Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 : #include "spdm_unit_test.h"
7 : #include "internal/libspdm_requester_lib.h"
8 :
9 : #if (LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP) && (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && \
10 : (LIBSPDM_ENABLE_CAPABILITY_CERT_CAP)
11 :
12 : spdm_get_digest_request_t m_spdm_get_digests_request1 = {
13 : {
14 : SPDM_MESSAGE_VERSION_11,
15 : SPDM_GET_DIGESTS,
16 : },
17 : };
18 : size_t m_spdm_get_digests_request1_size = sizeof(m_spdm_get_digests_request1);
19 :
20 :
21 : spdm_get_digest_request_t m_spdm_get_digests_request2 = {
22 : {
23 : SPDM_MESSAGE_VERSION_13,
24 : SPDM_GET_DIGESTS,
25 : },
26 : };
27 : size_t m_spdm_get_digests_request2_size = sizeof(m_spdm_get_digests_request2);
28 :
29 : static uint8_t m_local_certificate_chain[LIBSPDM_MAX_CERT_CHAIN_SIZE];
30 :
31 : /**
32 : * Test 1: receives a valid GET_DIGESTS request message from Requester
33 : * Expected Behavior: produces a valid DIGESTS response message
34 : **/
35 1 : static void req_encap_digests_case1(void **state)
36 : {
37 : libspdm_return_t status;
38 : libspdm_test_context_t *spdm_test_context;
39 : libspdm_context_t *spdm_context;
40 : size_t response_size;
41 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
42 : spdm_digest_response_t *spdm_response;
43 :
44 1 : spdm_test_context = *state;
45 1 : spdm_context = spdm_test_context->spdm_context;
46 1 : spdm_test_context->case_id = 0x1;
47 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11
48 : << SPDM_VERSION_NUMBER_SHIFT_BIT;
49 1 : spdm_context->connection_info.connection_state =
50 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
51 1 : spdm_context->local_context.capability.flags |=
52 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP;
53 1 : spdm_context->connection_info.algorithm.base_hash_algo =
54 : m_libspdm_use_hash_algo;
55 1 : spdm_context->local_context.local_cert_chain_provision[0] =
56 : m_local_certificate_chain;
57 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
58 : sizeof(m_local_certificate_chain);
59 1 : libspdm_set_mem(m_local_certificate_chain, sizeof(m_local_certificate_chain),
60 : (uint8_t)(0xFF));
61 :
62 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
63 : spdm_context->transcript.message_m.buffer_size =
64 : spdm_context->transcript.message_m.max_buffer_size;
65 : #endif
66 :
67 1 : response_size = sizeof(response);
68 1 : status = libspdm_get_encap_response_digest(spdm_context,
69 : m_spdm_get_digests_request1_size,
70 : &m_spdm_get_digests_request1,
71 : &response_size, response);
72 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
73 1 : assert_int_equal(
74 : response_size,
75 : sizeof(spdm_digest_response_t) +
76 : libspdm_get_hash_size(spdm_context->connection_info
77 : .algorithm.base_hash_algo));
78 1 : spdm_response = (void *)response;
79 1 : assert_int_equal(spdm_response->header.request_response_code,
80 : SPDM_DIGESTS);
81 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
82 : assert_int_equal(spdm_context->transcript.message_m.buffer_size,
83 : 0);
84 : #endif
85 1 : }
86 :
87 : /**
88 : * Test 2:
89 : * Expected Behavior:
90 : **/
91 1 : static void req_encap_digests_case2(void **state)
92 : {
93 1 : }
94 :
95 : /**
96 : * Test 3: receives a valid GET_DIGESTS request message from Requester, but the request message cannot be appended to the internal cache since the internal cache is full
97 : * Expected Behavior: produces an ERROR response message with error code = Unspecified
98 : **/
99 1 : static void req_encap_digests_case3(void **state)
100 : {
101 : libspdm_return_t status;
102 : libspdm_test_context_t *spdm_test_context;
103 : libspdm_context_t *spdm_context;
