Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2024-2026 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_requester_lib.h"
9 : #include "internal/libspdm_secured_message_lib.h"
10 :
11 : #if LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP
12 :
13 : uint8_t m_response_total_key_pairs;
14 : uint8_t m_response_key_pair_id;
15 : uint16_t m_response_capabilities;
16 : uint16_t m_response_key_usage_capabilities;
17 : uint16_t m_response_current_key_usage;
18 : uint32_t m_response_asym_algo_capabilities;
19 : uint32_t m_response_current_asym_algo;
20 : uint8_t m_response_assoc_cert_slot_mask;
21 :
22 17 : static libspdm_return_t send_message(
23 : void *spdm_context, size_t request_size, const void *request, uint64_t timeout)
24 : {
25 : libspdm_test_context_t *spdm_test_context;
26 :
27 17 : spdm_test_context = libspdm_get_test_context();
28 17 : switch (spdm_test_context->case_id) {
29 17 : case 0x1:
30 : case 0x2:
31 : case 0x3:
32 17 : return LIBSPDM_STATUS_SUCCESS;
33 0 : default:
34 0 : return LIBSPDM_STATUS_SEND_FAIL;
35 : }
36 : }
37 :
38 17 : static libspdm_return_t receive_message(
39 : void *spdm_context, size_t *response_size, void **response, uint64_t timeout)
40 : {
41 : libspdm_test_context_t *spdm_test_context;
42 :
43 17 : spdm_test_context = libspdm_get_test_context();
44 17 : switch (spdm_test_context->case_id) {
45 1 : case 0x1: {
46 : spdm_key_pair_info_response_t *spdm_response;
47 : size_t spdm_response_size;
48 : size_t transport_header_size;
49 :
50 : uint8_t total_key_pairs;
51 : uint8_t key_pair_id;
52 : uint16_t public_key_info_len;
53 : uint16_t capabilities;
54 : uint16_t key_usage_capabilities;
55 : uint16_t current_key_usage;
56 : uint32_t asym_algo_capabilities;
57 : uint32_t current_asym_algo;
58 : uint8_t assoc_cert_slot_mask;
59 :
60 1 : uint8_t public_key_info_rsa2048[] = {0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
61 : 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00};
62 :
63 1 : key_pair_id = 1;
64 1 : total_key_pairs = 1;
65 1 : public_key_info_len = (uint16_t)sizeof(public_key_info_rsa2048);
66 :
67 1 : transport_header_size = LIBSPDM_TEST_TRANSPORT_HEADER_SIZE;
68 1 : spdm_response = (void *)((uint8_t *)*response + transport_header_size);
69 1 : spdm_response_size = sizeof(spdm_key_pair_info_response_t) + public_key_info_len;
70 :
71 1 : capabilities = SPDM_KEY_PAIR_CAP_GEN_KEY_CAP;
72 1 : key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
73 1 : current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
74 1 : asym_algo_capabilities = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
75 1 : current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
76 :
77 : /*association with slot 1*/
78 1 : assoc_cert_slot_mask = 0x02;
79 :
80 1 : spdm_response->header.spdm_version = SPDM_MESSAGE_VERSION_13;
81 1 : spdm_response->header.request_response_code = SPDM_KEY_PAIR_INFO;
82 1 : spdm_response->header.param1 = 0;
83 1 : spdm_response->header.param2 = 0;
84 1 : spdm_response->total_key_pairs = total_key_pairs;
85 1 : spdm_response->key_pair_id = key_pair_id;
86 1 : spdm_response->capabilities = capabilities;
87 1 : spdm_response->key_usage_capabilities = key_usage_capabilities;
88 1 : spdm_response->current_key_usage = current_key_usage;
89 1 : spdm_response->asym_algo_capabilities = asym_algo_capabilities;
90 1 : spdm_response->current_asym_algo = current_asym_algo;
91 1 : spdm_response->public_key_info_len = public_key_info_len;
92 1 : spdm_response->assoc_cert_slot_mask = assoc_cert_slot_mask;
93 :
94 1 : libspdm_copy_mem((void*)(spdm_response + 1), public_key_info_len,
95 : public_key_info_rsa2048, public_key_info_len);
96 :
97 1 : libspdm_transport_test_encode_message(spdm_context, NULL, false,
98 : false, spdm_response_size,
99 : spdm_response, response_size,
100 : response);
101 : }
