Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2026 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "library/spdm_common_lib.h"
9 : #include "library/spdm_crypt_ext_lib.h"
10 :
11 : /* https://lapo.it/asn1js/#MCQGCisGAQQBgxyCEgEMFkFDTUU6V0lER0VUOjEyMzQ1Njc4OTA*/
12 : static uint8_t m_libspdm_subject_alt_name_buffer1[] = {
13 : 0x30, 0x24, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83,
14 : 0x1C, 0x82, 0x12, 0x01, 0x0C, 0x16, 0x41, 0x43, 0x4D, 0x45,
15 : 0x3A, 0x57, 0x49, 0x44, 0x47, 0x45, 0x54, 0x3A, 0x31, 0x32,
16 : 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30
17 : };
18 :
19 : /* https://lapo.it/asn1js/#MCYGCisGAQQBgxyCEgGgGAwWQUNNRTpXSURHRVQ6MTIzNDU2Nzg5MA*/
20 : static uint8_t m_libspdm_subject_alt_name_buffer2[] = {
21 : 0x30, 0x26, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83,
22 : 0x1C, 0x82, 0x12, 0x01, 0xA0, 0x18, 0x0C, 0x16, 0x41, 0x43,
23 : 0x4D, 0x45, 0x3A, 0x57, 0x49, 0x44, 0x47, 0x45, 0x54, 0x3A,
24 : 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30
25 : };
26 :
27 : /* https://lapo.it/asn1js/#MCigJgYKKwYBBAGDHIISAaAYDBZBQ01FOldJREdFVDoxMjM0NTY3ODkw*/
28 : static uint8_t m_libspdm_subject_alt_name_buffer3[] = {
29 : 0x30, 0x28, 0xA0, 0x26, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01,
30 : 0x83, 0x1C, 0x82, 0x12, 0x01, 0xA0, 0x18, 0x0C, 0x16, 0x41, 0x43,
31 : 0x4D, 0x45, 0x3A, 0x57, 0x49, 0x44, 0x47, 0x45, 0x54, 0x3A, 0x31,
32 : 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30
33 : };
34 :
35 : static uint8_t m_libspdm_dmtf_oid[] = { 0x2B, 0x06, 0x01, 0x4, 0x01,
36 : 0x83, 0x1C, 0x82, 0x12, 0x01 };
37 :
38 1 : static void libspdm_test_crypt_spdm_get_dmtf_subject_alt_name_from_bytes(void **state)
39 : {
40 : size_t common_name_size;
41 : char common_name[64];
42 : size_t dmtf_oid_size;
43 : uint8_t dmtf_oid[64];
44 : bool status;
45 :
46 1 : common_name_size = 64;
47 1 : dmtf_oid_size = 64;
48 1 : libspdm_zero_mem(common_name, common_name_size);
49 1 : libspdm_zero_mem(dmtf_oid, dmtf_oid_size);
50 1 : status = libspdm_get_dmtf_subject_alt_name_from_bytes(
51 : m_libspdm_subject_alt_name_buffer1, sizeof(m_libspdm_subject_alt_name_buffer1),
52 : common_name, &common_name_size, dmtf_oid, &dmtf_oid_size);
53 1 : assert_true(status);
54 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
55 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
56 :
57 1 : common_name_size = 64;
58 1 : dmtf_oid_size = 64;
59 1 : libspdm_zero_mem(common_name, common_name_size);
60 1 : libspdm_zero_mem(dmtf_oid, dmtf_oid_size);
61 1 : status = libspdm_get_dmtf_subject_alt_name_from_bytes(
62 : m_libspdm_subject_alt_name_buffer2, sizeof(m_libspdm_subject_alt_name_buffer2),
63 : common_name, &common_name_size, dmtf_oid, &dmtf_oid_size);
64 1 : assert_true(status);
65 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
66 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
67 :
68 1 : common_name_size = 64;
69 1 : dmtf_oid_size = 64;
70 1 : libspdm_zero_mem(common_name, common_name_size);
71 1 : libspdm_zero_mem(dmtf_oid, dmtf_oid_size);
72 1 : status = libspdm_get_dmtf_subject_alt_name_from_bytes(
73 : m_libspdm_subject_alt_name_buffer3, sizeof(m_libspdm_subject_alt_name_buffer3),
74 : common_name, &common_name_size, dmtf_oid, &dmtf_oid_size);
75 1 : assert_true(status);
76 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
77 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
78 1 : }
79 :
80 1 : static void libspdm_test_crypt_spdm_get_dmtf_subject_alt_name(void **state)
81 : {
82 : size_t common_name_size;
83 : char common_name[64];
84 : size_t dmtf_oid_size;
85 : uint8_t dmtf_oid[64];
86 : uint8_t *file_buffer;
87 : size_t file_buffer_size;
88 : bool status;
89 :
90 1 : status = libspdm_read_input_file("rsa2048/end_requester.cert.der",
91 : (void **)&file_buffer, &file_buffer_size);
92 1 : assert_true(status);
93 1 : dmtf_oid_size = 64;
94 1 : common_name_size = 64;
95 1 : status = libspdm_get_dmtf_subject_alt_name(file_buffer, file_buffer_size,
96 : common_name, &common_name_size,
97 : dmtf_oid, &dmtf_oid_size);
98 1 : assert_true(status);
99 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
100 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
101 1 : free(file_buffer);
102 :
103 1 : status = libspdm_read_input_file("rsa3072/end_requester.cert.der",
104 : (void **)&file_buffer, &file_buffer_size);
105 1 : assert_true(status);
106 1 : dmtf_oid_size = 64;
107 1 : common_name_size = 64;
108 1 : status = libspdm_get_dmtf_subject_alt_name(file_buffer, file_buffer_size,
109 : common_name, &common_name_size,
110 : dmtf_oid, &dmtf_oid_size);
111 1 : assert_true(status);
112 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
113 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
114 1 : free(file_buffer);
115 :
116 1 : status = libspdm_read_input_file("rsa4096/end_requester.cert.der",
117 : (void **)&file_buffer, &file_buffer_size);
118 1 : assert_true(status);
119 1 : dmtf_oid_size = 64;
120 1 : common_name_size = 64;
121 1 : status = libspdm_get_dmtf_subject_alt_name(file_buffer, file_buffer_size,
122 : common_name, &common_name_size,
123 : dmtf_oid, &dmtf_oid_size);
124 1 : assert_true(status);
125 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
126 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
127 1 : free(file_buffer);
128 :
129 1 : status = libspdm_read_input_file("ecp256/end_requester.cert.der",
130 : (void **)&file_buffer, &file_buffer_size);
131 1 : assert_true(status);
132 1 : dmtf_oid_size = 64;
133 1 : common_name_size = 64;
134 1 : status = libspdm_get_dmtf_subject_alt_name(file_buffer, file_buffer_size,
135 : common_name, &common_name_size,
136 : dmtf_oid, &dmtf_oid_size);
137 1 : assert_true(status);
138 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
139 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
140 1 : free(file_buffer);
141 :
142 1 : status = libspdm_read_input_file("ecp384/end_requester.cert.der",
143 : (void **)&file_buffer, &file_buffer_size);
144 1 : assert_true(status);
145 1 : dmtf_oid_size = 64;
146 1 : common_name_size = 64;
147 1 : status = libspdm_get_dmtf_subject_alt_name(file_buffer, file_buffer_size,
148 : common_name, &common_name_size,
149 : dmtf_oid, &dmtf_oid_size);
150 1 : assert_true(status);
151 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
152 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
153 1 : free(file_buffer);
154 :
155 1 : status = libspdm_read_input_file("ecp521/end_requester.cert.der",
156 : (void **)&file_buffer, &file_buffer_size);
157 1 : assert_true(status);
158 1 : dmtf_oid_size = 64;
159 1 : common_name_size = 64;
160 1 : status = libspdm_get_dmtf_subject_alt_name(file_buffer, file_buffer_size,
161 : common_name, &common_name_size,
162 : dmtf_oid, &dmtf_oid_size);
163 1 : assert_true(status);
164 1 : assert_memory_equal(m_libspdm_dmtf_oid, dmtf_oid, sizeof(m_libspdm_dmtf_oid));
165 1 : assert_string_equal(common_name, "ACME:WIDGET:1234567890");
166 1 : free(file_buffer);
