Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2026 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 : #include "spdm_unit_test.h"
7 : #include "internal/libspdm_requester_lib.h"
8 : #include "internal/libspdm_secured_message_lib.h"
9 :
10 : #if (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && \
11 : ((LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_CAP))
12 :
13 : spdm_key_update_request_t m_spdm_key_update_request1 = {
14 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
15 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x3}
16 : };
17 : size_t m_spdm_key_update_request1_size = sizeof(m_spdm_key_update_request1);
18 :
19 : spdm_key_update_request_t m_spdm_key_update_request2 = {
20 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
21 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x3}
22 : };
23 : size_t m_spdm_key_update_request2_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
24 :
25 : spdm_key_update_request_t m_spdm_key_update_request3 = {
26 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
27 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x71}
28 : };
29 : size_t m_spdm_key_update_request3_size = sizeof(m_spdm_key_update_request3);
30 :
31 : spdm_key_update_request_t m_spdm_key_update_request4 = {
32 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
33 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x71}
34 : };
35 : size_t m_spdm_key_update_request4_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
36 :
37 : spdm_key_update_request_t m_spdm_key_update_request5 = {
38 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
39 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x4A}
40 : };
41 : size_t m_spdm_key_update_request5_size = sizeof(m_spdm_key_update_request5);
42 :
43 : spdm_key_update_request_t m_spdm_key_update_request6 = {
44 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
45 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x4A}
46 : };
47 : size_t m_spdm_key_update_request6_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
48 :
49 : spdm_key_update_request_t m_spdm_key_update_request7 = {
50 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
51 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x92}
52 : };
53 : size_t m_spdm_key_update_request7_size = sizeof(m_spdm_key_update_request7);
54 :
55 : spdm_key_update_request_t m_spdm_key_update_request8 = {
56 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
57 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x13}
58 : };
59 : size_t m_spdm_key_update_request8_size = sizeof(m_spdm_key_update_request8);
60 :
61 : spdm_key_update_request_t m_spdm_key_update_request9 = {
62 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
63 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x22}
64 : };
65 : size_t m_spdm_key_update_request9_size = sizeof(m_spdm_key_update_request9);
66 :
67 : spdm_key_update_request_t m_spdm_key_update_request10 = {
68 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE, 0xFF, 0x12}
69 : };
70 : size_t m_spdm_key_update_request10_size = sizeof(m_spdm_key_update_request10);
71 :
72 14 : static void spdm_set_standard_key_update_test_state(
73 : libspdm_context_t *spdm_context, uint32_t *session_id)
74 : {
75 : libspdm_session_info_t *session_info;
76 :
77 14 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
78 14 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
79 14 : spdm_context->connection_info.capability.flags |=
80 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP;
81 14 : spdm_context->connection_info.capability.flags |=
82 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP;
83 14 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP;
84 14 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP;
85 14 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP;
86 14 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP;
87 :
88 14 : spdm_context->transcript.message_a.buffer_size = 0;
89 14 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
90 14 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
91 14 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
92 14 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
93 :
94 14 : *session_id = 0xFFFFFFFF;
95 14 : spdm_context->latest_session_id = *session_id;
96 14 : spdm_context->last_spdm_request_session_id_valid = true;
97 14 : spdm_context->last_spdm_request_session_id = *session_id;
98 14 : session_info = &spdm_context->session_info[0];
99 14 : libspdm_session_info_init(spdm_context, session_info, *session_id,
100 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
101 14 : libspdm_secured_message_set_session_state(
102 : session_info->secured_message_context,
103 : LIBSPDM_SESSION_STATE_ESTABLISHED);
104 14 : }
105 :
106 13 : static void libspdm_set_standard_key_update_test_secrets(
107 : libspdm_secured_message_context_t *secured_message_context,
108 : uint8_t *m_rsp_secret_buffer, uint8_t rsp_secret_fill,
109 : uint8_t *m_req_secret_buffer, uint8_t req_secret_fill)
110 : {
111 13 : libspdm_set_mem(m_rsp_secret_buffer, secured_message_context->hash_size, rsp_secret_fill);
112 13 : libspdm_set_mem(m_req_secret_buffer, secured_message_context->hash_size, req_secret_fill);
113 :
114 13 : libspdm_copy_mem(secured_message_context->application_secret.response_data_secret,
115 : sizeof(secured_message_context->application_secret.response_data_secret),
116 : m_rsp_secret_buffer, secured_message_context->aead_key_size);
117 13 : libspdm_copy_mem(secured_message_context->application_secret.request_data_secret,
118 : sizeof(secured_message_context->application_secret.request_data_secret),
119 : m_req_secret_buffer, secured_message_context->aead_key_size);
120 :
121 13 : libspdm_set_mem(secured_message_context->application_secret
122 13 : .response_data_encryption_key,
123 : secured_message_context->aead_key_size, rsp_secret_fill);
124 13 : libspdm_set_mem(secured_message_context->application_secret
125 13 : .response_data_salt,
126 : secured_message_context->aead_iv_size, rsp_secret_fill);
127 :
128 13 : libspdm_set_mem(secured_message_context->application_secret
129 13 : .request_data_encryption_key,
130 : secured_message_context->aead_key_size, req_secret_fill);
131 13 : libspdm_set_mem(secured_message_context->application_secret
132 13 : .request_data_salt,
133 : secured_message_context->aead_iv_size, req_secret_fill);
134 :
135 13 : secured_message_context->application_secret.response_data_sequence_number = 0;
136 13 : secured_message_context->application_secret.request_data_sequence_number = 0;
137 13 : }
138 :
139 7 : static void libspdm_compute_secret_update(spdm_version_number_t spdm_version,
140 : size_t hash_size,
141 : const uint8_t *in_secret, uint8_t *out_secret,
142 : size_t out_secret_size)
143 : {
144 : uint8_t bin_str9[128];
145 : size_t bin_str9_size;
146 :
147 7 : bin_str9_size = sizeof(bin_str9);
148 7 : libspdm_bin_concat(spdm_version,
149 : SPDM_BIN_STR_9_LABEL, sizeof(SPDM_BIN_STR_9_LABEL) - 1,
150 7 : NULL, (uint16_t)hash_size, hash_size, bin_str9,
151 : &bin_str9_size);
152 :
153 7 : libspdm_hkdf_expand(m_libspdm_use_hash_algo, in_secret, hash_size, bin_str9,
154 : bin_str9_size, out_secret, out_secret_size);
155 7 : }
156 :
157 : /**
158 : * Test 1: receiving a correct KEY_UPDATE message from the requester with
159 : * the UpdateKey operation.