102 1 : return LIBSPDM_STATUS_SUCCESS;
103 :
104 15 : case 0x2: {
105 : spdm_key_pair_info_response_t *spdm_response;
106 : size_t spdm_response_size;
107 : size_t transport_header_size;
108 :
109 : uint16_t public_key_info_len;
110 15 : uint8_t public_key_info_rsa2048[] = {0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
111 : 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00};
112 :
113 15 : public_key_info_len = (uint16_t)sizeof(public_key_info_rsa2048);
114 :
115 15 : transport_header_size = LIBSPDM_TEST_TRANSPORT_HEADER_SIZE;
116 15 : spdm_response = (void *)((uint8_t *)*response + transport_header_size);
117 15 : spdm_response_size = sizeof(spdm_key_pair_info_response_t) + public_key_info_len;
118 :
119 15 : spdm_response->header.spdm_version = SPDM_MESSAGE_VERSION_13;
120 15 : spdm_response->header.request_response_code = SPDM_KEY_PAIR_INFO;
121 15 : spdm_response->header.param1 = 0;
122 15 : spdm_response->header.param2 = 0;
123 15 : spdm_response->total_key_pairs = m_response_total_key_pairs;
124 15 : spdm_response->key_pair_id = m_response_key_pair_id;
125 15 : spdm_response->capabilities = m_response_capabilities;
126 15 : spdm_response->key_usage_capabilities = m_response_key_usage_capabilities;
127 15 : spdm_response->current_key_usage = m_response_current_key_usage;
128 15 : spdm_response->asym_algo_capabilities = m_response_asym_algo_capabilities;
129 15 : spdm_response->current_asym_algo = m_response_current_asym_algo;
130 15 : spdm_response->public_key_info_len = public_key_info_len;
131 15 : spdm_response->assoc_cert_slot_mask = m_response_assoc_cert_slot_mask;
132 :
133 :
134 15 : libspdm_copy_mem((void*)(spdm_response + 1), public_key_info_len,
135 : public_key_info_rsa2048, public_key_info_len);
136 15 : libspdm_transport_test_encode_message(spdm_context, NULL, false,
137 : false, spdm_response_size,
138 : spdm_response, response_size,
139 : response);
140 : }
141 15 : return LIBSPDM_STATUS_SUCCESS;
142 :
143 1 : case 0x3: {
144 : spdm_key_pair_info_response_t *spdm_response;
145 : size_t spdm_response_size;
146 : size_t transport_header_size;
147 :
148 : uint8_t total_key_pairs;
149 : uint8_t key_pair_id;
150 : uint16_t public_key_info_len;
151 : uint16_t capabilities;
152 : uint16_t key_usage_capabilities;
153 : uint16_t current_key_usage;
154 : uint32_t asym_algo_capabilities;
155 : uint32_t current_asym_algo;
156 : uint8_t assoc_cert_slot_mask;
157 : uint8_t *ptr;
158 :
159 1 : uint8_t public_key_info_rsa2048[] = {0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
160 : 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00};
161 :
162 1 : key_pair_id = 1;
163 1 : total_key_pairs = 1;
164 1 : public_key_info_len = (uint16_t)sizeof(public_key_info_rsa2048);
165 :
166 1 : transport_header_size = LIBSPDM_TEST_TRANSPORT_HEADER_SIZE;
167 1 : spdm_response = (void *)((uint8_t *)*response + transport_header_size);
168 1 : spdm_response_size = sizeof(spdm_key_pair_info_response_t) + public_key_info_len +
169 1 : sizeof(uint8_t) + 5 + sizeof(uint8_t) + 4;
170 :
171 1 : capabilities = SPDM_KEY_PAIR_CAP_GEN_KEY_CAP;
172 1 : key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
173 1 : current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
174 1 : asym_algo_capabilities = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
175 1 : current_asym_algo = 0;
176 :
177 : /* association with slot 1 */
178 1 : assoc_cert_slot_mask = 0x02;
179 :
180 1 : spdm_response->header.spdm_version = SPDM_MESSAGE_VERSION_14;
181 1 : spdm_response->header.request_response_code = SPDM_KEY_PAIR_INFO;
182 1 : spdm_response->header.param1 = 0;
183 1 : spdm_response->header.param2 = 0;
184 1 : spdm_response->total_key_pairs = total_key_pairs;
185 1 : spdm_response->key_pair_id = key_pair_id;
186 1 : spdm_response->capabilities = capabilities;
187 1 : spdm_response->key_usage_capabilities = key_usage_capabilities;
