DMTF
Error message when receiving Challenge via secure session
Hi all,
The Spec. says transmitting Challenge via session is prohibited. (outside of a session is allowed.) What is the error response type when the responder receives Challenge message under the secure session?
Thanks.
It seems a bug in current libspdm. There is no such check.
I think we may return SPDM_ERROR_CODE_UNEXPECTED_REQUEST
I guess below reason:
-
it is not needed, when you setup session. Authentication is already done.
-
It will be confusing to construct the transcript. how to calculate message_b?
I guess below reason:
- it is not needed, when you setup session. Authentication is already done.
- It will be confusing to construct the transcript. how to calculate message_b?
For 1, setup session is not grantee that authentication is done because KEY_EXCHANGE can be executed after negotiation as follow; https://github.com/DMTF/libspdm/blob/2e9f68389eba83f38cf586d2cadf2b5b05526e98/library/spdm_responder_lib/libspdm_rsp_key_exchange.c#L232-L237
For 2, why the calculating message_b is confunsing in application phase? I seems similar to GET_MEAS.
11/7/2022 - Agree it is a bug. We may check other messages.
- KEY_EXCHANGE will setup authenticated secure session.
- It is different from GET_MEAS. because GET_MEAS does not have message_b.
It is different from GET_MEAS. because GET_MEAS does not have message_b.
I mean the message_b is also distinguished according to session id or no session. So, the transcript used in CHALLENGE is distinguished.
@hiption , if you want to support CHALLENGE in session, please submit SPDM spec issue.
libspdm will follow the SPDM spec.
Thank you for your reply. I just want to know why SPDM allows GET_MEASUREMTNS in session, but CHALLENGE does not.
@jyao1 This check needs to be present for a lot of other requests, correct? Like GET_CAPABILITIES and NEGOTIATE_ALGORITHMS.