Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2022 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 : #include "spdm_unit_test.h"
7 : #include "internal/libspdm_requester_lib.h"
8 : #include "internal/libspdm_secured_message_lib.h"
9 :
10 : #if LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP
11 :
12 : spdm_key_update_request_t m_spdm_key_update_request1 = {
13 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
14 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x3}
15 : };
16 : size_t m_spdm_key_update_request1_size = sizeof(m_spdm_key_update_request1);
17 :
18 : spdm_key_update_request_t m_spdm_key_update_request2 = {
19 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
20 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x3}
21 : };
22 : size_t m_spdm_key_update_request2_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
23 :
24 : spdm_key_update_request_t m_spdm_key_update_request3 = {
25 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
26 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x71}
27 : };
28 : size_t m_spdm_key_update_request3_size = sizeof(m_spdm_key_update_request3);
29 :
30 : spdm_key_update_request_t m_spdm_key_update_request4 = {
31 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
32 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x71}
33 : };
34 : size_t m_spdm_key_update_request4_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
35 :
36 : spdm_key_update_request_t m_spdm_key_update_request5 = {
37 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
38 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x4A}
39 : };
40 : size_t m_spdm_key_update_request5_size = sizeof(m_spdm_key_update_request5);
41 :
42 : spdm_key_update_request_t m_spdm_key_update_request6 = {
43 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
44 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x4A}
45 : };
46 : size_t m_spdm_key_update_request6_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
47 :
48 : spdm_key_update_request_t m_spdm_key_update_request7 = {
49 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
50 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x92}
51 : };
52 : size_t m_spdm_key_update_request7_size = sizeof(m_spdm_key_update_request7);
53 :
54 : spdm_key_update_request_t m_spdm_key_update_request8 = {
55 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
56 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x13}
57 : };
58 : size_t m_spdm_key_update_request8_size = sizeof(m_spdm_key_update_request8);
59 :
60 : spdm_key_update_request_t m_spdm_key_update_request9 = {
61 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
62 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x22}
63 : };
64 : size_t m_spdm_key_update_request9_size = sizeof(m_spdm_key_update_request9);
65 :
66 : spdm_key_update_request_t m_spdm_key_update_request10 = {
67 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE, 0xFF, 0x12}
68 : };
69 : size_t m_spdm_key_update_request10_size = sizeof(m_spdm_key_update_request10);
70 :
71 14 : static void spdm_set_standard_key_update_test_state(
72 : libspdm_context_t *spdm_context, uint32_t *session_id)
73 : {
74 : libspdm_session_info_t *session_info;
75 :
76 14 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
77 14 : spdm_context->connection_info.connection_state =
78 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
79 14 : spdm_context->connection_info.capability.flags |=
80 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP;
81 14 : spdm_context->connection_info.capability.flags |=
82 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP;
83 14 : spdm_context->connection_info.capability.flags |=
84 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP;
85 14 : spdm_context->local_context.capability.flags |=
86 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP;
87 14 : spdm_context->local_context.capability.flags |=
88 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP;
89 14 : spdm_context->local_context.capability.flags |=
90 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP;
91 :
92 14 : spdm_context->transcript.message_a.buffer_size = 0;
93 14 : spdm_context->connection_info.algorithm.base_hash_algo =
94 : m_libspdm_use_hash_algo;
95 14 : spdm_context->connection_info.algorithm.base_asym_algo =
96 : m_libspdm_use_asym_algo;
97 14 : spdm_context->connection_info.algorithm.dhe_named_group =
98 : m_libspdm_use_dhe_algo;
99 14 : spdm_context->connection_info.algorithm.aead_cipher_suite =
100 : m_libspdm_use_aead_algo;
101 :
102 14 : *session_id = 0xFFFFFFFF;
103 14 : spdm_context->latest_session_id = *session_id;
104 14 : spdm_context->last_spdm_request_session_id_valid = true;
105 14 : spdm_context->last_spdm_request_session_id = *session_id;
106 14 : session_info = &spdm_context->session_info[0];
107 14 : libspdm_session_info_init(spdm_context, session_info, *session_id, true);
108 14 : libspdm_secured_message_set_session_state(
109 : session_info->secured_message_context,
110 : LIBSPDM_SESSION_STATE_ESTABLISHED);
111 14 : }
112 :
113 13 : static void libspdm_set_standard_key_update_test_secrets(
114 : libspdm_secured_message_context_t *secured_message_context,
115 : uint8_t *m_rsp_secret_buffer, uint8_t rsp_secret_fill,
116 : uint8_t *m_req_secret_buffer, uint8_t req_secret_fill)
117 : {
118 13 : libspdm_set_mem(m_rsp_secret_buffer, secured_message_context->hash_size, rsp_secret_fill);
119 13 : libspdm_set_mem(m_req_secret_buffer, secured_message_context->hash_size, req_secret_fill);
120 :
121 13 : libspdm_copy_mem(secured_message_context->application_secret.response_data_secret,
122 : sizeof(secured_message_context->application_secret.response_data_secret),
123 : m_rsp_secret_buffer, secured_message_context->aead_key_size);
124 13 : libspdm_copy_mem(secured_message_context->application_secret.request_data_secret,
125 : sizeof(secured_message_context->application_secret.request_data_secret),
126 : m_req_secret_buffer, secured_message_context->aead_key_size);
127 :
128 13 : libspdm_set_mem(secured_message_context->application_secret
129 13 : .response_data_encryption_key,
130 : secured_message_context->aead_key_size, rsp_secret_fill);
131 13 : libspdm_set_mem(secured_message_context->application_secret
132 13 : .response_data_salt,
133 : secured_message_context->aead_iv_size, rsp_secret_fill);
134 :
135 13 : libspdm_set_mem(secured_message_context->application_secret
136 13 : .request_data_encryption_key,
137 : secured_message_context->aead_key_size, req_secret_fill);
138 13 : libspdm_set_mem(secured_message_context->application_secret
139 13 : .request_data_salt,
140 : secured_message_context->aead_iv_size, req_secret_fill);
141 :
142 13 : secured_message_context->application_secret.response_data_sequence_number = 0;
143 13 : secured_message_context->application_secret.request_data_sequence_number = 0;
144 13 : }
145 :
146 7 : static void libspdm_compute_secret_update(spdm_version_number_t spdm_version,
147 : size_t hash_size,
148 : const uint8_t *in_secret, uint8_t *out_secret,
149 : size_t out_secret_size)
150 : {
151 : uint8_t bin_str9[128];
152 : size_t bin_str9_size;
153 :
154 7 : bin_str9_size = sizeof(bin_str9);
155 7 : libspdm_bin_concat(spdm_version,
156 : SPDM_BIN_STR_9_LABEL, sizeof(SPDM_BIN_STR_9_LABEL) - 1,
157 7 : NULL, (uint16_t)hash_size, hash_size, bin_str9,
158 : &bin_str9_size);
159 :
160 7 : libspdm_hkdf_expand(m_libspdm_use_hash_algo, in_secret, hash_size, bin_str9,
161 : bin_str9_size, out_secret, out_secret_size);
162 7 : }
163 :
164 : /**
165 : * Test 1: receiving a correct KEY_UPDATE message from the requester with
166 : * the UpdateKey operation.
