Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 : #include "internal/libspdm_secured_message_lib.h"
10 :
11 : #pragma pack(1)
12 :
13 : typedef struct {
14 : spdm_message_header_t header;
15 : uint8_t signature[LIBSPDM_MAX_ASYM_KEY_SIZE];
16 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
17 : } libspdm_finish_request_mine_t;
18 :
19 : typedef struct {
20 : spdm_message_header_t header;
21 : uint16_t opaque_data_size;
22 : uint8_t opaque_data[8];
23 : uint8_t signature[LIBSPDM_MAX_ASYM_KEY_SIZE];
24 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
25 : } libspdm_finish_request_mine_14_t;
26 :
27 : #pragma pack()
28 :
29 : libspdm_finish_request_mine_t m_libspdm_finish_request1 = {
30 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 0, 0 },
31 : };
32 : size_t m_libspdm_finish_request1_size = sizeof(m_libspdm_finish_request1);
33 :
34 : libspdm_finish_request_mine_t m_libspdm_finish_request3 = {
35 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0 },
36 : };
37 : size_t m_libspdm_finish_request3_size = sizeof(m_libspdm_finish_request3);
38 :
39 : libspdm_finish_request_mine_t m_libspdm_finish_request4 = {
40 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0xFF },
41 : };
42 : size_t m_libspdm_finish_request4_size = sizeof(m_libspdm_finish_request4);
43 :
44 : libspdm_finish_request_mine_t m_libspdm_finish_request5 = {
45 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 10 },
46 : };
47 : size_t m_libspdm_finish_request5_size = sizeof(m_libspdm_finish_request5);
48 :
49 : libspdm_finish_request_mine_t m_libspdm_finish_request6 = {
50 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 6, 10 },
51 : };
52 : size_t m_libspdm_finish_request6_size = sizeof(m_libspdm_finish_request6);
53 :
54 : libspdm_finish_request_mine_t m_libspdm_finish_request7 = {
55 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 3 },
56 : };
57 : size_t m_libspdm_finish_request7_size = sizeof(m_libspdm_finish_request7);
58 :
59 : libspdm_finish_request_mine_14_t m_libspdm_finish_request8 = {
60 : { SPDM_MESSAGE_VERSION_14, SPDM_FINISH, 0, 0 },
61 : };
62 : size_t m_libspdm_finish_request8_size = sizeof(m_libspdm_finish_request8);
63 :
64 : uint8_t m_dummy_buffer[LIBSPDM_MAX_HASH_SIZE];
65 :
66 : #if LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP
67 :
68 : static libspdm_th_managed_buffer_t th_curr;
69 :
70 28 : void libspdm_secured_message_set_request_finished_key(
71 : void *spdm_secured_message_context, const void *key, size_t key_size)
72 : {
73 : libspdm_secured_message_context_t *secured_message_context;
74 :
75 28 : secured_message_context = spdm_secured_message_context;
76 28 : LIBSPDM_ASSERT(key_size == secured_message_context->hash_size);
77 28 : libspdm_copy_mem(secured_message_context->handshake_secret.request_finished_key,
78 : sizeof(secured_message_context->handshake_secret.request_finished_key),
79 : key, secured_message_context->hash_size);
80 28 : }
81 :
82 : /**
83 : * Test 1: receiving a correct FINISH message from the requester with a
84 : * correct MAC, no signature (no mutual authentication), and 'handshake in
85 : * the clear'.
86 : * Expected behavior: the responder accepts the request and produces a valid
87 : * FINISH_RSP response message.
88 : **/
89 1 : void libspdm_test_responder_finish_case1(void **state)
90 : {
91 : libspdm_return_t status;
92 : libspdm_test_context_t *spdm_test_context;
93 : libspdm_context_t *spdm_context;
94 : size_t response_size;
95 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
96 : spdm_finish_response_t *spdm_response;
97 : void *data1;
98 : size_t data_size1;
99 : uint8_t *ptr;
100 : uint8_t *cert_buffer;
101 : size_t cert_buffer_size;
102 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
103 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
104 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
105 : libspdm_session_info_t *session_info;
106 : uint32_t session_id;
107 : uint32_t hash_size;
108 : uint32_t hmac_size;
109 :
110 1 : spdm_test_context = *state;
111 1 : spdm_context = spdm_test_context->spdm_context;
112 1 : spdm_test_context->case_id = 0x1;
113 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
114 : SPDM_VERSION_NUMBER_SHIFT_BIT;
115 1 : spdm_context->connection_info.connection_state =
116 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
117 1 : spdm_context->connection_info.capability.flags |=
118 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
119 1 : spdm_context->local_context.capability.flags |=
120 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
121 1 : spdm_context->connection_info.algorithm.base_hash_algo =
122 : m_libspdm_use_hash_algo;
123 1 : spdm_context->connection_info.algorithm.base_asym_algo =
124 : m_libspdm_use_asym_algo;
125 1 : spdm_context->connection_info.algorithm.measurement_spec =
126 : m_libspdm_use_measurement_spec;
127 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
128 : m_libspdm_use_measurement_hash_algo;
129 1 : spdm_context->connection_info.algorithm.dhe_named_group =
130 : m_libspdm_use_dhe_algo;
131 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
132 : m_libspdm_use_aead_algo;
133 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
134 : m_libspdm_use_asym_algo, &data1,
135 : &data_size1, NULL, NULL);
136 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
137 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
138 : data_size1;
139 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
140 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
141 : data_size1;
142 :
143 1 : libspdm_reset_message_a(spdm_context);
144 1 : spdm_context->local_context.mut_auth_requested = 0;
145 :
146 1 : session_id = 0xFFFFFFFF;
147 1 : spdm_context->latest_session_id = session_id;
148 1 : session_info = &spdm_context->session_info[0];
149 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
150 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
151 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
152 1 : libspdm_secured_message_set_request_finished_key(
153 : session_info->secured_message_context, m_dummy_buffer,
154 : hash_size);
155 1 : libspdm_secured_message_set_session_state(
156 : session_info->secured_message_context,
157 : LIBSPDM_SESSION_STATE_HANDSHAKING);
158 :
159 1 : spdm_context->connection_info.capability.flags |=
160 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
161 1 : spdm_context->local_context.capability.flags |=
162 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
163 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
164 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
165 1 : ptr = m_libspdm_finish_request1.signature;
166 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
167 1 : cert_buffer = (uint8_t *)data1;
168 1 : cert_buffer_size = data_size1;
169 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
170 : cert_buffer_hash);
171 : /* transcript.message_a size is 0*/
172 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
173 : /* session_transcript.message_k is 0*/
174 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
175 : sizeof(spdm_finish_request_t));
176 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
177 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
178 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
179 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
180 : request_finished_key, hash_size, ptr);
181 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
182 1 : response_size = sizeof(response);
183 1 : status = libspdm_get_response_finish(spdm_context,
184 : m_libspdm_finish_request1_size,
185 : &m_libspdm_finish_request1,
186 : &response_size, response);
187 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
188 1 : assert_int_equal(response_size,
189 : sizeof(spdm_finish_response_t) + hmac_size);
190 1 : spdm_response = (void *)response;
191 1 : assert_int_equal(spdm_response->header.request_response_code,
192 : SPDM_FINISH_RSP);
193 1 : free(data1);
194 1 : }
195 :
196 : /**
197 : * Test 2:
198 : * Expected behavior:
199 : **/
200 1 : void libspdm_test_responder_finish_case2(void **state)
201 : {
202 1 : }
203 :
204 : /**
205 : * Test 3: receiving a correct FINISH from the requester, but the
206 : * responder is in a Busy state.
207 : * Expected behavior: the responder accepts the request, but produces an
208 : * ERROR message indicating the Busy state.
209 : **/
210 1 : void libspdm_test_responder_finish_case3(void **state)
211 : {
212 : libspdm_return_t status;
213 : libspdm_test_context_t *spdm_test_context;
214 : libspdm_context_t *spdm_context;
215 : size_t response_size;
216 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
217 : spdm_finish_response_t *spdm_response;
218 : void *data1;
219 : size_t data_size1;
220 : uint8_t *ptr;
221 : uint8_t *cert_buffer;
222 : size_t cert_buffer_size;
223 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
224 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
225 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
226 : libspdm_session_info_t *session_info;
227 : uint32_t session_id;
228 : uint32_t hash_size;
229 : uint32_t hmac_size;
230 :
231 1 : spdm_test_context = *state;
232 1 : spdm_context = spdm_test_context->spdm_context;
233 1 : spdm_test_context->case_id = 0x3;
234 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
235 : SPDM_VERSION_NUMBER_SHIFT_BIT;
236 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
237 1 : spdm_context->connection_info.connection_state =
238 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
239 1 : spdm_context->connection_info.capability.flags |=
240 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
241 1 : spdm_context->local_context.capability.flags |=
242 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
243 1 : spdm_context->connection_info.algorithm.base_hash_algo =
244 : m_libspdm_use_hash_algo;
245 1 : spdm_context->connection_info.algorithm.base_asym_algo =
246 : m_libspdm_use_asym_algo;
247 1 : spdm_context->connection_info.algorithm.measurement_spec =
248 : m_libspdm_use_measurement_spec;
249 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
250 : m_libspdm_use_measurement_hash_algo;
251 1 : spdm_context->connection_info.algorithm.dhe_named_group =
252 : m_libspdm_use_dhe_algo;
253 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
254 : m_libspdm_use_aead_algo;
255 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
256 : m_libspdm_use_asym_algo, &data1,
257 : &data_size1, NULL, NULL);
258 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
259 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
260 : data_size1;
261 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
262 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
263 : data_size1;
264 :
265 1 : libspdm_reset_message_a(spdm_context);
266 1 : spdm_context->local_context.mut_auth_requested = 0;
267 :
268 1 : session_id = 0xFFFFFFFF;
269 1 : spdm_context->latest_session_id = session_id;
270 1 : session_info = &spdm_context->session_info[0];
271 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
272 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
273 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
274 1 : libspdm_secured_message_set_request_finished_key(
275 : session_info->secured_message_context, m_dummy_buffer,
276 : hash_size);
277 1 : libspdm_secured_message_set_session_state(
278 : session_info->secured_message_context,
279 : LIBSPDM_SESSION_STATE_HANDSHAKING);
280 :
281 1 : spdm_context->connection_info.capability.flags |=
282 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
283 1 : spdm_context->local_context.capability.flags |=
284 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
285 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
286 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
287 1 : ptr = m_libspdm_finish_request1.signature;
288 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
289 1 : cert_buffer = (uint8_t *)data1;
290 1 : cert_buffer_size = data_size1;
291 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
292 : cert_buffer_hash);
293 : /* transcript.message_a size is 0*/
294 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
295 : /* session_transcript.message_k is 0*/
296 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
297 : sizeof(spdm_finish_request_t));
298 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
299 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
300 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
301 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
302 : request_finished_key, hash_size, ptr);
303 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
304 1 : response_size = sizeof(response);
305 1 : status = libspdm_get_response_finish(spdm_context,
306 : m_libspdm_finish_request1_size,
307 : &m_libspdm_finish_request1,
308 : &response_size, response);
309 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
310 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
311 1 : spdm_response = (void *)response;
312 1 : assert_int_equal(spdm_response->header.request_response_code,
313 : SPDM_ERROR);
314 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
315 1 : assert_int_equal(spdm_response->header.param2, 0);
316 1 : assert_int_equal(spdm_context->response_state,
317 : LIBSPDM_RESPONSE_STATE_BUSY);
318 1 : free(data1);
319 1 : }
320 :
321 : /**
322 : * Test 4: receiving a correct FINISH from the requester, but the responder
323 : * requires resynchronization with the requester.
324 : * Expected behavior: the responder accepts the request, but produces an
325 : * ERROR message indicating the NeedResynch state.
326 : **/
327 1 : void libspdm_test_responder_finish_case4(void **state)
328 : {
329 : libspdm_return_t status;
330 : libspdm_test_context_t *spdm_test_context;
331 : libspdm_context_t *spdm_context;
332 : size_t response_size;
333 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
334 : spdm_finish_response_t *spdm_response;
335 : void *data1;
336 : size_t data_size1;
337 : uint8_t *ptr;
338 : uint8_t *cert_buffer;
339 : size_t cert_buffer_size;
340 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
341 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
342 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
343 : libspdm_session_info_t *session_info;
344 : uint32_t session_id;
345 : uint32_t hash_size;
346 : uint32_t hmac_size;
347 :
348 1 : spdm_test_context = *state;
349 1 : spdm_context = spdm_test_context->spdm_context;
350 1 : spdm_test_context->case_id = 0x4;
351 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
352 : SPDM_VERSION_NUMBER_SHIFT_BIT;
353 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
354 1 : spdm_context->connection_info.connection_state =
355 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
356 1 : spdm_context->connection_info.capability.flags |=
357 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
358 1 : spdm_context->local_context.capability.flags |=
359 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
360 1 : spdm_context->connection_info.algorithm.base_hash_algo =
361 : m_libspdm_use_hash_algo;
362 1 : spdm_context->connection_info.algorithm.base_asym_algo =
363 : m_libspdm_use_asym_algo;
364 1 : spdm_context->connection_info.algorithm.measurement_spec =
365 : m_libspdm_use_measurement_spec;
366 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
367 : m_libspdm_use_measurement_hash_algo;
368 1 : spdm_context->connection_info.algorithm.dhe_named_group =
369 : m_libspdm_use_dhe_algo;
370 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
371 : m_libspdm_use_aead_algo;
372 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
373 : m_libspdm_use_asym_algo, &data1,
374 : &data_size1, NULL, NULL);
375 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
376 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
377 : data_size1;
378 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
379 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
380 : data_size1;
381 :
382 1 : libspdm_reset_message_a(spdm_context);
383 1 : spdm_context->local_context.mut_auth_requested = 0;
384 :
385 1 : session_id = 0xFFFFFFFF;
386 1 : spdm_context->latest_session_id = session_id;
387 1 : session_info = &spdm_context->session_info[0];
388 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
389 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
390 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
391 1 : libspdm_secured_message_set_request_finished_key(
392 : session_info->secured_message_context, m_dummy_buffer,
393 : hash_size);
394 1 : libspdm_secured_message_set_session_state(
395 : session_info->secured_message_context,
396 : LIBSPDM_SESSION_STATE_HANDSHAKING);
397 :
398 1 : spdm_context->connection_info.capability.flags |=
399 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
400 1 : spdm_context->local_context.capability.flags |=
401 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
402 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
403 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
404 1 : ptr = m_libspdm_finish_request1.signature;
405 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
406 1 : cert_buffer = (uint8_t *)data1;
407 1 : cert_buffer_size = data_size1;
408 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
409 : cert_buffer_hash);
410 : /* transcript.message_a size is 0*/
411 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
412 : /* session_transcript.message_k is 0*/
413 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
414 : sizeof(spdm_finish_request_t));
415 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
416 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
417 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
418 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
419 : request_finished_key, hash_size, ptr);
420 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
421 1 : response_size = sizeof(response);
422 1 : status = libspdm_get_response_finish(spdm_context,
423 : m_libspdm_finish_request1_size,
424 : &m_libspdm_finish_request1,
425 : &response_size, response);
426 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
427 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
428 1 : spdm_response = (void *)response;
429 1 : assert_int_equal(spdm_response->header.request_response_code,
430 : SPDM_ERROR);
431 1 : assert_int_equal(spdm_response->header.param1,
432 : SPDM_ERROR_CODE_REQUEST_RESYNCH);
433 1 : assert_int_equal(spdm_response->header.param2, 0);
434 1 : assert_int_equal(spdm_context->response_state,
435 : LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
436 1 : free(data1);
437 1 : }
438 :
439 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
440 : /**
441 : * Test 5: receiving a correct FINISH from the requester, but the responder
442 : * could not produce the response in time.
443 : * Expected behavior: the responder accepts the request, but produces an
444 : * ERROR message indicating the ResponseNotReady state.
