Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 : #include "spdm_unit_test.h"
7 : #include "internal/libspdm_requester_lib.h"
8 : #include "internal/libspdm_secured_message_lib.h"
9 :
10 : #if (LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP) && \
11 : ((LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_CAP))
12 :
13 : spdm_key_update_request_t m_spdm_key_update_request1 = {
14 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
15 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x3}
16 : };
17 : size_t m_spdm_key_update_request1_size = sizeof(m_spdm_key_update_request1);
18 :
19 : spdm_key_update_request_t m_spdm_key_update_request2 = {
20 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
21 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x3}
22 : };
23 : size_t m_spdm_key_update_request2_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
24 :
25 : spdm_key_update_request_t m_spdm_key_update_request3 = {
26 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
27 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x71}
28 : };
29 : size_t m_spdm_key_update_request3_size = sizeof(m_spdm_key_update_request3);
30 :
31 : spdm_key_update_request_t m_spdm_key_update_request4 = {
32 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
33 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x71}
34 : };
35 : size_t m_spdm_key_update_request4_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
36 :
37 : spdm_key_update_request_t m_spdm_key_update_request5 = {
38 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
39 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x4A}
40 : };
41 : size_t m_spdm_key_update_request5_size = sizeof(m_spdm_key_update_request5);
42 :
43 : spdm_key_update_request_t m_spdm_key_update_request6 = {
44 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
45 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x4A}
46 : };
47 : size_t m_spdm_key_update_request6_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
48 :
49 : spdm_key_update_request_t m_spdm_key_update_request7 = {
50 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
51 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x92}
52 : };
53 : size_t m_spdm_key_update_request7_size = sizeof(m_spdm_key_update_request7);
54 :
55 : spdm_key_update_request_t m_spdm_key_update_request8 = {
56 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
57 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x13}
58 : };
59 : size_t m_spdm_key_update_request8_size = sizeof(m_spdm_key_update_request8);
60 :
61 : spdm_key_update_request_t m_spdm_key_update_request9 = {
62 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
63 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x22}
64 : };
65 : size_t m_spdm_key_update_request9_size = sizeof(m_spdm_key_update_request9);
66 :
67 : spdm_key_update_request_t m_spdm_key_update_request10 = {
68 : {SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE, 0xFF, 0x12}
69 : };
70 : size_t m_spdm_key_update_request10_size = sizeof(m_spdm_key_update_request10);
71 :
72 14 : static void spdm_set_standard_key_update_test_state(
73 : libspdm_context_t *spdm_context, uint32_t *session_id)
74 : {
75 : libspdm_session_info_t *session_info;
76 :
77 14 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
78 14 : spdm_context->connection_info.connection_state =
79 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
80 14 : spdm_context->connection_info.capability.flags |=
81 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP;
82 14 : spdm_context->connection_info.capability.flags |=
83 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP;
84 14 : spdm_context->connection_info.capability.flags |=
85 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP;
86 14 : spdm_context->local_context.capability.flags |=
87 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP;
88 14 : spdm_context->local_context.capability.flags |=
89 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP;
90 14 : spdm_context->local_context.capability.flags |=
91 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP;
92 :
93 14 : spdm_context->transcript.message_a.buffer_size = 0;
94 14 : spdm_context->connection_info.algorithm.base_hash_algo =
95 : m_libspdm_use_hash_algo;
96 14 : spdm_context->connection_info.algorithm.base_asym_algo =
97 : m_libspdm_use_asym_algo;
98 14 : spdm_context->connection_info.algorithm.dhe_named_group =
99 : m_libspdm_use_dhe_algo;
100 14 : spdm_context->connection_info.algorithm.aead_cipher_suite =
101 : m_libspdm_use_aead_algo;
102 :
103 14 : *session_id = 0xFFFFFFFF;
104 14 : spdm_context->latest_session_id = *session_id;
105 14 : spdm_context->last_spdm_request_session_id_valid = true;
106 14 : spdm_context->last_spdm_request_session_id = *session_id;
107 14 : session_info = &spdm_context->session_info[0];
108 14 : libspdm_session_info_init(spdm_context, session_info, *session_id,
109 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
110 14 : libspdm_secured_message_set_session_state(
111 : session_info->secured_message_context,
112 : LIBSPDM_SESSION_STATE_ESTABLISHED);
113 14 : }
114 :
115 13 : static void libspdm_set_standard_key_update_test_secrets(
116 : libspdm_secured_message_context_t *secured_message_context,
117 : uint8_t *m_rsp_secret_buffer, uint8_t rsp_secret_fill,
118 : uint8_t *m_req_secret_buffer, uint8_t req_secret_fill)
119 : {
120 13 : libspdm_set_mem(m_rsp_secret_buffer, secured_message_context->hash_size, rsp_secret_fill);
121 13 : libspdm_set_mem(m_req_secret_buffer, secured_message_context->hash_size, req_secret_fill);
122 :
123 13 : libspdm_copy_mem(secured_message_context->application_secret.response_data_secret,
124 : sizeof(secured_message_context->application_secret.response_data_secret),
125 : m_rsp_secret_buffer, secured_message_context->aead_key_size);
126 13 : libspdm_copy_mem(secured_message_context->application_secret.request_data_secret,
127 : sizeof(secured_message_context->application_secret.request_data_secret),
128 : m_req_secret_buffer, secured_message_context->aead_key_size);
129 :
130 13 : libspdm_set_mem(secured_message_context->application_secret
131 13 : .response_data_encryption_key,
132 : secured_message_context->aead_key_size, rsp_secret_fill);
133 13 : libspdm_set_mem(secured_message_context->application_secret
134 13 : .response_data_salt,
135 : secured_message_context->aead_iv_size, rsp_secret_fill);
136 :
137 13 : libspdm_set_mem(secured_message_context->application_secret
138 13 : .request_data_encryption_key,
139 : secured_message_context->aead_key_size, req_secret_fill);
140 13 : libspdm_set_mem(secured_message_context->application_secret
141 13 : .request_data_salt,
142 : secured_message_context->aead_iv_size, req_secret_fill);
143 :
144 13 : secured_message_context->application_secret.response_data_sequence_number = 0;
145 13 : secured_message_context->application_secret.request_data_sequence_number = 0;
146 13 : }
147 :
148 7 : static void libspdm_compute_secret_update(spdm_version_number_t spdm_version,
149 : size_t hash_size,
150 : const uint8_t *in_secret, uint8_t *out_secret,
151 : size_t out_secret_size)
152 : {
153 : uint8_t bin_str9[128];
154 : size_t bin_str9_size;
155 :
156 7 : bin_str9_size = sizeof(bin_str9);
157 7 : libspdm_bin_concat(spdm_version,
158 : SPDM_BIN_STR_9_LABEL, sizeof(SPDM_BIN_STR_9_LABEL) - 1,
159 7 : NULL, (uint16_t)hash_size, hash_size, bin_str9,
160 : &bin_str9_size);
161 :
162 7 : libspdm_hkdf_expand(m_libspdm_use_hash_algo, in_secret, hash_size, bin_str9,
163 : bin_str9_size, out_secret, out_secret_size);
164 7 : }
165 :
166 : /**
167 : * Test 1: receiving a correct KEY_UPDATE message from the requester with
168 : * the UpdateKey operation.
