Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2022 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_requester_lib.h"
9 :
10 : #if (LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP) && (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && \
11 : (LIBSPDM_ENABLE_CAPABILITY_CHAL_CAP)
12 :
13 : spdm_challenge_request_t m_spdm_challenge_request1 = {
14 : {SPDM_MESSAGE_VERSION_11, SPDM_CHALLENGE, 0,
15 : SPDM_CHALLENGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH},
16 : };
17 : size_t m_spdm_challenge_request1_size = sizeof(m_spdm_challenge_request1);
18 :
19 : spdm_challenge_request_t m_spdm_challenge_request3 = {
20 : {SPDM_MESSAGE_VERSION_11, SPDM_CHALLENGE, SPDM_MAX_SLOT_COUNT,
21 : SPDM_CHALLENGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH},
22 : };
23 : size_t m_spdm_challenge_request3_size = sizeof(m_spdm_challenge_request3);
24 :
25 : spdm_challenge_request_t m_spdm_challenge_request4 = {
26 : {SPDM_MESSAGE_VERSION_11, SPDM_CHALLENGE, 0xFF,
27 : SPDM_CHALLENGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH},
28 : };
29 : size_t m_spdm_challenge_request4_size = sizeof(m_spdm_challenge_request4);
30 :
31 : spdm_challenge_request_t m_spdm_challenge_request5 = {
32 : {SPDM_MESSAGE_VERSION_13, SPDM_CHALLENGE, 0,
33 : SPDM_CHALLENGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH},
34 : };
35 : size_t m_spdm_challenge_request5_size = sizeof(m_spdm_challenge_request5);
36 :
37 : extern size_t libspdm_secret_lib_challenge_opaque_data_size;
38 :
39 : /**
40 : * Test 1: receiving a correct CHALLENGE message from the requester with
41 : * no opaque data, no measurements, and slot number 0.
42 : * Expected behavior: the requester accepts the request and produces a valid
43 : * CHALLENGE_AUTH response message and Completion of CHALLENGE sets M1/M2 to null.
44 : **/
45 1 : void test_libspdm_requester_encap_challenge_auth_case1(void **state)
46 : {
47 : libspdm_return_t status;
48 : libspdm_test_context_t *spdm_test_context;
49 : libspdm_context_t *spdm_context;
50 : size_t response_size;
51 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
52 : spdm_challenge_auth_response_t *spdm_response;
53 : void *data;
54 : size_t data_size;
55 :
56 1 : spdm_test_context = *state;
57 1 : spdm_context = spdm_test_context->spdm_context;
58 1 : spdm_test_context->case_id = 0x1;
59 :
60 1 : spdm_context->local_context.capability.flags = 0;
61 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP;
62 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHAL_CAP;
63 1 : spdm_context->connection_info.capability.flags = 0;
64 :
65 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
66 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
67 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
68 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
69 : m_libspdm_use_measurement_hash_algo;
70 :
71 1 : spdm_context->connection_info.connection_state =
72 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
73 1 : spdm_context->connection_info.algorithm.base_hash_algo =
74 : m_libspdm_use_hash_algo;
75 1 : spdm_context->connection_info.algorithm.base_asym_algo =
76 : m_libspdm_use_asym_algo;
77 1 : spdm_context->connection_info.algorithm.measurement_spec =
78 : m_libspdm_use_measurement_spec;
79 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
80 : m_libspdm_use_measurement_hash_algo;
81 :
82 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
83 : SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048;
84 :
85 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11
86 : << SPDM_VERSION_NUMBER_SHIFT_BIT;
87 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
88 : m_libspdm_use_asym_algo, &data,
89 : &data_size, NULL, NULL);
90 1 : spdm_context->local_context.local_cert_chain_provision[0] = data;
91 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
92 : data_size;
93 :
94 1 : libspdm_secret_lib_challenge_opaque_data_size = 0;
95 1 : libspdm_reset_message_mut_c(spdm_context);
96 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
97 : spdm_context->transcript.message_m.buffer_size =
98 : spdm_context->transcript.message_m.max_buffer_size;
99 : #endif
100 :