445 : **/
446 1 : void libspdm_test_responder_finish_case5(void **state)
447 : {
448 : libspdm_return_t status;
449 : libspdm_test_context_t *spdm_test_context;
450 : libspdm_context_t *spdm_context;
451 : size_t response_size;
452 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
453 : spdm_finish_response_t *spdm_response;
454 : void *data1;
455 : size_t data_size1;
456 : uint8_t *ptr;
457 : uint8_t *cert_buffer;
458 : size_t cert_buffer_size;
459 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
460 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
461 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
462 : libspdm_session_info_t *session_info;
463 : uint32_t session_id;
464 : uint32_t hash_size;
465 : uint32_t hmac_size;
466 : spdm_error_data_response_not_ready_t *error_data;
467 :
468 1 : spdm_test_context = *state;
469 1 : spdm_context = spdm_test_context->spdm_context;
470 1 : spdm_test_context->case_id = 0x5;
471 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
472 : SPDM_VERSION_NUMBER_SHIFT_BIT;
473 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
474 1 : spdm_context->connection_info.connection_state =
475 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
476 1 : spdm_context->connection_info.capability.flags |=
477 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
478 1 : spdm_context->local_context.capability.flags |=
479 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
480 1 : spdm_context->connection_info.algorithm.base_hash_algo =
481 : m_libspdm_use_hash_algo;
482 1 : spdm_context->connection_info.algorithm.base_asym_algo =
483 : m_libspdm_use_asym_algo;
484 1 : spdm_context->connection_info.algorithm.measurement_spec =
485 : m_libspdm_use_measurement_spec;
486 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
487 : m_libspdm_use_measurement_hash_algo;
488 1 : spdm_context->connection_info.algorithm.dhe_named_group =
489 : m_libspdm_use_dhe_algo;
490 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
491 : m_libspdm_use_aead_algo;
492 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
493 : m_libspdm_use_asym_algo, &data1,
494 : &data_size1, NULL, NULL);
495 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
496 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
497 : data_size1;
498 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
499 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
500 : data_size1;
501 :
502 1 : libspdm_reset_message_a(spdm_context);
503 1 : spdm_context->local_context.mut_auth_requested = 0;
504 :
505 1 : session_id = 0xFFFFFFFF;
506 1 : spdm_context->latest_session_id = session_id;
507 1 : session_info = &spdm_context->session_info[0];
508 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
509 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
510 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
511 1 : libspdm_secured_message_set_request_finished_key(
512 : session_info->secured_message_context, m_dummy_buffer,
513 : hash_size);
514 1 : libspdm_secured_message_set_session_state(
515 : session_info->secured_message_context,
516 : LIBSPDM_SESSION_STATE_HANDSHAKING);
517 :
518 1 : spdm_context->connection_info.capability.flags |=
519 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
520 1 : spdm_context->local_context.capability.flags |=
521 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
522 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
523 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
524 1 : ptr = m_libspdm_finish_request1.signature;
525 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
526 1 : cert_buffer = (uint8_t *)data1;
527 1 : cert_buffer_size = data_size1;
528 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
529 : cert_buffer_hash);
530 : /* transcript.message_a size is 0*/
531 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
532 : /* session_transcript.message_k is 0*/
533 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
534 : sizeof(spdm_finish_request_t));
535 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
536 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
537 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
538 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
539 : request_finished_key, hash_size, ptr);
540 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
541 1 : response_size = sizeof(response);
542 1 : status = libspdm_get_response_finish(spdm_context,
543 : m_libspdm_finish_request1_size,
544 : &m_libspdm_finish_request1,
545 : &response_size, response);
546 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
547 1 : assert_int_equal(response_size,
548 : sizeof(spdm_error_response_t) +
549 : sizeof(spdm_error_data_response_not_ready_t));
550 1 : spdm_response = (void *)response;
551 1 : error_data =
552 : (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
553 1 : assert_int_equal(spdm_response->header.request_response_code,
554 : SPDM_ERROR);
555 1 : assert_int_equal(spdm_response->header.param1,
556 : SPDM_ERROR_CODE_RESPONSE_NOT_READY);
557 1 : assert_int_equal(spdm_response->header.param2, 0);
558 1 : assert_int_equal(spdm_context->response_state,
559 : LIBSPDM_RESPONSE_STATE_NOT_READY);
560 1 : assert_int_equal(error_data->request_code, SPDM_FINISH);
561 1 : free(data1);
562 1 : }
563 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
564 :
565 : /**
566 : * Test 6: receiving a correct FINISH from the requester, but the responder
567 : * is not set no receive a FINISH message because previous messages (namely,
568 : * GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or GET_DIGESTS) have not been
569 : * received.
570 : * Expected behavior: the responder rejects the request, and produces an
571 : * ERROR message indicating the UnexpectedRequest.
572 : **/
573 1 : void libspdm_test_responder_finish_case6(void **state)
574 : {
575 : libspdm_return_t status;
576 : libspdm_test_context_t *spdm_test_context;
577 : libspdm_context_t *spdm_context;
578 : size_t response_size;
579 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
580 : spdm_finish_response_t *spdm_response;
581 : void *data1;
582 : size_t data_size1;
583 : uint8_t *ptr;
584 : uint8_t *cert_buffer;
585 : size_t cert_buffer_size;
586 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
587 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
588 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
589 : libspdm_session_info_t *session_info;
590 : uint32_t session_id;
591 : uint32_t hash_size;
592 : uint32_t hmac_size;
593 :
594 1 : spdm_test_context = *state;
595 1 : spdm_context = spdm_test_context->spdm_context;
596 1 : spdm_test_context->case_id = 0x6;
597 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
598 : SPDM_VERSION_NUMBER_SHIFT_BIT;
599 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
600 1 : spdm_context->connection_info.connection_state =
601 : LIBSPDM_CONNECTION_STATE_NOT_STARTED;
602 1 : spdm_context->connection_info.capability.flags |=
603 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
604 1 : spdm_context->local_context.capability.flags |=
605 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
606 1 : spdm_context->connection_info.algorithm.base_hash_algo =
607 : m_libspdm_use_hash_algo;
608 1 : spdm_context->connection_info.algorithm.base_asym_algo =
609 : m_libspdm_use_asym_algo;
610 1 : spdm_context->connection_info.algorithm.measurement_spec =
611 : m_libspdm_use_measurement_spec;
612 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
613 : m_libspdm_use_measurement_hash_algo;
614 1 : spdm_context->connection_info.algorithm.dhe_named_group =
615 : m_libspdm_use_dhe_algo;
616 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
617 : m_libspdm_use_aead_algo;
618 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
619 : m_libspdm_use_asym_algo, &data1,
620 : &data_size1, NULL, NULL);
621 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
622 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
623 : data_size1;
624 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
625 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
626 : data_size1;
627 :
628 1 : libspdm_reset_message_a(spdm_context);
629 1 : spdm_context->local_context.mut_auth_requested = 0;
630 :
631 1 : session_id = 0xFFFFFFFF;
632 1 : spdm_context->latest_session_id = session_id;
633 1 : session_info = &spdm_context->session_info[0];
634 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
635 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
636 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
637 1 : libspdm_secured_message_set_request_finished_key(
638 : session_info->secured_message_context, m_dummy_buffer,
639 : hash_size);
640 1 : libspdm_secured_message_set_session_state(
641 : session_info->secured_message_context,
642 : LIBSPDM_SESSION_STATE_HANDSHAKING);
643 :
644 1 : spdm_context->connection_info.capability.flags |=
645 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
646 1 : spdm_context->local_context.capability.flags |=
647 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
648 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
649 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
650 1 : ptr = m_libspdm_finish_request1.signature;
651 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
652 1 : cert_buffer = (uint8_t *)data1;
653 1 : cert_buffer_size = data_size1;
654 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
655 : cert_buffer_hash);
656 : /* transcript.message_a size is 0*/
657 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
658 : /* session_transcript.message_k is 0*/
659 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
660 : sizeof(spdm_finish_request_t));
661 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
662 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
663 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
664 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
665 : request_finished_key, hash_size, ptr);
666 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
667 1 : response_size = sizeof(response);
668 1 : status = libspdm_get_response_finish(spdm_context,
669 : m_libspdm_finish_request1_size,
670 : &m_libspdm_finish_request1,
671 : &response_size, response);
672 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
673 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
674 1 : spdm_response = (void *)response;
675 1 : assert_int_equal(spdm_response->header.request_response_code,
676 : SPDM_ERROR);
677 1 : assert_int_equal(spdm_response->header.param1,
678 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
679 1 : assert_int_equal(spdm_response->header.param2, 0);
680 1 : free(data1);
681 1 : }
682 :
683 1 : void libspdm_test_responder_finish_case7(void **state)
684 : {
685 : libspdm_return_t status;
686 : libspdm_test_context_t *spdm_test_context;
687 : libspdm_context_t *spdm_context;
688 : size_t response_size;
689 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
690 : spdm_finish_response_t *spdm_response;
691 : void *data1;
692 : size_t data_size1;
693 : uint8_t *ptr;
694 : uint8_t *cert_buffer;
695 : size_t cert_buffer_size;
696 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
697 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
698 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
699 : libspdm_session_info_t *session_info;
700 : uint32_t session_id;
701 : uint32_t hash_size;
702 : uint32_t hmac_size;
703 :
704 1 : spdm_test_context = *state;
705 1 : spdm_context = spdm_test_context->spdm_context;
706 1 : spdm_test_context->case_id = 0x7;
707 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
708 : SPDM_VERSION_NUMBER_SHIFT_BIT;
709 1 : spdm_context->connection_info.connection_state =
710 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
711 1 : spdm_context->connection_info.capability.flags |=
712 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
713 1 : spdm_context->local_context.capability.flags |=
714 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
715 1 : spdm_context->connection_info.algorithm.base_hash_algo =
716 : m_libspdm_use_hash_algo;
717 1 : spdm_context->connection_info.algorithm.base_asym_algo =
718 : m_libspdm_use_asym_algo;
719 1 : spdm_context->connection_info.algorithm.measurement_spec =
720 : m_libspdm_use_measurement_spec;
721 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
722 : m_libspdm_use_measurement_hash_algo;
723 1 : spdm_context->connection_info.algorithm.dhe_named_group =
724 : m_libspdm_use_dhe_algo;
725 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
726 : m_libspdm_use_aead_algo;
727 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
728 : m_libspdm_use_asym_algo, &data1,
729 : &data_size1, NULL, NULL);
730 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
731 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
732 : data_size1;
733 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
734 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
735 : data_size1;
736 :
737 1 : libspdm_reset_message_a(spdm_context);
738 1 : spdm_context->local_context.mut_auth_requested = 0;
739 :
740 1 : session_id = 0xFFFFFFFF;
741 1 : spdm_context->latest_session_id = session_id;
742 1 : session_info = &spdm_context->session_info[0];
743 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
744 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
745 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
746 1 : libspdm_secured_message_set_request_finished_key(
747 : session_info->secured_message_context, m_dummy_buffer,
748 : hash_size);
749 1 : libspdm_secured_message_set_session_state(
750 : session_info->secured_message_context,
751 : LIBSPDM_SESSION_STATE_HANDSHAKING);
752 :
753 1 : spdm_context->connection_info.capability.flags |=
754 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
755 1 : spdm_context->local_context.capability.flags |=
756 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
757 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
758 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
759 1 : ptr = m_libspdm_finish_request1.signature;
760 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
761 1 : cert_buffer = (uint8_t *)data1;
762 1 : cert_buffer_size = data_size1;
763 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
764 : session_info->session_transcript.message_m.buffer_size =
765 : session_info->session_transcript.message_m.max_buffer_size;
766 : spdm_context->transcript.message_b.buffer_size =
767 : spdm_context->transcript.message_b.max_buffer_size;
768 : spdm_context->transcript.message_c.buffer_size =
769 : spdm_context->transcript.message_c.max_buffer_size;
770 : spdm_context->transcript.message_mut_b.buffer_size =
771 : spdm_context->transcript.message_mut_b.max_buffer_size;
772 : spdm_context->transcript.message_mut_c.buffer_size =
773 : spdm_context->transcript.message_mut_c.max_buffer_size;
774 : #endif
775 :
776 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
777 : cert_buffer_hash);
778 : /* transcript.message_a size is 0*/
779 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
780 : /* session_transcript.message_k is 0*/
781 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
782 : sizeof(spdm_finish_request_t));
783 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
784 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
785 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
786 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
787 : request_finished_key, hash_size, ptr);
788 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
789 1 : response_size = sizeof(response);
790 1 : status = libspdm_get_response_finish(spdm_context,
791 : m_libspdm_finish_request1_size,
792 : &m_libspdm_finish_request1,
793 : &response_size, response);
794 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
795 1 : assert_int_equal(response_size,
796 : sizeof(spdm_finish_response_t) + hmac_size);
797 1 : spdm_response = (void *)response;
798 1 : assert_int_equal(spdm_response->header.request_response_code,
799 : SPDM_FINISH_RSP);
800 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
801 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
802 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
803 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
804 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
805 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
806 : #endif
807 :
808 1 : free(data1);
809 1 : }
810 :
811 :
812 : /**
813 : * Test 8: receiving a correct FINISH message from the requester with
814 : * correct MAC and signature (with mutual authentication), and 'handshake in
815 : * the clear'.
816 : * Expected behavior: the responder accepts the request and produces a valid
817 : * FINISH_RSP response message.
818 : **/
819 1 : void libspdm_test_responder_finish_case8(void **state)
820 : {
821 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
822 : libspdm_return_t status;
823 : libspdm_test_context_t *spdm_test_context;
824 : libspdm_context_t *spdm_context;
825 : size_t response_size;
826 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
827 : spdm_finish_response_t *spdm_response;
828 : void *data1;
829 : size_t data_size1;
830 : void *data2;
831 : size_t data_size2;
832 : uint8_t *ptr;
833 : uint8_t *cert_buffer;
834 : size_t cert_buffer_size;
835 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
836 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
837 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
838 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
839 : libspdm_session_info_t *session_info;
840 : uint32_t session_id;
841 : uint32_t hash_size;
842 : uint32_t hmac_size;
843 : size_t req_asym_signature_size;
844 :
845 1 : spdm_test_context = *state;
846 1 : spdm_context = spdm_test_context->spdm_context;
847 1 : spdm_test_context->case_id = 0x8;
848 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
849 : SPDM_VERSION_NUMBER_SHIFT_BIT;
850 1 : spdm_context->connection_info.connection_state =
851 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
852 1 : spdm_context->connection_info.capability.flags |=
853 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
854 1 : spdm_context->local_context.capability.flags |=
855 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
856 1 : spdm_context->connection_info.algorithm.base_hash_algo =
857 : m_libspdm_use_hash_algo;
858 1 : spdm_context->connection_info.algorithm.base_asym_algo =
859 : m_libspdm_use_asym_algo;
860 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
861 : m_libspdm_use_req_asym_algo;
862 1 : spdm_context->connection_info.algorithm.measurement_spec =
863 : m_libspdm_use_measurement_spec;
864 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
865 : m_libspdm_use_measurement_hash_algo;
866 1 : spdm_context->connection_info.algorithm.dhe_named_group =
867 : m_libspdm_use_dhe_algo;
868 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
869 : m_libspdm_use_aead_algo;
870 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
871 : m_libspdm_use_asym_algo, &data1,
872 : &data_size1, NULL, NULL);
873 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
874 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
875 : data_size1;
876 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
877 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
878 : data_size1;
879 :
880 1 : libspdm_reset_message_a(spdm_context);
881 1 : spdm_context->local_context.mut_auth_requested = 1;
882 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
883 : m_libspdm_use_req_asym_algo, &data2,
884 : &data_size2, NULL, NULL);
885 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
886 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
887 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
888 : data2, data_size2);
889 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
890 : data_size2;
891 : #else
892 1 : libspdm_hash_all(
893 : spdm_context->connection_info.algorithm.base_hash_algo,
894 : data2, data_size2,
895 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
896 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
897 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
898 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
899 : spdm_context->connection_info.algorithm.base_hash_algo,
900 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
901 : data2,
902 : data_size2,
903 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
904 : #endif
905 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
906 :
907 1 : session_id = 0xFFFFFFFF;
908 1 : spdm_context->latest_session_id = session_id;
909 1 : session_info = &spdm_context->session_info[0];
910 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
911 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
912 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
913 1 : libspdm_secured_message_set_request_finished_key(
914 : session_info->secured_message_context, m_dummy_buffer,
915 : hash_size);
916 1 : libspdm_secured_message_set_session_state(
917 : session_info->secured_message_context,
918 : LIBSPDM_SESSION_STATE_HANDSHAKING);
919 1 : session_info->mut_auth_requested = 1;
920 :
921 1 : spdm_context->connection_info.capability.flags |=
922 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
923 1 : spdm_context->local_context.capability.flags |=
924 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
925 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
926 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
927 1 : req_asym_signature_size =
928 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
929 1 : ptr = m_libspdm_finish_request3.signature;
930 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
931 1 : cert_buffer = (uint8_t *)data1;
932 1 : cert_buffer_size = data_size1;
933 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
934 : cert_buffer_hash);
935 1 : cert_buffer = (uint8_t *)data2;
936 1 : cert_buffer_size = data_size2;
937 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
938 : req_cert_buffer_hash);
939 : /* transcript.message_a size is 0*/
940 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
941 : /* session_transcript.message_k is 0*/
942 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
943 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
944 : sizeof(spdm_finish_request_t));
945 :
946 1 : libspdm_requester_data_sign(
947 : spdm_context,
948 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
949 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
950 1 : false, libspdm_get_managed_buffer(&th_curr),
951 : libspdm_get_managed_buffer_size(&th_curr),
952 : ptr, &req_asym_signature_size);
953 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
954 1 : ptr += req_asym_signature_size;
955 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
956 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
957 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
958 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
959 : request_finished_key, hash_size, ptr);
960 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
961 1 : req_asym_signature_size + hmac_size;
962 1 : response_size = sizeof(response);
963 1 : status = libspdm_get_response_finish(spdm_context,
964 : m_libspdm_finish_request3_size,
965 : &m_libspdm_finish_request3,
966 : &response_size, response);
967 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
968 1 : assert_int_equal(response_size,
969 : sizeof(spdm_finish_response_t) + hmac_size);
970 1 : spdm_response = (void *)response;
971 1 : assert_int_equal(spdm_response->header.request_response_code,
972 : SPDM_FINISH_RSP);
973 1 : free(data1);
974 1 : free(data2);
975 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
976 1 : }
977 :
978 : /**
979 : * Test 9: receiving a correct FINISH message from the requester, but the
980 : * responder has no capabilities for key exchange.
981 : * Expected behavior: the responder refuses the FINISH message and produces
982 : * an ERROR message indicating the UnsupportedRequest.
