Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "library/spdm_common_lib.h"
9 : #include "spdm_crypt_ext_lib/spdm_crypt_ext_lib.h"
10 :
11 : /* https://lapo.it/asn1js/#MCQGCisGAQQBgxyCEgEMFkFDTUU6V0lER0VUOjEyMzQ1Njc4OTA*/
12 : uint8_t m_libspdm_subject_alt_name_buffer1[] = {
13 : 0x30, 0x24, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83,
14 : 0x1C, 0x82, 0x12, 0x01, 0x0C, 0x16, 0x41, 0x43, 0x4D, 0x45,
15 : 0x3A, 0x57, 0x49, 0x44, 0x47, 0x45, 0x54, 0x3A, 0x31, 0x32,
16 : 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30
17 : };
18 :
19 : /* https://lapo.it/asn1js/#MCYGCisGAQQBgxyCEgGgGAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MA*/
20 : uint8_t m_libspdm_subject_alt_name_buffer2[] = {
21 : 0x30, 0x26, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83,
22 : 0x1C, 0x82, 0x12, 0x01, 0xA0, 0x18, 0x0C, 0x16, 0x41, 0x43,
23 : 0x4D, 0x45, 0x3A, 0x57, 0x49, 0x44, 0x47, 0x45, 0x54, 0x3A,
24 : 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30
25 : };
26 :
27 : /* https://lapo.it/asn1js/#MCigJgYKKwYBBAGDHIISAaAYDBZBQ01FOldJREdFVDoxMjM0NTY3ODkw*/
28 : uint8_t m_libspdm_subject_alt_name_buffer3[] = {
29 : 0x30, 0x28, 0xA0, 0x26, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01,
30 : 0x83, 0x1C, 0x82, 0x12, 0x01, 0xA0, 0x18, 0x0C, 0x16, 0x41, 0x43,
31 : 0x4D, 0x45, 0x3A, 0x57, 0x49, 0x44, 0x47, 0x45, 0x54, 0x3A, 0x31,
32 : 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30
33 : };
34 :
35 : uint8_t m_libspdm_dmtf_oid[] = { 0x2B, 0x06, 0x01, 0x4, 0x01,
36 : 0x83, 0x1C, 0x82, 0x12, 0x01 };
37 :
38 1 : void libspdm_test_crypt_spdm_get_dmtf_subject_alt_name_from_bytes(void **state)
39 : {
40 : size_t common_name_size;
41 : char common_name[64];
42 : size_t dmtf_oid_size;
43 : uint8_t dmtf_oid[64];
44 : bool status;
45 :
46 1 : common_name_size = 64;
47 1 : dmtf_oid_size = 64;
48 1 : libspdm_zero_mem(common_name, common_name_size);
49 1 : libspdm_zero_mem(dmtf_oid, dmtf_oid_size);
50 1 : status = libspdm_get_dmtf_subject_alt_name_from_bytes(
51 : m_libspdm_subject_alt_name_buffer1, sizeof(m_libspdm_subject_alt_name_buffer1),
52 : common_name, &common_name_size, dmtf_oid, &dmtf_oid_size);
53 1 : assert_true(status);
54 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
55 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
56 :
57 1 : common_name_size = 64;
58 1 : dmtf_oid_size = 64;
59 1 : libspdm_zero_mem(common_name, common_name_size);
60 1 : libspdm_zero_mem(dmtf_oid, dmtf_oid_size);
61 1 : status = libspdm_get_dmtf_subject_alt_name_from_bytes(
62 : m_libspdm_subject_alt_name_buffer2, sizeof(m_libspdm_subject_alt_name_buffer2),
63 : common_name, &common_name_size, dmtf_oid, &dmtf_oid_size);
64 1 : assert_true(status);
65 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
66 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
67 :
68 1 : common_name_size = 64;
69 1 : dmtf_oid_size = 64;
70 1 : libspdm_zero_mem(common_name, common_name_size);
71 1 : libspdm_zero_mem(dmtf_oid, dmtf_oid_size);
72 1 : status = libspdm_get_dmtf_subject_alt_name_from_bytes(
73 : m_libspdm_subject_alt_name_buffer3, sizeof(m_libspdm_subject_alt_name_buffer3),
74 : common_name, &common_name_size, dmtf_oid, &dmtf_oid_size);
75 1 : assert_true(status);
76 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
77 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
78 1 : }
79 :
80 1 : void libspdm_test_crypt_spdm_get_dmtf_subject_alt_name(void **state)
81 : {
82 : size_t common_name_size;
83 : char common_name[64];
84 : size_t dmtf_oid_size;
85 : uint8_t dmtf_oid[64];
86 : uint8_t *file_buffer;
87 : size_t file_buffer_size;
88 : bool status;
89 :
90 1 : status = libspdm_read_input_file("rsa2048/end_requester.cert.der",
91 : (void **)&file_buffer, &file_buffer_size);
92 1 : assert_true(status);
93 1 : dmtf_oid_size = 64;
94 1 : common_name_size = 64;
95 1 : status = libspdm_get_dmtf_subject_alt_name(file_buffer, file_buffer_size,
96 : common_name, &common_name_size,
97 : dmtf_oid, &dmtf_oid_size);
98 1 : assert_true(status);
99 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
100 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
101 1 : free(file_buffer);
102 :
103 1 : status = libspdm_read_input_file("rsa3072/end_requester.cert.der",
104 : (void **)&file_buffer, &file_buffer_size);
105 1 : assert_true(status);
106 1 : dmtf_oid_size = 64;
107 1 : common_name_size = 64;
108 1 : status = libspdm_get_dmtf_subject_alt_name(file_buffer, file_buffer_size,
109 : common_name, &common_name_size,
110 : dmtf_oid, &dmtf_oid_size);
111 1 : assert_true(status);
112 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
113 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
114 1 : free(file_buffer);
115 :
116 1 : status = libspdm_read_input_file("rsa4096/end_requester.cert.der",
117 : (void **)&file_buffer, &file_buffer_size);
118 1 : assert_true(status);
119 1 : dmtf_oid_size = 64;
120 1 : common_name_size = 64;
121 1 : status = libspdm_get_dmtf_subject_alt_name(file_buffer, file_buffer_size,
122 : common_name, &common_name_size,
123 : dmtf_oid, &dmtf_oid_size);
124 1 : assert_true(status);
125 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
126 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
127 1 : free(file_buffer);
128 :
129 1 : status = libspdm_read_input_file("ecp256/end_requester.cert.der",
130 : (void **)&file_buffer, &file_buffer_size);
131 1 : assert_true(status);
132 1 : dmtf_oid_size = 64;
133 1 : common_name_size = 64;
134 1 : status = libspdm_get_dmtf_subject_alt_name(file_buffer, file_buffer_size,
135 : common_name, &common_name_size,
136 : dmtf_oid, &dmtf_oid_size);
137 1 : assert_true(status);
138 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
139 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
140 1 : free(file_buffer);
141 :
142 1 : status = libspdm_read_input_file("ecp384/end_requester.cert.der",
143 : (void **)&file_buffer, &file_buffer_size);
144 1 : assert_true(status);
145 1 : dmtf_oid_size = 64;
146 1 : common_name_size = 64;
147 1 : status = libspdm_get_dmtf_subject_alt_name(file_buffer, file_buffer_size,
148 : common_name, &common_name_size,
149 : dmtf_oid, &dmtf_oid_size);
150 1 : assert_true(status);
151 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
152 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
153 1 : free(file_buffer);
154 :
155 1 : status = libspdm_read_input_file("ecp521/end_requester.cert.der",
156 : (void **)&file_buffer, &file_buffer_size);
157 1 : assert_true(status);
158 1 : dmtf_oid_size = 64;
159 1 : common_name_size = 64;
160 1 : status = libspdm_get_dmtf_subject_alt_name(file_buffer, file_buffer_size,
161 : common_name, &common_name_size,
162 : dmtf_oid, &dmtf_oid_size);
163 1 : assert_true(status);
164 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
165 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
166 1 : free(file_buffer);
167 1 : }
168 :
169 1 : void libspdm_test_crypt_spdm_x509_certificate_check(void **state)