160 : * Expected behavior: the encap requester accepts the request, produces a valid
161 : * KEY_UPDATE_ACK response message, and the request data key is updated.
162 : **/
163 1 : static void req_encap_key_update_ack_case1(void **state)
164 : {
165 : libspdm_return_t status;
166 : libspdm_test_context_t *spdm_test_context;
167 : libspdm_context_t *spdm_context;
168 : uint32_t session_id;
169 : libspdm_session_info_t *session_info;
170 : libspdm_secured_message_context_t *secured_message_context;
171 :
172 : size_t response_size;
173 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
174 : spdm_key_update_response_t *spdm_response;
175 :
176 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
177 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
178 :
179 1 : spdm_test_context = *state;
180 1 : spdm_context = spdm_test_context->spdm_context;
181 1 : spdm_test_context->case_id = 0x01;
182 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
183 : SPDM_VERSION_NUMBER_SHIFT_BIT;
184 :
185 1 : spdm_set_standard_key_update_test_state( spdm_context, &session_id);
186 :
187 1 : session_info = &spdm_context->session_info[0];
188 1 : secured_message_context = session_info->secured_message_context;
189 :
190 1 : libspdm_set_standard_key_update_test_secrets(
191 1 : session_info->secured_message_context,
192 : m_rsp_secret_buffer, (uint8_t)(0xFF),
193 : m_req_secret_buffer, (uint8_t)(0xEE));
194 :
195 : /*request side *not* updated*/
196 :
197 : /*response side updated */
198 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
199 : secured_message_context->hash_size,
200 : m_rsp_secret_buffer, m_rsp_secret_buffer,
201 : secured_message_context->hash_size);
202 :
203 1 : response_size = sizeof(response);
204 1 : status = libspdm_get_encap_response_key_update(spdm_context,
205 : m_spdm_key_update_request1_size,
206 : &m_spdm_key_update_request1,
207 : &response_size, response);
208 :
209 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
210 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
211 1 : spdm_response = (void *)response;
212 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_KEY_UPDATE_ACK);
213 1 : assert_int_equal(spdm_response->header.param1, SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
214 1 : assert_int_equal(spdm_response->header.param2, m_spdm_key_update_request1.header.param2);
215 1 : assert_memory_equal(secured_message_context
216 : ->application_secret.request_data_secret,
217 : m_req_secret_buffer, secured_message_context->hash_size);
218 1 : assert_memory_equal(secured_message_context
219 : ->application_secret.response_data_secret,
220 : m_rsp_secret_buffer, secured_message_context->hash_size);
221 1 : }
222 :
223 : /**
224 : * Test 2: receiving a KEY_UPDATE message larger than specified, with the
225 : * UpdateKey operation.
226 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and
227 : * produces an ERROR message indicating the InvalidRequest. No keys
228 : * are updated.