167 : * Expected behavior: the encap requester accepts the request, produces a valid
168 : * KEY_UPDATE_ACK response message, and the request data key is updated.
169 : **/
170 1 : void test_libspdm_requester_encap_key_update_case1(void **state)
171 : {
172 : libspdm_return_t status;
173 : libspdm_test_context_t *spdm_test_context;
174 : libspdm_context_t *spdm_context;
175 : uint32_t session_id;
176 : libspdm_session_info_t *session_info;
177 : libspdm_secured_message_context_t *secured_message_context;
178 :
179 : size_t response_size;
180 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
181 : spdm_key_update_response_t *spdm_response;
182 :
183 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
184 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
185 :
186 1 : spdm_test_context = *state;
187 1 : spdm_context = spdm_test_context->spdm_context;
188 1 : spdm_test_context->case_id = 0x01;
189 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
190 : SPDM_VERSION_NUMBER_SHIFT_BIT;
191 :
192 1 : spdm_set_standard_key_update_test_state(
193 : spdm_context, &session_id);
194 :
195 1 : session_info = &spdm_context->session_info[0];
196 1 : secured_message_context = session_info->secured_message_context;
197 :
198 1 : libspdm_set_standard_key_update_test_secrets(
199 1 : session_info->secured_message_context,
200 : m_rsp_secret_buffer, (uint8_t)(0xFF),
201 : m_req_secret_buffer, (uint8_t)(0xEE));
202 :
203 : /*request side *not* updated*/
204 :
205 : /*response side updated */
206 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
207 : secured_message_context->hash_size,
208 : m_rsp_secret_buffer, m_rsp_secret_buffer,
209 : secured_message_context->hash_size);
210 :
211 1 : response_size = sizeof(response);
212 1 : status = libspdm_get_encap_response_key_update(spdm_context,
213 : m_spdm_key_update_request1_size,
214 : &m_spdm_key_update_request1,
215 : &response_size, response);
216 :
217 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
218 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
219 1 : spdm_response = (void *)response;
220 1 : assert_int_equal(spdm_response->header.request_response_code,
221 : SPDM_KEY_UPDATE_ACK);
222 1 : assert_int_equal(spdm_response->header.param1,
223 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
224 1 : assert_int_equal(spdm_response->header.param2,
225 : m_spdm_key_update_request1.header.param2);
226 1 : assert_memory_equal(secured_message_context
227 : ->application_secret.request_data_secret,
228 : m_req_secret_buffer, secured_message_context->hash_size);
229 1 : assert_memory_equal(secured_message_context
230 : ->application_secret.response_data_secret,
231 : m_rsp_secret_buffer, secured_message_context->hash_size);
232 1 : }
233 :
234 : /**
235 : * Test 2: receiving a KEY_UPDATE message larger than specified, with the
236 : * UpdateKey operation.
237 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and
238 : * produces an ERROR message indicating the InvalidRequest. No keys
239 : * are updated.