101 1 : response_size = sizeof(response);
102 1 : libspdm_get_random_number(SPDM_NONCE_SIZE,
103 : m_spdm_challenge_request1.nonce);
104 1 : status = libspdm_get_encap_response_challenge_auth(
105 : spdm_context, m_spdm_challenge_request1_size,
106 : &m_spdm_challenge_request1, &response_size, response);
107 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
108 1 : assert_int_equal(response_size, sizeof(spdm_challenge_auth_response_t) +
109 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo) +
110 : SPDM_NONCE_SIZE + 0 +
111 : sizeof(uint16_t) +
112 : libspdm_secret_lib_challenge_opaque_data_size +
113 : libspdm_get_req_asym_signature_size(
114 : spdm_context->connection_info.algorithm.req_base_asym_alg));
115 1 : spdm_response = (void *)response;
116 1 : assert_int_equal(spdm_response->header.request_response_code,
117 : SPDM_CHALLENGE_AUTH);
118 1 : assert_int_equal(spdm_response->header.param1, 0);
119 1 : assert_int_equal(spdm_response->header.param2, 1 << 0);
120 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
121 : assert_int_equal(spdm_context->transcript.message_m.buffer_size,
122 : 0);
123 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
124 : #else
125 1 : assert_null(spdm_context->transcript.digest_context_mut_m1m2);
126 : #endif
127 1 : free(data);
128 1 : }
129 :
130 : /**
131 : * Test 2:
132 : * Expected behavior:
133 : **/
134 1 : void test_libspdm_requester_encap_challenge_auth_case2(void **state)
135 : {
136 1 : }
137 :
138 : /**
139 : * Test 3: receiving a correct CHALLENGE from the requester, but the requester does not
140 : * have the challenge capability set.
141 : * Expected behavior: the requester accepts the request and produces a valid
142 : * CHALLENGE_AUTH response message.
143 : **/
144 1 : void test_libspdm_requester_encap_challenge_auth_case3(void **state)
145 : {
146 : libspdm_return_t status;
147 : libspdm_test_context_t *spdm_test_context;
148 : libspdm_context_t *spdm_context;
149 : size_t response_size;
150 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
151 : spdm_challenge_auth_response_t *spdm_response;
152 : void *data;
153 : size_t data_size;
154 :
155 1 : spdm_test_context = *state;
156 1 : spdm_context = spdm_test_context->spdm_context;
157 1 : spdm_test_context->case_id = 0x3;
158 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
159 1 : spdm_context->local_context.capability.flags = 0;
160 : /* spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP;*/
161 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
162 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
163 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
164 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
165 : m_libspdm_use_measurement_hash_algo;
166 :
167 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11
168 : << SPDM_VERSION_NUMBER_SHIFT_BIT;
169 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
170 : m_libspdm_use_asym_algo, &data, &data_size,
171 : NULL, NULL);
172 1 : spdm_context->local_context.local_cert_chain_provision[0] = data;
173 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size;
174 :
175 1 : libspdm_secret_lib_challenge_opaque_data_size = 0;
176 1 : libspdm_reset_message_c(spdm_context);
177 :
178 1 : response_size = sizeof(response);
179 1 : libspdm_get_random_number(SPDM_NONCE_SIZE, m_spdm_challenge_request1.nonce);
180 1 : status = libspdm_get_encap_response_challenge_auth(spdm_context, m_spdm_challenge_request1_size,
181 : &m_spdm_challenge_request1, &response_size,
182 : response);
183 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
184 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
185 1 : spdm_response = (void *)response;
186 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
187 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
188 1 : assert_int_equal(spdm_response->header.param2, SPDM_CHALLENGE);
189 1 : free(data);
190 1 : }
191 :
192 : /**
193 : * Test 4: receiving an incorrect CHALLENGE from the requester, with the slot number
194 : * larger than the specification limit.
195 : * Expected behavior: the requester rejects the request, and produces an ERROR message
196 : * indicating the UnexpectedRequest.