229 : **/
230 1 : static void req_encap_key_update_ack_case2(void **state)
231 : {
232 : libspdm_return_t status;
233 : libspdm_test_context_t *spdm_test_context;
234 : libspdm_context_t *spdm_context;
235 : uint32_t session_id;
236 : libspdm_session_info_t *session_info;
237 : libspdm_secured_message_context_t *secured_message_context;
238 :
239 : size_t response_size;
240 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
241 : spdm_key_update_response_t *spdm_response;
242 :
243 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
244 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
245 :
246 1 : spdm_test_context = *state;
247 1 : spdm_context = spdm_test_context->spdm_context;
248 1 : spdm_test_context->case_id = 0x02;
249 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
250 : SPDM_VERSION_NUMBER_SHIFT_BIT;
251 :
252 1 : spdm_set_standard_key_update_test_state( spdm_context, &session_id);
253 :
254 1 : session_info = &spdm_context->session_info[0];
255 1 : secured_message_context = session_info->secured_message_context;
256 :
257 1 : libspdm_set_standard_key_update_test_secrets(
258 1 : session_info->secured_message_context,
259 : m_rsp_secret_buffer, (uint8_t)(0xFF),
260 : m_req_secret_buffer, (uint8_t)(0xEE));
261 :
262 : /*no keys are updated*/
263 :
264 1 : response_size = sizeof(response);
265 1 : status = libspdm_get_encap_response_key_update(spdm_context,
266 : m_spdm_key_update_request2_size,
267 : &m_spdm_key_update_request2,
268 : &response_size, response);
269 :
270 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
271 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
272 1 : spdm_response = (void *)response;
273 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
274 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
275 1 : assert_int_equal(spdm_response->header.param2, 0);
276 1 : assert_memory_equal(secured_message_context
277 : ->application_secret.request_data_secret,
278 : m_req_secret_buffer, secured_message_context->hash_size);
279 1 : assert_memory_equal(secured_message_context
280 : ->application_secret.response_data_secret,
281 : m_rsp_secret_buffer, secured_message_context->hash_size);
282 1 : }
283 :
284 1 : static void req_encap_key_update_ack_case3(void **state)
285 : {
286 : libspdm_return_t status;
287 : libspdm_test_context_t *spdm_test_context;
288 : libspdm_context_t *spdm_context;
289 : uint32_t session_id;
290 : libspdm_session_info_t *session_info;
291 : libspdm_secured_message_context_t *secured_message_context;
292 :
293 : size_t response_size;
294 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
295 : spdm_key_update_response_t *spdm_response;
296 :
297 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
298 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
299 :
300 1 : spdm_test_context = *state;
301 1 : spdm_context = spdm_test_context->spdm_context;
302 1 : spdm_test_context->case_id = 0x03;
303 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
304 : SPDM_VERSION_NUMBER_SHIFT_BIT;
305 :
306 1 : spdm_set_standard_key_update_test_state( spdm_context, &session_id);
307 :
308 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
309 : /*"filling" buffers*/
310 : spdm_context->transcript.message_m.buffer_size =
311 : spdm_context->transcript.message_m.max_buffer_size;
312 : spdm_context->transcript.message_b.buffer_size =
313 : spdm_context->transcript.message_b.max_buffer_size;
314 : spdm_context->transcript.message_c.buffer_size =
315 : spdm_context->transcript.message_c.max_buffer_size;
316 : spdm_context->transcript.message_mut_b.buffer_size =
317 : spdm_context->transcript.message_mut_b.max_buffer_size;
318 : spdm_context->transcript.message_mut_c.buffer_size =
319 : spdm_context->transcript.message_mut_c.max_buffer_size;
320 : #endif
321 :
322 1 : session_info = &spdm_context->session_info[0];
323 1 : secured_message_context = session_info->secured_message_context;
324 :
325 1 : libspdm_set_standard_key_update_test_secrets(
326 1 : session_info->secured_message_context,
327 : m_rsp_secret_buffer, (uint8_t)(0xFF),
328 : m_req_secret_buffer, (uint8_t)(0xEE));
329 :
330 : /*request side *not* updated*/
331 :
332 : /*response side updated */
333 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
334 : secured_message_context->hash_size,
335 : m_rsp_secret_buffer, m_rsp_secret_buffer,
336 : secured_message_context->hash_size);
337 :
338 1 : response_size = sizeof(response);
339 1 : status = libspdm_get_encap_response_key_update(spdm_context,
340 : m_spdm_key_update_request1_size,
341 : &m_spdm_key_update_request1,
342 : &response_size, response);
343 :
344 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
345 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
346 1 : spdm_response = (void *)response;
347 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_KEY_UPDATE_ACK);
348 1 : assert_int_equal(spdm_response->header.param1, SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
349 1 : assert_int_equal(spdm_response->header.param2, m_spdm_key_update_request1.header.param2);
350 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
351 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
352 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
353 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
354 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
355 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
356 : #endif
357 1 : assert_memory_equal(secured_message_context
358 : ->application_secret.request_data_secret,
359 : m_req_secret_buffer, secured_message_context->hash_size);
360 1 : assert_memory_equal(secured_message_context
361 : ->application_secret.response_data_secret,
362 : m_rsp_secret_buffer, secured_message_context->hash_size);
363 1 : }
364 :
365 : /**
366 : * Test 4: receiving a correct KEY_UPDATE message from the requester, but the
367 : * responder has no capabilities for key update.
368 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and
369 : * produces an ERROR message indicating the UnsupportedRequest. No keys are
370 : * updated.