169 : * Expected behavior: the encap requester accepts the request, produces a valid
170 : * KEY_UPDATE_ACK response message, and the request data key is updated.
171 : **/
172 1 : static void req_encap_key_update_ack_case1(void **state)
173 : {
174 : libspdm_return_t status;
175 : libspdm_test_context_t *spdm_test_context;
176 : libspdm_context_t *spdm_context;
177 : uint32_t session_id;
178 : libspdm_session_info_t *session_info;
179 : libspdm_secured_message_context_t *secured_message_context;
180 :
181 : size_t response_size;
182 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
183 : spdm_key_update_response_t *spdm_response;
184 :
185 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
186 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
187 :
188 1 : spdm_test_context = *state;
189 1 : spdm_context = spdm_test_context->spdm_context;
190 1 : spdm_test_context->case_id = 0x01;
191 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
192 : SPDM_VERSION_NUMBER_SHIFT_BIT;
193 :
194 1 : spdm_set_standard_key_update_test_state(
195 : spdm_context, &session_id);
196 :
197 1 : session_info = &spdm_context->session_info[0];
198 1 : secured_message_context = session_info->secured_message_context;
199 :
200 1 : libspdm_set_standard_key_update_test_secrets(
201 1 : session_info->secured_message_context,
202 : m_rsp_secret_buffer, (uint8_t)(0xFF),
203 : m_req_secret_buffer, (uint8_t)(0xEE));
204 :
205 : /*request side *not* updated*/
206 :
207 : /*response side updated */
208 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
209 : secured_message_context->hash_size,
210 : m_rsp_secret_buffer, m_rsp_secret_buffer,
211 : secured_message_context->hash_size);
212 :
213 1 : response_size = sizeof(response);
214 1 : status = libspdm_get_encap_response_key_update(spdm_context,
215 : m_spdm_key_update_request1_size,
216 : &m_spdm_key_update_request1,
217 : &response_size, response);
218 :
219 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
220 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
221 1 : spdm_response = (void *)response;
222 1 : assert_int_equal(spdm_response->header.request_response_code,
223 : SPDM_KEY_UPDATE_ACK);
224 1 : assert_int_equal(spdm_response->header.param1,
225 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
226 1 : assert_int_equal(spdm_response->header.param2,
227 : m_spdm_key_update_request1.header.param2);
228 1 : assert_memory_equal(secured_message_context
229 : ->application_secret.request_data_secret,
230 : m_req_secret_buffer, secured_message_context->hash_size);
231 1 : assert_memory_equal(secured_message_context
232 : ->application_secret.response_data_secret,
233 : m_rsp_secret_buffer, secured_message_context->hash_size);
234 1 : }
235 :
236 : /**
237 : * Test 2: receiving a KEY_UPDATE message larger than specified, with the
238 : * UpdateKey operation.
239 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and
240 : * produces an ERROR message indicating the InvalidRequest. No keys
241 : * are updated.