983 : **/
984 1 : void libspdm_test_responder_finish_case9(void **state)
985 : {
986 : libspdm_return_t status;
987 : libspdm_test_context_t *spdm_test_context;
988 : libspdm_context_t *spdm_context;
989 : size_t response_size;
990 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
991 : spdm_finish_response_t *spdm_response;
992 : void *data1;
993 : size_t data_size1;
994 : uint8_t *ptr;
995 : uint8_t *cert_buffer;
996 : size_t cert_buffer_size;
997 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
998 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
999 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1000 : libspdm_session_info_t *session_info;
1001 : uint32_t session_id;
1002 : uint32_t hash_size;
1003 : uint32_t hmac_size;
1004 :
1005 1 : spdm_test_context = *state;
1006 1 : spdm_context = spdm_test_context->spdm_context;
1007 1 : spdm_test_context->case_id = 0x9;
1008 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1009 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1010 1 : spdm_context->connection_info.connection_state =
1011 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1012 1 : spdm_context->connection_info.capability.flags = 0;
1013 1 : spdm_context->local_context.capability.flags = 0;
1014 1 : spdm_context->connection_info.capability.flags |=
1015 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1016 : /* no key exchange capabilities (responder)*/
1017 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1018 : m_libspdm_use_hash_algo;
1019 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1020 : m_libspdm_use_asym_algo;
1021 1 : spdm_context->connection_info.algorithm.measurement_spec =
1022 : m_libspdm_use_measurement_spec;
1023 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1024 : m_libspdm_use_measurement_hash_algo;
1025 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1026 : m_libspdm_use_dhe_algo;
1027 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1028 : m_libspdm_use_aead_algo;
1029 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1030 : m_libspdm_use_asym_algo, &data1,
1031 : &data_size1, NULL, NULL);
1032 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1033 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1034 : data_size1;
1035 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1036 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1037 : data_size1;
1038 :
1039 1 : libspdm_reset_message_a(spdm_context);
1040 1 : spdm_context->local_context.mut_auth_requested = 0;
1041 :
1042 1 : session_id = 0xFFFFFFFF;
1043 1 : spdm_context->latest_session_id = session_id;
1044 1 : session_info = &spdm_context->session_info[0];
1045 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1046 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1047 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1048 1 : libspdm_secured_message_set_request_finished_key(
1049 : session_info->secured_message_context, m_dummy_buffer,
1050 : hash_size);
1051 1 : libspdm_secured_message_set_session_state(
1052 : session_info->secured_message_context,
1053 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1054 :
1055 1 : spdm_context->connection_info.capability.flags |=
1056 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1057 1 : spdm_context->local_context.capability.flags |=
1058 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1059 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1060 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1061 1 : ptr = m_libspdm_finish_request1.signature;
1062 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1063 1 : cert_buffer = (uint8_t *)data1;
1064 1 : cert_buffer_size = data_size1;
1065 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1066 : cert_buffer_hash);
1067 : /* transcript.message_a size is 0*/
1068 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1069 : /* session_transcript.message_k is 0*/
1070 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1071 : sizeof(spdm_finish_request_t));
1072 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1073 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1074 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1075 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1076 : request_finished_key, hash_size, ptr);
1077 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1078 1 : response_size = sizeof(response);
1079 1 : status = libspdm_get_response_finish(spdm_context,
1080 : m_libspdm_finish_request1_size,
1081 : &m_libspdm_finish_request1,
1082 : &response_size, response);
1083 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1084 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1085 1 : spdm_response = (void *)response;
1086 1 : assert_int_equal(spdm_response->header.request_response_code,
1087 : SPDM_ERROR);
1088 1 : assert_int_equal(spdm_response->header.param1,
1089 : SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
1090 1 : assert_int_equal(spdm_response->header.param2, SPDM_FINISH);
1091 1 : free(data1);
1092 1 : }
1093 :
1094 : /**
1095 : * Test 10: receiving a correct FINISH message from the requester, but the
1096 : * responder is not correctly setup by not initializing a session during
1097 : * KEY_EXCHANGE.
1098 : * Expected behavior: the responder refuses the FINISH message and produces
1099 : * an ERROR message indicating the UnsupportedRequest.
1100 : **/
1101 1 : void libspdm_test_responder_finish_case10(void **state)
1102 : {
1103 : libspdm_return_t status;
1104 : libspdm_test_context_t *spdm_test_context;
1105 : libspdm_context_t *spdm_context;
1106 : size_t response_size;
1107 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1108 : spdm_finish_response_t *spdm_response;
1109 : void *data1;
1110 : size_t data_size1;
1111 : uint8_t *ptr;
1112 : uint8_t *cert_buffer;
1113 : size_t cert_buffer_size;
1114 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1115 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1116 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1117 : libspdm_session_info_t *session_info;
1118 : uint32_t session_id;
1119 : uint32_t hash_size;
1120 : uint32_t hmac_size;
1121 :
1122 1 : spdm_test_context = *state;
1123 1 : spdm_context = spdm_test_context->spdm_context;
1124 1 : spdm_test_context->case_id = 0xA;
1125 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1126 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1127 1 : spdm_context->connection_info.connection_state =
1128 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1129 1 : spdm_context->connection_info.capability.flags |=
1130 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1131 1 : spdm_context->local_context.capability.flags |=
1132 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1133 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1134 : m_libspdm_use_hash_algo;
1135 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1136 : m_libspdm_use_asym_algo;
1137 1 : spdm_context->connection_info.algorithm.measurement_spec =
1138 : m_libspdm_use_measurement_spec;
1139 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1140 : m_libspdm_use_measurement_hash_algo;
1141 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1142 : m_libspdm_use_dhe_algo;
1143 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1144 : m_libspdm_use_aead_algo;
1145 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1146 : m_libspdm_use_asym_algo, &data1,
1147 : &data_size1, NULL, NULL);
1148 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1149 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1150 : data_size1;
1151 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1152 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1153 : data_size1;
1154 :
1155 1 : libspdm_reset_message_a(spdm_context);
1156 1 : spdm_context->local_context.mut_auth_requested = 0;
1157 :
1158 1 : session_id = 0xFFFFFFFF;
1159 1 : spdm_context->latest_session_id = session_id;
1160 1 : session_info = &spdm_context->session_info[0];
1161 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1162 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1163 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1164 1 : libspdm_secured_message_set_request_finished_key(
1165 : session_info->secured_message_context, m_dummy_buffer,
1166 : hash_size);
1167 1 : libspdm_secured_message_set_session_state(
1168 : session_info->secured_message_context,
1169 : LIBSPDM_SESSION_STATE_NOT_STARTED);
1170 :
1171 1 : spdm_context->connection_info.capability.flags |=
1172 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1173 1 : spdm_context->local_context.capability.flags |=
1174 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1175 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1176 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1177 1 : ptr = m_libspdm_finish_request1.signature;
1178 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1179 1 : cert_buffer = (uint8_t *)data1;
1180 1 : cert_buffer_size = data_size1;
1181 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1182 : cert_buffer_hash);
1183 : /* transcript.message_a size is 0*/
1184 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1185 : /* session_transcript.message_k is 0*/
1186 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1187 : sizeof(spdm_finish_request_t));
1188 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1189 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1190 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1191 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1192 : request_finished_key, hash_size, ptr);
1193 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1194 1 : response_size = sizeof(response);
1195 1 : status = libspdm_get_response_finish(spdm_context,
1196 : m_libspdm_finish_request1_size,
1197 : &m_libspdm_finish_request1,
1198 : &response_size, response);
1199 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1200 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1201 1 : spdm_response = (void *)response;
1202 1 : assert_int_equal(spdm_response->header.request_response_code,
1203 : SPDM_ERROR);
1204 1 : assert_int_equal(spdm_response->header.param1,
1205 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
1206 1 : assert_int_equal(spdm_response->header.param2, 0);
1207 1 : free(data1);
1208 1 : }
1209 :
1210 : /**
1211 : * Test 11: receiving a FINISH message from the requester with an incorrect
1212 : * MAC (all-zero).
1213 : * Expected behavior: the responder refuses the FINISH message and produces
1214 : * an ERROR message indicating the DecryptError.
1215 : **/
1216 1 : void libspdm_test_responder_finish_case11(void **state)
1217 : {
1218 : libspdm_return_t status;
1219 : libspdm_test_context_t *spdm_test_context;
1220 : libspdm_context_t *spdm_context;
1221 : size_t response_size;
1222 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1223 : spdm_finish_response_t *spdm_response;
1224 : void *data1;
1225 : size_t data_size1;
1226 : uint8_t *ptr;
1227 : libspdm_session_info_t *session_info;
1228 : uint32_t session_id;
1229 : uint32_t hash_size;
1230 : uint32_t hmac_size;
1231 :
1232 1 : spdm_test_context = *state;
1233 1 : spdm_context = spdm_test_context->spdm_context;
1234 1 : spdm_test_context->case_id = 0xB;
1235 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1236 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1237 1 : spdm_context->connection_info.connection_state =
1238 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1239 1 : spdm_context->connection_info.capability.flags |=
1240 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1241 1 : spdm_context->local_context.capability.flags |=
1242 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1243 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1244 : m_libspdm_use_hash_algo;
1245 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1246 : m_libspdm_use_asym_algo;
1247 1 : spdm_context->connection_info.algorithm.measurement_spec =
1248 : m_libspdm_use_measurement_spec;
1249 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1250 : m_libspdm_use_measurement_hash_algo;
1251 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1252 : m_libspdm_use_dhe_algo;
1253 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1254 : m_libspdm_use_aead_algo;
1255 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1256 : m_libspdm_use_asym_algo, &data1,
1257 : &data_size1, NULL, NULL);
1258 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1259 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1260 : data_size1;
1261 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1262 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1263 : data_size1;
1264 :
1265 1 : libspdm_reset_message_a(spdm_context);
1266 1 : spdm_context->local_context.mut_auth_requested = 0;
1267 :
1268 1 : session_id = 0xFFFFFFFF;
1269 1 : spdm_context->latest_session_id = session_id;
1270 1 : session_info = &spdm_context->session_info[0];
1271 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1272 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1273 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1274 1 : libspdm_secured_message_set_request_finished_key(
1275 : session_info->secured_message_context, m_dummy_buffer,
1276 : hash_size);
1277 1 : libspdm_secured_message_set_session_state(
1278 : session_info->secured_message_context,
1279 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1280 :
1281 1 : spdm_context->connection_info.capability.flags |=
1282 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1283 1 : spdm_context->local_context.capability.flags |=
1284 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1285 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1286 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1287 1 : ptr = m_libspdm_finish_request1.signature;
1288 1 : libspdm_set_mem(ptr, hmac_size, (uint8_t)(0x00)); /*all-zero MAC*/
1289 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1290 1 : response_size = sizeof(response);
1291 1 : status = libspdm_get_response_finish(spdm_context,
1292 : m_libspdm_finish_request1_size,
1293 : &m_libspdm_finish_request1,
1294 : &response_size, response);
1295 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1296 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1297 1 : spdm_response = (void *)response;
1298 1 : assert_int_equal(spdm_response->header.request_response_code,
1299 : SPDM_ERROR);
1300 1 : assert_int_equal(spdm_response->header.param1,
1301 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1302 1 : assert_int_equal(spdm_response->header.param2, 0);
1303 1 : free(data1);
1304 1 : }
1305 :
1306 : /**
1307 : * Test 12: receiving a FINISH message from the requester with an incorrect
1308 : * MAC (arbitrary).
1309 : * Expected behavior: the responder refuses the FINISH message and produces
1310 : * an ERROR message indicating the DecryptError.
1311 : **/
1312 1 : void libspdm_test_responder_finish_case12(void **state)
1313 : {
1314 : libspdm_return_t status;
1315 : libspdm_test_context_t *spdm_test_context;
1316 : libspdm_context_t *spdm_context;
1317 : size_t response_size;
1318 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1319 : spdm_finish_response_t *spdm_response;
1320 : void *data1;
1321 : size_t data_size1;
1322 : uint8_t *ptr;
1323 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1324 : uint8_t zero_data[LIBSPDM_MAX_HASH_SIZE];
1325 : libspdm_session_info_t *session_info;
1326 : uint32_t session_id;
1327 : uint32_t hash_size;
1328 : uint32_t hmac_size;
1329 :
1330 1 : spdm_test_context = *state;
1331 1 : spdm_context = spdm_test_context->spdm_context;
1332 1 : spdm_test_context->case_id = 0xC;
1333 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1334 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1335 1 : spdm_context->connection_info.connection_state =
1336 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1337 1 : spdm_context->connection_info.capability.flags |=
1338 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1339 1 : spdm_context->local_context.capability.flags |=
1340 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1341 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1342 : m_libspdm_use_hash_algo;
1343 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1344 : m_libspdm_use_asym_algo;
1345 1 : spdm_context->connection_info.algorithm.measurement_spec =
1346 : m_libspdm_use_measurement_spec;
1347 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1348 : m_libspdm_use_measurement_hash_algo;
1349 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1350 : m_libspdm_use_dhe_algo;
1351 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1352 : m_libspdm_use_aead_algo;
1353 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1354 : m_libspdm_use_asym_algo, &data1,
1355 : &data_size1, NULL, NULL);
1356 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1357 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1358 : data_size1;
1359 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1360 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1361 : data_size1;
1362 :
1363 1 : libspdm_reset_message_a(spdm_context);
1364 1 : spdm_context->local_context.mut_auth_requested = 0;
1365 :
1366 1 : session_id = 0xFFFFFFFF;
1367 1 : spdm_context->latest_session_id = session_id;
1368 1 : session_info = &spdm_context->session_info[0];
1369 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1370 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1371 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1372 1 : libspdm_secured_message_set_request_finished_key(
1373 : session_info->secured_message_context, m_dummy_buffer,
1374 : hash_size);
1375 1 : libspdm_secured_message_set_session_state(
1376 : session_info->secured_message_context,
1377 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1378 :
1379 1 : spdm_context->connection_info.capability.flags |=
1380 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1381 1 : spdm_context->local_context.capability.flags |=
1382 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1383 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1384 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1385 1 : ptr = m_libspdm_finish_request1.signature;
1386 : /*arbitrary MAC*/
1387 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1388 1 : libspdm_set_mem(zero_data, hash_size, (uint8_t)(0x00));
1389 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, zero_data, hash_size,
1390 : request_finished_key, hash_size, ptr);
1391 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1392 1 : response_size = sizeof(response);
1393 1 : status = libspdm_get_response_finish(spdm_context,
1394 : m_libspdm_finish_request1_size,
1395 : &m_libspdm_finish_request1,
1396 : &response_size, response);
1397 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1398 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1399 1 : spdm_response = (void *)response;
1400 1 : assert_int_equal(spdm_response->header.request_response_code,
1401 : SPDM_ERROR);
1402 1 : assert_int_equal(spdm_response->header.param1,
1403 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1404 1 : assert_int_equal(spdm_response->header.param2, 0);
1405 1 : free(data1);
1406 1 : }
1407 :
1408 : /**
1409 : * Test 13:
1410 : * Expected behavior:
1411 : **/
1412 1 : void libspdm_test_responder_finish_case13(void **state)
1413 : {
1414 1 : }
1415 :
1416 : /**
1417 : * Test 14: receiving a FINISH message from the requester with an incorrect
1418 : * MAC size (only the correct first half of the MAC).
1419 : * Expected behavior: the responder refuses the FINISH message and produces
1420 : * an ERROR message indicating the InvalidRequest.
1421 : **/
1422 1 : void libspdm_test_responder_finish_case14(void **state)
1423 : {
1424 : libspdm_return_t status;
1425 : libspdm_test_context_t *spdm_test_context;
1426 : libspdm_context_t *spdm_context;
1427 : size_t response_size;
1428 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1429 : spdm_finish_response_t *spdm_response;
1430 : void *data1;
1431 : size_t data_size1;
1432 : uint8_t *ptr;
1433 : uint8_t *cert_buffer;
1434 : size_t cert_buffer_size;
1435 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1436 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1437 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1438 : libspdm_session_info_t *session_info;
1439 : uint32_t session_id;
1440 : uint32_t hash_size;
1441 : uint32_t hmac_size;
1442 :
1443 1 : spdm_test_context = *state;
1444 1 : spdm_context = spdm_test_context->spdm_context;
1445 1 : spdm_test_context->case_id = 0xE;
1446 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1447 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1448 1 : spdm_context->connection_info.connection_state =
1449 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1450 1 : spdm_context->connection_info.capability.flags |=
1451 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1452 1 : spdm_context->local_context.capability.flags |=
1453 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1454 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1455 : m_libspdm_use_hash_algo;
1456 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1457 : m_libspdm_use_asym_algo;
1458 1 : spdm_context->connection_info.algorithm.measurement_spec =
1459 : m_libspdm_use_measurement_spec;
1460 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1461 : m_libspdm_use_measurement_hash_algo;
1462 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1463 : m_libspdm_use_dhe_algo;
1464 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1465 : m_libspdm_use_aead_algo;
1466 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1467 : m_libspdm_use_asym_algo, &data1,
1468 : &data_size1, NULL, NULL);
1469 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1470 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1471 : data_size1;
1472 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1473 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1474 : data_size1;
1475 :
1476 1 : libspdm_reset_message_a(spdm_context);
1477 1 : spdm_context->local_context.mut_auth_requested = 0;
1478 :
1479 1 : session_id = 0xFFFFFFFF;
1480 1 : spdm_context->latest_session_id = session_id;
1481 1 : session_info = &spdm_context->session_info[0];
1482 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1483 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1484 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1485 1 : libspdm_secured_message_set_request_finished_key(
1486 : session_info->secured_message_context, m_dummy_buffer,
1487 : hash_size);
1488 1 : libspdm_secured_message_set_session_state(
1489 : session_info->secured_message_context,
1490 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1491 :
1492 1 : spdm_context->connection_info.capability.flags |=
1493 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1494 1 : spdm_context->local_context.capability.flags |=
1495 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1496 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1497 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1498 1 : ptr = m_libspdm_finish_request1.signature;
1499 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1500 1 : cert_buffer = (uint8_t *)data1;
1501 1 : cert_buffer_size = data_size1;
1502 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1503 : cert_buffer_hash);
1504 : /* transcript.message_a size is 0*/
1505 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1506 : /* session_transcript.message_k is 0*/
1507 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1508 : sizeof(spdm_finish_request_t));
1509 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1510 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1511 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1512 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1513 : request_finished_key, hash_size, ptr);
1514 1 : libspdm_set_mem(ptr + hmac_size/2, hmac_size/2, (uint8_t) 0x00); /* half HMAC size*/
1515 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size/2;
1516 1 : response_size = sizeof(response);
1517 1 : status = libspdm_get_response_finish(spdm_context,
1518 : m_libspdm_finish_request1_size,
1519 : &m_libspdm_finish_request1,
1520 : &response_size, response);
1521 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1522 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1523 1 : spdm_response = (void *)response;
1524 1 : assert_int_equal(spdm_response->header.request_response_code,
1525 : SPDM_ERROR);
1526 1 : assert_int_equal(spdm_response->header.param1,
1527 : SPDM_ERROR_CODE_INVALID_REQUEST);
1528 1 : assert_int_equal(spdm_response->header.param2, 0);
1529 1 : free(data1);
1530 1 : }
1531 :
1532 : /**
1533 : * Test 15: receiving a FINISH message from the requester with an incorrect
1534 : * signature (all-zero), but a correct MAC.
