Pass spdm context as cookie to secret lib HAL functions

Right now there's no state connected to the signing backend. This means it needs to be hardcoded which credentials are being used. Passing the context allows the backend code to retrieve the app-specific context to access local credentials. Signed-off-by: Patrick Wildt <pwildt@google.com>
DMTF · Feb 29, 2024 · a015166 · a015166
1 parent 7e97424
commit a015166
Show file tree

Hide file tree

Showing 33 changed files with 693 additions and 118 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -47,8 +47,8 @@ jobs:
           - CLANG
           - ARM_GNU
         configurations:
-          - "-DLIBSPDM_ENABLE_CAPABILITY_CERT_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_CHAL_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_MEAS_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_PSK_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_CSR_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP=1 -DLIBSPDM_RESPOND_IF_READY_SUPPORT=1 -DLIBSPDM_SEND_GET_CERTIFICATE_SUPPORT=1 -DLIBSPDM_SEND_CHALLENGE_SUPPORT=1"
-          - "-DLIBSPDM_ENABLE_CAPABILITY_CERT_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_CHAL_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_MEAS_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_PSK_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_CSR_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP=0 -DLIBSPDM_RESPOND_IF_READY_SUPPORT=0 -DLIBSPDM_SEND_GET_CERTIFICATE_SUPPORT=0 -DLIBSPDM_SEND_CHALLENGE_SUPPORT=0"
+          - "-DLIBSPDM_ENABLE_CAPABILITY_CERT_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_CHAL_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_MEAS_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_PSK_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_CSR_CAP=1 -DLIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP=1 -DLIBSPDM_RESPOND_IF_READY_SUPPORT=1 -DLIBSPDM_SEND_GET_CERTIFICATE_SUPPORT=1 -DLIBSPDM_SEND_CHALLENGE_SUPPORT=1 -DLIBSPDM_HAL_PASS_SPDM_CONTEXT=1"
+          - "-DLIBSPDM_ENABLE_CAPABILITY_CERT_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_CHAL_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_MEAS_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_PSK_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_CSR_CAP=0 -DLIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP=0 -DLIBSPDM_RESPOND_IF_READY_SUPPORT=0 -DLIBSPDM_SEND_GET_CERTIFICATE_SUPPORT=0 -DLIBSPDM_SEND_CHALLENGE_SUPPORT=0 -DLIBSPDM_HAL_PASS_SPDM_CONTEXT=0"
           - "-DLIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT=0 -DLIBSPDM_FIPS_MODE=0 -DLIBSPDM_ENABLE_CAPABILITY_CSR_CAP_EX=0"
           - "-DLIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT=1 -DLIBSPDM_FIPS_MODE=1 -DLIBSPDM_ENABLE_CAPABILITY_CSR_CAP_EX=1"
           - "-DDISABLE_TESTS=1"

diff --git a/include/hal/library/requester/reqasymsignlib.h b/include/hal/library/requester/reqasymsignlib.h
@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2023 DMTF. All rights reserved.
+ *  Copyright 2023-2024 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -14,6 +14,8 @@
 /**
  * Sign an SPDM message data.
  *
+ * @param  spdm_context      A pointer to the SPDM context.
+ * @param  spdm_version      Indicates the negotiated s version.
  * @param  req_base_asym_alg Indicates the signing algorithm.
  * @param  base_hash_algo    Indicates the hash algorithm.
  * @param  is_data_hash      Indicates the message type.
@@ -31,6 +33,9 @@
  * @retval false signing fail.
  **/
 extern bool libspdm_requester_data_sign(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+    void *spdm_context,
+#endif
     spdm_version_number_t spdm_version,
     uint8_t op_code,
     uint16_t req_base_asym_alg,
@@ -42,7 +47,8 @@ extern bool libspdm_requester_data_sign(
 /**
  * This functions returns the opaque data in a CHALLENGE_AUTH response.
  *
- * @param spdm_version  Indicates the negotiated s version.
+ * @param  spdm_context  A pointer to the SPDM context.
+ * @param  spdm_version  Indicates the negotiated s version.
  *
  * @param  slot_id       The number of slot for the certificate chain.
  *
@@ -58,6 +64,9 @@ extern bool libspdm_requester_data_sign(
  * On output, indicates the size of the opaque data.
  **/
 extern bool libspdm_encap_challenge_opaque_data(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+    void *spdm_context,
+#endif
     spdm_version_number_t spdm_version,
     uint8_t slot_id,
     uint8_t *measurement_summary_hash,

