Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 : #include "internal/libspdm_secured_message_lib.h"
10 :
11 : #pragma pack(1)
12 :
13 : typedef struct {
14 : spdm_message_header_t header;
15 : uint8_t signature[LIBSPDM_MAX_ASYM_KEY_SIZE];
16 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
17 : } libspdm_finish_request_mine_t;
18 :
19 : typedef struct {
20 : spdm_message_header_t header;
21 : uint16_t opaque_data_size;
22 : uint8_t opaque_data[8];
23 : uint8_t signature[LIBSPDM_MAX_ASYM_KEY_SIZE];
24 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
25 : } libspdm_finish_request_mine_14_t;
26 :
27 : #pragma pack()
28 :
29 : libspdm_finish_request_mine_t m_libspdm_finish_request1 = {
30 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 0, 0 },
31 : };
32 : size_t m_libspdm_finish_request1_size = sizeof(m_libspdm_finish_request1);
33 :
34 : libspdm_finish_request_mine_t m_libspdm_finish_request3 = {
35 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0 },
36 : };
37 : size_t m_libspdm_finish_request3_size = sizeof(m_libspdm_finish_request3);
38 :
39 : libspdm_finish_request_mine_t m_libspdm_finish_request4 = {
40 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0xFF },
41 : };
42 : size_t m_libspdm_finish_request4_size = sizeof(m_libspdm_finish_request4);
43 :
44 : libspdm_finish_request_mine_t m_libspdm_finish_request5 = {
45 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 10 },
46 : };
47 : size_t m_libspdm_finish_request5_size = sizeof(m_libspdm_finish_request5);
48 :
49 : libspdm_finish_request_mine_t m_libspdm_finish_request6 = {
50 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 6, 10 },
51 : };
52 : size_t m_libspdm_finish_request6_size = sizeof(m_libspdm_finish_request6);
53 :
54 : libspdm_finish_request_mine_t m_libspdm_finish_request7 = {
55 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 3 },
56 : };
57 : size_t m_libspdm_finish_request7_size = sizeof(m_libspdm_finish_request7);
58 :
59 : libspdm_finish_request_mine_14_t m_libspdm_finish_request8 = {
60 : { SPDM_MESSAGE_VERSION_14, SPDM_FINISH, 0, 0 },
61 : };
62 : size_t m_libspdm_finish_request8_size = sizeof(m_libspdm_finish_request8);
63 :
64 : uint8_t m_dummy_buffer[LIBSPDM_MAX_HASH_SIZE];
65 :
66 : #if LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP
67 :
68 : static libspdm_th_managed_buffer_t th_curr;
69 :
70 28 : void libspdm_secured_message_set_request_finished_key(
71 : void *spdm_secured_message_context, const void *key, size_t key_size)
72 : {
73 : libspdm_secured_message_context_t *secured_message_context;
74 :
75 28 : secured_message_context = spdm_secured_message_context;
76 28 : LIBSPDM_ASSERT(key_size == secured_message_context->hash_size);
77 28 : libspdm_copy_mem(secured_message_context->handshake_secret.request_finished_key,
78 : sizeof(secured_message_context->handshake_secret.request_finished_key),
79 : key, secured_message_context->hash_size);
80 28 : }
81 :
82 : /**
83 : * Test 1: receiving a correct FINISH message from the requester with a
84 : * correct MAC, no signature (no mutual authentication), and 'handshake in
85 : * the clear'.
86 : * Expected behavior: the responder accepts the request and produces a valid
87 : * FINISH_RSP response message.
88 : **/
89 1 : void libspdm_test_responder_finish_case1(void **state)
90 : {
91 : libspdm_return_t status;
92 : libspdm_test_context_t *spdm_test_context;
93 : libspdm_context_t *spdm_context;
94 : size_t response_size;
95 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
96 : spdm_finish_response_t *spdm_response;
97 : void *data1;
98 : size_t data_size1;
99 : uint8_t *ptr;
100 : uint8_t *cert_buffer;
101 : size_t cert_buffer_size;
102 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
103 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
104 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
105 : libspdm_session_info_t *session_info;
106 : uint32_t session_id;
107 : uint32_t hash_size;
108 : uint32_t hmac_size;
109 :
110 1 : spdm_test_context = *state;
111 1 : spdm_context = spdm_test_context->spdm_context;
112 1 : spdm_test_context->case_id = 0x1;
113 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
114 : SPDM_VERSION_NUMBER_SHIFT_BIT;
115 1 : spdm_context->connection_info.connection_state =
116 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
117 1 : spdm_context->connection_info.capability.flags |=
118 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
119 1 : spdm_context->local_context.capability.flags |=
120 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
121 1 : spdm_context->connection_info.algorithm.base_hash_algo =
122 : m_libspdm_use_hash_algo;
123 1 : spdm_context->connection_info.algorithm.base_asym_algo =
124 : m_libspdm_use_asym_algo;
125 1 : spdm_context->connection_info.algorithm.measurement_spec =
126 : m_libspdm_use_measurement_spec;
127 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
128 : m_libspdm_use_measurement_hash_algo;
129 1 : spdm_context->connection_info.algorithm.dhe_named_group =
130 : m_libspdm_use_dhe_algo;
131 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
132 : m_libspdm_use_aead_algo;
133 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
134 : m_libspdm_use_asym_algo, &data1,
135 : &data_size1, NULL, NULL);
136 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
137 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
138 : data_size1;
139 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
140 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
141 : data_size1;
142 :
143 1 : libspdm_reset_message_a(spdm_context);
144 1 : spdm_context->local_context.mut_auth_requested = 0;
145 :
146 1 : session_id = 0xFFFFFFFF;
147 1 : spdm_context->latest_session_id = session_id;
148 1 : session_info = &spdm_context->session_info[0];
149 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
150 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
151 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
152 1 : libspdm_secured_message_set_request_finished_key(
153 : session_info->secured_message_context, m_dummy_buffer,
154 : hash_size);
155 1 : libspdm_secured_message_set_session_state(
156 : session_info->secured_message_context,
157 : LIBSPDM_SESSION_STATE_HANDSHAKING);
158 :
159 1 : spdm_context->connection_info.capability.flags |=
160 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
161 1 : spdm_context->local_context.capability.flags |=
162 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
163 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
164 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
165 1 : ptr = m_libspdm_finish_request1.signature;
166 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
167 1 : cert_buffer = (uint8_t *)data1;
168 1 : cert_buffer_size = data_size1;
169 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
170 : cert_buffer_hash);
171 : /* transcript.message_a size is 0*/
172 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
173 : /* session_transcript.message_k is 0*/
174 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
175 : sizeof(spdm_finish_request_t));
176 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
177 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
178 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
179 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
180 : request_finished_key, hash_size, ptr);
181 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
182 1 : response_size = sizeof(response);
183 1 : status = libspdm_get_response_finish(spdm_context,
184 : m_libspdm_finish_request1_size,
185 : &m_libspdm_finish_request1,
186 : &response_size, response);
187 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
188 1 : assert_int_equal(response_size,
189 : sizeof(spdm_finish_response_t) + hmac_size);
190 1 : spdm_response = (void *)response;
191 1 : assert_int_equal(spdm_response->header.request_response_code,
192 : SPDM_FINISH_RSP);
193 1 : free(data1);
194 1 : }
195 :
196 : /**
197 : * Test 2:
198 : * Expected behavior:
199 : **/
200 1 : void libspdm_test_responder_finish_case2(void **state)
201 : {
202 1 : }
203 :
204 : /**
205 : * Test 3: receiving a correct FINISH from the requester, but the
206 : * responder is in a Busy state.
207 : * Expected behavior: the responder accepts the request, but produces an
208 : * ERROR message indicating the Busy state.
209 : **/
210 1 : void libspdm_test_responder_finish_case3(void **state)
211 : {
212 : libspdm_return_t status;
213 : libspdm_test_context_t *spdm_test_context;
214 : libspdm_context_t *spdm_context;
215 : size_t response_size;
216 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
217 : spdm_finish_response_t *spdm_response;
218 : void *data1;
219 : size_t data_size1;
220 : uint8_t *ptr;
221 : uint8_t *cert_buffer;
222 : size_t cert_buffer_size;
223 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
224 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
225 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
226 : libspdm_session_info_t *session_info;
227 : uint32_t session_id;
228 : uint32_t hash_size;
229 : uint32_t hmac_size;
230 :
231 1 : spdm_test_context = *state;
232 1 : spdm_context = spdm_test_context->spdm_context;
233 1 : spdm_test_context->case_id = 0x3;
234 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
235 : SPDM_VERSION_NUMBER_SHIFT_BIT;
236 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
237 1 : spdm_context->connection_info.connection_state =
238 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
239 1 : spdm_context->connection_info.capability.flags |=
240 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
241 1 : spdm_context->local_context.capability.flags |=
242 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
243 1 : spdm_context->connection_info.algorithm.base_hash_algo =
244 : m_libspdm_use_hash_algo;
245 1 : spdm_context->connection_info.algorithm.base_asym_algo =
246 : m_libspdm_use_asym_algo;
247 1 : spdm_context->connection_info.algorithm.measurement_spec =
248 : m_libspdm_use_measurement_spec;
249 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
250 : m_libspdm_use_measurement_hash_algo;
251 1 : spdm_context->connection_info.algorithm.dhe_named_group =
252 : m_libspdm_use_dhe_algo;
253 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
254 : m_libspdm_use_aead_algo;
255 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
256 : m_libspdm_use_asym_algo, &data1,
257 : &data_size1, NULL, NULL);
258 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
259 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
260 : data_size1;
261 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
262 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
263 : data_size1;
264 :
265 1 : libspdm_reset_message_a(spdm_context);
266 1 : spdm_context->local_context.mut_auth_requested = 0;
267 :
268 1 : session_id = 0xFFFFFFFF;
269 1 : spdm_context->latest_session_id = session_id;
270 1 : session_info = &spdm_context->session_info[0];
271 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
272 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
273 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
274 1 : libspdm_secured_message_set_request_finished_key(
275 : session_info->secured_message_context, m_dummy_buffer,
276 : hash_size);
277 1 : libspdm_secured_message_set_session_state(
278 : session_info->secured_message_context,
279 : LIBSPDM_SESSION_STATE_HANDSHAKING);
280 :
281 1 : spdm_context->connection_info.capability.flags |=
282 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
283 1 : spdm_context->local_context.capability.flags |=
284 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
285 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
286 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
287 1 : ptr = m_libspdm_finish_request1.signature;
288 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
289 1 : cert_buffer = (uint8_t *)data1;
290 1 : cert_buffer_size = data_size1;
291 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
292 : cert_buffer_hash);
293 : /* transcript.message_a size is 0*/
294 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
295 : /* session_transcript.message_k is 0*/
296 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
297 : sizeof(spdm_finish_request_t));
298 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
299 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
300 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
301 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
302 : request_finished_key, hash_size, ptr);
303 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
304 1 : response_size = sizeof(response);
305 1 : status = libspdm_get_response_finish(spdm_context,
306 : m_libspdm_finish_request1_size,
307 : &m_libspdm_finish_request1,
308 : &response_size, response);
309 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
310 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
311 1 : spdm_response = (void *)response;
312 1 : assert_int_equal(spdm_response->header.request_response_code,
313 : SPDM_ERROR);
314 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
315 1 : assert_int_equal(spdm_response->header.param2, 0);
316 1 : assert_int_equal(spdm_context->response_state,
317 : LIBSPDM_RESPONSE_STATE_BUSY);
318 1 : free(data1);
319 1 : }
320 :
321 : /**
322 : * Test 4: receiving a correct FINISH from the requester, but the responder
323 : * requires resynchronization with the requester.
324 : * Expected behavior: the responder accepts the request, but produces an
325 : * ERROR message indicating the NeedResynch state.