371 : **/
372 1 : static void req_encap_key_update_ack_case4(void **state)
373 : {
374 : libspdm_return_t status;
375 : libspdm_test_context_t *spdm_test_context;
376 : libspdm_context_t *spdm_context;
377 : uint32_t session_id;
378 : libspdm_session_info_t *session_info;
379 : libspdm_secured_message_context_t *secured_message_context;
380 :
381 : size_t response_size;
382 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
383 : spdm_key_update_response_t *spdm_response;
384 :
385 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
386 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
387 :
388 1 : spdm_test_context = *state;
389 1 : spdm_context = spdm_test_context->spdm_context;
390 1 : spdm_test_context->case_id = 0x04;
391 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
392 : SPDM_VERSION_NUMBER_SHIFT_BIT;
393 :
394 1 : spdm_set_standard_key_update_test_state( spdm_context, &session_id);
395 :
396 : /*no capabilities*/
397 1 : spdm_context->connection_info.capability.flags &=
398 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP;
399 1 : spdm_context->local_context.capability.flags &=
400 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP;
401 :
402 1 : session_info = &spdm_context->session_info[0];
403 1 : secured_message_context = session_info->secured_message_context;
404 :
405 1 : libspdm_set_standard_key_update_test_secrets(
406 1 : session_info->secured_message_context,
407 : m_rsp_secret_buffer, (uint8_t)(0xFF),
408 : m_req_secret_buffer, (uint8_t)(0xEE));
409 :
410 : /*no keys are updated*/
411 :
412 1 : response_size = sizeof(response);
413 1 : status = libspdm_get_encap_response_key_update(spdm_context,
414 : m_spdm_key_update_request1_size,
415 : &m_spdm_key_update_request1,
416 : &response_size, response);
417 :
418 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
419 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
420 1 : spdm_response = (void *)response;
421 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
422 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
423 1 : assert_int_equal(spdm_response->header.param2, SPDM_KEY_UPDATE);
424 1 : assert_memory_equal(secured_message_context
425 : ->application_secret.request_data_secret,
426 : m_req_secret_buffer, secured_message_context->hash_size);
427 1 : assert_memory_equal(secured_message_context
428 : ->application_secret.response_data_secret,
429 : m_rsp_secret_buffer, secured_message_context->hash_size);
430 1 : }
431 :
432 : /**
433 : * Test 5: receiving a correct KEY_UPDATE message from the requester, but the
434 : * responder is not correctly setup by not initializing a session during
435 : * KEY_EXCHANGE.
436 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and produces
437 : * an ERROR message indicating the UnsupportedRequest. No keys are updated.
438 : **/
439 1 : static void req_encap_key_update_ack_case5(void **state)
440 : {
441 : libspdm_return_t status;
442 : libspdm_test_context_t *spdm_test_context;
443 : libspdm_context_t *spdm_context;
444 : uint32_t session_id;
445 : libspdm_session_info_t *session_info;
446 : libspdm_secured_message_context_t *secured_message_context;
447 :
448 : size_t response_size;
449 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
450 : spdm_key_update_response_t *spdm_response;
451 :
452 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
453 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
454 :
455 1 : spdm_test_context = *state;
456 1 : spdm_context = spdm_test_context->spdm_context;
457 1 : spdm_test_context->case_id = 0x04;
458 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
459 : SPDM_VERSION_NUMBER_SHIFT_BIT;
460 :
461 1 : spdm_set_standard_key_update_test_state( spdm_context, &session_id);
462 :
463 1 : session_info = &spdm_context->session_info[0];
464 1 : secured_message_context = session_info->secured_message_context;
465 :
466 : /*uninitialized session*/
467 1 : libspdm_secured_message_set_session_state(
468 : session_info->secured_message_context,
469 : LIBSPDM_SESSION_STATE_NOT_STARTED);
470 :
471 1 : libspdm_set_standard_key_update_test_secrets(
472 1 : session_info->secured_message_context,
473 : m_rsp_secret_buffer, (uint8_t)(0xFF),
474 : m_req_secret_buffer, (uint8_t)(0xEE));
475 :
476 : /*no keys are updated*/
477 :
478 1 : response_size = sizeof(response);
479 1 : status = libspdm_get_encap_response_key_update(spdm_context,
480 : m_spdm_key_update_request1_size,
481 : &m_spdm_key_update_request1,
482 : &response_size, response);
483 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
484 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
485 1 : spdm_response = (void *)response;
486 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
487 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
488 1 : assert_int_equal(spdm_response->header.param2, 0);
489 1 : assert_memory_equal(secured_message_context
490 : ->application_secret.request_data_secret,
491 : m_req_secret_buffer, secured_message_context->hash_size);
492 1 : assert_memory_equal(secured_message_context
493 : ->application_secret.response_data_secret,
494 : m_rsp_secret_buffer, secured_message_context->hash_size);
495 1 : }
496 :
497 : /**
498 : * Test 6: receiving a correct KEY_UPDATE message from the requester with
499 : * the UpdateAllKeys operation.
500 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and produces
501 : * an ERROR message indicating the UnsupportedRequest. No keys are updated.
502 : **/
503 1 : static void req_encap_key_update_ack_case6(void **state)
504 : {
505 : libspdm_return_t status;
506 : libspdm_test_context_t *spdm_test_context;
507 : libspdm_context_t *spdm_context;
508 : uint32_t session_id;
509 :
510 : size_t response_size;
511 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
512 : spdm_key_update_response_t *spdm_response;
513 :
514 :
515 1 : spdm_test_context = *state;
516 1 : spdm_context = spdm_test_context->spdm_context;
517 1 : spdm_test_context->case_id = 0x06;
518 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
519 : SPDM_VERSION_NUMBER_SHIFT_BIT;
520 :
521 1 : spdm_set_standard_key_update_test_state( spdm_context, &session_id);
522 :
523 1 : response_size = sizeof(response);
524 1 : status = libspdm_get_encap_response_key_update(spdm_context,
525 : m_spdm_key_update_request3_size,
526 : &m_spdm_key_update_request3,
527 : &response_size, response);
528 :
529 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
530 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
531 1 : spdm_response = (void *)response;
532 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
533 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
534 1 : assert_int_equal(spdm_response->header.param2, 0);
535 1 : }
536 :
537 : /**
538 : * Test 7: receiving a KEY_UPDATE message larger than specified, with the
539 : * UpdateAllKeys operation.