188 1 : spdm_response->current_key_usage = current_key_usage;
189 1 : spdm_response->asym_algo_capabilities = asym_algo_capabilities;
190 1 : spdm_response->current_asym_algo = current_asym_algo;
191 1 : spdm_response->public_key_info_len = public_key_info_len;
192 1 : spdm_response->assoc_cert_slot_mask = assoc_cert_slot_mask;
193 :
194 1 : libspdm_copy_mem((void*)(spdm_response + 1), public_key_info_len,
195 : public_key_info_rsa2048, public_key_info_len);
196 :
197 1 : ptr = (uint8_t *)(spdm_response + 1) + public_key_info_len;
198 1 : *ptr = 5;
199 1 : ptr += sizeof(uint8_t);
200 :
201 : /* First 4 bytes carry ML_DSA_44 capability, 5th byte is non-zero to expose cursor bugs. */
202 1 : ptr[0] = 0x01;
203 1 : ptr[1] = 0x00;
204 1 : ptr[2] = 0x00;
205 1 : ptr[3] = 0x00;
206 1 : ptr[4] = 0x04;
207 1 : ptr += 5;
208 :
209 1 : *ptr = 4;
210 1 : ptr += sizeof(uint8_t);
211 :
212 1 : ptr[0] = 0x01;
213 1 : ptr[1] = 0x00;
214 1 : ptr[2] = 0x00;
215 1 : ptr[3] = 0x00;
216 :
217 1 : libspdm_transport_test_encode_message(spdm_context, NULL, false,
218 : false, spdm_response_size,
219 : spdm_response, response_size,
220 : response);
221 : }
222 1 : return LIBSPDM_STATUS_SUCCESS;
223 :
224 0 : default:
225 0 : return LIBSPDM_STATUS_RECEIVE_FAIL;
226 : }
227 : }
228 :
229 : /**
230 : * Test 1: Successful response to get key pair info
231 : * Expected Behavior: get a LIBSPDM_STATUS_SUCCESS return code
232 : **/
233 1 : static void req_get_key_pair_info_case1(void **state)
234 : {
235 : libspdm_return_t status;
236 : libspdm_test_context_t *spdm_test_context;
237 : libspdm_context_t *spdm_context;
238 :
239 : uint8_t key_pair_id;
240 : uint8_t associated_slot_id;
241 : uint8_t total_key_pairs;
242 : uint16_t capabilities;
243 : uint16_t key_usage_capabilities;
244 : uint16_t current_key_usage;
245 : uint32_t asym_algo_capabilities;
246 : uint32_t current_asym_algo;
247 : uint32_t pqc_asym_algo_capabilities;
248 : uint32_t current_pqc_asym_algo;
249 : uint16_t public_key_info_len;
250 : uint8_t assoc_cert_slot_mask;
251 : uint8_t public_key_info[SPDM_MAX_PUBLIC_KEY_INFO_LEN];
252 :
253 1 : key_pair_id = 1;
254 1 : associated_slot_id = 1;
255 1 : spdm_test_context = *state;
256 1 : spdm_context = spdm_test_context->spdm_context;
257 1 : spdm_test_context->case_id = 0x1;
258 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_13 <<
259 : SPDM_VERSION_NUMBER_SHIFT_BIT;
260 :
261 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
262 1 : spdm_context->connection_info.capability.flags |=
263 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_GET_KEY_PAIR_INFO_CAP |
264 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_INFO_CAP;
265 :
266 1 : spdm_context->connection_info.peer_key_pair_id[associated_slot_id] = key_pair_id;
267 1 : public_key_info_len = SPDM_MAX_PUBLIC_KEY_INFO_LEN;
268 :
269 1 : status = libspdm_get_key_pair_info(spdm_context, NULL, key_pair_id, &total_key_pairs,
270 : &capabilities, &key_usage_capabilities, ¤t_key_usage,
271 : &asym_algo_capabilities, ¤t_asym_algo,
272 : &pqc_asym_algo_capabilities, ¤t_pqc_asym_algo,
273 : &assoc_cert_slot_mask, &public_key_info_len,
274 : public_key_info);
275 :
276 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
277 1 : assert_int_equal(capabilities, SPDM_KEY_PAIR_CAP_GEN_KEY_CAP);
278 1 : assert_int_equal(key_usage_capabilities, SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE);
279 1 : assert_int_equal(current_key_usage, SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE);
280 1 : assert_int_equal(asym_algo_capabilities, SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048);
281 1 : assert_int_equal(current_asym_algo, SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048);
282 1 : }
283 :
284 : /**
285 : * Test 2: The collection of multiple sub-cases for invalid combination.