diff --git a/include/hal/library/responder/asymsignlib.h b/include/hal/library/responder/asymsignlib.h
@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2021-2023 DMTF. All rights reserved.
+ *  Copyright 2021-2024 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -16,7 +16,8 @@
 /**
  * This functions returns the opaque data in a CHALLENGE_AUTH response.
  *
- * @param spdm_version  Indicates the negotiated s version.
+ * @param  spdm_context  A pointer to the SPDM context.
+ * @param  spdm_version  Indicates the negotiated s version.
  *
  * @param  slot_id       The number of slot for the certificate chain.
  *
@@ -32,6 +33,9 @@
  * On output, indicates the size of the opaque data.
  **/
 extern bool libspdm_challenge_opaque_data(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+    void *spdm_context,
+#endif
     spdm_version_number_t spdm_version,
     uint8_t slot_id,
     uint8_t *measurement_summary_hash,
@@ -43,6 +47,8 @@ extern bool libspdm_challenge_opaque_data(
 /**
  * Sign an SPDM message data.
  *
+ * @param  spdm_context    A pointer to the SPDM context.
+ * @param  spdm_version    Indicates the negotiated s version.
  * @param  base_asym_algo  Indicates the signing algorithm.
  * @param  base_hash_algo  Indicates the hash algorithm.
  * @param  is_data_hash    Indicate the message type.
@@ -59,6 +65,9 @@ extern bool libspdm_challenge_opaque_data(
  * @retval false Signing fail.
  **/
 extern bool libspdm_responder_data_sign(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+    void *spdm_context,
+#endif
     spdm_version_number_t spdm_version,
     uint8_t op_code, uint32_t base_asym_algo,
     uint32_t base_hash_algo, bool is_data_hash,

diff --git a/include/hal/library/responder/csrlib.h b/include/hal/library/responder/csrlib.h
@@ -16,6 +16,8 @@
 /**
  * Gen CSR
  *
+ * @param[in]      spdm_context          A pointer to the SPDM context.
+ *
  * @param[in]      base_hash_algo        Indicates the hash algorithm.
  * @param[in]      base_asym_algo        Indicates the signing algorithm.
  * @param[in, out] need_reset            For input, it gives the value of CERT_INSTALL_RESET_CAP:
@@ -44,12 +46,16 @@
  * @retval  true   Success.
  * @retval  false  Failed to gen CSR.
  **/
-extern bool libspdm_gen_csr(uint32_t base_hash_algo, uint32_t base_asym_algo, bool *need_reset,
-                            const void *request, size_t request_size,
-                            uint8_t *requester_info, size_t requester_info_length,
-                            uint8_t *opaque_data, uint16_t opaque_data_length,
-                            size_t *csr_len, uint8_t *csr_pointer,
-                            bool is_device_cert_model);
+extern bool libspdm_gen_csr(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+    void *spdm_context,
+#endif
+    uint32_t base_hash_algo, uint32_t base_asym_algo, bool *need_reset,
+    const void *request, size_t request_size,
+    uint8_t *requester_info, size_t requester_info_length,
+    uint8_t *opaque_data, uint16_t opaque_data_length,
+    size_t *csr_len, uint8_t *csr_pointer,
+    bool is_device_cert_model);
 
 /**
  * Gen CSR, which is uesd for SPDM 1.3
@@ -66,6 +72,8 @@ extern bool libspdm_gen_csr(uint32_t base_hash_algo, uint32_t base_asym_algo, bo
  *   |    Yes    |          0          |      Yes    |   -   |          ResetRequired       |
  *   |    Yes    |        Non-0        |      -      |   -   |             Invalid          |
  *
+ * @param[in]      spdm_context          A pointer to the SPDM context.
+ *
  * @param[in]      base_hash_algo        Indicates the hash algorithm.
  * @param[in]      base_asym_algo        Indicates the signing algorithm.
  * @param[in, out] need_reset            For input, it gives the value of CERT_INSTALL_RESET_CAP:
@@ -101,15 +109,19 @@ extern bool libspdm_gen_csr(uint32_t base_hash_algo, uint32_t base_asym_algo, bo
  **/
 
 #if LIBSPDM_ENABLE_CAPABILITY_CSR_CAP_EX
-extern bool libspdm_gen_csr_ex(uint32_t base_hash_algo, uint32_t base_asym_algo, bool *need_reset,
-                               const void *request, size_t request_size,
-                               uint8_t *requester_info, size_t requester_info_length,
-                               uint8_t *opaque_data, uint16_t opaque_data_length,
-                               size_t *csr_len, uint8_t *csr_pointer,
-                               uint8_t req_cert_model,
-                               uint8_t *req_csr_tracking_tag,
-                               uint8_t req_key_pair_id,
-                               bool overwrite);
+extern bool libspdm_gen_csr_ex(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+    void *spdm_context,
+#endif
+    uint32_t base_hash_algo, uint32_t base_asym_algo, bool *need_reset,
+    const void *request, size_t request_size,
+    uint8_t *requester_info, size_t requester_info_length,
+    uint8_t *opaque_data, uint16_t opaque_data_length,
+    size_t *csr_len, uint8_t *csr_pointer,
+    uint8_t req_cert_model,
+    uint8_t *req_csr_tracking_tag,
+    uint8_t req_key_pair_id,
+    bool overwrite);
 #endif /*LIBSPDM_ENABLE_CAPABILITY_CSR_CAP_EX*/
 #endif /* LIBSPDM_ENABLE_CAPABILITY_CSR_CAP */
 