326 : **/
327 1 : void libspdm_test_responder_finish_case4(void **state)
328 : {
329 : libspdm_return_t status;
330 : libspdm_test_context_t *spdm_test_context;
331 : libspdm_context_t *spdm_context;
332 : size_t response_size;
333 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
334 : spdm_finish_response_t *spdm_response;
335 : void *data1;
336 : size_t data_size1;
337 : uint8_t *ptr;
338 : uint8_t *cert_buffer;
339 : size_t cert_buffer_size;
340 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
341 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
342 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
343 : libspdm_session_info_t *session_info;
344 : uint32_t session_id;
345 : uint32_t hash_size;
346 : uint32_t hmac_size;
347 :
348 1 : spdm_test_context = *state;
349 1 : spdm_context = spdm_test_context->spdm_context;
350 1 : spdm_test_context->case_id = 0x4;
351 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
352 : SPDM_VERSION_NUMBER_SHIFT_BIT;
353 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
354 1 : spdm_context->connection_info.connection_state =
355 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
356 1 : spdm_context->connection_info.capability.flags |=
357 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
358 1 : spdm_context->local_context.capability.flags |=
359 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
360 1 : spdm_context->connection_info.algorithm.base_hash_algo =
361 : m_libspdm_use_hash_algo;
362 1 : spdm_context->connection_info.algorithm.base_asym_algo =
363 : m_libspdm_use_asym_algo;
364 1 : spdm_context->connection_info.algorithm.measurement_spec =
365 : m_libspdm_use_measurement_spec;
366 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
367 : m_libspdm_use_measurement_hash_algo;
368 1 : spdm_context->connection_info.algorithm.dhe_named_group =
369 : m_libspdm_use_dhe_algo;
370 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
371 : m_libspdm_use_aead_algo;
372 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
373 : m_libspdm_use_asym_algo, &data1,
374 : &data_size1, NULL, NULL);
375 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
376 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
377 : data_size1;
378 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
379 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
380 : data_size1;
381 :
382 1 : libspdm_reset_message_a(spdm_context);
383 1 : spdm_context->local_context.mut_auth_requested = 0;
384 :
385 1 : session_id = 0xFFFFFFFF;
386 1 : spdm_context->latest_session_id = session_id;
387 1 : session_info = &spdm_context->session_info[0];
388 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
389 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
390 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
391 1 : libspdm_secured_message_set_request_finished_key(
392 : session_info->secured_message_context, m_dummy_buffer,
393 : hash_size);
394 1 : libspdm_secured_message_set_session_state(
395 : session_info->secured_message_context,
396 : LIBSPDM_SESSION_STATE_HANDSHAKING);
397 :
398 1 : spdm_context->connection_info.capability.flags |=
399 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
400 1 : spdm_context->local_context.capability.flags |=
401 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
402 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
403 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
404 1 : ptr = m_libspdm_finish_request1.signature;
405 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
406 1 : cert_buffer = (uint8_t *)data1;
407 1 : cert_buffer_size = data_size1;
408 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
409 : cert_buffer_hash);
410 : /* transcript.message_a size is 0*/
411 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
412 : /* session_transcript.message_k is 0*/
413 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
414 : sizeof(spdm_finish_request_t));
415 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
416 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
417 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
418 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
419 : request_finished_key, hash_size, ptr);
420 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
421 1 : response_size = sizeof(response);
422 1 : status = libspdm_get_response_finish(spdm_context,
423 : m_libspdm_finish_request1_size,
424 : &m_libspdm_finish_request1,
425 : &response_size, response);
426 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
427 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
428 1 : spdm_response = (void *)response;
429 1 : assert_int_equal(spdm_response->header.request_response_code,
430 : SPDM_ERROR);
431 1 : assert_int_equal(spdm_response->header.param1,
432 : SPDM_ERROR_CODE_REQUEST_RESYNCH);
433 1 : assert_int_equal(spdm_response->header.param2, 0);
434 1 : assert_int_equal(spdm_context->response_state,
435 : LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
436 1 : free(data1);
437 1 : }
438 :
439 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
440 : /**
441 : * Test 5: receiving a correct FINISH from the requester, but the responder
442 : * could not produce the response in time.
443 : * Expected behavior: the responder accepts the request, but produces an
444 : * ERROR message indicating the ResponseNotReady state.
445 : **/
446 1 : void libspdm_test_responder_finish_case5(void **state)
447 : {
448 : libspdm_return_t status;
449 : libspdm_test_context_t *spdm_test_context;
450 : libspdm_context_t *spdm_context;
451 : size_t response_size;
452 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
453 : spdm_finish_response_t *spdm_response;
454 : void *data1;
455 : size_t data_size1;
456 : uint8_t *ptr;
457 : uint8_t *cert_buffer;
458 : size_t cert_buffer_size;
459 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
460 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
461 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
462 : libspdm_session_info_t *session_info;
463 : uint32_t session_id;
464 : uint32_t hash_size;
465 : uint32_t hmac_size;
466 : spdm_error_data_response_not_ready_t *error_data;
467 :
468 1 : spdm_test_context = *state;
469 1 : spdm_context = spdm_test_context->spdm_context;
470 1 : spdm_test_context->case_id = 0x5;
471 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
472 : SPDM_VERSION_NUMBER_SHIFT_BIT;
473 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
474 1 : spdm_context->connection_info.connection_state =
475 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
476 1 : spdm_context->connection_info.capability.flags |=
477 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
478 1 : spdm_context->local_context.capability.flags |=
479 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
480 1 : spdm_context->connection_info.algorithm.base_hash_algo =
481 : m_libspdm_use_hash_algo;
482 1 : spdm_context->connection_info.algorithm.base_asym_algo =
483 : m_libspdm_use_asym_algo;
484 1 : spdm_context->connection_info.algorithm.measurement_spec =
485 : m_libspdm_use_measurement_spec;
486 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
487 : m_libspdm_use_measurement_hash_algo;
488 1 : spdm_context->connection_info.algorithm.dhe_named_group =
489 : m_libspdm_use_dhe_algo;
490 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
491 : m_libspdm_use_aead_algo;
492 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
493 : m_libspdm_use_asym_algo, &data1,
494 : &data_size1, NULL, NULL);
495 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
496 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
497 : data_size1;
498 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
499 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
500 : data_size1;
501 :
502 1 : libspdm_reset_message_a(spdm_context);
503 1 : spdm_context->local_context.mut_auth_requested = 0;
504 :
505 1 : session_id = 0xFFFFFFFF;
506 1 : spdm_context->latest_session_id = session_id;
507 1 : session_info = &spdm_context->session_info[0];
508 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
509 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
510 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
511 1 : libspdm_secured_message_set_request_finished_key(
512 : session_info->secured_message_context, m_dummy_buffer,
513 : hash_size);
514 1 : libspdm_secured_message_set_session_state(
515 : session_info->secured_message_context,
516 : LIBSPDM_SESSION_STATE_HANDSHAKING);
517 :
518 1 : spdm_context->connection_info.capability.flags |=
519 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
520 1 : spdm_context->local_context.capability.flags |=
521 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
522 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
523 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
524 1 : ptr = m_libspdm_finish_request1.signature;
525 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
526 1 : cert_buffer = (uint8_t *)data1;
527 1 : cert_buffer_size = data_size1;
528 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
529 : cert_buffer_hash);
530 : /* transcript.message_a size is 0*/
531 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
532 : /* session_transcript.message_k is 0*/
533 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
534 : sizeof(spdm_finish_request_t));
535 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
536 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
537 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
538 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
539 : request_finished_key, hash_size, ptr);
540 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
541 1 : response_size = sizeof(response);
542 1 : status = libspdm_get_response_finish(spdm_context,
543 : m_libspdm_finish_request1_size,
544 : &m_libspdm_finish_request1,
545 : &response_size, response);
546 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
547 1 : assert_int_equal(response_size,
548 : sizeof(spdm_error_response_t) +
549 : sizeof(spdm_error_data_response_not_ready_t));
550 1 : spdm_response = (void *)response;
551 1 : error_data =
552 : (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
553 1 : assert_int_equal(spdm_response->header.request_response_code,
554 : SPDM_ERROR);
555 1 : assert_int_equal(spdm_response->header.param1,
556 : SPDM_ERROR_CODE_RESPONSE_NOT_READY);
557 1 : assert_int_equal(spdm_response->header.param2, 0);
558 1 : assert_int_equal(spdm_context->response_state,
559 : LIBSPDM_RESPONSE_STATE_NOT_READY);
560 1 : assert_int_equal(error_data->request_code, SPDM_FINISH);
561 1 : free(data1);
562 1 : }
563 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
564 :
565 : /**
566 : * Test 6: receiving a correct FINISH from the requester, but the responder
567 : * is not set no receive a FINISH message because previous messages (namely,
568 : * GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or GET_DIGESTS) have not been
569 : * received.
570 : * Expected behavior: the responder rejects the request, and produces an
571 : * ERROR message indicating the UnexpectedRequest.