540 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and
541 : * produces an ERROR message indicating the InvalidRequest. No keys
542 : * are updated.
543 : **/
544 1 : static void req_encap_key_update_ack_case7(void **state)
545 : {
546 : libspdm_return_t status;
547 : libspdm_test_context_t *spdm_test_context;
548 : libspdm_context_t *spdm_context;
549 : uint32_t session_id;
550 : libspdm_session_info_t *session_info;
551 : libspdm_secured_message_context_t *secured_message_context;
552 :
553 : size_t response_size;
554 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
555 : spdm_key_update_response_t *spdm_response;
556 :
557 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
558 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
559 :
560 1 : spdm_test_context = *state;
561 1 : spdm_context = spdm_test_context->spdm_context;
562 1 : spdm_test_context->case_id = 0x07;
563 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
564 : SPDM_VERSION_NUMBER_SHIFT_BIT;
565 :
566 1 : spdm_set_standard_key_update_test_state( spdm_context, &session_id);
567 :
568 1 : session_info = &spdm_context->session_info[0];
569 1 : secured_message_context = session_info->secured_message_context;
570 :
571 1 : libspdm_set_standard_key_update_test_secrets(
572 1 : session_info->secured_message_context,
573 : m_rsp_secret_buffer, (uint8_t)(0xFF),
574 : m_req_secret_buffer, (uint8_t)(0xEE));
575 :
576 : /*no keys are updated*/
577 :
578 1 : response_size = sizeof(response);
579 1 : status = libspdm_get_encap_response_key_update(spdm_context,
580 : m_spdm_key_update_request4_size,
581 : &m_spdm_key_update_request4,
582 : &response_size, response);
583 :
584 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
585 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
586 1 : spdm_response = (void *)response;
587 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
588 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
589 1 : assert_int_equal(spdm_response->header.param2, 0);
590 1 : assert_memory_equal(secured_message_context
591 : ->application_secret.request_data_secret,
592 : m_req_secret_buffer, secured_message_context->hash_size);
593 1 : assert_memory_equal(secured_message_context
594 : ->application_secret.response_data_secret,
595 : m_rsp_secret_buffer, secured_message_context->hash_size);
596 1 : }
597 :
598 : /**
599 : * Test 8: receiving a invalid KEY_UPDATE message from the requester with
600 : * the VerifyNewKey operation. The responder is setup as if no valid
601 : * KEY_UPDATE request with either the UpdateKey or UpdateAllKeys has been
602 : * previously received.
603 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and
604 : * produces an ERROR message indicating the InvalidRequest. No keys are
605 : * updated.
606 : **/
607 1 : static void req_encap_key_update_ack_case8(void **state)
608 : {
609 : libspdm_return_t status;
610 : libspdm_test_context_t *spdm_test_context;
611 : libspdm_context_t *spdm_context;
612 : uint32_t session_id;
613 : libspdm_session_info_t *session_info;
614 :
615 : size_t response_size;
616 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
617 : spdm_key_update_response_t *spdm_response;
618 :
619 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
620 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
621 :
622 1 : spdm_test_context = *state;
623 1 : spdm_context = spdm_test_context->spdm_context;
624 1 : spdm_test_context->case_id = 0x08;
625 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
626 : SPDM_VERSION_NUMBER_SHIFT_BIT;
627 :
628 1 : spdm_set_standard_key_update_test_state( spdm_context, &session_id);
629 :
630 1 : session_info = &spdm_context->session_info[0];
631 :
632 1 : libspdm_set_standard_key_update_test_secrets(
633 1 : session_info->secured_message_context,
634 : m_rsp_secret_buffer, (uint8_t)(0xFF),
635 : m_req_secret_buffer, (uint8_t)(0xEE));
636 :
637 : /*no mocked major secret update*/
638 :
639 : /*no keys are updated*/
640 :
641 1 : response_size = sizeof(response);
642 1 : status = libspdm_get_encap_response_key_update(spdm_context,
643 : m_spdm_key_update_request5_size,
644 : &m_spdm_key_update_request5,
645 : &response_size, response);
646 :
647 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
648 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
649 1 : spdm_response = (void *)response;
650 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
651 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
652 1 : assert_int_equal(spdm_response->header.param2, 0);
653 1 : }
654 :
655 : /**
656 : * Test 9: receiving a KEY_UPDATE message with a reserved operation code.
657 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and
658 : * produces an ERROR message indicating the InvalidRequest. No keys
659 : * are updated.