240 : **/
241 1 : void test_libspdm_requester_encap_key_update_case2(void **state)
242 : {
243 : libspdm_return_t status;
244 : libspdm_test_context_t *spdm_test_context;
245 : libspdm_context_t *spdm_context;
246 : uint32_t session_id;
247 : libspdm_session_info_t *session_info;
248 : libspdm_secured_message_context_t *secured_message_context;
249 :
250 : size_t response_size;
251 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
252 : spdm_key_update_response_t *spdm_response;
253 :
254 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
255 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
256 :
257 1 : spdm_test_context = *state;
258 1 : spdm_context = spdm_test_context->spdm_context;
259 1 : spdm_test_context->case_id = 0x02;
260 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
261 : SPDM_VERSION_NUMBER_SHIFT_BIT;
262 :
263 1 : spdm_set_standard_key_update_test_state(
264 : spdm_context, &session_id);
265 :
266 1 : session_info = &spdm_context->session_info[0];
267 1 : secured_message_context = session_info->secured_message_context;
268 :
269 1 : libspdm_set_standard_key_update_test_secrets(
270 1 : session_info->secured_message_context,
271 : m_rsp_secret_buffer, (uint8_t)(0xFF),
272 : m_req_secret_buffer, (uint8_t)(0xEE));
273 :
274 : /*no keys are updated*/
275 :
276 1 : response_size = sizeof(response);
277 1 : status = libspdm_get_encap_response_key_update(spdm_context,
278 : m_spdm_key_update_request2_size,
279 : &m_spdm_key_update_request2,
280 : &response_size, response);
281 :
282 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
283 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
284 1 : spdm_response = (void *)response;
285 1 : assert_int_equal(spdm_response->header.request_response_code,
286 : SPDM_ERROR);
287 1 : assert_int_equal(spdm_response->header.param1,
288 : SPDM_ERROR_CODE_INVALID_REQUEST);
289 1 : assert_int_equal(spdm_response->header.param2, 0);
290 1 : assert_memory_equal(secured_message_context
291 : ->application_secret.request_data_secret,
292 : m_req_secret_buffer, secured_message_context->hash_size);
293 1 : assert_memory_equal(secured_message_context
294 : ->application_secret.response_data_secret,
295 : m_rsp_secret_buffer, secured_message_context->hash_size);
296 1 : }
297 :
298 1 : void test_libspdm_requester_encap_key_update_case3(void **state)
299 : {
300 : libspdm_return_t status;
301 : libspdm_test_context_t *spdm_test_context;
302 : libspdm_context_t *spdm_context;
303 : uint32_t session_id;
304 : libspdm_session_info_t *session_info;
305 : libspdm_secured_message_context_t *secured_message_context;
306 :
307 : size_t response_size;
308 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
309 : spdm_key_update_response_t *spdm_response;
310 :
311 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
312 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
313 :
314 1 : spdm_test_context = *state;
315 1 : spdm_context = spdm_test_context->spdm_context;
316 1 : spdm_test_context->case_id = 0x03;
317 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
318 : SPDM_VERSION_NUMBER_SHIFT_BIT;
319 :
320 1 : spdm_set_standard_key_update_test_state(
321 : spdm_context, &session_id);
322 :
323 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
324 : /*"filling" buffers*/
325 : spdm_context->transcript.message_m.buffer_size =
326 : spdm_context->transcript.message_m.max_buffer_size;
327 : spdm_context->transcript.message_b.buffer_size =
328 : spdm_context->transcript.message_b.max_buffer_size;
329 : spdm_context->transcript.message_c.buffer_size =
330 : spdm_context->transcript.message_c.max_buffer_size;
331 : spdm_context->transcript.message_mut_b.buffer_size =
332 : spdm_context->transcript.message_mut_b.max_buffer_size;
333 : spdm_context->transcript.message_mut_c.buffer_size =
334 : spdm_context->transcript.message_mut_c.max_buffer_size;
335 : #endif
336 :
337 1 : session_info = &spdm_context->session_info[0];
338 1 : secured_message_context = session_info->secured_message_context;
339 :
340 1 : libspdm_set_standard_key_update_test_secrets(
341 1 : session_info->secured_message_context,
342 : m_rsp_secret_buffer, (uint8_t)(0xFF),
343 : m_req_secret_buffer, (uint8_t)(0xEE));
344 :
345 : /*request side *not* updated*/
346 :
347 : /*response side updated */
348 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
349 : secured_message_context->hash_size,
350 : m_rsp_secret_buffer, m_rsp_secret_buffer,
351 : secured_message_context->hash_size);
352 :
353 1 : response_size = sizeof(response);
354 1 : status = libspdm_get_encap_response_key_update(spdm_context,
355 : m_spdm_key_update_request1_size,
356 : &m_spdm_key_update_request1,
357 : &response_size, response);
358 :
359 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
360 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
361 1 : spdm_response = (void *)response;
362 1 : assert_int_equal(spdm_response->header.request_response_code,
363 : SPDM_KEY_UPDATE_ACK);
364 1 : assert_int_equal(spdm_response->header.param1,
365 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
366 1 : assert_int_equal(spdm_response->header.param2,
367 : m_spdm_key_update_request1.header.param2);
368 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
369 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
370 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
371 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
372 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
373 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
374 : #endif
375 1 : assert_memory_equal(secured_message_context
376 : ->application_secret.request_data_secret,
377 : m_req_secret_buffer, secured_message_context->hash_size);
378 1 : assert_memory_equal(secured_message_context
379 : ->application_secret.response_data_secret,
380 : m_rsp_secret_buffer, secured_message_context->hash_size);
381 1 : }
382 :
383 : /**
384 : * Test 4: receiving a correct KEY_UPDATE message from the requester, but the
385 : * responder has no capabilities for key update.
386 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and
387 : * produces an ERROR message indicating the UnsupportedRequest. No keys are
388 : * updated.