286 : * Expected Behavior: get a LIBSPDM_STATUS_INVALID_MSG_FIELD return code
287 : **/
288 1 : void req_get_key_pair_info_case2(void **state)
289 : {
290 : libspdm_return_t status;
291 : libspdm_test_context_t *spdm_test_context;
292 : libspdm_context_t *spdm_context;
293 :
294 : uint8_t key_pair_id;
295 : uint8_t associated_slot_id;
296 : uint8_t total_key_pairs;
297 : uint16_t capabilities;
298 : uint16_t key_usage_capabilities;
299 : uint16_t current_key_usage;
300 : uint32_t asym_algo_capabilities;
301 : uint32_t current_asym_algo;
302 : uint32_t pqc_asym_algo_capabilities;
303 : uint32_t current_pqc_asym_algo;
304 : uint16_t public_key_info_len;
305 : uint8_t assoc_cert_slot_mask;
306 : uint8_t public_key_info[SPDM_MAX_PUBLIC_KEY_INFO_LEN];
307 :
308 1 : spdm_test_context = *state;
309 1 : spdm_context = spdm_test_context->spdm_context;
310 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_13 <<
311 : SPDM_VERSION_NUMBER_SHIFT_BIT;
312 :
313 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
314 1 : spdm_context->connection_info.capability.flags |=
315 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_GET_KEY_PAIR_INFO_CAP;
316 :
317 1 : spdm_test_context->case_id = 0x2;
318 1 : public_key_info_len = SPDM_MAX_PUBLIC_KEY_INFO_LEN;
319 :
320 : /* Sub Case 1: key_pair_id > total_key_pairs*/
321 1 : key_pair_id = 2;
322 1 : associated_slot_id = 1;
323 1 : spdm_context->connection_info.peer_key_pair_id[associated_slot_id] = key_pair_id;
324 :
325 1 : m_response_total_key_pairs = 1;
326 1 : m_response_key_pair_id = 2;
327 1 : m_response_capabilities = SPDM_KEY_PAIR_CAP_GEN_KEY_CAP;
328 1 : m_response_key_usage_capabilities =SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
329 1 : m_response_current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
330 1 : m_response_asym_algo_capabilities = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
331 1 : m_response_current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
332 : /* association with slot 1*/
333 1 : m_response_assoc_cert_slot_mask = 0x2;
334 :
335 1 : status = libspdm_get_key_pair_info(spdm_context, NULL, key_pair_id, &total_key_pairs,
336 : &capabilities, &key_usage_capabilities, ¤t_key_usage,
337 : &asym_algo_capabilities, ¤t_asym_algo,
338 : &pqc_asym_algo_capabilities, ¤t_pqc_asym_algo,
339 : &assoc_cert_slot_mask, &public_key_info_len,
340 : public_key_info);
341 :
342 1 : assert_int_equal(status, LIBSPDM_STATUS_INVALID_MSG_FIELD);
343 :
344 : /* Sub Case 2: responder and requester, the KeyPairID are not consistent.*/
345 1 : key_pair_id = 0xA0;
346 1 : associated_slot_id = 1;
347 1 : spdm_context->connection_info.peer_key_pair_id[associated_slot_id] = key_pair_id;
348 :
349 1 : m_response_total_key_pairs = 1;
350 1 : m_response_key_pair_id = 1;
351 1 : m_response_capabilities = SPDM_KEY_PAIR_CAP_GEN_KEY_CAP;
352 1 : m_response_key_usage_capabilities =SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
353 1 : m_response_current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
354 1 : m_response_asym_algo_capabilities = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
355 1 : m_response_current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
356 : /* association with slot 1*/
357 1 : m_response_assoc_cert_slot_mask = 0x2;
358 :
359 1 : status = libspdm_get_key_pair_info(spdm_context, NULL, key_pair_id, &total_key_pairs,
360 : &capabilities, &key_usage_capabilities, ¤t_key_usage,
361 : &asym_algo_capabilities, ¤t_asym_algo,
362 : &pqc_asym_algo_capabilities, ¤t_pqc_asym_algo,
363 : &assoc_cert_slot_mask, &public_key_info_len,
364 : public_key_info);
365 :
366 1 : assert_int_equal(status, LIBSPDM_STATUS_INVALID_MSG_FIELD);
367 :
368 : /* Sub Case 3: not set capabilities.*/
369 1 : key_pair_id = 1;
370 1 : associated_slot_id = 1;
371 1 : spdm_context->connection_info.peer_key_pair_id[associated_slot_id] = key_pair_id;
372 :
373 1 : m_response_total_key_pairs = 1;
374 1 : m_response_key_pair_id = 1;
375 1 : m_response_capabilities = 0;
376 1 : m_response_key_usage_capabilities =SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
377 1 : m_response_current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
378 1 : m_response_asym_algo_capabilities = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
379 1 : m_response_current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
380 : /* association with slot 1*/
381 1 : m_response_assoc_cert_slot_mask = 0x2;
382 :
383 1 : status = libspdm_get_key_pair_info(spdm_context, NULL, key_pair_id, &total_key_pairs,
384 : &capabilities, &key_usage_capabilities, ¤t_key_usage,
385 : &asym_algo_capabilities, ¤t_asym_algo,
386 : &pqc_asym_algo_capabilities, ¤t_pqc_asym_algo,
387 : &assoc_cert_slot_mask, &public_key_info_len,
388 : public_key_info);
389 :
390 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
391 1 : assert_int_equal(capabilities, 0);
392 1 : assert_int_equal(key_usage_capabilities, SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE);
393 1 : assert_int_equal(current_key_usage, SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE);
394 1 : assert_int_equal(asym_algo_capabilities, SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048);
395 1 : assert_int_equal(current_asym_algo, SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048);
396 :
397 : /* Sub Case 4: This bit shall not be set if CertAssocCap is not set.