104 : size_t response_size;
105 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
106 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
107 : spdm_digest_response_t *spdm_response;
108 : #endif
109 1 : spdm_test_context = *state;
110 1 : spdm_context = spdm_test_context->spdm_context;
111 1 : spdm_test_context->case_id = 0x3;
112 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11
113 : << SPDM_VERSION_NUMBER_SHIFT_BIT;
114 1 : spdm_context->connection_info.connection_state =
115 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
116 1 : spdm_context->local_context.capability.flags |=
117 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP;
118 1 : spdm_context->connection_info.algorithm.base_hash_algo =
119 : m_libspdm_use_hash_algo;
120 1 : spdm_context->local_context.local_cert_chain_provision[0] =
121 : m_local_certificate_chain;
122 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
123 : sizeof(m_local_certificate_chain);
124 1 : libspdm_set_mem(m_local_certificate_chain, sizeof(m_local_certificate_chain),
125 : (uint8_t)(0xFF));
126 :
127 1 : response_size = sizeof(response);
128 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
129 : spdm_context->transcript.message_b.buffer_size =
130 : spdm_context->transcript.message_b.max_buffer_size;
131 : #endif
132 1 : status = libspdm_get_encap_response_digest(spdm_context,
133 : m_spdm_get_digests_request1_size,
134 : &m_spdm_get_digests_request1,
135 : &response_size, response);
136 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
137 :
138 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
139 : assert_int_equal(
140 : response_size,
141 : sizeof(spdm_digest_response_t) +
142 : libspdm_get_hash_size(spdm_context->connection_info
143 : .algorithm.base_hash_algo));
144 : spdm_response = (void *)response;
145 : assert_int_equal(spdm_response->header.request_response_code,
146 : SPDM_DIGESTS);
147 : assert_int_equal(spdm_response->header.param1,
148 : 0);
149 : assert_int_equal(spdm_response->header.param2, SPDM_ERROR_CODE_INVALID_REQUEST);
150 : #endif
151 1 : }
152 :
153 : /**
154 : * Test 4: receives a valid GET_DIGESTS request message from Requester, but the response message cannot be appended to the internal cache since the internal cache is full
155 : * Expected Behavior: produces an ERROR response message with error code = Unspecified
156 : **/
157 1 : static void req_encap_digests_case4(void **state)
158 : {
159 : libspdm_test_context_t *spdm_test_context;
160 : libspdm_context_t *spdm_context;
161 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
162 : size_t response_size;
163 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
164 : libspdm_return_t status;
165 : spdm_digest_response_t *spdm_response;
166 : #endif
167 :
168 1 : spdm_test_context = *state;
169 1 : spdm_context = spdm_test_context->spdm_context;
170 1 : spdm_test_context->case_id = 0x4;
171 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11
172 : << SPDM_VERSION_NUMBER_SHIFT_BIT;
173 1 : spdm_context->connection_info.connection_state =
174 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
175 1 : spdm_context->local_context.capability.flags |=
176 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP;
177 1 : spdm_context->connection_info.algorithm.base_hash_algo =
178 : m_libspdm_use_hash_algo;
179 1 : spdm_context->local_context.local_cert_chain_provision[0] =
180 : m_local_certificate_chain;
181 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
182 : sizeof(m_local_certificate_chain);
183 1 : libspdm_set_mem(m_local_certificate_chain, sizeof(m_local_certificate_chain),
184 : (uint8_t)(0xFF));
185 :
