From 11adadfc67d31515b94bd992b51c2060c652e368 Mon Sep 17 00:00:00 2001 From: Wenxing Hou Date: Tue, 12 Dec 2023 17:58:19 +0800 Subject: [PATCH] Get_cert and Set_cert need read alias cert in alias_cert_model Fix the issue: #310 Signed-off-by: Wenxing Hou --- .../spdm_requester_session.c | 29 +++++++++++++++---- .../spdm_responder_emu/spdm_responder_spdm.c | 23 ++++++++++++--- 2 files changed, 43 insertions(+), 9 deletions(-) diff --git a/spdm_emu/spdm_requester_emu/spdm_requester_session.c b/spdm_emu/spdm_requester_emu/spdm_requester_session.c index 4009747..b4654df 100644 --- a/spdm_emu/spdm_requester_emu/spdm_requester_session.c +++ b/spdm_emu/spdm_requester_emu/spdm_requester_session.c @@ -219,6 +219,9 @@ libspdm_return_t do_certificate_provising_via_spdm(uint32_t* session_id) size_t cert_chain_size_to_set; uint8_t slot_id; bool res; + libspdm_data_parameter_t parameter; + uint32_t data32; + size_t data32_size; cert_chain_to_set = NULL; cert_chain_size_to_set = 0; @@ -245,11 +248,27 @@ libspdm_return_t do_certificate_provising_via_spdm(uint32_t* session_id) #endif /*LIBSPDM_ENABLE_CAPABILITY_CSR_CAP*/ #if LIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP - res = libspdm_read_responder_public_certificate_chain(m_use_hash_algo, - m_use_asym_algo, - &cert_chain_to_set, - &cert_chain_size_to_set, - NULL, NULL); + libspdm_zero_mem(¶meter, sizeof(parameter)); + parameter.location = LIBSPDM_DATA_LOCATION_CONNECTION; + data32_size = sizeof(data32); + libspdm_get_data(spdm_context, LIBSPDM_DATA_CAPABILITY_FLAGS, ¶meter, + &data32, &data32_size); + + if ((data32 & SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP) == 0) { + res = libspdm_read_responder_public_certificate_chain(m_use_hash_algo, + m_use_asym_algo, + &cert_chain_to_set, + &cert_chain_size_to_set, + NULL, NULL); + } else { + res = libspdm_read_responder_public_certificate_chain_alias_cert_till_dev_cert_ca( + m_use_hash_algo, + m_use_asym_algo, + &cert_chain_to_set, + &cert_chain_size_to_set, + NULL, NULL); + } + if (!res) { printf("set certificate :read_responder_public_certificate_chain fail!\n"); free(cert_chain_to_set); diff --git a/spdm_emu/spdm_responder_emu/spdm_responder_spdm.c b/spdm_emu/spdm_responder_emu/spdm_responder_spdm.c index 6dc1ad9..d62286e 100644 --- a/spdm_emu/spdm_responder_emu/spdm_responder_spdm.c +++ b/spdm_emu/spdm_responder_emu/spdm_responder_spdm.c @@ -394,10 +394,25 @@ void spdm_server_connection_state_callback( ¶meter, &data16, &data_size); m_use_req_asym_algo = data16; - res = libspdm_read_responder_public_certificate_chain(m_use_hash_algo, - m_use_asym_algo, - &data, &data_size, - NULL, NULL); + libspdm_zero_mem(¶meter, sizeof(parameter)); + parameter.location = LIBSPDM_DATA_LOCATION_LOCAL; + data_size = sizeof(data32); + libspdm_get_data(spdm_context, LIBSPDM_DATA_CAPABILITY_FLAGS, ¶meter, + &data32, &data_size); + + if ((data32 & SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP) == 0) { + res = libspdm_read_responder_public_certificate_chain(m_use_hash_algo, + m_use_asym_algo, + &data, &data_size, + NULL, NULL); + } else { + res = libspdm_read_responder_public_certificate_chain_alias_cert_entire( + m_use_hash_algo, + m_use_asym_algo, + &data, &data_size, + NULL, NULL); + } + res = libspdm_read_responder_public_certificate_chain_per_slot(1, m_use_hash_algo, m_use_asym_algo,