398 : * Set the ShareableCap bit and not set the CertAssocCap bit.*/
399 1 : key_pair_id = 1;
400 1 : associated_slot_id = 1;
401 1 : spdm_context->connection_info.peer_key_pair_id[associated_slot_id] = key_pair_id;
402 :
403 1 : m_response_total_key_pairs = 1;
404 1 : m_response_key_pair_id = 1;
405 :
406 1 : m_response_capabilities = 0;
407 1 : m_response_capabilities |= SPDM_KEY_PAIR_CAP_SHAREABLE_CAP;
408 1 : m_response_capabilities &= ~SPDM_KEY_PAIR_CAP_CERT_ASSOC_CAP;
409 :
410 1 : m_response_key_usage_capabilities =SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
411 1 : m_response_current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
412 1 : m_response_asym_algo_capabilities = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
413 1 : m_response_current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
414 : /* association with slot 1*/
415 1 : m_response_assoc_cert_slot_mask = 0x2;
416 :
417 1 : status = libspdm_get_key_pair_info(spdm_context, NULL, key_pair_id, &total_key_pairs,
418 : &capabilities, &key_usage_capabilities, ¤t_key_usage,
419 : &asym_algo_capabilities, ¤t_asym_algo,
420 : &pqc_asym_algo_capabilities, ¤t_pqc_asym_algo,
421 : &assoc_cert_slot_mask, &public_key_info_len,
422 : public_key_info);
423 :
424 1 : assert_int_equal(status, LIBSPDM_STATUS_INVALID_MSG_FIELD);
425 :
426 : /* Sub Case 5: KeyUsageCapabilities at least one bit shall be set, not set KeyUsageCapabilities.*/
427 1 : m_response_total_key_pairs = 1;
428 1 : m_response_key_pair_id = 1;
429 1 : m_response_capabilities = SPDM_KEY_PAIR_CAP_GEN_KEY_CAP;
430 1 : m_response_key_usage_capabilities =0;
431 1 : m_response_current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
432 1 : m_response_asym_algo_capabilities = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
433 1 : m_response_current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
434 : /* association with slot 1*/
435 1 : m_response_assoc_cert_slot_mask = 0x2;
436 :
437 1 : status = libspdm_get_key_pair_info(spdm_context, NULL, key_pair_id, &total_key_pairs,
438 : &capabilities, &key_usage_capabilities, ¤t_key_usage,
439 : &asym_algo_capabilities, ¤t_asym_algo,
440 : &pqc_asym_algo_capabilities, ¤t_pqc_asym_algo,
441 : &assoc_cert_slot_mask, &public_key_info_len,
442 : public_key_info);
443 :
444 1 : assert_int_equal(status, LIBSPDM_STATUS_INVALID_MSG_FIELD);
445 :
446 : /* Sub Case 6: KeyUsageCapabilities Set multiple bits.*/
447 1 : m_response_total_key_pairs = 1;
448 1 : m_response_key_pair_id = 1;
449 1 : m_response_capabilities = SPDM_KEY_PAIR_CAP_GEN_KEY_CAP;
450 1 : m_response_key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE |
451 : SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE |
452 : SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE |
453 : SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE |
454 : SPDM_KEY_USAGE_BIT_MASK_STANDARDS_KEY_USE |
455 : SPDM_KEY_USAGE_BIT_MASK_VENDOR_KEY_USE;
456 1 : m_response_current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
457 1 : m_response_asym_algo_capabilities = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
458 1 : m_response_current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
459 : /* association with slot 1*/
460 1 : m_response_assoc_cert_slot_mask = 0x2;
461 :
462 1 : status = libspdm_get_key_pair_info(spdm_context, NULL, key_pair_id, &total_key_pairs,
463 : &capabilities, &key_usage_capabilities, ¤t_key_usage,
464 : &asym_algo_capabilities, ¤t_asym_algo,
465 : &pqc_asym_algo_capabilities, ¤t_pqc_asym_algo,
466 : &assoc_cert_slot_mask, &public_key_info_len,
467 : public_key_info);
468 :
469 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
470 1 : assert_int_equal(capabilities, SPDM_KEY_PAIR_CAP_GEN_KEY_CAP);
471 1 : assert_int_equal(key_usage_capabilities, SPDM_KEY_USAGE_BIT_MASK);
472 1 : assert_int_equal(current_key_usage, SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE);
473 1 : assert_int_equal(asym_algo_capabilities, SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048);
474 1 : assert_int_equal(current_asym_algo, SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048);
475 :
476 : /* Sub Case 7: not set CurrentKeyUsage*/
477 1 : m_response_total_key_pairs = 1;
478 1 : m_response_key_pair_id = 1;
479 1 : m_response_capabilities = SPDM_KEY_PAIR_CAP_GEN_KEY_CAP;
480 1 : m_response_key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
481 1 : m_response_current_key_usage = 0;
482 1 : m_response_asym_algo_capabilities = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
483 1 : m_response_current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
484 : /* association with slot 1*/
485 1 : m_response_assoc_cert_slot_mask = 0x2;
486 :
487 1 : status = libspdm_get_key_pair_info(spdm_context, NULL, key_pair_id, &total_key_pairs,
488 : &capabilities, &key_usage_capabilities, ¤t_key_usage,
489 : &asym_algo_capabilities, ¤t_asym_algo,
490 : &pqc_asym_algo_capabilities, ¤t_pqc_asym_algo,
491 : &assoc_cert_slot_mask, &public_key_info_len,
492 : public_key_info);
493 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
494 1 : assert_int_equal(capabilities, SPDM_KEY_PAIR_CAP_GEN_KEY_CAP);