242 : **/
243 1 : static void req_encap_key_update_ack_case2(void **state)
244 : {
245 : libspdm_return_t status;
246 : libspdm_test_context_t *spdm_test_context;
247 : libspdm_context_t *spdm_context;
248 : uint32_t session_id;
249 : libspdm_session_info_t *session_info;
250 : libspdm_secured_message_context_t *secured_message_context;
251 :
252 : size_t response_size;
253 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
254 : spdm_key_update_response_t *spdm_response;
255 :
256 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
257 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
258 :
259 1 : spdm_test_context = *state;
260 1 : spdm_context = spdm_test_context->spdm_context;
261 1 : spdm_test_context->case_id = 0x02;
262 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
263 : SPDM_VERSION_NUMBER_SHIFT_BIT;
264 :
265 1 : spdm_set_standard_key_update_test_state(
266 : spdm_context, &session_id);
267 :
268 1 : session_info = &spdm_context->session_info[0];
269 1 : secured_message_context = session_info->secured_message_context;
270 :
271 1 : libspdm_set_standard_key_update_test_secrets(
272 1 : session_info->secured_message_context,
273 : m_rsp_secret_buffer, (uint8_t)(0xFF),
274 : m_req_secret_buffer, (uint8_t)(0xEE));
275 :
276 : /*no keys are updated*/
277 :
278 1 : response_size = sizeof(response);
279 1 : status = libspdm_get_encap_response_key_update(spdm_context,
280 : m_spdm_key_update_request2_size,
281 : &m_spdm_key_update_request2,
282 : &response_size, response);
283 :
284 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
285 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
286 1 : spdm_response = (void *)response;
287 1 : assert_int_equal(spdm_response->header.request_response_code,
288 : SPDM_ERROR);
289 1 : assert_int_equal(spdm_response->header.param1,
290 : SPDM_ERROR_CODE_INVALID_REQUEST);
291 1 : assert_int_equal(spdm_response->header.param2, 0);
292 1 : assert_memory_equal(secured_message_context
293 : ->application_secret.request_data_secret,
294 : m_req_secret_buffer, secured_message_context->hash_size);
295 1 : assert_memory_equal(secured_message_context
296 : ->application_secret.response_data_secret,
297 : m_rsp_secret_buffer, secured_message_context->hash_size);
298 1 : }
299 :
300 1 : static void req_encap_key_update_ack_case3(void **state)
301 : {
302 : libspdm_return_t status;
303 : libspdm_test_context_t *spdm_test_context;
304 : libspdm_context_t *spdm_context;
305 : uint32_t session_id;
306 : libspdm_session_info_t *session_info;
307 : libspdm_secured_message_context_t *secured_message_context;
308 :
309 : size_t response_size;
310 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
311 : spdm_key_update_response_t *spdm_response;
312 :
313 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
314 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
315 :
316 1 : spdm_test_context = *state;
317 1 : spdm_context = spdm_test_context->spdm_context;
318 1 : spdm_test_context->case_id = 0x03;
319 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
320 : SPDM_VERSION_NUMBER_SHIFT_BIT;
321 :
322 1 : spdm_set_standard_key_update_test_state(
323 : spdm_context, &session_id);
324 :
325 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
326 : /*"filling" buffers*/
327 : spdm_context->transcript.message_m.buffer_size =
328 : spdm_context->transcript.message_m.max_buffer_size;
329 : spdm_context->transcript.message_b.buffer_size =
330 : spdm_context->transcript.message_b.max_buffer_size;
331 : spdm_context->transcript.message_c.buffer_size =
332 : spdm_context->transcript.message_c.max_buffer_size;
333 : spdm_context->transcript.message_mut_b.buffer_size =
334 : spdm_context->transcript.message_mut_b.max_buffer_size;
335 : spdm_context->transcript.message_mut_c.buffer_size =
336 : spdm_context->transcript.message_mut_c.max_buffer_size;
337 : #endif
338 :
339 1 : session_info = &spdm_context->session_info[0];
340 1 : secured_message_context = session_info->secured_message_context;
341 :
342 1 : libspdm_set_standard_key_update_test_secrets(
343 1 : session_info->secured_message_context,
344 : m_rsp_secret_buffer, (uint8_t)(0xFF),
345 : m_req_secret_buffer, (uint8_t)(0xEE));
346 :
347 : /*request side *not* updated*/
348 :
349 : /*response side updated */
350 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
351 : secured_message_context->hash_size,
352 : m_rsp_secret_buffer, m_rsp_secret_buffer,
353 : secured_message_context->hash_size);
354 :
355 1 : response_size = sizeof(response);
356 1 : status = libspdm_get_encap_response_key_update(spdm_context,
357 : m_spdm_key_update_request1_size,
358 : &m_spdm_key_update_request1,
359 : &response_size, response);
360 :
361 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
362 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
363 1 : spdm_response = (void *)response;
364 1 : assert_int_equal(spdm_response->header.request_response_code,
365 : SPDM_KEY_UPDATE_ACK);
366 1 : assert_int_equal(spdm_response->header.param1,
367 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
368 1 : assert_int_equal(spdm_response->header.param2,
369 : m_spdm_key_update_request1.header.param2);
370 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
371 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
372 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
373 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
374 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
375 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
376 : #endif
377 1 : assert_memory_equal(secured_message_context
378 : ->application_secret.request_data_secret,
379 : m_req_secret_buffer, secured_message_context->hash_size);
380 1 : assert_memory_equal(secured_message_context
381 : ->application_secret.response_data_secret,
382 : m_rsp_secret_buffer, secured_message_context->hash_size);
383 1 : }
384 :
385 : /**
386 : * Test 4: receiving a correct KEY_UPDATE message from the requester, but the
387 : * responder has no capabilities for key update.
388 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and
389 : * produces an ERROR message indicating the UnsupportedRequest. No keys are
390 : * updated.
