Google Git
Sign in
chromium / chromiumos / platform / spdm / 2f1cf74817c1c496859f874967681c9edcfd4f2b
commit2f1cf74817c1c496859f874967681c9edcfd4f2b[log] [tgz]
authorHoward Yang <hcyang@google.com>Wed Sep 20 06:38:54 2023
committerChromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Oct 04 02:40:43 2023
treefbc11133493a9f869f5633a5cadf6850a309fb5b
parentf4780b07e0ca28f37a2053a1b35841875c314c5c [diff]
spdm: Support sequence number in session aead

A sequence number should be used as a counter in the nonce of the
encryption/decryption, otherwise the session is vulnerable to replay
attacks. The spec says the field in the request/response messages is
optional, so I didn't add it in the first place. Later on I realized
that the field itself is optional (depends on whether the transport
layer wants to use it for determining message sequence/lost of message
etc.), but even if we don't need to put the sequence number field, the
sequence number should still be used to derive nonce.

BUG=b:284404632
TEST=spdm unittests

Change-Id: If1fee874493ba7fec7f1610e6a53b490e72a8007
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/spdm/+/4878118
Tested-by: Howard Yang <hcyang@google.com>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Howard Yang <hcyang@google.com>
4 files changed
tree: fbc11133493a9f869f5633a5cadf6850a309fb5b
  1. spdm-core/
  2. spdm-types/
  3. src/
  4. .gitignore
  5. cargo-clippy.sh
  6. Cargo.toml
  7. DIR_METADATA
  8. OWNERS
  9. PRESUBMIT.cfg
  10. rust-toolchain
  11. rustfmt.toml
  12. spdm.h