1535 : * Expected behavior: the responder refuses the FINISH message and produces
1536 : * an ERROR message indicating the DecryptError.
1537 : **/
1538 1 : void libspdm_test_responder_finish_case15(void **state)
1539 : {
1540 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1541 : libspdm_return_t status;
1542 : libspdm_test_context_t *spdm_test_context;
1543 : libspdm_context_t *spdm_context;
1544 : size_t response_size;
1545 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1546 : spdm_finish_response_t *spdm_response;
1547 : void *data1;
1548 : size_t data_size1;
1549 : void *data2;
1550 : size_t data_size2;
1551 : uint8_t *ptr;
1552 : uint8_t *cert_buffer;
1553 : size_t cert_buffer_size;
1554 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1555 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1556 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1557 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1558 : libspdm_session_info_t *session_info;
1559 : uint32_t session_id;
1560 : uint32_t hash_size;
1561 : uint32_t hmac_size;
1562 : size_t req_asym_signature_size;
1563 :
1564 1 : spdm_test_context = *state;
1565 1 : spdm_context = spdm_test_context->spdm_context;
1566 1 : spdm_test_context->case_id = 0xF;
1567 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1568 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1569 1 : spdm_context->connection_info.connection_state =
1570 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1571 1 : spdm_context->connection_info.capability.flags |=
1572 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1573 1 : spdm_context->local_context.capability.flags |=
1574 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1575 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1576 : m_libspdm_use_hash_algo;
1577 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1578 : m_libspdm_use_asym_algo;
1579 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
1580 : m_libspdm_use_req_asym_algo;
1581 1 : spdm_context->connection_info.algorithm.measurement_spec =
1582 : m_libspdm_use_measurement_spec;
1583 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1584 : m_libspdm_use_measurement_hash_algo;
1585 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1586 : m_libspdm_use_dhe_algo;
1587 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1588 : m_libspdm_use_aead_algo;
1589 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1590 : m_libspdm_use_asym_algo, &data1,
1591 : &data_size1, NULL, NULL);
1592 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1593 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1594 : data_size1;
1595 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1596 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1597 : data_size1;
1598 :
1599 1 : libspdm_reset_message_a(spdm_context);
1600 1 : spdm_context->local_context.mut_auth_requested = 1;
1601 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1602 : m_libspdm_use_req_asym_algo, &data2,
1603 : &data_size2, NULL, NULL);
1604 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1605 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1606 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1607 : data2, data_size2);
1608 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
1609 : data_size2;
1610 : #endif
1611 :
1612 1 : session_id = 0xFFFFFFFF;
1613 1 : spdm_context->latest_session_id = session_id;
1614 1 : session_info = &spdm_context->session_info[0];
1615 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1616 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1617 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1618 1 : libspdm_secured_message_set_request_finished_key(
1619 : session_info->secured_message_context, m_dummy_buffer,
1620 : hash_size);
1621 1 : libspdm_secured_message_set_session_state(
1622 : session_info->secured_message_context,
1623 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1624 1 : session_info->mut_auth_requested = 1;
1625 :
1626 1 : spdm_context->connection_info.capability.flags |=
1627 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1628 1 : spdm_context->local_context.capability.flags |=
1629 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1630 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1631 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1632 1 : req_asym_signature_size =
1633 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1634 1 : ptr = m_libspdm_finish_request3.signature;
1635 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1636 1 : cert_buffer = (uint8_t *)data1;
1637 1 : cert_buffer_size = data_size1;
1638 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1639 : cert_buffer_hash);
1640 1 : cert_buffer = (uint8_t *)data2;
1641 1 : cert_buffer_size = data_size2;
1642 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1643 : req_cert_buffer_hash);
1644 : /* transcript.message_a size is 0*/
1645 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1646 : /* session_transcript.message_k is 0*/
1647 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1648 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
1649 : sizeof(spdm_finish_request_t));
1650 :
1651 1 : libspdm_requester_data_sign(
1652 : spdm_context,
1653 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
1654 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
1655 1 : false, libspdm_get_managed_buffer(&th_curr),
1656 : libspdm_get_managed_buffer_size(&th_curr),
1657 : ptr, &req_asym_signature_size);
1658 :
1659 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1660 1 : ptr += req_asym_signature_size;
1661 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1662 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1663 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1664 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1665 : request_finished_key, hash_size, ptr);
1666 1 : libspdm_set_mem(m_libspdm_finish_request3.signature,
1667 : req_asym_signature_size, (uint8_t) 0x00); /*zero signature*/
1668 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
1669 1 : req_asym_signature_size + hmac_size;
1670 1 : response_size = sizeof(response);
1671 1 : status = libspdm_get_response_finish(spdm_context,
1672 : m_libspdm_finish_request3_size,
1673 : &m_libspdm_finish_request3,
1674 : &response_size, response);
1675 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1676 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1677 1 : spdm_response = (void *)response;
1678 1 : assert_int_equal(spdm_response->header.request_response_code,
1679 : SPDM_ERROR);
1680 1 : assert_int_equal(spdm_response->header.param1,
1681 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1682 1 : assert_int_equal(spdm_response->header.param2, 0);
1683 1 : free(data1);
1684 1 : free(data2);
1685 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
1686 1 : }
1687 :
1688 : /**
1689 : * Test 16: receiving a FINISH message from the requester with an incorrect
1690 : * signature (arbitrary), but a correct MAC.
1691 : * Expected behavior: the responder refuses the FINISH message and produces
1692 : * an ERROR message indicating the DecryptError.
1693 : **/
1694 1 : void libspdm_test_responder_finish_case16(void **state)
1695 : {
1696 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1697 : libspdm_return_t status;
1698 : libspdm_test_context_t *spdm_test_context;
1699 : libspdm_context_t *spdm_context;
1700 : size_t response_size;
1701 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1702 : spdm_finish_response_t *spdm_response;
1703 : void *data1;
1704 : size_t data_size1;
1705 : void *data2;
1706 : size_t data_size2;
1707 : uint8_t *ptr;
1708 : uint8_t *cert_buffer;
1709 : size_t cert_buffer_size;
1710 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1711 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1712 : uint8_t random_buffer[LIBSPDM_MAX_HASH_SIZE];
1713 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1714 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1715 : libspdm_session_info_t *session_info;
1716 : uint32_t session_id;
1717 : uint32_t hash_size;
1718 : uint32_t hmac_size;
1719 : size_t req_asym_signature_size;
1720 :
1721 1 : spdm_test_context = *state;
1722 1 : spdm_context = spdm_test_context->spdm_context;
1723 1 : spdm_test_context->case_id = 0x10;
1724 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1725 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1726 1 : spdm_context->connection_info.connection_state =
1727 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1728 1 : spdm_context->connection_info.capability.flags |=
1729 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1730 1 : spdm_context->local_context.capability.flags |=
1731 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1732 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1733 : m_libspdm_use_hash_algo;
1734 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1735 : m_libspdm_use_asym_algo;
1736 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
1737 : m_libspdm_use_req_asym_algo;
1738 1 : spdm_context->connection_info.algorithm.measurement_spec =
1739 : m_libspdm_use_measurement_spec;
1740 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1741 : m_libspdm_use_measurement_hash_algo;
1742 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1743 : m_libspdm_use_dhe_algo;
1744 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1745 : m_libspdm_use_aead_algo;
1746 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1747 : m_libspdm_use_asym_algo, &data1,
1748 : &data_size1, NULL, NULL);
1749 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1750 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1751 : data_size1;
1752 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1753 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1754 : data_size1;
1755 :
1756 1 : libspdm_reset_message_a(spdm_context);
1757 1 : spdm_context->local_context.mut_auth_requested = 1;
1758 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1759 : m_libspdm_use_req_asym_algo, &data2,
1760 : &data_size2, NULL, NULL);
1761 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1762 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1763 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1764 : data2, data_size2);
1765 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
1766 : data_size2;
1767 : #endif
1768 :
1769 1 : session_id = 0xFFFFFFFF;
1770 1 : spdm_context->latest_session_id = session_id;
1771 1 : session_info = &spdm_context->session_info[0];
1772 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1773 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1774 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1775 1 : libspdm_secured_message_set_request_finished_key(
1776 : session_info->secured_message_context, m_dummy_buffer,
1777 : hash_size);
1778 1 : libspdm_secured_message_set_session_state(
1779 : session_info->secured_message_context,
1780 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1781 1 : session_info->mut_auth_requested = 1;
1782 :
1783 1 : spdm_context->connection_info.capability.flags |=
1784 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1785 1 : spdm_context->local_context.capability.flags |=
1786 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1787 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1788 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1789 1 : req_asym_signature_size =
1790 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1791 1 : ptr = m_libspdm_finish_request3.signature;
1792 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1793 1 : cert_buffer = (uint8_t *)data1;
1794 1 : cert_buffer_size = data_size1;
1795 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1796 : cert_buffer_hash);
1797 1 : cert_buffer = (uint8_t *)data2;
1798 1 : cert_buffer_size = data_size2;
1799 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1800 : req_cert_buffer_hash);
1801 : /* transcript.message_a size is 0*/
1802 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1803 : /* session_transcript.message_k is 0*/
1804 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1805 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
1806 : sizeof(spdm_finish_request_t));
1807 : /*randomize signature*/
1808 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1809 : libspdm_get_managed_buffer_size(&th_curr), random_buffer);
1810 :
1811 1 : libspdm_requester_data_sign(
1812 : spdm_context,
1813 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
1814 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
1815 : false, random_buffer, hash_size, ptr, &req_asym_signature_size);
1816 :
1817 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1818 1 : ptr += req_asym_signature_size;
1819 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1820 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1821 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1822 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1823 : request_finished_key, hash_size, ptr);
1824 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
1825 1 : req_asym_signature_size + hmac_size;
1826 1 : response_size = sizeof(response);
1827 1 : status = libspdm_get_response_finish(spdm_context,
1828 : m_libspdm_finish_request3_size,
1829 : &m_libspdm_finish_request3,
1830 : &response_size, response);
1831 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1832 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1833 1 : spdm_response = (void *)response;
1834 1 : assert_int_equal(spdm_response->header.request_response_code,
1835 : SPDM_ERROR);
1836 1 : assert_int_equal(spdm_response->header.param1,
1837 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1838 1 : assert_int_equal(spdm_response->header.param2, 0);
1839 1 : free(data1);
1840 1 : free(data2);
1841 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
1842 1 : }
1843 :
1844 : /**
1845 : * Test 17: receiving a correct FINISH from the requester.
1846 : * Expected behavior: the responder accepts the request and produces a valid FINISH
1847 : * response message, and buffer F receives the exchanged FINISH and FINISH_RSP messages.
1848 : **/
1849 1 : void libspdm_test_responder_finish_case17(void **state)
1850 : {
1851 : libspdm_return_t status;
1852 : libspdm_test_context_t *spdm_test_context;
1853 : libspdm_context_t *spdm_context;
1854 : size_t response_size;
1855 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1856 : spdm_finish_response_t *spdm_response;
1857 : void *data1;
1858 : size_t data_size1;
1859 : uint8_t *ptr;
1860 : uint8_t *cert_buffer;
1861 : size_t cert_buffer_size;
1862 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1863 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1864 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1865 : libspdm_session_info_t *session_info;
1866 : uint32_t session_id;
1867 : uint32_t hash_size;
1868 : uint32_t hmac_size;
1869 :
1870 1 : spdm_test_context = *state;
1871 1 : spdm_context = spdm_test_context->spdm_context;
1872 1 : spdm_test_context->case_id = 0x11;
1873 1 : spdm_context->connection_info.connection_state =
1874 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1875 1 : spdm_context->connection_info.capability.flags |=
1876 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1877 1 : spdm_context->local_context.capability.flags |=
1878 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1879 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1880 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1881 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1882 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1883 : m_libspdm_use_measurement_hash_algo;
1884 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1885 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1886 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1887 : m_libspdm_use_asym_algo, &data1,
1888 : &data_size1, NULL, NULL);
1889 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1890 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1891 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1892 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size = data_size1;
1893 :
1894 1 : libspdm_reset_message_a(spdm_context);
1895 1 : spdm_context->local_context.mut_auth_requested = 0;
1896 :
1897 1 : session_id = 0xFFFFFFFF;
1898 1 : spdm_context->latest_session_id = session_id;
1899 1 : session_info = &spdm_context->session_info[0];
1900 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1901 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1902 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1903 1 : libspdm_secured_message_set_request_finished_key(
1904 : session_info->secured_message_context, m_dummy_buffer, hash_size);
1905 1 : libspdm_secured_message_set_session_state(
1906 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1907 :
1908 1 : spdm_context->connection_info.capability.flags |=
1909 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1910 1 : spdm_context->local_context.capability.flags |=
1911 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1912 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1913 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1914 1 : ptr = m_libspdm_finish_request1.signature;
1915 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1916 1 : cert_buffer = (uint8_t *)data1;
1917 1 : cert_buffer_size = data_size1;
1918 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1919 : /* transcript.message_a size is 0*/
1920 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1921 : /* session_transcript.message_k is 0*/
1922 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1923 : sizeof(spdm_finish_request_t));
1924 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1925 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1926 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1927 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1928 : request_finished_key, hash_size, ptr);
1929 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1930 1 : response_size = sizeof(response);
1931 1 : status = libspdm_get_response_finish(
1932 : spdm_context, m_libspdm_finish_request1_size, &m_libspdm_finish_request1,
1933 : &response_size, response);
1934 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1935 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
1936 1 : spdm_response = (void *)response;
1937 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
1938 :
1939 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1940 : assert_int_equal(spdm_context->session_info[0].session_transcript.message_f.buffer_size,
1941 : m_libspdm_finish_request1_size + response_size);
1942 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer,
1943 : &m_libspdm_finish_request1, m_libspdm_finish_request1_size);
1944 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer +
1945 : m_libspdm_finish_request1_size,
1946 : response, response_size);
1947 : #endif
1948 :
1949 1 : free(data1);
1950 1 : }
1951 :
1952 : /**
1953 : * Test 18: receiving a correct FINISH message from the requester with
1954 : * correct MAC and signature (with mutual authentication), and 'handshake in
1955 : * the clear'. The slot_id for requester mutual authentication is 0xFF.
1956 : * Expected behavior: the responder accepts the request and produces a valid
1957 : * FINISH_RSP response message.