391 : **/
392 1 : static void req_encap_key_update_ack_case4(void **state)
393 : {
394 : libspdm_return_t status;
395 : libspdm_test_context_t *spdm_test_context;
396 : libspdm_context_t *spdm_context;
397 : uint32_t session_id;
398 : libspdm_session_info_t *session_info;
399 : libspdm_secured_message_context_t *secured_message_context;
400 :
401 : size_t response_size;
402 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
403 : spdm_key_update_response_t *spdm_response;
404 :
405 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
406 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
407 :
408 1 : spdm_test_context = *state;
409 1 : spdm_context = spdm_test_context->spdm_context;
410 1 : spdm_test_context->case_id = 0x04;
411 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
412 : SPDM_VERSION_NUMBER_SHIFT_BIT;
413 :
414 1 : spdm_set_standard_key_update_test_state(
415 : spdm_context, &session_id);
416 :
417 : /*no capabilities*/
418 1 : spdm_context->connection_info.capability.flags &=
419 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP;
420 1 : spdm_context->local_context.capability.flags &=
421 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP;
422 :
423 1 : session_info = &spdm_context->session_info[0];
424 1 : secured_message_context = session_info->secured_message_context;
425 :
426 1 : libspdm_set_standard_key_update_test_secrets(
427 1 : session_info->secured_message_context,
428 : m_rsp_secret_buffer, (uint8_t)(0xFF),
429 : m_req_secret_buffer, (uint8_t)(0xEE));
430 :
431 : /*no keys are updated*/
432 :
433 1 : response_size = sizeof(response);
434 1 : status = libspdm_get_encap_response_key_update(spdm_context,
435 : m_spdm_key_update_request1_size,
436 : &m_spdm_key_update_request1,
437 : &response_size, response);
438 :
439 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
440 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
441 1 : spdm_response = (void *)response;
442 1 : assert_int_equal(spdm_response->header.request_response_code,
443 : SPDM_ERROR);
444 1 : assert_int_equal(spdm_response->header.param1,
445 : SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
446 1 : assert_int_equal(spdm_response->header.param2, SPDM_KEY_UPDATE);
447 1 : assert_memory_equal(secured_message_context
448 : ->application_secret.request_data_secret,
449 : m_req_secret_buffer, secured_message_context->hash_size);
450 1 : assert_memory_equal(secured_message_context
451 : ->application_secret.response_data_secret,
452 : m_rsp_secret_buffer, secured_message_context->hash_size);
453 1 : }
454 :
455 : /**
456 : * Test 5: receiving a correct KEY_UPDATE message from the requester, but the
457 : * responder is not correctly setup by not initializing a session during
458 : * KEY_EXCHANGE.
459 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and produces
460 : * an ERROR message indicating the UnsupportedRequest. No keys are updated.
461 : **/
462 1 : static void req_encap_key_update_ack_case5(void **state)
463 : {
464 : libspdm_return_t status;
465 : libspdm_test_context_t *spdm_test_context;
466 : libspdm_context_t *spdm_context;
467 : uint32_t session_id;
468 : libspdm_session_info_t *session_info;
469 : libspdm_secured_message_context_t *secured_message_context;
470 :
471 : size_t response_size;
472 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
473 : spdm_key_update_response_t *spdm_response;
474 :
475 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
476 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
477 :
478 1 : spdm_test_context = *state;
479 1 : spdm_context = spdm_test_context->spdm_context;
480 1 : spdm_test_context->case_id = 0x04;
481 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
482 : SPDM_VERSION_NUMBER_SHIFT_BIT;
483 :
484 1 : spdm_set_standard_key_update_test_state(
485 : spdm_context, &session_id);
486 :
487 1 : session_info = &spdm_context->session_info[0];
488 1 : secured_message_context = session_info->secured_message_context;
489 :
490 : /*uninitialized session*/
491 1 : libspdm_secured_message_set_session_state(
492 : session_info->secured_message_context,
493 : LIBSPDM_SESSION_STATE_NOT_STARTED);
494 :
495 1 : libspdm_set_standard_key_update_test_secrets(
496 1 : session_info->secured_message_context,
497 : m_rsp_secret_buffer, (uint8_t)(0xFF),
498 : m_req_secret_buffer, (uint8_t)(0xEE));
499 :
500 : /*no keys are updated*/
501 :
502 1 : response_size = sizeof(response);
503 1 : status = libspdm_get_encap_response_key_update(spdm_context,
504 : m_spdm_key_update_request1_size,
505 : &m_spdm_key_update_request1,
506 : &response_size, response);
507 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
508 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
509 1 : spdm_response = (void *)response;
510 1 : assert_int_equal(spdm_response->header.request_response_code,
511 : SPDM_ERROR);
512 1 : assert_int_equal(spdm_response->header.param1,
513 : SPDM_ERROR_CODE_INVALID_REQUEST);
514 1 : assert_int_equal(spdm_response->header.param2, 0);
515 1 : assert_memory_equal(secured_message_context
516 : ->application_secret.request_data_secret,
517 : m_req_secret_buffer, secured_message_context->hash_size);
518 1 : assert_memory_equal(secured_message_context
519 : ->application_secret.response_data_secret,
520 : m_rsp_secret_buffer, secured_message_context->hash_size);
521 1 : }
522 :
523 : /**
524 : * Test 6: receiving a correct KEY_UPDATE message from the requester with
525 : * the UpdateAllKeys operation.
526 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and produces
527 : * an ERROR message indicating the UnsupportedRequest. No keys are updated.
528 : **/
529 1 : static void req_encap_key_update_ack_case6(void **state)
530 : {
531 : libspdm_return_t status;
532 : libspdm_test_context_t *spdm_test_context;
533 : libspdm_context_t *spdm_context;
534 : uint32_t session_id;
535 :
536 : size_t response_size;
537 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
538 : spdm_key_update_response_t *spdm_response;
539 :
540 :
541 1 : spdm_test_context = *state;
542 1 : spdm_context = spdm_test_context->spdm_context;
543 1 : spdm_test_context->case_id = 0x06;
544 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
545 : SPDM_VERSION_NUMBER_SHIFT_BIT;
546 :
547 1 : spdm_set_standard_key_update_test_state(
548 : spdm_context, &session_id);
549 :
550 1 : response_size = sizeof(response);
551 1 : status = libspdm_get_encap_response_key_update(spdm_context,
552 : m_spdm_key_update_request3_size,
553 : &m_spdm_key_update_request3,
554 : &response_size, response);
555 :
556 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
557 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
558 1 : spdm_response = (void *)response;
559 1 : assert_int_equal(spdm_response->header.request_response_code,
560 : SPDM_ERROR);
561 1 : assert_int_equal(spdm_response->header.param1,
562 : SPDM_ERROR_CODE_INVALID_REQUEST);
563 1 : assert_int_equal(spdm_response->header.param2,
564 : 0);
565 1 : }
566 :
567 : /**
568 : * Test 7: receiving a KEY_UPDATE message larger than specified, with the
569 : * UpdateAllKeys operation.
