Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2024 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 : #include "internal/libspdm_secured_message_lib.h"
10 :
11 : #pragma pack(1)
12 :
13 : typedef struct {
14 : spdm_message_header_t header;
15 : uint8_t signature[LIBSPDM_MAX_ASYM_KEY_SIZE];
16 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
17 : } libspdm_finish_request_mine_t;
18 :
19 : #pragma pack()
20 :
21 : libspdm_finish_request_mine_t m_libspdm_finish_request1 = {
22 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 0, 0 },
23 : };
24 : size_t m_libspdm_finish_request1_size = sizeof(m_libspdm_finish_request1);
25 :
26 : libspdm_finish_request_mine_t m_libspdm_finish_request3 = {
27 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0 },
28 : };
29 : size_t m_libspdm_finish_request3_size = sizeof(m_libspdm_finish_request3);
30 :
31 : libspdm_finish_request_mine_t m_libspdm_finish_request4 = {
32 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0xFF },
33 : };
34 : size_t m_libspdm_finish_request4_size = sizeof(m_libspdm_finish_request4);
35 :
36 : libspdm_finish_request_mine_t m_libspdm_finish_request5 = {
37 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 10 },
38 : };
39 : size_t m_libspdm_finish_request5_size = sizeof(m_libspdm_finish_request5);
40 :
41 : libspdm_finish_request_mine_t m_libspdm_finish_request6 = {
42 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 6, 10 },
43 : };
44 : size_t m_libspdm_finish_request6_size = sizeof(m_libspdm_finish_request6);
45 :
46 : libspdm_finish_request_mine_t m_libspdm_finish_request7 = {
47 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 3 },
48 : };
49 : size_t m_libspdm_finish_request7_size = sizeof(m_libspdm_finish_request7);
50 :
51 : uint8_t m_dummy_buffer[LIBSPDM_MAX_HASH_SIZE];
52 :
53 : #if LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP
54 :
55 : static libspdm_th_managed_buffer_t th_curr;
56 :
57 27 : void libspdm_secured_message_set_request_finished_key(
58 : void *spdm_secured_message_context, const void *key, size_t key_size)
59 : {
60 : libspdm_secured_message_context_t *secured_message_context;
61 :
62 27 : secured_message_context = spdm_secured_message_context;
63 27 : LIBSPDM_ASSERT(key_size == secured_message_context->hash_size);
64 27 : libspdm_copy_mem(secured_message_context->handshake_secret.request_finished_key,
65 : sizeof(secured_message_context->handshake_secret.request_finished_key),
66 : key, secured_message_context->hash_size);
67 27 : }
68 :
69 : /**
70 : * Test 1: receiving a correct FINISH message from the requester with a
71 : * correct MAC, no signature (no mutual authentication), and 'handshake in
72 : * the clear'.
73 : * Expected behavior: the responder accepts the request and produces a valid
74 : * FINISH_RSP response message.
75 : **/
76 1 : void libspdm_test_responder_finish_case1(void **state)
77 : {
78 : libspdm_return_t status;
79 : libspdm_test_context_t *spdm_test_context;
80 : libspdm_context_t *spdm_context;
81 : size_t response_size;
82 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
83 : spdm_finish_response_t *spdm_response;
84 : void *data1;
85 : size_t data_size1;
86 : uint8_t *ptr;
87 : uint8_t *cert_buffer;
88 : size_t cert_buffer_size;
89 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
90 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
91 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
92 : libspdm_session_info_t *session_info;
93 : uint32_t session_id;
94 : uint32_t hash_size;
95 : uint32_t hmac_size;
96 :
97 1 : spdm_test_context = *state;
98 1 : spdm_context = spdm_test_context->spdm_context;
99 1 : spdm_test_context->case_id = 0x1;
100 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
101 : SPDM_VERSION_NUMBER_SHIFT_BIT;
102 1 : spdm_context->connection_info.connection_state =
103 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
104 1 : spdm_context->connection_info.capability.flags |=
105 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
106 1 : spdm_context->local_context.capability.flags |=
107 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
108 1 : spdm_context->connection_info.algorithm.base_hash_algo =
109 : m_libspdm_use_hash_algo;
110 1 : spdm_context->connection_info.algorithm.base_asym_algo =
111 : m_libspdm_use_asym_algo;
112 1 : spdm_context->connection_info.algorithm.measurement_spec =
113 : m_libspdm_use_measurement_spec;
114 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
115 : m_libspdm_use_measurement_hash_algo;
116 1 : spdm_context->connection_info.algorithm.dhe_named_group =
117 : m_libspdm_use_dhe_algo;
118 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
119 : m_libspdm_use_aead_algo;
120 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
121 : m_libspdm_use_asym_algo, &data1,
122 : &data_size1, NULL, NULL);
123 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
124 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
125 : data_size1;
126 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
127 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
128 : data_size1;
129 :
130 1 : libspdm_reset_message_a(spdm_context);
131 1 : spdm_context->local_context.mut_auth_requested = 0;
132 :
133 1 : session_id = 0xFFFFFFFF;
134 1 : spdm_context->latest_session_id = session_id;
135 1 : session_info = &spdm_context->session_info[0];
136 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
137 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
138 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
139 1 : libspdm_secured_message_set_request_finished_key(
140 : session_info->secured_message_context, m_dummy_buffer,
141 : hash_size);
142 1 : libspdm_secured_message_set_session_state(
143 : session_info->secured_message_context,
144 : LIBSPDM_SESSION_STATE_HANDSHAKING);
145 :
146 1 : spdm_context->connection_info.capability.flags |=
147 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
148 1 : spdm_context->local_context.capability.flags |=
149 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
150 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
151 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
152 1 : ptr = m_libspdm_finish_request1.signature;
153 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
154 1 : cert_buffer = (uint8_t *)data1;
155 1 : cert_buffer_size = data_size1;
156 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
157 : cert_buffer_hash);
158 : /* transcript.message_a size is 0*/
159 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
160 : /* session_transcript.message_k is 0*/
161 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
162 : sizeof(spdm_finish_request_t));
163 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
164 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
165 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
166 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
167 : request_finished_key, hash_size, ptr);
168 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
169 1 : response_size = sizeof(response);
170 1 : status = libspdm_get_response_finish(spdm_context,
171 : m_libspdm_finish_request1_size,
172 : &m_libspdm_finish_request1,
173 : &response_size, response);
174 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
175 1 : assert_int_equal(response_size,
176 : sizeof(spdm_finish_response_t) + hmac_size);
177 1 : spdm_response = (void *)response;
178 1 : assert_int_equal(spdm_response->header.request_response_code,
179 : SPDM_FINISH_RSP);
180 1 : free(data1);
181 1 : }
182 :
183 : /**
184 : * Test 2:
185 : * Expected behavior:
186 : **/
187 1 : void libspdm_test_responder_finish_case2(void **state)
188 : {
189 1 : }
190 :
191 : /**
192 : * Test 3: receiving a correct FINISH from the requester, but the
193 : * responder is in a Busy state.
194 : * Expected behavior: the responder accepts the request, but produces an
195 : * ERROR message indicating the Busy state.
196 : **/
197 1 : void libspdm_test_responder_finish_case3(void **state)
198 : {
199 : libspdm_return_t status;
200 : libspdm_test_context_t *spdm_test_context;
201 : libspdm_context_t *spdm_context;
202 : size_t response_size;
203 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
204 : spdm_finish_response_t *spdm_response;
205 : void *data1;
206 : size_t data_size1;
207 : uint8_t *ptr;
208 : uint8_t *cert_buffer;
209 : size_t cert_buffer_size;
210 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
211 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
212 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
213 : libspdm_session_info_t *session_info;
214 : uint32_t session_id;
215 : uint32_t hash_size;
216 : uint32_t hmac_size;
217 :
218 1 : spdm_test_context = *state;
219 1 : spdm_context = spdm_test_context->spdm_context;
220 1 : spdm_test_context->case_id = 0x3;
221 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
222 : SPDM_VERSION_NUMBER_SHIFT_BIT;
223 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
224 1 : spdm_context->connection_info.connection_state =
225 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
226 1 : spdm_context->connection_info.capability.flags |=
227 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
228 1 : spdm_context->local_context.capability.flags |=
229 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
230 1 : spdm_context->connection_info.algorithm.base_hash_algo =
231 : m_libspdm_use_hash_algo;
232 1 : spdm_context->connection_info.algorithm.base_asym_algo =
233 : m_libspdm_use_asym_algo;
234 1 : spdm_context->connection_info.algorithm.measurement_spec =
235 : m_libspdm_use_measurement_spec;
236 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
237 : m_libspdm_use_measurement_hash_algo;
238 1 : spdm_context->connection_info.algorithm.dhe_named_group =
239 : m_libspdm_use_dhe_algo;
240 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
241 : m_libspdm_use_aead_algo;
242 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
243 : m_libspdm_use_asym_algo, &data1,
244 : &data_size1, NULL, NULL);
245 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
246 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
247 : data_size1;
248 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
249 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
250 : data_size1;
251 :
252 1 : libspdm_reset_message_a(spdm_context);
253 1 : spdm_context->local_context.mut_auth_requested = 0;
254 :
255 1 : session_id = 0xFFFFFFFF;
256 1 : spdm_context->latest_session_id = session_id;
257 1 : session_info = &spdm_context->session_info[0];
258 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
259 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
260 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
261 1 : libspdm_secured_message_set_request_finished_key(
262 : session_info->secured_message_context, m_dummy_buffer,
263 : hash_size);
264 1 : libspdm_secured_message_set_session_state(
265 : session_info->secured_message_context,
266 : LIBSPDM_SESSION_STATE_HANDSHAKING);
267 :
268 1 : spdm_context->connection_info.capability.flags |=
269 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
270 1 : spdm_context->local_context.capability.flags |=
271 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
272 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
273 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
274 1 : ptr = m_libspdm_finish_request1.signature;
275 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
276 1 : cert_buffer = (uint8_t *)data1;
277 1 : cert_buffer_size = data_size1;
278 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
279 : cert_buffer_hash);
280 : /* transcript.message_a size is 0*/
281 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
282 : /* session_transcript.message_k is 0*/
283 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
284 : sizeof(spdm_finish_request_t));
285 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
286 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
287 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
288 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
289 : request_finished_key, hash_size, ptr);
290 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
291 1 : response_size = sizeof(response);
292 1 : status = libspdm_get_response_finish(spdm_context,
293 : m_libspdm_finish_request1_size,
294 : &m_libspdm_finish_request1,
295 : &response_size, response);
296 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
297 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
298 1 : spdm_response = (void *)response;
299 1 : assert_int_equal(spdm_response->header.request_response_code,
300 : SPDM_ERROR);
301 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
302 1 : assert_int_equal(spdm_response->header.param2, 0);
303 1 : assert_int_equal(spdm_context->response_state,
304 : LIBSPDM_RESPONSE_STATE_BUSY);
305 1 : free(data1);
306 1 : }
307 :
308 : /**
309 : * Test 4: receiving a correct FINISH from the requester, but the responder
310 : * requires resynchronization with the requester.
311 : * Expected behavior: the responder accepts the request, but produces an
312 : * ERROR message indicating the NeedResynch state.
313 : **/
314 1 : void libspdm_test_responder_finish_case4(void **state)
315 : {
316 : libspdm_return_t status;
317 : libspdm_test_context_t *spdm_test_context;
318 : libspdm_context_t *spdm_context;
319 : size_t response_size;
320 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
321 : spdm_finish_response_t *spdm_response;
322 : void *data1;
323 : size_t data_size1;
324 : uint8_t *ptr;
325 : uint8_t *cert_buffer;
326 : size_t cert_buffer_size;
327 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
328 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
329 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
330 : libspdm_session_info_t *session_info;
331 : uint32_t session_id;
332 : uint32_t hash_size;
333 : uint32_t hmac_size;
334 :
335 1 : spdm_test_context = *state;
336 1 : spdm_context = spdm_test_context->spdm_context;
337 1 : spdm_test_context->case_id = 0x4;
338 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
339 : SPDM_VERSION_NUMBER_SHIFT_BIT;
340 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
341 1 : spdm_context->connection_info.connection_state =
342 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
343 1 : spdm_context->connection_info.capability.flags |=
344 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
345 1 : spdm_context->local_context.capability.flags |=
346 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
347 1 : spdm_context->connection_info.algorithm.base_hash_algo =
348 : m_libspdm_use_hash_algo;
349 1 : spdm_context->connection_info.algorithm.base_asym_algo =
350 : m_libspdm_use_asym_algo;
351 1 : spdm_context->connection_info.algorithm.measurement_spec =
352 : m_libspdm_use_measurement_spec;
353 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
354 : m_libspdm_use_measurement_hash_algo;
355 1 : spdm_context->connection_info.algorithm.dhe_named_group =
356 : m_libspdm_use_dhe_algo;
357 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
358 : m_libspdm_use_aead_algo;
359 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
360 : m_libspdm_use_asym_algo, &data1,
361 : &data_size1, NULL, NULL);
362 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
363 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
364 : data_size1;
365 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
366 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
367 : data_size1;
368 :
369 1 : libspdm_reset_message_a(spdm_context);
370 1 : spdm_context->local_context.mut_auth_requested = 0;
371 :
372 1 : session_id = 0xFFFFFFFF;
373 1 : spdm_context->latest_session_id = session_id;
374 1 : session_info = &spdm_context->session_info[0];
375 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
376 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
377 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
378 1 : libspdm_secured_message_set_request_finished_key(
379 : session_info->secured_message_context, m_dummy_buffer,
380 : hash_size);
381 1 : libspdm_secured_message_set_session_state(
382 : session_info->secured_message_context,
383 : LIBSPDM_SESSION_STATE_HANDSHAKING);
384 :
385 1 : spdm_context->connection_info.capability.flags |=
386 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
387 1 : spdm_context->local_context.capability.flags |=
388 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
389 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
390 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
391 1 : ptr = m_libspdm_finish_request1.signature;
392 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
393 1 : cert_buffer = (uint8_t *)data1;
394 1 : cert_buffer_size = data_size1;
395 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
396 : cert_buffer_hash);
397 : /* transcript.message_a size is 0*/
398 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
399 : /* session_transcript.message_k is 0*/
400 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
401 : sizeof(spdm_finish_request_t));
402 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
403 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
404 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
405 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
406 : request_finished_key, hash_size, ptr);
407 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
408 1 : response_size = sizeof(response);
409 1 : status = libspdm_get_response_finish(spdm_context,
410 : m_libspdm_finish_request1_size,
411 : &m_libspdm_finish_request1,
412 : &response_size, response);
413 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
414 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
415 1 : spdm_response = (void *)response;
416 1 : assert_int_equal(spdm_response->header.request_response_code,
417 : SPDM_ERROR);
418 1 : assert_int_equal(spdm_response->header.param1,
419 : SPDM_ERROR_CODE_REQUEST_RESYNCH);
420 1 : assert_int_equal(spdm_response->header.param2, 0);
421 1 : assert_int_equal(spdm_context->response_state,
422 : LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
423 1 : free(data1);
424 1 : }
425 :
426 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
427 : /**
428 : * Test 5: receiving a correct FINISH from the requester, but the responder
429 : * could not produce the response in time.
430 : * Expected behavior: the responder accepts the request, but produces an
431 : * ERROR message indicating the ResponseNotReady state.