1958 : **/
1959 1 : void libspdm_test_responder_finish_case18(void **state)
1960 : {
1961 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1962 : libspdm_return_t status;
1963 : libspdm_test_context_t *spdm_test_context;
1964 : libspdm_context_t *spdm_context;
1965 : size_t response_size;
1966 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1967 : spdm_finish_response_t *spdm_response;
1968 : void *data1;
1969 : size_t data_size1;
1970 : void *data2;
1971 : size_t data_size2;
1972 : uint8_t *ptr;
1973 : uint8_t *cert_buffer;
1974 : size_t cert_buffer_size;
1975 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1976 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1977 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1978 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1979 : libspdm_session_info_t *session_info;
1980 : uint32_t session_id;
1981 : uint32_t hash_size;
1982 : uint32_t hmac_size;
1983 : size_t req_asym_signature_size;
1984 :
1985 1 : spdm_test_context = *state;
1986 1 : spdm_context = spdm_test_context->spdm_context;
1987 1 : spdm_test_context->case_id = 0x12;
1988 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1989 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1990 1 : spdm_context->connection_info.connection_state =
1991 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1992 1 : spdm_context->connection_info.capability.flags |=
1993 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1994 1 : spdm_context->local_context.capability.flags |=
1995 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1996 1 : spdm_context->connection_info.capability.flags |=
1997 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP;
1998 1 : spdm_context->local_context.capability.flags |=
1999 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP;
2000 1 : spdm_context->connection_info.capability.flags |=
2001 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2002 1 : spdm_context->local_context.capability.flags |=
2003 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2004 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2005 : m_libspdm_use_hash_algo;
2006 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2007 : m_libspdm_use_asym_algo;
2008 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2009 : m_libspdm_use_req_asym_algo;
2010 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2011 : m_libspdm_use_dhe_algo;
2012 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2013 : m_libspdm_use_aead_algo;
2014 1 : libspdm_read_responder_public_key(m_libspdm_use_asym_algo, &data1, &data_size1);
2015 1 : spdm_context->local_context.local_public_key_provision = data1;
2016 1 : spdm_context->local_context.local_public_key_provision_size = data_size1;
2017 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2018 1 : libspdm_read_requester_public_key(m_libspdm_use_req_asym_algo, &data2, &data_size2);
2019 1 : spdm_context->local_context.peer_public_key_provision = data2;
2020 1 : spdm_context->local_context.peer_public_key_provision_size = data_size2;
2021 :
2022 1 : spdm_context->encap_context.req_slot_id = 0xFF;
2023 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0xFF;
2024 1 : spdm_context->connection_info.local_used_cert_chain_slot_id = 0xFF;
2025 :
2026 1 : libspdm_reset_message_a(spdm_context);
2027 :
2028 1 : session_id = 0xFFFFFFFF;
2029 1 : spdm_context->latest_session_id = session_id;
2030 1 : session_info = &spdm_context->session_info[0];
2031 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2032 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2033 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2034 1 : libspdm_secured_message_set_request_finished_key(
2035 : session_info->secured_message_context, m_dummy_buffer,
2036 : hash_size);
2037 1 : libspdm_secured_message_set_session_state(
2038 : session_info->secured_message_context,
2039 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2040 1 : session_info->mut_auth_requested = 1;
2041 :
2042 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2043 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2044 1 : req_asym_signature_size =
2045 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2046 1 : ptr = m_libspdm_finish_request4.signature;
2047 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2048 1 : cert_buffer = (uint8_t *)data1;
2049 1 : cert_buffer_size = data_size1;
2050 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2051 : cert_buffer_hash);
2052 1 : cert_buffer = (uint8_t *)data2;
2053 1 : cert_buffer_size = data_size2;
2054 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2055 : req_cert_buffer_hash);
2056 : /* transcript.message_a size is 0*/
2057 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2058 : /* session_transcript.message_k is 0*/
2059 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2060 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request4,
2061 : sizeof(spdm_finish_request_t));
2062 :
2063 1 : libspdm_requester_data_sign(
2064 : spdm_context,
2065 1 : m_libspdm_finish_request4.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2066 : SPDM_FINISH,
2067 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2068 1 : false, libspdm_get_managed_buffer(&th_curr),
2069 : libspdm_get_managed_buffer_size(&th_curr),
2070 : ptr, &req_asym_signature_size);
2071 :
2072 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2073 1 : ptr += req_asym_signature_size;
2074 :
2075 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2076 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2077 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2078 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2079 : request_finished_key, hash_size, ptr);
2080 1 : m_libspdm_finish_request4_size = sizeof(spdm_finish_request_t) +
2081 1 : req_asym_signature_size + hmac_size;
2082 1 : response_size = sizeof(response);
2083 1 : status = libspdm_get_response_finish(spdm_context,
2084 : m_libspdm_finish_request4_size,
2085 : &m_libspdm_finish_request4,
2086 : &response_size, response);
2087 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2088 1 : assert_int_equal(response_size,
2089 : sizeof(spdm_finish_response_t) + hmac_size);
2090 1 : spdm_response = (void *)response;
2091 1 : assert_int_equal(spdm_response->header.request_response_code,
2092 : SPDM_FINISH_RSP);
2093 1 : free(data1);
2094 1 : free(data2);
2095 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
2096 1 : }
2097 :
2098 : /**
2099 : * Test 19: receiving a invalid FINISH request message, enable mutual authentication without using the encapsulated request flow,
2100 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
2101 : * SlotID in FINISH request message is 10, but it shall be 0xFF or between 0 and 7 inclusive.
2102 : * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
2103 : **/
2104 1 : void libspdm_test_responder_finish_case19(void **state)
2105 : {
2106 : libspdm_return_t status;
2107 : libspdm_test_context_t *spdm_test_context;
2108 : libspdm_context_t *spdm_context;
2109 : size_t response_size;
2110 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2111 : spdm_finish_response_t *spdm_response;
2112 : void *data1;
2113 : size_t data_size1;
2114 : void *data2;
2115 : size_t data_size2;
2116 : uint8_t *ptr;
2117 : uint8_t *cert_buffer;
2118 : size_t cert_buffer_size;
2119 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2120 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2121 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2122 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2123 : libspdm_session_info_t *session_info;
2124 : uint32_t session_id;
2125 : uint32_t hash_size;
2126 : uint32_t hmac_size;
2127 : size_t req_asym_signature_size;
2128 :
2129 1 : spdm_test_context = *state;
2130 1 : spdm_context = spdm_test_context->spdm_context;
2131 1 : spdm_test_context->case_id = 0x13;
2132 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2133 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2134 1 : spdm_context->connection_info.connection_state =
2135 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2136 1 : spdm_context->connection_info.capability.flags |=
2137 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2138 1 : spdm_context->local_context.capability.flags |=
2139 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2140 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2141 : m_libspdm_use_hash_algo;
2142 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2143 : m_libspdm_use_asym_algo;
2144 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2145 : m_libspdm_use_req_asym_algo;
2146 1 : spdm_context->connection_info.algorithm.measurement_spec =
2147 : m_libspdm_use_measurement_spec;
2148 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2149 : m_libspdm_use_measurement_hash_algo;
2150 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2151 : m_libspdm_use_dhe_algo;
2152 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2153 : m_libspdm_use_aead_algo;
2154 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2155 : m_libspdm_use_asym_algo, &data1,
2156 : &data_size1, NULL, NULL);
2157 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2158 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2159 : data_size1;
2160 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2161 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2162 : data_size1;
2163 :
2164 1 : libspdm_reset_message_a(spdm_context);
2165 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2166 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2167 : m_libspdm_use_req_asym_algo, &data2,
2168 : &data_size2, NULL, NULL);
2169 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2170 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2171 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2172 : data2, data_size2);
2173 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2174 : data_size2;
2175 : #else
2176 1 : libspdm_hash_all(
2177 : spdm_context->connection_info.algorithm.base_hash_algo,
2178 : data2, data_size2,
2179 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2180 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2181 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2182 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2183 : spdm_context->connection_info.algorithm.base_hash_algo,
2184 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2185 : data2,
2186 : data_size2,
2187 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2188 : #endif
2189 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2190 :
2191 1 : session_id = 0xFFFFFFFF;
2192 1 : spdm_context->latest_session_id = session_id;
2193 1 : session_info = &spdm_context->session_info[0];
2194 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2195 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2196 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2197 1 : libspdm_secured_message_set_request_finished_key(
2198 : session_info->secured_message_context, m_dummy_buffer,
2199 : hash_size);
2200 1 : libspdm_secured_message_set_session_state(
2201 : session_info->secured_message_context,
2202 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2203 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2204 :
2205 1 : spdm_context->connection_info.capability.flags |=
2206 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2207 1 : spdm_context->local_context.capability.flags |=
2208 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2209 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2210 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2211 1 : req_asym_signature_size =
2212 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2213 1 : ptr = m_libspdm_finish_request5.signature;
2214 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2215 1 : cert_buffer = (uint8_t *)data1;
2216 1 : cert_buffer_size = data_size1;
2217 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2218 : cert_buffer_hash);
2219 1 : cert_buffer = (uint8_t *)data2;
2220 1 : cert_buffer_size = data_size2;
2221 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2222 : req_cert_buffer_hash);
2223 : /* transcript.message_a size is 0*/
2224 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2225 : /* session_transcript.message_k is 0*/
2226 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2227 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request5,
2228 : sizeof(spdm_finish_request_t));
2229 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2230 1 : libspdm_requester_data_sign(
2231 : spdm_context,
2232 1 : m_libspdm_finish_request5.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
2233 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2234 1 : false, libspdm_get_managed_buffer(&th_curr),
2235 : libspdm_get_managed_buffer_size(&th_curr),
2236 : ptr, &req_asym_signature_size);
2237 : #endif
2238 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2239 1 : ptr += req_asym_signature_size;
2240 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2241 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2242 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2243 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2244 : request_finished_key, hash_size, ptr);
2245 1 : m_libspdm_finish_request5_size = sizeof(spdm_finish_request_t) +
2246 1 : req_asym_signature_size + hmac_size;
2247 1 : response_size = sizeof(response);
2248 1 : status = libspdm_get_response_finish(spdm_context,
2249 : m_libspdm_finish_request5_size,
2250 : &m_libspdm_finish_request5,
2251 : &response_size, response);
2252 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2253 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2254 1 : spdm_response = (void *)response;
2255 1 : assert_int_equal(spdm_response->header.request_response_code,
2256 : SPDM_ERROR);
2257 1 : assert_int_equal(spdm_response->header.param1,
2258 : SPDM_ERROR_CODE_INVALID_REQUEST);
2259 1 : assert_int_equal(spdm_response->header.param2, 0);
2260 1 : free(data1);
2261 1 : free(data2);
2262 1 : }
2263 :
2264 : /**
2265 : * Test 20: receiving a invalid FINISH request message, enable mutual authentication with using the encapsulated request flow,
2266 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x02.
2267 : * SlotID in FINISH request message is 3, but it shall match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
2268 : * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
2269 : **/
2270 1 : void libspdm_test_responder_finish_case20(void **state)
2271 : {
2272 : libspdm_return_t status;
2273 : libspdm_test_context_t *spdm_test_context;
2274 : libspdm_context_t *spdm_context;
2275 : size_t response_size;
2276 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2277 : spdm_finish_response_t *spdm_response;
2278 : void *data1;
2279 : size_t data_size1;
2280 : void *data2;
2281 : size_t data_size2;
2282 : uint8_t *ptr;
2283 : uint8_t *cert_buffer;
2284 : size_t cert_buffer_size;
2285 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2286 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2287 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2288 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2289 : libspdm_session_info_t *session_info;
2290 : uint32_t session_id;
2291 : uint32_t hash_size;
2292 : uint32_t hmac_size;
2293 : size_t req_asym_signature_size;
2294 :
2295 1 : spdm_test_context = *state;
2296 1 : spdm_context = spdm_test_context->spdm_context;
2297 1 : spdm_test_context->case_id = 0x14;
2298 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2299 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2300 1 : spdm_context->connection_info.connection_state =
2301 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2302 1 : spdm_context->connection_info.capability.flags |=
2303 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2304 1 : spdm_context->local_context.capability.flags |=
2305 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2306 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2307 : m_libspdm_use_hash_algo;
2308 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2309 : m_libspdm_use_asym_algo;
2310 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2311 : m_libspdm_use_req_asym_algo;
2312 1 : spdm_context->connection_info.algorithm.measurement_spec =
2313 : m_libspdm_use_measurement_spec;
2314 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2315 : m_libspdm_use_measurement_hash_algo;
2316 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2317 : m_libspdm_use_dhe_algo;
2318 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2319 : m_libspdm_use_aead_algo;
2320 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2321 : m_libspdm_use_asym_algo, &data1,
2322 : &data_size1, NULL, NULL);
2323 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2324 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2325 : data_size1;
2326 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2327 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2328 : data_size1;
2329 :
2330 1 : libspdm_reset_message_a(spdm_context);
2331 1 : spdm_context->local_context.mut_auth_requested =
2332 : SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
2333 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2334 : m_libspdm_use_req_asym_algo, &data2,
2335 : &data_size2, NULL, NULL);
2336 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2337 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2338 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2339 : data2, data_size2);
2340 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2341 : data_size2;
2342 : #else
2343 1 : libspdm_hash_all(
2344 : spdm_context->connection_info.algorithm.base_hash_algo,
2345 : data2, data_size2,
2346 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2347 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2348 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2349 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2350 : spdm_context->connection_info.algorithm.base_hash_algo,
2351 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2352 : data2,
2353 : data_size2,
2354 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2355 : #endif
2356 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2357 :
2358 1 : session_id = 0xFFFFFFFF;
2359 1 : spdm_context->latest_session_id = session_id;
2360 1 : session_info = &spdm_context->session_info[0];
2361 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2362 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2363 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2364 1 : libspdm_secured_message_set_request_finished_key(
2365 : session_info->secured_message_context, m_dummy_buffer,
2366 : hash_size);
2367 1 : libspdm_secured_message_set_session_state(
2368 : session_info->secured_message_context,
2369 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2370 1 : session_info->mut_auth_requested =
2371 : SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
2372 :
2373 1 : spdm_context->connection_info.capability.flags |=
2374 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2375 1 : spdm_context->local_context.capability.flags |=
2376 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2377 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2378 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2379 1 : req_asym_signature_size =
2380 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2381 1 : ptr = m_libspdm_finish_request7.signature;
2382 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2383 1 : cert_buffer = (uint8_t *)data1;
2384 1 : cert_buffer_size = data_size1;
2385 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2386 : cert_buffer_hash);
2387 1 : cert_buffer = (uint8_t *)data2;
2388 1 : cert_buffer_size = data_size2;
2389 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2390 : req_cert_buffer_hash);
2391 : /* transcript.message_a size is 0*/
2392 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2393 : /* session_transcript.message_k is 0*/
2394 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2395 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
2396 : sizeof(spdm_finish_request_t));
2397 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2398 1 : libspdm_requester_data_sign(
2399 : spdm_context,
2400 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
2401 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2402 1 : false, libspdm_get_managed_buffer(&th_curr),
2403 : libspdm_get_managed_buffer_size(&th_curr),
2404 : ptr, &req_asym_signature_size);
2405 : #endif
2406 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2407 1 : ptr += req_asym_signature_size;
2408 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2409 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2410 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2411 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2412 : request_finished_key, hash_size, ptr);
2413 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2414 1 : req_asym_signature_size + hmac_size;
2415 1 : response_size = sizeof(response);
2416 1 : status = libspdm_get_response_finish(spdm_context,
2417 : m_libspdm_finish_request7_size,
2418 : &m_libspdm_finish_request7,
2419 : &response_size, response);
2420 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2421 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2422 1 : spdm_response = (void *)response;
2423 1 : assert_int_equal(spdm_response->header.request_response_code,
2424 : SPDM_ERROR);
2425 1 : assert_int_equal(spdm_response->header.param1,
2426 : SPDM_ERROR_CODE_INVALID_REQUEST);
2427 1 : assert_int_equal(spdm_response->header.param2, 0);
2428 1 : free(data1);
2429 1 : free(data2);
2430 1 : }
2431 :
2432 : /**
2433 : * Test 21: receiving a valid FINISH request message, due to disable mutual authentication,
2434 : * although SlotID in FINISH request message is 10, it shall be ignored when read.
2435 : * Expected behavior: the responder accepts the request and produces a valid
2436 : * FINISH_RSP response message.
2437 : **/
2438 1 : void libspdm_test_responder_finish_case21(void **state)
2439 : {
2440 : libspdm_return_t status;
2441 : libspdm_test_context_t *spdm_test_context;
2442 : libspdm_context_t *spdm_context;
2443 : size_t response_size;
2444 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2445 : spdm_finish_response_t *spdm_response;
2446 : void *data1;
2447 : size_t data_size1;
2448 : uint8_t *ptr;
2449 : uint8_t *cert_buffer;
2450 : size_t cert_buffer_size;
2451 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2452 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2453 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2454 : libspdm_session_info_t *session_info;
2455 : uint32_t session_id;
2456 : uint32_t hash_size;
2457 : uint32_t hmac_size;
2458 :
2459 1 : spdm_test_context = *state;
2460 1 : spdm_context = spdm_test_context->spdm_context;
2461 1 : spdm_test_context->case_id = 0x15;
2462 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2463 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2464 1 : spdm_context->connection_info.connection_state =
2465 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2466 1 : spdm_context->connection_info.capability.flags |=
2467 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2468 1 : spdm_context->local_context.capability.flags |=
2469 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2470 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2471 : m_libspdm_use_hash_algo;
2472 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2473 : m_libspdm_use_asym_algo;
2474 1 : spdm_context->connection_info.algorithm.measurement_spec =
2475 : m_libspdm_use_measurement_spec;
2476 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2477 : m_libspdm_use_measurement_hash_algo;
2478 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2479 : m_libspdm_use_dhe_algo;
2480 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2481 : m_libspdm_use_aead_algo;
2482 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2483 : m_libspdm_use_asym_algo, &data1,
2484 : &data_size1, NULL, NULL);
2485 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2486 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2487 : data_size1;
2488 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2489 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2490 : data_size1;
2491 :
2492 1 : libspdm_reset_message_a(spdm_context);
2493 1 : spdm_context->local_context.mut_auth_requested = 0;
2494 :
2495 1 : session_id = 0xFFFFFFFF;
2496 1 : spdm_context->latest_session_id = session_id;
2497 1 : session_info = &spdm_context->session_info[0];
2498 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2499 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2500 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2501 1 : libspdm_secured_message_set_request_finished_key(
2502 : session_info->secured_message_context, m_dummy_buffer,
2503 : hash_size);
2504 1 : libspdm_secured_message_set_session_state(
2505 : session_info->secured_message_context,
2506 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2507 1 : session_info->mut_auth_requested = 0;
2508 :
2509 1 : spdm_context->connection_info.capability.flags |=
2510 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2511 1 : spdm_context->local_context.capability.flags |=
2512 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2513 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2514 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2515 1 : ptr = m_libspdm_finish_request6.signature;
2516 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2517 1 : cert_buffer = (uint8_t *)data1;
2518 1 : cert_buffer_size = data_size1;
2519 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2520 : cert_buffer_hash);
2521 : /* transcript.message_a size is 0*/
2522 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2523 : /* session_transcript.message_k is 0*/
2524 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request6,
2525 : sizeof(spdm_finish_request_t));
2526 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2527 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2528 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2529 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2530 : request_finished_key, hash_size, ptr);
2531 1 : m_libspdm_finish_request6_size = sizeof(spdm_finish_request_t) + hmac_size;
2532 1 : response_size = sizeof(response);
2533 1 : status = libspdm_get_response_finish(spdm_context,
2534 : m_libspdm_finish_request6_size,
2535 : &m_libspdm_finish_request6,
2536 : &response_size, response);
2537 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2538 1 : spdm_response = (void *)response;
2539 1 : assert_int_equal(spdm_response->header.request_response_code,
2540 : SPDM_FINISH_RSP);
2541 1 : assert_int_equal(response_size,
2542 : sizeof(spdm_finish_response_t) + hmac_size);
2543 1 : free(data1);
2544 1 : }
2545 :
2546 : /**
2547 : * Test 22: receiving a valid FINISH request message, enable mutual authentication without using the encapsulated request flow,
2548 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
2549 : * although SlotID in FINISH request message is 3, it no need match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
2550 : * Expected behavior: the responder accepts the request and produces a valid
2551 : * FINISH_RSP response message.