570 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and
571 : * produces an ERROR message indicating the InvalidRequest. No keys
572 : * are updated.
573 : **/
574 1 : static void req_encap_key_update_ack_case7(void **state)
575 : {
576 : libspdm_return_t status;
577 : libspdm_test_context_t *spdm_test_context;
578 : libspdm_context_t *spdm_context;
579 : uint32_t session_id;
580 : libspdm_session_info_t *session_info;
581 : libspdm_secured_message_context_t *secured_message_context;
582 :
583 : size_t response_size;
584 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
585 : spdm_key_update_response_t *spdm_response;
586 :
587 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
588 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
589 :
590 1 : spdm_test_context = *state;
591 1 : spdm_context = spdm_test_context->spdm_context;
592 1 : spdm_test_context->case_id = 0x07;
593 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
594 : SPDM_VERSION_NUMBER_SHIFT_BIT;
595 :
596 1 : spdm_set_standard_key_update_test_state(
597 : spdm_context, &session_id);
598 :
599 1 : session_info = &spdm_context->session_info[0];
600 1 : secured_message_context = session_info->secured_message_context;
601 :
602 1 : libspdm_set_standard_key_update_test_secrets(
603 1 : session_info->secured_message_context,
604 : m_rsp_secret_buffer, (uint8_t)(0xFF),
605 : m_req_secret_buffer, (uint8_t)(0xEE));
606 :
607 : /*no keys are updated*/
608 :
609 1 : response_size = sizeof(response);
610 1 : status = libspdm_get_encap_response_key_update(spdm_context,
611 : m_spdm_key_update_request4_size,
612 : &m_spdm_key_update_request4,
613 : &response_size, response);
614 :
615 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
616 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
617 1 : spdm_response = (void *)response;
618 1 : assert_int_equal(spdm_response->header.request_response_code,
619 : SPDM_ERROR);
620 1 : assert_int_equal(spdm_response->header.param1,
621 : SPDM_ERROR_CODE_INVALID_REQUEST);
622 1 : assert_int_equal(spdm_response->header.param2, 0);
623 1 : assert_memory_equal(secured_message_context
624 : ->application_secret.request_data_secret,
625 : m_req_secret_buffer, secured_message_context->hash_size);
626 1 : assert_memory_equal(secured_message_context
627 : ->application_secret.response_data_secret,
628 : m_rsp_secret_buffer, secured_message_context->hash_size);
629 1 : }
630 :
631 : /**
632 : * Test 8: receiving a invalid KEY_UPDATE message from the requester with
633 : * the VerifyNewKey operation. The responder is setup as if no valid
634 : * KEY_UPDATE request with either the UpdateKey or UpdateAllKeys has been
635 : * previously received.
636 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and
637 : * produces an ERROR message indicating the InvalidRequest. No keys are
638 : * updated.
639 : **/
640 1 : static void req_encap_key_update_ack_case8(void **state)
641 : {
642 : libspdm_return_t status;
643 : libspdm_test_context_t *spdm_test_context;
644 : libspdm_context_t *spdm_context;
645 : uint32_t session_id;
646 : libspdm_session_info_t *session_info;
647 :
648 : size_t response_size;
649 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
650 : spdm_key_update_response_t *spdm_response;
651 :
652 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
653 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
654 :
655 1 : spdm_test_context = *state;
656 1 : spdm_context = spdm_test_context->spdm_context;
657 1 : spdm_test_context->case_id = 0x08;
658 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
659 : SPDM_VERSION_NUMBER_SHIFT_BIT;
660 :
661 1 : spdm_set_standard_key_update_test_state(
662 : spdm_context, &session_id);
663 :
664 1 : session_info = &spdm_context->session_info[0];
665 :
666 1 : libspdm_set_standard_key_update_test_secrets(
667 1 : session_info->secured_message_context,
668 : m_rsp_secret_buffer, (uint8_t)(0xFF),
669 : m_req_secret_buffer, (uint8_t)(0xEE));
670 :
671 : /*no mocked major secret update*/
672 :
673 : /*no keys are updated*/
674 :
675 1 : response_size = sizeof(response);
676 1 : status = libspdm_get_encap_response_key_update(spdm_context,
677 : m_spdm_key_update_request5_size,
678 : &m_spdm_key_update_request5,
679 : &response_size, response);
680 :
681 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
682 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
683 1 : spdm_response = (void *)response;
684 1 : assert_int_equal(spdm_response->header.request_response_code,
685 : SPDM_ERROR);
686 1 : assert_int_equal(spdm_response->header.param1,
687 : SPDM_ERROR_CODE_INVALID_REQUEST);
688 1 : assert_int_equal(spdm_response->header.param2,
689 : 0);
690 1 : }
691 :
692 : /**
693 : * Test 9: receiving a KEY_UPDATE message with a reserved operation code.
694 : * Expected behavior: the encap requester refuses the KEY_UPDATE message and
695 : * produces an ERROR message indicating the InvalidRequest. No keys
696 : * are updated.