186 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
187 : spdm_context->transcript.message_b.buffer_size =
188 : spdm_context->transcript.message_b.max_buffer_size -
189 : sizeof(spdm_get_digest_request_t);
190 : response_size = sizeof(response);
191 : status = libspdm_get_encap_response_digest(spdm_context,
192 : m_spdm_get_digests_request1_size,
193 : &m_spdm_get_digests_request1,
194 : &response_size, response);
195 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
196 : assert_int_equal(
197 : response_size,
198 : sizeof(spdm_digest_response_t) +
199 : libspdm_get_hash_size(spdm_context->connection_info
200 : .algorithm.base_hash_algo));
201 : spdm_response = (void *)response;
202 : assert_int_equal(spdm_response->header.request_response_code,
203 : SPDM_DIGESTS);
204 : assert_int_equal(spdm_response->header.param1,
205 : 0);
206 : assert_int_equal(spdm_response->header.param2, SPDM_ERROR_CODE_INVALID_REQUEST);
207 : #endif
208 1 : }
209 :
210 : /**
211 : * Test 5: receives a valid GET_DIGESTS request message from Requester ,
212 : * Set multi_key_conn_req to check if it responds correctly
213 : * Expected Behavior: produces a valid DIGESTS response message
214 : **/
215 1 : static void req_encap_digests_case5(void **state)
216 : {
217 : libspdm_return_t status;
218 : libspdm_test_context_t *spdm_test_context;
219 : libspdm_context_t *spdm_context;
220 : size_t response_size;
221 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
222 : spdm_digest_response_t *spdm_response;
223 : libspdm_session_info_t *session_info;
224 : uint32_t session_id;
225 :
226 1 : spdm_test_context = *state;
227 1 : spdm_context = spdm_test_context->spdm_context;
228 1 : spdm_test_context->case_id = 0x5;
229 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_13
230 : << SPDM_VERSION_NUMBER_SHIFT_BIT;
231 1 : spdm_context->connection_info.connection_state =
232 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
233 1 : spdm_context->local_context.capability.flags |=
234 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP;
235 1 : spdm_context->connection_info.algorithm.base_hash_algo =
236 : m_libspdm_use_hash_algo;
237 1 : spdm_context->local_context.local_cert_chain_provision[0] =
238 : m_local_certificate_chain;
239 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
240 : sizeof(m_local_certificate_chain);
241 1 : libspdm_set_mem(m_local_certificate_chain, sizeof(m_local_certificate_chain),
242 : (uint8_t)(0xFF));
243 :
244 1 : session_id = 0xFFFFFFFF;
245 1 : spdm_context->latest_session_id = session_id;
246 1 : spdm_context->last_spdm_request_session_id_valid = true;
247 1 : spdm_context->last_spdm_request_session_id = session_id;
248 1 : session_info = &spdm_context->session_info[0];
249 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
250 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
251 1 : libspdm_secured_message_set_session_state(
252 : session_info->secured_message_context,
253 : LIBSPDM_SESSION_STATE_ESTABLISHED);
254 :
255 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
256 : spdm_context->transcript.message_m.buffer_size =
257 : spdm_context->transcript.message_m.max_buffer_size;
258 : #endif
259 : /* Sub Case 1: Set multi_key_conn_req to true*/
260 1 : spdm_context->connection_info.multi_key_conn_req = true;
261 1 : libspdm_reset_message_encap_d(spdm_context, session_info);
262 :
263 1 : response_size = sizeof(response);
264 1 : status = libspdm_get_encap_response_digest(spdm_context,
265 : m_spdm_get_digests_request2_size,
266 : &m_spdm_get_digests_request2,
267 : &response_size, response);
268 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
269 1 : assert_int_equal(
270 : response_size,