170 : {
171 : bool status;
172 : uint8_t *file_buffer;
173 : size_t file_buffer_size;
174 :
175 : if ((LIBSPDM_RSA_SSA_2048_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
176 1 : status = libspdm_read_input_file("rsa2048/end_requester.cert.der",
177 : (void **)&file_buffer, &file_buffer_size);
178 1 : assert_true(status);
179 :
180 1 : status = libspdm_x509_certificate_check(
181 : SPDM_MESSAGE_VERSION_12,
182 : file_buffer, file_buffer_size,
183 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
184 : 0,
185 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
186 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
187 1 : assert_true(status);
188 1 : free(file_buffer);
189 : }
190 : if ((LIBSPDM_RSA_SSA_3072_SUPPORT) && (LIBSPDM_SHA384_SUPPORT)) {
191 1 : status = libspdm_read_input_file("rsa3072/end_requester.cert.der",
192 : (void **)&file_buffer, &file_buffer_size);
193 1 : assert_true(status);
194 1 : status = libspdm_x509_certificate_check(
195 : SPDM_MESSAGE_VERSION_12,
196 : file_buffer, file_buffer_size,
197 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072,
198 : 0,
199 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384,
200 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
201 1 : assert_true(status);
202 1 : free(file_buffer);
203 : }
204 : if ((LIBSPDM_RSA_SSA_4096_SUPPORT) && (LIBSPDM_SHA512_SUPPORT)) {
205 1 : status = libspdm_read_input_file("rsa4096/end_requester.cert.der",
206 : (void **)&file_buffer, &file_buffer_size);
207 1 : assert_true(status);
208 1 : status = libspdm_x509_certificate_check(
209 : SPDM_MESSAGE_VERSION_12,
210 : file_buffer, file_buffer_size,
211 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096,
212 : 0,
213 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512,
214 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
215 1 : assert_true(status);
216 1 : free(file_buffer);
217 : }
218 :
219 : if ((LIBSPDM_ECDSA_P256_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
220 1 : status = libspdm_read_input_file("ecp256/end_requester.cert.der",
221 : (void **)&file_buffer, &file_buffer_size);
222 1 : assert_true(status);
223 1 : status = libspdm_x509_certificate_check(
224 : SPDM_MESSAGE_VERSION_12,
225 : file_buffer, file_buffer_size,
226 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
227 : 0,
228 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
229 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
230 1 : assert_true(status);
231 1 : free(file_buffer);
232 : }
233 : if ((LIBSPDM_ECDSA_P384_SUPPORT) && (LIBSPDM_SHA384_SUPPORT)) {
234 1 : status = libspdm_read_input_file("ecp384/end_requester.cert.der",
235 : (void **)&file_buffer, &file_buffer_size);
236 1 : assert_true(status);
237 1 : status = libspdm_x509_certificate_check(
238 : SPDM_MESSAGE_VERSION_12,
239 : file_buffer, file_buffer_size,
240 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384,
241 : 0,
242 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384,
243 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
244 1 : assert_true(status);
245 1 : free(file_buffer);
246 : }
247 : if ((LIBSPDM_ECDSA_P521_SUPPORT) && (LIBSPDM_SHA512_SUPPORT)) {
248 1 : status = libspdm_read_input_file("ecp521/end_requester.cert.der",
249 : (void **)&file_buffer, &file_buffer_size);
250 1 : assert_true(status);
251 1 : status = libspdm_x509_certificate_check(
252 : SPDM_MESSAGE_VERSION_12,
253 : file_buffer, file_buffer_size,
254 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521,
255 : 0,
256 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512,
257 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
258 1 : assert_true(status);
259 1 : free(file_buffer);
260 : }
261 : if ((LIBSPDM_ECDSA_P256_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
262 : /*check for leaf cert basic constraints, CA = true,pathlen:none*/
263 1 : status = libspdm_read_input_file("ecp256/end_requester_ca_false.cert.der",
264 : (void **)&file_buffer, &file_buffer_size);
265 1 : assert_true(status);
266 1 : status = libspdm_x509_certificate_check(
267 : SPDM_MESSAGE_VERSION_12,
268 : file_buffer, file_buffer_size,
269 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
270 : 0,
271 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
272 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
273 1 : assert_false(status);
274 1 : free(file_buffer);
275 :
276 :
277 : /*check for leaf cert basic constraints, basic constraints is excluded*/
278 1 : status = libspdm_read_input_file("ecp256/end_requester_without_basic_constraint.cert.der",
279 : (void **)&file_buffer, &file_buffer_size);
280 1 : assert_true(status);
281 1 : status = libspdm_x509_certificate_check(
282 : SPDM_MESSAGE_VERSION_12,
283 : file_buffer, file_buffer_size,
284 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
285 : 0,
286 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
287 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
288 1 : assert_true(status);
289 1 : free(file_buffer);
290 : }
291 : if ((LIBSPDM_RSA_SSA_2048_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
292 : /*check for leaf cert spdm defined eku*/
293 1 : status = libspdm_read_input_file("rsa2048/end_requester_with_spdm_req_rsp_eku.cert.der",
294 : (void **)&file_buffer, &file_buffer_size);
295 1 : assert_true(status);
296 :
297 1 : status = libspdm_x509_certificate_check(
298 : SPDM_MESSAGE_VERSION_12,
299 : file_buffer, file_buffer_size,
300 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
301 : 0,
302 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
303 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
304 1 : assert_true(status);
305 1 : free(file_buffer);
306 :
307 1 : status = libspdm_read_input_file("rsa2048/end_requester_with_spdm_req_eku.cert.der",
308 : (void **)&file_buffer, &file_buffer_size);
309 1 : assert_true(status);
310 :
311 1 : status = libspdm_x509_certificate_check(
312 : SPDM_MESSAGE_VERSION_12,
313 : file_buffer, file_buffer_size,
314 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
315 : 0,
316 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
317 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
318 1 : assert_true(status);
319 1 : free(file_buffer);
320 :
321 1 : status = libspdm_read_input_file("rsa2048/end_requester_with_spdm_rsp_eku.cert.der",
322 : (void **)&file_buffer, &file_buffer_size);
323 1 : assert_true(status);
324 :
325 1 : status = libspdm_x509_certificate_check(
326 : SPDM_MESSAGE_VERSION_12,
327 : file_buffer, file_buffer_size,
328 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
329 : 0,
330 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
331 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
332 1 : assert_false(status);
333 1 : free(file_buffer);
334 :
335 1 : status = libspdm_read_input_file("rsa2048/end_responder_with_spdm_req_rsp_eku.cert.der",
336 : (void **)&file_buffer, &file_buffer_size);
337 1 : assert_true(status);
338 :