660 : **/
661 1 : static void req_encap_key_update_ack_case9(void **state)
662 : {
663 : libspdm_return_t status;
664 : libspdm_test_context_t *spdm_test_context;
665 : libspdm_context_t *spdm_context;
666 : uint32_t session_id;
667 : libspdm_session_info_t *session_info;
668 : libspdm_secured_message_context_t *secured_message_context;
669 :
670 : size_t response_size;
671 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
672 : spdm_key_update_response_t *spdm_response;
673 :
674 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
675 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
676 :
677 1 : spdm_test_context = *state;
678 1 : spdm_context = spdm_test_context->spdm_context;
679 1 : spdm_test_context->case_id = 0x09;
680 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
681 : SPDM_VERSION_NUMBER_SHIFT_BIT;
682 :
683 1 : spdm_set_standard_key_update_test_state( spdm_context, &session_id);
684 :
685 1 : session_info = &spdm_context->session_info[0];
686 1 : secured_message_context = session_info->secured_message_context;
687 :
688 1 : libspdm_set_standard_key_update_test_secrets(
689 1 : session_info->secured_message_context,
690 : m_rsp_secret_buffer, (uint8_t)(0xFF),
691 : m_req_secret_buffer, (uint8_t)(0xEE));
692 :
693 : /*no keys are updated*/
694 :
695 1 : response_size = sizeof(response);
696 1 : status = libspdm_get_encap_response_key_update(spdm_context,
697 : m_spdm_key_update_request10_size,
698 : &m_spdm_key_update_request10,
699 : &response_size, response);
700 :
701 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
702 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
703 1 : spdm_response = (void *)response;
704 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
705 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
706 1 : assert_int_equal(spdm_response->header.param2, 0);
707 1 : assert_memory_equal(secured_message_context
708 : ->application_secret.request_data_secret,
709 : m_req_secret_buffer, secured_message_context->hash_size);
710 1 : assert_memory_equal(secured_message_context
711 : ->application_secret.response_data_secret,
712 : m_rsp_secret_buffer, secured_message_context->hash_size);
713 1 : }
714 :
715 : /* UpdateKey + UpdateKey: failed*/
716 1 : static void req_encap_key_update_ack_case10(void **state)
717 : {
718 : libspdm_return_t status;
719 : libspdm_test_context_t *spdm_test_context;
720 : libspdm_context_t *spdm_context;
721 : uint32_t session_id;
722 : libspdm_session_info_t *session_info;
723 : libspdm_secured_message_context_t *secured_message_context;
724 :
725 : size_t response_size;
726 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
727 : spdm_key_update_response_t *spdm_response;
728 :
729 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
730 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
731 :
732 1 : spdm_test_context = *state;
733 1 : spdm_context = spdm_test_context->spdm_context;
734 1 : spdm_test_context->case_id = 0x0A;
735 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
736 : SPDM_VERSION_NUMBER_SHIFT_BIT;
737 :
738 1 : spdm_set_standard_key_update_test_state( spdm_context, &session_id);
739 :
740 1 : session_info = &spdm_context->session_info[0];
741 1 : secured_message_context = session_info->secured_message_context;
742 :
743 1 : libspdm_set_standard_key_update_test_secrets(
744 1 : session_info->secured_message_context,
745 : m_rsp_secret_buffer, (uint8_t)(0xFF),
746 : m_req_secret_buffer, (uint8_t)(0xEE));
747 :
748 : /*request side *not* updated*/
749 :
750 : /*last request: UpdateKey*/
751 1 : session_info->last_key_update_request = m_spdm_key_update_request1;
752 :
753 : /*response side updated */
754 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
755 : secured_message_context->hash_size,
756 : m_rsp_secret_buffer, m_rsp_secret_buffer,
757 : secured_message_context->hash_size);
758 :
759 1 : response_size = sizeof(response);
760 1 : status = libspdm_get_encap_response_key_update(spdm_context,
761 : m_spdm_key_update_request1_size,
762 : &m_spdm_key_update_request1,
763 : &response_size, response);
764 :
765 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
766 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
767 1 : spdm_response = (void *)response;
768 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
769 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
770 1 : assert_int_equal(spdm_response->header.param2, 0);
771 1 : }
772 :
773 : /* VerifyNewKey + UpdateKey: success*/
774 1 : static void req_encap_key_update_ack_case11(void **state)
775 : {
776 : libspdm_return_t status;
777 : libspdm_test_context_t *spdm_test_context;
778 : libspdm_context_t *spdm_context;
779 : uint32_t session_id;
780 : libspdm_session_info_t *session_info;
781 : libspdm_secured_message_context_t *secured_message_context;
782 :
783 : size_t response_size;
784 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
785 : spdm_key_update_response_t *spdm_response;
786 :
787 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
788 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
789 :
790 1 : spdm_test_context = *state;
791 1 : spdm_context = spdm_test_context->spdm_context;
792 1 : spdm_test_context->case_id = 0x0B;
793 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
794 : SPDM_VERSION_NUMBER_SHIFT_BIT;
795 :
796 1 : spdm_set_standard_key_update_test_state( spdm_context, &session_id);
797 :
798 1 : session_info = &spdm_context->session_info[0];
799 1 : secured_message_context = session_info->secured_message_context;