2552 : **/
2553 1 : void libspdm_test_responder_finish_case22(void **state)
2554 : {
2555 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2556 : libspdm_return_t status;
2557 : libspdm_test_context_t *spdm_test_context;
2558 : libspdm_context_t *spdm_context;
2559 : size_t response_size;
2560 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2561 : spdm_finish_response_t *spdm_response;
2562 : void *data1;
2563 : size_t data_size1;
2564 : void *data2;
2565 : size_t data_size2;
2566 : uint8_t *ptr;
2567 : uint8_t *cert_buffer;
2568 : size_t cert_buffer_size;
2569 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2570 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2571 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2572 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2573 : libspdm_session_info_t *session_info;
2574 : uint32_t session_id;
2575 : uint32_t hash_size;
2576 : uint32_t hmac_size;
2577 : size_t req_asym_signature_size;
2578 :
2579 1 : spdm_test_context = *state;
2580 1 : spdm_context = spdm_test_context->spdm_context;
2581 1 : spdm_test_context->case_id = 0x16;
2582 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2583 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2584 1 : spdm_context->connection_info.connection_state =
2585 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2586 1 : spdm_context->connection_info.capability.flags |=
2587 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2588 1 : spdm_context->local_context.capability.flags |=
2589 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2590 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2591 : m_libspdm_use_hash_algo;
2592 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2593 : m_libspdm_use_asym_algo;
2594 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2595 : m_libspdm_use_req_asym_algo;
2596 1 : spdm_context->connection_info.algorithm.measurement_spec =
2597 : m_libspdm_use_measurement_spec;
2598 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2599 : m_libspdm_use_measurement_hash_algo;
2600 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2601 : m_libspdm_use_dhe_algo;
2602 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2603 : m_libspdm_use_aead_algo;
2604 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2605 : m_libspdm_use_asym_algo, &data1,
2606 : &data_size1, NULL, NULL);
2607 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2608 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2609 : data_size1;
2610 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2611 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2612 : data_size1;
2613 :
2614 1 : libspdm_reset_message_a(spdm_context);
2615 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2616 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2617 : m_libspdm_use_req_asym_algo, &data2,
2618 : &data_size2, NULL, NULL);
2619 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2620 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2621 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2622 : data2, data_size2);
2623 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2624 : data_size2;
2625 : #else
2626 1 : libspdm_hash_all(
2627 : spdm_context->connection_info.algorithm.base_hash_algo,
2628 : data2, data_size2,
2629 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2630 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2631 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2632 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2633 : spdm_context->connection_info.algorithm.base_hash_algo,
2634 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2635 : data2,
2636 : data_size2,
2637 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2638 : #endif
2639 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2640 :
2641 1 : session_id = 0xFFFFFFFF;
2642 1 : spdm_context->latest_session_id = session_id;
2643 1 : session_info = &spdm_context->session_info[0];
2644 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2645 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2646 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2647 1 : libspdm_secured_message_set_request_finished_key(
2648 : session_info->secured_message_context, m_dummy_buffer,
2649 : hash_size);
2650 1 : libspdm_secured_message_set_session_state(
2651 : session_info->secured_message_context,
2652 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2653 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2654 :
2655 1 : spdm_context->connection_info.capability.flags |=
2656 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2657 1 : spdm_context->local_context.capability.flags |=
2658 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2659 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2660 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2661 1 : req_asym_signature_size =
2662 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2663 1 : ptr = m_libspdm_finish_request7.signature;
2664 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2665 1 : cert_buffer = (uint8_t *)data1;
2666 1 : cert_buffer_size = data_size1;
2667 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2668 : cert_buffer_hash);
2669 1 : cert_buffer = (uint8_t *)data2;
2670 1 : cert_buffer_size = data_size2;
2671 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2672 : req_cert_buffer_hash);
2673 : /* transcript.message_a size is 0*/
2674 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2675 : /* session_transcript.message_k is 0*/
2676 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2677 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
2678 : sizeof(spdm_finish_request_t));
2679 :
2680 1 : libspdm_requester_data_sign(
2681 : spdm_context,
2682 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
2683 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2684 1 : false, libspdm_get_managed_buffer(&th_curr),
2685 : libspdm_get_managed_buffer_size(&th_curr),
2686 : ptr, &req_asym_signature_size);
2687 :
2688 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2689 1 : ptr += req_asym_signature_size;
2690 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2691 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2692 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2693 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2694 : request_finished_key, hash_size, ptr);
2695 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2696 1 : req_asym_signature_size + hmac_size;
2697 1 : response_size = sizeof(response);
2698 1 : status = libspdm_get_response_finish(spdm_context,
2699 : m_libspdm_finish_request7_size,
2700 : &m_libspdm_finish_request7,
2701 : &response_size, response);
2702 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2703 1 : spdm_response = (void *)response;
2704 1 : assert_int_equal(spdm_response->header.request_response_code,
2705 : SPDM_FINISH_RSP);
2706 1 : assert_int_equal(response_size,
2707 : sizeof(spdm_finish_response_t) + hmac_size);
2708 1 : free(data1);
2709 1 : free(data2);
2710 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
2711 1 : }
2712 :
2713 : /**
2714 : * Test 23: Same as test case 22 but test signature endianness.
2715 : * Big-Endian Sign. Little-Endian Verify.
2716 : * Expecting signature to fail.
2717 : **/
2718 1 : void libspdm_test_responder_finish_case23(void** state)
2719 : {
2720 : libspdm_return_t status;
2721 : libspdm_test_context_t* spdm_test_context;
2722 : libspdm_context_t* spdm_context;
2723 : size_t response_size;
2724 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2725 : spdm_finish_response_t* spdm_response;
2726 : void* data1;
2727 : size_t data_size1;
2728 : void* data2;
2729 : size_t data_size2;
2730 : uint8_t* ptr;
2731 : uint8_t* cert_buffer;
2732 : size_t cert_buffer_size;
2733 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2734 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2735 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2736 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2737 : libspdm_session_info_t* session_info;
2738 : uint32_t session_id;
2739 : uint32_t hash_size;
2740 : uint32_t hmac_size;
2741 : size_t req_asym_signature_size;
2742 :
2743 1 : spdm_test_context = *state;
2744 1 : spdm_context = spdm_test_context->spdm_context;
2745 1 : spdm_test_context->case_id = 23;
2746 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2747 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2748 1 : spdm_context->connection_info.connection_state =
2749 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2750 1 : spdm_context->connection_info.capability.flags |=
2751 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2752 1 : spdm_context->local_context.capability.flags |=
2753 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2754 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2755 : m_libspdm_use_hash_algo;
2756 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2757 : m_libspdm_use_asym_algo;
2758 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2759 : m_libspdm_use_req_asym_algo;
2760 1 : spdm_context->connection_info.algorithm.measurement_spec =
2761 : m_libspdm_use_measurement_spec;
2762 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2763 : m_libspdm_use_measurement_hash_algo;
2764 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2765 : m_libspdm_use_dhe_algo;
2766 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2767 : m_libspdm_use_aead_algo;
2768 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2769 : m_libspdm_use_asym_algo, &data1,
2770 : &data_size1, NULL, NULL);
2771 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2772 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2773 : data_size1;
2774 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2775 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2776 : data_size1;
2777 1 : spdm_context->spdm_10_11_verify_signature_endian =
2778 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
2779 :
2780 1 : libspdm_reset_message_a(spdm_context);
2781 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2782 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2783 : m_libspdm_use_req_asym_algo, &data2,
2784 : &data_size2, NULL, NULL);
2785 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2786 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2787 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2788 : data2, data_size2);
2789 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2790 : data_size2;
2791 : #else
2792 1 : libspdm_hash_all(
2793 : spdm_context->connection_info.algorithm.base_hash_algo,
2794 : data2, data_size2,
2795 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2796 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2797 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2798 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2799 : spdm_context->connection_info.algorithm.base_hash_algo,
2800 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2801 : data2,
2802 : data_size2,
2803 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2804 : #endif
2805 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2806 :
2807 1 : session_id = 0xFFFFFFFF;
2808 1 : spdm_context->latest_session_id = session_id;
2809 1 : session_info = &spdm_context->session_info[0];
2810 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2811 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2812 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2813 1 : libspdm_secured_message_set_request_finished_key(
2814 : session_info->secured_message_context, m_dummy_buffer,
2815 : hash_size);
2816 1 : libspdm_secured_message_set_session_state(
2817 : session_info->secured_message_context,
2818 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2819 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2820 :
2821 1 : spdm_context->connection_info.capability.flags |=
2822 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2823 1 : spdm_context->local_context.capability.flags |=
2824 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2825 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2826 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2827 1 : req_asym_signature_size =
2828 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2829 1 : ptr = m_libspdm_finish_request7.signature;
2830 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2831 1 : cert_buffer = (uint8_t*)data1;
2832 1 : cert_buffer_size = data_size1;
2833 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2834 : cert_buffer_hash);
2835 1 : cert_buffer = (uint8_t*)data2;
2836 1 : cert_buffer_size = data_size2;
2837 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2838 : req_cert_buffer_hash);
2839 : /* transcript.message_a size is 0*/
2840 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2841 : /* session_transcript.message_k is 0*/
2842 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2843 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
2844 : sizeof(spdm_finish_request_t));
2845 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2846 1 : libspdm_requester_data_sign(
2847 : spdm_context,
2848 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
2849 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2850 1 : false, libspdm_get_managed_buffer(&th_curr),
2851 : libspdm_get_managed_buffer_size(&th_curr),
2852 : ptr, &req_asym_signature_size);
2853 : #endif
2854 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2855 1 : ptr += req_asym_signature_size;
2856 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2857 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2858 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2859 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2860 : request_finished_key, hash_size, ptr);
2861 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2862 1 : req_asym_signature_size + hmac_size;
2863 1 : response_size = sizeof(response);
2864 1 : status = libspdm_get_response_finish(spdm_context,
2865 : m_libspdm_finish_request7_size,
2866 : &m_libspdm_finish_request7,
2867 : &response_size, response);
2868 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2869 1 : spdm_response = (void*)response;
2870 :
2871 : /* Expecting failure on little-endian signature */
2872 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
2873 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2874 1 : free(data1);
2875 1 : free(data2);
2876 1 : }
2877 :
2878 : /**
2879 : * Test 24: Same as test case 22 but test signature endianness.
2880 : * Big-Endian Sign. Big-Endian Verify.
2881 : * Expecting signature to PASS.
2882 : **/
2883 1 : void libspdm_test_responder_finish_case24(void** state)
2884 : {
2885 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2886 : libspdm_return_t status;
2887 : libspdm_test_context_t* spdm_test_context;
2888 : libspdm_context_t* spdm_context;
2889 : size_t response_size;
2890 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2891 : spdm_finish_response_t* spdm_response;
2892 : void* data1;
2893 : size_t data_size1;
2894 : void* data2;
2895 : size_t data_size2;
2896 : uint8_t* ptr;
2897 : uint8_t* cert_buffer;
2898 : size_t cert_buffer_size;
2899 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2900 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2901 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2902 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2903 : libspdm_session_info_t* session_info;
2904 : uint32_t session_id;
2905 : uint32_t hash_size;
2906 : uint32_t hmac_size;
2907 : size_t req_asym_signature_size;
2908 :
2909 1 : spdm_test_context = *state;
2910 1 : spdm_context = spdm_test_context->spdm_context;
2911 1 : spdm_test_context->case_id = 24;
2912 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2913 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2914 1 : spdm_context->connection_info.connection_state =
2915 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2916 1 : spdm_context->connection_info.capability.flags |=
2917 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2918 1 : spdm_context->local_context.capability.flags |=
2919 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2920 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2921 : m_libspdm_use_hash_algo;
2922 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2923 : m_libspdm_use_asym_algo;
2924 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2925 : m_libspdm_use_req_asym_algo;
2926 1 : spdm_context->connection_info.algorithm.measurement_spec =
2927 : m_libspdm_use_measurement_spec;
2928 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2929 : m_libspdm_use_measurement_hash_algo;
2930 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2931 : m_libspdm_use_dhe_algo;
2932 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2933 : m_libspdm_use_aead_algo;
2934 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2935 : m_libspdm_use_asym_algo, &data1,
2936 : &data_size1, NULL, NULL);
2937 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2938 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2939 : data_size1;
2940 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2941 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2942 : data_size1;
2943 1 : spdm_context->spdm_10_11_verify_signature_endian =
2944 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
2945 :
2946 1 : libspdm_reset_message_a(spdm_context);
2947 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2948 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2949 : m_libspdm_use_req_asym_algo, &data2,
2950 : &data_size2, NULL, NULL);
2951 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2952 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2953 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2954 : data2, data_size2);
2955 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2956 : data_size2;
2957 : #else
2958 1 : libspdm_hash_all(
2959 : spdm_context->connection_info.algorithm.base_hash_algo,
2960 : data2, data_size2,
2961 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2962 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2963 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2964 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2965 : spdm_context->connection_info.algorithm.base_hash_algo,
2966 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2967 : data2,
2968 : data_size2,
2969 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2970 : #endif
2971 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2972 :
2973 1 : session_id = 0xFFFFFFFF;
2974 1 : spdm_context->latest_session_id = session_id;
2975 1 : session_info = &spdm_context->session_info[0];
2976 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2977 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2978 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2979 1 : libspdm_secured_message_set_request_finished_key(
2980 : session_info->secured_message_context, m_dummy_buffer,
2981 : hash_size);
2982 1 : libspdm_secured_message_set_session_state(
2983 : session_info->secured_message_context,
2984 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2985 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2986 :
2987 1 : spdm_context->connection_info.capability.flags |=
2988 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2989 1 : spdm_context->local_context.capability.flags |=
2990 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2991 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2992 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2993 1 : req_asym_signature_size =
2994 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2995 1 : ptr = m_libspdm_finish_request7.signature;
2996 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2997 1 : cert_buffer = (uint8_t*)data1;
2998 1 : cert_buffer_size = data_size1;
2999 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3000 : cert_buffer_hash);
3001 1 : cert_buffer = (uint8_t*)data2;
3002 1 : cert_buffer_size = data_size2;
3003 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3004 : req_cert_buffer_hash);
3005 : /* transcript.message_a size is 0*/
3006 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3007 : /* session_transcript.message_k is 0*/
3008 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3009 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3010 : sizeof(spdm_finish_request_t));
3011 :
3012 1 : libspdm_requester_data_sign(
3013 : spdm_context,
3014 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3015 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3016 1 : false, libspdm_get_managed_buffer(&th_curr),
3017 : libspdm_get_managed_buffer_size(&th_curr),
3018 : ptr, &req_asym_signature_size);
3019 :
3020 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3021 1 : ptr += req_asym_signature_size;
3022 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3023 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3024 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3025 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3026 : request_finished_key, hash_size, ptr);
3027 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3028 1 : req_asym_signature_size + hmac_size;
3029 1 : response_size = sizeof(response);
3030 1 : status = libspdm_get_response_finish(spdm_context,
3031 : m_libspdm_finish_request7_size,
3032 : &m_libspdm_finish_request7,
3033 : &response_size, response);
3034 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3035 1 : spdm_response = (void*)response;
3036 :
3037 : /* Expecting pass on big-endian signature */
3038 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3039 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3040 1 : free(data1);
3041 1 : free(data2);
3042 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3043 1 : }
3044 :
3045 : /**
3046 : * Test 25: Same as test case 22, but test signature endianness.
