| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250227030952.2319050-15-alistair@alistair23.me>
Date: Thu, 27 Feb 2025 13:09:46 +1000
From: Alistair Francis <alistair@...stair23.me>
To: linux-cxl@...r.kernel.org,
linux-kernel@...r.kernel.org,
lukas@...ner.de,
linux-pci@...r.kernel.org,
bhelgaas@...gle.com,
Jonathan.Cameron@...wei.com,
rust-for-linux@...r.kernel.org,
akpm@...ux-foundation.org
Cc: boqun.feng@...il.com,
bjorn3_gh@...tonmail.com,
wilfred.mallawa@....com,
aliceryhl@...gle.com,
ojeda@...nel.org,
alistair23@...il.com,
a.hindborg@...nel.org,
tmgross@...ch.edu,
gary@...yguo.net,
alex.gaynor@...il.com,
benno.lossin@...ton.me,
Alistair Francis <alistair@...stair23.me>
Subject: [RFC v2 14/20] lib: rspdm: Support SPDM get_certificate
Signed-off-by: Alistair Francis <alistair@...stair23.me>
---
lib/rspdm/consts.rs | 2 +
lib/rspdm/lib.rs | 11 ++++
lib/rspdm/state.rs | 123 ++++++++++++++++++++++++++++++++++++++++-
lib/rspdm/validator.rs | 64 ++++++++++++++++++++-
4 files changed, 196 insertions(+), 4 deletions(-)
diff --git a/lib/rspdm/consts.rs b/lib/rspdm/consts.rs
index 9714fa52e2be..ffaf36ec583b 100644
--- a/lib/rspdm/consts.rs
+++ b/lib/rspdm/consts.rs
@@ -96,6 +96,8 @@ pub(crate) enum SpdmErrorCode {
pub(crate) const SPDM_GET_DIGESTS: u8 = 0x81;
+pub(crate) const SPDM_GET_CERTIFICATE: u8 = 0x82;
+
#[cfg(CONFIG_CRYPTO_RSA)]
pub(crate) const SPDM_ASYM_RSA: u32 =
SPDM_ASYM_RSASSA_2048 | SPDM_ASYM_RSASSA_3072 | SPDM_ASYM_RSASSA_4096;
diff --git a/lib/rspdm/lib.rs b/lib/rspdm/lib.rs
index bf5f7c72f885..1535e3a69518 100644
--- a/lib/rspdm/lib.rs
+++ b/lib/rspdm/lib.rs
@@ -126,6 +126,17 @@
return e.to_errno() as c_int;
}
+ let mut provisioned_slots = state.provisioned_slots;
+ while (provisioned_slots as usize) > 0 {
+ let slot = provisioned_slots.trailing_zeros() as u8;
+
+ if let Err(e) = state.get_certificate(slot) {
+ return e.to_errno() as c_int;
+ }
+
+ provisioned_slots &= !(1 << slot);
+ }
+
0
}
diff --git a/lib/rspdm/state.rs b/lib/rspdm/state.rs
index 7889214c6aa7..ae259623fe50 100644
--- a/lib/rspdm/state.rs
+++ b/lib/rspdm/state.rs
@@ -26,8 +26,9 @@
SPDM_REQ, SPDM_RSP_MIN_CAPS, SPDM_SLOTS, SPDM_VER_10, SPDM_VER_11, SPDM_VER_12,
};
use crate::validator::{
- GetCapabilitiesReq, GetCapabilitiesRsp, GetDigestsReq, GetDigestsRsp, GetVersionReq,
- GetVersionRsp, NegotiateAlgsReq, NegotiateAlgsRsp, RegAlg, SpdmErrorRsp, SpdmHeader,
+ GetCapabilitiesReq, GetCapabilitiesRsp, GetCertificateReq, GetCertificateRsp, GetDigestsReq,
+ GetDigestsRsp, GetVersionReq, GetVersionRsp, NegotiateAlgsReq, NegotiateAlgsRsp, RegAlg,
+ SpdmErrorRsp, SpdmHeader,
};
/// The current SPDM session state for a device. Based on the
@@ -112,6 +113,14 @@ pub struct SpdmState {
slot_sz: [usize; SPDM_SLOTS],
}
+#[repr(C, packed)]
+pub(crate) struct SpdmCertChain {
+ length: u16,
+ _reserved: [u8; 2],
+ root_hash: bindings::__IncompleteArrayField<u8>,
+ certificates: bindings::__IncompleteArrayField<u8>,
+}
+
impl SpdmState {
pub(crate) fn new(
dev: *mut bindings::device,
@@ -626,4 +635,114 @@ pub(crate) fn get_digests(&mut self) -> Result<(), Error> {
Ok(())
}
+
+ fn get_cert_exchange(
+ &mut self,
+ request_buf: &mut [u8],