697 : **/
698 1 : static void req_encap_key_update_ack_case9(void **state)
699 : {
700 : libspdm_return_t status;
701 : libspdm_test_context_t *spdm_test_context;
702 : libspdm_context_t *spdm_context;
703 : uint32_t session_id;
704 : libspdm_session_info_t *session_info;
705 : libspdm_secured_message_context_t *secured_message_context;
706 :
707 : size_t response_size;
708 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
709 : spdm_key_update_response_t *spdm_response;
710 :
711 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
712 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
713 :
714 1 : spdm_test_context = *state;
715 1 : spdm_context = spdm_test_context->spdm_context;
716 1 : spdm_test_context->case_id = 0x09;
717 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
718 : SPDM_VERSION_NUMBER_SHIFT_BIT;
719 :
720 1 : spdm_set_standard_key_update_test_state(
721 : spdm_context, &session_id);
722 :
723 1 : session_info = &spdm_context->session_info[0];
724 1 : secured_message_context = session_info->secured_message_context;
725 :
726 1 : libspdm_set_standard_key_update_test_secrets(
727 1 : session_info->secured_message_context,
728 : m_rsp_secret_buffer, (uint8_t)(0xFF),
729 : m_req_secret_buffer, (uint8_t)(0xEE));
730 :
731 : /*no keys are updated*/
732 :
733 1 : response_size = sizeof(response);
734 1 : status = libspdm_get_encap_response_key_update(spdm_context,
735 : m_spdm_key_update_request10_size,
736 : &m_spdm_key_update_request10,
737 : &response_size, response);
738 :
739 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
740 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
741 1 : spdm_response = (void *)response;
742 1 : assert_int_equal(spdm_response->header.request_response_code,
743 : SPDM_ERROR);
744 1 : assert_int_equal(spdm_response->header.param1,
745 : SPDM_ERROR_CODE_INVALID_REQUEST);
746 1 : assert_int_equal(spdm_response->header.param2, 0);
747 1 : assert_memory_equal(secured_message_context
748 : ->application_secret.request_data_secret,
749 : m_req_secret_buffer, secured_message_context->hash_size);
750 1 : assert_memory_equal(secured_message_context
751 : ->application_secret.response_data_secret,
752 : m_rsp_secret_buffer, secured_message_context->hash_size);
753 1 : }
754 :
755 : /* UpdateKey + UpdateKey: failed*/
756 1 : static void req_encap_key_update_ack_case10(void **state)
757 : {
758 : libspdm_return_t status;
759 : libspdm_test_context_t *spdm_test_context;
760 : libspdm_context_t *spdm_context;
761 : uint32_t session_id;
762 : libspdm_session_info_t *session_info;
763 : libspdm_secured_message_context_t *secured_message_context;
764 :
765 : size_t response_size;
766 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
767 : spdm_key_update_response_t *spdm_response;
768 :
769 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
770 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
771 :
772 1 : spdm_test_context = *state;
773 1 : spdm_context = spdm_test_context->spdm_context;
774 1 : spdm_test_context->case_id = 0x0A;
775 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
776 : SPDM_VERSION_NUMBER_SHIFT_BIT;
777 :
778 1 : spdm_set_standard_key_update_test_state(
779 : spdm_context, &session_id);
780 :
781 1 : session_info = &spdm_context->session_info[0];
782 1 : secured_message_context = session_info->secured_message_context;
783 :
784 1 : libspdm_set_standard_key_update_test_secrets(
785 1 : session_info->secured_message_context,
786 : m_rsp_secret_buffer, (uint8_t)(0xFF),
787 : m_req_secret_buffer, (uint8_t)(0xEE));
788 :
789 : /*request side *not* updated*/
790 :
791 : /*last request: UpdateKey*/
792 1 : session_info->last_key_update_request = m_spdm_key_update_request1;
793 :
794 : /*response side updated */
795 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
796 : secured_message_context->hash_size,
797 : m_rsp_secret_buffer, m_rsp_secret_buffer,
798 : secured_message_context->hash_size);
799 :
800 1 : response_size = sizeof(response);
801 1 : status = libspdm_get_encap_response_key_update(spdm_context,
802 : m_spdm_key_update_request1_size,
803 : &m_spdm_key_update_request1,
804 : &response_size, response);
805 :
806 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
807 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
808 1 : spdm_response = (void *)response;
809 1 : assert_int_equal(spdm_response->header.request_response_code,
810 : SPDM_ERROR);
811 1 : assert_int_equal(spdm_response->header.param1,
812 : SPDM_ERROR_CODE_INVALID_REQUEST);
813 1 : assert_int_equal(spdm_response->header.param2,
814 : 0);
815 1 : }
816 :
817 : /* VerifyNewKey + UpdateKey: success*/
818 1 : static void req_encap_key_update_ack_case11(void **state)
819 : {
820 : libspdm_return_t status;
821 : libspdm_test_context_t *spdm_test_context;
822 : libspdm_context_t *spdm_context;
823 : uint32_t session_id;
824 : libspdm_session_info_t *session_info;
825 : libspdm_secured_message_context_t *secured_message_context;
826 :
827 : size_t response_size;
828 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
829 : spdm_key_update_response_t *spdm_response;
830 :
831 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
832 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
833 :
834 1 : spdm_test_context = *state;
835 1 : spdm_context = spdm_test_context->spdm_context;
836 1 : spdm_test_context->case_id = 0x0B;
837 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
838 : SPDM_VERSION_NUMBER_SHIFT_BIT;
839 :
840 1 : spdm_set_standard_key_update_test_state(
841 : spdm_context, &session_id);
842 :
843 1 : session_info = &spdm_context->session_info[0];
844 1 : secured_message_context = session_info->secured_message_context;