389 : **/
390 1 : void test_libspdm_requester_encap_key_update_case4(void **state)
391 : {
392 : libspdm_return_t status;
393 : libspdm_test_context_t *spdm_test_context;
394 : libspdm_context_t *spdm_context;
395 : uint32_t session_id;
396 : libspdm_session_info_t *session_info;
397 : libspdm_secured_message_context_t *secured_message_context;
398 :
399 : size_t response_size;
400 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
401 : spdm_key_update_response_t *spdm_response;
402 :
403 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
404 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
405 :
406 1 : spdm_test_context = *state;
407 1 : spdm_context = spdm_test_context->spdm_context;
408 1 : spdm_test_context->case_id = 0x04;
409 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
410 : SPDM_VERSION_NUMBER_SHIFT_BIT;
411 :
412 1 : spdm_set_standard_key_update_test_state(
413 : spdm_context, &session_id);
414 :
415 : /*no capabilities*/
416 1 : spdm_context->connection_info.capability.flags &=
417 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP;
418 1 : spdm_context->local_context.capability.flags &=
419 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP;
420 :
421 1 : session_info = &spdm_context->session_info[0];
422 1 : secured_message_context = session_info->secured_message_context;
423 :
424 1 : libspdm_set_standard_key_update_test_secrets(
425 1 : session_info->secured_message_context,
426 : m_rsp_secret_buffer, (uint8_t)(0xFF),
427 : m_req_secret_buffer, (uint8_t)(0xEE));
428 :
429 : /*no keys are updated*/
430 :
431 1 : response_size = sizeof(response);
432 1 : status = libspdm_get_encap_response_key_update(spdm_context,
433 : m_spdm_key_update_request1_size,
434 : &m_spdm_key_update_request1,
435 : &response_size, response);
436 :
437 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
438 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
439 1 : spdm_response = (void *)response;
440 1 : assert_int_equal(spdm_response->header.request_response_code,
441 : SPDM_ERROR);
442 1 : assert_int_equal(spdm_response->header.param1,
443 : SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
444 1 : assert_int_equal(spdm_response->header.param2, SPDM_KEY_UPDATE);
445 1 : assert_memory_equal(secured_message_context
446 : ->application_secret.request_data_secret,
447 : m_req_secret_buffer, secured_message_context->hash_size);
448 1 : assert_memory_equal(secured_message_context
449 : ->application_secret.response_data_secret,
450 : m_rsp_secret_buffer, secured_message_context->hash_size);
451 1 : }
452 :
453 : /**
454 : * Test 5: receiving a correct KEY_UPDATE message from the requester, but the
455 : * responder is not correctly setup by not initializing a session during
456 : * KEY_EXCHANGE.
457 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and produces
458 : * an ERROR message indicating the UnsupportedRequest. No keys are updated.
459 : **/
460 1 : void test_libspdm_requester_encap_key_update_case5(void **state)
461 : {
462 : libspdm_return_t status;
463 : libspdm_test_context_t *spdm_test_context;
464 : libspdm_context_t *spdm_context;
465 : uint32_t session_id;
466 : libspdm_session_info_t *session_info;
467 : libspdm_secured_message_context_t *secured_message_context;
468 :
469 : size_t response_size;
470 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
471 : spdm_key_update_response_t *spdm_response;
472 :
473 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
474 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
475 :
476 1 : spdm_test_context = *state;
477 1 : spdm_context = spdm_test_context->spdm_context;
478 1 : spdm_test_context->case_id = 0x04;
479 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
480 : SPDM_VERSION_NUMBER_SHIFT_BIT;
481 :
482 1 : spdm_set_standard_key_update_test_state(
483 : spdm_context, &session_id);
484 :
485 1 : session_info = &spdm_context->session_info[0];
486 1 : secured_message_context = session_info->secured_message_context;
487 :
488 : /*uninitialized session*/
489 1 : libspdm_secured_message_set_session_state(
490 : session_info->secured_message_context,
491 : LIBSPDM_SESSION_STATE_NOT_STARTED);
492 :
493 1 : libspdm_set_standard_key_update_test_secrets(
494 1 : session_info->secured_message_context,
495 : m_rsp_secret_buffer, (uint8_t)(0xFF),
496 : m_req_secret_buffer, (uint8_t)(0xEE));
497 :
498 : /*no keys are updated*/
499 :
500 1 : response_size = sizeof(response);
501 1 : status = libspdm_get_encap_response_key_update(spdm_context,
502 : m_spdm_key_update_request1_size,
503 : &m_spdm_key_update_request1,
504 : &response_size, response);
505 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
506 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
507 1 : spdm_response = (void *)response;
508 1 : assert_int_equal(spdm_response->header.request_response_code,
509 : SPDM_ERROR);
510 1 : assert_int_equal(spdm_response->header.param1,
511 : SPDM_ERROR_CODE_INVALID_REQUEST);
512 1 : assert_int_equal(spdm_response->header.param2, 0);
513 1 : assert_memory_equal(secured_message_context
514 : ->application_secret.request_data_secret,
515 : m_req_secret_buffer, secured_message_context->hash_size);
516 1 : assert_memory_equal(secured_message_context
517 : ->application_secret.response_data_secret,
518 : m_rsp_secret_buffer, secured_message_context->hash_size);
519 1 : }
520 :
521 : /**
522 : * Test 6: receiving a correct KEY_UPDATE message from the requester with
523 : * the UpdateAllKeys operation.
524 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and produces
525 : * an ERROR message indicating the UnsupportedRequest. No keys are updated.
526 : **/
527 1 : void test_libspdm_requester_encap_key_update_case6(void **state)
528 : {
529 : libspdm_return_t status;
530 : libspdm_test_context_t *spdm_test_context;
531 : libspdm_context_t *spdm_context;
532 : uint32_t session_id;
533 :
534 : size_t response_size;
535 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
536 : spdm_key_update_response_t *spdm_response;
537 :
538 :
539 1 : spdm_test_context = *state;
540 1 : spdm_context = spdm_test_context->spdm_context;
541 1 : spdm_test_context->case_id = 0x06;
542 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
543 : SPDM_VERSION_NUMBER_SHIFT_BIT;
544 :
545 1 : spdm_set_standard_key_update_test_state(
546 : spdm_context, &session_id);
547 :
548 1 : response_size = sizeof(response);
549 1 : status = libspdm_get_encap_response_key_update(spdm_context,
550 : m_spdm_key_update_request3_size,
551 : &m_spdm_key_update_request3,
552 : &response_size, response);
553 :
554 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
555 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
556 1 : spdm_response = (void *)response;
557 1 : assert_int_equal(spdm_response->header.request_response_code,
558 : SPDM_ERROR);
559 1 : assert_int_equal(spdm_response->header.param1,
560 : SPDM_ERROR_CODE_INVALID_REQUEST);
561 1 : assert_int_equal(spdm_response->header.param2,
562 : 0);
563 1 : }
564 :
565 : /**
566 : * Test 7: receiving a KEY_UPDATE message larger than specified, with the
567 : * UpdateAllKeys operation.