432 : **/
433 1 : void libspdm_test_responder_finish_case5(void **state)
434 : {
435 : libspdm_return_t status;
436 : libspdm_test_context_t *spdm_test_context;
437 : libspdm_context_t *spdm_context;
438 : size_t response_size;
439 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
440 : spdm_finish_response_t *spdm_response;
441 : void *data1;
442 : size_t data_size1;
443 : uint8_t *ptr;
444 : uint8_t *cert_buffer;
445 : size_t cert_buffer_size;
446 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
447 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
448 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
449 : libspdm_session_info_t *session_info;
450 : uint32_t session_id;
451 : uint32_t hash_size;
452 : uint32_t hmac_size;
453 : spdm_error_data_response_not_ready_t *error_data;
454 :
455 1 : spdm_test_context = *state;
456 1 : spdm_context = spdm_test_context->spdm_context;
457 1 : spdm_test_context->case_id = 0x5;
458 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
459 : SPDM_VERSION_NUMBER_SHIFT_BIT;
460 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
461 1 : spdm_context->connection_info.connection_state =
462 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
463 1 : spdm_context->connection_info.capability.flags |=
464 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
465 1 : spdm_context->local_context.capability.flags |=
466 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
467 1 : spdm_context->connection_info.algorithm.base_hash_algo =
468 : m_libspdm_use_hash_algo;
469 1 : spdm_context->connection_info.algorithm.base_asym_algo =
470 : m_libspdm_use_asym_algo;
471 1 : spdm_context->connection_info.algorithm.measurement_spec =
472 : m_libspdm_use_measurement_spec;
473 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
474 : m_libspdm_use_measurement_hash_algo;
475 1 : spdm_context->connection_info.algorithm.dhe_named_group =
476 : m_libspdm_use_dhe_algo;
477 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
478 : m_libspdm_use_aead_algo;
479 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
480 : m_libspdm_use_asym_algo, &data1,
481 : &data_size1, NULL, NULL);
482 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
483 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
484 : data_size1;
485 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
486 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
487 : data_size1;
488 :
489 1 : libspdm_reset_message_a(spdm_context);
490 1 : spdm_context->local_context.mut_auth_requested = 0;
491 :
492 1 : session_id = 0xFFFFFFFF;
493 1 : spdm_context->latest_session_id = session_id;
494 1 : session_info = &spdm_context->session_info[0];
495 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
496 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
497 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
498 1 : libspdm_secured_message_set_request_finished_key(
499 : session_info->secured_message_context, m_dummy_buffer,
500 : hash_size);
501 1 : libspdm_secured_message_set_session_state(
502 : session_info->secured_message_context,
503 : LIBSPDM_SESSION_STATE_HANDSHAKING);
504 :
505 1 : spdm_context->connection_info.capability.flags |=
506 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
507 1 : spdm_context->local_context.capability.flags |=
508 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
509 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
510 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
511 1 : ptr = m_libspdm_finish_request1.signature;
512 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
513 1 : cert_buffer = (uint8_t *)data1;
514 1 : cert_buffer_size = data_size1;
515 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
516 : cert_buffer_hash);
517 : /* transcript.message_a size is 0*/
518 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
519 : /* session_transcript.message_k is 0*/
520 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
521 : sizeof(spdm_finish_request_t));
522 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
523 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
524 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
525 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
526 : request_finished_key, hash_size, ptr);
527 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
528 1 : response_size = sizeof(response);
529 1 : status = libspdm_get_response_finish(spdm_context,
530 : m_libspdm_finish_request1_size,
531 : &m_libspdm_finish_request1,
532 : &response_size, response);
533 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
534 1 : assert_int_equal(response_size,
535 : sizeof(spdm_error_response_t) +
536 : sizeof(spdm_error_data_response_not_ready_t));
537 1 : spdm_response = (void *)response;
538 1 : error_data =
539 : (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
540 1 : assert_int_equal(spdm_response->header.request_response_code,
541 : SPDM_ERROR);
542 1 : assert_int_equal(spdm_response->header.param1,
543 : SPDM_ERROR_CODE_RESPONSE_NOT_READY);
544 1 : assert_int_equal(spdm_response->header.param2, 0);
545 1 : assert_int_equal(spdm_context->response_state,
546 : LIBSPDM_RESPONSE_STATE_NOT_READY);
547 1 : assert_int_equal(error_data->request_code, SPDM_FINISH);
548 1 : free(data1);
549 1 : }
550 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
551 :
552 : /**
553 : * Test 6: receiving a correct FINISH from the requester, but the responder
554 : * is not set no receive a FINISH message because previous messages (namely,
555 : * GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or GET_DIGESTS) have not been
556 : * received.
557 : * Expected behavior: the responder rejects the request, and produces an
558 : * ERROR message indicating the UnexpectedRequest.
559 : **/
560 1 : void libspdm_test_responder_finish_case6(void **state)
561 : {
562 : libspdm_return_t status;
563 : libspdm_test_context_t *spdm_test_context;
564 : libspdm_context_t *spdm_context;
565 : size_t response_size;
566 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
567 : spdm_finish_response_t *spdm_response;
568 : void *data1;
569 : size_t data_size1;
570 : uint8_t *ptr;
571 : uint8_t *cert_buffer;
572 : size_t cert_buffer_size;
573 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
574 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
575 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
576 : libspdm_session_info_t *session_info;
577 : uint32_t session_id;
578 : uint32_t hash_size;
579 : uint32_t hmac_size;
580 :
581 1 : spdm_test_context = *state;
582 1 : spdm_context = spdm_test_context->spdm_context;
583 1 : spdm_test_context->case_id = 0x6;
584 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
585 : SPDM_VERSION_NUMBER_SHIFT_BIT;
586 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
587 1 : spdm_context->connection_info.connection_state =
588 : LIBSPDM_CONNECTION_STATE_NOT_STARTED;
589 1 : spdm_context->connection_info.capability.flags |=
590 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
591 1 : spdm_context->local_context.capability.flags |=
592 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
593 1 : spdm_context->connection_info.algorithm.base_hash_algo =
594 : m_libspdm_use_hash_algo;
595 1 : spdm_context->connection_info.algorithm.base_asym_algo =
596 : m_libspdm_use_asym_algo;
597 1 : spdm_context->connection_info.algorithm.measurement_spec =
598 : m_libspdm_use_measurement_spec;
599 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
600 : m_libspdm_use_measurement_hash_algo;
601 1 : spdm_context->connection_info.algorithm.dhe_named_group =
602 : m_libspdm_use_dhe_algo;
603 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
604 : m_libspdm_use_aead_algo;
605 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
606 : m_libspdm_use_asym_algo, &data1,
607 : &data_size1, NULL, NULL);
608 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
609 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
610 : data_size1;
611 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
612 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
613 : data_size1;
614 :
615 1 : libspdm_reset_message_a(spdm_context);
616 1 : spdm_context->local_context.mut_auth_requested = 0;
617 :
618 1 : session_id = 0xFFFFFFFF;
619 1 : spdm_context->latest_session_id = session_id;
620 1 : session_info = &spdm_context->session_info[0];
621 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
622 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
623 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
624 1 : libspdm_secured_message_set_request_finished_key(
625 : session_info->secured_message_context, m_dummy_buffer,
626 : hash_size);
627 1 : libspdm_secured_message_set_session_state(
628 : session_info->secured_message_context,
629 : LIBSPDM_SESSION_STATE_HANDSHAKING);
630 :
631 1 : spdm_context->connection_info.capability.flags |=
632 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
633 1 : spdm_context->local_context.capability.flags |=
634 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
635 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
636 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
637 1 : ptr = m_libspdm_finish_request1.signature;
638 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
639 1 : cert_buffer = (uint8_t *)data1;
640 1 : cert_buffer_size = data_size1;
641 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
642 : cert_buffer_hash);
643 : /* transcript.message_a size is 0*/
644 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
645 : /* session_transcript.message_k is 0*/
646 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
647 : sizeof(spdm_finish_request_t));
648 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
649 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
650 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
651 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
652 : request_finished_key, hash_size, ptr);
653 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
654 1 : response_size = sizeof(response);
655 1 : status = libspdm_get_response_finish(spdm_context,
656 : m_libspdm_finish_request1_size,
657 : &m_libspdm_finish_request1,
658 : &response_size, response);
659 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
660 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
661 1 : spdm_response = (void *)response;
662 1 : assert_int_equal(spdm_response->header.request_response_code,
663 : SPDM_ERROR);
664 1 : assert_int_equal(spdm_response->header.param1,
665 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
666 1 : assert_int_equal(spdm_response->header.param2, 0);
667 1 : free(data1);
668 1 : }
669 :
670 1 : void libspdm_test_responder_finish_case7(void **state)
671 : {
672 : libspdm_return_t status;
673 : libspdm_test_context_t *spdm_test_context;
674 : libspdm_context_t *spdm_context;
675 : size_t response_size;
676 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
677 : spdm_finish_response_t *spdm_response;
678 : void *data1;
679 : size_t data_size1;
680 : uint8_t *ptr;
681 : uint8_t *cert_buffer;
682 : size_t cert_buffer_size;
683 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
684 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
685 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
686 : libspdm_session_info_t *session_info;
687 : uint32_t session_id;
688 : uint32_t hash_size;
689 : uint32_t hmac_size;
690 :
691 1 : spdm_test_context = *state;
692 1 : spdm_context = spdm_test_context->spdm_context;
693 1 : spdm_test_context->case_id = 0x7;
694 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
695 : SPDM_VERSION_NUMBER_SHIFT_BIT;
696 1 : spdm_context->connection_info.connection_state =
697 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
698 1 : spdm_context->connection_info.capability.flags |=
699 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
700 1 : spdm_context->local_context.capability.flags |=
701 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
702 1 : spdm_context->connection_info.algorithm.base_hash_algo =
703 : m_libspdm_use_hash_algo;
704 1 : spdm_context->connection_info.algorithm.base_asym_algo =
705 : m_libspdm_use_asym_algo;
706 1 : spdm_context->connection_info.algorithm.measurement_spec =
707 : m_libspdm_use_measurement_spec;
708 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
709 : m_libspdm_use_measurement_hash_algo;
710 1 : spdm_context->connection_info.algorithm.dhe_named_group =
711 : m_libspdm_use_dhe_algo;
712 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
713 : m_libspdm_use_aead_algo;
714 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
715 : m_libspdm_use_asym_algo, &data1,
716 : &data_size1, NULL, NULL);
717 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
718 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
719 : data_size1;
720 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
721 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
722 : data_size1;
723 :
724 1 : libspdm_reset_message_a(spdm_context);
725 1 : spdm_context->local_context.mut_auth_requested = 0;
726 :
727 1 : session_id = 0xFFFFFFFF;
728 1 : spdm_context->latest_session_id = session_id;
729 1 : session_info = &spdm_context->session_info[0];
730 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
731 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
732 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
733 1 : libspdm_secured_message_set_request_finished_key(
734 : session_info->secured_message_context, m_dummy_buffer,
735 : hash_size);
736 1 : libspdm_secured_message_set_session_state(
737 : session_info->secured_message_context,
738 : LIBSPDM_SESSION_STATE_HANDSHAKING);
739 :
740 1 : spdm_context->connection_info.capability.flags |=
741 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
742 1 : spdm_context->local_context.capability.flags |=
743 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
744 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
745 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
746 1 : ptr = m_libspdm_finish_request1.signature;
747 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
748 1 : cert_buffer = (uint8_t *)data1;
749 1 : cert_buffer_size = data_size1;
750 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
751 : session_info->session_transcript.message_m.buffer_size =
752 : session_info->session_transcript.message_m.max_buffer_size;
753 : spdm_context->transcript.message_b.buffer_size =
754 : spdm_context->transcript.message_b.max_buffer_size;
755 : spdm_context->transcript.message_c.buffer_size =
756 : spdm_context->transcript.message_c.max_buffer_size;
757 : spdm_context->transcript.message_mut_b.buffer_size =
758 : spdm_context->transcript.message_mut_b.max_buffer_size;
759 : spdm_context->transcript.message_mut_c.buffer_size =
760 : spdm_context->transcript.message_mut_c.max_buffer_size;
761 : #endif
762 :
763 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
764 : cert_buffer_hash);
765 : /* transcript.message_a size is 0*/
766 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
767 : /* session_transcript.message_k is 0*/
768 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
769 : sizeof(spdm_finish_request_t));
770 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
771 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
772 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
773 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
774 : request_finished_key, hash_size, ptr);
775 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
776 1 : response_size = sizeof(response);
777 1 : status = libspdm_get_response_finish(spdm_context,
778 : m_libspdm_finish_request1_size,
779 : &m_libspdm_finish_request1,
780 : &response_size, response);
781 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
782 1 : assert_int_equal(response_size,
783 : sizeof(spdm_finish_response_t) + hmac_size);
784 1 : spdm_response = (void *)response;
785 1 : assert_int_equal(spdm_response->header.request_response_code,
786 : SPDM_FINISH_RSP);
787 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
788 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
789 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
790 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
791 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
792 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
793 : #endif
794 :
795 1 : free(data1);
796 1 : }
797 :
798 : /**
799 : * Test 8: receiving a correct FINISH message from the requester with
800 : * correct MAC and signature (with mutual authentication), and 'handshake in
801 : * the clear'.
802 : * Expected behavior: the responder accepts the request and produces a valid
803 : * FINISH_RSP response message.
804 : **/
805 1 : void libspdm_test_responder_finish_case8(void **state)
806 : {
807 : libspdm_return_t status;
808 : libspdm_test_context_t *spdm_test_context;
809 : libspdm_context_t *spdm_context;
810 : size_t response_size;
811 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
812 : spdm_finish_response_t *spdm_response;
813 : void *data1;
814 : size_t data_size1;
815 : void *data2;
816 : size_t data_size2;
817 : uint8_t *ptr;
818 : uint8_t *cert_buffer;
819 : size_t cert_buffer_size;
820 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
821 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
822 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
823 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
824 : libspdm_session_info_t *session_info;
825 : uint32_t session_id;
826 : uint32_t hash_size;
827 : uint32_t hmac_size;
828 : size_t req_asym_signature_size;
829 :
830 1 : spdm_test_context = *state;
831 1 : spdm_context = spdm_test_context->spdm_context;
832 1 : spdm_test_context->case_id = 0x8;
833 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
834 : SPDM_VERSION_NUMBER_SHIFT_BIT;
835 1 : spdm_context->connection_info.connection_state =
836 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
837 1 : spdm_context->connection_info.capability.flags |=
838 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
839 1 : spdm_context->local_context.capability.flags |=
840 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
841 1 : spdm_context->connection_info.algorithm.base_hash_algo =
842 : m_libspdm_use_hash_algo;
843 1 : spdm_context->connection_info.algorithm.base_asym_algo =
844 : m_libspdm_use_asym_algo;
845 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
846 : m_libspdm_use_req_asym_algo;
847 1 : spdm_context->connection_info.algorithm.measurement_spec =
848 : m_libspdm_use_measurement_spec;
849 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
850 : m_libspdm_use_measurement_hash_algo;
851 1 : spdm_context->connection_info.algorithm.dhe_named_group =
852 : m_libspdm_use_dhe_algo;
853 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
854 : m_libspdm_use_aead_algo;
855 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
856 : m_libspdm_use_asym_algo, &data1,
857 : &data_size1, NULL, NULL);
858 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
859 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
860 : data_size1;
861 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
862 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
863 : data_size1;
864 :
865 1 : libspdm_reset_message_a(spdm_context);
866 1 : spdm_context->local_context.mut_auth_requested = 1;
867 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
868 : m_libspdm_use_req_asym_algo, &data2,
869 : &data_size2, NULL, NULL);
870 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
871 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
872 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
873 : data2, data_size2);
874 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
875 : data_size2;
876 : #else
877 1 : libspdm_hash_all(
878 : spdm_context->connection_info.algorithm.base_hash_algo,
879 : data2, data_size2,
880 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
881 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
882 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
883 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
884 : spdm_context->connection_info.algorithm.base_hash_algo,
885 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
886 : data2,
887 : data_size2,
888 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
889 : #endif
890 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
891 :
892 1 : session_id = 0xFFFFFFFF;
893 1 : spdm_context->latest_session_id = session_id;
894 1 : session_info = &spdm_context->session_info[0];
895 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
896 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
897 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
898 1 : libspdm_secured_message_set_request_finished_key(
899 : session_info->secured_message_context, m_dummy_buffer,
900 : hash_size);
901 1 : libspdm_secured_message_set_session_state(
902 : session_info->secured_message_context,
903 : LIBSPDM_SESSION_STATE_HANDSHAKING);
904 1 : session_info->mut_auth_requested = 1;
905 :
906 1 : spdm_context->connection_info.capability.flags |=
907 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
908 1 : spdm_context->local_context.capability.flags |=
909 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
910 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
911 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
912 1 : req_asym_signature_size =
913 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
914 1 : ptr = m_libspdm_finish_request3.signature;
915 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
916 1 : cert_buffer = (uint8_t *)data1;
917 1 : cert_buffer_size = data_size1;
918 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
919 : cert_buffer_hash);
920 1 : cert_buffer = (uint8_t *)data2;
921 1 : cert_buffer_size = data_size2;
922 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
923 : req_cert_buffer_hash);
924 : /* transcript.message_a size is 0*/
925 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
926 : /* session_transcript.message_k is 0*/
927 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
928 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
929 : sizeof(spdm_finish_request_t));
930 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
931 1 : libspdm_requester_data_sign(
932 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
933 : spdm_context,
934 : #endif
935 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
936 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
937 1 : false, libspdm_get_managed_buffer(&th_curr),
938 : libspdm_get_managed_buffer_size(&th_curr),
939 : ptr, &req_asym_signature_size);
940 : #endif
941 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
942 1 : ptr += req_asym_signature_size;
943 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
944 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
945 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
946 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
947 : request_finished_key, hash_size, ptr);
948 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
949 1 : req_asym_signature_size + hmac_size;
950 1 : response_size = sizeof(response);
951 1 : status = libspdm_get_response_finish(spdm_context,
952 : m_libspdm_finish_request3_size,
953 : &m_libspdm_finish_request3,
954 : &response_size, response);
955 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
956 1 : assert_int_equal(response_size,
957 : sizeof(spdm_finish_response_t) + hmac_size);
958 1 : spdm_response = (void *)response;
959 1 : assert_int_equal(spdm_response->header.request_response_code,
960 : SPDM_FINISH_RSP);
961 1 : free(data1);
962 1 : free(data2);
963 1 : }
964 :
965 : /**
966 : * Test 9: receiving a correct FINISH message from the requester, but the
967 : * responder has no capabilities for key exchange.