197 : **/
198 1 : void test_libspdm_requester_encap_challenge_auth_case4(void **state)
199 : {
200 : libspdm_return_t status;
201 : libspdm_test_context_t *spdm_test_context;
202 : libspdm_context_t *spdm_context;
203 : size_t response_size;
204 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
205 : spdm_challenge_auth_response_t *spdm_response;
206 : void *data;
207 : size_t data_size;
208 :
209 1 : spdm_test_context = *state;
210 1 : spdm_context = spdm_test_context->spdm_context;
211 1 : spdm_test_context->case_id = 0x4;
212 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
213 1 : spdm_context->local_context.capability.flags = 0;
214 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP;
215 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
216 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
217 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
218 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
219 : m_libspdm_use_measurement_hash_algo;
220 :
221 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11
222 : << SPDM_VERSION_NUMBER_SHIFT_BIT;
223 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
224 : m_libspdm_use_asym_algo, &data, &data_size,
225 : NULL, NULL);
226 1 : spdm_context->local_context.local_cert_chain_provision[0] = data;
227 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size;
228 :
229 1 : libspdm_secret_lib_challenge_opaque_data_size = 0;
230 1 : libspdm_reset_message_c(spdm_context);
231 :
232 1 : response_size = sizeof(response);
233 1 : libspdm_get_random_number(SPDM_NONCE_SIZE, m_spdm_challenge_request1.nonce);
234 1 : status = libspdm_get_encap_response_challenge_auth(spdm_context, m_spdm_challenge_request3_size,
235 : &m_spdm_challenge_request3, &response_size,
236 : response);
237 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
238 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
239 1 : spdm_response = (void *)response;
240 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
241 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
242 1 : assert_int_equal(spdm_response->header.param2, 0);
243 1 : free(data);
244 1 : }
245 :
246 : /**
247 : * Test 5: receiving a correct CHALLENGE from the requester, but with certificate
248 : * unavailable at the requested slot number (1).
249 : * Expected behavior: the requester rejects the request, and produces an ERROR message
250 : * indicating the UnexpectedRequest.
251 : **/
252 1 : void test_libspdm_requester_encap_challenge_auth_case5(void **state)
253 : {
254 : libspdm_return_t status;
255 : libspdm_test_context_t *spdm_test_context;
256 : libspdm_context_t *spdm_context;
257 : size_t response_size;
258 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
259 : spdm_challenge_auth_response_t *spdm_response;
260 : void *data;
261 : size_t data_size;
262 :
263 1 : spdm_test_context = *state;
264 1 : spdm_context = spdm_test_context->spdm_context;
265 1 : spdm_test_context->case_id = 0x05;
266 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
267 1 : spdm_context->local_context.capability.flags = 0;
268 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP;
269 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
270 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
271 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
272 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
273 : m_libspdm_use_measurement_hash_algo;
274 :
275 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11
276 : << SPDM_VERSION_NUMBER_SHIFT_BIT;
277 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
278 : m_libspdm_use_asym_algo, &data, &data_size,
279 : NULL, NULL);
280 1 : spdm_context->local_context.local_cert_chain_provision[0] = data;
281 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size;
282 :
283 1 : libspdm_secret_lib_challenge_opaque_data_size = 0;
284 1 : libspdm_reset_message_c(spdm_context);
285 :
286 1 : response_size = sizeof(response);
287 1 : libspdm_get_random_number(SPDM_NONCE_SIZE, m_spdm_challenge_request1.nonce);
288 1 : status = libspdm_get_encap_response_challenge_auth(spdm_context, m_spdm_challenge_request3_size,
289 : &m_spdm_challenge_request3, &response_size,
290 : response);
291 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
292 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
293 1 : spdm_response = (void *)response;
294 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
295 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
296 1 : assert_int_equal(spdm_response->header.param2, 0);
297 1 : free(data);
298 1 : }
299 :
300 : /**
301 : * Test 6: receiving a correct CHALLENGE message from the requester with
302 : * no opaque data, no measurements, and slot number 0xFF.
303 : * Expected behavior: the requester accepts the request and produces a valid
304 : * CHALLENGE_AUTH response message using provisioned public key (slot number 0xFF).