339 1 : status = libspdm_x509_certificate_check(
340 : SPDM_MESSAGE_VERSION_12,
341 : file_buffer, file_buffer_size,
342 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
343 : 0,
344 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
345 : false, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
346 1 : assert_true(status);
347 1 : free(file_buffer);
348 :
349 1 : status = libspdm_read_input_file("rsa2048/end_requester_with_spdm_req_eku.cert.der",
350 : (void **)&file_buffer, &file_buffer_size);
351 1 : assert_true(status);
352 :
353 1 : status = libspdm_x509_certificate_check(
354 : SPDM_MESSAGE_VERSION_12,
355 : file_buffer, file_buffer_size,
356 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
357 : 0,
358 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
359 : false, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
360 1 : assert_false(status);
361 1 : free(file_buffer);
362 :
363 1 : status = libspdm_read_input_file("rsa2048/end_requester_with_spdm_rsp_eku.cert.der",
364 : (void **)&file_buffer, &file_buffer_size);
365 1 : assert_true(status);
366 :
367 1 : status = libspdm_x509_certificate_check(
368 : SPDM_MESSAGE_VERSION_12,
369 : file_buffer, file_buffer_size,
370 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
371 : 0,
372 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
373 : false, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
374 1 : assert_true(status);
375 1 : free(file_buffer);
376 : }
377 : if ((LIBSPDM_RSA_SSA_3072_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
378 : /* cert mismatched negotiated base_aysm_algo check */
379 1 : status = libspdm_read_input_file("rsa2048/end_requester.cert.der",
380 : (void **)&file_buffer, &file_buffer_size);
381 1 : assert_true(status);
382 1 : status = libspdm_x509_certificate_check(
383 : SPDM_MESSAGE_VERSION_12,
384 : file_buffer, file_buffer_size,
385 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072,
386 : 0,
387 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
388 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
389 1 : assert_false(status);
390 1 : free(file_buffer);
391 :
392 1 : status = libspdm_read_input_file("ecp256/end_requester.cert.der",
393 : (void **)&file_buffer, &file_buffer_size);
394 1 : assert_true(status);
395 1 : status = libspdm_x509_certificate_check(
396 : SPDM_MESSAGE_VERSION_12,
397 : file_buffer, file_buffer_size,
398 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072,
399 : 0,
400 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
401 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
402 1 : assert_false(status);
403 1 : free(file_buffer);
404 : }
405 : if ((LIBSPDM_RSA_SSA_4096_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
406 : /*test web cert: cert public key algo is RSA case*/
407 1 : status = libspdm_read_input_file("test_web_cert/Google.cer",
408 : (void **)&file_buffer, &file_buffer_size);
409 1 : assert_true(status);
410 1 : status = libspdm_x509_certificate_check(
411 : SPDM_MESSAGE_VERSION_12,
412 : file_buffer, file_buffer_size,
413 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096,
414 : 0,
415 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
416 : false, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
417 1 : assert_true(status);
418 1 : free(file_buffer);
419 : }
420 : if ((LIBSPDM_RSA_SSA_2048_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
421 1 : status = libspdm_read_input_file("test_web_cert/Amazon.cer",
422 : (void **)&file_buffer, &file_buffer_size);
423 1 : assert_true(status);
424 1 : status = libspdm_x509_certificate_check(
425 : SPDM_MESSAGE_VERSION_12,
426 : file_buffer, file_buffer_size,
427 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
428 : 0,
429 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
430 : false, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
431 1 : assert_true(status);
432 1 : free(file_buffer);
433 : }
434 :
435 : if ((LIBSPDM_ECDSA_P256_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
436 : /*test web cert: ccert public key algo is ECC case*/
437 1 : status = libspdm_read_input_file("test_web_cert/GitHub.cer",
438 : (void **)&file_buffer, &file_buffer_size);
439 1 : assert_true(status);
440 1 : status = libspdm_x509_certificate_check(
441 : SPDM_MESSAGE_VERSION_12,
442 : file_buffer, file_buffer_size,
443 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
444 : 0,
445 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
446 : false, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
447 1 : assert_true(status);
448 1 : free(file_buffer);
449 : }
450 : if ((LIBSPDM_ECDSA_P256_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
451 1 : status = libspdm_read_input_file("test_web_cert/YouTube.cer",
452 : (void **)&file_buffer, &file_buffer_size);
453 1 : assert_true(status);
454 1 : status = libspdm_x509_certificate_check(
455 : SPDM_MESSAGE_VERSION_12,
456 : file_buffer, file_buffer_size,
457 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
458 : 0,
459 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
460 : false, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
461 1 : assert_true(status);
462 1 : free(file_buffer);
463 : }
464 :
465 : /* Test 1.3 */
466 : if ((LIBSPDM_RSA_SSA_2048_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
467 1 : status = libspdm_read_input_file("rsa2048/end_requester.cert.der",
468 : (void **)&file_buffer, &file_buffer_size);
469 1 : assert_true(status);
470 :
471 1 : status = libspdm_x509_certificate_check(
472 : SPDM_MESSAGE_VERSION_13,
473 : file_buffer, file_buffer_size,
474 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
475 : 0,
476 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
477 : true,
478 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
479 1 : assert_true(status);
480 :
481 1 : status = libspdm_x509_certificate_check(
482 : SPDM_MESSAGE_VERSION_13,
483 : file_buffer, file_buffer_size,
484 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
485 : 0,
486 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
487 : true,
488 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
489 1 : assert_true(status);
490 1 : free(file_buffer);
491 : }
492 : if ((LIBSPDM_ECDSA_P256_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
493 1 : status = libspdm_read_input_file("ecp256/end_responder.cert.der",
494 : (void **)&file_buffer, &file_buffer_size);
495 1 : assert_true(status);
496 1 : status = libspdm_x509_certificate_check(
497 : SPDM_MESSAGE_VERSION_13,
498 : file_buffer, file_buffer_size,
499 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
500 : 0,
501 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
502 : false,
503 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
504 1 : assert_true(status);
505 :
506 1 : status = libspdm_x509_certificate_check(
507 : SPDM_MESSAGE_VERSION_13,
508 : file_buffer, file_buffer_size,
509 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