572 : **/
573 1 : void libspdm_test_responder_finish_case6(void **state)
574 : {
575 : libspdm_return_t status;
576 : libspdm_test_context_t *spdm_test_context;
577 : libspdm_context_t *spdm_context;
578 : size_t response_size;
579 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
580 : spdm_finish_response_t *spdm_response;
581 : void *data1;
582 : size_t data_size1;
583 : uint8_t *ptr;
584 : uint8_t *cert_buffer;
585 : size_t cert_buffer_size;
586 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
587 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
588 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
589 : libspdm_session_info_t *session_info;
590 : uint32_t session_id;
591 : uint32_t hash_size;
592 : uint32_t hmac_size;
593 :
594 1 : spdm_test_context = *state;
595 1 : spdm_context = spdm_test_context->spdm_context;
596 1 : spdm_test_context->case_id = 0x6;
597 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
598 : SPDM_VERSION_NUMBER_SHIFT_BIT;
599 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
600 1 : spdm_context->connection_info.connection_state =
601 : LIBSPDM_CONNECTION_STATE_NOT_STARTED;
602 1 : spdm_context->connection_info.capability.flags |=
603 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
604 1 : spdm_context->local_context.capability.flags |=
605 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
606 1 : spdm_context->connection_info.algorithm.base_hash_algo =
607 : m_libspdm_use_hash_algo;
608 1 : spdm_context->connection_info.algorithm.base_asym_algo =
609 : m_libspdm_use_asym_algo;
610 1 : spdm_context->connection_info.algorithm.measurement_spec =
611 : m_libspdm_use_measurement_spec;
612 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
613 : m_libspdm_use_measurement_hash_algo;
614 1 : spdm_context->connection_info.algorithm.dhe_named_group =
615 : m_libspdm_use_dhe_algo;
616 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
617 : m_libspdm_use_aead_algo;
618 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
619 : m_libspdm_use_asym_algo, &data1,
620 : &data_size1, NULL, NULL);
621 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
622 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
623 : data_size1;
624 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
625 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
626 : data_size1;
627 :
628 1 : libspdm_reset_message_a(spdm_context);
629 1 : spdm_context->local_context.mut_auth_requested = 0;
630 :
631 1 : session_id = 0xFFFFFFFF;
632 1 : spdm_context->latest_session_id = session_id;
633 1 : session_info = &spdm_context->session_info[0];
634 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
635 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
636 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
637 1 : libspdm_secured_message_set_request_finished_key(
638 : session_info->secured_message_context, m_dummy_buffer,
639 : hash_size);
640 1 : libspdm_secured_message_set_session_state(
641 : session_info->secured_message_context,
642 : LIBSPDM_SESSION_STATE_HANDSHAKING);
643 :
644 1 : spdm_context->connection_info.capability.flags |=
645 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
646 1 : spdm_context->local_context.capability.flags |=
647 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
648 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
649 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
650 1 : ptr = m_libspdm_finish_request1.signature;
651 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
652 1 : cert_buffer = (uint8_t *)data1;
653 1 : cert_buffer_size = data_size1;
654 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
655 : cert_buffer_hash);
656 : /* transcript.message_a size is 0*/
657 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
658 : /* session_transcript.message_k is 0*/
659 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
660 : sizeof(spdm_finish_request_t));
661 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
662 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
663 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
664 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
665 : request_finished_key, hash_size, ptr);
666 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
667 1 : response_size = sizeof(response);
668 1 : status = libspdm_get_response_finish(spdm_context,
669 : m_libspdm_finish_request1_size,
670 : &m_libspdm_finish_request1,
671 : &response_size, response);
672 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
673 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
674 1 : spdm_response = (void *)response;
675 1 : assert_int_equal(spdm_response->header.request_response_code,
676 : SPDM_ERROR);
677 1 : assert_int_equal(spdm_response->header.param1,
678 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
679 1 : assert_int_equal(spdm_response->header.param2, 0);
680 1 : free(data1);
681 1 : }
682 :
683 1 : void libspdm_test_responder_finish_case7(void **state)
684 : {
685 : libspdm_return_t status;
686 : libspdm_test_context_t *spdm_test_context;
687 : libspdm_context_t *spdm_context;
688 : size_t response_size;
689 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
690 : spdm_finish_response_t *spdm_response;
691 : void *data1;
692 : size_t data_size1;
693 : uint8_t *ptr;
694 : uint8_t *cert_buffer;
695 : size_t cert_buffer_size;
696 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
697 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
698 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
699 : libspdm_session_info_t *session_info;
700 : uint32_t session_id;
701 : uint32_t hash_size;
702 : uint32_t hmac_size;
703 :
704 1 : spdm_test_context = *state;
705 1 : spdm_context = spdm_test_context->spdm_context;
706 1 : spdm_test_context->case_id = 0x7;
707 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
708 : SPDM_VERSION_NUMBER_SHIFT_BIT;
709 1 : spdm_context->connection_info.connection_state =
710 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
711 1 : spdm_context->connection_info.capability.flags |=
712 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
713 1 : spdm_context->local_context.capability.flags |=
714 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
715 1 : spdm_context->connection_info.algorithm.base_hash_algo =
716 : m_libspdm_use_hash_algo;
717 1 : spdm_context->connection_info.algorithm.base_asym_algo =
718 : m_libspdm_use_asym_algo;
719 1 : spdm_context->connection_info.algorithm.measurement_spec =
720 : m_libspdm_use_measurement_spec;
721 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
722 : m_libspdm_use_measurement_hash_algo;
723 1 : spdm_context->connection_info.algorithm.dhe_named_group =
724 : m_libspdm_use_dhe_algo;
725 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
726 : m_libspdm_use_aead_algo;
727 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
728 : m_libspdm_use_asym_algo, &data1,
729 : &data_size1, NULL, NULL);
730 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
731 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
732 : data_size1;
733 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
734 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
735 : data_size1;
736 :
737 1 : libspdm_reset_message_a(spdm_context);
738 1 : spdm_context->local_context.mut_auth_requested = 0;
739 :
740 1 : session_id = 0xFFFFFFFF;
741 1 : spdm_context->latest_session_id = session_id;
742 1 : session_info = &spdm_context->session_info[0];
743 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
744 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
745 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
746 1 : libspdm_secured_message_set_request_finished_key(
747 : session_info->secured_message_context, m_dummy_buffer,
748 : hash_size);
749 1 : libspdm_secured_message_set_session_state(
750 : session_info->secured_message_context,
751 : LIBSPDM_SESSION_STATE_HANDSHAKING);
752 :
753 1 : spdm_context->connection_info.capability.flags |=
754 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
755 1 : spdm_context->local_context.capability.flags |=
756 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
757 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
758 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
759 1 : ptr = m_libspdm_finish_request1.signature;
760 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
761 1 : cert_buffer = (uint8_t *)data1;
762 1 : cert_buffer_size = data_size1;
763 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
764 : session_info->session_transcript.message_m.buffer_size =
765 : session_info->session_transcript.message_m.max_buffer_size;
766 : spdm_context->transcript.message_b.buffer_size =
767 : spdm_context->transcript.message_b.max_buffer_size;
768 : spdm_context->transcript.message_c.buffer_size =
769 : spdm_context->transcript.message_c.max_buffer_size;
770 : spdm_context->transcript.message_mut_b.buffer_size =
771 : spdm_context->transcript.message_mut_b.max_buffer_size;
772 : spdm_context->transcript.message_mut_c.buffer_size =
773 : spdm_context->transcript.message_mut_c.max_buffer_size;
774 : #endif
775 :
776 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
777 : cert_buffer_hash);
778 : /* transcript.message_a size is 0*/
779 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
780 : /* session_transcript.message_k is 0*/
781 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
782 : sizeof(spdm_finish_request_t));
783 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
784 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
785 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
786 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
787 : request_finished_key, hash_size, ptr);
788 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
789 1 : response_size = sizeof(response);
790 1 : status = libspdm_get_response_finish(spdm_context,
791 : m_libspdm_finish_request1_size,
792 : &m_libspdm_finish_request1,
793 : &response_size, response);
794 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
795 1 : assert_int_equal(response_size,
796 : sizeof(spdm_finish_response_t) + hmac_size);
797 1 : spdm_response = (void *)response;
798 1 : assert_int_equal(spdm_response->header.request_response_code,
799 : SPDM_FINISH_RSP);
800 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
801 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
802 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
803 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
804 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
805 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
806 : #endif
807 :
808 1 : free(data1);
809 1 : }
810 :
811 : /**
812 : * Test 8: receiving a correct FINISH message from the requester with
813 : * correct MAC and signature (with mutual authentication), and 'handshake in
814 : * the clear'.
815 : * Expected behavior: the responder accepts the request and produces a valid
816 : * FINISH_RSP response message.
817 : **/
818 1 : void libspdm_test_responder_finish_case8(void **state)
819 : {
820 : libspdm_return_t status;
821 : libspdm_test_context_t *spdm_test_context;
822 : libspdm_context_t *spdm_context;
823 : size_t response_size;
824 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
825 : spdm_finish_response_t *spdm_response;
826 : void *data1;
827 : size_t data_size1;
828 : void *data2;
829 : size_t data_size2;
830 : uint8_t *ptr;
831 : uint8_t *cert_buffer;
832 : size_t cert_buffer_size;
833 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
834 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
835 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
836 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
837 : libspdm_session_info_t *session_info;
838 : uint32_t session_id;
839 : uint32_t hash_size;
840 : uint32_t hmac_size;
841 : size_t req_asym_signature_size;
842 :
843 1 : spdm_test_context = *state;
844 1 : spdm_context = spdm_test_context->spdm_context;
845 1 : spdm_test_context->case_id = 0x8;
846 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
847 : SPDM_VERSION_NUMBER_SHIFT_BIT;
848 1 : spdm_context->connection_info.connection_state =
849 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
850 1 : spdm_context->connection_info.capability.flags |=
851 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
852 1 : spdm_context->local_context.capability.flags |=
853 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
854 1 : spdm_context->connection_info.algorithm.base_hash_algo =
855 : m_libspdm_use_hash_algo;
856 1 : spdm_context->connection_info.algorithm.base_asym_algo =
857 : m_libspdm_use_asym_algo;
858 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
859 : m_libspdm_use_req_asym_algo;
860 1 : spdm_context->connection_info.algorithm.measurement_spec =
861 : m_libspdm_use_measurement_spec;
862 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
863 : m_libspdm_use_measurement_hash_algo;
864 1 : spdm_context->connection_info.algorithm.dhe_named_group =
865 : m_libspdm_use_dhe_algo;
866 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
867 : m_libspdm_use_aead_algo;
868 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
869 : m_libspdm_use_asym_algo, &data1,
870 : &data_size1, NULL, NULL);
871 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
872 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
873 : data_size1;
874 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
875 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
876 : data_size1;
877 :
878 1 : libspdm_reset_message_a(spdm_context);
879 1 : spdm_context->local_context.mut_auth_requested = 1;
880 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
881 : m_libspdm_use_req_asym_algo, &data2,
882 : &data_size2, NULL, NULL);
883 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
884 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
885 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
886 : data2, data_size2);
887 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
888 : data_size2;
889 : #else
890 1 : libspdm_hash_all(
891 : spdm_context->connection_info.algorithm.base_hash_algo,
892 : data2, data_size2,
893 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
894 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
895 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
896 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
897 : spdm_context->connection_info.algorithm.base_hash_algo,
898 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
899 : data2,
900 : data_size2,
901 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
902 : #endif
903 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
904 :
905 1 : session_id = 0xFFFFFFFF;
906 1 : spdm_context->latest_session_id = session_id;
907 1 : session_info = &spdm_context->session_info[0];
908 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
909 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
910 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
911 1 : libspdm_secured_message_set_request_finished_key(
912 : session_info->secured_message_context, m_dummy_buffer,
913 : hash_size);
914 1 : libspdm_secured_message_set_session_state(
915 : session_info->secured_message_context,
916 : LIBSPDM_SESSION_STATE_HANDSHAKING);
917 1 : session_info->mut_auth_requested = 1;
918 :
919 1 : spdm_context->connection_info.capability.flags |=
920 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
921 1 : spdm_context->local_context.capability.flags |=
922 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
923 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
924 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
925 1 : req_asym_signature_size =
926 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
927 1 : ptr = m_libspdm_finish_request3.signature;
928 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
929 1 : cert_buffer = (uint8_t *)data1;
930 1 : cert_buffer_size = data_size1;
931 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
932 : cert_buffer_hash);
933 1 : cert_buffer = (uint8_t *)data2;
934 1 : cert_buffer_size = data_size2;
935 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
936 : req_cert_buffer_hash);
937 : /* transcript.message_a size is 0*/
938 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
939 : /* session_transcript.message_k is 0*/
940 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
941 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
942 : sizeof(spdm_finish_request_t));
943 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
944 1 : libspdm_requester_data_sign(
945 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
946 : spdm_context,
947 : #endif
948 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
949 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
950 1 : false, libspdm_get_managed_buffer(&th_curr),
951 : libspdm_get_managed_buffer_size(&th_curr),
952 : ptr, &req_asym_signature_size);
953 : #endif
954 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
955 1 : ptr += req_asym_signature_size;
956 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
957 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
958 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
959 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
960 : request_finished_key, hash_size, ptr);
961 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
962 1 : req_asym_signature_size + hmac_size;
963 1 : response_size = sizeof(response);
964 1 : status = libspdm_get_response_finish(spdm_context,
965 : m_libspdm_finish_request3_size,
966 : &m_libspdm_finish_request3,
967 : &response_size, response);
968 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
969 1 : assert_int_equal(response_size,
970 : sizeof(spdm_finish_response_t) + hmac_size);
971 1 : spdm_response = (void *)response;
972 1 : assert_int_equal(spdm_response->header.request_response_code,
973 : SPDM_FINISH_RSP);
974 1 : free(data1);
975 1 : free(data2);
976 1 : }
977 :
978 : /**
979 : * Test 9: receiving a correct FINISH message from the requester, but the
980 : * responder has no capabilities for key exchange.
981 : * Expected behavior: the responder refuses the FINISH message and produces
982 : * an ERROR message indicating the UnsupportedRequest.