167 1 : }
168 :
169 1 : static void libspdm_test_crypt_spdm_x509_certificate_check(void **state)
170 : {
171 : bool status;
172 : uint8_t *file_buffer;
173 : size_t file_buffer_size;
174 :
175 : if ((LIBSPDM_RSA_SSA_2048_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
176 1 : status = libspdm_read_input_file("rsa2048/end_requester.cert.der",
177 : (void **)&file_buffer, &file_buffer_size);
178 1 : assert_true(status);
179 :
180 1 : status = libspdm_x509_certificate_check(
181 : SPDM_MESSAGE_VERSION_12,
182 : file_buffer, file_buffer_size,
183 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
184 : 0,
185 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
186 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
187 1 : assert_true(status);
188 1 : free(file_buffer);
189 : }
190 : if ((LIBSPDM_RSA_SSA_3072_SUPPORT) && (LIBSPDM_SHA384_SUPPORT)) {
191 1 : status = libspdm_read_input_file("rsa3072/end_requester.cert.der",
192 : (void **)&file_buffer, &file_buffer_size);
193 1 : assert_true(status);
194 1 : status = libspdm_x509_certificate_check(
195 : SPDM_MESSAGE_VERSION_12,
196 : file_buffer, file_buffer_size,
197 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072,
198 : 0,
199 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384,
200 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
201 1 : assert_true(status);
202 1 : free(file_buffer);
203 : }
204 : if ((LIBSPDM_RSA_SSA_4096_SUPPORT) && (LIBSPDM_SHA512_SUPPORT)) {
205 1 : status = libspdm_read_input_file("rsa4096/end_requester.cert.der",
206 : (void **)&file_buffer, &file_buffer_size);
207 1 : assert_true(status);
208 1 : status = libspdm_x509_certificate_check(
209 : SPDM_MESSAGE_VERSION_12,
210 : file_buffer, file_buffer_size,
211 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096,
212 : 0,
213 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512,
214 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
215 1 : assert_true(status);
216 1 : free(file_buffer);
217 : }
218 :
219 : if ((LIBSPDM_ECDSA_P256_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
220 1 : status = libspdm_read_input_file("ecp256/end_requester.cert.der",
221 : (void **)&file_buffer, &file_buffer_size);
222 1 : assert_true(status);
223 1 : status = libspdm_x509_certificate_check(
224 : SPDM_MESSAGE_VERSION_12,
225 : file_buffer, file_buffer_size,
226 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
227 : 0,
228 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
229 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
230 1 : assert_true(status);
231 1 : free(file_buffer);
232 : }
233 : if ((LIBSPDM_ECDSA_P384_SUPPORT) && (LIBSPDM_SHA384_SUPPORT)) {
234 1 : status = libspdm_read_input_file("ecp384/end_requester.cert.der",
235 : (void **)&file_buffer, &file_buffer_size);
236 1 : assert_true(status);
237 1 : status = libspdm_x509_certificate_check(
238 : SPDM_MESSAGE_VERSION_12,
239 : file_buffer, file_buffer_size,
240 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384,
241 : 0,
242 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384,
243 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
244 1 : assert_true(status);
245 1 : free(file_buffer);
246 : }
247 : if ((LIBSPDM_ECDSA_P521_SUPPORT) && (LIBSPDM_SHA512_SUPPORT)) {
248 1 : status = libspdm_read_input_file("ecp521/end_requester.cert.der",
249 : (void **)&file_buffer, &file_buffer_size);
250 1 : assert_true(status);
251 1 : status = libspdm_x509_certificate_check(
252 : SPDM_MESSAGE_VERSION_12,
253 : file_buffer, file_buffer_size,
254 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521,
255 : 0,
256 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512,
257 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
258 1 : assert_true(status);
259 1 : free(file_buffer);
260 : }
261 : if ((LIBSPDM_ECDSA_P256_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
262 : /*check for leaf cert basic constraints, CA = true,pathlen:none*/
263 1 : status = libspdm_read_input_file("ecp256/end_requester_ca_false.cert.der",
264 : (void **)&file_buffer, &file_buffer_size);
265 1 : assert_true(status);
266 1 : status = libspdm_x509_certificate_check(
267 : SPDM_MESSAGE_VERSION_12,
268 : file_buffer, file_buffer_size,
269 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
270 : 0,
271 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
272 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
273 1 : assert_false(status);
274 1 : free(file_buffer);
275 :
276 :
277 : /*check for leaf cert basic constraints, basic constraints is excluded*/
278 1 : status = libspdm_read_input_file("ecp256/end_requester_without_basic_constraint.cert.der",
279 : (void **)&file_buffer, &file_buffer_size);
280 1 : assert_true(status);
281 1 : status = libspdm_x509_certificate_check(
282 : SPDM_MESSAGE_VERSION_12,
283 : file_buffer, file_buffer_size,
284 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
285 : 0,
286 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
287 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
288 1 : assert_true(status);
289 1 : free(file_buffer);
290 : }
291 : if ((LIBSPDM_RSA_SSA_2048_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
292 : /*check for leaf cert spdm defined eku*/
293 1 : status = libspdm_read_input_file("rsa2048/end_requester_with_spdm_req_rsp_eku.cert.der",
294 : (void **)&file_buffer, &file_buffer_size);
295 1 : assert_true(status);
296 :
297 1 : status = libspdm_x509_certificate_check(
298 : SPDM_MESSAGE_VERSION_12,
299 : file_buffer, file_buffer_size,
300 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
301 : 0,
302 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
303 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
304 1 : assert_true(status);
305 1 : free(file_buffer);
306 :
307 1 : status = libspdm_read_input_file("rsa2048/end_requester_with_spdm_req_eku.cert.der",
308 : (void **)&file_buffer, &file_buffer_size);
309 1 : assert_true(status);
310 :
311 1 : status = libspdm_x509_certificate_check(
312 : SPDM_MESSAGE_VERSION_12,
313 : file_buffer, file_buffer_size,
314 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
315 : 0,
316 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
317 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
318 1 : assert_true(status);
319 1 : free(file_buffer);
320 :
321 1 : status = libspdm_read_input_file("rsa2048/end_requester_with_spdm_rsp_eku.cert.der",
322 : (void **)&file_buffer, &file_buffer_size);
323 1 : assert_true(status);
324 :
325 1 : status = libspdm_x509_certificate_check(
326 : SPDM_MESSAGE_VERSION_12,
327 : file_buffer, file_buffer_size,
328 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
329 : 0,
330 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
331 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
332 1 : assert_false(status);
333 1 : free(file_buffer);
334 :
335 1 : status = libspdm_read_input_file("rsa2048/end_responder_with_spdm_req_rsp_eku.cert.der",
336 : (void **)&file_buffer, &file_buffer_size);
