fix the salt value in export/import function.

Signed-off-by: Jiewen Yao <[email protected]>
DMTF · Aug 19, 2023 · 9deb023 · 9deb023
1 parent 567b1c8
commit 9deb023
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 0 deletions.
diff --git a/include/library/spdm_secured_message_lib.h b/include/library/spdm_secured_message_lib.h
@@ -90,6 +90,7 @@ void libspdm_secured_message_clear_export_master_secret(void *spdm_secured_messa
 #define LIBSPDM_SECURE_SESSION_KEYS_STRUCT_VERSION 1
 
 #pragma pack(1)
+/* sequence_number is the one that is not used in AEAD yet. */
 typedef struct {
     uint32_t version;
     uint32_t aead_key_size;

diff --git a/library/spdm_secured_message_lib/libspdm_secmes_context_data.c b/library/spdm_secured_message_lib/libspdm_secmes_context_data.c
@@ -250,6 +250,7 @@ bool libspdm_secured_message_export_session_keys(void *spdm_secured_message_cont
     size_t struct_size;
     libspdm_secure_session_keys_struct_t *session_keys_struct;
     uint8_t *ptr;
+    uint64_t data64;
 
     secured_message_context = spdm_secured_message_context;
     struct_size = sizeof(libspdm_secure_session_keys_struct_t) +
@@ -276,6 +277,12 @@ bool libspdm_secured_message_export_session_keys(void *spdm_secured_message_cont
                      *session_keys_size - (ptr - (uint8_t*)session_keys),
                      secured_message_context->application_secret.request_data_salt,
                      secured_message_context->aead_iv_size);
+    /* "salt ^ (sequence_number - 1)" is the original AEAD IV derived from SPDM key schedule. */
+    if (secured_message_context->application_secret.request_data_sequence_number > 0) {
+        data64 = libspdm_read_uint64((const uint8_t *)ptr) ^
+                 (secured_message_context->application_secret.request_data_sequence_number - 1);
+        libspdm_write_uint64(ptr, data64);
+    }
     ptr += secured_message_context->aead_iv_size;
     libspdm_copy_mem(ptr,
                      *session_keys_size - (ptr - (uint8_t*)session_keys),
@@ -291,6 +298,12 @@ bool libspdm_secured_message_export_session_keys(void *spdm_secured_message_cont
                      *session_keys_size - (ptr - (uint8_t*)session_keys),
                      secured_message_context->application_secret.response_data_salt,
                      secured_message_context->aead_iv_size);
+    /* "salt ^ (sequence_number - 1)" is the original AEAD IV derived from SPDM key schedule. */
+    if (secured_message_context->application_secret.response_data_sequence_number > 0) {
+        data64 = libspdm_read_uint64((const uint8_t *)ptr) ^
+                 (secured_message_context->application_secret.response_data_sequence_number - 1);
+        libspdm_write_uint64(ptr, data64);
+    }
     ptr += secured_message_context->aead_iv_size;
     libspdm_copy_mem(ptr,
                      *session_keys_size - (ptr - (uint8_t*)session_keys),
@@ -318,6 +331,7 @@ libspdm_secured_message_import_session_keys(void *spdm_secured_message_context,
     size_t struct_size;
     const libspdm_secure_session_keys_struct_t *session_keys_struct;
     const uint8_t *ptr;
+    uint64_t data64;
 
     secured_message_context = spdm_secured_message_context;
     struct_size = sizeof(libspdm_secure_session_keys_struct_t) +
@@ -348,6 +362,14 @@ libspdm_secured_message_import_session_keys(void *spdm_secured_message_context,
                      sizeof(secured_message_context->application_secret
                             .request_data_salt),
                      ptr, secured_message_context->aead_iv_size);
+    /* "salt ^ (sequence_number - 1)" is the original AEAD IV derived from SPDM key schedule. */
+    if (secured_message_context->application_secret.request_data_sequence_number > 0) {
+        data64 =
+            libspdm_read_uint64(secured_message_context->application_secret.request_data_salt) ^
+            (secured_message_context->application_secret.request_data_sequence_number - 1);
+        libspdm_write_uint64(secured_message_context->application_secret.request_data_salt,
+                             data64);
+    }
     ptr += secured_message_context->aead_iv_size;
     libspdm_copy_mem(&secured_message_context->application_secret.request_data_sequence_number,
                      sizeof(secured_message_context->application_secret
@@ -363,6 +385,14 @@ libspdm_secured_message_import_session_keys(void *spdm_secured_message_context,
     libspdm_copy_mem(secured_message_context->application_secret.response_data_salt,
                      sizeof(secured_message_context->application_secret.response_data_salt),
                      ptr, secured_message_context->aead_iv_size);
+    /* "salt ^ (sequence_number - 1)" is the original AEAD IV derived from SPDM key schedule. */
+    if (secured_message_context->application_secret.response_data_sequence_number > 0) {
+        data64 =
+            libspdm_read_uint64(secured_message_context->application_secret.response_data_salt) ^
+            (secured_message_context->application_secret.response_data_sequence_number - 1);
+        libspdm_write_uint64(secured_message_context->application_secret.response_data_salt,
+                             data64);
+    }
     ptr += secured_message_context->aead_iv_size;
     libspdm_copy_mem(&secured_message_context->application_secret.response_data_sequence_number,
                      sizeof(secured_message_context->application_secret

diff --git a/library/spdm_secured_message_lib/libspdm_secmes_encode_decode.c b/library/spdm_secured_message_lib/libspdm_secmes_encode_decode.c
@@ -127,6 +127,11 @@ libspdm_return_t libspdm_encode_secured_message(
     }
 
     if (sequence_number > 0) {
+        /*
+         * "salt" is previous AEAD IV.
+         * "salt ^ (sequence_number - 1)" is the original AEAD IV derived from SPDM key schedule.
+         * "salt ^ (sequence_number - 1) ^ sequence_number" is the current AEAD IV.
+         */
         data64 = libspdm_read_uint64((const uint8_t *)salt) ^
                  (sequence_number - 1) ^ sequence_number;
         libspdm_write_uint64(salt, data64);
@@ -137,6 +142,7 @@ libspdm_return_t libspdm_encode_secured_message(
         sequence_number, (uint8_t *)&sequence_num_in_header);
     LIBSPDM_ASSERT(sequence_num_in_header_size <= sizeof(sequence_num_in_header));
 
+    /* calculate sequence_number for the next round AEAD */
     sequence_number++;
     if (session_state == LIBSPDM_SESSION_STATE_HANDSHAKING) {
         if (is_request_message) {
@@ -398,6 +404,11 @@ libspdm_return_t libspdm_decode_secured_message(
     }
 
     if (sequence_number > 0) {
+        /*
+         * "salt" is previous AEAD IV.
+         * "salt ^ (sequence_number - 1)" is the original AEAD IV derived from SPDM key schedule.
+         * "salt ^ (sequence_number - 1) ^ sequence_number" is the current AEAD IV.
+         */
         data64 = libspdm_read_uint64((const uint8_t *)salt) ^
                  (sequence_number - 1) ^ sequence_number;
         libspdm_write_uint64(salt, data64);
@@ -409,6 +420,7 @@ libspdm_return_t libspdm_decode_secured_message(
             sequence_number, (uint8_t *)&sequence_num_in_header);
     LIBSPDM_ASSERT(sequence_num_in_header_size <= sizeof(sequence_num_in_header));
 
+    /* calculate sequence_number for the next round AEAD */
     sequence_number++;
     if (session_state == LIBSPDM_SESSION_STATE_HANDSHAKING) {
         if (is_request_message) {