Hi,
I have a question regarding the FINISH requester signature calculation in SPDM version 1.4.0.
According to the SPDM 1.4.0 specification, the transcript used for generating the FINISH requester signature appears to include only the FINISH SPDM header fields.
Spec Reference (Mutual authentication - Requester signature)
Transcript for FINISH signature, mutual authentication
1. VCA
2. [DIGESTS].* (if issued and MULTI_KEY_CONN_RSP is true).
3. Hash of the specified certificate chain in DER format
(that is, Param2 of KEY_EXCHANGE) or hash of the public key
in its provisioned format, if a certificate is not used.
4. [KEY_EXCHANGE].*
5. [KEY_EXCHANGE_RSP].*
6. [DIGESTS].* (if encapsulated DIGESTS is issued and MULTI_KEY_CONN_REQ is true).
7. Hash of the specified certificate chain in DER format
(that is, Param2 of FINISH) or hash of the public key
in its provisioned format, if a certificate is not used.
8. [FINISH].SPDM Header Fields
Spec Reference (Responder-only authentication)
Transcript for FINISH HMAC, Responder-only authentication
1. VCA
2. [DIGESTS].* (if issued and MULTI_KEY_CONN_RSP is true).
3. Hash of the specified certificate chain in DER format
(that is, Param2 of KEY_EXCHANGE) or hash of the public key
in its provisioned format, if a certificate is not used.
4. [KEY_EXCHANGE].*
5. [KEY_EXCHANGE_RSP].*
6. [FINISH].SPDM Header Fields
However, starting from SPDM 1.4, the FINISH message introduces two additional fields before the Signature field:
OpaqueDataLengthOpaqueData
In the current libspdm implementation, the signature transcript seems to include these fields as well.
Relevant Code
status = libspdm_append_message_f(
spdm_context,
session_info,
true,
(uint8_t *)spdm_request,
spdm_request_size - signature_size - hmac_size
);From this code, it appears that the appended message (used for transcript calculation) includes everything up to the signature field, which would cover:
OpaqueDataLengthOpaqueData
This behavior seems inconsistent with the specification, which only mentions:
[FINISH].SPDM Header Fields
Questions
- Is the current libspdm implementation correct, and the specification will be updated accordingly?
- Or is this a known issue, and the implementation will be modified to match the spec?
Thanks for your help!
Hi,
I have a question regarding the FINISH requester signature calculation in SPDM version 1.4.0.
According to the SPDM 1.4.0 specification, the transcript used for generating the FINISH requester signature appears to include only the FINISH SPDM header fields.
Spec Reference (Mutual authentication - Requester signature)
Transcript for FINISH signature, mutual authentication
Spec Reference (Responder-only authentication)
Transcript for FINISH HMAC, Responder-only authentication
However, starting from SPDM 1.4, the FINISH message introduces two additional fields before the Signature field:
OpaqueDataLengthOpaqueDataIn the current libspdm implementation, the signature transcript seems to include these fields as well.
Relevant Code
From this code, it appears that the appended message (used for transcript calculation) includes everything up to the signature field, which would cover:
OpaqueDataLengthOpaqueDataThis behavior seems inconsistent with the specification, which only mentions:
[FINISH].SPDM Header Fields
Questions
Thanks for your help!