495 1 : assert_int_equal(key_usage_capabilities, SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE);
496 1 : assert_int_equal(current_key_usage, 0);
497 1 : assert_int_equal(asym_algo_capabilities, SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048);
498 1 : assert_int_equal(current_asym_algo, SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048);
499 :
500 : /* Sub Case 8: CurrentKeyUsage Set multiple bits.*/
501 1 : m_response_total_key_pairs = 1;
502 1 : m_response_key_pair_id = 1;
503 1 : m_response_capabilities = SPDM_KEY_PAIR_CAP_GEN_KEY_CAP;
504 1 : m_response_key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
505 1 : m_response_current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE |
506 : SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE |
507 : SPDM_KEY_USAGE_BIT_MASK_MEASUREMENT_USE |
508 : SPDM_KEY_USAGE_BIT_MASK_ENDPOINT_INFO_USE |
509 : SPDM_KEY_USAGE_BIT_MASK_STANDARDS_KEY_USE |
510 : SPDM_KEY_USAGE_BIT_MASK_VENDOR_KEY_USE;
511 1 : m_response_asym_algo_capabilities = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
512 1 : m_response_current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
513 : /* association with slot 1*/
514 1 : m_response_assoc_cert_slot_mask = 0x2;
515 :
516 1 : status = libspdm_get_key_pair_info(spdm_context, NULL, key_pair_id, &total_key_pairs,
517 : &capabilities, &key_usage_capabilities, ¤t_key_usage,
518 : &asym_algo_capabilities, ¤t_asym_algo,
519 : &pqc_asym_algo_capabilities, ¤t_pqc_asym_algo,
520 : &assoc_cert_slot_mask, &public_key_info_len,
521 : public_key_info);
522 1 : assert_int_equal(status, LIBSPDM_STATUS_INVALID_MSG_FIELD);
523 :
524 : /* Sub Case 9: CurrentKeyUsage and KeyUsageCapabilities, Set multiple bits.*/
525 1 : m_response_total_key_pairs = 1;
526 1 : m_response_key_pair_id = 1;
527 1 : m_response_capabilities = SPDM_KEY_PAIR_CAP_GEN_KEY_CAP;
528 1 : m_response_key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE |
529 : SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE;
530 1 : m_response_current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE |
531 : SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE;
532 1 : m_response_asym_algo_capabilities = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
533 1 : m_response_current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
534 : /* association with slot 1*/
535 1 : m_response_assoc_cert_slot_mask = 0x2;
536 :
537 1 : status = libspdm_get_key_pair_info(spdm_context, NULL, key_pair_id, &total_key_pairs,
538 : &capabilities, &key_usage_capabilities, ¤t_key_usage,
539 : &asym_algo_capabilities, ¤t_asym_algo,
540 : &pqc_asym_algo_capabilities, ¤t_pqc_asym_algo,
541 : &assoc_cert_slot_mask, &public_key_info_len,
542 : public_key_info);
543 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
544 1 : assert_int_equal(capabilities, SPDM_KEY_PAIR_CAP_GEN_KEY_CAP);
545 1 : assert_int_equal(key_usage_capabilities, SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE |
546 : SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE);
547 1 : assert_int_equal(current_key_usage, SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE |
548 : SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE);
549 1 : assert_int_equal(asym_algo_capabilities, SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048);
550 1 : assert_int_equal(current_asym_algo, SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048);
551 :
552 : /* Sub Case 10: CurrentKeyUsage and KeyUsageCapabilities are not consistent.*/
553 1 : m_response_total_key_pairs = 1;
554 1 : m_response_key_pair_id = 1;
555 1 : m_response_capabilities = SPDM_KEY_PAIR_CAP_GEN_KEY_CAP;
556 1 : m_response_key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_CHALLENGE_USE;
557 1 : m_response_current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
558 1 : m_response_asym_algo_capabilities = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
559 1 : m_response_current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
560 : /* association with slot 1*/
561 1 : m_response_assoc_cert_slot_mask = 0x2;
562 :
563 1 : status = libspdm_get_key_pair_info(spdm_context, NULL, key_pair_id, &total_key_pairs,
564 : &capabilities, &key_usage_capabilities, ¤t_key_usage,
565 : &asym_algo_capabilities, ¤t_asym_algo,
566 : &pqc_asym_algo_capabilities, ¤t_pqc_asym_algo,
567 : &assoc_cert_slot_mask, &public_key_info_len,
568 : public_key_info);
569 1 : assert_int_equal(status, LIBSPDM_STATUS_INVALID_MSG_FIELD);
570 :
571 : /* Sub Case 11: AsymAlgoCapabilities, at least one bit shall be set.not set AsymAlgoCapabilities*/
572 1 : m_response_total_key_pairs = 1;
573 1 : m_response_key_pair_id = 1;
574 1 : m_response_capabilities = SPDM_KEY_PAIR_CAP_GEN_KEY_CAP;
575 1 : m_response_key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
576 1 : m_response_current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
577 1 : m_response_asym_algo_capabilities = 0;
578 1 : m_response_current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
579 : /* association with slot 1*/
580 1 : m_response_assoc_cert_slot_mask = 0x2;
581 :
582 1 : status = libspdm_get_key_pair_info(spdm_context, NULL, key_pair_id, &total_key_pairs,
583 : &capabilities, &key_usage_capabilities, ¤t_key_usage,