845 :
846 1 : libspdm_set_standard_key_update_test_secrets(
847 1 : session_info->secured_message_context,
848 : m_rsp_secret_buffer, (uint8_t)(0xFF),
849 : m_req_secret_buffer, (uint8_t)(0xEE));
850 :
851 : /*request side *not* updated*/
852 :
853 : /*last request: verify new key*/
854 1 : session_info->last_key_update_request = m_spdm_key_update_request5;
855 : /*verify new key clear last_key_update_request*/
856 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
857 :
858 : /*response side updated */
859 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
860 : secured_message_context->hash_size,
861 : m_rsp_secret_buffer, m_rsp_secret_buffer,
862 : secured_message_context->hash_size);
863 :
864 1 : response_size = sizeof(response);
865 1 : status = libspdm_get_encap_response_key_update(spdm_context,
866 : m_spdm_key_update_request1_size,
867 : &m_spdm_key_update_request1,
868 : &response_size, response);
869 :
870 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
871 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
872 1 : spdm_response = (void *)response;
873 1 : assert_int_equal(spdm_response->header.request_response_code,
874 : SPDM_KEY_UPDATE_ACK);
875 1 : assert_int_equal(spdm_response->header.param1,
876 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
877 1 : assert_int_equal(spdm_response->header.param2,
878 : m_spdm_key_update_request1.header.param2);
879 1 : assert_memory_equal(secured_message_context
880 : ->application_secret.request_data_secret,
881 : m_req_secret_buffer, secured_message_context->hash_size);
882 1 : assert_memory_equal(secured_message_context
883 : ->application_secret.response_data_secret,
884 : m_rsp_secret_buffer, secured_message_context->hash_size);
885 1 : }
886 :
887 : /* VerifyNewKey + VerifyNewKey: failed*/
888 1 : static void req_encap_key_update_ack_case12(void **state)
889 : {
890 : libspdm_return_t status;
891 : libspdm_test_context_t *spdm_test_context;
892 : libspdm_context_t *spdm_context;
893 : uint32_t session_id;
894 : libspdm_session_info_t *session_info;
895 : libspdm_secured_message_context_t *secured_message_context;
896 :
897 : size_t response_size;
898 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
899 : spdm_key_update_response_t *spdm_response;
900 :
901 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
902 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
903 :
904 1 : spdm_test_context = *state;
905 1 : spdm_context = spdm_test_context->spdm_context;
906 1 : spdm_test_context->case_id = 0x0C;
907 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
908 : SPDM_VERSION_NUMBER_SHIFT_BIT;
909 :
910 1 : spdm_set_standard_key_update_test_state(
911 : spdm_context, &session_id);
912 :
913 1 : session_info = &spdm_context->session_info[0];
914 1 : secured_message_context = session_info->secured_message_context;
915 :
916 1 : libspdm_set_standard_key_update_test_secrets(
917 1 : session_info->secured_message_context,
918 : m_rsp_secret_buffer, (uint8_t)(0xFF),
919 : m_req_secret_buffer, (uint8_t)(0xEE));
920 :
921 : /*request side *not* updated*/
922 :
923 : /*last request: verify new key*/
924 1 : session_info->last_key_update_request = m_spdm_key_update_request5;
925 : /*verify new key clear last_key_update_request*/
926 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
927 :
928 : /*response side updated */
929 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
930 : secured_message_context->hash_size,
931 : m_rsp_secret_buffer, m_rsp_secret_buffer,
932 : secured_message_context->hash_size);
933 :
934 1 : response_size = sizeof(response);
935 1 : status = libspdm_get_encap_response_key_update(spdm_context,
936 : m_spdm_key_update_request5_size,
937 : &m_spdm_key_update_request5,
938 : &response_size, response);
939 :
940 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
941 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
942 1 : spdm_response = (void *)response;
943 1 : assert_int_equal(spdm_response->header.request_response_code,
944 : SPDM_ERROR);
945 1 : assert_int_equal(spdm_response->header.param1,
946 : SPDM_ERROR_CODE_INVALID_REQUEST);
947 1 : assert_int_equal(spdm_response->header.param2,
948 : 0);
949 1 : }
950 :
951 :
952 : /* other command + UpdateKey: success*/
953 1 : static void req_encap_key_update_ack_case13(void **state)
954 : {
955 : libspdm_return_t status;
956 : libspdm_test_context_t *spdm_test_context;
957 : libspdm_context_t *spdm_context;
958 : uint32_t session_id;
959 : libspdm_session_info_t *session_info;
960 : libspdm_secured_message_context_t *secured_message_context;
961 :
962 : size_t response_size;
963 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
964 : spdm_key_update_response_t *spdm_response;
965 :
966 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
967 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
968 :
969 1 : spdm_test_context = *state;
970 1 : spdm_context = spdm_test_context->spdm_context;
971 1 : spdm_test_context->case_id = 0x0D;
972 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
973 : SPDM_VERSION_NUMBER_SHIFT_BIT;
974 :
975 1 : spdm_set_standard_key_update_test_state(
976 : spdm_context, &session_id);
977 :
978 1 : session_info = &spdm_context->session_info[0];
979 1 : secured_message_context = session_info->secured_message_context;
980 :
981 1 : libspdm_set_standard_key_update_test_secrets(
982 1 : session_info->secured_message_context,
983 : m_rsp_secret_buffer, (uint8_t)(0xFF),
984 : m_req_secret_buffer, (uint8_t)(0xEE));
985 :
986 : /*request side *not* updated*/
987 :
988 : /*other command with cleared last_key_update_request*/