983 : **/
984 1 : void libspdm_test_responder_finish_case9(void **state)
985 : {
986 : libspdm_return_t status;
987 : libspdm_test_context_t *spdm_test_context;
988 : libspdm_context_t *spdm_context;
989 : size_t response_size;
990 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
991 : spdm_finish_response_t *spdm_response;
992 : void *data1;
993 : size_t data_size1;
994 : uint8_t *ptr;
995 : uint8_t *cert_buffer;
996 : size_t cert_buffer_size;
997 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
998 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
999 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1000 : libspdm_session_info_t *session_info;
1001 : uint32_t session_id;
1002 : uint32_t hash_size;
1003 : uint32_t hmac_size;
1004 :
1005 1 : spdm_test_context = *state;
1006 1 : spdm_context = spdm_test_context->spdm_context;
1007 1 : spdm_test_context->case_id = 0x9;
1008 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1009 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1010 1 : spdm_context->connection_info.connection_state =
1011 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1012 1 : spdm_context->connection_info.capability.flags = 0;
1013 1 : spdm_context->local_context.capability.flags = 0;
1014 1 : spdm_context->connection_info.capability.flags |=
1015 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1016 : /* no key exchange capabilities (responder)*/
1017 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1018 : m_libspdm_use_hash_algo;
1019 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1020 : m_libspdm_use_asym_algo;
1021 1 : spdm_context->connection_info.algorithm.measurement_spec =
1022 : m_libspdm_use_measurement_spec;
1023 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1024 : m_libspdm_use_measurement_hash_algo;
1025 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1026 : m_libspdm_use_dhe_algo;
1027 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1028 : m_libspdm_use_aead_algo;
1029 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1030 : m_libspdm_use_asym_algo, &data1,
1031 : &data_size1, NULL, NULL);
1032 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1033 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1034 : data_size1;
1035 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1036 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1037 : data_size1;
1038 :
1039 1 : libspdm_reset_message_a(spdm_context);
1040 1 : spdm_context->local_context.mut_auth_requested = 0;
1041 :
1042 1 : session_id = 0xFFFFFFFF;
1043 1 : spdm_context->latest_session_id = session_id;
1044 1 : session_info = &spdm_context->session_info[0];
1045 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1046 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1047 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1048 1 : libspdm_secured_message_set_request_finished_key(
1049 : session_info->secured_message_context, m_dummy_buffer,
1050 : hash_size);
1051 1 : libspdm_secured_message_set_session_state(
1052 : session_info->secured_message_context,
1053 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1054 :
1055 1 : spdm_context->connection_info.capability.flags |=
1056 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1057 1 : spdm_context->local_context.capability.flags |=
1058 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1059 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1060 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1061 1 : ptr = m_libspdm_finish_request1.signature;
1062 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1063 1 : cert_buffer = (uint8_t *)data1;
1064 1 : cert_buffer_size = data_size1;
1065 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1066 : cert_buffer_hash);
1067 : /* transcript.message_a size is 0*/
1068 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1069 : /* session_transcript.message_k is 0*/
1070 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1071 : sizeof(spdm_finish_request_t));
1072 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1073 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1074 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1075 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1076 : request_finished_key, hash_size, ptr);
1077 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1078 1 : response_size = sizeof(response);
1079 1 : status = libspdm_get_response_finish(spdm_context,
1080 : m_libspdm_finish_request1_size,
1081 : &m_libspdm_finish_request1,
1082 : &response_size, response);
1083 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1084 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1085 1 : spdm_response = (void *)response;
1086 1 : assert_int_equal(spdm_response->header.request_response_code,
1087 : SPDM_ERROR);
1088 1 : assert_int_equal(spdm_response->header.param1,
1089 : SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
1090 1 : assert_int_equal(spdm_response->header.param2, SPDM_FINISH);
1091 1 : free(data1);
1092 1 : }
1093 :
1094 : /**
1095 : * Test 10: receiving a correct FINISH message from the requester, but the
1096 : * responder is not correctly setup by not initializing a session during
1097 : * KEY_EXCHANGE.
1098 : * Expected behavior: the responder refuses the FINISH message and produces
1099 : * an ERROR message indicating the UnsupportedRequest.
1100 : **/
1101 1 : void libspdm_test_responder_finish_case10(void **state)
1102 : {
1103 : libspdm_return_t status;
1104 : libspdm_test_context_t *spdm_test_context;
1105 : libspdm_context_t *spdm_context;
1106 : size_t response_size;
1107 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1108 : spdm_finish_response_t *spdm_response;
1109 : void *data1;
1110 : size_t data_size1;
1111 : uint8_t *ptr;
1112 : uint8_t *cert_buffer;
1113 : size_t cert_buffer_size;
1114 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1115 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1116 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1117 : libspdm_session_info_t *session_info;
1118 : uint32_t session_id;
1119 : uint32_t hash_size;
1120 : uint32_t hmac_size;
1121 :
1122 1 : spdm_test_context = *state;
1123 1 : spdm_context = spdm_test_context->spdm_context;
1124 1 : spdm_test_context->case_id = 0xA;
1125 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1126 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1127 1 : spdm_context->connection_info.connection_state =
1128 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1129 1 : spdm_context->connection_info.capability.flags |=
1130 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1131 1 : spdm_context->local_context.capability.flags |=
1132 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1133 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1134 : m_libspdm_use_hash_algo;
1135 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1136 : m_libspdm_use_asym_algo;
1137 1 : spdm_context->connection_info.algorithm.measurement_spec =
1138 : m_libspdm_use_measurement_spec;
1139 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1140 : m_libspdm_use_measurement_hash_algo;
1141 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1142 : m_libspdm_use_dhe_algo;
1143 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1144 : m_libspdm_use_aead_algo;
1145 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1146 : m_libspdm_use_asym_algo, &data1,
1147 : &data_size1, NULL, NULL);
1148 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1149 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1150 : data_size1;
1151 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1152 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1153 : data_size1;
1154 :
1155 1 : libspdm_reset_message_a(spdm_context);
1156 1 : spdm_context->local_context.mut_auth_requested = 0;
1157 :
1158 1 : session_id = 0xFFFFFFFF;
1159 1 : spdm_context->latest_session_id = session_id;
1160 1 : session_info = &spdm_context->session_info[0];
1161 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1162 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1163 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1164 1 : libspdm_secured_message_set_request_finished_key(
1165 : session_info->secured_message_context, m_dummy_buffer,
1166 : hash_size);
1167 1 : libspdm_secured_message_set_session_state(
1168 : session_info->secured_message_context,
1169 : LIBSPDM_SESSION_STATE_NOT_STARTED);
1170 :
1171 1 : spdm_context->connection_info.capability.flags |=
1172 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1173 1 : spdm_context->local_context.capability.flags |=
1174 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1175 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1176 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1177 1 : ptr = m_libspdm_finish_request1.signature;
1178 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1179 1 : cert_buffer = (uint8_t *)data1;
1180 1 : cert_buffer_size = data_size1;
1181 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1182 : cert_buffer_hash);
1183 : /* transcript.message_a size is 0*/
1184 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1185 : /* session_transcript.message_k is 0*/
1186 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1187 : sizeof(spdm_finish_request_t));
1188 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1189 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1190 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1191 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1192 : request_finished_key, hash_size, ptr);
1193 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1194 1 : response_size = sizeof(response);
1195 1 : status = libspdm_get_response_finish(spdm_context,
1196 : m_libspdm_finish_request1_size,
1197 : &m_libspdm_finish_request1,
1198 : &response_size, response);
1199 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1200 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1201 1 : spdm_response = (void *)response;
1202 1 : assert_int_equal(spdm_response->header.request_response_code,
1203 : SPDM_ERROR);
1204 1 : assert_int_equal(spdm_response->header.param1,
1205 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
1206 1 : assert_int_equal(spdm_response->header.param2, 0);
1207 1 : free(data1);
1208 1 : }
1209 :
1210 : /**
1211 : * Test 11: receiving a FINISH message from the requester with an incorrect
1212 : * MAC (all-zero).
1213 : * Expected behavior: the responder refuses the FINISH message and produces
1214 : * an ERROR message indicating the DecryptError.
1215 : **/
1216 1 : void libspdm_test_responder_finish_case11(void **state)
1217 : {
1218 : libspdm_return_t status;
1219 : libspdm_test_context_t *spdm_test_context;
1220 : libspdm_context_t *spdm_context;
1221 : size_t response_size;
1222 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1223 : spdm_finish_response_t *spdm_response;
1224 : void *data1;
1225 : size_t data_size1;
1226 : uint8_t *ptr;
1227 : libspdm_session_info_t *session_info;
1228 : uint32_t session_id;
1229 : uint32_t hash_size;
1230 : uint32_t hmac_size;
1231 :
1232 1 : spdm_test_context = *state;
1233 1 : spdm_context = spdm_test_context->spdm_context;
1234 1 : spdm_test_context->case_id = 0xB;
1235 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1236 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1237 1 : spdm_context->connection_info.connection_state =
1238 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1239 1 : spdm_context->connection_info.capability.flags |=
1240 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1241 1 : spdm_context->local_context.capability.flags |=
1242 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1243 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1244 : m_libspdm_use_hash_algo;
1245 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1246 : m_libspdm_use_asym_algo;
1247 1 : spdm_context->connection_info.algorithm.measurement_spec =
1248 : m_libspdm_use_measurement_spec;
1249 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1250 : m_libspdm_use_measurement_hash_algo;
1251 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1252 : m_libspdm_use_dhe_algo;
1253 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1254 : m_libspdm_use_aead_algo;
1255 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1256 : m_libspdm_use_asym_algo, &data1,
1257 : &data_size1, NULL, NULL);
1258 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1259 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1260 : data_size1;
1261 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1262 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1263 : data_size1;
1264 :
1265 1 : libspdm_reset_message_a(spdm_context);
1266 1 : spdm_context->local_context.mut_auth_requested = 0;
1267 :
1268 1 : session_id = 0xFFFFFFFF;
1269 1 : spdm_context->latest_session_id = session_id;
1270 1 : session_info = &spdm_context->session_info[0];
1271 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1272 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1273 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1274 1 : libspdm_secured_message_set_request_finished_key(
1275 : session_info->secured_message_context, m_dummy_buffer,
1276 : hash_size);
1277 1 : libspdm_secured_message_set_session_state(
1278 : session_info->secured_message_context,
1279 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1280 :
1281 1 : spdm_context->connection_info.capability.flags |=
1282 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1283 1 : spdm_context->local_context.capability.flags |=
1284 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1285 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1286 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1287 1 : ptr = m_libspdm_finish_request1.signature;
1288 1 : libspdm_set_mem(ptr, hmac_size, (uint8_t)(0x00)); /*all-zero MAC*/
1289 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1290 1 : response_size = sizeof(response);
1291 1 : status = libspdm_get_response_finish(spdm_context,
1292 : m_libspdm_finish_request1_size,
1293 : &m_libspdm_finish_request1,
1294 : &response_size, response);
1295 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1296 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1297 1 : spdm_response = (void *)response;
1298 1 : assert_int_equal(spdm_response->header.request_response_code,
1299 : SPDM_ERROR);
1300 1 : assert_int_equal(spdm_response->header.param1,
1301 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1302 1 : assert_int_equal(spdm_response->header.param2, 0);
1303 1 : free(data1);
1304 1 : }
1305 :
1306 : /**
1307 : * Test 12: receiving a FINISH message from the requester with an incorrect
1308 : * MAC (arbitrary).
1309 : * Expected behavior: the responder refuses the FINISH message and produces
1310 : * an ERROR message indicating the DecryptError.