3047 : * Big Endian Sign. Big or Little Endian Verify.
3048 : * Expecting signature to PASS.
3049 : **/
3050 1 : void libspdm_test_responder_finish_case25(void** state)
3051 : {
3052 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3053 : libspdm_return_t status;
3054 : libspdm_test_context_t* spdm_test_context;
3055 : libspdm_context_t* spdm_context;
3056 : size_t response_size;
3057 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3058 : spdm_finish_response_t* spdm_response;
3059 : void* data1;
3060 : size_t data_size1;
3061 : void* data2;
3062 : size_t data_size2;
3063 : uint8_t* ptr;
3064 : uint8_t* cert_buffer;
3065 : size_t cert_buffer_size;
3066 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3067 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3068 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3069 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3070 : libspdm_session_info_t* session_info;
3071 : uint32_t session_id;
3072 : uint32_t hash_size;
3073 : uint32_t hmac_size;
3074 : size_t req_asym_signature_size;
3075 :
3076 1 : spdm_test_context = *state;
3077 1 : spdm_context = spdm_test_context->spdm_context;
3078 1 : spdm_test_context->case_id = 25;
3079 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3080 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3081 1 : spdm_context->connection_info.connection_state =
3082 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3083 1 : spdm_context->connection_info.capability.flags |=
3084 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3085 1 : spdm_context->local_context.capability.flags |=
3086 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3087 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3088 : m_libspdm_use_hash_algo;
3089 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3090 : m_libspdm_use_asym_algo;
3091 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3092 : m_libspdm_use_req_asym_algo;
3093 1 : spdm_context->connection_info.algorithm.measurement_spec =
3094 : m_libspdm_use_measurement_spec;
3095 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3096 : m_libspdm_use_measurement_hash_algo;
3097 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3098 : m_libspdm_use_dhe_algo;
3099 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3100 : m_libspdm_use_aead_algo;
3101 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3102 : m_libspdm_use_asym_algo, &data1,
3103 : &data_size1, NULL, NULL);
3104 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3105 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3106 : data_size1;
3107 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3108 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3109 : data_size1;
3110 1 : spdm_context->spdm_10_11_verify_signature_endian =
3111 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
3112 :
3113 1 : libspdm_reset_message_a(spdm_context);
3114 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3115 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3116 : m_libspdm_use_req_asym_algo, &data2,
3117 : &data_size2, NULL, NULL);
3118 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3119 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3120 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3121 : data2, data_size2);
3122 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3123 : data_size2;
3124 : #else
3125 1 : libspdm_hash_all(
3126 : spdm_context->connection_info.algorithm.base_hash_algo,
3127 : data2, data_size2,
3128 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3129 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3130 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3131 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3132 : spdm_context->connection_info.algorithm.base_hash_algo,
3133 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3134 : data2,
3135 : data_size2,
3136 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3137 : #endif
3138 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
3139 :
3140 1 : session_id = 0xFFFFFFFF;
3141 1 : spdm_context->latest_session_id = session_id;
3142 1 : session_info = &spdm_context->session_info[0];
3143 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
3144 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3145 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3146 1 : libspdm_secured_message_set_request_finished_key(
3147 : session_info->secured_message_context, m_dummy_buffer,
3148 : hash_size);
3149 1 : libspdm_secured_message_set_session_state(
3150 : session_info->secured_message_context,
3151 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3152 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3153 :
3154 1 : spdm_context->connection_info.capability.flags |=
3155 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3156 1 : spdm_context->local_context.capability.flags |=
3157 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3158 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3159 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3160 1 : req_asym_signature_size =
3161 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3162 1 : ptr = m_libspdm_finish_request7.signature;
3163 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3164 1 : cert_buffer = (uint8_t*)data1;
3165 1 : cert_buffer_size = data_size1;
3166 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3167 : cert_buffer_hash);
3168 1 : cert_buffer = (uint8_t*)data2;
3169 1 : cert_buffer_size = data_size2;
3170 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3171 : req_cert_buffer_hash);
3172 : /* transcript.message_a size is 0*/
3173 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3174 : /* session_transcript.message_k is 0*/
3175 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3176 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3177 : sizeof(spdm_finish_request_t));
3178 :
3179 1 : libspdm_requester_data_sign(
3180 : spdm_context,
3181 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3182 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3183 1 : false, libspdm_get_managed_buffer(&th_curr),
3184 : libspdm_get_managed_buffer_size(&th_curr),
3185 : ptr, &req_asym_signature_size);
3186 :
3187 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3188 1 : ptr += req_asym_signature_size;
3189 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3190 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3191 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3192 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3193 : request_finished_key, hash_size, ptr);
3194 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3195 1 : req_asym_signature_size + hmac_size;
3196 1 : response_size = sizeof(response);
3197 1 : status = libspdm_get_response_finish(spdm_context,
3198 : m_libspdm_finish_request7_size,
3199 : &m_libspdm_finish_request7,
3200 : &response_size, response);
3201 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3202 1 : spdm_response = (void*)response;
3203 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3204 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3205 1 : free(data1);
3206 1 : free(data2);
3207 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3208 1 : }
3209 :
3210 : /**
3211 : * Test 26: Same as test case 22, but test endian verification.
3212 : * Sign as Little Endian, Verify as Little.
3213 : * Expecting signature to PASS.
3214 : **/
3215 1 : void libspdm_test_responder_finish_case26(void** state)
3216 : {
3217 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3218 : libspdm_return_t status;
3219 : libspdm_test_context_t* spdm_test_context;
3220 : libspdm_context_t* spdm_context;
3221 : size_t response_size;
3222 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3223 : spdm_finish_response_t* spdm_response;
3224 : void* data1;
3225 : size_t data_size1;
3226 : void* data2;
3227 : size_t data_size2;
3228 : uint8_t* ptr;
3229 : uint8_t* cert_buffer;
3230 : size_t cert_buffer_size;
3231 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3232 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3233 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3234 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3235 : libspdm_session_info_t* session_info;
3236 : uint32_t session_id;
3237 : uint32_t hash_size;
3238 : uint32_t hmac_size;
3239 : size_t req_asym_signature_size;
3240 :
3241 1 : spdm_test_context = *state;
3242 1 : spdm_context = spdm_test_context->spdm_context;
3243 1 : spdm_test_context->case_id = 26;
3244 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3245 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3246 1 : spdm_context->connection_info.connection_state =
3247 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3248 1 : spdm_context->connection_info.capability.flags |=
3249 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3250 1 : spdm_context->local_context.capability.flags |=
3251 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3252 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3253 : m_libspdm_use_hash_algo;
3254 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3255 : m_libspdm_use_asym_algo;
3256 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3257 : m_libspdm_use_req_asym_algo;
3258 1 : spdm_context->connection_info.algorithm.measurement_spec =
3259 : m_libspdm_use_measurement_spec;
3260 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3261 : m_libspdm_use_measurement_hash_algo;
3262 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3263 : m_libspdm_use_dhe_algo;
3264 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3265 : m_libspdm_use_aead_algo;
3266 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3267 : m_libspdm_use_asym_algo, &data1,
3268 : &data_size1, NULL, NULL);
3269 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3270 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3271 : data_size1;
3272 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3273 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3274 : data_size1;
3275 1 : spdm_context->spdm_10_11_verify_signature_endian =
3276 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
3277 :
3278 1 : libspdm_reset_message_a(spdm_context);
3279 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3280 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3281 : m_libspdm_use_req_asym_algo, &data2,
3282 : &data_size2, NULL, NULL);
3283 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3284 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3285 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3286 : data2, data_size2);
3287 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3288 : data_size2;
3289 : #else
3290 1 : libspdm_hash_all(
3291 : spdm_context->connection_info.algorithm.base_hash_algo,
3292 : data2, data_size2,
3293 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3294 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3295 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3296 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3297 : spdm_context->connection_info.algorithm.base_hash_algo,
3298 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3299 : data2,
3300 : data_size2,
3301 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3302 : #endif
3303 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
3304 :
3305 1 : session_id = 0xFFFFFFFF;
3306 1 : spdm_context->latest_session_id = session_id;
3307 1 : session_info = &spdm_context->session_info[0];
3308 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
3309 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3310 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3311 1 : libspdm_secured_message_set_request_finished_key(
3312 : session_info->secured_message_context, m_dummy_buffer,
3313 : hash_size);
3314 1 : libspdm_secured_message_set_session_state(
3315 : session_info->secured_message_context,
3316 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3317 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3318 :
3319 1 : spdm_context->connection_info.capability.flags |=
3320 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3321 1 : spdm_context->local_context.capability.flags |=
3322 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3323 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3324 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3325 1 : req_asym_signature_size =
3326 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3327 1 : ptr = m_libspdm_finish_request7.signature;
3328 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3329 1 : cert_buffer = (uint8_t*)data1;
3330 1 : cert_buffer_size = data_size1;
3331 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3332 : cert_buffer_hash);
3333 1 : cert_buffer = (uint8_t*)data2;
3334 1 : cert_buffer_size = data_size2;
3335 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3336 : req_cert_buffer_hash);
3337 : /* transcript.message_a size is 0*/
3338 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3339 : /* session_transcript.message_k is 0*/
3340 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3341 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3342 : sizeof(spdm_finish_request_t));
3343 :
3344 1 : libspdm_requester_data_sign(
3345 : spdm_context,
3346 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3347 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3348 1 : false, libspdm_get_managed_buffer(&th_curr),
3349 : libspdm_get_managed_buffer_size(&th_curr),
3350 : ptr, &req_asym_signature_size);
3351 :
3352 : /* Switch signature to little endian */
3353 1 : libspdm_copy_signature_swap_endian(
3354 : m_libspdm_use_req_asym_algo,
3355 : ptr, req_asym_signature_size,
3356 : ptr, req_asym_signature_size);
3357 :
3358 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3359 1 : ptr += req_asym_signature_size;
3360 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3361 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3362 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3363 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3364 : request_finished_key, hash_size, ptr);
3365 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3366 1 : req_asym_signature_size + hmac_size;
3367 1 : response_size = sizeof(response);
3368 1 : status = libspdm_get_response_finish(spdm_context,
3369 : m_libspdm_finish_request7_size,
3370 : &m_libspdm_finish_request7,
3371 : &response_size, response);
3372 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3373 1 : spdm_response = (void*)response;
3374 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3375 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3376 1 : free(data1);
3377 1 : free(data2);
3378 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3379 1 : }
3380 :
3381 : /**
3382 : * Test 27: Same as test case 22, but test endian verification.
3383 : * Sign as Little Endian, Verify as Big.
3384 : * Expecting signature to FAIL.
3385 : **/
3386 1 : void libspdm_test_responder_finish_case27(void** state)
3387 : {
3388 : libspdm_return_t status;
3389 : libspdm_test_context_t* spdm_test_context;
3390 : libspdm_context_t* spdm_context;
3391 : size_t response_size;
3392 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3393 : spdm_finish_response_t* spdm_response;
3394 : void* data1;
3395 : size_t data_size1;
3396 : void* data2;
3397 : size_t data_size2;
3398 : uint8_t* ptr;
3399 : uint8_t* cert_buffer;
3400 : size_t cert_buffer_size;
3401 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3402 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3403 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3404 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3405 : libspdm_session_info_t* session_info;
3406 : uint32_t session_id;
3407 : uint32_t hash_size;
3408 : uint32_t hmac_size;
3409 : size_t req_asym_signature_size;
3410 :
3411 1 : spdm_test_context = *state;
3412 1 : spdm_context = spdm_test_context->spdm_context;
3413 1 : spdm_test_context->case_id = 27;
3414 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3415 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3416 1 : spdm_context->connection_info.connection_state =
3417 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3418 1 : spdm_context->connection_info.capability.flags |=
3419 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3420 1 : spdm_context->local_context.capability.flags |=
3421 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3422 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3423 : m_libspdm_use_hash_algo;
3424 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3425 : m_libspdm_use_asym_algo;
3426 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3427 : m_libspdm_use_req_asym_algo;
3428 1 : spdm_context->connection_info.algorithm.measurement_spec =
3429 : m_libspdm_use_measurement_spec;
3430 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3431 : m_libspdm_use_measurement_hash_algo;
3432 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3433 : m_libspdm_use_dhe_algo;
3434 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3435 : m_libspdm_use_aead_algo;
3436 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3437 : m_libspdm_use_asym_algo, &data1,
3438 : &data_size1, NULL, NULL);
3439 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3440 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3441 : data_size1;
3442 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3443 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3444 : data_size1;
3445 1 : spdm_context->spdm_10_11_verify_signature_endian =
3446 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
3447 :
3448 1 : libspdm_reset_message_a(spdm_context);
3449 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3450 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3451 : m_libspdm_use_req_asym_algo, &data2,
3452 : &data_size2, NULL, NULL);
3453 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3454 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3455 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3456 : data2, data_size2);
3457 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3458 : data_size2;
3459 : #else
3460 1 : libspdm_hash_all(
3461 : spdm_context->connection_info.algorithm.base_hash_algo,
3462 : data2, data_size2,
3463 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3464 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3465 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3466 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3467 : spdm_context->connection_info.algorithm.base_hash_algo,
3468 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3469 : data2,
3470 : data_size2,
3471 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3472 : #endif
3473 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
3474 :
3475 1 : session_id = 0xFFFFFFFF;
3476 1 : spdm_context->latest_session_id = session_id;
3477 1 : session_info = &spdm_context->session_info[0];
3478 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
3479 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3480 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3481 1 : libspdm_secured_message_set_request_finished_key(
3482 : session_info->secured_message_context, m_dummy_buffer,
3483 : hash_size);
3484 1 : libspdm_secured_message_set_session_state(
3485 : session_info->secured_message_context,
3486 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3487 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3488 :
3489 1 : spdm_context->connection_info.capability.flags |=
3490 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3491 1 : spdm_context->local_context.capability.flags |=
3492 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3493 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3494 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3495 1 : req_asym_signature_size =
3496 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3497 1 : ptr = m_libspdm_finish_request7.signature;
3498 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3499 1 : cert_buffer = (uint8_t*)data1;
3500 1 : cert_buffer_size = data_size1;
3501 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3502 : cert_buffer_hash);
3503 1 : cert_buffer = (uint8_t*)data2;
3504 1 : cert_buffer_size = data_size2;
3505 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3506 : req_cert_buffer_hash);
3507 : /* transcript.message_a size is 0*/
3508 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3509 : /* session_transcript.message_k is 0*/
3510 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3511 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3512 : sizeof(spdm_finish_request_t));
3513 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3514 1 : libspdm_requester_data_sign(
3515 : spdm_context,
3516 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3517 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3518 1 : false, libspdm_get_managed_buffer(&th_curr),
3519 : libspdm_get_managed_buffer_size(&th_curr),
3520 : ptr, &req_asym_signature_size);
3521 :
3522 : /* Switch signature to little endian */
3523 1 : libspdm_copy_signature_swap_endian(
3524 : m_libspdm_use_req_asym_algo,
3525 : ptr, req_asym_signature_size,
3526 : ptr, req_asym_signature_size);
3527 : #endif
3528 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3529 1 : ptr += req_asym_signature_size;
3530 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3531 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3532 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3533 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3534 : request_finished_key, hash_size, ptr);
3535 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3536 1 : req_asym_signature_size + hmac_size;
3537 1 : response_size = sizeof(response);
3538 1 : status = libspdm_get_response_finish(spdm_context,
3539 : m_libspdm_finish_request7_size,
3540 : &m_libspdm_finish_request7,
3541 : &response_size, response);
3542 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3543 1 : spdm_response = (void*)response;
3544 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
3545 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
3546 1 : free(data1);
3547 1 : free(data2);
3548 1 : }
3549 :
3550 : /**
3551 : * Test 28: Same as test case 22, but test endian verification.
3552 : * Sign as Little Endian, Verify as Big Or Little.
3553 : * Expecting signature to PASS.