305 : **/
306 1 : void test_libspdm_requester_encap_challenge_auth_case6(void **state)
307 : {
308 : libspdm_return_t status;
309 : libspdm_test_context_t *spdm_test_context;
310 : libspdm_context_t *spdm_context;
311 : size_t response_size;
312 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
313 : spdm_challenge_auth_response_t *spdm_response;
314 : void *data;
315 : size_t data_size;
316 :
317 1 : spdm_test_context = *state;
318 1 : spdm_context = spdm_test_context->spdm_context;
319 1 : spdm_test_context->case_id = 0x6;
320 :
321 1 : spdm_context->local_context.capability.flags = 0;
322 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHAL_CAP;
323 :
324 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
325 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
326 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
327 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11
328 : << SPDM_VERSION_NUMBER_SHIFT_BIT;
329 :
330 1 : libspdm_read_requester_public_key(m_libspdm_use_req_asym_algo, &data, &data_size);
331 1 : spdm_context->local_context.local_public_key_provision = data;
332 1 : spdm_context->local_context.local_public_key_provision_size = data_size;
333 :
334 1 : libspdm_secret_lib_challenge_opaque_data_size = 0;
335 1 : libspdm_reset_message_c(spdm_context);
336 :
337 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
338 : spdm_context->transcript.message_m.buffer_size =
339 : spdm_context->transcript.message_m.max_buffer_size;
340 : #endif
341 :
342 1 : response_size = sizeof(response);
343 1 : libspdm_get_random_number(SPDM_NONCE_SIZE, m_spdm_challenge_request4.nonce);
344 1 : status = libspdm_get_encap_response_challenge_auth(
345 : spdm_context,
346 : m_spdm_challenge_request4_size, &m_spdm_challenge_request4,
347 : &response_size, response);
348 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
349 1 : assert_int_equal(
350 : response_size,
351 : sizeof(spdm_challenge_auth_response_t) +
352 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo) +
353 : SPDM_NONCE_SIZE + 0 +
354 : sizeof(uint16_t) + 0 +
355 : libspdm_get_req_asym_signature_size(
356 : spdm_context->connection_info.algorithm.req_base_asym_alg));
357 1 : spdm_response = (void *)response;
358 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_CHALLENGE_AUTH);
359 1 : assert_int_equal(spdm_response->header.param1, 0xF);
360 1 : assert_int_equal(spdm_response->header.param2, 0);
361 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
362 : assert_int_equal(spdm_context->transcript.message_m.buffer_size, 0);
363 : #endif
364 1 : free(data);
365 1 : }
366 :
367 : /**
368 : * Test 7: receiving a correct CHALLENGE message from the requester with context field
369 : * no opaque data, no measurements, and slot number 0.
370 : * Expected behavior: get a RETURN_SUCCESS return code, correct context field
371 : **/
372 1 : void test_libspdm_requester_encap_challenge_auth_case7(void **state)
373 : {
374 : libspdm_return_t status;
375 : libspdm_test_context_t *spdm_test_context;
376 : libspdm_context_t *spdm_context;
377 : size_t response_size;
378 : uint8_t request[LIBSPDM_MAX_SPDM_MSG_SIZE];
379 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
380 : spdm_challenge_auth_response_t *spdm_response;
381 : void *data;
382 : size_t data_size;
383 : uint8_t *requester_context;
384 : uint8_t *responder_context;
385 :
386 1 : spdm_test_context = *state;
387 1 : spdm_context = spdm_test_context->spdm_context;
388 1 : spdm_test_context->case_id = 0x7;
389 :
390 1 : spdm_context->local_context.capability.flags = 0;
391 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP;
392 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHAL_CAP;
393 1 : spdm_context->connection_info.capability.flags = 0;
394 :
395 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
396 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
397 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
398 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
399 : m_libspdm_use_measurement_hash_algo;
400 :
401 1 : spdm_context->connection_info.connection_state =
402 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
403 1 : spdm_context->connection_info.algorithm.base_hash_algo =
404 : m_libspdm_use_hash_algo;
405 1 : spdm_context->connection_info.algorithm.base_asym_algo =
406 : m_libspdm_use_asym_algo;
