From 9deb0233cc3eec906c59df8708508e468c040772 Mon Sep 17 00:00:00 2001 From: Jiewen Yao Date: Sat, 19 Aug 2023 13:26:06 +0800 Subject: [PATCH] fix the salt value in export/import function. Signed-off-by: Jiewen Yao --- include/library/spdm_secured_message_lib.h | 1 + .../libspdm_secmes_context_data.c | 30 +++++++++++++++++++ .../libspdm_secmes_encode_decode.c | 12 ++++++++ 3 files changed, 43 insertions(+) diff --git a/include/library/spdm_secured_message_lib.h b/include/library/spdm_secured_message_lib.h index a21c3e21ec4..dd582814b1a 100644 --- a/include/library/spdm_secured_message_lib.h +++ b/include/library/spdm_secured_message_lib.h @@ -90,6 +90,7 @@ void libspdm_secured_message_clear_export_master_secret(void *spdm_secured_messa #define LIBSPDM_SECURE_SESSION_KEYS_STRUCT_VERSION 1 #pragma pack(1) +/* sequence_number is the one that is not used in AEAD yet. */ typedef struct { uint32_t version; uint32_t aead_key_size; diff --git a/library/spdm_secured_message_lib/libspdm_secmes_context_data.c b/library/spdm_secured_message_lib/libspdm_secmes_context_data.c index 0c936535225..ce2c0bcf40f 100644 --- a/library/spdm_secured_message_lib/libspdm_secmes_context_data.c +++ b/library/spdm_secured_message_lib/libspdm_secmes_context_data.c @@ -250,6 +250,7 @@ bool libspdm_secured_message_export_session_keys(void *spdm_secured_message_cont size_t struct_size; libspdm_secure_session_keys_struct_t *session_keys_struct; uint8_t *ptr; + uint64_t data64; secured_message_context = spdm_secured_message_context; struct_size = sizeof(libspdm_secure_session_keys_struct_t) + @@ -276,6 +277,12 @@ bool libspdm_secured_message_export_session_keys(void *spdm_secured_message_cont *session_keys_size - (ptr - (uint8_t*)session_keys), secured_message_context->application_secret.request_data_salt, secured_message_context->aead_iv_size); + /* "salt ^ (sequence_number - 1)" is the original AEAD IV derived from SPDM key schedule. */ + if (secured_message_context->application_secret.request_data_sequence_number > 0) { + data64 = libspdm_read_uint64((const uint8_t *)ptr) ^ + (secured_message_context->application_secret.request_data_sequence_number - 1); + libspdm_write_uint64(ptr, data64); + } ptr += secured_message_context->aead_iv_size; libspdm_copy_mem(ptr, *session_keys_size - (ptr - (uint8_t*)session_keys), @@ -291,6 +298,12 @@ bool libspdm_secured_message_export_session_keys(void *spdm_secured_message_cont *session_keys_size - (ptr - (uint8_t*)session_keys), secured_message_context->application_secret.response_data_salt, secured_message_context->aead_iv_size); + /* "salt ^ (sequence_number - 1)" is the original AEAD IV derived from SPDM key schedule. */ + if (secured_message_context->application_secret.response_data_sequence_number > 0) { + data64 = libspdm_read_uint64((const uint8_t *)ptr) ^ + (secured_message_context->application_secret.response_data_sequence_number - 1); + libspdm_write_uint64(ptr, data64); + } ptr += secured_message_context->aead_iv_size; libspdm_copy_mem(ptr, *session_keys_size - (ptr - (uint8_t*)session_keys), @@ -318,6 +331,7 @@ libspdm_secured_message_import_session_keys(void *spdm_secured_message_context, size_t struct_size; const libspdm_secure_session_keys_struct_t *session_keys_struct; const uint8_t *ptr; + uint64_t data64; secured_message_context = spdm_secured_message_context; struct_size = sizeof(libspdm_secure_session_keys_struct_t) + @@ -348,6 +362,14 @@ libspdm_secured_message_import_session_keys(void *spdm_secured_message_context, sizeof(secured_message_context->application_secret .request_data_salt), ptr, secured_message_context->aead_iv_size); + /* "salt ^ (sequence_number - 1)" is the original AEAD IV derived from SPDM key schedule. */ + if (secured_message_context->application_secret.request_data_sequence_number > 0) { + data64 = + libspdm_read_uint64(secured_message_context->application_secret.request_data_salt) ^ + (secured_message_context->application_secret.request_data_sequence_number - 1); + libspdm_write_uint64(secured_message_context->application_secret.request_data_salt, + data64); + } ptr += secured_message_context->aead_iv_size; libspdm_copy_mem(&secured_message_context->application_secret.request_data_sequence_number, sizeof(secured_message_context->application_secret @@ -363,6 +385,14 @@ libspdm_secured_message_import_session_keys(void *spdm_secured_message_context, libspdm_copy_mem(secured_message_context->application_secret.response_data_salt, sizeof(secured_message_context->application_secret.response_data_salt), ptr, secured_message_context->aead_iv_size); + /* "salt ^ (sequence_number - 1)" is the original AEAD IV derived from SPDM key schedule. */ + if (secured_message_context->application_secret.response_data_sequence_number > 0) { + data64 = + libspdm_read_uint64(secured_message_context->application_secret.response_data_salt) ^ + (secured_message_context->application_secret.response_data_sequence_number - 1); + libspdm_write_uint64(secured_message_context->application_secret.response_data_salt, + data64); + } ptr += secured_message_context->aead_iv_size; libspdm_copy_mem(&secured_message_context->application_secret.response_data_sequence_number, sizeof(secured_message_context->application_secret diff --git a/library/spdm_secured_message_lib/libspdm_secmes_encode_decode.c b/library/spdm_secured_message_lib/libspdm_secmes_encode_decode.c index 63c8517886a..e5e0244a65a 100644 --- a/library/spdm_secured_message_lib/libspdm_secmes_encode_decode.c +++ b/library/spdm_secured_message_lib/libspdm_secmes_encode_decode.c @@ -127,6 +127,11 @@ libspdm_return_t libspdm_encode_secured_message( } if (sequence_number > 0) { + /* + * "salt" is previous AEAD IV. + * "salt ^ (sequence_number - 1)" is the original AEAD IV derived from SPDM key schedule. + * "salt ^ (sequence_number - 1) ^ sequence_number" is the current AEAD IV. + */ data64 = libspdm_read_uint64((const uint8_t *)salt) ^ (sequence_number - 1) ^ sequence_number; libspdm_write_uint64(salt, data64); @@ -137,6 +142,7 @@ libspdm_return_t libspdm_encode_secured_message( sequence_number, (uint8_t *)&sequence_num_in_header); LIBSPDM_ASSERT(sequence_num_in_header_size <= sizeof(sequence_num_in_header)); + /* calculate sequence_number for the next round AEAD */ sequence_number++; if (session_state == LIBSPDM_SESSION_STATE_HANDSHAKING) { if (is_request_message) { @@ -398,6 +404,11 @@ libspdm_return_t libspdm_decode_secured_message( } if (sequence_number > 0) { + /* + * "salt" is previous AEAD IV. + * "salt ^ (sequence_number - 1)" is the original AEAD IV derived from SPDM key schedule. + * "salt ^ (sequence_number - 1) ^ sequence_number" is the current AEAD IV. + */ data64 = libspdm_read_uint64((const uint8_t *)salt) ^ (sequence_number - 1) ^ sequence_number; libspdm_write_uint64(salt, data64); @@ -409,6 +420,7 @@ libspdm_return_t libspdm_decode_secured_message( sequence_number, (uint8_t *)&sequence_num_in_header); LIBSPDM_ASSERT(sequence_num_in_header_size <= sizeof(sequence_num_in_header)); + /* calculate sequence_number for the next round AEAD */ sequence_number++; if (session_state == LIBSPDM_SESSION_STATE_HANDSHAKING) { if (is_request_message) {