3554 : **/
3555 1 : void libspdm_test_responder_finish_case28(void** state)
3556 : {
3557 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3558 : libspdm_return_t status;
3559 : libspdm_test_context_t* spdm_test_context;
3560 : libspdm_context_t* spdm_context;
3561 : size_t response_size;
3562 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3563 : spdm_finish_response_t* spdm_response;
3564 : void* data1;
3565 : size_t data_size1;
3566 : void* data2;
3567 : size_t data_size2;
3568 : uint8_t* ptr;
3569 : uint8_t* cert_buffer;
3570 : size_t cert_buffer_size;
3571 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3572 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3573 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3574 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3575 : libspdm_session_info_t* session_info;
3576 : uint32_t session_id;
3577 : uint32_t hash_size;
3578 : uint32_t hmac_size;
3579 : size_t req_asym_signature_size;
3580 :
3581 1 : spdm_test_context = *state;
3582 1 : spdm_context = spdm_test_context->spdm_context;
3583 1 : spdm_test_context->case_id = 28;
3584 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3585 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3586 1 : spdm_context->connection_info.connection_state =
3587 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3588 1 : spdm_context->connection_info.capability.flags |=
3589 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3590 1 : spdm_context->local_context.capability.flags |=
3591 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3592 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3593 : m_libspdm_use_hash_algo;
3594 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3595 : m_libspdm_use_asym_algo;
3596 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3597 : m_libspdm_use_req_asym_algo;
3598 1 : spdm_context->connection_info.algorithm.measurement_spec =
3599 : m_libspdm_use_measurement_spec;
3600 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3601 : m_libspdm_use_measurement_hash_algo;
3602 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3603 : m_libspdm_use_dhe_algo;
3604 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3605 : m_libspdm_use_aead_algo;
3606 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3607 : m_libspdm_use_asym_algo, &data1,
3608 : &data_size1, NULL, NULL);
3609 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3610 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3611 : data_size1;
3612 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3613 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3614 : data_size1;
3615 1 : spdm_context->spdm_10_11_verify_signature_endian =
3616 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
3617 :
3618 1 : libspdm_reset_message_a(spdm_context);
3619 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3620 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3621 : m_libspdm_use_req_asym_algo, &data2,
3622 : &data_size2, NULL, NULL);
3623 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3624 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3625 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3626 : data2, data_size2);
3627 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3628 : data_size2;
3629 : #else
3630 1 : libspdm_hash_all(
3631 : spdm_context->connection_info.algorithm.base_hash_algo,
3632 : data2, data_size2,
3633 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3634 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3635 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3636 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3637 : spdm_context->connection_info.algorithm.base_hash_algo,
3638 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3639 : data2,
3640 : data_size2,
3641 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3642 : #endif
3643 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
3644 :
3645 1 : session_id = 0xFFFFFFFF;
3646 1 : spdm_context->latest_session_id = session_id;
3647 1 : session_info = &spdm_context->session_info[0];
3648 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
3649 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3650 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3651 1 : libspdm_secured_message_set_request_finished_key(
3652 : session_info->secured_message_context, m_dummy_buffer,
3653 : hash_size);
3654 1 : libspdm_secured_message_set_session_state(
3655 : session_info->secured_message_context,
3656 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3657 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3658 :
3659 1 : spdm_context->connection_info.capability.flags |=
3660 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3661 1 : spdm_context->local_context.capability.flags |=
3662 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3663 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3664 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3665 1 : req_asym_signature_size =
3666 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3667 1 : ptr = m_libspdm_finish_request7.signature;
3668 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3669 1 : cert_buffer = (uint8_t*)data1;
3670 1 : cert_buffer_size = data_size1;
3671 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3672 : cert_buffer_hash);
3673 1 : cert_buffer = (uint8_t*)data2;
3674 1 : cert_buffer_size = data_size2;
3675 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3676 : req_cert_buffer_hash);
3677 : /* transcript.message_a size is 0*/
3678 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3679 : /* session_transcript.message_k is 0*/
3680 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3681 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3682 : sizeof(spdm_finish_request_t));
3683 :
3684 1 : libspdm_requester_data_sign(
3685 : spdm_context,
3686 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3687 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3688 1 : false, libspdm_get_managed_buffer(&th_curr),
3689 : libspdm_get_managed_buffer_size(&th_curr),
3690 : ptr, &req_asym_signature_size);
3691 :
3692 : /* Switch signature to little endian */
3693 1 : libspdm_copy_signature_swap_endian(
3694 : m_libspdm_use_req_asym_algo,
3695 : ptr, req_asym_signature_size,
3696 : ptr, req_asym_signature_size);
3697 :
3698 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3699 1 : ptr += req_asym_signature_size;
3700 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3701 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3702 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3703 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3704 : request_finished_key, hash_size, ptr);
3705 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3706 1 : req_asym_signature_size + hmac_size;
3707 1 : response_size = sizeof(response);
3708 1 : status = libspdm_get_response_finish(spdm_context,
3709 : m_libspdm_finish_request7_size,
3710 : &m_libspdm_finish_request7,
3711 : &response_size, response);
3712 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3713 1 : spdm_response = (void*)response;
3714 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3715 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3716 1 : free(data1);
3717 1 : free(data2);
3718 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3719 1 : }
3720 :
3721 : /**
3722 : * Test 29: Receive the correct FINISH from the requester, and
3723 : * the requester and responder have not set HANDSHAKE_IN_THE_CLEAR.
3724 : * Expected behavior: the responder accepts the request and produces a valid
3725 : * FINISH_RSP response message, and The ResponderVerifyData field is absent.
3726 : **/
3727 1 : void libspdm_test_responder_finish_case29(void **state)
3728 : {
3729 : libspdm_return_t status;
3730 : libspdm_test_context_t *spdm_test_context;
3731 : libspdm_context_t *spdm_context;
3732 : size_t response_size;
3733 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3734 : spdm_finish_response_t *spdm_response;
3735 : void *data1;
3736 : size_t data_size1;
3737 : uint8_t *ptr;
3738 : uint8_t *cert_buffer;
3739 : size_t cert_buffer_size;
3740 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3741 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3742 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3743 : libspdm_session_info_t *session_info;
3744 : uint32_t session_id;
3745 : uint32_t hash_size;
3746 : uint32_t hmac_size;
3747 :
3748 1 : spdm_test_context = *state;
3749 1 : spdm_context = spdm_test_context->spdm_context;
3750 1 : spdm_test_context->case_id = 29;
3751 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3752 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3753 1 : spdm_context->connection_info.connection_state =
3754 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3755 1 : spdm_context->connection_info.capability.flags |=
3756 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3757 1 : spdm_context->local_context.capability.flags |=
3758 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3759 :
3760 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3761 : m_libspdm_use_hash_algo;
3762 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3763 : m_libspdm_use_asym_algo;
3764 1 : spdm_context->connection_info.algorithm.measurement_spec =
3765 : m_libspdm_use_measurement_spec;
3766 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3767 : m_libspdm_use_measurement_hash_algo;
3768 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3769 : m_libspdm_use_dhe_algo;
3770 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3771 : m_libspdm_use_aead_algo;
3772 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3773 : m_libspdm_use_asym_algo, &data1,
3774 : &data_size1, NULL, NULL);
3775 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3776 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3777 : data_size1;
3778 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3779 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3780 : data_size1;
3781 :
3782 1 : libspdm_reset_message_a(spdm_context);
3783 1 : spdm_context->local_context.mut_auth_requested = 0;
3784 :
3785 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3786 1 : spdm_context->connection_info.capability.flags &=
3787 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3788 1 : spdm_context->local_context.capability.flags &=
3789 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3790 :
3791 1 : session_id = 0xFFFFFFFF;
3792 1 : spdm_context->latest_session_id = session_id;
3793 1 : spdm_context->last_spdm_request_session_id_valid = true;
3794 1 : spdm_context->last_spdm_request_session_id = session_id;
3795 1 : session_info = &spdm_context->session_info[0];
3796 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
3797 :
3798 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3799 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3800 :
3801 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3802 1 : libspdm_secured_message_set_request_finished_key(
3803 : session_info->secured_message_context, m_dummy_buffer,
3804 : hash_size);
3805 1 : libspdm_secured_message_set_session_state(
3806 : session_info->secured_message_context,
3807 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3808 :
3809 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3810 1 : ptr = m_libspdm_finish_request1.signature;
3811 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3812 1 : cert_buffer = (uint8_t *)data1;
3813 1 : cert_buffer_size = data_size1;
3814 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3815 : cert_buffer_hash);
3816 : /* transcript.message_a size is 0*/
3817 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3818 : /* session_transcript.message_k is 0*/
3819 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
3820 : sizeof(spdm_finish_request_t));
3821 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3822 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3823 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3824 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3825 : request_finished_key, hash_size, ptr);
3826 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
3827 1 : response_size = sizeof(response);
3828 1 : status = libspdm_get_response_finish(spdm_context,
3829 : m_libspdm_finish_request1_size,
3830 : &m_libspdm_finish_request1,
3831 : &response_size, response);
3832 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3833 : /* The ResponderVerifyData field shall be absent.*/
3834 1 : assert_int_equal(response_size,
3835 : sizeof(spdm_finish_response_t));
3836 1 : spdm_response = (void *)response;
3837 1 : assert_int_equal(spdm_response->header.request_response_code,
3838 : SPDM_FINISH_RSP);
3839 1 : free(data1);
3840 1 : }
3841 :
3842 : /**
3843 : * Test 30: SPDM version 1.4, with OpaqueData.
3844 : * Expected behavior: the responder accepts the request and produces a valid
3845 : * FINISH_RSP response message.
3846 : **/
3847 1 : void libspdm_test_responder_finish_case30(void **state)
3848 : {
3849 : libspdm_return_t status;
3850 : libspdm_test_context_t *spdm_test_context;
3851 : libspdm_context_t *spdm_context;
3852 : size_t response_size;
3853 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3854 : spdm_finish_response_t *spdm_response;
3855 : void *data1;
3856 : size_t data_size1;
3857 : uint8_t *ptr;
3858 : uint8_t *cert_buffer;
3859 : size_t cert_buffer_size;
3860 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3861 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3862 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3863 : libspdm_session_info_t *session_info;
3864 : uint32_t session_id;
3865 : uint32_t hash_size;
3866 : uint32_t hmac_size;
3867 :
3868 1 : spdm_test_context = *state;
3869 1 : spdm_context = spdm_test_context->spdm_context;
3870 1 : spdm_test_context->case_id = 30;
3871 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
3872 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3873 1 : spdm_context->connection_info.connection_state =
3874 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3875 1 : spdm_context->connection_info.capability.flags |=
3876 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3877 1 : spdm_context->local_context.capability.flags |=
3878 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3879 :
3880 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3881 : m_libspdm_use_hash_algo;
3882 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3883 : m_libspdm_use_asym_algo;
3884 1 : spdm_context->connection_info.algorithm.measurement_spec =
3885 : m_libspdm_use_measurement_spec;
3886 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3887 : m_libspdm_use_measurement_hash_algo;
3888 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3889 : m_libspdm_use_dhe_algo;
3890 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3891 : m_libspdm_use_aead_algo;
3892 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3893 : m_libspdm_use_asym_algo, &data1,
3894 : &data_size1, NULL, NULL);
3895 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3896 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3897 : data_size1;
3898 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3899 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3900 : data_size1;
3901 :
3902 1 : libspdm_reset_message_a(spdm_context);
3903 1 : spdm_context->local_context.mut_auth_requested = 0;
3904 :
3905 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3906 1 : spdm_context->connection_info.capability.flags &=
3907 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3908 1 : spdm_context->local_context.capability.flags &=
3909 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3910 :
3911 1 : session_id = 0xFFFFFFFF;
3912 1 : spdm_context->latest_session_id = session_id;
3913 1 : spdm_context->last_spdm_request_session_id_valid = true;
3914 1 : spdm_context->last_spdm_request_session_id = session_id;
3915 1 : session_info = &spdm_context->session_info[0];
3916 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
3917 :
3918 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3919 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3920 :
3921 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3922 1 : libspdm_secured_message_set_request_finished_key(
3923 : session_info->secured_message_context, m_dummy_buffer,
3924 : hash_size);
3925 1 : libspdm_secured_message_set_session_state(
3926 : session_info->secured_message_context,
3927 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3928 :
3929 1 : m_libspdm_finish_request8.opaque_data_size = sizeof(m_libspdm_finish_request8.opaque_data);
3930 :
3931 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3932 1 : ptr = m_libspdm_finish_request8.signature;
3933 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3934 1 : cert_buffer = (uint8_t *)data1;
3935 1 : cert_buffer_size = data_size1;
3936 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3937 : cert_buffer_hash);
3938 : /* transcript.message_a size is 0*/
3939 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3940 : /* session_transcript.message_k is 0*/
3941 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request8,
3942 : sizeof(spdm_finish_request_t) + sizeof(uint16_t) +
3943 1 : m_libspdm_finish_request8.opaque_data_size);
3944 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3945 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3946 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3947 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3948 : request_finished_key, hash_size, ptr);
3949 1 : m_libspdm_finish_request8_size = sizeof(spdm_finish_request_t) + hmac_size +
3950 1 : sizeof(uint16_t) + m_libspdm_finish_request8.opaque_data_size;
3951 1 : response_size = sizeof(response);
3952 1 : status = libspdm_get_response_finish(spdm_context,
3953 : m_libspdm_finish_request8_size,
3954 : &m_libspdm_finish_request8,
3955 : &response_size, response);
3956 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3957 : /* The ResponderVerifyData field shall be absent.*/
3958 1 : ptr = (uint8_t *)response + sizeof(spdm_finish_response_t);
3959 1 : assert_int_equal(response_size,
3960 : sizeof(spdm_finish_response_t) + sizeof(uint16_t) +
3961 : libspdm_read_uint16(ptr));
3962 1 : spdm_response = (void *)response;
3963 1 : assert_int_equal(spdm_response->header.request_response_code,
3964 : SPDM_FINISH_RSP);
3965 1 : free(data1);
3966 1 : }
3967 :
3968 1 : int libspdm_responder_finish_test_main(void)
3969 : {
3970 1 : const struct CMUnitTest spdm_responder_finish_tests[] = {
3971 : /* Success Case*/
3972 : cmocka_unit_test(libspdm_test_responder_finish_case1),
3973 : /* Can be populated with new test.*/
3974 : cmocka_unit_test(libspdm_test_responder_finish_case2),
3975 : /* response_state: SPDM_RESPONSE_STATE_BUSY*/
3976 : cmocka_unit_test(libspdm_test_responder_finish_case3),
3977 : /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
3978 : cmocka_unit_test(libspdm_test_responder_finish_case4),
3979 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
3980 : /* response_state: LIBSPDM_RESPONSE_STATE_NOT_READY*/
3981 : cmocka_unit_test(libspdm_test_responder_finish_case5),
3982 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
3983 : /* connection_state Check*/
3984 : cmocka_unit_test(libspdm_test_responder_finish_case6),
3985 : /* Buffer reset*/
3986 : cmocka_unit_test(libspdm_test_responder_finish_case7),
3987 : /* Success Case*/
3988 : cmocka_unit_test(libspdm_test_responder_finish_case8),
3989 : /* Unsupported KEY_EX capabilities*/
3990 : cmocka_unit_test(libspdm_test_responder_finish_case9),
3991 : /* Uninitialized session*/
3992 : cmocka_unit_test(libspdm_test_responder_finish_case10),
3993 : /* Incorrect MAC*/
3994 : cmocka_unit_test(libspdm_test_responder_finish_case11),
3995 : cmocka_unit_test(libspdm_test_responder_finish_case12),
3996 : /* Can be populated with new test.*/
3997 : cmocka_unit_test(libspdm_test_responder_finish_case13),
3998 : cmocka_unit_test(libspdm_test_responder_finish_case14),
3999 : /* Incorrect signature*/
4000 : cmocka_unit_test(libspdm_test_responder_finish_case15),
4001 : cmocka_unit_test(libspdm_test_responder_finish_case16),
4002 : /* Buffer verification*/
4003 : cmocka_unit_test(libspdm_test_responder_finish_case17),
4004 : /* Success Case, enable mutual authentication and use slot_id 0xFF */
4005 : cmocka_unit_test(libspdm_test_responder_finish_case18),
4006 : /* Invalid SlotID in FINISH request message when mutual authentication */
4007 : cmocka_unit_test_setup(libspdm_test_responder_finish_case19, libspdm_unit_test_group_setup),
4008 : cmocka_unit_test_setup(libspdm_test_responder_finish_case20, libspdm_unit_test_group_setup),
4009 : /* If FINISH.Param1 != 0x01, then FINISH.Param2 is reserved, shall be ignored when read */
4010 : cmocka_unit_test_setup(libspdm_test_responder_finish_case21, libspdm_unit_test_group_setup),
4011 : /* If KEY_EXCHANGE_RSP.MutAuthRequested equals neither 0x02 nor 0x04, FINISH.Param2 no need match ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest */
4012 : cmocka_unit_test_setup(libspdm_test_responder_finish_case22, libspdm_unit_test_group_setup),
4013 : /* Big Endian Sign - Little Endian Verify */
4014 : cmocka_unit_test_setup(libspdm_test_responder_finish_case23, libspdm_unit_test_group_setup),
4015 : /* Big Endian Sign - Big Endian Verify */
4016 : cmocka_unit_test_setup(libspdm_test_responder_finish_case24, libspdm_unit_test_group_setup),
4017 : /* Big Endian Sign - Big or Little Endian Verify */
4018 : cmocka_unit_test_setup(libspdm_test_responder_finish_case25, libspdm_unit_test_group_setup),
4019 : /* Little Endian Sign - Little Endian Verify*/
4020 : cmocka_unit_test_setup(libspdm_test_responder_finish_case26, libspdm_unit_test_group_setup),
4021 : /* Little Endian Sign - Big Endian Verify */
4022 : cmocka_unit_test_setup(libspdm_test_responder_finish_case27, libspdm_unit_test_group_setup),
4023 : /* Little Endian Sign - Big or Little Endian Verify */
4024 : cmocka_unit_test_setup(libspdm_test_responder_finish_case28, libspdm_unit_test_group_setup),
4025 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
4026 : cmocka_unit_test(libspdm_test_responder_finish_case29),
4027 : /* SPDM 1.4 with OpaqueData */
4028 : cmocka_unit_test(libspdm_test_responder_finish_case30),
4029 : };
4030 :
4031 1 : libspdm_test_context_t test_context = {
4032 : LIBSPDM_TEST_CONTEXT_VERSION,
4033 : false,
4034 : };
4035 :
4036 1 : libspdm_setup_test_context(&test_context);
4037 :
4038 1 : return cmocka_run_group_tests(spdm_responder_finish_tests,
4039 : libspdm_unit_test_group_setup,
4040 : libspdm_unit_test_group_teardown);
4041 : }
4042 :
4043 : #endif /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/
|