510 : 0,
511 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
512 : false,
513 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
514 1 : assert_false(status);
515 1 : free(file_buffer);
516 :
517 1 : status = libspdm_read_input_file("ecp256/end_requester_without_basic_constraint.cert.der",
518 : (void **)&file_buffer, &file_buffer_size);
519 1 : assert_true(status);
520 1 : status = libspdm_x509_certificate_check(
521 : SPDM_MESSAGE_VERSION_13,
522 : file_buffer, file_buffer_size,
523 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
524 : 0,
525 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
526 : false,
527 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
528 : /*the expected result is false, because basic_constraint is mandatory in SPDM 1.3*/
529 1 : assert_false(status);
530 1 : free(file_buffer);
531 : }
532 :
533 1 : }
534 :
535 1 : void libspdm_test_crypt_spdm_x509_set_cert_certificate_check(void **state)
536 : {
537 : bool status;
538 : uint8_t *file_buffer;
539 : size_t file_buffer_size;
540 :
541 : if ((LIBSPDM_RSA_SSA_2048_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
542 1 : status = libspdm_read_input_file("rsa2048/end_responder.cert.der",
543 : (void **)&file_buffer, &file_buffer_size);
544 1 : assert_true(status);
545 :
546 1 : status = libspdm_x509_set_cert_certificate_check(
547 : SPDM_MESSAGE_VERSION_13,
548 : file_buffer, file_buffer_size,
549 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
550 : 0,
551 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
552 : false,
553 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
554 1 : assert_true(status);
555 :
556 1 : status = libspdm_x509_set_cert_certificate_check(
557 : SPDM_MESSAGE_VERSION_13,
558 : file_buffer, file_buffer_size,
559 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
560 : 0,
561 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
562 : false,
563 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
564 1 : assert_false(status);
565 1 : free(file_buffer);
566 : }
567 : if ((LIBSPDM_ECDSA_P256_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
568 1 : status = libspdm_read_input_file("ecp256/end_requester.cert.der",
569 : (void **)&file_buffer, &file_buffer_size);
570 1 : assert_true(status);
571 1 : status = libspdm_x509_set_cert_certificate_check(
572 : SPDM_MESSAGE_VERSION_13,
573 : file_buffer, file_buffer_size,
574 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
575 : 0,
576 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
577 : true,
578 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
579 1 : assert_true(status);
580 :
581 1 : status = libspdm_x509_set_cert_certificate_check(
582 : SPDM_MESSAGE_VERSION_13,
583 : file_buffer, file_buffer_size,
584 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
585 : 0,
586 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
587 : true,
588 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
589 1 : assert_false(status);
590 :
591 1 : status = libspdm_read_input_file("ecp256/end_requester_ca_false.cert.der",
592 : (void **)&file_buffer, &file_buffer_size);
593 1 : assert_true(status);
594 1 : status = libspdm_x509_set_cert_certificate_check(
595 : SPDM_MESSAGE_VERSION_13,
596 : file_buffer, file_buffer_size,
597 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
598 : 0,
599 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
600 : true,
601 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
602 1 : assert_true(status);
603 1 : free(file_buffer);
604 : }
605 :
606 1 : }
607 :
608 1 : void libspdm_test_crypt_spdm_verify_cert_chain_data(void **state)
609 : {
610 : bool status;
611 : uint8_t *file_buffer;
612 : size_t file_buffer_size;
613 :
614 : if ((LIBSPDM_RSA_SSA_2048_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
615 1 : status = libspdm_read_input_file("rsa2048/bundle_requester.certchain.der",
616 : (void **)&file_buffer, &file_buffer_size);
617 1 : assert_true(status);
618 :
619 1 : status = libspdm_verify_cert_chain_data(
620 : SPDM_MESSAGE_VERSION_13,
621 : file_buffer, file_buffer_size,
622 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
623 : 0,
624 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
625 : true,
626 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
627 1 : assert_true(status);
628 :
629 1 : status = libspdm_verify_cert_chain_data(
630 : SPDM_MESSAGE_VERSION_13,
631 : file_buffer, file_buffer_size + 1,
632 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
633 : 0,
634 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
635 : true,
636 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
637 1 : assert_false(status);
638 :
639 1 : status = libspdm_verify_cert_chain_data(
640 : SPDM_MESSAGE_VERSION_13,
641 : file_buffer, file_buffer_size,
642 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
643 : 0,
644 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
645 : true,
646 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
647 1 : assert_true(status);
648 1 : free(file_buffer);
649 : }
650 : if ((LIBSPDM_ECDSA_P256_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
651 1 : status = libspdm_read_input_file("ecp256/bundle_responder.certchain.der",
652 : (void **)&file_buffer, &file_buffer_size);
653 1 : assert_true(status);
654 1 : status = libspdm_verify_cert_chain_data(
655 : SPDM_MESSAGE_VERSION_13,
656 : file_buffer, file_buffer_size,
657 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
658 : 0,
659 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
660 : false,
661 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
662 1 : assert_true(status);
663 :
664 1 : status = libspdm_verify_cert_chain_data(
665 : SPDM_MESSAGE_VERSION_13,
666 : file_buffer, file_buffer_size + 1,
667 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
668 : 0,
669 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
670 : false,
671 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
672 1 : assert_false(status);
673 :
674 1 : status = libspdm_verify_cert_chain_data(
675 : SPDM_MESSAGE_VERSION_13,
676 : file_buffer, file_buffer_size,
677 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
678 : 0,
679 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
680 : false,
681 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
682 1 : assert_false(status);
683 1 : free(file_buffer);
684 : }
685 1 : }
686 :
687 :
688 1 : void libspdm_test_crypt_spdm_verify_certificate_chain_buffer(void **state)
689 : {
690 : bool status;
691 : void *data;
692 : size_t data_size;
693 :
694 : if ((LIBSPDM_RSA_SSA_2048_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
695 1 : libspdm_read_responder_public_certificate_chain(
696 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
697 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
698 : &data,&data_size,
699 : NULL, NULL);
700 :
701 1 : status = libspdm_verify_certificate_chain_buffer(
702 : SPDM_MESSAGE_VERSION_13,
