspdm_context_t *spdm_context, return false; } #else - slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; - LIBSPDM_ASSERT(slot_id < SPDM_MAX_SLOT_COUNT); - LIBSPDM_ASSERT( spdm_context->connection_info.peer_used_cert_chain[slot_id].buffer_hash_size != 0); @@ -1160,12 +1120,12 @@ bool libspdm_verify_public_key_hash(libspdm_context_t *spdm_context, **/ bool libspdm_verify_challenge_auth_signature(libspdm_context_t *spdm_context, bool is_requester, + uint8_t slot_id, const void *sign_data, size_t sign_data_size) { bool result; void *context; - uint8_t slot_id; #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT libspdm_m1m2_managed_buffer_t m1m2; uint8_t *m1m2_buffer; @@ -1198,9 +1158,6 @@ bool libspdm_verify_challenge_auth_signature(libspdm_context_t *spdm_context, return false; } - slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; - LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); - if (slot_id == 0xFF) { if (is_requester) { if (spdm_context->connection_info.algorithm.pqc_asym_algo != 0) { @@ -1236,11 +1193,8 @@ bool libspdm_verify_challenge_auth_signature(libspdm_context_t *spdm_context, } } else { #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT - result = libspdm_get_peer_cert_chain_data( - spdm_context, (const void **)&cert_chain_data, &cert_chain_data_size); - if (!result) { - return false; - } + libspdm_get_peer_cert_chain_data( + spdm_context, slot_id, (const void **)&cert_chain_data, &cert_chain_data_size); /* Get leaf cert from cert chain*/ result = libspdm_x509_get_cert_from_cert_chain( @@ -1543,12 +1497,12 @@ bool libspdm_generate_endpoint_info_signature(libspdm_context_t *spdm_context, bool libspdm_verify_endpoint_info_signature(libspdm_context_t *spdm_context, libspdm_session_info_t *session_info, bool is_requester, + uint8_t slot_id, const void *sign_data, size_t sign_data_size) { bool result; void *context; - uint8_t slot_id; #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT libspdm_il1il2_managed_buffer_t il1il2; uint8_t *il1il2_buffer; @@ -1580,9 +1534,6 @@ bool libspdm_verify_endpoint_info_signature(libspdm_context_t *spdm_context, return false; } - slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; - LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xF)); - if (slot_id == 0xF) { if (is_requester) { if (spdm_context->connection_info.algorithm.base_asym_algo != 0) { @@ -1620,11 +1571,8 @@ bool libspdm_verify_endpoint_info_signature(libspdm_context_t *spdm_context, } } else { #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT - result = libspdm_get_peer_cert_chain_data( - spdm_context, (const void **)&cert_chain_data, &cert_chain_data_size); - if (!result) { - return false; - } + libspdm_get_peer_cert_chain_data( + spdm_context, slot_id, (const void **)&cert_chain_data, &cert_chain_data_size); /* Get leaf cert from cert chain*/ result = libspdm_x509_get_cert_from_cert_chain(cert_chain_data, diff --git a/library/spdm_common_lib/libspdm_com_crypto_service_session.c b/library/spdm_common_lib/libspdm_com_crypto_service_session.c index 9a333c0205c..d14c6fbc794 100644 --- a/library/spdm_common_lib/libspdm_com_crypto_service_session.c +++ b/library/spdm_common_lib/libspdm_com_crypto_service_session.c @@ -459,16 +459,17 @@ bool libspdm_calculate_th1_hash(libspdm_context_t *spdm_context, #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT if (!session_info->use_psk) { if (is_requester) { - slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; + slot_id = session_info->peer_used_cert_chain_slot_id; LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); if (slot_id == 0xFF) { result = libspdm_get_peer_public_key_buffer( spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); } else { - result = libspdm_get_peer_cert_chain_buffer( - spdm_context, (const void **)&cert_chain_buffer, + libspdm_get_peer_cert_chain_buffer( + spdm_context, slot_id, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); + result = true; } } else { slot_id = session_info->local_used_cert_chain_slot_id; @@ -552,16 +553,17 @@ bool libspdm_calculate_th2_hash(libspdm_context_t *spdm_context, #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT if (!session_info->use_psk) { if (is_requester) { - slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; + slot_id = session_info->peer_used_cert_chain_slot_id; LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); if (slot_id == 0xFF) { result = libspdm_get_peer_public_key_buffer( spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); } else { - result = libspdm_get_peer_cert_chain_buffer( - spdm_context, (const void **)&cert_chain_buffer, + libspdm_get_peer_cert_chain_buffer( + spdm_context, slot_id, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); + result = true; } } else { slot_id = session_info->local_used_cert_chain_slot_id; @@ -595,16 +597,17 @@ bool libspdm_calculate_th2_hash(libspdm_context_t *spdm_context, result = true; } } else { - slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; + slot_id = session_info->peer_used_cert_chain_slot_id; LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); if (slot_id == 0xFF) { result = libspdm_get_peer_public_key_buffer( spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); } else { - result = libspdm_get_peer_cert_chain_buffer( - spdm_context, (const void **)&mut_cert_chain_buffer, + libspdm_get_peer_cert_chain_buffer( + spdm_context, slot_id, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); + result = true; } } if (!result) { diff --git a/library/spdm_requester_lib/libspdm_req_challenge.c b/library/spdm_requester_lib/libspdm_req_challenge.c index 33b160de6df..1432a750900 100644 --- a/library/spdm_requester_lib/libspdm_req_challenge.c +++ b/library/spdm_requester_lib/libspdm_req_challenge.c @@ -250,7 +250,8 @@ static libspdm_return_t libspdm_try_challenge(libspdm_context_t *spdm_context, if (slot_id == 0xFF) { result = libspdm_verify_public_key_hash(spdm_context, cert_chain_hash, hash_size); } else { - result = libspdm_verify_certificate_chain_hash(spdm_context, cert_chain_hash, hash_size); + result = libspdm_verify_certificate_chain_hash(spdm_context, slot_id, cert_chain_hash, + hash_size); } if (!result) { status = LIBSPDM_STATUS_VERIF_FAIL; @@ -359,7 +360,8 @@ static libspdm_return_t libspdm_try_challenge(libspdm_context_t *spdm_context, signature = ptr; LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "signature (0x%zx):\n", signature_size)); LIBSPDM_INTERNAL_DUMP_HEX(signature, signature_size); - result = libspdm_verify_challenge_auth_signature(spdm_context, true, signature, signature_size); + result = libspdm_verify_challenge_auth_signature(spdm_context, true, slot_id, + signature, signature_size); if (!result) { libspdm_reset_message_c(spdm_context); status = LIBSPDM_STATUS_VERIF_FAIL; diff --git a/library/spdm_requester_lib/libspdm_req_finish.c b/library/spdm_requester_lib/libspdm_req_finish.c index 255f6367041..d3fdbd6f668 100644 --- a/library/spdm_requester_lib/libspdm_req_finish.c +++ b/library/spdm_requester_lib/libspdm_req_finish.c @@ -49,17 +49,17 @@ bool libspdm_verify_finish_rsp_hmac(libspdm_context_t *spdm_context, LIBSPDM_ASSERT(hash_size == hmac_data_size); #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT - slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; + slot_id = session_info->peer_used_cert_chain_slot_id; LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); if (slot_id == 0xFF) { result = libspdm_get_peer_public_key_buffer( spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); + if (!result) { + return false; + } } else { - result = libspdm_get_peer_cert_chain_buffer( - spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); - } - if (!result) { - return false; + libspdm_get_peer_cert_chain_buffer( + spdm_context, slot_id, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); } if (session_info->mut_auth_requested != 0) { @@ -146,17 +146,17 @@ bool libspdm_generate_finish_req_hmac(libspdm_context_t *spdm_context, hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo); #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT - slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; + slot_id = session_info->peer_used_cert_chain_slot_id; LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); if (slot_id == 0xFF) { result = libspdm_get_peer_public_key_buffer( spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); + if (!result) { + return false; + } } else { - result = libspdm_get_peer_cert_chain_buffer( - spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); - } - if (!result) { - return false; + libspdm_get_peer_cert_chain_buffer( + spdm_context, slot_id, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); } if (session_info->mut_auth_requested != 0) { @@ -165,14 +165,13 @@ bool libspdm_generate_finish_req_hmac(libspdm_context_t *spdm_context, if (slot_id == 0xFF) { result = libspdm_get_local_public_key_buffer( spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); + if (!result) { + return false; + } } else { libspdm_get_local_cert_chain_buffer( spdm_context, slot_id, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); - result = true; - } - if (!result) { - return false; } } else { mut_cert_chain_buffer = NULL; @@ -260,12 +259,12 @@ bool libspdm_generate_finish_req_signature(libspdm_context_t *spdm_context, if (slot_id == 0xFF) { result = libspdm_get_peer_public_key_buffer( spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); + if (!result) { + return false; + } } else { - result = libspdm_get_peer_cert_chain_buffer( - spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); - } - if (!result) { - return false; + libspdm_get_peer_cert_chain_buffer( + spdm_context, slot_id, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); } slot_id = session_info->local_used_cert_chain_slot_id; @@ -273,14 +272,13 @@ bool libspdm_generate_finish_req_signature(libspdm_context_t *spdm_context, if (slot_id == 0xFF) { result = libspdm_get_local_public_key_buffer( spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); + if (!result) { + return false; + } } else { libspdm_get_local_cert_chain_buffer( spdm_context, slot_id, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); - result = true; - } - if (!result) { - return false; } result = libspdm_calculate_th_for_finish( diff --git a/library/spdm_requester_lib/libspdm_req_get_endpoint_info.c b/library/spdm_requester_lib/libspdm_req_get_endpoint_info.c index 17c4df8b573..6b7d9edb5db 100644 --- a/library/spdm_requester_lib/libspdm_req_get_endpoint_info.c +++ b/library/spdm_requester_lib/libspdm_req_get_endpoint_info.c @@ -271,7 +271,7 @@ static libspdm_return_t libspdm_try_get_endpoint_info(libspdm_context_t *spdm_co LIBSPDM_INTERNAL_DUMP_HEX(signature, signature_size); result = libspdm_verify_endpoint_info_signature( - spdm_context, session_info, true, signature, signature_size); + spdm_context, session_info, true, slot_id, signature, signature_size); if (!result) { status = LIBSPDM_STATUS_VERIF_FAIL; goto receive_done; diff --git a/library/spdm_requester_lib/libspdm_req_get_measurements.c b/library/spdm_requester_lib/libspdm_req_get_measurements.c index 009a7d0d197..6f7b9bebec3 100644 --- a/library/spdm_requester_lib/libspdm_req_get_measurements.c +++ b/library/spdm_requester_lib/libspdm_req_get_measurements.c @@ -64,11 +64,8 @@ bool libspdm_verify_measurement_signature(libspdm_context_t *spdm_context, } } else { #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT - result = libspdm_get_peer_cert_chain_data( - spdm_context, (const void **)&cert_chain_data, &cert_chain_data_size); - if (!result) { - return false; - } + libspdm_get_peer_cert_chain_data( + spdm_context, slot_id, (const void **)&cert_chain_data, &cert_chain_data_size); /* Get leaf cert from cert chain*/ result = libspdm_x509_get_cert_from_cert_chain(cert_chain_data, diff --git a/library/spdm_requester_lib/libspdm_req_key_exchange.c b/library/spdm_requester_lib/libspdm_req_key_exchange.c index 35492dd6653..c7cedc89181 100644 --- a/library/spdm_requester_lib/libspdm_req_key_exchange.c +++ b/library/spdm_requester_lib/libspdm_req_key_exchange.c @@ -58,17 +58,17 @@ bool libspdm_verify_key_exchange_rsp_hmac(libspdm_context_t *spdm_context, LIBSPDM_ASSERT(hash_size == hmac_data_size); #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT - slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; + slot_id = session_info->peer_used_cert_chain_slot_id; LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); if (slot_id == 0xFF) { result = libspdm_get_peer_public_key_buffer( spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); + if (!result) { + return false; + } } else { - result = libspdm_get_peer_cert_chain_buffer( - spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); - } - if (!result) { - return false; + libspdm_get_peer_cert_chain_buffer( + spdm_context, slot_id, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); } result = libspdm_calculate_th_for_exchange( @@ -137,19 +137,19 @@ bool libspdm_verify_key_exchange_rsp_signature( hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo); #endif - slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; + slot_id = session_info->peer_used_cert_chain_slot_id; LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT if (slot_id == 0xFF) { result = libspdm_get_peer_public_key_buffer( spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); + if (!result) { + return false; + } } else { - result = libspdm_get_peer_cert_chain_buffer( - spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); - } - if (!result) { - return false; + libspdm_get_peer_cert_chain_buffer( + spdm_context, slot_id, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); } result = libspdm_calculate_th_for_exchange( @@ -204,11 +204,9 @@ bool libspdm_verify_key_exchange_rsp_signature( } else { #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT /* Get leaf cert from cert chain*/ - result = libspdm_get_peer_cert_chain_data( - spdm_context, (const void **)&cert_chain_data, &cert_chain_data_size); - if (!result) { - return false; - } + libspdm_get_peer_cert_chain_data( + spdm_context, slot_id, (const void **)&cert_chain_data, &cert_chain_data_size); + result = libspdm_x509_get_cert_from_cert_chain( cert_chain_data, cert_chain_data_size, -1, &cert_buffer, &cert_buffer_size); if (!result) { @@ -392,7 +390,6 @@ static libspdm_return_t libspdm_try_send_receive_key_exchange( libspdm_reset_message_buffer_via_request_code(spdm_context, NULL, SPDM_KEY_EXCHANGE); /* -=[Construct Request Phase]=- */ - spdm_context->connection_info.peer_used_cert_chain_slot_id = slot_id; transport_header_size = spdm_context->local_context.capability.transport_header_size; status = libspdm_acquire_sender_buffer (spdm_context, &message_size, (void **)&message); if (LIBSPDM_STATUS_IS_ERROR(status)) { @@ -746,11 +743,11 @@ static libspdm_return_t libspdm_try_send_receive_key_exchange( *session_id = libspdm_generate_session_id(req_session_id, rsp_session_id); session_info = libspdm_assign_session_id(spdm_context, *session_id, secured_message_version, false); - if (session_info == NULL) { status = LIBSPDM_STATUS_SESSION_NUMBER_EXCEED; goto receive_done; } + session_info->peer_used_cert_chain_slot_id = slot_id; /* -=[Process Response Phase]=- */ status = libspdm_append_message_k(spdm_context, session_info, true, spdm_request, diff --git a/library/spdm_responder_lib/libspdm_rsp_encap_challenge.c b/library/spdm_responder_lib/libspdm_rsp_encap_challenge.c index adb87c000d9..69ca0b75094 100644 --- a/library/spdm_responder_lib/libspdm_rsp_encap_challenge.c +++ b/library/spdm_responder_lib/libspdm_rsp_encap_challenge.c @@ -172,7 +172,9 @@ libspdm_return_t libspdm_process_encap_response_challenge_auth( if (spdm_context->connection_info.peer_used_cert_chain_slot_id == 0xFF) { result = libspdm_verify_public_key_hash(spdm_context, cert_chain_hash, hash_size); } else { - result = libspdm_verify_certificate_chain_hash(spdm_context, cert_chain_hash, hash_size); + result = libspdm_verify_certificate_chain_hash( + spdm_context, spdm_context->connection_info.peer_used_cert_chain_slot_id, + cert_chain_hash, hash_size); } if (!result) { return LIBSPDM_STATUS_INVALID_CERT; @@ -256,7 +258,7 @@ libspdm_return_t libspdm_process_encap_response_challenge_auth( LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "Encap signature (0x%zx):\n", signature_size)); LIBSPDM_INTERNAL_DUMP_HEX(signature, signature_size); result = libspdm_verify_challenge_auth_signature( - spdm_context, false, signature, signature_size); + spdm_context, false, spdm_context->encap_context.req_slot_id, signature, signature_size); if (!result) { return LIBSPDM_STATUS_VERIF_FAIL; } diff --git a/library/spdm_responder_lib/libspdm_rsp_encap_get_endpoint_info.c b/library/spdm_responder_lib/libspdm_rsp_encap_get_endpoint_info.c index 648d78862eb..c5f0140a8c2 100644 --- a/library/spdm_responder_lib/libspdm_rsp_encap_get_endpoint_info.c +++ b/library/spdm_responder_lib/libspdm_rsp_encap_get_endpoint_info.c @@ -228,7 +228,7 @@ libspdm_return_t libspdm_process_encap_response_endpoint_info( LIBSPDM_INTERNAL_DUMP_HEX(signature, signature_size); result = libspdm_verify_endpoint_info_signature( - spdm_context, session_info, false, signature, signature_size); + spdm_context, session_info, false, slot_id, signature, signature_size); if (!result) { return LIBSPDM_STATUS_VERIF_FAIL; } diff --git a/library/spdm_responder_lib/libspdm_rsp_finish.c b/library/spdm_responder_lib/libspdm_rsp_finish.c index 249ab3d672a..af43e6e4bb0 100644 --- a/library/spdm_responder_lib/libspdm_rsp_finish.c +++ b/library/spdm_responder_lib/libspdm_rsp_finish.c @@ -37,27 +37,27 @@ bool libspdm_verify_finish_req_hmac(libspdm_context_t *spdm_context, if (slot_id == 0xFF) { result = libspdm_get_local_public_key_buffer( spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); + if (!result) { + return false; + } } else { libspdm_get_local_cert_chain_buffer( spdm_context, slot_id, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); - result = true; - } - if (!result) { - return false; } if (session_info->mut_auth_requested != 0) { - slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; + slot_id = session_info->peer_used_cert_chain_slot_id; LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); if (slot_id == 0xFF) { result = libspdm_get_peer_public_key_buffer( spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); + if (!result) { + return false; + } } else { - result = libspdm_get_peer_cert_chain_buffer( - spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); - } - if (!result) { - return false; + libspdm_get_peer_cert_chain_buffer( + spdm_context, slot_id, (const void **)&mut_cert_chain_buffer, + &mut_cert_chain_buffer_size); } } else { mut_cert_chain_buffer = NULL; @@ -150,17 +150,18 @@ bool libspdm_verify_finish_req_signature(libspdm_context_t *spdm_context, spdm_context, slot_id, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); } - slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; + slot_id = session_info->peer_used_cert_chain_slot_id; LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); if (slot_id == 0xFF) { result = libspdm_get_peer_public_key_buffer( spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); + if (!result) { + return false; + } } else { - result = libspdm_get_peer_cert_chain_buffer( - spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); - } - if (!result) { - return false; + libspdm_get_peer_cert_chain_buffer( + spdm_context, slot_id, (const void **)&mut_cert_chain_buffer, + &mut_cert_chain_buffer_size); } result = libspdm_calculate_th_for_finish( @@ -196,7 +197,7 @@ bool libspdm_verify_finish_req_signature(libspdm_context_t *spdm_context, LIBSPDM_INTERNAL_DUMP_DATA(sign_data, sign_data_size); LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n")); - slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; + slot_id = session_info->peer_used_cert_chain_slot_id; LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); if (slot_id == 0xFF) { @@ -219,12 +220,10 @@ bool libspdm_verify_finish_req_signature(libspdm_context_t *spdm_context, } else { #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT /* Get leaf cert from cert chain*/ - result = libspdm_get_peer_cert_chain_data(spdm_context, - (const void **)&mut_cert_chain_data, - &mut_cert_chain_data_size); - if (!result) { - return false; - } + libspdm_get_peer_cert_chain_data(spdm_context, + slot_id, + (const void **)&mut_cert_chain_data, + &mut_cert_chain_data_size); result = libspdm_x509_get_cert_from_cert_chain(mut_cert_chain_data, mut_cert_chain_data_size, -1, @@ -338,17 +337,18 @@ bool libspdm_generate_finish_rsp_hmac(libspdm_context_t *spdm_context, } if (session_info->mut_auth_requested != 0) { - slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; + slot_id = session_info->peer_used_cert_chain_slot_id; LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); if (slot_id == 0xFF) { result = libspdm_get_peer_public_key_buffer( spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); + if (!result) { + return false; + } } else { - result = libspdm_get_peer_cert_chain_buffer( - spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); - } - if (!result) { - return false; + libspdm_get_peer_cert_chain_buffer( + spdm_context, slot_id, (const void **)&mut_cert_chain_buffer, + &mut_cert_chain_buffer_size); } } else { mut_cert_chain_buffer = NULL; diff --git a/library/spdm_responder_lib/libspdm_rsp_key_exchange.c b/library/spdm_responder_lib/libspdm_rsp_key_exchange.c index d82153ea533..a15a6dc6cee 100644 --- a/library/spdm_responder_lib/libspdm_rsp_key_exchange.c +++ b/library/spdm_responder_lib/libspdm_rsp_key_exchange.c @@ -522,7 +522,7 @@ libspdm_return_t libspdm_get_response_key_exchange(libspdm_context_t *spdm_conte spdm_response->req_slot_id_param = req_slot_id; } else if (need_encap && req_encap_cap) { spdm_response->mut_auth_requested = mut_auth_requested; - spdm_context->connection_info.peer_used_cert_chain_slot_id = req_slot_id; + session_info->peer_used_cert_chain_slot_id = req_slot_id; libspdm_init_mut_auth_encap_state(spdm_context, mut_auth_requested); } } diff --git a/unit_test/test_spdm_requester/encap_endpoint_info.c b/unit_test/test_spdm_requester/encap_endpoint_info.c index 632c374cb1c..c4f8f1df9aa 100644 --- a/unit_test/test_spdm_requester/encap_endpoint_info.c +++ b/unit_test/test_spdm_requester/encap_endpoint_info.c @@ -171,8 +171,10 @@ static void req_encap_endpoint_info_case1(void **state) assert_int_equal(status, LIBSPDM_STATUS_SUCCESS); signature = (void *)((uint8_t *)spdm_response + response_size - signature_size); + printf ("I made it!\n"); result = libspdm_verify_endpoint_info_signature( - spdm_context, session_info, false, signature, signature_size); + spdm_context, session_info, false, m_libspdm_get_endpoint_info_request1.header.param2, + signature, signature_size); assert_true(result); } @@ -283,7 +285,8 @@ static void req_encap_endpoint_info_case2(void **state) signature = (void *)((uint8_t *)spdm_response + response_size - signature_size); result = libspdm_verify_endpoint_info_signature( - spdm_context, session_info, false, signature, signature_size); + spdm_context, session_info, false, m_libspdm_get_endpoint_info_request2.header.param2, + signature, signature_size); assert_true(result); } @@ -377,7 +380,8 @@ static void req_encap_endpoint_info_case3(void **state) signature = (void *)((uint8_t *)spdm_response + response_size - signature_size); result = libspdm_verify_endpoint_info_signature( - spdm_context, session_info, false, signature, signature_size); + spdm_context, session_info, false, m_libspdm_get_endpoint_info_request3.header.param2, + signature, signature_size); assert_true(result); } @@ -548,7 +552,8 @@ static void req_encap_endpoint_info_case5(void **state) signature = (void *)((uint8_t *)spdm_response + response_size - signature_size); result = libspdm_verify_endpoint_info_signature( - spdm_context, session_info, false, signature, signature_size); + spdm_context, session_info, false, m_libspdm_get_endpoint_info_request1.header.param2, + signature, signature_size); assert_true(result); } diff --git a/unit_test/test_spdm_requester/finish.c b/unit_test/test_spdm_requester/finish.c index d606528ead0..59e4125e717 100644 --- a/unit_test/test_spdm_requester/finish.c +++ b/unit_test/test_spdm_requester/finish.c @@ -3788,12 +3788,11 @@ static void req_finish_case23(void **state) spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo; - spdm_context->connection_info.peer_used_cert_chain_slot_id = 0xFF; - session_id = 0xFFFFFFFF; session_info = &spdm_context->session_info[0]; libspdm_session_info_init(spdm_context, session_info, session_id, SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false); + session_info->peer_used_cert_chain_slot_id = 0xFF; hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF)); libspdm_secured_message_set_response_finished_key( diff --git a/unit_test/test_spdm_responder/endpoint_info.c b/unit_test/test_spdm_responder/endpoint_info.c index 3af3f725580..3629ad69f55 100644 --- a/unit_test/test_spdm_responder/endpoint_info.c +++ b/unit_test/test_spdm_responder/endpoint_info.c @@ -180,7 +180,8 @@ static void rsp_endpoint_info_case1(void **state) signature = (void *)((uint8_t *)spdm_response + response_size - signature_size); result = libspdm_verify_endpoint_info_signature( - spdm_context, session_info, true, signature, signature_size); + spdm_context, session_info, true, m_libspdm_get_endpoint_info_request1.header.param2, + signature, signature_size); assert_true(result); } @@ -277,7 +278,8 @@ static void rsp_endpoint_info_case2(void **state) signature = (void *)((uint8_t *)spdm_response + response_size - signature_size); result = libspdm_verify_endpoint_info_signature( - spdm_context, session_info, true, signature, signature_size); + spdm_context, session_info, true, m_libspdm_get_endpoint_info_request2.header.param2, + signature, signature_size); assert_true(result); } @@ -401,7 +403,8 @@ static void rsp_endpoint_info_case3(void **state) signature = (void *)((uint8_t *)spdm_response + response_size - signature_size); result = libspdm_verify_endpoint_info_signature( - spdm_context, session_info, true, signature, signature_size); + spdm_context, session_info, true, m_libspdm_get_endpoint_info_request3.header.param2, + signature, signature_size); assert_true(result); } @@ -592,7 +595,8 @@ static void rsp_endpoint_info_case5(void **state) signature = (void *)((uint8_t *)spdm_response + response_size - signature_size); result = libspdm_verify_endpoint_info_signature( - spdm_context, session_info, true, signature, signature_size); + spdm_context, session_info, true, m_libspdm_get_endpoint_info_request1.header.param2, + signature, signature_size); assert_true(result); } diff --git a/unit_test/test_spdm_responder/finish_rsp.c b/unit_test/test_spdm_responder/finish_rsp.c index 034291f8983..8eb944bbda0 100644 --- a/unit_test/test_spdm_responder/finish_rsp.c +++ b/unit_test/test_spdm_responder/finish_rsp.c @@ -889,13 +889,13 @@ void rsp_finish_rsp_case8(void **state) data_size2, &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key); #endif - spdm_context->connection_info.peer_used_cert_chain_slot_id = 0; session_id = 0xFFFFFFFF; spdm_context->latest_session_id = session_id; session_info = &spdm_context->session_info[0]; libspdm_session_info_init(spdm_context, session_info, session_id, SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false); + session_info->peer_used_cert_chain_slot_id = 0; session_info->local_used_cert_chain_slot_id = 0; hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF)); @@ -2005,7 +2005,6 @@ void rsp_finish_rsp_case18(void **state) spdm_context->local_context.peer_public_key_provision_size = data_size2; spdm_context->encap_context.req_slot_id = 0xFF; - spdm_context->connection_info.peer_used_cert_chain_slot_id = 0xFF; libspdm_reset_message_a(spdm_context); @@ -2024,6 +2023,7 @@ void rsp_finish_rsp_case18(void **state) LIBSPDM_SESSION_STATE_HANDSHAKING); session_info->mut_auth_requested = 1; session_info->local_used_cert_chain_slot_id = 0xFF; + session_info->peer_used_cert_chain_slot_id = 0xFF; hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); @@ -2171,13 +2171,13 @@ void rsp_finish_rsp_case19(void **state) data_size2, &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key); #endif - spdm_context->connection_info.peer_used_cert_chain_slot_id = 0; session_id = 0xFFFFFFFF; spdm_context->latest_session_id = session_id; session_info = &spdm_context->session_info[0]; libspdm_session_info_init(spdm_context, session_info, session_id, SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false); + session_info->peer_used_cert_chain_slot_id = 0; session_info->local_used_cert_chain_slot_id = 0; hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF)); @@ -2339,13 +2339,13 @@ void rsp_finish_rsp_case20(void **state) data_size2, &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key); #endif - spdm_context->connection_info.peer_used_cert_chain_slot_id = 0; session_id = 0xFFFFFFFF; spdm_context->latest_session_id = session_id; session_info = &spdm_context->session_info[0]; libspdm_session_info_init(spdm_context, session_info, session_id, SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false); + session_info->peer_used_cert_chain_slot_id = 0; session_info->local_used_cert_chain_slot_id = 0; hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF)); @@ -2622,13 +2622,13 @@ void rsp_finish_rsp_case22(void **state) data_size2, &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key); #endif - spdm_context->connection_info.peer_used_cert_chain_slot_id = 0; session_id = 0xFFFFFFFF; spdm_context->latest_session_id = session_id; session_info = &spdm_context->session_info[0]; libspdm_session_info_init(spdm_context, session_info, session_id, SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false); + session_info->peer_used_cert_chain_slot_id = 0; session_info->local_used_cert_chain_slot_id = 0; hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF)); @@ -2790,13 +2790,13 @@ void rsp_finish_rsp_case23(void** state) data_size2, &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key); #endif - spdm_context->connection_info.peer_used_cert_chain_slot_id = 0; session_id = 0xFFFFFFFF; spdm_context->latest_session_id = session_id; session_info = &spdm_context->session_info[0]; libspdm_session_info_init(spdm_context, session_info, session_id, SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false); + session_info->peer_used_cert_chain_slot_id = 0; session_info->local_used_cert_chain_slot_id = 0; hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF)); @@ -2958,13 +2958,13 @@ void rsp_finish_rsp_case24(void** state) data_size2, &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key); #endif - spdm_context->connection_info.peer_used_cert_chain_slot_id = 0; session_id = 0xFFFFFFFF; spdm_context->latest_session_id = session_id; session_info = &spdm_context->session_info[0]; libspdm_session_info_init(spdm_context, session_info, session_id, SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false); + session_info->peer_used_cert_chain_slot_id = 0; session_info->local_used_cert_chain_slot_id = 0; hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF)); @@ -3127,13 +3127,13 @@ void rsp_finish_rsp_case25(void** state) data_size2, &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key); #endif - spdm_context->connection_info.peer_used_cert_chain_slot_id = 0; session_id = 0xFFFFFFFF; spdm_context->latest_session_id = session_id; session_info = &spdm_context->session_info[0]; libspdm_session_info_init(spdm_context, session_info, session_id, SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false); + session_info->peer_used_cert_chain_slot_id = 0; session_info->local_used_cert_chain_slot_id = 0; hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF)); @@ -3294,13 +3294,13 @@ void rsp_finish_rsp_case26(void** state) data_size2, &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key); #endif - spdm_context->connection_info.peer_used_cert_chain_slot_id = 0; session_id = 0xFFFFFFFF; spdm_context->latest_session_id = session_id; session_info = &spdm_context->session_info[0]; libspdm_session_info_init(spdm_context, session_info, session_id, SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false); + session_info->peer_used_cert_chain_slot_id = 0; session_info->local_used_cert_chain_slot_id = 0; hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF)); @@ -3466,13 +3466,13 @@ void rsp_finish_rsp_case27(void** state) data_size2, &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key); #endif - spdm_context->connection_info.peer_used_cert_chain_slot_id = 0; session_id = 0xFFFFFFFF; spdm_context->latest_session_id = session_id; session_info = &spdm_context->session_info[0]; libspdm_session_info_init(spdm_context, session_info, session_id, SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false); + session_info->peer_used_cert_chain_slot_id = 0; session_info->local_used_cert_chain_slot_id = 0; hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF)); @@ -3638,13 +3638,13 @@ void rsp_finish_rsp_case28(void** state) data_size2, &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key); #endif - spdm_context->connection_info.peer_used_cert_chain_slot_id = 0; session_id = 0xFFFFFFFF; spdm_context->latest_session_id = session_id; session_info = &spdm_context->session_info[0]; libspdm_session_info_init(spdm_context, session_info, session_id, SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false); + session_info->peer_used_cert_chain_slot_id = 0; session_info->local_used_cert_chain_slot_id = 0; hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));