Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2022 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 : #include "spdm_unit_test.h"
7 : #include "internal/libspdm_secured_message_lib.h"
8 : #include "internal/libspdm_responder_lib.h"
9 :
10 : #if LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP
11 :
12 5 : static void libspdm_set_standard_key_update_test_state(libspdm_context_t *spdm_context,
13 : uint32_t *session_id)
14 : {
15 : libspdm_session_info_t *session_info;
16 :
17 5 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
18 5 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
19 5 : spdm_context->connection_info.capability.flags |=
20 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP;
21 5 : spdm_context->connection_info.capability.flags |=
22 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP;
23 5 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP;
24 5 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP;
25 5 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP;
26 5 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP;
27 :
28 5 : spdm_context->transcript.message_a.buffer_size = 0;
29 5 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
30 5 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
31 5 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
32 5 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
33 :
34 5 : *session_id = 0xFFFFFFFF;
35 5 : spdm_context->latest_session_id = *session_id;
36 5 : spdm_context->last_spdm_request_session_id = *session_id;
37 5 : session_info = &spdm_context->session_info[0];
38 5 : libspdm_session_info_init(spdm_context, session_info, *session_id, true);
39 5 : libspdm_secured_message_set_session_state(session_info->secured_message_context,
40 : LIBSPDM_SESSION_STATE_ESTABLISHED);
41 5 : }
42 :
43 : /**
44 : * Test 1: receiving a correct UPDATE_KEY_ACK message for updating
45 : * only the request data key.
46 : * Expected behavior: client returns a Status of RETURN_SUCCESS,Communication needs to continue.
47 : **/
48 1 : void libspdm_test_responder_encap_key_update_case1(void **state)
49 : {
50 : libspdm_return_t status;
51 : libspdm_test_context_t *spdm_test_context;
52 : libspdm_context_t *spdm_context;
53 : uint32_t session_id;
54 : bool need_continue;
55 :
56 1 : spdm_test_context = *state;
57 1 : spdm_context = spdm_test_context->spdm_context;
58 :
59 1 : spdm_test_context->case_id = 0x1;
60 1 : spdm_context->last_spdm_request_session_id_valid = true;
61 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
62 : SPDM_VERSION_NUMBER_SHIFT_BIT;
63 1 : libspdm_set_standard_key_update_test_state(
64 : spdm_context, &session_id);
65 :
66 1 : spdm_context->encap_context.last_encap_request_header.spdm_version = SPDM_MESSAGE_VERSION_11;
67 1 : spdm_context->encap_context.last_encap_request_header.request_response_code =
68 : SPDM_KEY_UPDATE_ACK;
69 1 : spdm_context->encap_context.last_encap_request_header.param1 =
70 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY;
71 1 : spdm_context->encap_context.last_encap_request_header.param2 = 0;
72 :
73 : spdm_key_update_response_t spdm_response;
74 1 : size_t spdm_response_size = sizeof(spdm_key_update_response_t);
75 :
76 1 : spdm_response.header.spdm_version = SPDM_MESSAGE_VERSION_11;
77 1 : spdm_response.header.request_response_code = SPDM_KEY_UPDATE_ACK;
78 1 : spdm_response.header.param1 = SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY;
79 1 : spdm_response.header.param2 = 0;
80 :
81 1 : status = libspdm_process_encap_response_key_update(spdm_context, spdm_response_size,
82 : &spdm_response, &need_continue);
83 :
84 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
85 1 : assert_int_equal(need_continue, true);
86 1 : }
87 :
88 : /**
89 : * Test 2: receiving a correct UPDATE_KEY_ACK message for updating
90 : * only the request data key.
91 : * Expected behavior: client returns a Status of RETURN_SUCCESS,Communication needs to continue.