+ response_vec: &mut KVec<u8>,
+ rsp_sz: usize,
+ ) -> Result<&mut GetCertificateRsp, Error> {
+ // SAFETY: `request` is repr(C) and packed, so we can convert it to a slice
+ let response_buf = unsafe { from_raw_parts_mut(response_vec.as_mut_ptr(), rsp_sz) };
+
+ let rc = self.spdm_exchange(request_buf, response_buf)?;
+
+ if rc < (core::mem::size_of::<GetCertificateReq>() as i32) {
+ pr_err!("Truncated certificate response\n");
+ to_result(-(bindings::EIO as i32))?;
+ }
+
+ // SAFETY: `rc` bytes where inserted to the raw pointer by spdm_exchange
+ unsafe { response_vec.set_len(rc as usize) };
+
+ let response: &mut GetCertificateRsp = Untrusted::new_mut(response_vec).validate_mut()?;
+
+ if rc
+ < (core::mem::size_of::<GetCertificateRsp>() + response.portion_length as usize) as i32
+ {
+ pr_err!("Truncated certificate response\n");
+ to_result(-(bindings::EIO as i32))?;
+ }
+
+ Ok(response)
+ }
+
+ pub(crate) fn get_certificate(&mut self, slot: u8) -> Result<(), Error> {
+ let mut request = GetCertificateReq::default();
+ request.version = self.version;
+ request.param1 = slot;
+
+ let req_sz = core::mem::size_of::<GetCertificateReq>();
+ let rsp_sz = ((core::mem::size_of::<GetCertificateRsp>() + 0xffff) as u32)
+ .min(self.transport_sz) as usize;
+
+ // SAFETY: `request` is repr(C) and packed, so we can convert it to a slice
+ let request_buf = unsafe { from_raw_parts_mut(&mut request as *mut _ as *mut u8, req_sz) };
+
+ let mut response_vec: KVec<u8> = KVec::with_capacity(rsp_sz, GFP_KERNEL)?;
+
+ request.offset = 0;
+ request.length = (rsp_sz - core::mem::size_of::<GetCertificateRsp>()).to_le() as u16;
+
+ let response = self.get_cert_exchange(request_buf, &mut response_vec, rsp_sz)?;
+
+ let total_cert_len =
+ ((response.portion_length + response.remainder_length) & 0xFFFF) as usize;
+
+ let mut certs_buf: KVec<u8> = KVec::new();
+
+ certs_buf.extend_from_slice(
+ &response_vec[8..(8 + response.portion_length as usize)],
+ GFP_KERNEL,
+ )?;
+
+ let mut offset: usize = response.portion_length as usize;
+ let mut remainder_length = response.remainder_length as usize;
+
+ while remainder_length > 0 {
+ request.offset = offset.to_le() as u16;
+ request.length = (remainder_length
+ .min(rsp_sz - core::mem::size_of::<GetCertificateRsp>()))
+ .to_le() as u16;
+
+ let response = self.get_cert_exchange(request_buf, &mut response_vec, rsp_sz)?;
+
+ if response.portion_length == 0
+ || (response.param1 & 0xF) != slot
+ || offset as u16 + response.portion_length + response.remainder_length
+ != total_cert_len as u16
+ {
+ pr_err!("Malformed certificate response\n");
+ to_result(-(bindings::EPROTO as i32))?;
+ }
+
+ certs_buf.extend_from_slice(
+ &response_vec[8..(8 + response.portion_length as usize)],
+ GFP_KERNEL,
+ )?;
+ offset += response.portion_length as usize;
+ remainder_length = response.remainder_length as usize;
+ }
+
+ let header_length = core::mem::size_of::<SpdmCertChain>() + self.hash_len;
+
+ let ptr = certs_buf.as_mut_ptr();
+ // SAFETY: `SpdmCertChain` is repr(C) and packed, so we can convert it from a slice
+ let ptr = ptr.cast::<SpdmCertChain>();
+ // SAFETY: `ptr` came from a reference and the cast above is valid.