584 : &asym_algo_capabilities, ¤t_asym_algo,
585 : &pqc_asym_algo_capabilities, ¤t_pqc_asym_algo,
586 : &assoc_cert_slot_mask, &public_key_info_len,
587 : public_key_info);
588 :
589 1 : assert_int_equal(status, LIBSPDM_STATUS_INVALID_MSG_FIELD);
590 :
591 : /* Sub Case 12: AsymAlgoCapabilities Set multiple bits.*/
592 1 : m_response_total_key_pairs = 1;
593 1 : m_response_key_pair_id = 1;
594 1 : m_response_capabilities = SPDM_KEY_PAIR_CAP_GEN_KEY_CAP;
595 1 : m_response_key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
596 1 : m_response_current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
597 1 : m_response_asym_algo_capabilities = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048 |
598 : SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED448;
599 1 : m_response_current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
600 : /* association with slot 1*/
601 1 : m_response_assoc_cert_slot_mask = 0x2;
602 :
603 1 : status = libspdm_get_key_pair_info(spdm_context, NULL, key_pair_id, &total_key_pairs,
604 : &capabilities, &key_usage_capabilities, ¤t_key_usage,
605 : &asym_algo_capabilities, ¤t_asym_algo,
606 : &pqc_asym_algo_capabilities, ¤t_pqc_asym_algo,
607 : &assoc_cert_slot_mask, &public_key_info_len,
608 : public_key_info);
609 :
610 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
611 1 : assert_int_equal(capabilities, SPDM_KEY_PAIR_CAP_GEN_KEY_CAP);
612 1 : assert_int_equal(key_usage_capabilities, SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE);
613 1 : assert_int_equal(current_key_usage, SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE);
614 1 : assert_int_equal(asym_algo_capabilities, SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048 |
615 : SPDM_KEY_PAIR_ASYM_ALGO_CAP_ED448);
616 1 : assert_int_equal(current_asym_algo, SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048);
617 :
618 : /* Sub Case 13: CurrentAsymAlgo Set bits more than one bit.*/
619 1 : m_response_total_key_pairs = 1;
620 1 : m_response_key_pair_id = 1;
621 1 : m_response_capabilities = SPDM_KEY_PAIR_CAP_GEN_KEY_CAP;
622 1 : m_response_key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
623 1 : m_response_current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
624 1 : m_response_asym_algo_capabilities = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
625 1 : m_response_current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048 |
626 : SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA3072;
627 : /* association with slot 1*/
628 1 : m_response_assoc_cert_slot_mask = 0x2;
629 :
630 1 : status = libspdm_get_key_pair_info(spdm_context, NULL, key_pair_id, &total_key_pairs,
631 : &capabilities, &key_usage_capabilities, ¤t_key_usage,
632 : &asym_algo_capabilities, ¤t_asym_algo,
633 : &pqc_asym_algo_capabilities, ¤t_pqc_asym_algo,
634 : &assoc_cert_slot_mask, &public_key_info_len,
635 : public_key_info);
636 :
637 1 : assert_int_equal(status, LIBSPDM_STATUS_INVALID_MSG_FIELD);
638 :
639 : /* Sub Case 14: AsymAlgoCapabilities and AsymAlgoCapabilities are not consistent.*/
640 1 : m_response_total_key_pairs = 1;
641 1 : m_response_key_pair_id = 1;
642 1 : m_response_capabilities = SPDM_KEY_PAIR_CAP_GEN_KEY_CAP;
643 1 : m_response_key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
644 1 : m_response_current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
645 1 : m_response_asym_algo_capabilities = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA3072;
646 1 : m_response_current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
647 : /* association with slot 1*/
648 1 : m_response_assoc_cert_slot_mask = 0x2;
649 :
650 1 : status = libspdm_get_key_pair_info(spdm_context, NULL, key_pair_id, &total_key_pairs,
651 : &capabilities, &key_usage_capabilities, ¤t_key_usage,
652 : &asym_algo_capabilities, ¤t_asym_algo,
653 : &pqc_asym_algo_capabilities, ¤t_pqc_asym_algo,
654 : &assoc_cert_slot_mask, &public_key_info_len,
655 : public_key_info);
656 :
657 1 : assert_int_equal(status, LIBSPDM_STATUS_INVALID_MSG_FIELD);
658 :
659 : /* Sub Case 15: AssocCertSlotMask set more than one bit, but ShareableCap is not set.*/
660 1 : m_response_total_key_pairs = 1;
661 1 : m_response_key_pair_id = 1;
662 1 : m_response_capabilities = 0;
663 1 : m_response_key_usage_capabilities = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
664 1 : m_response_current_key_usage = SPDM_KEY_USAGE_BIT_MASK_KEY_EX_USE;
665 1 : m_response_asym_algo_capabilities = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
666 1 : m_response_current_asym_algo = SPDM_KEY_PAIR_ASYM_ALGO_CAP_RSA2048;
667 : /* association with slot 1*/
668 1 : m_response_assoc_cert_slot_mask = 0xFF;
669 :
670 1 : status = libspdm_get_key_pair_info(spdm_context, NULL, key_pair_id, &total_key_pairs,
671 : &capabilities, &key_usage_capabilities, ¤t_key_usage,
672 : &asym_algo_capabilities, ¤t_asym_algo,
673 : &pqc_asym_algo_capabilities, ¤t_pqc_asym_algo,
674 : &assoc_cert_slot_mask, &public_key_info_len,
675 : public_key_info);
676 :
677 1 : assert_int_equal(status, LIBSPDM_STATUS_INVALID_MSG_FIELD);
678 1 : }
679 :
680 : /**
681 : * Test 3: SPDM 1.4 KEY_PAIR_INFO parser must advance using raw PQC lengths.