1311 : **/
1312 1 : void libspdm_test_responder_finish_case12(void **state)
1313 : {
1314 : libspdm_return_t status;
1315 : libspdm_test_context_t *spdm_test_context;
1316 : libspdm_context_t *spdm_context;
1317 : size_t response_size;
1318 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1319 : spdm_finish_response_t *spdm_response;
1320 : void *data1;
1321 : size_t data_size1;
1322 : uint8_t *ptr;
1323 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1324 : uint8_t zero_data[LIBSPDM_MAX_HASH_SIZE];
1325 : libspdm_session_info_t *session_info;
1326 : uint32_t session_id;
1327 : uint32_t hash_size;
1328 : uint32_t hmac_size;
1329 :
1330 1 : spdm_test_context = *state;
1331 1 : spdm_context = spdm_test_context->spdm_context;
1332 1 : spdm_test_context->case_id = 0xC;
1333 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1334 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1335 1 : spdm_context->connection_info.connection_state =
1336 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1337 1 : spdm_context->connection_info.capability.flags |=
1338 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1339 1 : spdm_context->local_context.capability.flags |=
1340 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1341 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1342 : m_libspdm_use_hash_algo;
1343 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1344 : m_libspdm_use_asym_algo;
1345 1 : spdm_context->connection_info.algorithm.measurement_spec =
1346 : m_libspdm_use_measurement_spec;
1347 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1348 : m_libspdm_use_measurement_hash_algo;
1349 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1350 : m_libspdm_use_dhe_algo;
1351 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1352 : m_libspdm_use_aead_algo;
1353 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1354 : m_libspdm_use_asym_algo, &data1,
1355 : &data_size1, NULL, NULL);
1356 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1357 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1358 : data_size1;
1359 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1360 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1361 : data_size1;
1362 :
1363 1 : libspdm_reset_message_a(spdm_context);
1364 1 : spdm_context->local_context.mut_auth_requested = 0;
1365 :
1366 1 : session_id = 0xFFFFFFFF;
1367 1 : spdm_context->latest_session_id = session_id;
1368 1 : session_info = &spdm_context->session_info[0];
1369 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1370 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1371 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1372 1 : libspdm_secured_message_set_request_finished_key(
1373 : session_info->secured_message_context, m_dummy_buffer,
1374 : hash_size);
1375 1 : libspdm_secured_message_set_session_state(
1376 : session_info->secured_message_context,
1377 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1378 :
1379 1 : spdm_context->connection_info.capability.flags |=
1380 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1381 1 : spdm_context->local_context.capability.flags |=
1382 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1383 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1384 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1385 1 : ptr = m_libspdm_finish_request1.signature;
1386 : /*arbitrary MAC*/
1387 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1388 1 : libspdm_set_mem(zero_data, hash_size, (uint8_t)(0x00));
1389 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, zero_data, hash_size,
1390 : request_finished_key, hash_size, ptr);
1391 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1392 1 : response_size = sizeof(response);
1393 1 : status = libspdm_get_response_finish(spdm_context,
1394 : m_libspdm_finish_request1_size,
1395 : &m_libspdm_finish_request1,
1396 : &response_size, response);
1397 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1398 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1399 1 : spdm_response = (void *)response;
1400 1 : assert_int_equal(spdm_response->header.request_response_code,
1401 : SPDM_ERROR);
1402 1 : assert_int_equal(spdm_response->header.param1,
1403 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1404 1 : assert_int_equal(spdm_response->header.param2, 0);
1405 1 : free(data1);
1406 1 : }
1407 :
1408 : /**
1409 : * Test 13:
1410 : * Expected behavior:
1411 : **/
1412 1 : void libspdm_test_responder_finish_case13(void **state)
1413 : {
1414 1 : }
1415 :
1416 : /**
1417 : * Test 14: receiving a FINISH message from the requester with an incorrect
1418 : * MAC size (only the correct first half of the MAC).
1419 : * Expected behavior: the responder refuses the FINISH message and produces
1420 : * an ERROR message indicating the InvalidRequest.
1421 : **/
1422 1 : void libspdm_test_responder_finish_case14(void **state)
1423 : {
1424 : libspdm_return_t status;
1425 : libspdm_test_context_t *spdm_test_context;
1426 : libspdm_context_t *spdm_context;
1427 : size_t response_size;
1428 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1429 : spdm_finish_response_t *spdm_response;
1430 : void *data1;
1431 : size_t data_size1;
1432 : uint8_t *ptr;
1433 : uint8_t *cert_buffer;
1434 : size_t cert_buffer_size;
1435 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1436 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1437 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1438 : libspdm_session_info_t *session_info;
1439 : uint32_t session_id;
1440 : uint32_t hash_size;
1441 : uint32_t hmac_size;
1442 :
1443 1 : spdm_test_context = *state;
1444 1 : spdm_context = spdm_test_context->spdm_context;
1445 1 : spdm_test_context->case_id = 0xE;
1446 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1447 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1448 1 : spdm_context->connection_info.connection_state =
1449 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1450 1 : spdm_context->connection_info.capability.flags |=
1451 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1452 1 : spdm_context->local_context.capability.flags |=
1453 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1454 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1455 : m_libspdm_use_hash_algo;
1456 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1457 : m_libspdm_use_asym_algo;
1458 1 : spdm_context->connection_info.algorithm.measurement_spec =
1459 : m_libspdm_use_measurement_spec;
1460 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1461 : m_libspdm_use_measurement_hash_algo;
1462 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1463 : m_libspdm_use_dhe_algo;
1464 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1465 : m_libspdm_use_aead_algo;
1466 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1467 : m_libspdm_use_asym_algo, &data1,
1468 : &data_size1, NULL, NULL);
1469 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1470 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1471 : data_size1;
1472 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1473 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1474 : data_size1;
1475 :
1476 1 : libspdm_reset_message_a(spdm_context);
1477 1 : spdm_context->local_context.mut_auth_requested = 0;
1478 :
1479 1 : session_id = 0xFFFFFFFF;
1480 1 : spdm_context->latest_session_id = session_id;
1481 1 : session_info = &spdm_context->session_info[0];
1482 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1483 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1484 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1485 1 : libspdm_secured_message_set_request_finished_key(
1486 : session_info->secured_message_context, m_dummy_buffer,
1487 : hash_size);
1488 1 : libspdm_secured_message_set_session_state(
1489 : session_info->secured_message_context,
1490 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1491 :
1492 1 : spdm_context->connection_info.capability.flags |=
1493 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1494 1 : spdm_context->local_context.capability.flags |=
1495 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1496 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1497 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1498 1 : ptr = m_libspdm_finish_request1.signature;
1499 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1500 1 : cert_buffer = (uint8_t *)data1;
1501 1 : cert_buffer_size = data_size1;
1502 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1503 : cert_buffer_hash);
1504 : /* transcript.message_a size is 0*/
1505 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1506 : /* session_transcript.message_k is 0*/
1507 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1508 : sizeof(spdm_finish_request_t));
1509 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1510 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1511 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1512 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1513 : request_finished_key, hash_size, ptr);
1514 1 : libspdm_set_mem(ptr + hmac_size/2, hmac_size/2, (uint8_t) 0x00); /* half HMAC size*/
1515 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size/2;
1516 1 : response_size = sizeof(response);
1517 1 : status = libspdm_get_response_finish(spdm_context,
1518 : m_libspdm_finish_request1_size,
1519 : &m_libspdm_finish_request1,
1520 : &response_size, response);
1521 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1522 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1523 1 : spdm_response = (void *)response;
1524 1 : assert_int_equal(spdm_response->header.request_response_code,
1525 : SPDM_ERROR);
1526 1 : assert_int_equal(spdm_response->header.param1,
1527 : SPDM_ERROR_CODE_INVALID_REQUEST);
1528 1 : assert_int_equal(spdm_response->header.param2, 0);
1529 1 : free(data1);
1530 1 : }
1531 :
1532 : /**
1533 : * Test 15: receiving a FINISH message from the requester with an incorrect
1534 : * signature (all-zero), but a correct MAC.
1535 : * Expected behavior: the responder refuses the FINISH message and produces
1536 : * an ERROR message indicating the DecryptError.
1537 : **/
1538 1 : void libspdm_test_responder_finish_case15(void **state)
1539 : {
1540 : libspdm_return_t status;
1541 : libspdm_test_context_t *spdm_test_context;
1542 : libspdm_context_t *spdm_context;
1543 : size_t response_size;
1544 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1545 : spdm_finish_response_t *spdm_response;
1546 : void *data1;
1547 : size_t data_size1;
1548 : void *data2;
1549 : size_t data_size2;
1550 : uint8_t *ptr;
1551 : uint8_t *cert_buffer;
1552 : size_t cert_buffer_size;
1553 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1554 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1555 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1556 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1557 : libspdm_session_info_t *session_info;
1558 : uint32_t session_id;
1559 : uint32_t hash_size;
1560 : uint32_t hmac_size;
1561 : size_t req_asym_signature_size;
1562 :
1563 1 : spdm_test_context = *state;
1564 1 : spdm_context = spdm_test_context->spdm_context;
1565 1 : spdm_test_context->case_id = 0xF;
1566 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1567 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1568 1 : spdm_context->connection_info.connection_state =
1569 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1570 1 : spdm_context->connection_info.capability.flags |=
1571 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1572 1 : spdm_context->local_context.capability.flags |=
1573 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1574 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1575 : m_libspdm_use_hash_algo;
1576 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1577 : m_libspdm_use_asym_algo;
1578 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
1579 : m_libspdm_use_req_asym_algo;
1580 1 : spdm_context->connection_info.algorithm.measurement_spec =
1581 : m_libspdm_use_measurement_spec;
1582 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1583 : m_libspdm_use_measurement_hash_algo;
1584 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1585 : m_libspdm_use_dhe_algo;
1586 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1587 : m_libspdm_use_aead_algo;
1588 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1589 : m_libspdm_use_asym_algo, &data1,
1590 : &data_size1, NULL, NULL);
1591 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1592 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1593 : data_size1;
1594 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1595 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1596 : data_size1;
1597 :
1598 1 : libspdm_reset_message_a(spdm_context);
1599 1 : spdm_context->local_context.mut_auth_requested = 1;
1600 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1601 : m_libspdm_use_req_asym_algo, &data2,
1602 : &data_size2, NULL, NULL);
1603 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1604 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1605 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1606 : data2, data_size2);
1607 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
1608 : data_size2;
1609 : #endif
1610 :
1611 1 : session_id = 0xFFFFFFFF;
1612 1 : spdm_context->latest_session_id = session_id;
1613 1 : session_info = &spdm_context->session_info[0];
1614 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1615 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1616 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1617 1 : libspdm_secured_message_set_request_finished_key(
1618 : session_info->secured_message_context, m_dummy_buffer,
1619 : hash_size);
1620 1 : libspdm_secured_message_set_session_state(
1621 : session_info->secured_message_context,
1622 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1623 1 : session_info->mut_auth_requested = 1;
1624 :
1625 1 : spdm_context->connection_info.capability.flags |=
1626 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1627 1 : spdm_context->local_context.capability.flags |=
1628 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1629 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1630 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1631 1 : req_asym_signature_size =
1632 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1633 1 : ptr = m_libspdm_finish_request3.signature;
1634 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1635 1 : cert_buffer = (uint8_t *)data1;
1636 1 : cert_buffer_size = data_size1;
1637 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1638 : cert_buffer_hash);
1639 1 : cert_buffer = (uint8_t *)data2;
1640 1 : cert_buffer_size = data_size2;
1641 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1642 : req_cert_buffer_hash);
1643 : /* transcript.message_a size is 0*/
1644 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1645 : /* session_transcript.message_k is 0*/
1646 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1647 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
1648 : sizeof(spdm_finish_request_t));
1649 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1650 1 : libspdm_requester_data_sign(
1651 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
1652 : spdm_context,
1653 : #endif
1654 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
1655 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
1656 1 : false, libspdm_get_managed_buffer(&th_curr),
1657 : libspdm_get_managed_buffer_size(&th_curr),
1658 : ptr, &req_asym_signature_size);
1659 : #endif
1660 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1661 1 : ptr += req_asym_signature_size;
1662 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1663 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1664 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1665 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1666 : request_finished_key, hash_size, ptr);
1667 1 : libspdm_set_mem(m_libspdm_finish_request3.signature,
1668 : req_asym_signature_size, (uint8_t) 0x00); /*zero signature*/
1669 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
1670 1 : req_asym_signature_size + hmac_size;
1671 1 : response_size = sizeof(response);
1672 1 : status = libspdm_get_response_finish(spdm_context,
1673 : m_libspdm_finish_request3_size,
1674 : &m_libspdm_finish_request3,
1675 : &response_size, response);
1676 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1677 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1678 1 : spdm_response = (void *)response;
1679 1 : assert_int_equal(spdm_response->header.request_response_code,
1680 : SPDM_ERROR);
1681 1 : assert_int_equal(spdm_response->header.param1,
1682 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1683 1 : assert_int_equal(spdm_response->header.param2, 0);
1684 1 : free(data1);
1685 1 : free(data2);
1686 1 : }
1687 :
1688 : /**
1689 : * Test 16: receiving a FINISH message from the requester with an incorrect
1690 : * signature (arbitrary), but a correct MAC.
