Random Data in Secure message required by IDE/TDISP to be 0

[nipung87]

TDISP specification mentions "The random data field of the secured messages must not be used for TDISP messages or IDE Key Management protocol messages, and this field must have a length of zero".
ref. "TEE Device Interface Security Protocol - TDISP - v2022-07-27"

libspdm does not provide the Random Data size in the secure message to the user, which is removed in "libspdm_decode_secured_message()" API, but is required by IDE/TDISP to send error in such cases.

Is my understanding correct here?

Thanks,

[steven-bellock]

Is my understanding correct here?

It is. libspdm_decode_secured_message does not expose the size of the 277 Random Data field or allow the Integrator to specify legal / illegal sizes in received messages.

[nipung87]

Thanks for prompt response.
As TDISP and IDE need the size of the "Random Data" which in the secured message, libspdm shall need an update in the API or a new API to provide the size to the user? Is there any other way using which the user can know the Random data size?

[steven-bellock]

This would probably be a configurable security policy that's handled in libspdm_decode_secured_message. Something like RAND_DATA_{MIN_MAX}, where for your use case RAND_DATA_MAX would be 0. libspdm would then check this and return an error to the Integrator / Requester if the other endpoint violates it.