703 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
704 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
705 : 0,
706 : data,data_size,
707 : true,
708 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
709 1 : assert_true(status);
710 :
711 1 : status = libspdm_verify_certificate_chain_buffer(
712 : SPDM_MESSAGE_VERSION_13,
713 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
714 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
715 : 0,
716 : data,data_size + 1,
717 : true,
718 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
719 1 : assert_false(status);
720 :
721 1 : status = libspdm_verify_certificate_chain_buffer(
722 : SPDM_MESSAGE_VERSION_13,
723 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
724 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
725 : 0,
726 : data,data_size,
727 : true,
728 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
729 1 : assert_true(status);
730 1 : free(data);
731 : }
732 :
733 : if ((LIBSPDM_ECDSA_P256_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
734 1 : libspdm_read_responder_public_certificate_chain(
735 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
736 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
737 : &data,&data_size,
738 : NULL, NULL);
739 :
740 1 : status = libspdm_verify_certificate_chain_buffer(
741 : SPDM_MESSAGE_VERSION_13,
742 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
743 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
744 : 0,
745 : data,data_size,
746 : false,
747 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
748 1 : assert_true(status);
749 :
750 1 : status = libspdm_verify_certificate_chain_buffer(
751 : SPDM_MESSAGE_VERSION_13,
752 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
753 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
754 : 0,
755 : data,data_size + 1,
756 : false,
757 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
758 1 : assert_false(status);
759 :
760 1 : status = libspdm_verify_certificate_chain_buffer(
761 : SPDM_MESSAGE_VERSION_13,
762 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
763 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
764 : 0,
765 : data,data_size,
766 : false,
767 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
768 1 : assert_false(status);
769 1 : free(data);
770 : }
771 1 : }
772 :
773 1 : void libspdm_test_crypt_asym_verify(void **state)
774 : {
775 : spdm_version_number_t spdm_version;
776 : void *context;
777 : void *data;
778 : size_t data_size;
779 : uint8_t signature[LIBSPDM_MAX_SPDM_MSG_SIZE];
780 : size_t sig_size;
781 : uint8_t signature_endian;
782 : char *file;
783 : bool status;
784 :
785 1 : spdm_version = SPDM_MESSAGE_VERSION_11;
786 :
787 1 : file = "ecp256/end_responder.key";
788 1 : libspdm_read_input_file(file, &data, &data_size);
789 1 : status = libspdm_asym_get_private_key_from_pem(
790 : m_libspdm_use_asym_algo, data, data_size, NULL, &context);
791 :
792 1 : if (!status) {
793 0 : libspdm_zero_mem(data, data_size);
794 0 : free(data);
795 0 : assert_true(status);
796 : }
797 :
798 1 : const uint8_t message[] = {
799 : 0x19, 0x90, 0x2d, 0x02, 0x34, 0x6e, 0xd5, 0x90,
800 : 0x0e, 0x69, 0x51, 0x2f, 0xf2, 0xbd, 0x9d, 0x33,
801 : 0x26, 0x71, 0x8f, 0x62, 0xa0, 0x01, 0xbd, 0xfd,
802 : 0x94, 0xe2, 0x98, 0x17, 0x24, 0xfd, 0xca, 0xf0
803 : };
804 :
805 1 : sig_size = libspdm_get_asym_signature_size(m_libspdm_use_req_asym_algo);
806 :
807 1 : libspdm_asym_sign(spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
808 : SPDM_MEASUREMENTS,
809 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
810 : context,
811 : message, sizeof(message),
812 : signature, &sig_size);
813 :
814 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
815 : status = libspdm_asym_sign(spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
816 : SPDM_MEASUREMENTS,
817 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
818 : context,
819 : message, sizeof(message),
820 : signature, &sig_size);
821 : assert_true(status);
822 : #else
823 : uint8_t message_hash[LIBSPDM_MAX_HASH_SIZE];
824 1 : status = libspdm_hash_all(m_libspdm_use_hash_algo, message, sizeof(message), message_hash);
825 :
826 1 : assert_true(status);
827 1 : status = libspdm_asym_sign_hash(spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
828 : SPDM_MEASUREMENTS,
829 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
830 : context,
831 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
832 : signature, &sig_size);
833 1 : assert_true(status);
834 : #endif
835 :
836 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
837 : /* Big Endian Signature. Big Endian Verify */
838 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
839 : status = libspdm_asym_verify_ex(
840 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
841 : SPDM_MEASUREMENTS,
842 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
843 : context,
844 : message, sizeof(message),
845 : signature, sig_size,
846 : &signature_endian);
847 : assert_true(status);
848 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
849 :
850 : /* Error: Big Endian Signature. Little Endian Verify */
851 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
852 : status = libspdm_asym_verify_ex(
853 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
854 : SPDM_MEASUREMENTS,
855 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
856 : context,
857 : message, sizeof(message),
858 : signature, sig_size,
859 : &signature_endian);
860 : assert_true(!status);
861 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
862 :
863 : /* Big Endian Signature. Big or Little Endian Verify */
864 : signature_endian= LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
865 : status = libspdm_asym_verify_ex(
866 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
867 : SPDM_MEASUREMENTS,
868 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
869 : context,
870 : message, sizeof(message),
871 : signature, sig_size,
872 : &signature_endian);
873 : assert_true(status);
874 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
875 :
876 : libspdm_copy_signature_swap_endian(
877 : m_libspdm_use_asym_algo,
878 : signature, sig_size, signature, sig_size);
879 :
880 : /* Little Endian Signature. Little Endian Verify */
881 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
882 : status = libspdm_asym_verify_ex(
883 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
884 : SPDM_MEASUREMENTS,
885 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
886 : context,
887 : message, sizeof(message),
888 : signature, sig_size,
889 : &signature_endian);
890 : assert_true(status);
891 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
892 :
893 : /* Error: Little Endian Signature. Big Endian Verify */
894 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
895 : status = libspdm_asym_verify_ex(
896 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
897 : SPDM_MEASUREMENTS,