1691 : * Expected behavior: the responder refuses the FINISH message and produces
1692 : * an ERROR message indicating the DecryptError.
1693 : **/
1694 1 : void libspdm_test_responder_finish_case16(void **state)
1695 : {
1696 : libspdm_return_t status;
1697 : libspdm_test_context_t *spdm_test_context;
1698 : libspdm_context_t *spdm_context;
1699 : size_t response_size;
1700 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1701 : spdm_finish_response_t *spdm_response;
1702 : void *data1;
1703 : size_t data_size1;
1704 : void *data2;
1705 : size_t data_size2;
1706 : uint8_t *ptr;
1707 : uint8_t *cert_buffer;
1708 : size_t cert_buffer_size;
1709 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1710 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1711 : uint8_t random_buffer[LIBSPDM_MAX_HASH_SIZE];
1712 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1713 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1714 : libspdm_session_info_t *session_info;
1715 : uint32_t session_id;
1716 : uint32_t hash_size;
1717 : uint32_t hmac_size;
1718 : size_t req_asym_signature_size;
1719 :
1720 1 : spdm_test_context = *state;
1721 1 : spdm_context = spdm_test_context->spdm_context;
1722 1 : spdm_test_context->case_id = 0x10;
1723 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1724 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1725 1 : spdm_context->connection_info.connection_state =
1726 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1727 1 : spdm_context->connection_info.capability.flags |=
1728 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1729 1 : spdm_context->local_context.capability.flags |=
1730 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1731 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1732 : m_libspdm_use_hash_algo;
1733 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1734 : m_libspdm_use_asym_algo;
1735 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
1736 : m_libspdm_use_req_asym_algo;
1737 1 : spdm_context->connection_info.algorithm.measurement_spec =
1738 : m_libspdm_use_measurement_spec;
1739 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1740 : m_libspdm_use_measurement_hash_algo;
1741 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1742 : m_libspdm_use_dhe_algo;
1743 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1744 : m_libspdm_use_aead_algo;
1745 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1746 : m_libspdm_use_asym_algo, &data1,
1747 : &data_size1, NULL, NULL);
1748 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1749 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1750 : data_size1;
1751 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1752 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1753 : data_size1;
1754 :
1755 1 : libspdm_reset_message_a(spdm_context);
1756 1 : spdm_context->local_context.mut_auth_requested = 1;
1757 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1758 : m_libspdm_use_req_asym_algo, &data2,
1759 : &data_size2, NULL, NULL);
1760 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1761 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1762 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1763 : data2, data_size2);
1764 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
1765 : data_size2;
1766 : #endif
1767 :
1768 1 : session_id = 0xFFFFFFFF;
1769 1 : spdm_context->latest_session_id = session_id;
1770 1 : session_info = &spdm_context->session_info[0];
1771 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1772 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1773 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1774 1 : libspdm_secured_message_set_request_finished_key(
1775 : session_info->secured_message_context, m_dummy_buffer,
1776 : hash_size);
1777 1 : libspdm_secured_message_set_session_state(
1778 : session_info->secured_message_context,
1779 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1780 1 : session_info->mut_auth_requested = 1;
1781 :
1782 1 : spdm_context->connection_info.capability.flags |=
1783 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1784 1 : spdm_context->local_context.capability.flags |=
1785 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1786 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1787 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1788 1 : req_asym_signature_size =
1789 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1790 1 : ptr = m_libspdm_finish_request3.signature;
1791 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1792 1 : cert_buffer = (uint8_t *)data1;
1793 1 : cert_buffer_size = data_size1;
1794 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1795 : cert_buffer_hash);
1796 1 : cert_buffer = (uint8_t *)data2;
1797 1 : cert_buffer_size = data_size2;
1798 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1799 : req_cert_buffer_hash);
1800 : /* transcript.message_a size is 0*/
1801 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1802 : /* session_transcript.message_k is 0*/
1803 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1804 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
1805 : sizeof(spdm_finish_request_t));
1806 : /*randomize signature*/
1807 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1808 : libspdm_get_managed_buffer_size(&th_curr), random_buffer);
1809 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1810 1 : libspdm_requester_data_sign(
1811 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
1812 : spdm_context,
1813 : #endif
1814 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
1815 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
1816 : false, random_buffer, hash_size, ptr, &req_asym_signature_size);
1817 : #endif
1818 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1819 1 : ptr += req_asym_signature_size;
1820 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1821 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1822 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1823 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1824 : request_finished_key, hash_size, ptr);
1825 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
1826 1 : req_asym_signature_size + hmac_size;
1827 1 : response_size = sizeof(response);
1828 1 : status = libspdm_get_response_finish(spdm_context,
1829 : m_libspdm_finish_request3_size,
1830 : &m_libspdm_finish_request3,
1831 : &response_size, response);
1832 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1833 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1834 1 : spdm_response = (void *)response;
1835 1 : assert_int_equal(spdm_response->header.request_response_code,
1836 : SPDM_ERROR);
1837 1 : assert_int_equal(spdm_response->header.param1,
1838 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1839 1 : assert_int_equal(spdm_response->header.param2, 0);
1840 1 : free(data1);
1841 1 : free(data2);
1842 1 : }
1843 :
1844 : /**
1845 : * Test 17: receiving a correct FINISH from the requester.
1846 : * Expected behavior: the responder accepts the request and produces a valid FINISH
1847 : * response message, and buffer F receives the exchanged FINISH and FINISH_RSP messages.
1848 : **/
1849 1 : void libspdm_test_responder_finish_case17(void **state)
1850 : {
1851 : libspdm_return_t status;
1852 : libspdm_test_context_t *spdm_test_context;
1853 : libspdm_context_t *spdm_context;
1854 : size_t response_size;
1855 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1856 : spdm_finish_response_t *spdm_response;
1857 : void *data1;
1858 : size_t data_size1;
1859 : uint8_t *ptr;
1860 : uint8_t *cert_buffer;
1861 : size_t cert_buffer_size;
1862 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1863 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1864 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1865 : libspdm_session_info_t *session_info;
1866 : uint32_t session_id;
1867 : uint32_t hash_size;
1868 : uint32_t hmac_size;
1869 :
1870 1 : spdm_test_context = *state;
1871 1 : spdm_context = spdm_test_context->spdm_context;
1872 1 : spdm_test_context->case_id = 0x11;
1873 1 : spdm_context->connection_info.connection_state =
1874 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1875 1 : spdm_context->connection_info.capability.flags |=
1876 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1877 1 : spdm_context->local_context.capability.flags |=
1878 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1879 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1880 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1881 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1882 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1883 : m_libspdm_use_measurement_hash_algo;
1884 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1885 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1886 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1887 : m_libspdm_use_asym_algo, &data1,
1888 : &data_size1, NULL, NULL);
1889 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1890 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1891 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1892 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size = data_size1;
1893 :
1894 1 : libspdm_reset_message_a(spdm_context);
1895 1 : spdm_context->local_context.mut_auth_requested = 0;
1896 :
1897 1 : session_id = 0xFFFFFFFF;
1898 1 : spdm_context->latest_session_id = session_id;
1899 1 : session_info = &spdm_context->session_info[0];
1900 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
1901 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1902 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1903 1 : libspdm_secured_message_set_request_finished_key(
1904 : session_info->secured_message_context, m_dummy_buffer, hash_size);
1905 1 : libspdm_secured_message_set_session_state(
1906 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1907 :
1908 1 : spdm_context->connection_info.capability.flags |=
1909 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1910 1 : spdm_context->local_context.capability.flags |=
1911 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1912 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1913 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1914 1 : ptr = m_libspdm_finish_request1.signature;
1915 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1916 1 : cert_buffer = (uint8_t *)data1;
1917 1 : cert_buffer_size = data_size1;
1918 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1919 : /* transcript.message_a size is 0*/
1920 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1921 : /* session_transcript.message_k is 0*/
1922 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1923 : sizeof(spdm_finish_request_t));
1924 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1925 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1926 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1927 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1928 : request_finished_key, hash_size, ptr);
1929 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1930 1 : response_size = sizeof(response);
1931 1 : status = libspdm_get_response_finish(
1932 : spdm_context, m_libspdm_finish_request1_size, &m_libspdm_finish_request1,
1933 : &response_size, response);
1934 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1935 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
1936 1 : spdm_response = (void *)response;
1937 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
1938 :
1939 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1940 : assert_int_equal(spdm_context->session_info[0].session_transcript.message_f.buffer_size,
1941 : m_libspdm_finish_request1_size + response_size);
1942 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer,
1943 : &m_libspdm_finish_request1, m_libspdm_finish_request1_size);
1944 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer +
1945 : m_libspdm_finish_request1_size,
1946 : response, response_size);
1947 : #endif
1948 :
1949 1 : free(data1);
1950 1 : }
1951 :
1952 : /**
1953 : * Test 18: receiving a correct FINISH message from the requester with
1954 : * correct MAC and signature (with mutual authentication), and 'handshake in
1955 : * the clear'. The slot_id for requester mutual authentication is 0xFF.
1956 : * Expected behavior: the responder accepts the request and produces a valid
1957 : * FINISH_RSP response message.