337 1 : assert_true(status);
338 :
339 1 : status = libspdm_x509_certificate_check(
340 : SPDM_MESSAGE_VERSION_12,
341 : file_buffer, file_buffer_size,
342 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
343 : 0,
344 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
345 : false, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
346 1 : assert_true(status);
347 1 : free(file_buffer);
348 :
349 1 : status = libspdm_read_input_file("rsa2048/end_requester_with_spdm_req_eku.cert.der",
350 : (void **)&file_buffer, &file_buffer_size);
351 1 : assert_true(status);
352 :
353 1 : status = libspdm_x509_certificate_check(
354 : SPDM_MESSAGE_VERSION_12,
355 : file_buffer, file_buffer_size,
356 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
357 : 0,
358 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
359 : false, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
360 1 : assert_false(status);
361 1 : free(file_buffer);
362 :
363 1 : status = libspdm_read_input_file("rsa2048/end_requester_with_spdm_rsp_eku.cert.der",
364 : (void **)&file_buffer, &file_buffer_size);
365 1 : assert_true(status);
366 :
367 1 : status = libspdm_x509_certificate_check(
368 : SPDM_MESSAGE_VERSION_12,
369 : file_buffer, file_buffer_size,
370 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
371 : 0,
372 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
373 : false, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
374 1 : assert_true(status);
375 1 : free(file_buffer);
376 : }
377 : if ((LIBSPDM_RSA_SSA_3072_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
378 : /* cert mismatched negotiated base_aysm_algo check */
379 1 : status = libspdm_read_input_file("rsa2048/end_requester.cert.der",
380 : (void **)&file_buffer, &file_buffer_size);
381 1 : assert_true(status);
382 1 : status = libspdm_x509_certificate_check(
383 : SPDM_MESSAGE_VERSION_12,
384 : file_buffer, file_buffer_size,
385 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072,
386 : 0,
387 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
388 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
389 1 : assert_false(status);
390 1 : free(file_buffer);
391 :
392 1 : status = libspdm_read_input_file("ecp256/end_requester.cert.der",
393 : (void **)&file_buffer, &file_buffer_size);
394 1 : assert_true(status);
395 1 : status = libspdm_x509_certificate_check(
396 : SPDM_MESSAGE_VERSION_12,
397 : file_buffer, file_buffer_size,
398 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072,
399 : 0,
400 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
401 : true, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
402 1 : assert_false(status);
403 1 : free(file_buffer);
404 : }
405 : if ((LIBSPDM_RSA_SSA_4096_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
406 : /*test web cert: cert public key algo is RSA case*/
407 1 : status = libspdm_read_input_file("test_web_cert/Google.cer",
408 : (void **)&file_buffer, &file_buffer_size);
409 1 : assert_true(status);
410 1 : status = libspdm_x509_certificate_check(
411 : SPDM_MESSAGE_VERSION_12,
412 : file_buffer, file_buffer_size,
413 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096,
414 : 0,
415 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
416 : false, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
417 1 : assert_true(status);
418 1 : free(file_buffer);
419 : }
420 : if ((LIBSPDM_RSA_SSA_2048_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
421 1 : status = libspdm_read_input_file("test_web_cert/Amazon.cer",
422 : (void **)&file_buffer, &file_buffer_size);
423 1 : assert_true(status);
424 1 : status = libspdm_x509_certificate_check(
425 : SPDM_MESSAGE_VERSION_12,
426 : file_buffer, file_buffer_size,
427 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
428 : 0,
429 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
430 : false, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
431 1 : assert_true(status);
432 1 : free(file_buffer);
433 : }
434 :
435 : if ((LIBSPDM_ECDSA_P256_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
436 : /*test web cert: ccert public key algo is ECC case*/
437 1 : status = libspdm_read_input_file("test_web_cert/GitHub.cer",
438 : (void **)&file_buffer, &file_buffer_size);
439 1 : assert_true(status);
440 1 : status = libspdm_x509_certificate_check(
441 : SPDM_MESSAGE_VERSION_12,
442 : file_buffer, file_buffer_size,
443 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
444 : 0,
445 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
446 : false, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
447 1 : assert_true(status);
448 1 : free(file_buffer);
449 : }
450 : if ((LIBSPDM_ECDSA_P256_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
451 1 : status = libspdm_read_input_file("test_web_cert/YouTube.cer",
452 : (void **)&file_buffer, &file_buffer_size);
453 1 : assert_true(status);
454 1 : status = libspdm_x509_certificate_check(
455 : SPDM_MESSAGE_VERSION_12,
456 : file_buffer, file_buffer_size,
457 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
458 : 0,
459 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
460 : false, SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
461 1 : assert_true(status);
462 1 : free(file_buffer);
463 : }
464 :
465 : /* Test 1.3 */
466 : if ((LIBSPDM_RSA_SSA_2048_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
467 1 : status = libspdm_read_input_file("rsa2048/end_requester.cert.der",
468 : (void **)&file_buffer, &file_buffer_size);
469 1 : assert_true(status);
470 :
471 1 : status = libspdm_x509_certificate_check(
472 : SPDM_MESSAGE_VERSION_13,
473 : file_buffer, file_buffer_size,
474 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
475 : 0,
476 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
477 : true,
478 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
479 1 : assert_true(status);
480 :
481 1 : status = libspdm_x509_certificate_check(
482 : SPDM_MESSAGE_VERSION_13,
483 : file_buffer, file_buffer_size,
484 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
485 : 0,
486 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
487 : true,
488 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
489 1 : assert_true(status);
490 1 : free(file_buffer);
491 : }
492 : if ((LIBSPDM_ECDSA_P256_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
493 1 : status = libspdm_read_input_file("ecp256/end_responder.cert.der",
494 : (void **)&file_buffer, &file_buffer_size);
495 1 : assert_true(status);
496 1 : status = libspdm_x509_certificate_check(
497 : SPDM_MESSAGE_VERSION_13,
498 : file_buffer, file_buffer_size,
499 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
500 : 0,
501 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
502 : false,
503 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
504 1 : assert_true(status);
505 :
506 1 : status = libspdm_x509_certificate_check(
507 : SPDM_MESSAGE_VERSION_13,
508 : file_buffer, file_buffer_size,