407 1 : spdm_context->connection_info.algorithm.measurement_spec =
408 : m_libspdm_use_measurement_spec;
409 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
410 : m_libspdm_use_measurement_hash_algo;
411 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
412 : m_libspdm_use_req_asym_algo;
413 :
414 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_13
415 : << SPDM_VERSION_NUMBER_SHIFT_BIT;
416 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
417 : m_libspdm_use_asym_algo, &data,
418 : &data_size, NULL, NULL);
419 1 : spdm_context->local_context.local_cert_chain_provision[0] = data;
420 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
421 : data_size;
422 :
423 1 : libspdm_reset_message_mut_c(spdm_context);
424 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
425 : spdm_context->transcript.message_m.buffer_size =
426 : spdm_context->transcript.message_m.max_buffer_size;
427 : #endif
428 :
429 1 : response_size = sizeof(response);
430 1 : libspdm_get_random_number(SPDM_NONCE_SIZE,
431 : m_spdm_challenge_request5.nonce);
432 :
433 1 : libspdm_zero_mem(request, sizeof(request));
434 1 : libspdm_copy_mem(request, sizeof(spdm_challenge_request_t),
435 : &m_spdm_challenge_request5, m_spdm_challenge_request5_size);
436 1 : requester_context = request + m_spdm_challenge_request5_size;
437 1 : libspdm_set_mem(requester_context, SPDM_REQ_CONTEXT_SIZE, 0xAA);
438 1 : m_spdm_challenge_request5_size += SPDM_REQ_CONTEXT_SIZE;
439 :
440 1 : status = libspdm_get_encap_response_challenge_auth(
441 : spdm_context, m_spdm_challenge_request5_size,
442 : request, &response_size, response);
443 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
444 1 : assert_int_equal(response_size, sizeof(spdm_challenge_auth_response_t) +
445 : libspdm_get_hash_size(m_libspdm_use_hash_algo) +
446 : SPDM_NONCE_SIZE + 0 + sizeof(uint16_t) +
447 : libspdm_get_asym_signature_size(m_libspdm_use_req_asym_algo) +
448 : SPDM_REQ_CONTEXT_SIZE);
449 1 : spdm_response = (void *)response;
450 1 : assert_int_equal(spdm_response->header.request_response_code,
451 : SPDM_CHALLENGE_AUTH);
452 1 : assert_int_equal(spdm_response->header.param1, 0);
453 1 : assert_int_equal(spdm_response->header.param2, 1 << 0);
454 :
455 1 : responder_context = (void *)response;
456 1 : responder_context += sizeof(spdm_challenge_auth_response_t) +
457 1 : libspdm_get_hash_size(m_libspdm_use_hash_algo) +
458 1 : SPDM_NONCE_SIZE + 0 + sizeof(uint16_t);
459 1 : assert_memory_equal(requester_context, responder_context, SPDM_REQ_CONTEXT_SIZE);
460 :
461 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
462 : assert_int_equal(spdm_context->transcript.message_m.buffer_size,
463 : 0);
464 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
465 : #else
466 1 : assert_null(spdm_context->transcript.digest_context_mut_m1m2);
467 : #endif
468 1 : free(data);
469 1 : }
470 :
471 : /**
472 : * Test 8: The key usage bit mask is not set, the SlotID fields in CHALLENGE and CHALLENGE_AUTH shall not specify this certificate slot
473 : * Expected behavior: the responder accepts the request, but produces an ERROR message
474 : * indicating the invalid state.
475 : **/
476 1 : void test_libspdm_requester_encap_challenge_auth_case8(void **state)
477 : {
478 : libspdm_return_t status;
479 : libspdm_test_context_t *spdm_test_context;
480 : libspdm_context_t *spdm_context;
481 : size_t response_size;
482 : uint8_t request[LIBSPDM_MAX_SPDM_MSG_SIZE];
483 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
484 : spdm_challenge_auth_response_t *spdm_response;
485 : void *data;
486 : size_t data_size;
487 : uint8_t *requester_context;
488 : uint8_t slot_id;
489 :
490 1 : spdm_test_context = *state;
491 1 : spdm_context = spdm_test_context->spdm_context;
492 1 : spdm_test_context->case_id = 0x8;
493 :
494 1 : spdm_context->local_context.capability.flags = 0;
495 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP;
496 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_CHAL_CAP;
497 1 : spdm_context->connection_info.capability.flags = 0;
498 :
499 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
500 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
501 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
502 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
503 : m_libspdm_use_measurement_hash_algo;
504 :
505 1 : spdm_context->connection_info.connection_state =