1958 : **/
1959 1 : void libspdm_test_responder_finish_case18(void **state)
1960 : {
1961 : libspdm_return_t status;
1962 : libspdm_test_context_t *spdm_test_context;
1963 : libspdm_context_t *spdm_context;
1964 : size_t response_size;
1965 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1966 : spdm_finish_response_t *spdm_response;
1967 : void *data1;
1968 : size_t data_size1;
1969 : void *data2;
1970 : size_t data_size2;
1971 : uint8_t *ptr;
1972 : uint8_t *cert_buffer;
1973 : size_t cert_buffer_size;
1974 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1975 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1976 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1977 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1978 : libspdm_session_info_t *session_info;
1979 : uint32_t session_id;
1980 : uint32_t hash_size;
1981 : uint32_t hmac_size;
1982 : size_t req_asym_signature_size;
1983 :
1984 1 : spdm_test_context = *state;
1985 1 : spdm_context = spdm_test_context->spdm_context;
1986 1 : spdm_test_context->case_id = 0x12;
1987 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1988 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1989 1 : spdm_context->connection_info.connection_state =
1990 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1991 1 : spdm_context->connection_info.capability.flags |=
1992 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1993 1 : spdm_context->local_context.capability.flags |=
1994 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1995 1 : spdm_context->connection_info.capability.flags |=
1996 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP;
1997 1 : spdm_context->local_context.capability.flags |=
1998 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP;
1999 1 : spdm_context->connection_info.capability.flags |=
2000 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2001 1 : spdm_context->local_context.capability.flags |=
2002 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2003 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2004 : m_libspdm_use_hash_algo;
2005 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2006 : m_libspdm_use_asym_algo;
2007 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2008 : m_libspdm_use_req_asym_algo;
2009 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2010 : m_libspdm_use_dhe_algo;
2011 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2012 : m_libspdm_use_aead_algo;
2013 1 : libspdm_read_responder_public_key(m_libspdm_use_asym_algo, &data1, &data_size1);
2014 1 : spdm_context->local_context.local_public_key_provision = data1;
2015 1 : spdm_context->local_context.local_public_key_provision_size = data_size1;
2016 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2017 1 : libspdm_read_requester_public_key(m_libspdm_use_req_asym_algo, &data2, &data_size2);
2018 1 : spdm_context->local_context.peer_public_key_provision = data2;
2019 1 : spdm_context->local_context.peer_public_key_provision_size = data_size2;
2020 :
2021 1 : spdm_context->encap_context.req_slot_id = 0xFF;
2022 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0xFF;
2023 1 : spdm_context->connection_info.local_used_cert_chain_slot_id = 0xFF;
2024 :
2025 1 : libspdm_reset_message_a(spdm_context);
2026 :
2027 1 : session_id = 0xFFFFFFFF;
2028 1 : spdm_context->latest_session_id = session_id;
2029 1 : session_info = &spdm_context->session_info[0];
2030 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2031 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2032 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2033 1 : libspdm_secured_message_set_request_finished_key(
2034 : session_info->secured_message_context, m_dummy_buffer,
2035 : hash_size);
2036 1 : libspdm_secured_message_set_session_state(
2037 : session_info->secured_message_context,
2038 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2039 1 : session_info->mut_auth_requested = 1;
2040 :
2041 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2042 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2043 1 : req_asym_signature_size =
2044 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2045 1 : ptr = m_libspdm_finish_request4.signature;
2046 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2047 1 : cert_buffer = (uint8_t *)data1;
2048 1 : cert_buffer_size = data_size1;
2049 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2050 : cert_buffer_hash);
2051 1 : cert_buffer = (uint8_t *)data2;
2052 1 : cert_buffer_size = data_size2;
2053 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2054 : req_cert_buffer_hash);
2055 : /* transcript.message_a size is 0*/
2056 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2057 : /* session_transcript.message_k is 0*/
2058 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2059 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request4,
2060 : sizeof(spdm_finish_request_t));
2061 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2062 1 : libspdm_requester_data_sign(
2063 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
2064 : spdm_context,
2065 : #endif
2066 1 : m_libspdm_finish_request4.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2067 : SPDM_FINISH,
2068 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2069 1 : false, libspdm_get_managed_buffer(&th_curr),
2070 : libspdm_get_managed_buffer_size(&th_curr),
2071 : ptr, &req_asym_signature_size);
2072 : #endif
2073 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2074 1 : ptr += req_asym_signature_size;
2075 :
2076 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2077 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2078 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2079 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2080 : request_finished_key, hash_size, ptr);
2081 1 : m_libspdm_finish_request4_size = sizeof(spdm_finish_request_t) +
2082 1 : req_asym_signature_size + hmac_size;
2083 1 : response_size = sizeof(response);
2084 1 : status = libspdm_get_response_finish(spdm_context,
2085 : m_libspdm_finish_request4_size,
2086 : &m_libspdm_finish_request4,
2087 : &response_size, response);
2088 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2089 1 : assert_int_equal(response_size,
2090 : sizeof(spdm_finish_response_t) + hmac_size);
2091 1 : spdm_response = (void *)response;
2092 1 : assert_int_equal(spdm_response->header.request_response_code,
2093 : SPDM_FINISH_RSP);
2094 1 : free(data1);
2095 1 : free(data2);
2096 1 : }
2097 :
2098 : /**
2099 : * Test 19: receiving a invalid FINISH request message, enable mutual authentication without using the encapsulated request flow,
2100 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
2101 : * SlotID in FINISH request message is 10, but it shall be 0xFF or between 0 and 7 inclusive.
2102 : * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
2103 : **/
2104 1 : void libspdm_test_responder_finish_case19(void **state)
2105 : {
2106 : libspdm_return_t status;
2107 : libspdm_test_context_t *spdm_test_context;
2108 : libspdm_context_t *spdm_context;
2109 : size_t response_size;
2110 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2111 : spdm_finish_response_t *spdm_response;
2112 : void *data1;
2113 : size_t data_size1;
2114 : void *data2;
2115 : size_t data_size2;
2116 : uint8_t *ptr;
2117 : uint8_t *cert_buffer;
2118 : size_t cert_buffer_size;
2119 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2120 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2121 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2122 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2123 : libspdm_session_info_t *session_info;
2124 : uint32_t session_id;
2125 : uint32_t hash_size;
2126 : uint32_t hmac_size;
2127 : size_t req_asym_signature_size;
2128 :
2129 1 : spdm_test_context = *state;
2130 1 : spdm_context = spdm_test_context->spdm_context;
2131 1 : spdm_test_context->case_id = 0x13;
2132 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2133 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2134 1 : spdm_context->connection_info.connection_state =
2135 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2136 1 : spdm_context->connection_info.capability.flags |=
2137 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2138 1 : spdm_context->local_context.capability.flags |=
2139 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2140 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2141 : m_libspdm_use_hash_algo;
2142 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2143 : m_libspdm_use_asym_algo;
2144 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2145 : m_libspdm_use_req_asym_algo;
2146 1 : spdm_context->connection_info.algorithm.measurement_spec =
2147 : m_libspdm_use_measurement_spec;
2148 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2149 : m_libspdm_use_measurement_hash_algo;
2150 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2151 : m_libspdm_use_dhe_algo;
2152 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2153 : m_libspdm_use_aead_algo;
2154 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2155 : m_libspdm_use_asym_algo, &data1,
2156 : &data_size1, NULL, NULL);
2157 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2158 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2159 : data_size1;
2160 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2161 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2162 : data_size1;
2163 :
2164 1 : libspdm_reset_message_a(spdm_context);
2165 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2166 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2167 : m_libspdm_use_req_asym_algo, &data2,
2168 : &data_size2, NULL, NULL);
2169 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2170 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2171 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2172 : data2, data_size2);
2173 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2174 : data_size2;
2175 : #else
2176 1 : libspdm_hash_all(
2177 : spdm_context->connection_info.algorithm.base_hash_algo,
2178 : data2, data_size2,
2179 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2180 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2181 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2182 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2183 : spdm_context->connection_info.algorithm.base_hash_algo,
2184 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2185 : data2,
2186 : data_size2,
2187 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2188 : #endif
2189 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2190 :
2191 1 : session_id = 0xFFFFFFFF;
2192 1 : spdm_context->latest_session_id = session_id;
2193 1 : session_info = &spdm_context->session_info[0];
2194 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2195 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2196 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2197 1 : libspdm_secured_message_set_request_finished_key(
2198 : session_info->secured_message_context, m_dummy_buffer,
2199 : hash_size);
2200 1 : libspdm_secured_message_set_session_state(
2201 : session_info->secured_message_context,
2202 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2203 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2204 :
2205 1 : spdm_context->connection_info.capability.flags |=
2206 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2207 1 : spdm_context->local_context.capability.flags |=
2208 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2209 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2210 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2211 1 : req_asym_signature_size =
2212 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2213 1 : ptr = m_libspdm_finish_request5.signature;
2214 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2215 1 : cert_buffer = (uint8_t *)data1;
2216 1 : cert_buffer_size = data_size1;
2217 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2218 : cert_buffer_hash);
2219 1 : cert_buffer = (uint8_t *)data2;
2220 1 : cert_buffer_size = data_size2;
2221 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2222 : req_cert_buffer_hash);
2223 : /* transcript.message_a size is 0*/
2224 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2225 : /* session_transcript.message_k is 0*/
2226 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2227 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request5,
2228 : sizeof(spdm_finish_request_t));
2229 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2230 1 : libspdm_requester_data_sign(
2231 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
2232 : spdm_context,
2233 : #endif
2234 1 : m_libspdm_finish_request5.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
2235 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2236 1 : false, libspdm_get_managed_buffer(&th_curr),
2237 : libspdm_get_managed_buffer_size(&th_curr),
2238 : ptr, &req_asym_signature_size);
2239 : #endif
2240 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2241 1 : ptr += req_asym_signature_size;
2242 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2243 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2244 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2245 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2246 : request_finished_key, hash_size, ptr);
2247 1 : m_libspdm_finish_request5_size = sizeof(spdm_finish_request_t) +
2248 1 : req_asym_signature_size + hmac_size;
2249 1 : response_size = sizeof(response);
2250 1 : status = libspdm_get_response_finish(spdm_context,
2251 : m_libspdm_finish_request5_size,
2252 : &m_libspdm_finish_request5,
2253 : &response_size, response);
2254 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2255 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2256 1 : spdm_response = (void *)response;
2257 1 : assert_int_equal(spdm_response->header.request_response_code,
2258 : SPDM_ERROR);
2259 1 : assert_int_equal(spdm_response->header.param1,
2260 : SPDM_ERROR_CODE_INVALID_REQUEST);
2261 1 : assert_int_equal(spdm_response->header.param2, 0);
2262 1 : free(data1);
2263 1 : free(data2);
2264 1 : }
2265 :
2266 : /**
2267 : * Test 20: receiving a invalid FINISH request message, enable mutual authentication with using the encapsulated request flow,
2268 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x02.