898 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
899 : context,
900 : message, sizeof(message),
901 : signature, sig_size,
902 : &signature_endian);
903 : assert_true(!status);
904 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
905 :
906 : /* Little Endian Signature. Big or Little Endian Verify */
907 : signature_endian= LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
908 : status = libspdm_asym_verify_ex(
909 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
910 : SPDM_MEASUREMENTS,
911 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
912 : context,
913 : message, sizeof(message),
914 : signature, sig_size,
915 : &signature_endian);
916 : assert_true(status);
917 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
918 : #else
919 : /* Big Endian Signature. Big Endian Verify */
920 1 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
921 2 : status = libspdm_asym_verify_hash_ex(
922 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
923 : SPDM_MEASUREMENTS,
924 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
925 : context,
926 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
927 : signature, sig_size,
928 : &signature_endian);
929 1 : assert_true(status);
930 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
931 :
932 : /* Error: Big Endian Signature. Little Endian Verify */
933 1 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
934 2 : status = libspdm_asym_verify_hash_ex(
935 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
936 : SPDM_MEASUREMENTS,
937 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
938 : context,
939 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
940 : signature, sig_size,
941 : &signature_endian);
942 1 : assert_true(!status);
943 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
944 :
945 : /* Big Endian Signature. Big or Little Endian Verify */
946 1 : signature_endian= LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
947 2 : status = libspdm_asym_verify_hash_ex(
948 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
949 : SPDM_MEASUREMENTS,
950 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
951 : context,
952 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
953 : signature, sig_size,
954 : &signature_endian);
955 1 : assert_true(status);
956 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
957 :
958 1 : libspdm_copy_signature_swap_endian(
959 : m_libspdm_use_asym_algo,
960 : signature, sig_size, signature, sig_size);
961 :
962 : /* Little Endian Signature. Little Endian Verify */
963 1 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
964 2 : status = libspdm_asym_verify_hash_ex(
965 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
966 : SPDM_MEASUREMENTS,
967 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
968 : context,
969 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
970 : signature, sig_size,
971 : &signature_endian);
972 1 : assert_true(status);
973 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
974 :
975 : /* Error: Little Endian Signature. Big Endian Verify */
976 1 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
977 2 : status = libspdm_asym_verify_hash_ex(
978 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
979 : SPDM_MEASUREMENTS,
980 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
981 : context,
982 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
983 : signature, sig_size,
984 : &signature_endian);
985 1 : assert_true(!status);
986 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
987 :
988 : /* Little Endian Signature. Big or Little Endian Verify */
989 1 : signature_endian= LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
990 2 : status = libspdm_asym_verify_hash_ex(
991 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
992 : SPDM_MEASUREMENTS,
993 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
994 : context,
995 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
996 : signature, sig_size,
997 : &signature_endian);
998 1 : assert_true(status);
999 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
1000 :
1001 : #endif
1002 1 : }
1003 :
1004 1 : void libspdm_test_crypt_req_asym_verify(void **state)
1005 : {
1006 : spdm_version_number_t spdm_version;
1007 : void *context;
1008 : void *data;
1009 : size_t data_size;
1010 : uint8_t signature[LIBSPDM_MAX_SPDM_MSG_SIZE];
1011 : size_t sig_size;
1012 : uint8_t signature_endian;
1013 : char *file;
1014 : bool status;
1015 :
1016 1 : spdm_version = SPDM_MESSAGE_VERSION_11;
1017 :
1018 1 : const uint8_t message[] = {
1019 : 0x19, 0x90, 0x2d, 0x02, 0x34, 0x6e, 0xd5, 0x90,
1020 : 0x0e, 0x69, 0x51, 0x2f, 0xf2, 0xbd, 0x9d, 0x33,
1021 : 0x26, 0x71, 0x8f, 0x62, 0xa0, 0x01, 0xbd, 0xfd,
1022 : 0x94, 0xe2, 0x98, 0x17, 0x24, 0xfd, 0xca, 0xf0
1023 : };
1024 :
1025 1 : file = "rsa2048/end_requester.key";
1026 1 : status = libspdm_read_input_file(file, &data, &data_size);
1027 1 : assert_true(status);
1028 :
1029 1 : status = libspdm_req_asym_get_private_key_from_pem(m_libspdm_use_req_asym_algo,
1030 : data,
1031 : data_size, NULL,
1032 : &context);
1033 1 : if (!status) {
1034 0 : libspdm_zero_mem(data, data_size);
1035 0 : free(data);
1036 0 : assert_true(status);
1037 : }
1038 1 : sig_size = libspdm_get_asym_signature_size(m_libspdm_use_req_asym_algo);
1039 :
1040 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1041 : status = libspdm_req_asym_sign(spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1042 : SPDM_FINISH,
1043 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1044 : context,
1045 : message, sizeof(message),
1046 : signature, &sig_size);
1047 : assert_true(status);
1048 : #else
1049 : uint8_t message_hash[LIBSPDM_MAX_HASH_SIZE];
1050 1 : status = libspdm_hash_all(m_libspdm_use_hash_algo, message, sizeof(message), message_hash);
1051 1 : assert_true(status);
1052 1 : status = libspdm_req_asym_sign_hash(spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1053 : SPDM_FINISH,
1054 : m_libspdm_use_req_asym_algo,
1055 : m_libspdm_use_hash_algo, context,
1056 : message_hash,
1057 1 : libspdm_get_hash_size(m_libspdm_use_hash_algo),
1058 : signature,
1059 : &sig_size);
1060 1 : assert_true(status);
1061 : #endif
1062 :
1063 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1064 : /* Big Endian Signature. Big Endian Verify */
1065 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
1066 : status = libspdm_req_asym_verify_ex(
1067 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1068 : SPDM_FINISH,
1069 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1070 : context,
1071 : message, sizeof(message),
1072 : signature, sig_size,
1073 : &signature_endian);
1074 : assert_true(status);
1075 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
1076 :
1077 : /* Error: Big Endian Signature. Little Endian Verify */
1078 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
1079 : status = libspdm_req_asym_verify_ex(