271 : sizeof(spdm_digest_response_t) + sizeof(spdm_key_pair_id_t) +
272 : sizeof(spdm_certificate_info_t) +
273 : sizeof(spdm_key_usage_bit_mask_t) +
274 : libspdm_get_hash_size(spdm_context->connection_info
275 : .algorithm.base_hash_algo));
276 1 : spdm_response = (void *)response;
277 1 : assert_int_equal(spdm_response->header.request_response_code,
278 : SPDM_DIGESTS);
279 1 : assert_int_equal(session_info->session_transcript.message_encap_d.buffer_size,
280 : sizeof(spdm_digest_response_t) + sizeof(spdm_key_pair_id_t) +
281 : sizeof(spdm_certificate_info_t) +
282 : sizeof(spdm_key_usage_bit_mask_t) +
283 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo));
284 :
285 : /* Sub Case 2: Set multi_key_conn_req to false*/
286 1 : spdm_context->connection_info.multi_key_conn_req = false;
287 1 : libspdm_reset_message_encap_d(spdm_context, session_info);
288 :
289 1 : response_size = sizeof(response);
290 1 : status = libspdm_get_encap_response_digest(spdm_context,
291 : m_spdm_get_digests_request2_size,
292 : &m_spdm_get_digests_request2,
293 : &response_size, response);
294 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
295 1 : assert_int_equal(
296 : response_size,
297 : sizeof(spdm_digest_response_t) +
298 : libspdm_get_hash_size(spdm_context->connection_info
299 : .algorithm.base_hash_algo));
300 1 : spdm_response = (void *)response;
301 1 : assert_int_equal(spdm_response->header.request_response_code,
302 : SPDM_DIGESTS);
303 1 : assert_int_equal(session_info->session_transcript.message_encap_d.buffer_size, 0);
304 1 : }
305 :
306 : /**
307 : * Test 6: receives a valid GET_DIGESTS request message from Requester ,
308 : * Check KeyPairID CertificateInfo and KeyUsageMask
309 : * Expected Behavior: produces a valid DIGESTS response message
310 : **/
311 1 : static void req_encap_digests_case6(void **state)
312 : {
313 : libspdm_return_t status;
314 : libspdm_test_context_t *spdm_test_context;
315 : libspdm_context_t *spdm_context;
316 : size_t response_size;
317 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
318 : spdm_digest_response_t *spdm_response;
319 : libspdm_session_info_t *session_info;
320 : uint32_t session_id;
321 : uint8_t *digest;
322 : spdm_key_pair_id_t *key_pair_id;
323 : spdm_certificate_info_t *cert_info;
324 : spdm_key_usage_bit_mask_t *key_usage_bit_mask;
325 : uint32_t hash_size;
326 : uint8_t slot_count;
327 : size_t additional_size;
328 :
329 1 : spdm_test_context = *state;
330 1 : spdm_context = spdm_test_context->spdm_context;
331 1 : spdm_test_context->case_id = 0x6;
332 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_13
333 : << SPDM_VERSION_NUMBER_SHIFT_BIT;
334 1 : spdm_context->connection_info.connection_state =
335 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
336 1 : spdm_context->local_context.capability.flags |=
337 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP;
338 1 : spdm_context->connection_info.algorithm.base_hash_algo =
339 : m_libspdm_use_hash_algo;
340 :
341 1 : slot_count = SPDM_MAX_SLOT_COUNT;
342 1 : additional_size = sizeof(spdm_key_pair_id_t) + sizeof(spdm_certificate_info_t) +
343 : sizeof(spdm_key_usage_bit_mask_t);
344 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
345 :
346 9 : for (uint8_t index = 0; index < SPDM_MAX_SLOT_COUNT; index++) {
347 8 : spdm_context->local_context.local_cert_chain_provision[index] =
348 8 : &m_local_certificate_chain[hash_size * index];
349 : spdm_context->local_context
350 8 : .local_cert_chain_provision_size[index] = hash_size;
351 : }
352 :
353 1 : libspdm_set_mem(m_local_certificate_chain, sizeof(m_local_certificate_chain),
354 : (uint8_t)(0xFF));
355 :
356 1 : session_id = 0xFFFFFFFF;