509 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
510 : 0,
511 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
512 : false,
513 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
514 1 : assert_false(status);
515 1 : free(file_buffer);
516 :
517 1 : status = libspdm_read_input_file("ecp256/end_requester_without_basic_constraint.cert.der",
518 : (void **)&file_buffer, &file_buffer_size);
519 1 : assert_true(status);
520 1 : status = libspdm_x509_certificate_check(
521 : SPDM_MESSAGE_VERSION_13,
522 : file_buffer, file_buffer_size,
523 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
524 : 0,
525 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
526 : false,
527 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
528 : /*the expected result is false, because basic_constraint is mandatory in SPDM 1.3*/
529 1 : assert_false(status);
530 1 : free(file_buffer);
531 : }
532 :
533 1 : }
534 :
535 1 : static void libspdm_test_crypt_spdm_x509_set_cert_certificate_check(void **state)
536 : {
537 : bool status;
538 : uint8_t *file_buffer;
539 : size_t file_buffer_size;
540 :
541 : if ((LIBSPDM_RSA_SSA_2048_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
542 1 : status = libspdm_read_input_file("rsa2048/end_responder.cert.der",
543 : (void **)&file_buffer, &file_buffer_size);
544 1 : assert_true(status);
545 :
546 1 : status = libspdm_x509_set_cert_certificate_check(
547 : SPDM_MESSAGE_VERSION_13,
548 : file_buffer, file_buffer_size,
549 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
550 : 0,
551 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
552 : false,
553 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
554 1 : assert_true(status);
555 :
556 1 : status = libspdm_x509_set_cert_certificate_check(
557 : SPDM_MESSAGE_VERSION_13,
558 : file_buffer, file_buffer_size,
559 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
560 : 0,
561 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
562 : false,
563 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
564 1 : assert_false(status);
565 1 : free(file_buffer);
566 : }
567 : if ((LIBSPDM_ECDSA_P256_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
568 1 : status = libspdm_read_input_file("ecp256/end_requester.cert.der",
569 : (void **)&file_buffer, &file_buffer_size);
570 1 : assert_true(status);
571 1 : status = libspdm_x509_set_cert_certificate_check(
572 : SPDM_MESSAGE_VERSION_13,
573 : file_buffer, file_buffer_size,
574 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
575 : 0,
576 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
577 : true,
578 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
579 1 : assert_true(status);
580 :
581 1 : status = libspdm_x509_set_cert_certificate_check(
582 : SPDM_MESSAGE_VERSION_13,
583 : file_buffer, file_buffer_size,
584 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
585 : 0,
586 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
587 : true,
588 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
589 1 : assert_false(status);
590 :
591 1 : status = libspdm_read_input_file("ecp256/end_requester_ca_false.cert.der",
592 : (void **)&file_buffer, &file_buffer_size);
593 1 : assert_true(status);
594 1 : status = libspdm_x509_set_cert_certificate_check(
595 : SPDM_MESSAGE_VERSION_13,
596 : file_buffer, file_buffer_size,
597 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
598 : 0,
599 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
600 : true,
601 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
602 1 : assert_true(status);
603 1 : free(file_buffer);
604 : }
605 :
606 1 : }
607 :
608 1 : static void libspdm_test_crypt_spdm_verify_cert_chain_data(void **state)
609 : {
610 : bool status;
611 : uint8_t *file_buffer;
612 : size_t file_buffer_size;
613 :
614 : if ((LIBSPDM_RSA_SSA_2048_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
615 1 : status = libspdm_read_input_file("rsa2048/bundle_requester.certchain.der",
616 : (void **)&file_buffer, &file_buffer_size);
617 1 : assert_true(status);
618 :
619 1 : status = libspdm_verify_cert_chain_data(
620 : SPDM_MESSAGE_VERSION_13,
621 : file_buffer, file_buffer_size,
622 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
623 : 0,
624 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
625 : true,
626 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
627 1 : assert_true(status);
628 :
629 1 : status = libspdm_verify_cert_chain_data(
630 : SPDM_MESSAGE_VERSION_13,
631 : file_buffer, file_buffer_size + 1,
632 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
633 : 0,
634 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
635 : true,
636 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
637 1 : assert_false(status);
638 :
639 1 : status = libspdm_verify_cert_chain_data(
640 : SPDM_MESSAGE_VERSION_13,
641 : file_buffer, file_buffer_size,
642 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
643 : 0,
644 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
645 : true,
646 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
647 1 : assert_true(status);
648 1 : free(file_buffer);
649 : }
650 : if ((LIBSPDM_ECDSA_P256_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
651 1 : status = libspdm_read_input_file("ecp256/bundle_responder.certchain.der",
652 : (void **)&file_buffer, &file_buffer_size);
653 1 : assert_true(status);
654 1 : status = libspdm_verify_cert_chain_data(
655 : SPDM_MESSAGE_VERSION_13,
656 : file_buffer, file_buffer_size,
657 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
658 : 0,
659 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
660 : false,
661 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
662 1 : assert_true(status);
663 :
664 1 : status = libspdm_verify_cert_chain_data(
665 : SPDM_MESSAGE_VERSION_13,
666 : file_buffer, file_buffer_size + 1,
667 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
668 : 0,
669 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
670 : false,
671 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
672 1 : assert_false(status);
673 :
674 1 : status = libspdm_verify_cert_chain_data(
675 : SPDM_MESSAGE_VERSION_13,
676 : file_buffer, file_buffer_size,
677 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
678 : 0,
679 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
680 : false,
681 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
682 1 : assert_false(status);
683 1 : free(file_buffer);
684 : }
685 1 : }
686 :
687 :
688 1 : static void libspdm_test_crypt_spdm_verify_certificate_chain_buffer(void **state)
689 : {
690 : bool status;
691 : void *data;
692 : size_t data_size;
693 :
694 : if ((LIBSPDM_RSA_SSA_2048_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
695 1 : if (!libspdm_read_responder_public_certificate_chain(
696 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
697 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
698 : &data,&data_size,
699 : NULL, NULL)) {
700 0 : return;
701 : }
702 :
703 1 : status = libspdm_verify_certificate_chain_buffer(