1080 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1081 : SPDM_FINISH,
1082 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1083 : context,
1084 : message, sizeof(message),
1085 : signature, sig_size,
1086 : &signature_endian);
1087 : assert_true(!status);
1088 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
1089 :
1090 : /* Big Endian Signature. Big or Little Endian Verify */
1091 : signature_endian= LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
1092 : status = libspdm_req_asym_verify_ex(
1093 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1094 : SPDM_FINISH,
1095 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1096 : context,
1097 : message, sizeof(message),
1098 : signature, sig_size,
1099 : &signature_endian);
1100 : assert_true(status);
1101 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
1102 :
1103 : libspdm_copy_signature_swap_endian(
1104 : m_libspdm_use_req_asym_algo,
1105 : signature, sig_size, signature, sig_size);
1106 :
1107 : /* Little Endian Signature. Little Endian Verify */
1108 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
1109 : status = libspdm_req_asym_verify_ex(
1110 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1111 : SPDM_FINISH,
1112 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1113 : context,
1114 : message, sizeof(message),
1115 : signature, sig_size,
1116 : &signature_endian);
1117 : assert_true(status);
1118 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
1119 :
1120 : /* Error: Little Endian Signature. Big Endian Verify */
1121 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
1122 : status = libspdm_req_asym_verify_ex(
1123 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1124 : SPDM_FINISH,
1125 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1126 : context,
1127 : message, sizeof(message),
1128 : signature, sig_size,
1129 : &signature_endian);
1130 : assert_true(!status);
1131 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
1132 :
1133 : /* Little Endian Signature. Big or Little Endian Verify */
1134 : signature_endian= LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
1135 : status = libspdm_req_asym_verify_ex(
1136 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1137 : SPDM_FINISH,
1138 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1139 : context,
1140 : message, sizeof(message),
1141 : signature, sig_size,
1142 : &signature_endian);
1143 : assert_true(status);
1144 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
1145 :
1146 : #else
1147 : /* Big Endian Signature. Big Endian Verify */
1148 1 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
1149 2 : status = libspdm_req_asym_verify_hash_ex(
1150 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1151 : SPDM_FINISH,
1152 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1153 : context,
1154 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
1155 : signature, sig_size,
1156 : &signature_endian);
1157 1 : assert_true(status);
1158 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
1159 :
1160 : /* Error: Big Endian Signature. Little Endian Verify */
1161 1 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
1162 2 : status = libspdm_req_asym_verify_hash_ex(
1163 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1164 : SPDM_FINISH,
1165 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1166 : context,
1167 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
1168 : signature, sig_size,
1169 : &signature_endian);
1170 1 : assert_true(!status);
1171 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
1172 :
1173 : /* Big Endian Signature. Big or Little Endian Verify */
1174 1 : signature_endian= LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
1175 2 : status = libspdm_req_asym_verify_hash_ex(
1176 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1177 : SPDM_FINISH,
1178 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1179 : context,
1180 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
1181 : signature, sig_size,
1182 : &signature_endian);
1183 1 : assert_true(status);
1184 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
1185 :
1186 1 : libspdm_copy_signature_swap_endian(
1187 : m_libspdm_use_req_asym_algo,
1188 : signature, sig_size, signature, sig_size);
1189 :
1190 : /* Little Endian Signature. Little Endian Verify */
1191 1 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
1192 2 : status = libspdm_req_asym_verify_hash_ex(
1193 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1194 : SPDM_FINISH,
1195 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1196 : context,
1197 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
1198 : signature, sig_size,
1199 : &signature_endian);
1200 1 : assert_true(status);
1201 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
1202 :
1203 : /* Error: Little Endian Signature. Big Endian Verify */
1204 1 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
1205 2 : status = libspdm_req_asym_verify_hash_ex(
1206 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1207 : SPDM_FINISH,
1208 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1209 : context,
1210 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
1211 : signature, sig_size,
1212 : &signature_endian);
1213 1 : assert_true(!status);
1214 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
1215 :
1216 : /* Little Endian Signature. Big or Little Endian Verify */
1217 1 : signature_endian= LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
1218 2 : status = libspdm_req_asym_verify_hash_ex(
1219 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1220 : SPDM_FINISH,
1221 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1222 : context,
1223 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
1224 : signature, sig_size,
1225 : &signature_endian);
1226 1 : assert_true(status);
1227 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
1228 : #endif
1229 1 : }
1230 :
1231 : bool libspdm_is_palindrome(const uint8_t *buf, size_t buf_size);
1232 :
1233 : bool libspdm_is_signature_buffer_palindrome(
1234 : uint32_t base_asym_algo, const uint8_t *buf, size_t buf_size);
1235 :
1236 1 : void libspdm_test_crypt_palindrome(void **state)
1237 : {
1238 : bool status;
1239 :
1240 : /* Test valid palindrome with even number of elements */
1241 1 : uint8_t buf1[] = {0, 1, 2, 3, 4, 5, 6, 7, 7, 6, 5, 4, 3, 2, 1, 0};
1242 1 : status = libspdm_is_palindrome(buf1, sizeof(buf1));
1243 1 : assert_true(status);
1244 :
1245 : /* Test valid palindrome with odd number of elements */
1246 1 : uint8_t buf2[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 7, 6, 5, 4, 3, 2, 1, 0 };
1247 1 : status = libspdm_is_palindrome(buf2, sizeof(buf2));
1248 1 : assert_true(status);
1249 :
1250 : /* Test invalid palindrome where inner corner-case element is not matching */
1251 1 : uint8_t buf3[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 6, 5, 4, 3, 2, 1, 0 };
1252 1 : status = libspdm_is_palindrome(buf3, sizeof(buf3));