357 1 : spdm_context->latest_session_id = session_id;
358 1 : spdm_context->last_spdm_request_session_id_valid = true;
359 1 : spdm_context->last_spdm_request_session_id = session_id;
360 1 : session_info = &spdm_context->session_info[0];
361 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
362 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
363 1 : libspdm_secured_message_set_session_state(
364 : session_info->secured_message_context,
365 : LIBSPDM_SESSION_STATE_ESTABLISHED);
366 :
367 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
368 : spdm_context->transcript.message_m.buffer_size =
369 : spdm_context->transcript.message_m.max_buffer_size;
370 : #endif
371 1 : spdm_context->connection_info.multi_key_conn_req = true;
372 1 : libspdm_reset_message_encap_d(spdm_context, session_info);
373 :
374 1 : response_size = sizeof(response);
375 1 : status = libspdm_get_encap_response_digest(spdm_context,
376 : m_spdm_get_digests_request2_size,
377 : &m_spdm_get_digests_request2,
378 : &response_size, response);
379 :
380 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
381 1 : assert_int_equal(response_size,
382 : sizeof(spdm_digest_response_t) + (hash_size + additional_size) * slot_count);
383 :
384 1 : spdm_response = (void *)response;
385 1 : assert_int_equal(spdm_response->header.request_response_code,
386 : SPDM_DIGESTS);
387 1 : assert_int_equal(session_info->session_transcript.message_encap_d.buffer_size,
388 : sizeof(spdm_digest_response_t) + (hash_size + additional_size) * slot_count);
389 :
390 1 : digest = (void *)(spdm_response + 1);
391 1 : libspdm_zero_mem (digest, hash_size * slot_count);
392 1 : key_pair_id = (spdm_key_pair_id_t *)((uint8_t *)digest + (hash_size * slot_count));
393 1 : cert_info = (spdm_certificate_info_t *)((uint8_t *)key_pair_id +
394 1 : sizeof(spdm_key_pair_id_t) * slot_count);
395 1 : key_usage_bit_mask = (spdm_key_usage_bit_mask_t *)((uint8_t *)cert_info +
396 1 : sizeof(spdm_certificate_info_t) *
397 : slot_count);
398 9 : for (uint8_t index = 0; index < SPDM_MAX_SLOT_COUNT; index++) {
399 8 : assert_memory_equal((void *)&key_pair_id[index],
400 : (void *)&spdm_context->local_context.local_key_pair_id[index],
401 : sizeof(spdm_key_pair_id_t));
402 8 : assert_memory_equal((void *)&cert_info[index],
403 : (void *)&spdm_context->local_context.local_cert_info[index],
404 : sizeof(spdm_certificate_info_t));
405 8 : assert_memory_equal((void *)&key_usage_bit_mask[index],
406 : (void *)&spdm_context->local_context.local_key_usage_bit_mask[index],
407 : sizeof(spdm_key_usage_bit_mask_t));
408 : }
409 1 : }
410 :
411 1 : int libspdm_req_encap_digests_test(void)
412 : {
413 1 : const struct CMUnitTest test_cases[] = {
414 : /* Success Case*/
415 : cmocka_unit_test(req_encap_digests_case1),
416 : /* Can be populated with new test.*/
417 : cmocka_unit_test(req_encap_digests_case2),
418 : /* Internal cache full (request message)*/
419 : cmocka_unit_test(req_encap_digests_case3),
420 : /* Internal cache full (response message)*/
421 : cmocka_unit_test(req_encap_digests_case4),
422 : /* Set multi_key_conn_req to check if it responds correctly */
423 : cmocka_unit_test(req_encap_digests_case5),
424 : /* Check KeyPairID CertificateInfo and KeyUsageMask*/
425 : cmocka_unit_test(req_encap_digests_case6),
426 : };
427 :
428 1 : libspdm_test_context_t test_context = {
429 : LIBSPDM_TEST_CONTEXT_VERSION,
430 : false,
431 : };
432 :
433 1 : libspdm_setup_test_context(&test_context);
434 :
435 1 : return cmocka_run_group_tests(test_cases,
436 : libspdm_unit_test_group_setup,
437 : libspdm_unit_test_group_teardown);
438 : }
439 :
440 : #endif /* (LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP) && (..) */
|