568 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and
569 : * produces an ERROR message indicating the InvalidRequest. No keys
570 : * are updated.
571 : **/
572 1 : void test_libspdm_requester_encap_key_update_case7(void **state)
573 : {
574 : libspdm_return_t status;
575 : libspdm_test_context_t *spdm_test_context;
576 : libspdm_context_t *spdm_context;
577 : uint32_t session_id;
578 : libspdm_session_info_t *session_info;
579 : libspdm_secured_message_context_t *secured_message_context;
580 :
581 : size_t response_size;
582 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
583 : spdm_key_update_response_t *spdm_response;
584 :
585 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
586 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
587 :
588 1 : spdm_test_context = *state;
589 1 : spdm_context = spdm_test_context->spdm_context;
590 1 : spdm_test_context->case_id = 0x07;
591 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
592 : SPDM_VERSION_NUMBER_SHIFT_BIT;
593 :
594 1 : spdm_set_standard_key_update_test_state(
595 : spdm_context, &session_id);
596 :
597 1 : session_info = &spdm_context->session_info[0];
598 1 : secured_message_context = session_info->secured_message_context;
599 :
600 1 : libspdm_set_standard_key_update_test_secrets(
601 1 : session_info->secured_message_context,
602 : m_rsp_secret_buffer, (uint8_t)(0xFF),
603 : m_req_secret_buffer, (uint8_t)(0xEE));
604 :
605 : /*no keys are updated*/
606 :
607 1 : response_size = sizeof(response);
608 1 : status = libspdm_get_encap_response_key_update(spdm_context,
609 : m_spdm_key_update_request4_size,
610 : &m_spdm_key_update_request4,
611 : &response_size, response);
612 :
613 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
614 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
615 1 : spdm_response = (void *)response;
616 1 : assert_int_equal(spdm_response->header.request_response_code,
617 : SPDM_ERROR);
618 1 : assert_int_equal(spdm_response->header.param1,
619 : SPDM_ERROR_CODE_INVALID_REQUEST);
620 1 : assert_int_equal(spdm_response->header.param2, 0);
621 1 : assert_memory_equal(secured_message_context
622 : ->application_secret.request_data_secret,
623 : m_req_secret_buffer, secured_message_context->hash_size);
624 1 : assert_memory_equal(secured_message_context
625 : ->application_secret.response_data_secret,
626 : m_rsp_secret_buffer, secured_message_context->hash_size);
627 1 : }
628 :
629 : /**
630 : * Test 8: receiving a invalid KEY_UPDATE message from the requester with
631 : * the VerifyNewKey operation. The responder is setup as if no valid
632 : * KEY_UPDATE request with either the UpdateKey or UpdateAllKeys has been
633 : * previously received.
634 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and
635 : * produces an ERROR message indicating the InvalidRequest. No keys are
636 : * updated.
637 : **/
638 1 : void test_libspdm_requester_encap_key_update_case8(void **state)
639 : {
640 : libspdm_return_t status;
641 : libspdm_test_context_t *spdm_test_context;
642 : libspdm_context_t *spdm_context;
643 : uint32_t session_id;
644 : libspdm_session_info_t *session_info;
645 :
646 : size_t response_size;
647 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
648 : spdm_key_update_response_t *spdm_response;
649 :
650 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
651 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
652 :
653 1 : spdm_test_context = *state;
654 1 : spdm_context = spdm_test_context->spdm_context;
655 1 : spdm_test_context->case_id = 0x08;
656 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
657 : SPDM_VERSION_NUMBER_SHIFT_BIT;
658 :
659 1 : spdm_set_standard_key_update_test_state(
660 : spdm_context, &session_id);
661 :
662 1 : session_info = &spdm_context->session_info[0];
663 :
664 1 : libspdm_set_standard_key_update_test_secrets(
665 1 : session_info->secured_message_context,
666 : m_rsp_secret_buffer, (uint8_t)(0xFF),
667 : m_req_secret_buffer, (uint8_t)(0xEE));
668 :
669 : /*no mocked major secret update*/
670 :
671 : /*no keys are updated*/
672 :
673 1 : response_size = sizeof(response);
674 1 : status = libspdm_get_encap_response_key_update(spdm_context,
675 : m_spdm_key_update_request5_size,
676 : &m_spdm_key_update_request5,
677 : &response_size, response);
678 :
679 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
680 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
681 1 : spdm_response = (void *)response;
682 1 : assert_int_equal(spdm_response->header.request_response_code,
683 : SPDM_ERROR);
684 1 : assert_int_equal(spdm_response->header.param1,
685 : SPDM_ERROR_CODE_INVALID_REQUEST);
686 1 : assert_int_equal(spdm_response->header.param2,
687 : 0);
688 1 : }
689 :
690 : /**
691 : * Test 9: receiving a KEY_UPDATE message with a reserved operation code.
692 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and
693 : * produces an ERROR message indicating the InvalidRequest. No keys
694 : * are updated.