968 : * Expected behavior: the responder refuses the FINISH message and produces
969 : * an ERROR message indicating the UnsupportedRequest.
970 : **/
971 1 : void libspdm_test_responder_finish_case9(void **state)
972 : {
973 : libspdm_return_t status;
974 : libspdm_test_context_t *spdm_test_context;
975 : libspdm_context_t *spdm_context;
976 : size_t response_size;
977 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
978 : spdm_finish_response_t *spdm_response;
979 : void *data1;
980 : size_t data_size1;
981 : uint8_t *ptr;
982 : uint8_t *cert_buffer;
983 : size_t cert_buffer_size;
984 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
985 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
986 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
987 : libspdm_session_info_t *session_info;
988 : uint32_t session_id;
989 : uint32_t hash_size;
990 : uint32_t hmac_size;
991 :
992 1 : spdm_test_context = *state;
993 1 : spdm_context = spdm_test_context->spdm_context;
994 1 : spdm_test_context->case_id = 0x9;
995 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
996 : SPDM_VERSION_NUMBER_SHIFT_BIT;
997 1 : spdm_context->connection_info.connection_state =
998 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
999 1 : spdm_context->connection_info.capability.flags = 0;
1000 1 : spdm_context->local_context.capability.flags = 0;
1001 1 : spdm_context->connection_info.capability.flags |=
1002 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1003 : /* no key exchange capabilities (responder)*/
1004 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1005 : m_libspdm_use_hash_algo;
1006 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1007 : m_libspdm_use_asym_algo;
1008 1 : spdm_context->connection_info.algorithm.measurement_spec =
1009 : m_libspdm_use_measurement_spec;
1010 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1011 : m_libspdm_use_measurement_hash_algo;
1012 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1013 : m_libspdm_use_dhe_algo;
1014 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1015 : m_libspdm_use_aead_algo;
1016 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1017 : m_libspdm_use_asym_algo, &data1,
1018 : &data_size1, NULL, NULL);
1019 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1020 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1021 : data_size1;
1022 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1023 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1024 : data_size1;
1025 :
1026 1 : libspdm_reset_message_a(spdm_context);
1027 1 : spdm_context->local_context.mut_auth_requested = 0;
1028 :
1029 1 : session_id = 0xFFFFFFFF;
1030 1 : spdm_context->latest_session_id = session_id;
1031 1 : session_info = &spdm_context->session_info[0];
1032 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1033 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1034 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1035 1 : libspdm_secured_message_set_request_finished_key(
1036 : session_info->secured_message_context, m_dummy_buffer,
1037 : hash_size);
1038 1 : libspdm_secured_message_set_session_state(
1039 : session_info->secured_message_context,
1040 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1041 :
1042 1 : spdm_context->connection_info.capability.flags |=
1043 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1044 1 : spdm_context->local_context.capability.flags |=
1045 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1046 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1047 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1048 1 : ptr = m_libspdm_finish_request1.signature;
1049 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1050 1 : cert_buffer = (uint8_t *)data1;
1051 1 : cert_buffer_size = data_size1;
1052 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1053 : cert_buffer_hash);
1054 : /* transcript.message_a size is 0*/
1055 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1056 : /* session_transcript.message_k is 0*/
1057 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1058 : sizeof(spdm_finish_request_t));
1059 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1060 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1061 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1062 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1063 : request_finished_key, hash_size, ptr);
1064 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1065 1 : response_size = sizeof(response);
1066 1 : status = libspdm_get_response_finish(spdm_context,
1067 : m_libspdm_finish_request1_size,
1068 : &m_libspdm_finish_request1,
1069 : &response_size, response);
1070 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1071 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1072 1 : spdm_response = (void *)response;
1073 1 : assert_int_equal(spdm_response->header.request_response_code,
1074 : SPDM_ERROR);
1075 1 : assert_int_equal(spdm_response->header.param1,
1076 : SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
1077 1 : assert_int_equal(spdm_response->header.param2, SPDM_FINISH);
1078 1 : free(data1);
1079 1 : }
1080 :
1081 : /**
1082 : * Test 10: receiving a correct FINISH message from the requester, but the
1083 : * responder is not correctly setup by not initializing a session during
1084 : * KEY_EXCHANGE.
1085 : * Expected behavior: the responder refuses the FINISH message and produces
1086 : * an ERROR message indicating the UnsupportedRequest.
1087 : **/
1088 1 : void libspdm_test_responder_finish_case10(void **state)
1089 : {
1090 : libspdm_return_t status;
1091 : libspdm_test_context_t *spdm_test_context;
1092 : libspdm_context_t *spdm_context;
1093 : size_t response_size;
1094 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1095 : spdm_finish_response_t *spdm_response;
1096 : void *data1;
1097 : size_t data_size1;
1098 : uint8_t *ptr;
1099 : uint8_t *cert_buffer;
1100 : size_t cert_buffer_size;
1101 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1102 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1103 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1104 : libspdm_session_info_t *session_info;
1105 : uint32_t session_id;
1106 : uint32_t hash_size;
1107 : uint32_t hmac_size;
1108 :
1109 1 : spdm_test_context = *state;
1110 1 : spdm_context = spdm_test_context->spdm_context;
1111 1 : spdm_test_context->case_id = 0xA;
1112 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1113 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1114 1 : spdm_context->connection_info.connection_state =
1115 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1116 1 : spdm_context->connection_info.capability.flags |=
1117 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1118 1 : spdm_context->local_context.capability.flags |=
1119 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1120 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1121 : m_libspdm_use_hash_algo;
1122 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1123 : m_libspdm_use_asym_algo;
1124 1 : spdm_context->connection_info.algorithm.measurement_spec =
1125 : m_libspdm_use_measurement_spec;
1126 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1127 : m_libspdm_use_measurement_hash_algo;
1128 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1129 : m_libspdm_use_dhe_algo;
1130 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1131 : m_libspdm_use_aead_algo;
1132 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1133 : m_libspdm_use_asym_algo, &data1,
1134 : &data_size1, NULL, NULL);
1135 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1136 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1137 : data_size1;
1138 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1139 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1140 : data_size1;
1141 :
1142 1 : libspdm_reset_message_a(spdm_context);
1143 1 : spdm_context->local_context.mut_auth_requested = 0;
1144 :
1145 1 : session_id = 0xFFFFFFFF;
1146 1 : spdm_context->latest_session_id = session_id;
1147 1 : session_info = &spdm_context->session_info[0];
1148 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1149 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1150 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1151 1 : libspdm_secured_message_set_request_finished_key(
1152 : session_info->secured_message_context, m_dummy_buffer,
1153 : hash_size);
1154 1 : libspdm_secured_message_set_session_state(
1155 : session_info->secured_message_context,
1156 : LIBSPDM_SESSION_STATE_NOT_STARTED);
1157 :
1158 1 : spdm_context->connection_info.capability.flags |=
1159 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1160 1 : spdm_context->local_context.capability.flags |=
1161 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1162 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1163 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1164 1 : ptr = m_libspdm_finish_request1.signature;
1165 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1166 1 : cert_buffer = (uint8_t *)data1;
1167 1 : cert_buffer_size = data_size1;
1168 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1169 : cert_buffer_hash);
1170 : /* transcript.message_a size is 0*/
1171 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1172 : /* session_transcript.message_k is 0*/
1173 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1174 : sizeof(spdm_finish_request_t));
1175 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1176 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1177 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1178 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1179 : request_finished_key, hash_size, ptr);
1180 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1181 1 : response_size = sizeof(response);
1182 1 : status = libspdm_get_response_finish(spdm_context,
1183 : m_libspdm_finish_request1_size,
1184 : &m_libspdm_finish_request1,
1185 : &response_size, response);
1186 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1187 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1188 1 : spdm_response = (void *)response;
1189 1 : assert_int_equal(spdm_response->header.request_response_code,
1190 : SPDM_ERROR);
1191 1 : assert_int_equal(spdm_response->header.param1,
1192 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
1193 1 : assert_int_equal(spdm_response->header.param2, 0);
1194 1 : free(data1);
1195 1 : }
1196 :
1197 : /**
1198 : * Test 11: receiving a FINISH message from the requester with an incorrect
1199 : * MAC (all-zero).
1200 : * Expected behavior: the responder refuses the FINISH message and produces
1201 : * an ERROR message indicating the DecryptError.
1202 : **/
1203 1 : void libspdm_test_responder_finish_case11(void **state)
1204 : {
1205 : libspdm_return_t status;
1206 : libspdm_test_context_t *spdm_test_context;
1207 : libspdm_context_t *spdm_context;
1208 : size_t response_size;
1209 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1210 : spdm_finish_response_t *spdm_response;
1211 : void *data1;
1212 : size_t data_size1;
1213 : uint8_t *ptr;
1214 : libspdm_session_info_t *session_info;
1215 : uint32_t session_id;
1216 : uint32_t hash_size;
1217 : uint32_t hmac_size;
1218 :
1219 1 : spdm_test_context = *state;
1220 1 : spdm_context = spdm_test_context->spdm_context;
1221 1 : spdm_test_context->case_id = 0xB;
1222 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1223 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1224 1 : spdm_context->connection_info.connection_state =
1225 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1226 1 : spdm_context->connection_info.capability.flags |=
1227 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1228 1 : spdm_context->local_context.capability.flags |=
1229 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1230 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1231 : m_libspdm_use_hash_algo;
1232 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1233 : m_libspdm_use_asym_algo;
1234 1 : spdm_context->connection_info.algorithm.measurement_spec =
1235 : m_libspdm_use_measurement_spec;
1236 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1237 : m_libspdm_use_measurement_hash_algo;
1238 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1239 : m_libspdm_use_dhe_algo;
1240 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1241 : m_libspdm_use_aead_algo;
1242 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1243 : m_libspdm_use_asym_algo, &data1,
1244 : &data_size1, NULL, NULL);
1245 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1246 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1247 : data_size1;
1248 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1249 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1250 : data_size1;
1251 :
1252 1 : libspdm_reset_message_a(spdm_context);
1253 1 : spdm_context->local_context.mut_auth_requested = 0;
1254 :
1255 1 : session_id = 0xFFFFFFFF;
1256 1 : spdm_context->latest_session_id = session_id;
1257 1 : session_info = &spdm_context->session_info[0];
1258 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1259 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1260 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1261 1 : libspdm_secured_message_set_request_finished_key(
1262 : session_info->secured_message_context, m_dummy_buffer,
1263 : hash_size);
1264 1 : libspdm_secured_message_set_session_state(
1265 : session_info->secured_message_context,
1266 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1267 :
1268 1 : spdm_context->connection_info.capability.flags |=
1269 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1270 1 : spdm_context->local_context.capability.flags |=
1271 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1272 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1273 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1274 1 : ptr = m_libspdm_finish_request1.signature;
1275 1 : libspdm_set_mem(ptr, hmac_size, (uint8_t)(0x00)); /*all-zero MAC*/
1276 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1277 1 : response_size = sizeof(response);
1278 1 : status = libspdm_get_response_finish(spdm_context,
1279 : m_libspdm_finish_request1_size,
1280 : &m_libspdm_finish_request1,
1281 : &response_size, response);
1282 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1283 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1284 1 : spdm_response = (void *)response;
1285 1 : assert_int_equal(spdm_response->header.request_response_code,
1286 : SPDM_ERROR);
1287 1 : assert_int_equal(spdm_response->header.param1,
1288 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1289 1 : assert_int_equal(spdm_response->header.param2, 0);
1290 1 : free(data1);
1291 1 : }
1292 :
1293 : /**
1294 : * Test 12: receiving a FINISH message from the requester with an incorrect
1295 : * MAC (arbitrary).
1296 : * Expected behavior: the responder refuses the FINISH message and produces
1297 : * an ERROR message indicating the DecryptError.
1298 : **/
1299 1 : void libspdm_test_responder_finish_case12(void **state)
1300 : {
1301 : libspdm_return_t status;
1302 : libspdm_test_context_t *spdm_test_context;
1303 : libspdm_context_t *spdm_context;
1304 : size_t response_size;
1305 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1306 : spdm_finish_response_t *spdm_response;
1307 : void *data1;
1308 : size_t data_size1;
1309 : uint8_t *ptr;
1310 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1311 : uint8_t zero_data[LIBSPDM_MAX_HASH_SIZE];
1312 : libspdm_session_info_t *session_info;
1313 : uint32_t session_id;
1314 : uint32_t hash_size;
1315 : uint32_t hmac_size;
1316 :
1317 1 : spdm_test_context = *state;
1318 1 : spdm_context = spdm_test_context->spdm_context;
1319 1 : spdm_test_context->case_id = 0xC;
1320 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1321 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1322 1 : spdm_context->connection_info.connection_state =
1323 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1324 1 : spdm_context->connection_info.capability.flags |=
1325 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1326 1 : spdm_context->local_context.capability.flags |=
1327 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1328 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1329 : m_libspdm_use_hash_algo;
1330 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1331 : m_libspdm_use_asym_algo;
1332 1 : spdm_context->connection_info.algorithm.measurement_spec =
1333 : m_libspdm_use_measurement_spec;
1334 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1335 : m_libspdm_use_measurement_hash_algo;
1336 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1337 : m_libspdm_use_dhe_algo;
1338 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1339 : m_libspdm_use_aead_algo;
1340 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1341 : m_libspdm_use_asym_algo, &data1,
1342 : &data_size1, NULL, NULL);
1343 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1344 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1345 : data_size1;
1346 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1347 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1348 : data_size1;
1349 :
1350 1 : libspdm_reset_message_a(spdm_context);
1351 1 : spdm_context->local_context.mut_auth_requested = 0;
1352 :
1353 1 : session_id = 0xFFFFFFFF;
1354 1 : spdm_context->latest_session_id = session_id;
1355 1 : session_info = &spdm_context->session_info[0];
1356 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1357 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1358 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1359 1 : libspdm_secured_message_set_request_finished_key(
1360 : session_info->secured_message_context, m_dummy_buffer,
1361 : hash_size);
1362 1 : libspdm_secured_message_set_session_state(
1363 : session_info->secured_message_context,
1364 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1365 :
1366 1 : spdm_context->connection_info.capability.flags |=
1367 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1368 1 : spdm_context->local_context.capability.flags |=
1369 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1370 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1371 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1372 1 : ptr = m_libspdm_finish_request1.signature;
1373 : /*arbitrary MAC*/
1374 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1375 1 : libspdm_set_mem(zero_data, hash_size, (uint8_t)(0x00));
1376 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, zero_data, hash_size,
1377 : request_finished_key, hash_size, ptr);
1378 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1379 1 : response_size = sizeof(response);
1380 1 : status = libspdm_get_response_finish(spdm_context,
1381 : m_libspdm_finish_request1_size,
1382 : &m_libspdm_finish_request1,
1383 : &response_size, response);
1384 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1385 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1386 1 : spdm_response = (void *)response;
1387 1 : assert_int_equal(spdm_response->header.request_response_code,
1388 : SPDM_ERROR);
1389 1 : assert_int_equal(spdm_response->header.param1,
1390 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1391 1 : assert_int_equal(spdm_response->header.param2, 0);
1392 1 : free(data1);
1393 1 : }
1394 :
1395 : /**
1396 : * Test 13:
1397 : * Expected behavior:
1398 : **/
1399 1 : void libspdm_test_responder_finish_case13(void **state)
1400 : {
1401 1 : }
1402 :
1403 : /**
1404 : * Test 14: receiving a FINISH message from the requester with an incorrect
1405 : * MAC size (only the correct first half of the MAC).
1406 : * Expected behavior: the responder refuses the FINISH message and produces
1407 : * an ERROR message indicating the InvalidRequest.