diff --git a/include/hal/library/responder/measlib.h b/include/hal/library/responder/measlib.h
@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2021-2023 DMTF. All rights reserved.
+ *  Copyright 2021-2024 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -19,7 +19,8 @@
  * libspdm will call this function to retrieve the measurements for a device.
  * The "measurement_index" parameter indicates the measurement requested.
  *
- * @param spdm_version  Indicates the negotiated SPDM version.
+ * @param  spdm_context  A pointer to the SPDM context.
+ * @param  spdm_version  Indicates the negotiated SPDM version.
  *
  * @param  measurement_specification  Indicates the measurement specification.
  * Must be a SPDM_MEASUREMENT_BLOCK_HEADER_SPECIFICATION_* value in spdm.h.
@@ -65,6 +66,9 @@
  * The maximum size is SPDM_MAX_MEASUREMENT_RECORD_LENGTH (2^24 - 1 bytes).
  **/
 extern libspdm_return_t libspdm_measurement_collection(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+    void *spdm_context,
+#endif
     spdm_version_number_t spdm_version,
     uint8_t measurement_specification,
     uint32_t measurement_hash_algo,
@@ -81,7 +85,8 @@ extern libspdm_return_t libspdm_measurement_collection(
  * It is called immediately after libspdm_measurement_collection() is called and allows the opaque
  * data field to vary based on the GET_MEASUREMENTS request.
  *
- * @param spdm_version  Indicates the negotiated SPDM version.
+ * @param  spdm_context  A pointer to the SPDM context.
+ * @param  spdm_version  Indicates the negotiated SPDM version.
  *
  * @param  measurement_specification  Indicates the measurement specification.
  * Must be a SPDM_MEASUREMENT_BLOCK_HEADER_SPECIFICATION_* value in spdm.h.
@@ -102,6 +107,9 @@ extern libspdm_return_t libspdm_measurement_collection(
  * On output, indicates the size of the opaque data.
  **/
 extern bool libspdm_measurement_opaque_data(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+    void *spdm_context,
+#endif
     spdm_version_number_t spdm_version,
     uint8_t measurement_specification,
     uint32_t measurement_hash_algo,
@@ -113,6 +121,7 @@ extern bool libspdm_measurement_opaque_data(
 /**
  * This function calculates the measurement summary hash.
  *
+ * @param  spdm_context               A pointer to the SPDM context.
  * @param  spdm_version               The SPDM version.
  * @param  base_hash_algo             The hash algo to use on summary.
  * @param  measurement_specification  Indicates the measurement specification.
@@ -130,6 +139,9 @@ extern bool libspdm_measurement_opaque_data(
  * @retval false measurement summary hash is not generated.
  **/
 extern bool libspdm_generate_measurement_summary_hash(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+    void *spdm_context,
+#endif
     spdm_version_number_t spdm_version,
     uint32_t base_hash_algo,
     uint8_t measurement_specification,

diff --git a/include/hal/library/responder/setcertlib.h b/include/hal/library/responder/setcertlib.h
@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2021-2023 DMTF. All rights reserved.
+ *  Copyright 2021-2024 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -16,16 +16,23 @@
 /**
  * return if current code is running in a trusted environment.
  *
+ * @param[in]  spdm_context  A pointer to the SPDM context.
+ *
  * @retval  true   It is in a trusted environment.
  * @retval  false  It is not in a trusted environment.
  **/
-extern bool libspdm_is_in_trusted_environment();
+extern bool libspdm_is_in_trusted_environment(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+    void *spdm_context
+#endif
+    );
 
 /**
  * Stores or erase a certificate chain in non-volatile memory.
  * If the cert_chain is NULL and cert_chain_size is 0,
  * the feature is to erase the certificate chain.
  *
+ * @param[in]  spdm_context     A pointer to the SPDM context.
  * @param[in]  slot_id          The number of slot for the certificate chain.
  * @param[in]  cert_chain       The pointer for the certificate chain to set.
  * @param[in]  cert_chain_size  The size of the certificate chain to set.
@@ -35,9 +42,13 @@ extern bool libspdm_is_in_trusted_environment();
  * @retval true   The certificate chain was successfully written to non-volatile memory.
  * @retval false  Unable to write certificate chain to non-volatile memory.
  **/
-extern bool libspdm_write_certificate_to_nvm(uint8_t slot_id, const void * cert_chain,
-                                             size_t cert_chain_size,
-                                             uint32_t base_hash_algo, uint32_t base_asym_algo);
+extern bool libspdm_write_certificate_to_nvm(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+    void *spdm_context,
+#endif
+    uint8_t slot_id, const void * cert_chain,
+    size_t cert_chain_size,
+    uint32_t base_hash_algo, uint32_t base_asym_algo);
 