704 : SPDM_MESSAGE_VERSION_13,
705 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
706 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
707 : 0,
708 : data,data_size,
709 : true,
710 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
711 1 : assert_true(status);
712 :
713 1 : status = libspdm_verify_certificate_chain_buffer(
714 : SPDM_MESSAGE_VERSION_13,
715 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
716 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
717 : 0,
718 : data,data_size + 1,
719 : true,
720 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
721 1 : assert_false(status);
722 :
723 1 : status = libspdm_verify_certificate_chain_buffer(
724 : SPDM_MESSAGE_VERSION_13,
725 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
726 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
727 : 0,
728 : data,data_size,
729 : true,
730 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
731 1 : assert_true(status);
732 1 : free(data);
733 : }
734 :
735 : if ((LIBSPDM_ECDSA_P256_SUPPORT) && (LIBSPDM_SHA256_SUPPORT)) {
736 1 : if (!libspdm_read_responder_public_certificate_chain(
737 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
738 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
739 : &data,&data_size,
740 : NULL, NULL)) {
741 0 : return;
742 : }
743 :
744 1 : status = libspdm_verify_certificate_chain_buffer(
745 : SPDM_MESSAGE_VERSION_13,
746 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
747 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
748 : 0,
749 : data,data_size,
750 : false,
751 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
752 1 : assert_true(status);
753 :
754 1 : status = libspdm_verify_certificate_chain_buffer(
755 : SPDM_MESSAGE_VERSION_13,
756 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
757 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
758 : 0,
759 : data,data_size + 1,
760 : false,
761 : SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
762 1 : assert_false(status);
763 :
764 1 : status = libspdm_verify_certificate_chain_buffer(
765 : SPDM_MESSAGE_VERSION_13,
766 : SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256,
767 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
768 : 0,
769 : data,data_size,
770 : false,
771 : SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
772 1 : assert_false(status);
773 1 : free(data);
774 : }
775 : }
776 :
777 1 : static void libspdm_test_crypt_asym_verify(void **state)
778 : {
779 : spdm_version_number_t spdm_version;
780 : void *context;
781 : void *data;
782 : size_t data_size;
783 : uint8_t signature[LIBSPDM_MAX_SPDM_MSG_SIZE];
784 : size_t sig_size;
785 : uint8_t signature_endian;
786 : char *file;
787 : bool status;
788 :
789 1 : spdm_version = SPDM_MESSAGE_VERSION_11;
790 :
791 1 : file = "ecp256/end_responder.key";
792 1 : libspdm_read_input_file(file, &data, &data_size);
793 1 : status = libspdm_asym_get_private_key_from_pem(
794 : m_libspdm_use_asym_algo, data, data_size, NULL, &context);
795 :
796 1 : if (!status) {
797 0 : libspdm_zero_mem(data, data_size);
798 0 : free(data);
799 0 : assert_true(status);
800 : }
801 :
802 1 : const uint8_t message[] = {
803 : 0x19, 0x90, 0x2d, 0x02, 0x34, 0x6e, 0xd5, 0x90,
804 : 0x0e, 0x69, 0x51, 0x2f, 0xf2, 0xbd, 0x9d, 0x33,
805 : 0x26, 0x71, 0x8f, 0x62, 0xa0, 0x01, 0xbd, 0xfd,
806 : 0x94, 0xe2, 0x98, 0x17, 0x24, 0xfd, 0xca, 0xf0
807 : };
808 :
809 1 : sig_size = libspdm_get_asym_signature_size(m_libspdm_use_req_asym_algo);
810 :
811 1 : libspdm_asym_sign(spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
812 : SPDM_MEASUREMENTS,
813 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
814 : context,
815 : message, sizeof(message),
816 : signature, &sig_size);
817 :
818 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
819 : status = libspdm_asym_sign(spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
820 : SPDM_MEASUREMENTS,
821 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
822 : context,
823 : message, sizeof(message),
824 : signature, &sig_size);
825 : assert_true(status);
826 : #else
827 : uint8_t message_hash[LIBSPDM_MAX_HASH_SIZE];
828 1 : status = libspdm_hash_all(m_libspdm_use_hash_algo, message, sizeof(message), message_hash);
829 :
830 1 : assert_true(status);
831 1 : status = libspdm_asym_sign_hash(spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
832 : SPDM_MEASUREMENTS,
833 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
834 : context,
835 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
836 : signature, &sig_size);
837 1 : assert_true(status);
838 : #endif
839 :
840 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
841 : /* Big Endian Signature. Big Endian Verify */
842 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
843 : status = libspdm_asym_verify_ex(
844 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
845 : SPDM_MEASUREMENTS,
846 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
847 : context,
848 : message, sizeof(message),
849 : signature, sig_size,
850 : &signature_endian);
851 : assert_true(status);
852 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
853 :
854 : /* Error: Big Endian Signature. Little Endian Verify */
855 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
856 : status = libspdm_asym_verify_ex(
857 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
858 : SPDM_MEASUREMENTS,
859 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
860 : context,
861 : message, sizeof(message),
862 : signature, sig_size,
863 : &signature_endian);
864 : assert_true(!status);
865 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
866 :
867 : /* Big Endian Signature. Big or Little Endian Verify */
868 : signature_endian= LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
869 : status = libspdm_asym_verify_ex(
870 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
871 : SPDM_MEASUREMENTS,
872 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
873 : context,
874 : message, sizeof(message),
875 : signature, sig_size,
876 : &signature_endian);
877 : assert_true(status);
878 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
879 :
880 : libspdm_copy_signature_swap_endian(
881 : m_libspdm_use_asym_algo,
882 : signature, sig_size, signature, sig_size);
883 :
884 : /* Little Endian Signature. Little Endian Verify */
885 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
886 : status = libspdm_asym_verify_ex(
887 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
888 : SPDM_MEASUREMENTS,
889 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
890 : context,
891 : message, sizeof(message),
892 : signature, sig_size,
893 : &signature_endian);
894 : assert_true(status);
895 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
896 :
897 : /* Error: Little Endian Signature. Big Endian Verify */
898 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
899 : status = libspdm_asym_verify_ex(
900 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