92 : **/
93 1 : void libspdm_test_responder_encap_key_update_case2(void **state)
94 : {
95 : libspdm_return_t status;
96 : libspdm_test_context_t *spdm_test_context;
97 : libspdm_context_t *spdm_context;
98 : uint32_t session_id;
99 : bool need_continue;
100 :
101 1 : spdm_test_context = *state;
102 1 : spdm_context = spdm_test_context->spdm_context;
103 :
104 1 : spdm_test_context->case_id = 0x2;
105 1 : spdm_context->last_spdm_request_session_id_valid = true;
106 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
107 : SPDM_VERSION_NUMBER_SHIFT_BIT;
108 1 : libspdm_set_standard_key_update_test_state(
109 : spdm_context, &session_id);
110 :
111 1 : spdm_context->encap_context.last_encap_request_header.spdm_version = SPDM_MESSAGE_VERSION_11;
112 1 : spdm_context->encap_context.last_encap_request_header.request_response_code =
113 : SPDM_KEY_UPDATE_ACK;
114 1 : spdm_context->encap_context.last_encap_request_header.param1 =
115 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY;
116 1 : spdm_context->encap_context.last_encap_request_header.param2 = 0;
117 :
118 : spdm_key_update_response_t spdm_response;
119 1 : size_t spdm_response_size = sizeof(spdm_key_update_response_t);
120 :
121 1 : spdm_response.header.spdm_version = SPDM_MESSAGE_VERSION_11;
122 1 : spdm_response.header.request_response_code = SPDM_KEY_UPDATE_ACK;
123 1 : spdm_response.header.param1 = SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY;
124 1 : spdm_response.header.param2 = 0;
125 :
126 1 : status = libspdm_process_encap_response_key_update(spdm_context, spdm_response_size,
127 : &spdm_response, &need_continue);
128 :
129 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
130 1 : assert_int_equal(need_continue, false);
131 1 : }
132 : /**
133 : * Test 3: receiving a correct UPDATE_KEY_ACK message for updating
134 : * only the request data key. last_spdm_request_session_id_valid invalid
135 : * Expected behavior: client returns a Status of RETURN_UNSUPPORTED,No further communication is required.
136 : **/
137 1 : void libspdm_test_responder_encap_key_update_case3(void **state)
138 : {
139 : libspdm_return_t status;
140 : libspdm_test_context_t *spdm_test_context;
141 : libspdm_context_t *spdm_context;
142 : uint32_t session_id;
143 : bool need_continue;
144 :
145 1 : spdm_test_context = *state;
146 1 : spdm_context = spdm_test_context->spdm_context;
147 :
148 1 : spdm_test_context->case_id = 0x3;
149 1 : spdm_context->last_spdm_request_session_id_valid = false;
150 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
151 : SPDM_VERSION_NUMBER_SHIFT_BIT;
152 1 : libspdm_set_standard_key_update_test_state(
153 : spdm_context, &session_id);
154 :
155 : spdm_key_update_response_t spdm_response;
156 1 : size_t spdm_response_size = sizeof(spdm_key_update_response_t);
157 :
158 1 : spdm_response.header.spdm_version = SPDM_MESSAGE_VERSION_11;
159 1 : spdm_response.header.request_response_code = SPDM_KEY_UPDATE_ACK;
160 1 : spdm_response.header.param1 = 0;
161 1 : spdm_response.header.param2 = 0;
162 :
163 1 : status = libspdm_process_encap_response_key_update(spdm_context, spdm_response_size,
164 : &spdm_response, &need_continue);
165 1 : assert_int_equal(status, LIBSPDM_STATUS_UNSUPPORTED_CAP);
166 1 : }
167 :
168 : /**
169 : * Test 4: receives an ERROR message indicating InvalidParameters when updating key.
170 : * Expected behavior: client returns a Status of RETURN_SECURITY_VIOLATION, and
171 : * no keys should be updated.