695 : **/
696 1 : void test_libspdm_requester_encap_key_update_case9(void **state)
697 : {
698 : libspdm_return_t status;
699 : libspdm_test_context_t *spdm_test_context;
700 : libspdm_context_t *spdm_context;
701 : uint32_t session_id;
702 : libspdm_session_info_t *session_info;
703 : libspdm_secured_message_context_t *secured_message_context;
704 :
705 : size_t response_size;
706 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
707 : spdm_key_update_response_t *spdm_response;
708 :
709 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
710 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
711 :
712 1 : spdm_test_context = *state;
713 1 : spdm_context = spdm_test_context->spdm_context;
714 1 : spdm_test_context->case_id = 0x09;
715 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
716 : SPDM_VERSION_NUMBER_SHIFT_BIT;
717 :
718 1 : spdm_set_standard_key_update_test_state(
719 : spdm_context, &session_id);
720 :
721 1 : session_info = &spdm_context->session_info[0];
722 1 : secured_message_context = session_info->secured_message_context;
723 :
724 1 : libspdm_set_standard_key_update_test_secrets(
725 1 : session_info->secured_message_context,
726 : m_rsp_secret_buffer, (uint8_t)(0xFF),
727 : m_req_secret_buffer, (uint8_t)(0xEE));
728 :
729 : /*no keys are updated*/
730 :
731 1 : response_size = sizeof(response);
732 1 : status = libspdm_get_encap_response_key_update(spdm_context,
733 : m_spdm_key_update_request10_size,
734 : &m_spdm_key_update_request10,
735 : &response_size, response);
736 :
737 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
738 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
739 1 : spdm_response = (void *)response;
740 1 : assert_int_equal(spdm_response->header.request_response_code,
741 : SPDM_ERROR);
742 1 : assert_int_equal(spdm_response->header.param1,
743 : SPDM_ERROR_CODE_INVALID_REQUEST);
744 1 : assert_int_equal(spdm_response->header.param2, 0);
745 1 : assert_memory_equal(secured_message_context
746 : ->application_secret.request_data_secret,
747 : m_req_secret_buffer, secured_message_context->hash_size);
748 1 : assert_memory_equal(secured_message_context
749 : ->application_secret.response_data_secret,
750 : m_rsp_secret_buffer, secured_message_context->hash_size);
751 1 : }
752 :
753 : /* UpdateKey + UpdateKey: failed*/
754 1 : void test_libspdm_requester_encap_key_update_case10(void **state)
755 : {
756 : libspdm_return_t status;
757 : libspdm_test_context_t *spdm_test_context;
758 : libspdm_context_t *spdm_context;
759 : uint32_t session_id;
760 : libspdm_session_info_t *session_info;
761 : libspdm_secured_message_context_t *secured_message_context;
762 :
763 : size_t response_size;
764 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
765 : spdm_key_update_response_t *spdm_response;
766 :
767 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
768 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
769 :
770 1 : spdm_test_context = *state;
771 1 : spdm_context = spdm_test_context->spdm_context;
772 1 : spdm_test_context->case_id = 0x0A;
773 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
774 : SPDM_VERSION_NUMBER_SHIFT_BIT;
775 :
776 1 : spdm_set_standard_key_update_test_state(
777 : spdm_context, &session_id);
778 :
779 1 : session_info = &spdm_context->session_info[0];
780 1 : secured_message_context = session_info->secured_message_context;
781 :
782 1 : libspdm_set_standard_key_update_test_secrets(
783 1 : session_info->secured_message_context,
784 : m_rsp_secret_buffer, (uint8_t)(0xFF),
785 : m_req_secret_buffer, (uint8_t)(0xEE));
786 :
787 : /*request side *not* updated*/
788 :
789 : /*last request: UpdateKey*/
790 1 : session_info->last_key_update_request = m_spdm_key_update_request1;
791 :
792 : /*response side updated */
793 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
794 : secured_message_context->hash_size,
795 : m_rsp_secret_buffer, m_rsp_secret_buffer,
796 : secured_message_context->hash_size);
797 :
798 1 : response_size = sizeof(response);
799 1 : status = libspdm_get_encap_response_key_update(spdm_context,
800 : m_spdm_key_update_request1_size,
801 : &m_spdm_key_update_request1,
802 : &response_size, response);
803 :
804 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
805 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
806 1 : spdm_response = (void *)response;
807 1 : assert_int_equal(spdm_response->header.request_response_code,
808 : SPDM_ERROR);
809 1 : assert_int_equal(spdm_response->header.param1,
810 : SPDM_ERROR_CODE_INVALID_REQUEST);
811 1 : assert_int_equal(spdm_response->header.param2,
812 : 0);
813 1 : }
814 :
815 : /* VerifyNewKey + UpdateKey: success*/
816 1 : void test_libspdm_requester_encap_key_update_case11(void **state)
817 : {
818 : libspdm_return_t status;
819 : libspdm_test_context_t *spdm_test_context;
820 : libspdm_context_t *spdm_context;
821 : uint32_t session_id;
822 : libspdm_session_info_t *session_info;
823 : libspdm_secured_message_context_t *secured_message_context;
824 :
825 : size_t response_size;
826 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
827 : spdm_key_update_response_t *spdm_response;
828 :
829 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
830 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
831 :
832 1 : spdm_test_context = *state;
833 1 : spdm_context = spdm_test_context->spdm_context;
834 1 : spdm_test_context->case_id = 0x0B;
835 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
836 : SPDM_VERSION_NUMBER_SHIFT_BIT;
837 :
838 1 : spdm_set_standard_key_update_test_state(
839 : spdm_context, &session_id);
840 :
841 1 : session_info = &spdm_context->session_info[0];
842 1 : secured_message_context = session_info->secured_message_context;
843 :
844 1 : libspdm_set_standard_key_update_test_secrets(