989 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
990 :
991 : /*response side updated */
992 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
993 : secured_message_context->hash_size,
994 : m_rsp_secret_buffer, m_rsp_secret_buffer,
995 : secured_message_context->hash_size);
996 :
997 1 : response_size = sizeof(response);
998 1 : status = libspdm_get_encap_response_key_update(spdm_context,
999 : m_spdm_key_update_request1_size,
1000 : &m_spdm_key_update_request1,
1001 : &response_size, response);
1002 :
1003 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1004 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1005 1 : spdm_response = (void *)response;
1006 1 : assert_int_equal(spdm_response->header.request_response_code,
1007 : SPDM_KEY_UPDATE_ACK);
1008 1 : assert_int_equal(spdm_response->header.param1,
1009 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
1010 1 : assert_int_equal(spdm_response->header.param2,
1011 : m_spdm_key_update_request1.header.param2);
1012 1 : assert_memory_equal(secured_message_context
1013 : ->application_secret.request_data_secret,
1014 : m_req_secret_buffer, secured_message_context->hash_size);
1015 1 : assert_memory_equal(secured_message_context
1016 : ->application_secret.response_data_secret,
1017 : m_rsp_secret_buffer, secured_message_context->hash_size);
1018 1 : }
1019 :
1020 :
1021 : /* other command + VerifyNewKey: failed*/
1022 1 : static void req_encap_key_update_ack_case14(void **state)
1023 : {
1024 : libspdm_return_t status;
1025 : libspdm_test_context_t *spdm_test_context;
1026 : libspdm_context_t *spdm_context;
1027 : uint32_t session_id;
1028 : libspdm_session_info_t *session_info;
1029 : libspdm_secured_message_context_t *secured_message_context;
1030 :
1031 : size_t response_size;
1032 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1033 : spdm_key_update_response_t *spdm_response;
1034 :
1035 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1036 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1037 :
1038 1 : spdm_test_context = *state;
1039 1 : spdm_context = spdm_test_context->spdm_context;
1040 1 : spdm_test_context->case_id = 0x0E;
1041 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1042 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1043 :
1044 1 : spdm_set_standard_key_update_test_state(
1045 : spdm_context, &session_id);
1046 :
1047 1 : session_info = &spdm_context->session_info[0];
1048 1 : secured_message_context = session_info->secured_message_context;
1049 :
1050 1 : libspdm_set_standard_key_update_test_secrets(
1051 1 : session_info->secured_message_context,
1052 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1053 : m_req_secret_buffer, (uint8_t)(0xEE));
1054 :
1055 : /*request side *not* updated*/
1056 :
1057 : /*other command with cleared last_key_update_request*/
1058 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
1059 :
1060 : /*response side updated */
1061 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1062 : secured_message_context->hash_size,
1063 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1064 : secured_message_context->hash_size);
1065 :
1066 1 : response_size = sizeof(response);
1067 1 : status = libspdm_get_encap_response_key_update(spdm_context,
1068 : m_spdm_key_update_request5_size,
1069 : &m_spdm_key_update_request5,
1070 : &response_size, response);
1071 :
1072 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1073 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1074 1 : spdm_response = (void *)response;
1075 1 : assert_int_equal(spdm_response->header.request_response_code,
1076 : SPDM_ERROR);
1077 1 : assert_int_equal(spdm_response->header.param1,
1078 : SPDM_ERROR_CODE_INVALID_REQUEST);
1079 1 : assert_int_equal(spdm_response->header.param2,
1080 : 0);
1081 1 : }
1082 :
1083 1 : int libspdm_req_encap_key_update_ack_test(void)
1084 : {
1085 1 : const struct CMUnitTest test_cases[] = {
1086 : /* Success Case -- UpdateKey*/
1087 : cmocka_unit_test(req_encap_key_update_ack_case1),
1088 : /* Bad request size*/
1089 : cmocka_unit_test(req_encap_key_update_ack_case2),
1090 : /* Buffer reset*/
1091 : cmocka_unit_test(req_encap_key_update_ack_case3),
1092 : /* Unsupported KEY_UPD capabilities*/
1093 : cmocka_unit_test(req_encap_key_update_ack_case4),
1094 : /* Uninitialized session*/
1095 : cmocka_unit_test(req_encap_key_update_ack_case5),
1096 : /* ruquster RETURN_UNSUPPORTED*/
1097 : cmocka_unit_test(req_encap_key_update_ack_case6),
1098 : /* Bad request size*/
1099 : cmocka_unit_test(req_encap_key_update_ack_case7),
1100 : /* Uninitialized key update*/
1101 : cmocka_unit_test(req_encap_key_update_ack_case8),
1102 : /* Invalid operation*/
1103 : cmocka_unit_test(req_encap_key_update_ack_case9),
1104 : /* UpdateKey + UpdateKey: failed*/
1105 : cmocka_unit_test(req_encap_key_update_ack_case10),
1106 : /* VerifyNewKey + UpdateKey: success*/
1107 : cmocka_unit_test(req_encap_key_update_ack_case11),
1108 : /* VerifyNewKey + VerifyNewKey: failed*/
1109 : cmocka_unit_test(req_encap_key_update_ack_case12),
1110 : /* other command + UpdateKey: success*/
1111 : cmocka_unit_test(req_encap_key_update_ack_case13),
1112 : /* other command + VerifyNewKey: failed*/
1113 : cmocka_unit_test(req_encap_key_update_ack_case14),
1114 : };
1115 :
1116 1 : libspdm_test_context_t test_context = {
1117 : LIBSPDM_TEST_CONTEXT_VERSION,
1118 : false,
1119 : };
1120 :
1121 1 : libspdm_setup_test_context(&test_context);
1122 :
1123 1 : return cmocka_run_group_tests(test_cases,
1124 : libspdm_unit_test_group_setup,
1125 : libspdm_unit_test_group_teardown);
1126 : }
1127 :
1128 : #endif /* LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP && (..) */
|