901 : SPDM_MEASUREMENTS,
902 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
903 : context,
904 : message, sizeof(message),
905 : signature, sig_size,
906 : &signature_endian);
907 : assert_true(!status);
908 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
909 :
910 : /* Little Endian Signature. Big or Little Endian Verify */
911 : signature_endian= LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
912 : status = libspdm_asym_verify_ex(
913 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
914 : SPDM_MEASUREMENTS,
915 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
916 : context,
917 : message, sizeof(message),
918 : signature, sig_size,
919 : &signature_endian);
920 : assert_true(status);
921 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
922 : #else
923 : /* Big Endian Signature. Big Endian Verify */
924 1 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
925 2 : status = libspdm_asym_verify_hash_ex(
926 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
927 : SPDM_MEASUREMENTS,
928 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
929 : context,
930 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
931 : signature, sig_size,
932 : &signature_endian);
933 1 : assert_true(status);
934 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
935 :
936 : /* Error: Big Endian Signature. Little Endian Verify */
937 1 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
938 2 : status = libspdm_asym_verify_hash_ex(
939 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
940 : SPDM_MEASUREMENTS,
941 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
942 : context,
943 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
944 : signature, sig_size,
945 : &signature_endian);
946 1 : assert_true(!status);
947 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
948 :
949 : /* Big Endian Signature. Big or Little Endian Verify */
950 1 : signature_endian= LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
951 2 : status = libspdm_asym_verify_hash_ex(
952 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
953 : SPDM_MEASUREMENTS,
954 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
955 : context,
956 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
957 : signature, sig_size,
958 : &signature_endian);
959 1 : assert_true(status);
960 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
961 :
962 1 : libspdm_copy_signature_swap_endian(
963 : m_libspdm_use_asym_algo,
964 : signature, sig_size, signature, sig_size);
965 :
966 : /* Little Endian Signature. Little Endian Verify */
967 1 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
968 2 : status = libspdm_asym_verify_hash_ex(
969 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
970 : SPDM_MEASUREMENTS,
971 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
972 : context,
973 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
974 : signature, sig_size,
975 : &signature_endian);
976 1 : assert_true(status);
977 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
978 :
979 : /* Error: Little Endian Signature. Big Endian Verify */
980 1 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
981 2 : status = libspdm_asym_verify_hash_ex(
982 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
983 : SPDM_MEASUREMENTS,
984 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
985 : context,
986 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
987 : signature, sig_size,
988 : &signature_endian);
989 1 : assert_true(!status);
990 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
991 :
992 : /* Little Endian Signature. Big or Little Endian Verify */
993 1 : signature_endian= LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
994 2 : status = libspdm_asym_verify_hash_ex(
995 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
996 : SPDM_MEASUREMENTS,
997 : m_libspdm_use_asym_algo, m_libspdm_use_hash_algo,
998 : context,
999 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
1000 : signature, sig_size,
1001 : &signature_endian);
1002 1 : assert_true(status);
1003 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
1004 :
1005 : #endif
1006 1 : }
1007 :
1008 1 : static void libspdm_test_crypt_req_asym_verify(void **state)
1009 : {
1010 : spdm_version_number_t spdm_version;
1011 : void *context;
1012 : void *data;
1013 : size_t data_size;
1014 : uint8_t signature[LIBSPDM_MAX_SPDM_MSG_SIZE];
1015 : size_t sig_size;
1016 : uint8_t signature_endian;
1017 : char *file;
1018 : bool status;
1019 :
1020 1 : spdm_version = SPDM_MESSAGE_VERSION_11;
1021 :
1022 1 : const uint8_t message[] = {
1023 : 0x19, 0x90, 0x2d, 0x02, 0x34, 0x6e, 0xd5, 0x90,
1024 : 0x0e, 0x69, 0x51, 0x2f, 0xf2, 0xbd, 0x9d, 0x33,
1025 : 0x26, 0x71, 0x8f, 0x62, 0xa0, 0x01, 0xbd, 0xfd,
1026 : 0x94, 0xe2, 0x98, 0x17, 0x24, 0xfd, 0xca, 0xf0
1027 : };
1028 :
1029 1 : file = "rsa2048/end_requester.key";
1030 1 : status = libspdm_read_input_file(file, &data, &data_size);
1031 1 : assert_true(status);
1032 :
1033 1 : status = libspdm_req_asym_get_private_key_from_pem(m_libspdm_use_req_asym_algo,
1034 : data,
1035 : data_size, NULL,
1036 : &context);
1037 1 : if (!status) {
1038 0 : libspdm_zero_mem(data, data_size);
1039 0 : free(data);
1040 0 : assert_true(status);
1041 : }
1042 1 : sig_size = libspdm_get_asym_signature_size(m_libspdm_use_req_asym_algo);
1043 :
1044 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1045 : status = libspdm_req_asym_sign(spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1046 : SPDM_FINISH,
1047 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1048 : context,
1049 : message, sizeof(message),
1050 : signature, &sig_size);
1051 : assert_true(status);
1052 : #else
1053 : uint8_t message_hash[LIBSPDM_MAX_HASH_SIZE];
1054 1 : status = libspdm_hash_all(m_libspdm_use_hash_algo, message, sizeof(message), message_hash);
1055 1 : assert_true(status);
1056 1 : status = libspdm_req_asym_sign_hash(spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1057 : SPDM_FINISH,
1058 : m_libspdm_use_req_asym_algo,
1059 : m_libspdm_use_hash_algo, context,
1060 : message_hash,
1061 1 : libspdm_get_hash_size(m_libspdm_use_hash_algo),
1062 : signature,
1063 : &sig_size);
1064 1 : assert_true(status);
1065 : #endif
1066 :
1067 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1068 : /* Big Endian Signature. Big Endian Verify */
1069 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
1070 : status = libspdm_req_asym_verify_ex(
1071 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1072 : SPDM_FINISH,
1073 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1074 : context,
1075 : message, sizeof(message),
1076 : signature, sig_size,
1077 : &signature_endian);
1078 : assert_true(status);
1079 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
1080 :
1081 : /* Error: Big Endian Signature. Little Endian Verify */
1082 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
1083 : status = libspdm_req_asym_verify_ex(