845 1 : session_info->secured_message_context,
846 : m_rsp_secret_buffer, (uint8_t)(0xFF),
847 : m_req_secret_buffer, (uint8_t)(0xEE));
848 :
849 : /*request side *not* updated*/
850 :
851 : /*last request: verify new key*/
852 1 : session_info->last_key_update_request = m_spdm_key_update_request5;
853 : /*verify new key clear last_key_update_request*/
854 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
855 :
856 : /*response side updated */
857 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
858 : secured_message_context->hash_size,
859 : m_rsp_secret_buffer, m_rsp_secret_buffer,
860 : secured_message_context->hash_size);
861 :
862 1 : response_size = sizeof(response);
863 1 : status = libspdm_get_encap_response_key_update(spdm_context,
864 : m_spdm_key_update_request1_size,
865 : &m_spdm_key_update_request1,
866 : &response_size, response);
867 :
868 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
869 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
870 1 : spdm_response = (void *)response;
871 1 : assert_int_equal(spdm_response->header.request_response_code,
872 : SPDM_KEY_UPDATE_ACK);
873 1 : assert_int_equal(spdm_response->header.param1,
874 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
875 1 : assert_int_equal(spdm_response->header.param2,
876 : m_spdm_key_update_request1.header.param2);
877 1 : assert_memory_equal(secured_message_context
878 : ->application_secret.request_data_secret,
879 : m_req_secret_buffer, secured_message_context->hash_size);
880 1 : assert_memory_equal(secured_message_context
881 : ->application_secret.response_data_secret,
882 : m_rsp_secret_buffer, secured_message_context->hash_size);
883 1 : }
884 :
885 : /* VerifyNewKey + VerifyNewKey: failed*/
886 1 : void test_libspdm_requester_encap_key_update_case12(void **state)
887 : {
888 : libspdm_return_t status;
889 : libspdm_test_context_t *spdm_test_context;
890 : libspdm_context_t *spdm_context;
891 : uint32_t session_id;
892 : libspdm_session_info_t *session_info;
893 : libspdm_secured_message_context_t *secured_message_context;
894 :
895 : size_t response_size;
896 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
897 : spdm_key_update_response_t *spdm_response;
898 :
899 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
900 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
901 :
902 1 : spdm_test_context = *state;
903 1 : spdm_context = spdm_test_context->spdm_context;
904 1 : spdm_test_context->case_id = 0x0C;
905 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
906 : SPDM_VERSION_NUMBER_SHIFT_BIT;
907 :
908 1 : spdm_set_standard_key_update_test_state(
909 : spdm_context, &session_id);
910 :
911 1 : session_info = &spdm_context->session_info[0];
912 1 : secured_message_context = session_info->secured_message_context;
913 :
914 1 : libspdm_set_standard_key_update_test_secrets(
915 1 : session_info->secured_message_context,
916 : m_rsp_secret_buffer, (uint8_t)(0xFF),
917 : m_req_secret_buffer, (uint8_t)(0xEE));
918 :
919 : /*request side *not* updated*/
920 :
921 : /*last request: verify new key*/
922 1 : session_info->last_key_update_request = m_spdm_key_update_request5;
923 : /*verify new key clear last_key_update_request*/
924 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
925 :
926 : /*response side updated */
927 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
928 : secured_message_context->hash_size,
929 : m_rsp_secret_buffer, m_rsp_secret_buffer,
930 : secured_message_context->hash_size);
931 :
932 1 : response_size = sizeof(response);
933 1 : status = libspdm_get_encap_response_key_update(spdm_context,
934 : m_spdm_key_update_request5_size,
935 : &m_spdm_key_update_request5,
936 : &response_size, response);
937 :
938 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
939 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
940 1 : spdm_response = (void *)response;
941 1 : assert_int_equal(spdm_response->header.request_response_code,
942 : SPDM_ERROR);
943 1 : assert_int_equal(spdm_response->header.param1,
944 : SPDM_ERROR_CODE_INVALID_REQUEST);
945 1 : assert_int_equal(spdm_response->header.param2,
946 : 0);
947 1 : }
948 :
949 :
950 : /* other command + UpdateKey: success*/
951 1 : void test_libspdm_requester_encap_key_update_case13(void **state)
952 : {
953 : libspdm_return_t status;
954 : libspdm_test_context_t *spdm_test_context;
955 : libspdm_context_t *spdm_context;
956 : uint32_t session_id;
957 : libspdm_session_info_t *session_info;
958 : libspdm_secured_message_context_t *secured_message_context;
959 :
960 : size_t response_size;
961 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
962 : spdm_key_update_response_t *spdm_response;
963 :
964 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
965 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
966 :
967 1 : spdm_test_context = *state;
968 1 : spdm_context = spdm_test_context->spdm_context;
969 1 : spdm_test_context->case_id = 0x0D;
970 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
971 : SPDM_VERSION_NUMBER_SHIFT_BIT;
972 :
973 1 : spdm_set_standard_key_update_test_state(
974 : spdm_context, &session_id);
975 :
976 1 : session_info = &spdm_context->session_info[0];
977 1 : secured_message_context = session_info->secured_message_context;
978 :
979 1 : libspdm_set_standard_key_update_test_secrets(
980 1 : session_info->secured_message_context,
981 : m_rsp_secret_buffer, (uint8_t)(0xFF),
982 : m_req_secret_buffer, (uint8_t)(0xEE));
983 :
984 : /*request side *not* updated*/
985 :
986 : /*other command with cleared last_key_update_request*/
987 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
988 :
989 : /*response side updated */
990 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
991 : secured_message_context->hash_size,