1408 : **/
1409 1 : void libspdm_test_responder_finish_case14(void **state)
1410 : {
1411 : libspdm_return_t status;
1412 : libspdm_test_context_t *spdm_test_context;
1413 : libspdm_context_t *spdm_context;
1414 : size_t response_size;
1415 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1416 : spdm_finish_response_t *spdm_response;
1417 : void *data1;
1418 : size_t data_size1;
1419 : uint8_t *ptr;
1420 : uint8_t *cert_buffer;
1421 : size_t cert_buffer_size;
1422 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1423 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1424 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1425 : libspdm_session_info_t *session_info;
1426 : uint32_t session_id;
1427 : uint32_t hash_size;
1428 : uint32_t hmac_size;
1429 :
1430 1 : spdm_test_context = *state;
1431 1 : spdm_context = spdm_test_context->spdm_context;
1432 1 : spdm_test_context->case_id = 0xE;
1433 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1434 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1435 1 : spdm_context->connection_info.connection_state =
1436 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1437 1 : spdm_context->connection_info.capability.flags |=
1438 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1439 1 : spdm_context->local_context.capability.flags |=
1440 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1441 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1442 : m_libspdm_use_hash_algo;
1443 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1444 : m_libspdm_use_asym_algo;
1445 1 : spdm_context->connection_info.algorithm.measurement_spec =
1446 : m_libspdm_use_measurement_spec;
1447 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1448 : m_libspdm_use_measurement_hash_algo;
1449 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1450 : m_libspdm_use_dhe_algo;
1451 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1452 : m_libspdm_use_aead_algo;
1453 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1454 : m_libspdm_use_asym_algo, &data1,
1455 : &data_size1, NULL, NULL);
1456 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1457 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1458 : data_size1;
1459 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1460 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1461 : data_size1;
1462 :
1463 1 : libspdm_reset_message_a(spdm_context);
1464 1 : spdm_context->local_context.mut_auth_requested = 0;
1465 :
1466 1 : session_id = 0xFFFFFFFF;
1467 1 : spdm_context->latest_session_id = session_id;
1468 1 : session_info = &spdm_context->session_info[0];
1469 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1470 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1471 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1472 1 : libspdm_secured_message_set_request_finished_key(
1473 : session_info->secured_message_context, m_dummy_buffer,
1474 : hash_size);
1475 1 : libspdm_secured_message_set_session_state(
1476 : session_info->secured_message_context,
1477 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1478 :
1479 1 : spdm_context->connection_info.capability.flags |=
1480 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1481 1 : spdm_context->local_context.capability.flags |=
1482 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1483 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1484 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1485 1 : ptr = m_libspdm_finish_request1.signature;
1486 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1487 1 : cert_buffer = (uint8_t *)data1;
1488 1 : cert_buffer_size = data_size1;
1489 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1490 : cert_buffer_hash);
1491 : /* transcript.message_a size is 0*/
1492 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1493 : /* session_transcript.message_k is 0*/
1494 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1495 : sizeof(spdm_finish_request_t));
1496 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1497 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1498 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1499 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1500 : request_finished_key, hash_size, ptr);
1501 1 : libspdm_set_mem(ptr + hmac_size/2, hmac_size/2, (uint8_t) 0x00); /* half HMAC size*/
1502 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size/2;
1503 1 : response_size = sizeof(response);
1504 1 : status = libspdm_get_response_finish(spdm_context,
1505 : m_libspdm_finish_request1_size,
1506 : &m_libspdm_finish_request1,
1507 : &response_size, response);
1508 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1509 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1510 1 : spdm_response = (void *)response;
1511 1 : assert_int_equal(spdm_response->header.request_response_code,
1512 : SPDM_ERROR);
1513 1 : assert_int_equal(spdm_response->header.param1,
1514 : SPDM_ERROR_CODE_INVALID_REQUEST);
1515 1 : assert_int_equal(spdm_response->header.param2, 0);
1516 1 : free(data1);
1517 1 : }
1518 :
1519 : /**
1520 : * Test 15: receiving a FINISH message from the requester with an incorrect
1521 : * signature (all-zero), but a correct MAC.
1522 : * Expected behavior: the responder refuses the FINISH message and produces
1523 : * an ERROR message indicating the DecryptError.
1524 : **/
1525 1 : void libspdm_test_responder_finish_case15(void **state)
1526 : {
1527 : libspdm_return_t status;
1528 : libspdm_test_context_t *spdm_test_context;
1529 : libspdm_context_t *spdm_context;
1530 : size_t response_size;
1531 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1532 : spdm_finish_response_t *spdm_response;
1533 : void *data1;
1534 : size_t data_size1;
1535 : void *data2;
1536 : size_t data_size2;
1537 : uint8_t *ptr;
1538 : uint8_t *cert_buffer;
1539 : size_t cert_buffer_size;
1540 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1541 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1542 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1543 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1544 : libspdm_session_info_t *session_info;
1545 : uint32_t session_id;
1546 : uint32_t hash_size;
1547 : uint32_t hmac_size;
1548 : size_t req_asym_signature_size;
1549 :
1550 1 : spdm_test_context = *state;
1551 1 : spdm_context = spdm_test_context->spdm_context;
1552 1 : spdm_test_context->case_id = 0xF;
1553 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1554 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1555 1 : spdm_context->connection_info.connection_state =
1556 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1557 1 : spdm_context->connection_info.capability.flags |=
1558 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1559 1 : spdm_context->local_context.capability.flags |=
1560 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1561 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1562 : m_libspdm_use_hash_algo;
1563 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1564 : m_libspdm_use_asym_algo;
1565 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
1566 : m_libspdm_use_req_asym_algo;
1567 1 : spdm_context->connection_info.algorithm.measurement_spec =
1568 : m_libspdm_use_measurement_spec;
1569 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1570 : m_libspdm_use_measurement_hash_algo;
1571 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1572 : m_libspdm_use_dhe_algo;
1573 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1574 : m_libspdm_use_aead_algo;
1575 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1576 : m_libspdm_use_asym_algo, &data1,
1577 : &data_size1, NULL, NULL);
1578 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1579 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1580 : data_size1;
1581 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1582 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1583 : data_size1;
1584 :
1585 1 : libspdm_reset_message_a(spdm_context);
1586 1 : spdm_context->local_context.mut_auth_requested = 1;
1587 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1588 : m_libspdm_use_req_asym_algo, &data2,
1589 : &data_size2, NULL, NULL);
1590 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1591 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1592 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1593 : data2, data_size2);
1594 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
1595 : data_size2;
1596 : #endif
1597 :
1598 1 : session_id = 0xFFFFFFFF;
1599 1 : spdm_context->latest_session_id = session_id;
1600 1 : session_info = &spdm_context->session_info[0];
1601 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1602 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1603 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1604 1 : libspdm_secured_message_set_request_finished_key(
1605 : session_info->secured_message_context, m_dummy_buffer,
1606 : hash_size);
1607 1 : libspdm_secured_message_set_session_state(
1608 : session_info->secured_message_context,
1609 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1610 1 : session_info->mut_auth_requested = 1;
1611 :
1612 1 : spdm_context->connection_info.capability.flags |=
1613 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1614 1 : spdm_context->local_context.capability.flags |=
1615 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1616 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1617 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1618 1 : req_asym_signature_size =
1619 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1620 1 : ptr = m_libspdm_finish_request3.signature;
1621 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1622 1 : cert_buffer = (uint8_t *)data1;
1623 1 : cert_buffer_size = data_size1;
1624 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1625 : cert_buffer_hash);
1626 1 : cert_buffer = (uint8_t *)data2;
1627 1 : cert_buffer_size = data_size2;
1628 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1629 : req_cert_buffer_hash);
1630 : /* transcript.message_a size is 0*/
1631 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1632 : /* session_transcript.message_k is 0*/
1633 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1634 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
1635 : sizeof(spdm_finish_request_t));
1636 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1637 1 : libspdm_requester_data_sign(
1638 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
1639 : spdm_context,
1640 : #endif
1641 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
1642 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1643 1 : false, libspdm_get_managed_buffer(&th_curr),
1644 : libspdm_get_managed_buffer_size(&th_curr),
1645 : ptr, &req_asym_signature_size);
1646 : #endif
1647 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1648 1 : ptr += req_asym_signature_size;
1649 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1650 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1651 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1652 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1653 : request_finished_key, hash_size, ptr);
1654 1 : libspdm_set_mem(m_libspdm_finish_request3.signature,
1655 : req_asym_signature_size, (uint8_t) 0x00); /*zero signature*/
1656 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
1657 1 : req_asym_signature_size + hmac_size;
1658 1 : response_size = sizeof(response);
1659 1 : status = libspdm_get_response_finish(spdm_context,
1660 : m_libspdm_finish_request3_size,
1661 : &m_libspdm_finish_request3,
1662 : &response_size, response);
1663 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1664 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1665 1 : spdm_response = (void *)response;
1666 1 : assert_int_equal(spdm_response->header.request_response_code,
1667 : SPDM_ERROR);
1668 1 : assert_int_equal(spdm_response->header.param1,
1669 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1670 1 : assert_int_equal(spdm_response->header.param2, 0);
1671 1 : free(data1);
1672 1 : free(data2);
1673 1 : }
1674 :
1675 : /**
1676 : * Test 16: receiving a FINISH message from the requester with an incorrect
1677 : * signature (arbitrary), but a correct MAC.
1678 : * Expected behavior: the responder refuses the FINISH message and produces
1679 : * an ERROR message indicating the DecryptError.
1680 : **/
1681 1 : void libspdm_test_responder_finish_case16(void **state)
1682 : {
1683 : libspdm_return_t status;
1684 : libspdm_test_context_t *spdm_test_context;
1685 : libspdm_context_t *spdm_context;
1686 : size_t response_size;
1687 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1688 : spdm_finish_response_t *spdm_response;
1689 : void *data1;
1690 : size_t data_size1;
1691 : void *data2;
1692 : size_t data_size2;
1693 : uint8_t *ptr;
1694 : uint8_t *cert_buffer;
1695 : size_t cert_buffer_size;
1696 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1697 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1698 : uint8_t random_buffer[LIBSPDM_MAX_HASH_SIZE];
1699 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1700 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1701 : libspdm_session_info_t *session_info;
1702 : uint32_t session_id;
1703 : uint32_t hash_size;
1704 : uint32_t hmac_size;
1705 : size_t req_asym_signature_size;
1706 :
1707 1 : spdm_test_context = *state;
1708 1 : spdm_context = spdm_test_context->spdm_context;
1709 1 : spdm_test_context->case_id = 0x10;
1710 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1711 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1712 1 : spdm_context->connection_info.connection_state =
1713 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1714 1 : spdm_context->connection_info.capability.flags |=
1715 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1716 1 : spdm_context->local_context.capability.flags |=
1717 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1718 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1719 : m_libspdm_use_hash_algo;
1720 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1721 : m_libspdm_use_asym_algo;
1722 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
1723 : m_libspdm_use_req_asym_algo;
1724 1 : spdm_context->connection_info.algorithm.measurement_spec =
1725 : m_libspdm_use_measurement_spec;
1726 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1727 : m_libspdm_use_measurement_hash_algo;
1728 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1729 : m_libspdm_use_dhe_algo;
1730 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1731 : m_libspdm_use_aead_algo;
1732 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1733 : m_libspdm_use_asym_algo, &data1,
1734 : &data_size1, NULL, NULL);
1735 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1736 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1737 : data_size1;
1738 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1739 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1740 : data_size1;
1741 :
1742 1 : libspdm_reset_message_a(spdm_context);
1743 1 : spdm_context->local_context.mut_auth_requested = 1;
1744 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1745 : m_libspdm_use_req_asym_algo, &data2,
1746 : &data_size2, NULL, NULL);
1747 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1748 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1749 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1750 : data2, data_size2);
1751 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
1752 : data_size2;
1753 : #endif
1754 :
1755 1 : session_id = 0xFFFFFFFF;
1756 1 : spdm_context->latest_session_id = session_id;
1757 1 : session_info = &spdm_context->session_info[0];
1758 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1759 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1760 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1761 1 : libspdm_secured_message_set_request_finished_key(
1762 : session_info->secured_message_context, m_dummy_buffer,
1763 : hash_size);
1764 1 : libspdm_secured_message_set_session_state(
1765 : session_info->secured_message_context,
1766 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1767 1 : session_info->mut_auth_requested = 1;
1768 :
1769 1 : spdm_context->connection_info.capability.flags |=
1770 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1771 1 : spdm_context->local_context.capability.flags |=
1772 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1773 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1774 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1775 1 : req_asym_signature_size =
1776 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1777 1 : ptr = m_libspdm_finish_request3.signature;
1778 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1779 1 : cert_buffer = (uint8_t *)data1;
1780 1 : cert_buffer_size = data_size1;
1781 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1782 : cert_buffer_hash);
1783 1 : cert_buffer = (uint8_t *)data2;
1784 1 : cert_buffer_size = data_size2;
1785 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1786 : req_cert_buffer_hash);
1787 : /* transcript.message_a size is 0*/
1788 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1789 : /* session_transcript.message_k is 0*/
1790 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1791 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
1792 : sizeof(spdm_finish_request_t));
1793 : /*randomize signature*/
1794 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1795 : libspdm_get_managed_buffer_size(&th_curr), random_buffer);
1796 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1797 1 : libspdm_requester_data_sign(
1798 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
1799 : spdm_context,
1800 : #endif
1801 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
1802 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
1803 : false, random_buffer, hash_size, ptr, &req_asym_signature_size);
1804 : #endif
1805 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1806 1 : ptr += req_asym_signature_size;
1807 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1808 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1809 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1810 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1811 : request_finished_key, hash_size, ptr);
1812 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
1813 1 : req_asym_signature_size + hmac_size;
1814 1 : response_size = sizeof(response);
1815 1 : status = libspdm_get_response_finish(spdm_context,
1816 : m_libspdm_finish_request3_size,
1817 : &m_libspdm_finish_request3,
1818 : &response_size, response);
1819 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1820 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1821 1 : spdm_response = (void *)response;
1822 1 : assert_int_equal(spdm_response->header.request_response_code,
1823 : SPDM_ERROR);
1824 1 : assert_int_equal(spdm_response->header.param1,
1825 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1826 1 : assert_int_equal(spdm_response->header.param2, 0);
1827 1 : free(data1);
1828 1 : free(data2);
1829 1 : }
1830 :
1831 : /**
1832 : * Test 17: receiving a correct FINISH from the requester.
1833 : * Expected behavior: the responder accepts the request and produces a valid FINISH
1834 : * response message, and buffer F receives the exchanged FINISH and FINISH_RSP messages.
1835 : **/
1836 1 : void libspdm_test_responder_finish_case17(void **state)
1837 : {
1838 : libspdm_return_t status;
1839 : libspdm_test_context_t *spdm_test_context;
1840 : libspdm_context_t *spdm_context;
1841 : size_t response_size;
1842 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1843 : spdm_finish_response_t *spdm_response;
1844 : void *data1;
1845 : size_t data_size1;
1846 : uint8_t *ptr;
1847 : uint8_t *cert_buffer;
1848 : size_t cert_buffer_size;
1849 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1850 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1851 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1852 : libspdm_session_info_t *session_info;
1853 : uint32_t session_id;
1854 : uint32_t hash_size;
1855 : uint32_t hmac_size;
1856 :
1857 1 : spdm_test_context = *state;
1858 1 : spdm_context = spdm_test_context->spdm_context;
1859 1 : spdm_test_context->case_id = 0x11;
1860 1 : spdm_context->connection_info.connection_state =
1861 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1862 1 : spdm_context->connection_info.capability.flags |=
1863 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1864 1 : spdm_context->local_context.capability.flags |=
1865 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1866 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1867 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1868 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1869 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1870 : m_libspdm_use_measurement_hash_algo;
1871 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1872 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1873 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1874 : m_libspdm_use_asym_algo, &data1,
1875 : &data_size1, NULL, NULL);
1876 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1877 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1878 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1879 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size = data_size1;
1880 :
1881 1 : libspdm_reset_message_a(spdm_context);
1882 1 : spdm_context->local_context.mut_auth_requested = 0;
1883 :
1884 1 : session_id = 0xFFFFFFFF;
1885 1 : spdm_context->latest_session_id = session_id;
1886 1 : session_info = &spdm_context->session_info[0];
1887 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1888 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1889 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1890 1 : libspdm_secured_message_set_request_finished_key(
1891 : session_info->secured_message_context, m_dummy_buffer, hash_size);
1892 1 : libspdm_secured_message_set_session_state(
1893 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1894 :
1895 1 : spdm_context->connection_info.capability.flags |=
1896 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1897 1 : spdm_context->local_context.capability.flags |=
1898 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1899 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1900 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1901 1 : ptr = m_libspdm_finish_request1.signature;
1902 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1903 1 : cert_buffer = (uint8_t *)data1;
1904 1 : cert_buffer_size = data_size1;
1905 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1906 : /* transcript.message_a size is 0*/
1907 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1908 : /* session_transcript.message_k is 0*/
1909 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1910 : sizeof(spdm_finish_request_t));
1911 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1912 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1913 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1914 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1915 : request_finished_key, hash_size, ptr);
1916 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1917 1 : response_size = sizeof(response);
1918 1 : status = libspdm_get_response_finish(
1919 : spdm_context, m_libspdm_finish_request1_size, &m_libspdm_finish_request1,
1920 : &response_size, response);
1921 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1922 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
1923 1 : spdm_response = (void *)response;
1924 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
1925 :
1926 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1927 : assert_int_equal(spdm_context->session_info[0].session_transcript.message_f.buffer_size,
1928 : m_libspdm_finish_request1_size + response_size);
1929 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer,
1930 : &m_libspdm_finish_request1, m_libspdm_finish_request1_size);
1931 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer +
1932 : m_libspdm_finish_request1_size,
1933 : response, response_size);
1934 : #endif
1935 :
1936 1 : free(data1);
1937 1 : }
1938 :
1939 : /**
1940 : * Test 18: receiving a correct FINISH message from the requester with
1941 : * correct MAC and signature (with mutual authentication), and 'handshake in
1942 : * the clear'. The slot_id for requester mutual authentication is 0xFF.