172 : **/
173 1 : void libspdm_test_responder_encap_key_update_case4(void **state)
174 : {
175 : libspdm_return_t status;
176 : libspdm_test_context_t *spdm_test_context;
177 : libspdm_context_t *spdm_context;
178 : uint32_t session_id;
179 : bool need_continue;
180 :
181 1 : spdm_test_context = *state;
182 1 : spdm_context = spdm_test_context->spdm_context;
183 :
184 1 : spdm_test_context->case_id = 0x4;
185 1 : spdm_context->last_spdm_request_session_id_valid = true;
186 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
187 : SPDM_VERSION_NUMBER_SHIFT_BIT;
188 1 : libspdm_set_standard_key_update_test_state(
189 : spdm_context, &session_id);
190 :
191 : spdm_key_update_response_t spdm_response;
192 1 : size_t spdm_response_size = sizeof(spdm_key_update_response_t);
193 :
194 1 : spdm_response.header.spdm_version = SPDM_MESSAGE_VERSION_11;
195 1 : spdm_response.header.request_response_code = SPDM_ERROR;
196 1 : spdm_response.header.param1 = SPDM_ERROR_CODE_DECRYPT_ERROR;
197 1 : spdm_response.header.param2 = 0;
198 :
199 1 : status = libspdm_process_encap_response_key_update(spdm_context, spdm_response_size,
200 : &spdm_response, &need_continue);
201 :
202 1 : assert_int_equal(status, LIBSPDM_STATUS_SESSION_MSG_ERROR);
203 1 : }
204 :
205 : /**
206 : * Test 5: spdm_response message is correct but does not match last_encap_request_header error message
207 : * Expected behavior: client returns a Status of RETURN_DEVICE_ERROR
208 : **/
209 1 : void libspdm_test_responder_encap_key_update_case5(void **state)
210 : {
211 : libspdm_return_t status;
212 : libspdm_test_context_t *spdm_test_context;
213 : libspdm_context_t *spdm_context;
214 : uint32_t session_id;
215 : bool need_continue;
216 :
217 1 : spdm_test_context = *state;
218 1 : spdm_context = spdm_test_context->spdm_context;
219 :
220 1 : spdm_test_context->case_id = 0x5;
221 1 : spdm_context->last_spdm_request_session_id_valid = true;
222 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
223 : SPDM_VERSION_NUMBER_SHIFT_BIT;
224 1 : libspdm_set_standard_key_update_test_state(
225 : spdm_context, &session_id);
226 :
227 1 : spdm_context->encap_context.last_encap_request_header.spdm_version = SPDM_MESSAGE_VERSION_11;
228 1 : spdm_context->encap_context.last_encap_request_header.request_response_code =
229 : SPDM_KEY_UPDATE_ACK;
230 1 : spdm_context->encap_context.last_encap_request_header.param1 = SPDM_ERROR_CODE_DECRYPT_ERROR;
231 1 : spdm_context->encap_context.last_encap_request_header.param2 = 0;
232 :
233 : spdm_key_update_response_t spdm_response;
234 1 : size_t spdm_response_size = sizeof(spdm_key_update_response_t);
235 :
236 1 : spdm_response.header.spdm_version = SPDM_MESSAGE_VERSION_11;
237 1 : spdm_response.header.request_response_code = SPDM_KEY_UPDATE_ACK;
238 1 : spdm_response.header.param1 = 0;
239 1 : spdm_response.header.param2 = 0;
240 :
241 1 : status = libspdm_process_encap_response_key_update(spdm_context, spdm_response_size,
242 : &spdm_response, &need_continue);
243 :
244 1 : assert_int_equal(status, LIBSPDM_STATUS_INVALID_MSG_FIELD);
245 1 : }
246 :
247 1 : int libspdm_responder_encap_key_update_test_main(void)
248 : {
249 1 : const struct CMUnitTest spdm_responder_key_update_tests[] = {
250 : /* Successful response*/
251 : cmocka_unit_test(libspdm_test_responder_encap_key_update_case1),
252 : /* Successful response,No further communication is required.*/
253 : cmocka_unit_test(libspdm_test_responder_encap_key_update_case2),
254 : /* last_spdm_request_session_id_valid : false */
255 : cmocka_unit_test(libspdm_test_responder_encap_key_update_case3),
256 : /* Error response: RETURN_SECURITY_VIOLATION */
257 : cmocka_unit_test(libspdm_test_responder_encap_key_update_case4),
258 : /* Error response: RETURN_DEVICE_ERROR */
259 : cmocka_unit_test(libspdm_test_responder_encap_key_update_case5),
260 : };
261 :
262 1 : libspdm_test_context_t test_context = {
263 : LIBSPDM_TEST_CONTEXT_VERSION,
264 : false,
265 : };
266 :
267 1 : libspdm_setup_test_context(&test_context);
268 :
269 1 : return cmocka_run_group_tests(spdm_responder_key_update_tests,
270 : libspdm_unit_test_group_setup,
271 : libspdm_unit_test_group_teardown);
272 : }
273 :
274 : #endif /* LIBSPDM_ENABLE_CAPABILITY_ENCAP_CAP*/
|
