GET_CERTIFICATE response when CHUNK capability is enabled and chain size is greater than max_spdm_msg_size #3102
Replies: 1 comment
-
|
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
nitinklohar
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
As per SPDM Specification 1.3, if a requester has set offset to 0 and length to 0xFFFF in the GET_CERTIFICATE request and chunk capability is enabled, then responder is expected to return the entire certificate chain in the response buffer which will be fragmented and sent in chunks. But if the certificate chain is big and responder does not have option to increase max_spdm_msg_size to fit the chain, then what should responder do in this case?
libspdm code at
libspdm/library/spdm_responder_lib/libspdm_rsp_certificate.c
Line 138 in 030e89d
libspdm/library/spdm_common_lib/libspdm_com_context_data.c
Lines 1245 to 1248 in 030e89d
If chunk capability was not enabled, responder could easily send the certificate chain as per LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN value. One would expect same things to work when chunk capability is enabled. Should responder be allowed to notify requester to change offset when the responder receives GET_CERTIFICATE request with 0xFFFF offset?
Beta Was this translation helpful? Give feedback.
All reactions