1943 : * Expected behavior: the responder accepts the request and produces a valid
1944 : * FINISH_RSP response message.
1945 : **/
1946 1 : void libspdm_test_responder_finish_case18(void **state)
1947 : {
1948 : libspdm_return_t status;
1949 : libspdm_test_context_t *spdm_test_context;
1950 : libspdm_context_t *spdm_context;
1951 : size_t response_size;
1952 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1953 : spdm_finish_response_t *spdm_response;
1954 : void *data1;
1955 : size_t data_size1;
1956 : void *data2;
1957 : size_t data_size2;
1958 : uint8_t *ptr;
1959 : uint8_t *cert_buffer;
1960 : size_t cert_buffer_size;
1961 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1962 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1963 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1964 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1965 : libspdm_session_info_t *session_info;
1966 : uint32_t session_id;
1967 : uint32_t hash_size;
1968 : uint32_t hmac_size;
1969 : size_t req_asym_signature_size;
1970 :
1971 1 : spdm_test_context = *state;
1972 1 : spdm_context = spdm_test_context->spdm_context;
1973 1 : spdm_test_context->case_id = 0x12;
1974 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1975 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1976 1 : spdm_context->connection_info.connection_state =
1977 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1978 1 : spdm_context->connection_info.capability.flags |=
1979 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1980 1 : spdm_context->local_context.capability.flags |=
1981 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1982 1 : spdm_context->connection_info.capability.flags |=
1983 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP;
1984 1 : spdm_context->local_context.capability.flags |=
1985 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP;
1986 1 : spdm_context->connection_info.capability.flags |=
1987 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1988 1 : spdm_context->local_context.capability.flags |=
1989 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1990 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1991 : m_libspdm_use_hash_algo;
1992 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1993 : m_libspdm_use_asym_algo;
1994 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
1995 : m_libspdm_use_req_asym_algo;
1996 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1997 : m_libspdm_use_dhe_algo;
1998 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1999 : m_libspdm_use_aead_algo;
2000 1 : libspdm_read_responder_public_key(m_libspdm_use_asym_algo, &data1, &data_size1);
2001 1 : spdm_context->local_context.local_public_key_provision = data1;
2002 1 : spdm_context->local_context.local_public_key_provision_size = data_size1;
2003 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2004 1 : libspdm_read_requester_public_key(m_libspdm_use_req_asym_algo, &data2, &data_size2);
2005 1 : spdm_context->local_context.peer_public_key_provision = data2;
2006 1 : spdm_context->local_context.peer_public_key_provision_size = data_size2;
2007 :
2008 1 : spdm_context->encap_context.req_slot_id = 0xFF;
2009 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0xFF;
2010 1 : spdm_context->connection_info.local_used_cert_chain_slot_id = 0xFF;
2011 :
2012 1 : libspdm_reset_message_a(spdm_context);
2013 :
2014 1 : session_id = 0xFFFFFFFF;
2015 1 : spdm_context->latest_session_id = session_id;
2016 1 : session_info = &spdm_context->session_info[0];
2017 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2018 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2019 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2020 1 : libspdm_secured_message_set_request_finished_key(
2021 : session_info->secured_message_context, m_dummy_buffer,
2022 : hash_size);
2023 1 : libspdm_secured_message_set_session_state(
2024 : session_info->secured_message_context,
2025 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2026 1 : session_info->mut_auth_requested = 1;
2027 :
2028 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2029 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2030 1 : req_asym_signature_size =
2031 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2032 1 : ptr = m_libspdm_finish_request4.signature;
2033 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2034 1 : cert_buffer = (uint8_t *)data1;
2035 1 : cert_buffer_size = data_size1;
2036 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2037 : cert_buffer_hash);
2038 1 : cert_buffer = (uint8_t *)data2;
2039 1 : cert_buffer_size = data_size2;
2040 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2041 : req_cert_buffer_hash);
2042 : /* transcript.message_a size is 0*/
2043 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2044 : /* session_transcript.message_k is 0*/
2045 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2046 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request4,
2047 : sizeof(spdm_finish_request_t));
2048 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2049 1 : libspdm_requester_data_sign(
2050 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
2051 : spdm_context,
2052 : #endif
2053 1 : m_libspdm_finish_request4.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2054 : SPDM_FINISH,
2055 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
2056 1 : false, libspdm_get_managed_buffer(&th_curr),
2057 : libspdm_get_managed_buffer_size(&th_curr),
2058 : ptr, &req_asym_signature_size);
2059 : #endif
2060 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2061 1 : ptr += req_asym_signature_size;
2062 :
2063 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2064 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2065 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2066 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2067 : request_finished_key, hash_size, ptr);
2068 1 : m_libspdm_finish_request4_size = sizeof(spdm_finish_request_t) +
2069 1 : req_asym_signature_size + hmac_size;
2070 1 : response_size = sizeof(response);
2071 1 : status = libspdm_get_response_finish(spdm_context,
2072 : m_libspdm_finish_request4_size,
2073 : &m_libspdm_finish_request4,
2074 : &response_size, response);
2075 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2076 1 : assert_int_equal(response_size,
2077 : sizeof(spdm_finish_response_t) + hmac_size);
2078 1 : spdm_response = (void *)response;
2079 1 : assert_int_equal(spdm_response->header.request_response_code,
2080 : SPDM_FINISH_RSP);
2081 1 : free(data1);
2082 1 : free(data2);
2083 1 : }
2084 :
2085 : /**
2086 : * Test 19: receiving a invalid FINISH request message, enable mutual authentication without using the encapsulated request flow,
2087 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
2088 : * SlotID in FINISH request message is 10, but it shall be 0xFF or between 0 and 7 inclusive.
2089 : * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
2090 : **/
2091 1 : void libspdm_test_responder_finish_case19(void **state)
2092 : {
2093 : libspdm_return_t status;
2094 : libspdm_test_context_t *spdm_test_context;
2095 : libspdm_context_t *spdm_context;
2096 : size_t response_size;
2097 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2098 : spdm_finish_response_t *spdm_response;
2099 : void *data1;
2100 : size_t data_size1;
2101 : void *data2;
2102 : size_t data_size2;
2103 : uint8_t *ptr;
2104 : uint8_t *cert_buffer;
2105 : size_t cert_buffer_size;
2106 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2107 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2108 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2109 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2110 : libspdm_session_info_t *session_info;
2111 : uint32_t session_id;
2112 : uint32_t hash_size;
2113 : uint32_t hmac_size;
2114 : size_t req_asym_signature_size;
2115 :
2116 1 : spdm_test_context = *state;
2117 1 : spdm_context = spdm_test_context->spdm_context;
2118 1 : spdm_test_context->case_id = 0x13;
2119 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2120 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2121 1 : spdm_context->connection_info.connection_state =
2122 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2123 1 : spdm_context->connection_info.capability.flags |=
2124 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2125 1 : spdm_context->local_context.capability.flags |=
2126 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2127 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2128 : m_libspdm_use_hash_algo;
2129 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2130 : m_libspdm_use_asym_algo;
2131 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2132 : m_libspdm_use_req_asym_algo;
2133 1 : spdm_context->connection_info.algorithm.measurement_spec =
2134 : m_libspdm_use_measurement_spec;
2135 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2136 : m_libspdm_use_measurement_hash_algo;
2137 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2138 : m_libspdm_use_dhe_algo;
2139 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2140 : m_libspdm_use_aead_algo;
2141 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2142 : m_libspdm_use_asym_algo, &data1,
2143 : &data_size1, NULL, NULL);
2144 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2145 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2146 : data_size1;
2147 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2148 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2149 : data_size1;
2150 :
2151 1 : libspdm_reset_message_a(spdm_context);
2152 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2153 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2154 : m_libspdm_use_req_asym_algo, &data2,
2155 : &data_size2, NULL, NULL);
2156 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2157 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2158 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2159 : data2, data_size2);
2160 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2161 : data_size2;
2162 : #else
2163 1 : libspdm_hash_all(
2164 : spdm_context->connection_info.algorithm.base_hash_algo,
2165 : data2, data_size2,
2166 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2167 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2168 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2169 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2170 : spdm_context->connection_info.algorithm.base_hash_algo,
2171 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2172 : data2,
2173 : data_size2,
2174 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2175 : #endif
2176 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2177 :
2178 1 : session_id = 0xFFFFFFFF;
2179 1 : spdm_context->latest_session_id = session_id;
2180 1 : session_info = &spdm_context->session_info[0];
2181 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2182 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2183 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2184 1 : libspdm_secured_message_set_request_finished_key(
2185 : session_info->secured_message_context, m_dummy_buffer,
2186 : hash_size);
2187 1 : libspdm_secured_message_set_session_state(
2188 : session_info->secured_message_context,
2189 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2190 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2191 :
2192 1 : spdm_context->connection_info.capability.flags |=
2193 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2194 1 : spdm_context->local_context.capability.flags |=
2195 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2196 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2197 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2198 1 : req_asym_signature_size =
2199 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2200 1 : ptr = m_libspdm_finish_request5.signature;
2201 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2202 1 : cert_buffer = (uint8_t *)data1;
2203 1 : cert_buffer_size = data_size1;
2204 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2205 : cert_buffer_hash);
2206 1 : cert_buffer = (uint8_t *)data2;
2207 1 : cert_buffer_size = data_size2;
2208 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2209 : req_cert_buffer_hash);
2210 : /* transcript.message_a size is 0*/
2211 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2212 : /* session_transcript.message_k is 0*/
2213 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2214 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request5,
2215 : sizeof(spdm_finish_request_t));
2216 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2217 1 : libspdm_requester_data_sign(
2218 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
2219 : spdm_context,
2220 : #endif
2221 1 : m_libspdm_finish_request5.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
2222 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
2223 1 : false, libspdm_get_managed_buffer(&th_curr),
2224 : libspdm_get_managed_buffer_size(&th_curr),
2225 : ptr, &req_asym_signature_size);
2226 : #endif
2227 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2228 1 : ptr += req_asym_signature_size;
2229 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2230 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2231 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2232 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2233 : request_finished_key, hash_size, ptr);
2234 1 : m_libspdm_finish_request5_size = sizeof(spdm_finish_request_t) +
2235 1 : req_asym_signature_size + hmac_size;
2236 1 : response_size = sizeof(response);
2237 1 : status = libspdm_get_response_finish(spdm_context,
2238 : m_libspdm_finish_request5_size,
2239 : &m_libspdm_finish_request5,
2240 : &response_size, response);
2241 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2242 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2243 1 : spdm_response = (void *)response;
2244 1 : assert_int_equal(spdm_response->header.request_response_code,
2245 : SPDM_ERROR);
2246 1 : assert_int_equal(spdm_response->header.param1,
2247 : SPDM_ERROR_CODE_INVALID_REQUEST);
2248 1 : assert_int_equal(spdm_response->header.param2, 0);
2249 1 : free(data1);
2250 1 : free(data2);
2251 1 : }
2252 :
2253 : /**
2254 : * Test 20: receiving a invalid FINISH request message, enable mutual authentication with using the encapsulated request flow,
2255 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x02.
2256 : * SlotID in FINISH request message is 3, but it shall match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
2257 : * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
2258 : **/
2259 1 : void libspdm_test_responder_finish_case20(void **state)
2260 : {
2261 : libspdm_return_t status;
2262 : libspdm_test_context_t *spdm_test_context;
2263 : libspdm_context_t *spdm_context;
2264 : size_t response_size;
2265 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2266 : spdm_finish_response_t *spdm_response;
2267 : void *data1;
2268 : size_t data_size1;
2269 : void *data2;
2270 : size_t data_size2;
2271 : uint8_t *ptr;
2272 : uint8_t *cert_buffer;
2273 : size_t cert_buffer_size;
2274 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2275 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2276 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2277 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2278 : libspdm_session_info_t *session_info;
2279 : uint32_t session_id;
2280 : uint32_t hash_size;
2281 : uint32_t hmac_size;
2282 : size_t req_asym_signature_size;
2283 :
2284 1 : spdm_test_context = *state;
2285 1 : spdm_context = spdm_test_context->spdm_context;
2286 1 : spdm_test_context->case_id = 0x14;
2287 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2288 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2289 1 : spdm_context->connection_info.connection_state =
2290 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2291 1 : spdm_context->connection_info.capability.flags |=
2292 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2293 1 : spdm_context->local_context.capability.flags |=
2294 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2295 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2296 : m_libspdm_use_hash_algo;
2297 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2298 : m_libspdm_use_asym_algo;
2299 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2300 : m_libspdm_use_req_asym_algo;
2301 1 : spdm_context->connection_info.algorithm.measurement_spec =
2302 : m_libspdm_use_measurement_spec;
2303 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2304 : m_libspdm_use_measurement_hash_algo;
2305 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2306 : m_libspdm_use_dhe_algo;
2307 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2308 : m_libspdm_use_aead_algo;
2309 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2310 : m_libspdm_use_asym_algo, &data1,
2311 : &data_size1, NULL, NULL);
2312 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2313 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2314 : data_size1;
2315 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2316 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2317 : data_size1;
2318 :
2319 1 : libspdm_reset_message_a(spdm_context);
2320 1 : spdm_context->local_context.mut_auth_requested =
2321 : SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
2322 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2323 : m_libspdm_use_req_asym_algo, &data2,
2324 : &data_size2, NULL, NULL);
2325 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2326 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2327 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2328 : data2, data_size2);
2329 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2330 : data_size2;
2331 : #else
2332 1 : libspdm_hash_all(
2333 : spdm_context->connection_info.algorithm.base_hash_algo,
2334 : data2, data_size2,
2335 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2336 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2337 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2338 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2339 : spdm_context->connection_info.algorithm.base_hash_algo,
2340 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2341 : data2,
2342 : data_size2,
2343 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2344 : #endif
2345 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2346 :
2347 1 : session_id = 0xFFFFFFFF;
2348 1 : spdm_context->latest_session_id = session_id;
2349 1 : session_info = &spdm_context->session_info[0];
2350 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2351 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2352 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2353 1 : libspdm_secured_message_set_request_finished_key(
2354 : session_info->secured_message_context, m_dummy_buffer,
2355 : hash_size);
2356 1 : libspdm_secured_message_set_session_state(
2357 : session_info->secured_message_context,
2358 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2359 1 : session_info->mut_auth_requested =
2360 : SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
2361 :
2362 1 : spdm_context->connection_info.capability.flags |=
2363 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2364 1 : spdm_context->local_context.capability.flags |=
2365 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2366 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2367 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2368 1 : req_asym_signature_size =
2369 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2370 1 : ptr = m_libspdm_finish_request7.signature;
2371 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2372 1 : cert_buffer = (uint8_t *)data1;
2373 1 : cert_buffer_size = data_size1;
2374 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2375 : cert_buffer_hash);
2376 1 : cert_buffer = (uint8_t *)data2;
2377 1 : cert_buffer_size = data_size2;
2378 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2379 : req_cert_buffer_hash);
2380 : /* transcript.message_a size is 0*/
2381 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2382 : /* session_transcript.message_k is 0*/
2383 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2384 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
2385 : sizeof(spdm_finish_request_t));
2386 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2387 1 : libspdm_requester_data_sign(
2388 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
2389 : spdm_context,
2390 : #endif
2391 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
2392 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
2393 1 : false, libspdm_get_managed_buffer(&th_curr),
2394 : libspdm_get_managed_buffer_size(&th_curr),
2395 : ptr, &req_asym_signature_size);
2396 : #endif
2397 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2398 1 : ptr += req_asym_signature_size;
2399 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2400 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2401 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2402 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2403 : request_finished_key, hash_size, ptr);
2404 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2405 1 : req_asym_signature_size + hmac_size;
2406 1 : response_size = sizeof(response);
2407 1 : status = libspdm_get_response_finish(spdm_context,
2408 : m_libspdm_finish_request7_size,
2409 : &m_libspdm_finish_request7,
2410 : &response_size, response);
2411 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2412 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2413 1 : spdm_response = (void *)response;
2414 1 : assert_int_equal(spdm_response->header.request_response_code,
2415 : SPDM_ERROR);
2416 1 : assert_int_equal(spdm_response->header.param1,
2417 : SPDM_ERROR_CODE_INVALID_REQUEST);
2418 1 : assert_int_equal(spdm_response->header.param2, 0);
2419 1 : free(data1);
2420 1 : free(data2);
2421 1 : }
2422 :
2423 : /**
2424 : * Test 21: receiving a valid FINISH request message, due to disable mutual authentication,
2425 : * although SlotID in FINISH request message is 10, it shall be ignored when read.