1084 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1085 : SPDM_FINISH,
1086 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1087 : context,
1088 : message, sizeof(message),
1089 : signature, sig_size,
1090 : &signature_endian);
1091 : assert_true(!status);
1092 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
1093 :
1094 : /* Big Endian Signature. Big or Little Endian Verify */
1095 : signature_endian= LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
1096 : status = libspdm_req_asym_verify_ex(
1097 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1098 : SPDM_FINISH,
1099 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1100 : context,
1101 : message, sizeof(message),
1102 : signature, sig_size,
1103 : &signature_endian);
1104 : assert_true(status);
1105 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
1106 :
1107 : libspdm_copy_signature_swap_endian(
1108 : m_libspdm_use_req_asym_algo,
1109 : signature, sig_size, signature, sig_size);
1110 :
1111 : /* Little Endian Signature. Little Endian Verify */
1112 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
1113 : status = libspdm_req_asym_verify_ex(
1114 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1115 : SPDM_FINISH,
1116 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1117 : context,
1118 : message, sizeof(message),
1119 : signature, sig_size,
1120 : &signature_endian);
1121 : assert_true(status);
1122 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
1123 :
1124 : /* Error: Little Endian Signature. Big Endian Verify */
1125 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
1126 : status = libspdm_req_asym_verify_ex(
1127 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1128 : SPDM_FINISH,
1129 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1130 : context,
1131 : message, sizeof(message),
1132 : signature, sig_size,
1133 : &signature_endian);
1134 : assert_true(!status);
1135 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
1136 :
1137 : /* Little Endian Signature. Big or Little Endian Verify */
1138 : signature_endian= LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
1139 : status = libspdm_req_asym_verify_ex(
1140 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1141 : SPDM_FINISH,
1142 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1143 : context,
1144 : message, sizeof(message),
1145 : signature, sig_size,
1146 : &signature_endian);
1147 : assert_true(status);
1148 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
1149 :
1150 : #else
1151 : /* Big Endian Signature. Big Endian Verify */
1152 1 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
1153 2 : status = libspdm_req_asym_verify_hash_ex(
1154 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1155 : SPDM_FINISH,
1156 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1157 : context,
1158 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
1159 : signature, sig_size,
1160 : &signature_endian);
1161 1 : assert_true(status);
1162 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
1163 :
1164 : /* Error: Big Endian Signature. Little Endian Verify */
1165 1 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
1166 2 : status = libspdm_req_asym_verify_hash_ex(
1167 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1168 : SPDM_FINISH,
1169 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1170 : context,
1171 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
1172 : signature, sig_size,
1173 : &signature_endian);
1174 1 : assert_true(!status);
1175 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
1176 :
1177 : /* Big Endian Signature. Big or Little Endian Verify */
1178 1 : signature_endian= LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
1179 2 : status = libspdm_req_asym_verify_hash_ex(
1180 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1181 : SPDM_FINISH,
1182 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1183 : context,
1184 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
1185 : signature, sig_size,
1186 : &signature_endian);
1187 1 : assert_true(status);
1188 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
1189 :
1190 1 : libspdm_copy_signature_swap_endian(
1191 : m_libspdm_use_req_asym_algo,
1192 : signature, sig_size, signature, sig_size);
1193 :
1194 : /* Little Endian Signature. Little Endian Verify */
1195 1 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
1196 2 : status = libspdm_req_asym_verify_hash_ex(
1197 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1198 : SPDM_FINISH,
1199 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1200 : context,
1201 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
1202 : signature, sig_size,
1203 : &signature_endian);
1204 1 : assert_true(status);
1205 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
1206 :
1207 : /* Error: Little Endian Signature. Big Endian Verify */
1208 1 : signature_endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
1209 2 : status = libspdm_req_asym_verify_hash_ex(
1210 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1211 : SPDM_FINISH,
1212 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1213 : context,
1214 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
1215 : signature, sig_size,
1216 : &signature_endian);
1217 1 : assert_true(!status);
1218 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY);
1219 :
1220 : /* Little Endian Signature. Big or Little Endian Verify */
1221 1 : signature_endian= LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
1222 2 : status = libspdm_req_asym_verify_hash_ex(
1223 1 : spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1224 : SPDM_FINISH,
1225 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1226 : context,
1227 1 : message_hash, libspdm_get_hash_size(m_libspdm_use_hash_algo),
1228 : signature, sig_size,
1229 : &signature_endian);
1230 1 : assert_true(status);
1231 1 : assert_int_equal(signature_endian, LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY);
1232 : #endif
1233 1 : }
1234 :
1235 : bool libspdm_is_palindrome(const uint8_t *buf, size_t buf_size);
1236 :
1237 : bool libspdm_is_signature_buffer_palindrome(
1238 : uint32_t base_asym_algo, const uint8_t *buf, size_t buf_size);
1239 :
1240 1 : static void libspdm_test_crypt_palindrome(void **state)
1241 : {
1242 : bool status;
1243 :
1244 : /* Test valid palindrome with even number of elements */
1245 1 : uint8_t buf1[] = {0, 1, 2, 3, 4, 5, 6, 7, 7, 6, 5, 4, 3, 2, 1, 0};
1246 1 : status = libspdm_is_palindrome(buf1, sizeof(buf1));
1247 1 : assert_true(status);
1248 :
1249 : /* Test valid palindrome with odd number of elements */
1250 1 : uint8_t buf2[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 7, 6, 5, 4, 3, 2, 1, 0 };
1251 1 : status = libspdm_is_palindrome(buf2, sizeof(buf2));
1252 1 : assert_true(status);
1253 :
1254 : /* Test invalid palindrome where inner corner-case element is not matching */
1255 1 : uint8_t buf3[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 6, 5, 4, 3, 2, 1, 0 };