506 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
507 1 : spdm_context->connection_info.algorithm.base_hash_algo =
508 : m_libspdm_use_hash_algo;
509 1 : spdm_context->connection_info.algorithm.base_asym_algo =
510 : m_libspdm_use_asym_algo;
511 1 : spdm_context->connection_info.algorithm.measurement_spec =
512 : m_libspdm_use_measurement_spec;
513 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
514 : m_libspdm_use_measurement_hash_algo;
515 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
516 : m_libspdm_use_req_asym_algo;
517 1 : spdm_context->connection_info.multi_key_conn_req = true;
518 :
519 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_13
520 : << SPDM_VERSION_NUMBER_SHIFT_BIT;
521 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
522 : m_libspdm_use_asym_algo, &data,
523 : &data_size, NULL, NULL);
524 1 : spdm_context->local_context.local_cert_chain_provision[0] = data;
525 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
526 : data_size;
527 :
528 1 : libspdm_reset_message_mut_c(spdm_context);
529 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
530 : spdm_context->transcript.message_m.buffer_size =
531 : spdm_context->transcript.message_m.max_buffer_size;
532 : #endif
533 :
534 : /* If set, the SlotID fields in CHALLENGE and CHALLENGE_AUTH can specify this certificate slot. If not set, the
535 : * SlotID fields in CHALLENGE and CHALLENGE_AUTH shall not specify this certificate slot. */
536 1 : slot_id = 0;
537 1 : m_spdm_challenge_request5.header.param1 = slot_id;
538 1 : spdm_context->local_context.local_key_usage_bit_mask[slot_id] =
539 : SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE |
540 : SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE;
541 :
542 1 : response_size = sizeof(response);
543 1 : libspdm_get_random_number(SPDM_NONCE_SIZE,
544 : m_spdm_challenge_request5.nonce);
545 :
546 1 : libspdm_zero_mem(request, sizeof(request));
547 1 : libspdm_copy_mem(request, sizeof(spdm_challenge_request_t),
548 : &m_spdm_challenge_request5, sizeof(m_spdm_challenge_request5));
549 1 : requester_context = request + sizeof(m_spdm_challenge_request5);
550 1 : libspdm_set_mem(requester_context, SPDM_REQ_CONTEXT_SIZE, 0xAA);
551 1 : m_spdm_challenge_request5_size = sizeof(m_spdm_challenge_request5) + SPDM_REQ_CONTEXT_SIZE;
552 :
553 1 : status = libspdm_get_encap_response_challenge_auth(
554 : spdm_context, m_spdm_challenge_request5_size,
555 : request, &response_size, response);
556 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
557 1 : assert_int_equal (response_size, sizeof(spdm_error_response_t));
558 1 : spdm_response = (void *)response;
559 1 : assert_int_equal (spdm_response->header.request_response_code, SPDM_ERROR);
560 1 : assert_int_equal (spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
561 1 : assert_int_equal (spdm_response->header.param2, 0);
562 :
563 1 : free(data);
564 1 : }
565 :
566 1 : int libspdm_requester_encap_challenge_auth_test_main(void)
567 : {
568 1 : const struct CMUnitTest spdm_requester_challenge_auth_tests[] = {
569 : /* Success Case*/
570 : cmocka_unit_test(test_libspdm_requester_encap_challenge_auth_case1),
571 : /* Can be populated with new test.*/
572 : cmocka_unit_test(test_libspdm_requester_encap_challenge_auth_case2),
573 : /* connection_state Check*/
574 : cmocka_unit_test(test_libspdm_requester_encap_challenge_auth_case3),
575 : cmocka_unit_test(test_libspdm_requester_encap_challenge_auth_case4),
576 : cmocka_unit_test(test_libspdm_requester_encap_challenge_auth_case5),
577 : /* Success Case, use provisioned public key (slot 0xFF) */
578 : cmocka_unit_test(test_libspdm_requester_encap_challenge_auth_case6),
579 : /* Success Case: V1.3 get a correct context field */
580 : cmocka_unit_test(test_libspdm_requester_encap_challenge_auth_case7),
581 : /* The key usage bit mask is not set, failed Case*/
582 : cmocka_unit_test(test_libspdm_requester_encap_challenge_auth_case8),
583 : };
584 :
585 1 : libspdm_test_context_t test_context = {
586 : LIBSPDM_TEST_CONTEXT_VERSION,
587 : false,
588 : };
589 :
590 1 : libspdm_setup_test_context(&test_context);
591 :
592 1 : return cmocka_run_group_tests(spdm_requester_challenge_auth_tests,
593 : libspdm_unit_test_group_setup,
594 : libspdm_unit_test_group_teardown);
595 : }
596 :
597 : #endif /* (LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP) && (..) */
|