2426 : * Expected behavior: the responder accepts the request and produces a valid
2427 : * FINISH_RSP response message.
2428 : **/
2429 1 : void libspdm_test_responder_finish_case21(void **state)
2430 : {
2431 : libspdm_return_t status;
2432 : libspdm_test_context_t *spdm_test_context;
2433 : libspdm_context_t *spdm_context;
2434 : size_t response_size;
2435 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2436 : spdm_finish_response_t *spdm_response;
2437 : void *data1;
2438 : size_t data_size1;
2439 : uint8_t *ptr;
2440 : uint8_t *cert_buffer;
2441 : size_t cert_buffer_size;
2442 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2443 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2444 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2445 : libspdm_session_info_t *session_info;
2446 : uint32_t session_id;
2447 : uint32_t hash_size;
2448 : uint32_t hmac_size;
2449 :
2450 1 : spdm_test_context = *state;
2451 1 : spdm_context = spdm_test_context->spdm_context;
2452 1 : spdm_test_context->case_id = 0x15;
2453 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2454 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2455 1 : spdm_context->connection_info.connection_state =
2456 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2457 1 : spdm_context->connection_info.capability.flags |=
2458 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2459 1 : spdm_context->local_context.capability.flags |=
2460 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2461 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2462 : m_libspdm_use_hash_algo;
2463 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2464 : m_libspdm_use_asym_algo;
2465 1 : spdm_context->connection_info.algorithm.measurement_spec =
2466 : m_libspdm_use_measurement_spec;
2467 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2468 : m_libspdm_use_measurement_hash_algo;
2469 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2470 : m_libspdm_use_dhe_algo;
2471 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2472 : m_libspdm_use_aead_algo;
2473 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2474 : m_libspdm_use_asym_algo, &data1,
2475 : &data_size1, NULL, NULL);
2476 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2477 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2478 : data_size1;
2479 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2480 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2481 : data_size1;
2482 :
2483 1 : libspdm_reset_message_a(spdm_context);
2484 1 : spdm_context->local_context.mut_auth_requested = 0;
2485 :
2486 1 : session_id = 0xFFFFFFFF;
2487 1 : spdm_context->latest_session_id = session_id;
2488 1 : session_info = &spdm_context->session_info[0];
2489 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2490 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2491 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2492 1 : libspdm_secured_message_set_request_finished_key(
2493 : session_info->secured_message_context, m_dummy_buffer,
2494 : hash_size);
2495 1 : libspdm_secured_message_set_session_state(
2496 : session_info->secured_message_context,
2497 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2498 1 : session_info->mut_auth_requested = 0;
2499 :
2500 1 : spdm_context->connection_info.capability.flags |=
2501 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2502 1 : spdm_context->local_context.capability.flags |=
2503 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2504 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2505 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2506 1 : ptr = m_libspdm_finish_request6.signature;
2507 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2508 1 : cert_buffer = (uint8_t *)data1;
2509 1 : cert_buffer_size = data_size1;
2510 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2511 : cert_buffer_hash);
2512 : /* transcript.message_a size is 0*/
2513 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2514 : /* session_transcript.message_k is 0*/
2515 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request6,
2516 : sizeof(spdm_finish_request_t));
2517 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2518 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2519 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2520 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2521 : request_finished_key, hash_size, ptr);
2522 1 : m_libspdm_finish_request6_size = sizeof(spdm_finish_request_t) + hmac_size;
2523 1 : response_size = sizeof(response);
2524 1 : status = libspdm_get_response_finish(spdm_context,
2525 : m_libspdm_finish_request6_size,
2526 : &m_libspdm_finish_request6,
2527 : &response_size, response);
2528 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2529 1 : spdm_response = (void *)response;
2530 1 : assert_int_equal(spdm_response->header.request_response_code,
2531 : SPDM_FINISH_RSP);
2532 1 : assert_int_equal(response_size,
2533 : sizeof(spdm_finish_response_t) + hmac_size);
2534 1 : free(data1);
2535 1 : }
2536 :
2537 : /**
2538 : * Test 22: receiving a valid FINISH request message, enable mutual authentication without using the encapsulated request flow,
2539 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
2540 : * although SlotID in FINISH request message is 3, it no need match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
2541 : * Expected behavior: the responder accepts the request and produces a valid
2542 : * FINISH_RSP response message.
2543 : **/
2544 1 : void libspdm_test_responder_finish_case22(void **state)
2545 : {
2546 : libspdm_return_t status;
2547 : libspdm_test_context_t *spdm_test_context;
2548 : libspdm_context_t *spdm_context;
2549 : size_t response_size;
2550 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2551 : spdm_finish_response_t *spdm_response;
2552 : void *data1;
2553 : size_t data_size1;
2554 : void *data2;
2555 : size_t data_size2;
2556 : uint8_t *ptr;
2557 : uint8_t *cert_buffer;
2558 : size_t cert_buffer_size;
2559 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2560 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2561 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2562 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2563 : libspdm_session_info_t *session_info;
2564 : uint32_t session_id;
2565 : uint32_t hash_size;
2566 : uint32_t hmac_size;
2567 : size_t req_asym_signature_size;
2568 :
2569 1 : spdm_test_context = *state;
2570 1 : spdm_context = spdm_test_context->spdm_context;
2571 1 : spdm_test_context->case_id = 0x16;
2572 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2573 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2574 1 : spdm_context->connection_info.connection_state =
2575 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2576 1 : spdm_context->connection_info.capability.flags |=
2577 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2578 1 : spdm_context->local_context.capability.flags |=
2579 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2580 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2581 : m_libspdm_use_hash_algo;
2582 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2583 : m_libspdm_use_asym_algo;
2584 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2585 : m_libspdm_use_req_asym_algo;
2586 1 : spdm_context->connection_info.algorithm.measurement_spec =
2587 : m_libspdm_use_measurement_spec;
2588 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2589 : m_libspdm_use_measurement_hash_algo;
2590 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2591 : m_libspdm_use_dhe_algo;
2592 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2593 : m_libspdm_use_aead_algo;
2594 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2595 : m_libspdm_use_asym_algo, &data1,
2596 : &data_size1, NULL, NULL);
2597 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2598 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2599 : data_size1;
2600 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2601 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2602 : data_size1;
2603 :
2604 1 : libspdm_reset_message_a(spdm_context);
2605 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2606 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2607 : m_libspdm_use_req_asym_algo, &data2,
2608 : &data_size2, NULL, NULL);
2609 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2610 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2611 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2612 : data2, data_size2);
2613 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2614 : data_size2;
2615 : #else
2616 1 : libspdm_hash_all(
2617 : spdm_context->connection_info.algorithm.base_hash_algo,
2618 : data2, data_size2,
2619 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2620 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2621 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2622 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2623 : spdm_context->connection_info.algorithm.base_hash_algo,
2624 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2625 : data2,
2626 : data_size2,
2627 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2628 : #endif
2629 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2630 :
2631 1 : session_id = 0xFFFFFFFF;
2632 1 : spdm_context->latest_session_id = session_id;
2633 1 : session_info = &spdm_context->session_info[0];
2634 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2635 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2636 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2637 1 : libspdm_secured_message_set_request_finished_key(
2638 : session_info->secured_message_context, m_dummy_buffer,
2639 : hash_size);
2640 1 : libspdm_secured_message_set_session_state(
2641 : session_info->secured_message_context,
2642 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2643 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2644 :
2645 1 : spdm_context->connection_info.capability.flags |=
2646 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2647 1 : spdm_context->local_context.capability.flags |=
2648 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2649 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2650 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2651 1 : req_asym_signature_size =
2652 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2653 1 : ptr = m_libspdm_finish_request7.signature;
2654 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2655 1 : cert_buffer = (uint8_t *)data1;
2656 1 : cert_buffer_size = data_size1;
2657 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2658 : cert_buffer_hash);
2659 1 : cert_buffer = (uint8_t *)data2;
2660 1 : cert_buffer_size = data_size2;
2661 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2662 : req_cert_buffer_hash);
2663 : /* transcript.message_a size is 0*/
2664 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2665 : /* session_transcript.message_k is 0*/
2666 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2667 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
2668 : sizeof(spdm_finish_request_t));
2669 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2670 1 : libspdm_requester_data_sign(
2671 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
2672 : spdm_context,
2673 : #endif
2674 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
2675 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
2676 1 : false, libspdm_get_managed_buffer(&th_curr),
2677 : libspdm_get_managed_buffer_size(&th_curr),
2678 : ptr, &req_asym_signature_size);
2679 : #endif
2680 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2681 1 : ptr += req_asym_signature_size;
2682 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2683 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2684 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2685 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2686 : request_finished_key, hash_size, ptr);
2687 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2688 1 : req_asym_signature_size + hmac_size;
2689 1 : response_size = sizeof(response);
2690 1 : status = libspdm_get_response_finish(spdm_context,
2691 : m_libspdm_finish_request7_size,
2692 : &m_libspdm_finish_request7,
2693 : &response_size, response);
2694 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2695 1 : spdm_response = (void *)response;
2696 1 : assert_int_equal(spdm_response->header.request_response_code,
2697 : SPDM_FINISH_RSP);
2698 1 : assert_int_equal(response_size,
2699 : sizeof(spdm_finish_response_t) + hmac_size);
2700 1 : free(data1);
2701 1 : free(data2);
2702 1 : }
2703 :
2704 : /**
2705 : * Test 23: Same as test case 22 but test signature endianness.
2706 : * Big-Endian Sign. Little-Endian Verify.
2707 : * Expecting signature to fail.
2708 : **/
2709 1 : void libspdm_test_responder_finish_case23(void** state)
2710 : {
2711 : libspdm_return_t status;
2712 : libspdm_test_context_t* spdm_test_context;
2713 : libspdm_context_t* spdm_context;
2714 : size_t response_size;
2715 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2716 : spdm_finish_response_t* spdm_response;
2717 : void* data1;
2718 : size_t data_size1;
2719 : void* data2;
2720 : size_t data_size2;
2721 : uint8_t* ptr;
2722 : uint8_t* cert_buffer;
2723 : size_t cert_buffer_size;
2724 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2725 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2726 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2727 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2728 : libspdm_session_info_t* session_info;
2729 : uint32_t session_id;
2730 : uint32_t hash_size;
2731 : uint32_t hmac_size;
2732 : size_t req_asym_signature_size;
2733 :
2734 1 : spdm_test_context = *state;
2735 1 : spdm_context = spdm_test_context->spdm_context;
2736 1 : spdm_test_context->case_id = 23;
2737 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2738 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2739 1 : spdm_context->connection_info.connection_state =
2740 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2741 1 : spdm_context->connection_info.capability.flags |=
2742 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2743 1 : spdm_context->local_context.capability.flags |=
2744 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2745 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2746 : m_libspdm_use_hash_algo;
2747 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2748 : m_libspdm_use_asym_algo;
2749 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2750 : m_libspdm_use_req_asym_algo;
2751 1 : spdm_context->connection_info.algorithm.measurement_spec =
2752 : m_libspdm_use_measurement_spec;
2753 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2754 : m_libspdm_use_measurement_hash_algo;
2755 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2756 : m_libspdm_use_dhe_algo;
2757 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2758 : m_libspdm_use_aead_algo;
2759 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2760 : m_libspdm_use_asym_algo, &data1,
2761 : &data_size1, NULL, NULL);
2762 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2763 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2764 : data_size1;
2765 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2766 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2767 : data_size1;
2768 1 : spdm_context->spdm_10_11_verify_signature_endian =
2769 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
2770 :
2771 1 : libspdm_reset_message_a(spdm_context);
2772 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2773 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2774 : m_libspdm_use_req_asym_algo, &data2,
2775 : &data_size2, NULL, NULL);
2776 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2777 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2778 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2779 : data2, data_size2);
2780 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2781 : data_size2;
2782 : #else
2783 1 : libspdm_hash_all(
2784 : spdm_context->connection_info.algorithm.base_hash_algo,
2785 : data2, data_size2,
2786 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2787 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2788 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2789 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2790 : spdm_context->connection_info.algorithm.base_hash_algo,
2791 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2792 : data2,
2793 : data_size2,
2794 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2795 : #endif
2796 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2797 :
2798 1 : session_id = 0xFFFFFFFF;
2799 1 : spdm_context->latest_session_id = session_id;
2800 1 : session_info = &spdm_context->session_info[0];
2801 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2802 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2803 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2804 1 : libspdm_secured_message_set_request_finished_key(
2805 : session_info->secured_message_context, m_dummy_buffer,
2806 : hash_size);
2807 1 : libspdm_secured_message_set_session_state(
2808 : session_info->secured_message_context,
2809 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2810 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2811 :
2812 1 : spdm_context->connection_info.capability.flags |=
2813 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2814 1 : spdm_context->local_context.capability.flags |=
2815 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2816 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2817 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2818 1 : req_asym_signature_size =
2819 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2820 1 : ptr = m_libspdm_finish_request7.signature;
2821 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2822 1 : cert_buffer = (uint8_t*)data1;
2823 1 : cert_buffer_size = data_size1;
2824 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2825 : cert_buffer_hash);
2826 1 : cert_buffer = (uint8_t*)data2;
2827 1 : cert_buffer_size = data_size2;
2828 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2829 : req_cert_buffer_hash);
2830 : /* transcript.message_a size is 0*/
2831 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2832 : /* session_transcript.message_k is 0*/
2833 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2834 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
2835 : sizeof(spdm_finish_request_t));
2836 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2837 1 : libspdm_requester_data_sign(
2838 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
2839 : spdm_context,
2840 : #endif
2841 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
2842 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
2843 1 : false, libspdm_get_managed_buffer(&th_curr),
2844 : libspdm_get_managed_buffer_size(&th_curr),
2845 : ptr, &req_asym_signature_size);
2846 : #endif
2847 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2848 1 : ptr += req_asym_signature_size;
2849 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2850 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2851 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2852 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2853 : request_finished_key, hash_size, ptr);
2854 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2855 1 : req_asym_signature_size + hmac_size;
2856 1 : response_size = sizeof(response);
2857 1 : status = libspdm_get_response_finish(spdm_context,
2858 : m_libspdm_finish_request7_size,
2859 : &m_libspdm_finish_request7,
2860 : &response_size, response);
2861 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2862 1 : spdm_response = (void*)response;
2863 :
2864 : /* Expecting failure on little-endian signature */
2865 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
2866 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2867 1 : free(data1);
2868 1 : free(data2);
2869 1 : }
2870 :
2871 : /**
2872 : * Test 24: Same as test case 22 but test signature endianness.
2873 : * Big-Endian Sign. Big-Endian Verify.
2874 : * Expecting signature to PASS.