1256 1 : status = libspdm_is_palindrome(buf3, sizeof(buf3));
1257 1 : assert_false(status);
1258 :
1259 : /* Test invalid palindrome where outer corner-case element is not matching */
1260 1 : uint8_t buf4[] = { 0, 1, 2, 3, 4, 5, 6, 7, 7, 6, 5, 4, 3, 2, 1, 8 };
1261 1 : status = libspdm_is_palindrome(buf4, sizeof(buf4));
1262 1 : assert_false(status);
1263 :
1264 : /* Test invalid palindrome where middle element is not matching */
1265 1 : uint8_t buf5[] = { 0, 1, 2, 3, 4, 5, 6, 7, 7, 6, 5, 4, 4, 2, 1, 0 };
1266 1 : status = libspdm_is_palindrome(buf5, sizeof(buf5));
1267 1 : assert_false(status);
1268 1 : }
1269 :
1270 1 : static void libspdm_test_crypt_rsa_palindrome(void **state)
1271 : {
1272 : /* Test RSA Buffers as palindrome */
1273 : int i;
1274 : bool status;
1275 :
1276 1 : const uint32_t rsa_algos[] = {
1277 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048,
1278 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048,
1279 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072,
1280 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072,
1281 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096,
1282 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096
1283 : };
1284 :
1285 : /* Palindrome for RSA */
1286 1 : uint8_t buf0[] = { 0, 1, 2, 3, 4, 5, 6, 7, 7, 6, 5, 4, 3, 2, 1, 0 };
1287 :
1288 : /* Not Palindrome cases for RSA */
1289 :
1290 : /* Test invalid palindrome where inner corner-case element is not matching */
1291 1 : uint8_t buf1[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 6, 5, 4, 3, 2, 1, 0 };
1292 :
1293 : /* Test invalid palindrome where outer corner-case element is not matching */
1294 1 : uint8_t buf2[] = { 0, 1, 2, 3, 4, 5, 6, 7, 7, 6, 5, 4, 3, 2, 1, 8 };
1295 :
1296 : /* Test invalid palindrome where middle element is not matching */
1297 1 : uint8_t buf3[] = { 0, 1, 2, 3, 4, 5, 6, 7, 7, 6, 5, 4, 4, 2, 1, 0 };
1298 :
1299 : /* Test each of these buffers against each RSA algo type */
1300 7 : for (i = 0; i < (sizeof(rsa_algos) / sizeof(rsa_algos[0])); i++) {
1301 : /* Test case where buffer is palindrome */
1302 6 : status = libspdm_is_signature_buffer_palindrome(rsa_algos[i], buf0, sizeof(buf0));
1303 6 : assert_true(status);
1304 :
1305 : /* Test cases where buffer is NOT palindrome */
1306 6 : status = libspdm_is_signature_buffer_palindrome(rsa_algos[i], buf1, sizeof(buf1));
1307 6 : assert_false(status);
1308 6 : status = libspdm_is_signature_buffer_palindrome(rsa_algos[i], buf2, sizeof(buf2));
1309 6 : assert_false(status);
1310 6 : status = libspdm_is_signature_buffer_palindrome(rsa_algos[i], buf3, sizeof(buf3));
1311 6 : assert_false(status);
1312 : }
1313 1 : }
1314 :
1315 1 : static void libspdm_test_crypt_ecdsa_palindrome(void **state)
1316 : {
1317 : int i;
1318 : bool status;
1319 :
1320 : /* Test ECDSA Buffers as palindrome */
1321 1 : const uint32_t ecdsa_algos[] = {
1322 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256,
1323 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384,
1324 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521
1325 : };
1326 :
1327 : /* Test for valid ECDSA buffer palindrome */
1328 1 : uint8_t buf0[] = { 0, 1, 2, 3, 3, 2, 1, 0, 0, 1, 2, 3, 3, 2, 1, 0 };
1329 :
1330 : /* Tests for ECDSA buffer not palidrome */
1331 :
1332 : /* Test for invalid palindrome where outer element of 1st buffer does not match */
1333 1 : uint8_t buf1[] = { 0, 1, 2, 3, 3, 2, 1, 1, 0, 1, 2, 3, 3, 2, 1, 0 };
1334 :
1335 : /* Test for invalid palindrome where outer element of 2nd buffer does not match */
1336 1 : uint8_t buf2[] = { 0, 1, 2, 3, 3, 2, 1, 0, 0, 1, 2, 3, 3, 2, 1, 1 };
1337 :
1338 : /* Test for invalid palindrome where inner element of 1st buffer does not match */
1339 1 : uint8_t buf3[] = { 0, 1, 2, 3, 4, 2, 1, 0, 0, 1, 2, 3, 3, 2, 1, 0 };
1340 :
1341 : /* Test for invalid palindrome where inner element of 2nd buffer does not match */
1342 1 : uint8_t buf4[] = { 0, 1, 2, 3, 3, 2, 1, 0, 0, 1, 2, 3, 4, 2, 1, 0 };
1343 :
1344 : /* Test for invalid palindrome where middle element of 1st buffer does not match */
1345 1 : uint8_t buf5[] = { 0, 1, 2, 3, 3, 2, 0, 0, 0, 1, 2, 3, 3, 2, 1, 0 };
1346 :
1347 : /* Test for invalid palindrome where middle element of 2nd buffer does not match */
1348 1 : uint8_t buf6[] = { 0, 1, 2, 3, 3, 2, 1, 0, 0, 1, 2, 3, 3, 0, 1, 0 };
1349 :
1350 : /* Test each of the buffers against each ECDSA algo type */
1351 4 : for (i = 0; i < (sizeof(ecdsa_algos) / sizeof(ecdsa_algos[0])); i++) {
1352 : /* Test case where buffer is palindrome */
1353 3 : status = libspdm_is_signature_buffer_palindrome(ecdsa_algos[i], buf0, sizeof(buf0));
1354 3 : assert_true(status);
1355 :
1356 : /* Test cases where buffer is NOT palindrome */
1357 3 : status = libspdm_is_signature_buffer_palindrome(ecdsa_algos[i], buf1, sizeof(buf1));
1358 3 : assert_false(status);
1359 3 : status = libspdm_is_signature_buffer_palindrome(ecdsa_algos[i], buf2, sizeof(buf2));
1360 3 : assert_false(status);
1361 3 : status = libspdm_is_signature_buffer_palindrome(ecdsa_algos[i], buf3, sizeof(buf3));
1362 3 : assert_false(status);
1363 3 : status = libspdm_is_signature_buffer_palindrome(ecdsa_algos[i], buf4, sizeof(buf4));
1364 3 : assert_false(status);
1365 3 : status = libspdm_is_signature_buffer_palindrome(ecdsa_algos[i], buf5, sizeof(buf5));
1366 3 : assert_false(status);
1367 3 : status = libspdm_is_signature_buffer_palindrome(ecdsa_algos[i], buf6, sizeof(buf6));
1368 3 : assert_false(status);
1369 : }
1370 1 : }
1371 :
1372 1 : static int libspdm_crypt_lib_setup(void **state)
1373 : {
1374 1 : return 0;
1375 : }
1376 :
1377 1 : static int libspdm_crypt_lib_teardown(void **state)
1378 : {
1379 1 : return 0;
1380 : }
1381 :
1382 1 : static int libspdm_crypt_lib_test_main(void)
1383 : {
1384 1 : const struct CMUnitTest test_cases[] = {
1385 : cmocka_unit_test(libspdm_test_crypt_spdm_get_dmtf_subject_alt_name_from_bytes),
1386 : cmocka_unit_test(libspdm_test_crypt_spdm_get_dmtf_subject_alt_name),
1387 : cmocka_unit_test(libspdm_test_crypt_spdm_x509_certificate_check),
1388 : cmocka_unit_test(libspdm_test_crypt_spdm_x509_set_cert_certificate_check),
1389 : cmocka_unit_test(libspdm_test_crypt_spdm_verify_cert_chain_data),
1390 : cmocka_unit_test(libspdm_test_crypt_spdm_verify_certificate_chain_buffer),
1391 : cmocka_unit_test(libspdm_test_crypt_asym_verify),
1392 : cmocka_unit_test(libspdm_test_crypt_req_asym_verify),
1393 : cmocka_unit_test(libspdm_test_crypt_palindrome),
1394 : cmocka_unit_test(libspdm_test_crypt_rsa_palindrome),
1395 : cmocka_unit_test(libspdm_test_crypt_ecdsa_palindrome),
1396 : };
1397 :
1398 1 : return cmocka_run_group_tests(test_cases,
1399 : libspdm_crypt_lib_setup,
1400 : libspdm_crypt_lib_teardown);
1401 : }
1402 :
1403 1 : int main(void)
1404 : {
1405 1 : int return_value = 0;
1406 :
1407 1 : if (libspdm_crypt_lib_test_main() != 0) {
1408 0 : return_value = 1;
1409 : }
1410 :
1411 1 : return return_value;
1412 : }
|