682 : * Expected Behavior: get a LIBSPDM_STATUS_SUCCESS return code
683 : **/
684 1 : static void req_get_key_pair_info_case3(void **state)
685 : {
686 : libspdm_return_t status;
687 : libspdm_test_context_t *spdm_test_context;
688 : libspdm_context_t *spdm_context;
689 :
690 : uint8_t key_pair_id;
691 : uint8_t associated_slot_id;
692 : uint8_t total_key_pairs;
693 : uint16_t capabilities;
694 : uint16_t key_usage_capabilities;
695 : uint16_t current_key_usage;
696 : uint32_t asym_algo_capabilities;
697 : uint32_t current_asym_algo;
698 : uint32_t pqc_asym_algo_capabilities;
699 : uint32_t current_pqc_asym_algo;
700 : uint16_t public_key_info_len;
701 : uint8_t assoc_cert_slot_mask;
702 : uint8_t public_key_info[SPDM_MAX_PUBLIC_KEY_INFO_LEN];
703 :
704 1 : key_pair_id = 1;
705 1 : associated_slot_id = 1;
706 1 : spdm_test_context = *state;
707 1 : spdm_context = spdm_test_context->spdm_context;
708 1 : spdm_test_context->case_id = 0x3;
709 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
710 : SPDM_VERSION_NUMBER_SHIFT_BIT;
711 :
712 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
713 1 : spdm_context->connection_info.capability.flags |=
714 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_GET_KEY_PAIR_INFO_CAP |
715 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_KEY_PAIR_INFO_CAP;
716 :
717 1 : spdm_context->connection_info.peer_key_pair_id[associated_slot_id] = key_pair_id;
718 1 : public_key_info_len = SPDM_MAX_PUBLIC_KEY_INFO_LEN;
719 :
720 1 : status = libspdm_get_key_pair_info(spdm_context, NULL, key_pair_id, &total_key_pairs,
721 : &capabilities, &key_usage_capabilities, ¤t_key_usage,
722 : &asym_algo_capabilities, ¤t_asym_algo,
723 : &pqc_asym_algo_capabilities, ¤t_pqc_asym_algo,
724 : &assoc_cert_slot_mask, &public_key_info_len,
725 : public_key_info);
726 :
727 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
728 1 : assert_int_equal(pqc_asym_algo_capabilities, SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_ML_DSA_44);
729 1 : assert_int_equal(current_pqc_asym_algo, SPDM_KEY_PAIR_PQC_ASYM_ALGO_CAP_ML_DSA_44);
730 1 : }
731 :
732 1 : int libspdm_req_get_key_pair_info_test(void)
733 : {
734 1 : const struct CMUnitTest test_cases[] = {
735 : /* Successful response to get key pair info, key_pair_id is 1*/
736 : cmocka_unit_test(req_get_key_pair_info_case1),
737 : /* The collection of multiple sub-cases for invalid combination.*/
738 : cmocka_unit_test(req_get_key_pair_info_case2),
739 : /* SPDM 1.4 oversized PQC length uses raw_len for cursor advancement */
740 : cmocka_unit_test(req_get_key_pair_info_case3),
741 : };
742 :
743 1 : libspdm_test_context_t test_context = {
744 : LIBSPDM_TEST_CONTEXT_VERSION,
745 : true,
746 : send_message,
747 : receive_message,
748 : };
749 :
750 1 : libspdm_setup_test_context(&test_context);
751 :
752 1 : return cmocka_run_group_tests(test_cases,
753 : libspdm_unit_test_group_setup,
754 : libspdm_unit_test_group_teardown);
755 : }
756 :
757 : #endif /*LIBSPDM_ENABLE_CAPABILITY_GET_KEY_PAIR_INFO_CAP*/
|