2875 : **/
2876 1 : void libspdm_test_responder_finish_case24(void** state)
2877 : {
2878 : libspdm_return_t status;
2879 : libspdm_test_context_t* spdm_test_context;
2880 : libspdm_context_t* spdm_context;
2881 : size_t response_size;
2882 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2883 : spdm_finish_response_t* spdm_response;
2884 : void* data1;
2885 : size_t data_size1;
2886 : void* data2;
2887 : size_t data_size2;
2888 : uint8_t* ptr;
2889 : uint8_t* cert_buffer;
2890 : size_t cert_buffer_size;
2891 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2892 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2893 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2894 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2895 : libspdm_session_info_t* session_info;
2896 : uint32_t session_id;
2897 : uint32_t hash_size;
2898 : uint32_t hmac_size;
2899 : size_t req_asym_signature_size;
2900 :
2901 1 : spdm_test_context = *state;
2902 1 : spdm_context = spdm_test_context->spdm_context;
2903 1 : spdm_test_context->case_id = 24;
2904 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2905 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2906 1 : spdm_context->connection_info.connection_state =
2907 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2908 1 : spdm_context->connection_info.capability.flags |=
2909 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2910 1 : spdm_context->local_context.capability.flags |=
2911 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2912 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2913 : m_libspdm_use_hash_algo;
2914 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2915 : m_libspdm_use_asym_algo;
2916 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2917 : m_libspdm_use_req_asym_algo;
2918 1 : spdm_context->connection_info.algorithm.measurement_spec =
2919 : m_libspdm_use_measurement_spec;
2920 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2921 : m_libspdm_use_measurement_hash_algo;
2922 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2923 : m_libspdm_use_dhe_algo;
2924 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2925 : m_libspdm_use_aead_algo;
2926 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2927 : m_libspdm_use_asym_algo, &data1,
2928 : &data_size1, NULL, NULL);
2929 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2930 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2931 : data_size1;
2932 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2933 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2934 : data_size1;
2935 1 : spdm_context->spdm_10_11_verify_signature_endian =
2936 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
2937 :
2938 1 : libspdm_reset_message_a(spdm_context);
2939 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2940 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2941 : m_libspdm_use_req_asym_algo, &data2,
2942 : &data_size2, NULL, NULL);
2943 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2944 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2945 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2946 : data2, data_size2);
2947 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2948 : data_size2;
2949 : #else
2950 1 : libspdm_hash_all(
2951 : spdm_context->connection_info.algorithm.base_hash_algo,
2952 : data2, data_size2,
2953 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2954 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2955 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2956 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2957 : spdm_context->connection_info.algorithm.base_hash_algo,
2958 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2959 : data2,
2960 : data_size2,
2961 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2962 : #endif
2963 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2964 :
2965 1 : session_id = 0xFFFFFFFF;
2966 1 : spdm_context->latest_session_id = session_id;
2967 1 : session_info = &spdm_context->session_info[0];
2968 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2969 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2970 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2971 1 : libspdm_secured_message_set_request_finished_key(
2972 : session_info->secured_message_context, m_dummy_buffer,
2973 : hash_size);
2974 1 : libspdm_secured_message_set_session_state(
2975 : session_info->secured_message_context,
2976 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2977 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2978 :
2979 1 : spdm_context->connection_info.capability.flags |=
2980 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2981 1 : spdm_context->local_context.capability.flags |=
2982 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2983 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2984 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2985 1 : req_asym_signature_size =
2986 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2987 1 : ptr = m_libspdm_finish_request7.signature;
2988 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2989 1 : cert_buffer = (uint8_t*)data1;
2990 1 : cert_buffer_size = data_size1;
2991 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2992 : cert_buffer_hash);
2993 1 : cert_buffer = (uint8_t*)data2;
2994 1 : cert_buffer_size = data_size2;
2995 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2996 : req_cert_buffer_hash);
2997 : /* transcript.message_a size is 0*/
2998 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2999 : /* session_transcript.message_k is 0*/
3000 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3001 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3002 : sizeof(spdm_finish_request_t));
3003 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3004 1 : libspdm_requester_data_sign(
3005 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
3006 : spdm_context,
3007 : #endif
3008 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3009 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
3010 1 : false, libspdm_get_managed_buffer(&th_curr),
3011 : libspdm_get_managed_buffer_size(&th_curr),
3012 : ptr, &req_asym_signature_size);
3013 : #endif
3014 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3015 1 : ptr += req_asym_signature_size;
3016 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3017 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3018 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3019 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3020 : request_finished_key, hash_size, ptr);
3021 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3022 1 : req_asym_signature_size + hmac_size;
3023 1 : response_size = sizeof(response);
3024 1 : status = libspdm_get_response_finish(spdm_context,
3025 : m_libspdm_finish_request7_size,
3026 : &m_libspdm_finish_request7,
3027 : &response_size, response);
3028 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3029 1 : spdm_response = (void*)response;
3030 :
3031 : /* Expecting pass on big-endian signature */
3032 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3033 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3034 1 : free(data1);
3035 1 : free(data2);
3036 1 : }
3037 :
3038 : /**
3039 : * Test 25: Same as test case 22, but test signature endianness.
3040 : * Big Endian Sign. Big or Little Endian Verify.
3041 : * Expecting signature to PASS.
3042 : **/
3043 1 : void libspdm_test_responder_finish_case25(void** state)
3044 : {
3045 : libspdm_return_t status;
3046 : libspdm_test_context_t* spdm_test_context;
3047 : libspdm_context_t* spdm_context;
3048 : size_t response_size;
3049 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3050 : spdm_finish_response_t* spdm_response;
3051 : void* data1;
3052 : size_t data_size1;
3053 : void* data2;
3054 : size_t data_size2;
3055 : uint8_t* ptr;
3056 : uint8_t* cert_buffer;
3057 : size_t cert_buffer_size;
3058 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3059 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3060 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3061 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3062 : libspdm_session_info_t* session_info;
3063 : uint32_t session_id;
3064 : uint32_t hash_size;
3065 : uint32_t hmac_size;
3066 : size_t req_asym_signature_size;
3067 :
3068 1 : spdm_test_context = *state;
3069 1 : spdm_context = spdm_test_context->spdm_context;
3070 1 : spdm_test_context->case_id = 25;
3071 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3072 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3073 1 : spdm_context->connection_info.connection_state =
3074 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3075 1 : spdm_context->connection_info.capability.flags |=
3076 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3077 1 : spdm_context->local_context.capability.flags |=
3078 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3079 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3080 : m_libspdm_use_hash_algo;
3081 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3082 : m_libspdm_use_asym_algo;
3083 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3084 : m_libspdm_use_req_asym_algo;
3085 1 : spdm_context->connection_info.algorithm.measurement_spec =
3086 : m_libspdm_use_measurement_spec;
3087 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3088 : m_libspdm_use_measurement_hash_algo;
3089 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3090 : m_libspdm_use_dhe_algo;
3091 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3092 : m_libspdm_use_aead_algo;
3093 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3094 : m_libspdm_use_asym_algo, &data1,
3095 : &data_size1, NULL, NULL);
3096 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3097 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3098 : data_size1;
3099 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3100 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3101 : data_size1;
3102 1 : spdm_context->spdm_10_11_verify_signature_endian =
3103 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
3104 :
3105 1 : libspdm_reset_message_a(spdm_context);
3106 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3107 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3108 : m_libspdm_use_req_asym_algo, &data2,
3109 : &data_size2, NULL, NULL);
3110 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3111 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3112 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3113 : data2, data_size2);
3114 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3115 : data_size2;
3116 : #else
3117 1 : libspdm_hash_all(
3118 : spdm_context->connection_info.algorithm.base_hash_algo,
3119 : data2, data_size2,
3120 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3121 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3122 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3123 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3124 : spdm_context->connection_info.algorithm.base_hash_algo,
3125 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3126 : data2,
3127 : data_size2,
3128 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3129 : #endif
3130 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
3131 :
3132 1 : session_id = 0xFFFFFFFF;
3133 1 : spdm_context->latest_session_id = session_id;
3134 1 : session_info = &spdm_context->session_info[0];
3135 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
3136 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3137 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3138 1 : libspdm_secured_message_set_request_finished_key(
3139 : session_info->secured_message_context, m_dummy_buffer,
3140 : hash_size);
3141 1 : libspdm_secured_message_set_session_state(
3142 : session_info->secured_message_context,
3143 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3144 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3145 :
3146 1 : spdm_context->connection_info.capability.flags |=
3147 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3148 1 : spdm_context->local_context.capability.flags |=
3149 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3150 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3151 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3152 1 : req_asym_signature_size =
3153 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3154 1 : ptr = m_libspdm_finish_request7.signature;
3155 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3156 1 : cert_buffer = (uint8_t*)data1;
3157 1 : cert_buffer_size = data_size1;
3158 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3159 : cert_buffer_hash);
3160 1 : cert_buffer = (uint8_t*)data2;
3161 1 : cert_buffer_size = data_size2;
3162 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3163 : req_cert_buffer_hash);
3164 : /* transcript.message_a size is 0*/
3165 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3166 : /* session_transcript.message_k is 0*/
3167 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3168 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3169 : sizeof(spdm_finish_request_t));
3170 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3171 1 : libspdm_requester_data_sign(
3172 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
3173 : spdm_context,
3174 : #endif
3175 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3176 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
3177 1 : false, libspdm_get_managed_buffer(&th_curr),
3178 : libspdm_get_managed_buffer_size(&th_curr),
3179 : ptr, &req_asym_signature_size);
3180 : #endif
3181 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3182 1 : ptr += req_asym_signature_size;
3183 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3184 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3185 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3186 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3187 : request_finished_key, hash_size, ptr);
3188 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3189 1 : req_asym_signature_size + hmac_size;
3190 1 : response_size = sizeof(response);
3191 1 : status = libspdm_get_response_finish(spdm_context,
3192 : m_libspdm_finish_request7_size,
3193 : &m_libspdm_finish_request7,
3194 : &response_size, response);
3195 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3196 1 : spdm_response = (void*)response;
3197 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3198 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3199 1 : free(data1);
3200 1 : free(data2);
3201 1 : }
3202 :
3203 : /**
3204 : * Test 26: Same as test case 22, but test endian verification.
3205 : * Sign as Little Endian, Verify as Little.
3206 : * Expecting signature to PASS.
3207 : **/
3208 1 : void libspdm_test_responder_finish_case26(void** state)
3209 : {
3210 : libspdm_return_t status;
3211 : libspdm_test_context_t* spdm_test_context;
3212 : libspdm_context_t* spdm_context;
3213 : size_t response_size;
3214 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3215 : spdm_finish_response_t* spdm_response;
3216 : void* data1;
3217 : size_t data_size1;
3218 : void* data2;
3219 : size_t data_size2;
3220 : uint8_t* ptr;
3221 : uint8_t* cert_buffer;
3222 : size_t cert_buffer_size;
3223 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3224 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3225 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3226 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3227 : libspdm_session_info_t* session_info;
3228 : uint32_t session_id;
3229 : uint32_t hash_size;
3230 : uint32_t hmac_size;
3231 : size_t req_asym_signature_size;
3232 :
3233 1 : spdm_test_context = *state;
3234 1 : spdm_context = spdm_test_context->spdm_context;
3235 1 : spdm_test_context->case_id = 26;
3236 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3237 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3238 1 : spdm_context->connection_info.connection_state =
3239 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3240 1 : spdm_context->connection_info.capability.flags |=
3241 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3242 1 : spdm_context->local_context.capability.flags |=
3243 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3244 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3245 : m_libspdm_use_hash_algo;
3246 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3247 : m_libspdm_use_asym_algo;
3248 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3249 : m_libspdm_use_req_asym_algo;
3250 1 : spdm_context->connection_info.algorithm.measurement_spec =
3251 : m_libspdm_use_measurement_spec;
3252 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3253 : m_libspdm_use_measurement_hash_algo;
3254 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3255 : m_libspdm_use_dhe_algo;
3256 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3257 : m_libspdm_use_aead_algo;
3258 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3259 : m_libspdm_use_asym_algo, &data1,
3260 : &data_size1, NULL, NULL);
3261 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3262 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3263 : data_size1;
3264 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3265 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3266 : data_size1;
3267 1 : spdm_context->spdm_10_11_verify_signature_endian =
3268 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
3269 :
3270 1 : libspdm_reset_message_a(spdm_context);
3271 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3272 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3273 : m_libspdm_use_req_asym_algo, &data2,
3274 : &data_size2, NULL, NULL);
3275 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3276 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3277 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3278 : data2, data_size2);
3279 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3280 : data_size2;
3281 : #else
3282 1 : libspdm_hash_all(
3283 : spdm_context->connection_info.algorithm.base_hash_algo,
3284 : data2, data_size2,
3285 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3286 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3287 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3288 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3289 : spdm_context->connection_info.algorithm.base_hash_algo,
3290 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3291 : data2,
3292 : data_size2,
3293 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3294 : #endif
3295 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
3296 :
3297 1 : session_id = 0xFFFFFFFF;
3298 1 : spdm_context->latest_session_id = session_id;
3299 1 : session_info = &spdm_context->session_info[0];
3300 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
3301 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3302 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3303 1 : libspdm_secured_message_set_request_finished_key(
3304 : session_info->secured_message_context, m_dummy_buffer,
3305 : hash_size);
3306 1 : libspdm_secured_message_set_session_state(
3307 : session_info->secured_message_context,
3308 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3309 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3310 :
3311 1 : spdm_context->connection_info.capability.flags |=
3312 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3313 1 : spdm_context->local_context.capability.flags |=
3314 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3315 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3316 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3317 1 : req_asym_signature_size =
3318 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3319 1 : ptr = m_libspdm_finish_request7.signature;
3320 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3321 1 : cert_buffer = (uint8_t*)data1;
3322 1 : cert_buffer_size = data_size1;
3323 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3324 : cert_buffer_hash);
3325 1 : cert_buffer = (uint8_t*)data2;
3326 1 : cert_buffer_size = data_size2;
3327 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3328 : req_cert_buffer_hash);
3329 : /* transcript.message_a size is 0*/
3330 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3331 : /* session_transcript.message_k is 0*/
3332 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3333 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3334 : sizeof(spdm_finish_request_t));
3335 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3336 1 : libspdm_requester_data_sign(
3337 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
3338 : spdm_context,
3339 : #endif
3340 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3341 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
3342 1 : false, libspdm_get_managed_buffer(&th_curr),
3343 : libspdm_get_managed_buffer_size(&th_curr),
3344 : ptr, &req_asym_signature_size);
3345 :
3346 : /* Switch signature to little endian */
3347 1 : libspdm_copy_signature_swap_endian(
3348 : m_libspdm_use_req_asym_algo,
3349 : ptr, req_asym_signature_size,
3350 : ptr, req_asym_signature_size);
3351 : #endif
3352 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3353 1 : ptr += req_asym_signature_size;
3354 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3355 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3356 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3357 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3358 : request_finished_key, hash_size, ptr);
3359 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3360 1 : req_asym_signature_size + hmac_size;
3361 1 : response_size = sizeof(response);
3362 1 : status = libspdm_get_response_finish(spdm_context,
3363 : m_libspdm_finish_request7_size,
3364 : &m_libspdm_finish_request7,
3365 : &response_size, response);
3366 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3367 1 : spdm_response = (void*)response;
3368 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3369 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3370 1 : free(data1);
3371 1 : free(data2);
3372 1 : }
3373 :
3374 : /**
3375 : * Test 27: Same as test case 22, but test endian verification.
3376 : * Sign as Little Endian, Verify as Big.
3377 : * Expecting signature to FAIL.
3378 : **/
3379 1 : void libspdm_test_responder_finish_case27(void** state)
3380 : {
3381 : libspdm_return_t status;
3382 : libspdm_test_context_t* spdm_test_context;
3383 : libspdm_context_t* spdm_context;
3384 : size_t response_size;
3385 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3386 : spdm_finish_response_t* spdm_response;
3387 : void* data1;
3388 : size_t data_size1;
3389 : void* data2;
3390 : size_t data_size2;
3391 : uint8_t* ptr;
3392 : uint8_t* cert_buffer;
3393 : size_t cert_buffer_size;
3394 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3395 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3396 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3397 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3398 : libspdm_session_info_t* session_info;
3399 : uint32_t session_id;
3400 : uint32_t hash_size;
3401 : uint32_t hmac_size;
3402 : size_t req_asym_signature_size;
3403 :
3404 1 : spdm_test_context = *state;
3405 1 : spdm_context = spdm_test_context->spdm_context;
3406 1 : spdm_test_context->case_id = 27;
3407 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3408 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3409 1 : spdm_context->connection_info.connection_state =
3410 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3411 1 : spdm_context->connection_info.capability.flags |=
3412 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3413 1 : spdm_context->local_context.capability.flags |=
3414 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3415 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3416 : m_libspdm_use_hash_algo;
3417 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3418 : m_libspdm_use_asym_algo;
3419 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3420 : m_libspdm_use_req_asym_algo;
3421 1 : spdm_context->connection_info.algorithm.measurement_spec =
3422 : m_libspdm_use_measurement_spec;
3423 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3424 : m_libspdm_use_measurement_hash_algo;
3425 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3426 : m_libspdm_use_dhe_algo;
3427 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3428 : m_libspdm_use_aead_algo;
3429 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3430 : m_libspdm_use_asym_algo, &data1,
3431 : &data_size1, NULL, NULL);
3432 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3433 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3434 : data_size1;
3435 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3436 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3437 : data_size1;
3438 1 : spdm_context->spdm_10_11_verify_signature_endian =
3439 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
3440 :
3441 1 : libspdm_reset_message_a(spdm_context);
3442 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3443 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3444 : m_libspdm_use_req_asym_algo, &data2,
3445 : &data_size2, NULL, NULL);
3446 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3447 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3448 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3449 : data2, data_size2);
3450 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3451 : data_size2;
3452 : #else
3453 1 : libspdm_hash_all(
3454 : spdm_context->connection_info.algorithm.base_hash_algo,
3455 : data2, data_size2,
3456 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3457 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3458 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3459 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3460 : spdm_context->connection_info.algorithm.base_hash_algo,
3461 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3462 : data2,
3463 : data_size2,
3464 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3465 : #endif
3466 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
3467 :
3468 1 : session_id = 0xFFFFFFFF;
3469 1 : spdm_context->latest_session_id = session_id;
3470 1 : session_info = &spdm_context->session_info[0];
3471 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
3472 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3473 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3474 1 : libspdm_secured_message_set_request_finished_key(
3475 : session_info->secured_message_context, m_dummy_buffer,
3476 : hash_size);
3477 1 : libspdm_secured_message_set_session_state(
3478 : session_info->secured_message_context,
3479 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3480 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3481 :
3482 1 : spdm_context->connection_info.capability.flags |=
3483 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3484 1 : spdm_context->local_context.capability.flags |=
3485 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3486 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3487 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3488 1 : req_asym_signature_size =
3489 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3490 1 : ptr = m_libspdm_finish_request7.signature;
3491 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3492 1 : cert_buffer = (uint8_t*)data1;
3493 1 : cert_buffer_size = data_size1;
3494 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3495 : cert_buffer_hash);
3496 1 : cert_buffer = (uint8_t*)data2;
3497 1 : cert_buffer_size = data_size2;
3498 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3499 : req_cert_buffer_hash);
3500 : /* transcript.message_a size is 0*/
3501 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3502 : /* session_transcript.message_k is 0*/
3503 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3504 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3505 : sizeof(spdm_finish_request_t));
3506 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3507 1 : libspdm_requester_data_sign(
3508 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
3509 : spdm_context,
3510 : #endif
3511 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3512 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
3513 1 : false, libspdm_get_managed_buffer(&th_curr),
3514 : libspdm_get_managed_buffer_size(&th_curr),
3515 : ptr, &req_asym_signature_size);
3516 :
3517 : /* Switch signature to little endian */
3518 1 : libspdm_copy_signature_swap_endian(
3519 : m_libspdm_use_req_asym_algo,
3520 : ptr, req_asym_signature_size,
3521 : ptr, req_asym_signature_size);
3522 : #endif
3523 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3524 1 : ptr += req_asym_signature_size;
3525 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3526 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3527 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3528 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3529 : request_finished_key, hash_size, ptr);
3530 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3531 1 : req_asym_signature_size + hmac_size;
3532 1 : response_size = sizeof(response);
3533 1 : status = libspdm_get_response_finish(spdm_context,
3534 : m_libspdm_finish_request7_size,
3535 : &m_libspdm_finish_request7,
3536 : &response_size, response);
3537 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3538 1 : spdm_response = (void*)response;
3539 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
3540 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
3541 1 : free(data1);
3542 1 : free(data2);
3543 1 : }
3544 :
3545 : /**
3546 : * Test 28: Same as test case 22, but test endian verification.