 #endif /* LIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP */
 

diff --git a/include/library/spdm_lib_config.h b/include/library/spdm_lib_config.h
@@ -400,4 +400,10 @@
 #define LIBSPDM_CHECK_SPDM_CONTEXT 1
 #endif
 
+/* Enable passing the SPDM context to HAL functions.
+ * This macro will be removed when libspdm 4.0 is released. */
+#ifndef LIBSPDM_HAL_PASS_SPDM_CONTEXT
+#define LIBSPDM_HAL_PASS_SPDM_CONTEXT 0
+#endif
+
 #endif /* SPDM_LIB_CONFIG_H */
diff --git a/library/spdm_common_lib/libspdm_com_crypto_service.c b/library/spdm_common_lib/libspdm_com_crypto_service.c
@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2021-2022 DMTF. All rights reserved.
+ *  Copyright 2021-2024 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -785,12 +785,18 @@ bool libspdm_generate_challenge_auth_signature(libspdm_context_t *spdm_context,
             spdm_context->connection_info.algorithm.req_base_asym_alg);
 #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
         result = libspdm_requester_data_sign(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+            spdm_context,
+#endif
             spdm_context->connection_info.version, SPDM_CHALLENGE_AUTH,
             spdm_context->connection_info.algorithm.req_base_asym_alg,
             spdm_context->connection_info.algorithm.base_hash_algo,
             false, m1m2_buffer, m1m2_buffer_size, signature, &signature_size);
 #else
         result = libspdm_requester_data_sign(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+            spdm_context,
+#endif
             spdm_context->connection_info.version, SPDM_CHALLENGE_AUTH,
             spdm_context->connection_info.algorithm.req_base_asym_alg,
             spdm_context->connection_info.algorithm.base_hash_algo,
@@ -804,13 +810,19 @@ bool libspdm_generate_challenge_auth_signature(libspdm_context_t *spdm_context,
             spdm_context->connection_info.algorithm.base_asym_algo);
 #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
         result = libspdm_responder_data_sign(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+            spdm_context,
+#endif
             spdm_context->connection_info.version, SPDM_CHALLENGE_AUTH,
             spdm_context->connection_info.algorithm.base_asym_algo,
             spdm_context->connection_info.algorithm.base_hash_algo,
             false, m1m2_buffer, m1m2_buffer_size, signature,
             &signature_size);
 #else
         result = libspdm_responder_data_sign(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+            spdm_context,
+#endif
             spdm_context->connection_info.version, SPDM_CHALLENGE_AUTH,
             spdm_context->connection_info.algorithm.base_asym_algo,
             spdm_context->connection_info.algorithm.base_hash_algo,

diff --git a/library/spdm_requester_lib/libspdm_req_encap_challenge_auth.c b/library/spdm_requester_lib/libspdm_req_encap_challenge_auth.c
@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2021-2022 DMTF. All rights reserved.
+ *  Copyright 2021-2024 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -158,6 +158,9 @@ libspdm_return_t libspdm_get_encap_response_challenge_auth(
         measurement_summary_hash_size + sizeof(uint16_t);
 
     result = libspdm_encap_challenge_opaque_data(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+        spdm_context,
+#endif
         context->connection_info.version,
         slot_id,
         measurement_summary_hash, measurement_summary_hash_size,

diff --git a/library/spdm_requester_lib/libspdm_req_finish.c b/library/spdm_requester_lib/libspdm_req_finish.c
@@ -300,12 +300,18 @@ bool libspdm_generate_finish_req_signature(libspdm_context_t *spdm_context,
 
 #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
     result = libspdm_requester_data_sign(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+        spdm_context,
+#endif
         spdm_context->connection_info.version, SPDM_FINISH,
         spdm_context->connection_info.algorithm.req_base_asym_alg,
         spdm_context->connection_info.algorithm.base_hash_algo,
         false, th_curr_data, th_curr_data_size, signature, &signature_size);
 #else
     result = libspdm_requester_data_sign(
+#if LIBSPDM_HAL_PASS_SPDM_CONTEXT
+        spdm_context,
+#endif
         spdm_context->connection_info.version, SPDM_FINISH,
         spdm_context->connection_info.algorithm.req_base_asym_alg,
         spdm_context->connection_info.algorithm.base_hash_algo,