1253 1 : assert_false(status);
1254 :
1255 : /* Test invalid palindrome where outer corner-case element is not matching */
1256 1 : uint8_t buf4[] = { 0, 1, 2, 3, 4, 5, 6, 7, 7, 6, 5, 4, 3, 2, 1, 8 };
1257 1 : status = libspdm_is_palindrome(buf4, sizeof(buf4));
1258 1 : assert_false(status);
1259 :
1260 : /* Test invalid palindrome where middle element is not matching */
1261 1 : uint8_t buf5[] = { 0, 1, 2, 3, 4, 5, 6, 7, 7, 6, 5, 4, 4, 2, 1, 0 };
1262 1 : status = libspdm_is_palindrome(buf5, sizeof(buf5));
1263 1 : assert_false(status);
1264 1 : }
1265 :
1266 1 : void libspdm_test_crypt_rsa_palindrome(void **state)
1267 : {
1268 : /* Test RSA Buffers as palindrone */
1269 : int i;
1270 : bool status;
1271 :
1272 1 : const uint32_t rsa_algos[] = {
1273 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
1274 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048,
1275 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072,
1276 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072,
1277 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096,
1278 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096
1279 : };
1280 :
1281 : /* Palindrome for RSA */
1282 1 : uint8_t buf0[] = { 0, 1, 2, 3, 4, 5, 6, 7, 7, 6, 5, 4, 3, 2, 1, 0 };
1283 :
1284 : /* Not Palindrome cases for RSA */
1285 :
1286 : /* Test invalid palindrome where inner corner-case element is not matching */
1287 1 : uint8_t buf1[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 6, 5, 4, 3, 2, 1, 0 };
1288 :
1289 : /* Test invalid palindrome where outer corner-case element is not matching */
1290 1 : uint8_t buf2[] = { 0, 1, 2, 3, 4, 5, 6, 7, 7, 6, 5, 4, 3, 2, 1, 8 };
1291 :
1292 : /* Test invalid palindrome where middle element is not matching */
1293 1 : uint8_t buf3[] = { 0, 1, 2, 3, 4, 5, 6, 7, 7, 6, 5, 4, 4, 2, 1, 0 };
1294 :
1295 : /* Test each of these buffers against each RSA algo type */
1296 7 : for (i = 0; i < (sizeof(rsa_algos) / sizeof(rsa_algos[0])); i++) {
1297 : /* Test case where buffer is palindrone */
1298 6 : status = libspdm_is_signature_buffer_palindrome(rsa_algos[i], buf0, sizeof(buf0));
1299 6 : assert_true(status);
1300 :
1301 : /* Test cases where buffer is NOT palindrone */
1302 6 : status = libspdm_is_signature_buffer_palindrome(rsa_algos[i], buf1, sizeof(buf1));
1303 6 : assert_false(status);
1304 6 : status = libspdm_is_signature_buffer_palindrome(rsa_algos[i], buf2, sizeof(buf2));
1305 6 : assert_false(status);
1306 6 : status = libspdm_is_signature_buffer_palindrome(rsa_algos[i], buf3, sizeof(buf3));
1307 6 : assert_false(status);
1308 : }
1309 1 : }
1310 :
1311 1 : void libspdm_test_crypt_ecdsa_palindrome(void **state)
1312 : {
1313 : int i;
1314 : bool status;
1315 :
1316 : /* Test ECDSA Buffers as palindrome */
1317 1 : const uint32_t ecdsa_algos[] = {
1318 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
1319 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384,
1320 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521
1321 : };
1322 :
1323 : /* Test for valid ECDSA buffer palindrome */
1324 1 : uint8_t buf0[] = { 0, 1, 2, 3, 3, 2, 1, 0, 0, 1, 2, 3, 3, 2, 1, 0 };
1325 :
1326 : /* Tests for ECDSA buffer not palidrome */
1327 :
1328 : /* Test for invalid palindrome where outer element of 1st buffer does not match */
1329 1 : uint8_t buf1[] = { 0, 1, 2, 3, 3, 2, 1, 1, 0, 1, 2, 3, 3, 2, 1, 0 };
1330 :
1331 : /* Test for invalid palindrome where outer element of 2nd buffer does not match */
1332 1 : uint8_t buf2[] = { 0, 1, 2, 3, 3, 2, 1, 0, 0, 1, 2, 3, 3, 2, 1, 1 };
1333 :
1334 : /* Test for invalid palindrome where inner element of 1st buffer does not match */
1335 1 : uint8_t buf3[] = { 0, 1, 2, 3, 4, 2, 1, 0, 0, 1, 2, 3, 3, 2, 1, 0 };
1336 :
1337 : /* Test for invalid palindrome where inner element of 2nd buffer does not match */
1338 1 : uint8_t buf4[] = { 0, 1, 2, 3, 3, 2, 1, 0, 0, 1, 2, 3, 4, 2, 1, 0 };
1339 :
1340 : /* Test for invalid palindrome where middle element of 1st buffer does not match */
1341 1 : uint8_t buf5[] = { 0, 1, 2, 3, 3, 2, 0, 0, 0, 1, 2, 3, 3, 2, 1, 0 };
1342 :
1343 : /* Test for invalid palindrome where middle element of 2nd buffer does not match */
1344 1 : uint8_t buf6[] = { 0, 1, 2, 3, 3, 2, 1, 0, 0, 1, 2, 3, 3, 0, 1, 0 };
1345 :
1346 : /* Test each of the buffers against each ECDSA algo type */
1347 4 : for (i = 0; i < (sizeof(ecdsa_algos) / sizeof(ecdsa_algos[0])); i++) {
1348 : /* Test case where buffer is palindrone */
1349 3 : status = libspdm_is_signature_buffer_palindrome(ecdsa_algos[i], buf0, sizeof(buf0));
1350 3 : assert_true(status);
1351 :
1352 : /* Test cases where buffer is NOT palindrone */
1353 3 : status = libspdm_is_signature_buffer_palindrome(ecdsa_algos[i], buf1, sizeof(buf1));
1354 3 : assert_false(status);
1355 3 : status = libspdm_is_signature_buffer_palindrome(ecdsa_algos[i], buf2, sizeof(buf2));
1356 3 : assert_false(status);
1357 3 : status = libspdm_is_signature_buffer_palindrome(ecdsa_algos[i], buf3, sizeof(buf3));
1358 3 : assert_false(status);
1359 3 : status = libspdm_is_signature_buffer_palindrome(ecdsa_algos[i], buf4, sizeof(buf4));
1360 3 : assert_false(status);
1361 3 : status = libspdm_is_signature_buffer_palindrome(ecdsa_algos[i], buf5, sizeof(buf5));
1362 3 : assert_false(status);
1363 3 : status = libspdm_is_signature_buffer_palindrome(ecdsa_algos[i], buf6, sizeof(buf6));
1364 3 : assert_false(status);
1365 : }
1366 1 : }
1367 :
1368 1 : int libspdm_crypt_lib_setup(void **state)
1369 : {
1370 1 : return 0;
1371 : }
1372 :
1373 1 : int libspdm_crypt_lib_teardown(void **state)
1374 : {
1375 1 : return 0;
1376 : }
1377 :
1378 1 : int libspdm_crypt_lib_test_main(void)
1379 : {
1380 1 : const struct CMUnitTest spdm_crypt_lib_tests[] = {
1381 : cmocka_unit_test(
1382 : libspdm_test_crypt_spdm_get_dmtf_subject_alt_name_from_bytes),
1383 :
1384 : cmocka_unit_test(libspdm_test_crypt_spdm_get_dmtf_subject_alt_name),
1385 :
1386 : cmocka_unit_test(libspdm_test_crypt_spdm_x509_certificate_check),
1387 :
1388 : cmocka_unit_test(libspdm_test_crypt_spdm_x509_set_cert_certificate_check),
1389 :
1390 : cmocka_unit_test(libspdm_test_crypt_spdm_verify_cert_chain_data),
1391 :
1392 : cmocka_unit_test(libspdm_test_crypt_spdm_verify_certificate_chain_buffer),
1393 :
1394 : cmocka_unit_test(libspdm_test_crypt_asym_verify),
1395 :
1396 : cmocka_unit_test(libspdm_test_crypt_req_asym_verify),
1397 :
1398 : cmocka_unit_test(libspdm_test_crypt_palindrome),
1399 :
1400 : cmocka_unit_test(libspdm_test_crypt_rsa_palindrome),
1401 :
1402 : cmocka_unit_test(libspdm_test_crypt_ecdsa_palindrome),
1403 : };
1404 :
1405 1 : return cmocka_run_group_tests(spdm_crypt_lib_tests,
1406 : libspdm_crypt_lib_setup,
1407 : libspdm_crypt_lib_teardown);
1408 : }
1409 :
1410 1 : int main(void)
1411 : {
1412 1 : int return_value = 0;
1413 :
1414 1 : if (libspdm_crypt_lib_test_main() != 0) {
1415 0 : return_value = 1;
1416 : }
1417 :
1418 1 : return return_value;
1419 : }
|