800 :
801 1 : libspdm_set_standard_key_update_test_secrets(
802 1 : session_info->secured_message_context,
803 : m_rsp_secret_buffer, (uint8_t)(0xFF),
804 : m_req_secret_buffer, (uint8_t)(0xEE));
805 :
806 : /*request side *not* updated*/
807 :
808 : /*last request: verify new key*/
809 1 : session_info->last_key_update_request = m_spdm_key_update_request5;
810 : /*verify new key clear last_key_update_request*/
811 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
812 :
813 : /*response side updated */
814 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
815 : secured_message_context->hash_size,
816 : m_rsp_secret_buffer, m_rsp_secret_buffer,
817 : secured_message_context->hash_size);
818 :
819 1 : response_size = sizeof(response);
820 1 : status = libspdm_get_encap_response_key_update(spdm_context,
821 : m_spdm_key_update_request1_size,
822 : &m_spdm_key_update_request1,
823 : &response_size, response);
824 :
825 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
826 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
827 1 : spdm_response = (void *)response;
828 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_KEY_UPDATE_ACK);
829 1 : assert_int_equal(spdm_response->header.param1, SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
830 1 : assert_int_equal(spdm_response->header.param2, m_spdm_key_update_request1.header.param2);
831 1 : assert_memory_equal(secured_message_context
832 : ->application_secret.request_data_secret,
833 : m_req_secret_buffer, secured_message_context->hash_size);
834 1 : assert_memory_equal(secured_message_context
835 : ->application_secret.response_data_secret,
836 : m_rsp_secret_buffer, secured_message_context->hash_size);
837 1 : }
838 :
839 : /* VerifyNewKey + VerifyNewKey: failed*/
840 1 : static void req_encap_key_update_ack_case12(void **state)
841 : {
842 : libspdm_return_t status;
843 : libspdm_test_context_t *spdm_test_context;
844 : libspdm_context_t *spdm_context;
845 : uint32_t session_id;
846 : libspdm_session_info_t *session_info;
847 : libspdm_secured_message_context_t *secured_message_context;
848 :
849 : size_t response_size;
850 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
851 : spdm_key_update_response_t *spdm_response;
852 :
853 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
854 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
855 :
856 1 : spdm_test_context = *state;
857 1 : spdm_context = spdm_test_context->spdm_context;
858 1 : spdm_test_context->case_id = 0x0C;
859 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
860 : SPDM_VERSION_NUMBER_SHIFT_BIT;
861 :
862 1 : spdm_set_standard_key_update_test_state( spdm_context, &session_id);
863 :
864 1 : session_info = &spdm_context->session_info[0];
865 1 : secured_message_context = session_info->secured_message_context;
866 :
867 1 : libspdm_set_standard_key_update_test_secrets(
868 1 : session_info->secured_message_context,
869 : m_rsp_secret_buffer, (uint8_t)(0xFF),
870 : m_req_secret_buffer, (uint8_t)(0xEE));
871 :
872 : /*request side *not* updated*/
873 :
874 : /*last request: verify new key*/
875 1 : session_info->last_key_update_request = m_spdm_key_update_request5;
876 : /*verify new key clear last_key_update_request*/
877 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
878 :
879 : /*response side updated */
880 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
881 : secured_message_context->hash_size,
882 : m_rsp_secret_buffer, m_rsp_secret_buffer,
883 : secured_message_context->hash_size);
884 :
885 1 : response_size = sizeof(response);
886 1 : status = libspdm_get_encap_response_key_update(spdm_context,
887 : m_spdm_key_update_request5_size,
888 : &m_spdm_key_update_request5,
889 : &response_size, response);
890 :
891 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
892 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
893 1 : spdm_response = (void *)response;
894 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
895 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
896 1 : assert_int_equal(spdm_response->header.param2, 0);
897 1 : }
898 :
899 :
900 : /* other command + UpdateKey: success*/
901 1 : static void req_encap_key_update_ack_case13(void **state)
902 : {
903 : libspdm_return_t status;
904 : libspdm_test_context_t *spdm_test_context;
905 : libspdm_context_t *spdm_context;
906 : uint32_t session_id;
907 : libspdm_session_info_t *session_info;
908 : libspdm_secured_message_context_t *secured_message_context;
909 :
910 : size_t response_size;
911 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
912 : spdm_key_update_response_t *spdm_response;
913 :
914 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
915 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
916 :
917 1 : spdm_test_context = *state;
918 1 : spdm_context = spdm_test_context->spdm_context;
919 1 : spdm_test_context->case_id = 0x0D;
920 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
921 : SPDM_VERSION_NUMBER_SHIFT_BIT;
922 :
923 1 : spdm_set_standard_key_update_test_state( spdm_context, &session_id);
924 :
925 1 : session_info = &spdm_context->session_info[0];
926 1 : secured_message_context = session_info->secured_message_context;
927 :
928 1 : libspdm_set_standard_key_update_test_secrets(
929 1 : session_info->secured_message_context,
930 : m_rsp_secret_buffer, (uint8_t)(0xFF),
931 : m_req_secret_buffer, (uint8_t)(0xEE));
932 :
933 : /*request side *not* updated*/
934 :
935 : /*other command with cleared last_key_update_request*/
