1.3 Responder should not return `ERROR` with `ResetRequired` for `SET_KEY_PAIR_INFO` request

Update more detail for the issue, to make the original issue clearer.

## Background
In 1.3 spec:

**Table 14 — Flag fields definitions for the Responder**
If `CERT_INSTALL_RESET_CAP` set, Responder may return an `ERROR` message of `ErrorCode=ResetRequired` to complete a certificate provisioning request. If this bit is set, `SET_CERT_CAP` shall be set and `CSR_CAP` can be set.
**Table 58 — Error code and error data**
`ResetRequired`: The device requires a reset to complete the requested operation. This `ErrorCode` can be sent in response to the `GET_DIGESTS`, `GET_CERTIFICATE`, `GET_CSR` or `SET_CERTIFICATE` message.


## Problem Statement

### Problem A:
In responder, when `CERT_INSTALL_RESET_CAP` is supported, `need_reset` will be `true`.
> in 1.3 Spec `CERT_INSTALL_RESET_CAP` indicate the certificate provisioning request can return `ResetRequired`, not mentioning set key pair request.

https://github.com/DMTF/libspdm/blob/1c19b6d2ce0ad19a915fe3f23750093b81764bfb/library/spdm_responder_lib/libspdm_rsp_set_key_pair_info_ack.c#L279-L281

There is chance to generate error response with `ResetRequired` for `SET_KEY_PAIR_INFO` request.
> in 1.3 Spec, `SET_KEY_PAIR_INFO` was not listed in Table 58 — Error code and error data, `ResetRequired` row.

https://github.com/DMTF/libspdm/blob/1c19b6d2ce0ad19a915fe3f23750093b81764bfb/library/spdm_responder_lib/libspdm_rsp_set_key_pair_info_ack.c#L300-L304

Checking SPDM spec 1.3.2, `SET_KEY_PAIR_INFO` should not return `ErrorCode=ResetRequired`

### Problem B:

In line 118-119, in requester, the `ResetRequired` was handled only when last request was `SET_CERTIFICATE` and `GET_CSR`.

https://github.com/DMTF/libspdm/blob/1c19b6d2ce0ad19a915fe3f23750093b81764bfb/library/spdm_requester_lib/libspdm_req_handle_error_response.c#L117-L132

So even if responder returns `ResetRequired` for `SET_KEY_PAIR_INFO`, the requester will ignore the `ResetRequired` error.


	if (need_reset) {
	return libspdm_generate_error_response(spdm_context,
	SPDM_ERROR_CODE_RESET_REQUIRED, 0,
	response_size, response);
	} else {

	last_spdm_request = (void *)spdm_context->last_spdm_request;
	if ((last_spdm_request->header.request_response_code == SPDM_SET_CERTIFICATE) \|\|
	(last_spdm_request->header.request_response_code == SPDM_GET_CSR)) {

	if (error_code == SPDM_ERROR_CODE_RESET_REQUIRED) {
	if ((libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_13) &&
	!libspdm_is_capabilities_flag_supported(
	spdm_context, true, 0,
	SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP)) {
	return LIBSPDM_STATUS_ERROR_PEER;
	}
	/* CERT_INSTALL_RESET_CAP for a 1.2 Responder is not checked because it was not defined
	* in SPDM 1.2.0. */
	return LIBSPDM_STATUS_RESET_REQUIRED_PEER;
	}
	}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

1.3 Responder should not return `ERROR` with `ResetRequired` for `SET_KEY_PAIR_INFO` request #3206

Background

Problem Statement

Problem A:

Problem B:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	need_reset = libspdm_is_capabilities_flag_supported(
	spdm_context, false, 0,
	SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP);

1.3 Responder should not return ERROR with ResetRequired for SET_KEY_PAIR_INFO request #3206

Description

Background

Problem Statement

Problem A:

Problem B:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

1.3 Responder should not return `ERROR` with `ResetRequired` for `SET_KEY_PAIR_INFO` request #3206