3547 : * Sign as Little Endian, Verify as Big Or Little.
3548 : * Expecting signature to PASS.
3549 : **/
3550 1 : void libspdm_test_responder_finish_case28(void** state)
3551 : {
3552 : libspdm_return_t status;
3553 : libspdm_test_context_t* spdm_test_context;
3554 : libspdm_context_t* spdm_context;
3555 : size_t response_size;
3556 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3557 : spdm_finish_response_t* spdm_response;
3558 : void* data1;
3559 : size_t data_size1;
3560 : void* data2;
3561 : size_t data_size2;
3562 : uint8_t* ptr;
3563 : uint8_t* cert_buffer;
3564 : size_t cert_buffer_size;
3565 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3566 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3567 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3568 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3569 : libspdm_session_info_t* session_info;
3570 : uint32_t session_id;
3571 : uint32_t hash_size;
3572 : uint32_t hmac_size;
3573 : size_t req_asym_signature_size;
3574 :
3575 1 : spdm_test_context = *state;
3576 1 : spdm_context = spdm_test_context->spdm_context;
3577 1 : spdm_test_context->case_id = 28;
3578 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3579 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3580 1 : spdm_context->connection_info.connection_state =
3581 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3582 1 : spdm_context->connection_info.capability.flags |=
3583 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3584 1 : spdm_context->local_context.capability.flags |=
3585 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3586 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3587 : m_libspdm_use_hash_algo;
3588 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3589 : m_libspdm_use_asym_algo;
3590 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3591 : m_libspdm_use_req_asym_algo;
3592 1 : spdm_context->connection_info.algorithm.measurement_spec =
3593 : m_libspdm_use_measurement_spec;
3594 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3595 : m_libspdm_use_measurement_hash_algo;
3596 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3597 : m_libspdm_use_dhe_algo;
3598 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3599 : m_libspdm_use_aead_algo;
3600 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3601 : m_libspdm_use_asym_algo, &data1,
3602 : &data_size1, NULL, NULL);
3603 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3604 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3605 : data_size1;
3606 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3607 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3608 : data_size1;
3609 1 : spdm_context->spdm_10_11_verify_signature_endian =
3610 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
3611 :
3612 1 : libspdm_reset_message_a(spdm_context);
3613 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3614 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3615 : m_libspdm_use_req_asym_algo, &data2,
3616 : &data_size2, NULL, NULL);
3617 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3618 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3619 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3620 : data2, data_size2);
3621 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3622 : data_size2;
3623 : #else
3624 1 : libspdm_hash_all(
3625 : spdm_context->connection_info.algorithm.base_hash_algo,
3626 : data2, data_size2,
3627 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3628 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3629 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3630 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3631 : spdm_context->connection_info.algorithm.base_hash_algo,
3632 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3633 : data2,
3634 : data_size2,
3635 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3636 : #endif
3637 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
3638 :
3639 1 : session_id = 0xFFFFFFFF;
3640 1 : spdm_context->latest_session_id = session_id;
3641 1 : session_info = &spdm_context->session_info[0];
3642 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
3643 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3644 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3645 1 : libspdm_secured_message_set_request_finished_key(
3646 : session_info->secured_message_context, m_dummy_buffer,
3647 : hash_size);
3648 1 : libspdm_secured_message_set_session_state(
3649 : session_info->secured_message_context,
3650 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3651 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3652 :
3653 1 : spdm_context->connection_info.capability.flags |=
3654 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3655 1 : spdm_context->local_context.capability.flags |=
3656 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3657 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3658 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3659 1 : req_asym_signature_size =
3660 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3661 1 : ptr = m_libspdm_finish_request7.signature;
3662 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3663 1 : cert_buffer = (uint8_t*)data1;
3664 1 : cert_buffer_size = data_size1;
3665 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3666 : cert_buffer_hash);
3667 1 : cert_buffer = (uint8_t*)data2;
3668 1 : cert_buffer_size = data_size2;
3669 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3670 : req_cert_buffer_hash);
3671 : /* transcript.message_a size is 0*/
3672 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3673 : /* session_transcript.message_k is 0*/
3674 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3675 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3676 : sizeof(spdm_finish_request_t));
3677 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3678 1 : libspdm_requester_data_sign(
3679 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
3680 : spdm_context,
3681 : #endif
3682 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3683 : m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo,
3684 1 : false, libspdm_get_managed_buffer(&th_curr),
3685 : libspdm_get_managed_buffer_size(&th_curr),
3686 : ptr, &req_asym_signature_size);
3687 :
3688 : /* Switch signature to little endian */
3689 1 : libspdm_copy_signature_swap_endian(
3690 : m_libspdm_use_req_asym_algo,
3691 : ptr, req_asym_signature_size,
3692 : ptr, req_asym_signature_size);
3693 : #endif
3694 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3695 1 : ptr += req_asym_signature_size;
3696 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3697 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3698 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3699 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3700 : request_finished_key, hash_size, ptr);
3701 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3702 1 : req_asym_signature_size + hmac_size;
3703 1 : response_size = sizeof(response);
3704 1 : status = libspdm_get_response_finish(spdm_context,
3705 : m_libspdm_finish_request7_size,
3706 : &m_libspdm_finish_request7,
3707 : &response_size, response);
3708 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3709 1 : spdm_response = (void*)response;
3710 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3711 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3712 1 : free(data1);
3713 1 : free(data2);
3714 1 : }
3715 :
3716 : /**
3717 : * Test 29: Receive the correct FINISH from the requester, and
3718 : * the requester and responder have not set HANDSHAKE_IN_THE_CLEAR.
3719 : * Expected behavior: the responder accepts the request and produces a valid
3720 : * FINISH_RSP response message, and The ResponderVerifyData field is absent.
3721 : **/
3722 1 : void libspdm_test_responder_finish_case29(void **state)
3723 : {
3724 : libspdm_return_t status;
3725 : libspdm_test_context_t *spdm_test_context;
3726 : libspdm_context_t *spdm_context;
3727 : size_t response_size;
3728 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3729 : spdm_finish_response_t *spdm_response;
3730 : void *data1;
3731 : size_t data_size1;
3732 : uint8_t *ptr;
3733 : uint8_t *cert_buffer;
3734 : size_t cert_buffer_size;
3735 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3736 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3737 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3738 : libspdm_session_info_t *session_info;
3739 : uint32_t session_id;
3740 : uint32_t hash_size;
3741 : uint32_t hmac_size;
3742 :
3743 1 : spdm_test_context = *state;
3744 1 : spdm_context = spdm_test_context->spdm_context;
3745 1 : spdm_test_context->case_id = 29;
3746 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3747 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3748 1 : spdm_context->connection_info.connection_state =
3749 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3750 1 : spdm_context->connection_info.capability.flags |=
3751 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3752 1 : spdm_context->local_context.capability.flags |=
3753 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3754 :
3755 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3756 : m_libspdm_use_hash_algo;
3757 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3758 : m_libspdm_use_asym_algo;
3759 1 : spdm_context->connection_info.algorithm.measurement_spec =
3760 : m_libspdm_use_measurement_spec;
3761 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3762 : m_libspdm_use_measurement_hash_algo;
3763 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3764 : m_libspdm_use_dhe_algo;
3765 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3766 : m_libspdm_use_aead_algo;
3767 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3768 : m_libspdm_use_asym_algo, &data1,
3769 : &data_size1, NULL, NULL);
3770 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3771 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3772 : data_size1;
3773 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3774 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3775 : data_size1;
3776 :
3777 1 : libspdm_reset_message_a(spdm_context);
3778 1 : spdm_context->local_context.mut_auth_requested = 0;
3779 :
3780 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3781 1 : spdm_context->connection_info.capability.flags &=
3782 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3783 1 : spdm_context->local_context.capability.flags &=
3784 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3785 :
3786 1 : session_id = 0xFFFFFFFF;
3787 1 : spdm_context->latest_session_id = session_id;
3788 1 : spdm_context->last_spdm_request_session_id_valid = true;
3789 1 : spdm_context->last_spdm_request_session_id = session_id;
3790 1 : session_info = &spdm_context->session_info[0];
3791 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
3792 :
3793 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3794 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3795 :
3796 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3797 1 : libspdm_secured_message_set_request_finished_key(
3798 : session_info->secured_message_context, m_dummy_buffer,
3799 : hash_size);
3800 1 : libspdm_secured_message_set_session_state(
3801 : session_info->secured_message_context,
3802 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3803 :
3804 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3805 1 : ptr = m_libspdm_finish_request1.signature;
3806 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3807 1 : cert_buffer = (uint8_t *)data1;
3808 1 : cert_buffer_size = data_size1;
3809 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3810 : cert_buffer_hash);
3811 : /* transcript.message_a size is 0*/
3812 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3813 : /* session_transcript.message_k is 0*/
3814 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
3815 : sizeof(spdm_finish_request_t));
3816 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3817 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3818 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3819 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3820 : request_finished_key, hash_size, ptr);
3821 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
3822 1 : response_size = sizeof(response);
3823 1 : status = libspdm_get_response_finish(spdm_context,
3824 : m_libspdm_finish_request1_size,
3825 : &m_libspdm_finish_request1,
3826 : &response_size, response);
3827 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3828 : /* The ResponderVerifyData field shall be absent.*/
3829 1 : assert_int_equal(response_size,
3830 : sizeof(spdm_finish_response_t));
3831 1 : spdm_response = (void *)response;
3832 1 : assert_int_equal(spdm_response->header.request_response_code,
3833 : SPDM_FINISH_RSP);
3834 1 : free(data1);
3835 1 : }
3836 :
3837 1 : int libspdm_responder_finish_test_main(void)
3838 : {
3839 1 : const struct CMUnitTest spdm_responder_finish_tests[] = {
3840 : /* Success Case*/
3841 : cmocka_unit_test(libspdm_test_responder_finish_case1),
3842 : /* Can be populated with new test.*/
3843 : cmocka_unit_test(libspdm_test_responder_finish_case2),
3844 : /* response_state: SPDM_RESPONSE_STATE_BUSY*/
3845 : cmocka_unit_test(libspdm_test_responder_finish_case3),
3846 : /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
3847 : cmocka_unit_test(libspdm_test_responder_finish_case4),
3848 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
3849 : /* response_state: LIBSPDM_RESPONSE_STATE_NOT_READY*/
3850 : cmocka_unit_test(libspdm_test_responder_finish_case5),
3851 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
3852 : /* connection_state Check*/
3853 : cmocka_unit_test(libspdm_test_responder_finish_case6),
3854 : /* Buffer reset*/
3855 : cmocka_unit_test(libspdm_test_responder_finish_case7),
3856 : /* Success Case*/
3857 : cmocka_unit_test(libspdm_test_responder_finish_case8),
3858 : /* Unsupported KEY_EX capabilities*/
3859 : cmocka_unit_test(libspdm_test_responder_finish_case9),
3860 : /* Uninitialized session*/
3861 : cmocka_unit_test(libspdm_test_responder_finish_case10),
3862 : /* Incorrect MAC*/
3863 : cmocka_unit_test(libspdm_test_responder_finish_case11),
3864 : cmocka_unit_test(libspdm_test_responder_finish_case12),
3865 : /* Can be populated with new test.*/
3866 : cmocka_unit_test(libspdm_test_responder_finish_case13),
3867 : cmocka_unit_test(libspdm_test_responder_finish_case14),
3868 : /* Incorrect signature*/
3869 : cmocka_unit_test(libspdm_test_responder_finish_case15),
3870 : cmocka_unit_test(libspdm_test_responder_finish_case16),
3871 : /* Buffer verification*/
3872 : cmocka_unit_test(libspdm_test_responder_finish_case17),
3873 : /* Success Case, enable mutual authentication and use slot_id 0xFF */
3874 : cmocka_unit_test(libspdm_test_responder_finish_case18),
3875 : /* Invalid SlotID in FINISH request message when mutual authentication */
3876 : cmocka_unit_test_setup(libspdm_test_responder_finish_case19, libspdm_unit_test_group_setup),
3877 : cmocka_unit_test_setup(libspdm_test_responder_finish_case20, libspdm_unit_test_group_setup),
3878 : /* If FINISH.Param1 != 0x01, then FINISH.Param2 is reserved, shall be ignored when read */
3879 : cmocka_unit_test_setup(libspdm_test_responder_finish_case21, libspdm_unit_test_group_setup),
3880 : /* If KEY_EXCHANGE_RSP.MutAuthRequested equals neither 0x02 nor 0x04, FINISH.Param2 no need match ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest */
3881 : cmocka_unit_test_setup(libspdm_test_responder_finish_case22, libspdm_unit_test_group_setup),
3882 : /* Big Endian Sign - Little Endian Verify */
3883 : cmocka_unit_test_setup(libspdm_test_responder_finish_case23, libspdm_unit_test_group_setup),
3884 : /* Big Endian Sign - Big Endian Verify */
3885 : cmocka_unit_test_setup(libspdm_test_responder_finish_case24, libspdm_unit_test_group_setup),
3886 : /* Big Endian Sign - Big or Little Endian Verify */
3887 : cmocka_unit_test_setup(libspdm_test_responder_finish_case25, libspdm_unit_test_group_setup),
3888 : /* Little Endian Sign - Little Endian Verify*/
3889 : cmocka_unit_test_setup(libspdm_test_responder_finish_case26, libspdm_unit_test_group_setup),
3890 : /* Little Endian Sign - Big Endian Verify */
3891 : cmocka_unit_test_setup(libspdm_test_responder_finish_case27, libspdm_unit_test_group_setup),
3892 : /* Little Endian Sign - Big or Little Endian Verify */
3893 : cmocka_unit_test_setup(libspdm_test_responder_finish_case28, libspdm_unit_test_group_setup),
3894 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3895 : cmocka_unit_test(libspdm_test_responder_finish_case29),
3896 : };
3897 :
3898 1 : libspdm_test_context_t test_context = {
3899 : LIBSPDM_TEST_CONTEXT_VERSION,
3900 : false,
3901 : };
3902 :
3903 1 : libspdm_setup_test_context(&test_context);
3904 :
3905 1 : return cmocka_run_group_tests(spdm_responder_finish_tests,
3906 : libspdm_unit_test_group_setup,
3907 : libspdm_unit_test_group_teardown);
3908 : }
3909 :
3910 : #endif /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/
|