936 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
937 :
938 : /*response side updated */
939 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
940 : secured_message_context->hash_size,
941 : m_rsp_secret_buffer, m_rsp_secret_buffer,
942 : secured_message_context->hash_size);
943 :
944 1 : response_size = sizeof(response);
945 1 : status = libspdm_get_encap_response_key_update(spdm_context,
946 : m_spdm_key_update_request1_size,
947 : &m_spdm_key_update_request1,
948 : &response_size, response);
949 :
950 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
951 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
952 1 : spdm_response = (void *)response;
953 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_KEY_UPDATE_ACK);
954 1 : assert_int_equal(spdm_response->header.param1, SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
955 1 : assert_int_equal(spdm_response->header.param2, m_spdm_key_update_request1.header.param2);
956 1 : assert_memory_equal(secured_message_context
957 : ->application_secret.request_data_secret,
958 : m_req_secret_buffer, secured_message_context->hash_size);
959 1 : assert_memory_equal(secured_message_context
960 : ->application_secret.response_data_secret,
961 : m_rsp_secret_buffer, secured_message_context->hash_size);
962 1 : }
963 :
964 :
965 : /* other command + VerifyNewKey: failed*/
966 1 : static void req_encap_key_update_ack_case14(void **state)
967 : {
968 : libspdm_return_t status;
969 : libspdm_test_context_t *spdm_test_context;
970 : libspdm_context_t *spdm_context;
971 : uint32_t session_id;
972 : libspdm_session_info_t *session_info;
973 : libspdm_secured_message_context_t *secured_message_context;
974 :
975 : size_t response_size;
976 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
977 : spdm_key_update_response_t *spdm_response;
978 :
979 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
980 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
981 :
982 1 : spdm_test_context = *state;
983 1 : spdm_context = spdm_test_context->spdm_context;
984 1 : spdm_test_context->case_id = 0x0E;
985 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
986 : SPDM_VERSION_NUMBER_SHIFT_BIT;
987 :
988 1 : spdm_set_standard_key_update_test_state( spdm_context, &session_id);
989 :
990 1 : session_info = &spdm_context->session_info[0];
991 1 : secured_message_context = session_info->secured_message_context;
992 :
993 1 : libspdm_set_standard_key_update_test_secrets(
994 1 : session_info->secured_message_context,
995 : m_rsp_secret_buffer, (uint8_t)(0xFF),
996 : m_req_secret_buffer, (uint8_t)(0xEE));
997 :
998 : /*request side *not* updated*/
999 :
1000 : /*other command with cleared last_key_update_request*/
1001 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
1002 :
1003 : /*response side updated */
1004 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1005 : secured_message_context->hash_size,
1006 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1007 : secured_message_context->hash_size);
1008 :
1009 1 : response_size = sizeof(response);
1010 1 : status = libspdm_get_encap_response_key_update(spdm_context,
1011 : m_spdm_key_update_request5_size,
1012 : &m_spdm_key_update_request5,
1013 : &response_size, response);
1014 :
1015 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1016 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1017 1 : spdm_response = (void *)response;
1018 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1019 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1020 1 : assert_int_equal(spdm_response->header.param2, 0);
1021 1 : }
1022 :
1023 1 : int libspdm_req_encap_key_update_ack_test(void)
1024 : {
1025 1 : const struct CMUnitTest test_cases[] = {
1026 : /* Success Case -- UpdateKey*/
1027 : cmocka_unit_test(req_encap_key_update_ack_case1),
1028 : /* Bad request size*/
1029 : cmocka_unit_test(req_encap_key_update_ack_case2),
1030 : /* Buffer reset*/
1031 : cmocka_unit_test(req_encap_key_update_ack_case3),
1032 : /* Unsupported KEY_UPD capabilities*/
1033 : cmocka_unit_test(req_encap_key_update_ack_case4),
1034 : /* Uninitialized session*/
1035 : cmocka_unit_test(req_encap_key_update_ack_case5),
1036 : /* ruquster RETURN_UNSUPPORTED*/
1037 : cmocka_unit_test(req_encap_key_update_ack_case6),
1038 : /* Bad request size*/
1039 : cmocka_unit_test(req_encap_key_update_ack_case7),
1040 : /* Uninitialized key update*/
1041 : cmocka_unit_test(req_encap_key_update_ack_case8),
1042 : /* Invalid operation*/
1043 : cmocka_unit_test(req_encap_key_update_ack_case9),
1044 : /* UpdateKey + UpdateKey: failed*/
1045 : cmocka_unit_test(req_encap_key_update_ack_case10),
1046 : /* VerifyNewKey + UpdateKey: success*/
1047 : cmocka_unit_test(req_encap_key_update_ack_case11),
1048 : /* VerifyNewKey + VerifyNewKey: failed*/
1049 : cmocka_unit_test(req_encap_key_update_ack_case12),
1050 : /* other command + UpdateKey: success*/
1051 : cmocka_unit_test(req_encap_key_update_ack_case13),
1052 : /* other command + VerifyNewKey: failed*/
1053 : cmocka_unit_test(req_encap_key_update_ack_case14),
1054 : };
1055 :
1056 1 : libspdm_test_context_t test_context = {
1057 : LIBSPDM_TEST_CONTEXT_VERSION,
1058 : false,
1059 : };
1060 :
1061 1 : libspdm_setup_test_context(&test_context);
1062 :
1063 1 : return cmocka_run_group_tests(test_cases,
1064 : libspdm_unit_test_group_setup,
1065 : libspdm_unit_test_group_teardown);
1066 : }
1067 :
1068 : #endif /* LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP && (..) */
|