992 : m_rsp_secret_buffer, m_rsp_secret_buffer,
993 : secured_message_context->hash_size);
994 :
995 1 : response_size = sizeof(response);
996 1 : status = libspdm_get_encap_response_key_update(spdm_context,
997 : m_spdm_key_update_request1_size,
998 : &m_spdm_key_update_request1,
999 : &response_size, response);
1000 :
1001 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1002 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1003 1 : spdm_response = (void *)response;
1004 1 : assert_int_equal(spdm_response->header.request_response_code,
1005 : SPDM_KEY_UPDATE_ACK);
1006 1 : assert_int_equal(spdm_response->header.param1,
1007 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
1008 1 : assert_int_equal(spdm_response->header.param2,
1009 : m_spdm_key_update_request1.header.param2);
1010 1 : assert_memory_equal(secured_message_context
1011 : ->application_secret.request_data_secret,
1012 : m_req_secret_buffer, secured_message_context->hash_size);
1013 1 : assert_memory_equal(secured_message_context
1014 : ->application_secret.response_data_secret,
1015 : m_rsp_secret_buffer, secured_message_context->hash_size);
1016 1 : }
1017 :
1018 :
1019 : /* other command + VerifyNewKey: failed*/
1020 1 : void test_libspdm_requester_encap_key_update_case14(void **state)
1021 : {
1022 : libspdm_return_t status;
1023 : libspdm_test_context_t *spdm_test_context;
1024 : libspdm_context_t *spdm_context;
1025 : uint32_t session_id;
1026 : libspdm_session_info_t *session_info;
1027 : libspdm_secured_message_context_t *secured_message_context;
1028 :
1029 : size_t response_size;
1030 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1031 : spdm_key_update_response_t *spdm_response;
1032 :
1033 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1034 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1035 :
1036 1 : spdm_test_context = *state;
1037 1 : spdm_context = spdm_test_context->spdm_context;
1038 1 : spdm_test_context->case_id = 0x0E;
1039 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1040 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1041 :
1042 1 : spdm_set_standard_key_update_test_state(
1043 : spdm_context, &session_id);
1044 :
1045 1 : session_info = &spdm_context->session_info[0];
1046 1 : secured_message_context = session_info->secured_message_context;
1047 :
1048 1 : libspdm_set_standard_key_update_test_secrets(
1049 1 : session_info->secured_message_context,
1050 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1051 : m_req_secret_buffer, (uint8_t)(0xEE));
1052 :
1053 : /*request side *not* updated*/
1054 :
1055 : /*other command with cleared last_key_update_request*/
1056 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
1057 :
1058 : /*response side updated */
1059 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1060 : secured_message_context->hash_size,
1061 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1062 : secured_message_context->hash_size);
1063 :
1064 1 : response_size = sizeof(response);
1065 1 : status = libspdm_get_encap_response_key_update(spdm_context,
1066 : m_spdm_key_update_request5_size,
1067 : &m_spdm_key_update_request5,
1068 : &response_size, response);
1069 :
1070 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1071 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1072 1 : spdm_response = (void *)response;
1073 1 : assert_int_equal(spdm_response->header.request_response_code,
1074 : SPDM_ERROR);
1075 1 : assert_int_equal(spdm_response->header.param1,
1076 : SPDM_ERROR_CODE_INVALID_REQUEST);
1077 1 : assert_int_equal(spdm_response->header.param2,
1078 : 0);
1079 1 : }
1080 :
1081 1 : int libspdm_requester_encap_key_update_test_main(void)
1082 : {
1083 1 : const struct CMUnitTest spdm_requester_key_update_tests[] = {
1084 : /* Success Case -- UpdateKey*/
1085 : cmocka_unit_test(test_libspdm_requester_encap_key_update_case1),
1086 : /* Bad request size*/
1087 : cmocka_unit_test(test_libspdm_requester_encap_key_update_case2),
1088 : /* Buffer reset*/
1089 : cmocka_unit_test(test_libspdm_requester_encap_key_update_case3),
1090 : /* Unsupported KEY_UPD capabilities*/
1091 : cmocka_unit_test(test_libspdm_requester_encap_key_update_case4),
1092 : /* Uninitialized session*/
1093 : cmocka_unit_test(test_libspdm_requester_encap_key_update_case5),
1094 : /* ruquster RETURN_UNSUPPORTED*/
1095 : cmocka_unit_test(test_libspdm_requester_encap_key_update_case6),
1096 : /* Bad request size*/
1097 : cmocka_unit_test(test_libspdm_requester_encap_key_update_case7),
1098 : /* Uninitialized key update*/
1099 : cmocka_unit_test(test_libspdm_requester_encap_key_update_case8),
1100 : /* Invalid operation*/
1101 : cmocka_unit_test(test_libspdm_requester_encap_key_update_case9),
1102 : /* UpdateKey + UpdateKey: failed*/
1103 : cmocka_unit_test(test_libspdm_requester_encap_key_update_case10),
1104 : /* VerifyNewKey + UpdateKey: success*/
1105 : cmocka_unit_test(test_libspdm_requester_encap_key_update_case11),
1106 : /* VerifyNewKey + VerifyNewKey: failed*/
1107 : cmocka_unit_test(test_libspdm_requester_encap_key_update_case12),
1108 : /* other command + UpdateKey: success*/
1109 : cmocka_unit_test(test_libspdm_requester_encap_key_update_case13),
1110 : /* other command + VerifyNewKey: failed*/
1111 : cmocka_unit_test(test_libspdm_requester_encap_key_update_case14),
1112 : };
1113 :
1114 1 : libspdm_test_context_t test_context = {
1115 : LIBSPDM_TEST_CONTEXT_VERSION,
1116 : false,
1117 : };
1118 :
1119 1 : libspdm_setup_test_context(&test_context);
1120 :
1121 1 : return cmocka_run_group_tests(spdm_requester_key_update_tests,
1122 : libspdm_unit_test_group_setup,
1123 : libspdm_unit_test_group_teardown);
1124 : }
1125 :
1126 : #endif /* LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP*/
|
