Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SET_CERTIFICATE.Param1 case is not handled #2746

Closed
steven-bellock opened this issue Jul 5, 2024 · 1 comment · Fixed by #2748
Closed

SET_CERTIFICATE.Param1 case is not handled #2746

steven-bellock opened this issue Jul 5, 2024 · 1 comment · Fixed by #2748
Assignees
@steven-bellock
Labels
bug Something isn't working

Comments

@steven-bellock
Copy link
Contributor

Param1 is set in

libspdm/library/spdm_requester_lib/libspdm_req_set_certificate.c

Lines 118 to 139 in 883c31e

spdm_request->header.param1 = slot_id & SPDM_SET_CERTIFICATE_REQUEST_SLOT_ID_MASK;
spdm_request->header.param2 = 0;
if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
/*And the bit[0~3] of request_attribute must be 0.*/
if ((request_attribute & SPDM_SET_CERTIFICATE_REQUEST_SLOT_ID_MASK) != 0) {
return LIBSPDM_STATUS_INVALID_PARAMETER;
}
if ((request_attribute & SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_ERASE) != 0) {
/*the CertChain field shall be absent*/
cert_chain_size = 0;
/*the value of SetCertModel shall be zero*/
spdm_request->header.param1 &= ~SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_CERT_MODEL_MASK;
/*set Erase bit */
spdm_request->header.param1 |= SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_ERASE;
}
if (spdm_context->connection_info.multi_key_conn_rsp) {
spdm_request->header.param2 = key_pair_id;
}
}
It does not handle the case when Erase is not set. In such a case Param1 is just the slot ID, which ignores the certificate model field.
@steven-bellock steven-bellock added the bug Something isn't working label Jul 5, 2024
@steven-bellock steven-bellock mentioned this issue Jul 5, 2024
Merged
@steven-bellock
Copy link
Contributor Author

In addition

 if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) { 
     /*And the bit[0~3] of request_attribute must be 0.*/ 
     if ((request_attribute & SPDM_SET_CERTIFICATE_REQUEST_SLOT_ID_MASK) != 0) { 
         return LIBSPDM_STATUS_INVALID_PARAMETER; 
     }

is incorrect as the send buffer has already been acquired. This check needs to be before the send buffer has been acquired.

steven-bellock added a commit to steven-bellock/libspdm that referenced this issue Jul 7, 2024
@steven-bellock
Fix SET_CERTIFICATE issues
bb88bde 
Fix DMTF#2746.

Signed-off-by: Steven Bellock <[email protected]>
@steven-bellock steven-bellock mentioned this issue Jul 7, 2024
Merged
steven-bellock added a commit to steven-bellock/libspdm that referenced this issue Jul 7, 2024
@steven-bellock
Fix SET_CERTIFICATE issues
7c78513 
Fix DMTF#2746.

Signed-off-by: Steven Bellock <[email protected]>
@steven-bellock steven-bellock mentioned this issue Jul 7, 2024
Closed
@steven-bellock steven-bellock self-assigned this Jul 7, 2024
jyao1 pushed a commit that referenced this issue Jul 8, 2024
@steven-bellock @jyao1
Fix SET_CERTIFICATE issues
0fdbb26 
Fix #2746.

Signed-off-by: Steven Bellock <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@steven-bellock steven-bellock

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix SET_CERTIFICATE issues steven-bellock/libspdm
1 participant
@steven-bellock