+ let certs: &mut SpdmCertChain = unsafe { &mut *ptr };
+
+ if total_cert_len < header_length
+ || total_cert_len != usize::from_le(certs.length as usize)
+ || total_cert_len != certs_buf.len()
+ {
+ pr_err!("Malformed certificate chain in slot {slot}\n");
+ to_result(-(bindings::EPROTO as i32))?;
+ }
+
+ self.slot_sz[slot as usize] = total_cert_len;
+ self.slot[slot as usize] = Some(certs_buf);
+
+ Ok(())
+ }
}
diff --git a/lib/rspdm/validator.rs b/lib/rspdm/validator.rs
index 2150a23997db..a8bc3378676f 100644
--- a/lib/rspdm/validator.rs
+++ b/lib/rspdm/validator.rs
@@ -17,8 +17,9 @@
};
use crate::consts::{
- SPDM_ASYM_ALGOS, SPDM_CTEXPONENT, SPDM_GET_CAPABILITIES, SPDM_GET_DIGESTS, SPDM_GET_VERSION,
- SPDM_HASH_ALGOS, SPDM_MEAS_SPEC_DMTF, SPDM_NEGOTIATE_ALGS, SPDM_REQ_CAPS,
+ SPDM_ASYM_ALGOS, SPDM_CTEXPONENT, SPDM_GET_CAPABILITIES, SPDM_GET_CERTIFICATE,
+ SPDM_GET_DIGESTS, SPDM_GET_VERSION, SPDM_HASH_ALGOS, SPDM_MEAS_SPEC_DMTF, SPDM_NEGOTIATE_ALGS,
+ SPDM_REQ_CAPS,
};
#[repr(C, packed)]
@@ -364,3 +365,62 @@ fn validate(unvalidated: &mut Unvalidated<KVec<u8>>) -> Result<Self, Self::Err>
Ok(rsp)
}
}
+
+#[repr(C, packed)]
+pub(crate) struct GetCertificateReq {
+ pub(crate) version: u8,
+ pub(crate) code: u8,
+ pub(crate) param1: u8,
+ pub(crate) param2: u8,
+
+ pub(crate) offset: u16,
+ pub(crate) length: u16,
+}
+
+impl Default for GetCertificateReq {
+ fn default() -> Self {
+ GetCertificateReq {
+ version: 0,
+ code: SPDM_GET_CERTIFICATE,
+ param1: 0,
+ param2: 0,
+ offset: 0,
+ length: 0,
+ }
+ }
+}
+
+#[repr(C, packed)]
+pub(crate) struct GetCertificateRsp {
+ pub(crate) version: u8,
+ pub(crate) code: u8,
+ pub(crate) param1: u8,
+ pub(crate) param2: u8,
+
+ pub(crate) portion_length: u16,
+ pub(crate) remainder_length: u16,
+
+ pub(crate) cert_chain: __IncompleteArrayField<u8>,
+}
+
+impl Validate<&mut Unvalidated<KVec<u8>>> for &mut GetCertificateRsp {
+ type Err = Error;
+
+ fn validate(unvalidated: &mut Unvalidated<KVec<u8>>) -> Result<Self, Self::Err> {
+ let raw = unvalidated.raw_mut();
+ if raw.len() < mem::size_of::<GetCertificateRsp>() {
+ return Err(EINVAL);
+ }
+
+ let ptr = raw.as_mut_ptr();
+ // CAST: `GetCertificateRsp` only contains integers and has `repr(C)`.
+ let ptr = ptr.cast::<GetCertificateRsp>();
+ // SAFETY: `ptr` came from a reference and the cast above is valid.
+ let rsp: &mut GetCertificateRsp = unsafe { &mut *ptr };
+
+ rsp.portion_length = rsp.portion_length.to_le();
+ rsp.remainder_length = rsp.remainder_length.to_le();
+
+ Ok(rsp)
+ }
+}
--
2.48.1
Powered by blists - more mailing lists