2269 : * SlotID in FINISH request message is 3, but it shall match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
2270 : * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
2271 : **/
2272 1 : void libspdm_test_responder_finish_case20(void **state)
2273 : {
2274 : libspdm_return_t status;
2275 : libspdm_test_context_t *spdm_test_context;
2276 : libspdm_context_t *spdm_context;
2277 : size_t response_size;
2278 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2279 : spdm_finish_response_t *spdm_response;
2280 : void *data1;
2281 : size_t data_size1;
2282 : void *data2;
2283 : size_t data_size2;
2284 : uint8_t *ptr;
2285 : uint8_t *cert_buffer;
2286 : size_t cert_buffer_size;
2287 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2288 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2289 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2290 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2291 : libspdm_session_info_t *session_info;
2292 : uint32_t session_id;
2293 : uint32_t hash_size;
2294 : uint32_t hmac_size;
2295 : size_t req_asym_signature_size;
2296 :
2297 1 : spdm_test_context = *state;
2298 1 : spdm_context = spdm_test_context->spdm_context;
2299 1 : spdm_test_context->case_id = 0x14;
2300 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2301 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2302 1 : spdm_context->connection_info.connection_state =
2303 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2304 1 : spdm_context->connection_info.capability.flags |=
2305 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2306 1 : spdm_context->local_context.capability.flags |=
2307 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2308 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2309 : m_libspdm_use_hash_algo;
2310 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2311 : m_libspdm_use_asym_algo;
2312 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2313 : m_libspdm_use_req_asym_algo;
2314 1 : spdm_context->connection_info.algorithm.measurement_spec =
2315 : m_libspdm_use_measurement_spec;
2316 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2317 : m_libspdm_use_measurement_hash_algo;
2318 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2319 : m_libspdm_use_dhe_algo;
2320 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2321 : m_libspdm_use_aead_algo;
2322 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2323 : m_libspdm_use_asym_algo, &data1,
2324 : &data_size1, NULL, NULL);
2325 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2326 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2327 : data_size1;
2328 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2329 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2330 : data_size1;
2331 :
2332 1 : libspdm_reset_message_a(spdm_context);
2333 1 : spdm_context->local_context.mut_auth_requested =
2334 : SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
2335 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2336 : m_libspdm_use_req_asym_algo, &data2,
2337 : &data_size2, NULL, NULL);
2338 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2339 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2340 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2341 : data2, data_size2);
2342 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2343 : data_size2;
2344 : #else
2345 1 : libspdm_hash_all(
2346 : spdm_context->connection_info.algorithm.base_hash_algo,
2347 : data2, data_size2,
2348 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2349 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2350 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2351 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2352 : spdm_context->connection_info.algorithm.base_hash_algo,
2353 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2354 : data2,
2355 : data_size2,
2356 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2357 : #endif
2358 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2359 :
2360 1 : session_id = 0xFFFFFFFF;
2361 1 : spdm_context->latest_session_id = session_id;
2362 1 : session_info = &spdm_context->session_info[0];
2363 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2364 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2365 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2366 1 : libspdm_secured_message_set_request_finished_key(
2367 : session_info->secured_message_context, m_dummy_buffer,
2368 : hash_size);
2369 1 : libspdm_secured_message_set_session_state(
2370 : session_info->secured_message_context,
2371 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2372 1 : session_info->mut_auth_requested =
2373 : SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
2374 :
2375 1 : spdm_context->connection_info.capability.flags |=
2376 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2377 1 : spdm_context->local_context.capability.flags |=
2378 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2379 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2380 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2381 1 : req_asym_signature_size =
2382 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2383 1 : ptr = m_libspdm_finish_request7.signature;
2384 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2385 1 : cert_buffer = (uint8_t *)data1;
2386 1 : cert_buffer_size = data_size1;
2387 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2388 : cert_buffer_hash);
2389 1 : cert_buffer = (uint8_t *)data2;
2390 1 : cert_buffer_size = data_size2;
2391 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2392 : req_cert_buffer_hash);
2393 : /* transcript.message_a size is 0*/
2394 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2395 : /* session_transcript.message_k is 0*/
2396 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2397 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
2398 : sizeof(spdm_finish_request_t));
2399 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2400 1 : libspdm_requester_data_sign(
2401 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
2402 : spdm_context,
2403 : #endif
2404 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
2405 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2406 1 : false, libspdm_get_managed_buffer(&th_curr),
2407 : libspdm_get_managed_buffer_size(&th_curr),
2408 : ptr, &req_asym_signature_size);
2409 : #endif
2410 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2411 1 : ptr += req_asym_signature_size;
2412 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2413 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2414 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2415 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2416 : request_finished_key, hash_size, ptr);
2417 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2418 1 : req_asym_signature_size + hmac_size;
2419 1 : response_size = sizeof(response);
2420 1 : status = libspdm_get_response_finish(spdm_context,
2421 : m_libspdm_finish_request7_size,
2422 : &m_libspdm_finish_request7,
2423 : &response_size, response);
2424 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2425 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2426 1 : spdm_response = (void *)response;
2427 1 : assert_int_equal(spdm_response->header.request_response_code,
2428 : SPDM_ERROR);
2429 1 : assert_int_equal(spdm_response->header.param1,
2430 : SPDM_ERROR_CODE_INVALID_REQUEST);
2431 1 : assert_int_equal(spdm_response->header.param2, 0);
2432 1 : free(data1);
2433 1 : free(data2);
2434 1 : }
2435 :
2436 : /**
2437 : * Test 21: receiving a valid FINISH request message, due to disable mutual authentication,
2438 : * although SlotID in FINISH request message is 10, it shall be ignored when read.
2439 : * Expected behavior: the responder accepts the request and produces a valid
2440 : * FINISH_RSP response message.
2441 : **/
2442 1 : void libspdm_test_responder_finish_case21(void **state)
2443 : {
2444 : libspdm_return_t status;
2445 : libspdm_test_context_t *spdm_test_context;
2446 : libspdm_context_t *spdm_context;
2447 : size_t response_size;
2448 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2449 : spdm_finish_response_t *spdm_response;
2450 : void *data1;
2451 : size_t data_size1;
2452 : uint8_t *ptr;
2453 : uint8_t *cert_buffer;
2454 : size_t cert_buffer_size;
2455 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2456 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2457 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2458 : libspdm_session_info_t *session_info;
2459 : uint32_t session_id;
2460 : uint32_t hash_size;
2461 : uint32_t hmac_size;
2462 :
2463 1 : spdm_test_context = *state;
2464 1 : spdm_context = spdm_test_context->spdm_context;
2465 1 : spdm_test_context->case_id = 0x15;
2466 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2467 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2468 1 : spdm_context->connection_info.connection_state =
2469 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2470 1 : spdm_context->connection_info.capability.flags |=
2471 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2472 1 : spdm_context->local_context.capability.flags |=
2473 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2474 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2475 : m_libspdm_use_hash_algo;
2476 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2477 : m_libspdm_use_asym_algo;
2478 1 : spdm_context->connection_info.algorithm.measurement_spec =
2479 : m_libspdm_use_measurement_spec;
2480 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2481 : m_libspdm_use_measurement_hash_algo;
2482 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2483 : m_libspdm_use_dhe_algo;
2484 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2485 : m_libspdm_use_aead_algo;
2486 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2487 : m_libspdm_use_asym_algo, &data1,
2488 : &data_size1, NULL, NULL);
2489 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2490 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2491 : data_size1;
2492 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2493 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2494 : data_size1;
2495 :
2496 1 : libspdm_reset_message_a(spdm_context);
2497 1 : spdm_context->local_context.mut_auth_requested = 0;
2498 :
2499 1 : session_id = 0xFFFFFFFF;
2500 1 : spdm_context->latest_session_id = session_id;
2501 1 : session_info = &spdm_context->session_info[0];
2502 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2503 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2504 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2505 1 : libspdm_secured_message_set_request_finished_key(
2506 : session_info->secured_message_context, m_dummy_buffer,
2507 : hash_size);
2508 1 : libspdm_secured_message_set_session_state(
2509 : session_info->secured_message_context,
2510 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2511 1 : session_info->mut_auth_requested = 0;
2512 :
2513 1 : spdm_context->connection_info.capability.flags |=
2514 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2515 1 : spdm_context->local_context.capability.flags |=
2516 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2517 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2518 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2519 1 : ptr = m_libspdm_finish_request6.signature;
2520 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2521 1 : cert_buffer = (uint8_t *)data1;
2522 1 : cert_buffer_size = data_size1;
2523 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2524 : cert_buffer_hash);
2525 : /* transcript.message_a size is 0*/
2526 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2527 : /* session_transcript.message_k is 0*/
2528 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request6,
2529 : sizeof(spdm_finish_request_t));
2530 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2531 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2532 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2533 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2534 : request_finished_key, hash_size, ptr);
2535 1 : m_libspdm_finish_request6_size = sizeof(spdm_finish_request_t) + hmac_size;
2536 1 : response_size = sizeof(response);
2537 1 : status = libspdm_get_response_finish(spdm_context,
2538 : m_libspdm_finish_request6_size,
2539 : &m_libspdm_finish_request6,
2540 : &response_size, response);
2541 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2542 1 : spdm_response = (void *)response;
2543 1 : assert_int_equal(spdm_response->header.request_response_code,
2544 : SPDM_FINISH_RSP);
2545 1 : assert_int_equal(response_size,
2546 : sizeof(spdm_finish_response_t) + hmac_size);
2547 1 : free(data1);
2548 1 : }
2549 :
2550 : /**
2551 : * Test 22: receiving a valid FINISH request message, enable mutual authentication without using the encapsulated request flow,
2552 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
2553 : * although SlotID in FINISH request message is 3, it no need match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
2554 : * Expected behavior: the responder accepts the request and produces a valid
2555 : * FINISH_RSP response message.
2556 : **/
2557 1 : void libspdm_test_responder_finish_case22(void **state)
2558 : {
2559 : libspdm_return_t status;
2560 : libspdm_test_context_t *spdm_test_context;
2561 : libspdm_context_t *spdm_context;
2562 : size_t response_size;
2563 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2564 : spdm_finish_response_t *spdm_response;
2565 : void *data1;
2566 : size_t data_size1;
2567 : void *data2;
2568 : size_t data_size2;
2569 : uint8_t *ptr;
2570 : uint8_t *cert_buffer;
2571 : size_t cert_buffer_size;
2572 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2573 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2574 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2575 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2576 : libspdm_session_info_t *session_info;
2577 : uint32_t session_id;
2578 : uint32_t hash_size;
2579 : uint32_t hmac_size;
2580 : size_t req_asym_signature_size;
2581 :
2582 1 : spdm_test_context = *state;
2583 1 : spdm_context = spdm_test_context->spdm_context;
2584 1 : spdm_test_context->case_id = 0x16;
2585 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2586 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2587 1 : spdm_context->connection_info.connection_state =
2588 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2589 1 : spdm_context->connection_info.capability.flags |=
2590 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2591 1 : spdm_context->local_context.capability.flags |=
2592 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2593 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2594 : m_libspdm_use_hash_algo;
2595 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2596 : m_libspdm_use_asym_algo;
2597 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2598 : m_libspdm_use_req_asym_algo;
2599 1 : spdm_context->connection_info.algorithm.measurement_spec =
2600 : m_libspdm_use_measurement_spec;
2601 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2602 : m_libspdm_use_measurement_hash_algo;
2603 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2604 : m_libspdm_use_dhe_algo;
2605 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2606 : m_libspdm_use_aead_algo;
2607 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2608 : m_libspdm_use_asym_algo, &data1,
2609 : &data_size1, NULL, NULL);
2610 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2611 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2612 : data_size1;
2613 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2614 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2615 : data_size1;
2616 :
2617 1 : libspdm_reset_message_a(spdm_context);
2618 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2619 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2620 : m_libspdm_use_req_asym_algo, &data2,
2621 : &data_size2, NULL, NULL);
2622 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2623 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2624 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2625 : data2, data_size2);
2626 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2627 : data_size2;
2628 : #else
2629 1 : libspdm_hash_all(
2630 : spdm_context->connection_info.algorithm.base_hash_algo,
2631 : data2, data_size2,
2632 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2633 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2634 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2635 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2636 : spdm_context->connection_info.algorithm.base_hash_algo,
2637 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2638 : data2,
2639 : data_size2,
2640 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2641 : #endif
2642 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2643 :
2644 1 : session_id = 0xFFFFFFFF;
2645 1 : spdm_context->latest_session_id = session_id;
2646 1 : session_info = &spdm_context->session_info[0];
2647 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2648 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2649 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2650 1 : libspdm_secured_message_set_request_finished_key(
2651 : session_info->secured_message_context, m_dummy_buffer,
2652 : hash_size);
2653 1 : libspdm_secured_message_set_session_state(
2654 : session_info->secured_message_context,
2655 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2656 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2657 :
2658 1 : spdm_context->connection_info.capability.flags |=
2659 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2660 1 : spdm_context->local_context.capability.flags |=
2661 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2662 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2663 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2664 1 : req_asym_signature_size =
2665 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2666 1 : ptr = m_libspdm_finish_request7.signature;
2667 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2668 1 : cert_buffer = (uint8_t *)data1;
2669 1 : cert_buffer_size = data_size1;
2670 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2671 : cert_buffer_hash);
2672 1 : cert_buffer = (uint8_t *)data2;
2673 1 : cert_buffer_size = data_size2;
2674 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2675 : req_cert_buffer_hash);
2676 : /* transcript.message_a size is 0*/
2677 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2678 : /* session_transcript.message_k is 0*/
2679 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2680 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
2681 : sizeof(spdm_finish_request_t));
2682 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2683 1 : libspdm_requester_data_sign(
2684 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
2685 : spdm_context,
2686 : #endif
2687 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
2688 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2689 1 : false, libspdm_get_managed_buffer(&th_curr),
2690 : libspdm_get_managed_buffer_size(&th_curr),
2691 : ptr, &req_asym_signature_size);
2692 : #endif
2693 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2694 1 : ptr += req_asym_signature_size;
2695 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2696 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2697 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2698 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2699 : request_finished_key, hash_size, ptr);
2700 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2701 1 : req_asym_signature_size + hmac_size;
2702 1 : response_size = sizeof(response);
2703 1 : status = libspdm_get_response_finish(spdm_context,
2704 : m_libspdm_finish_request7_size,
2705 : &m_libspdm_finish_request7,
2706 : &response_size, response);
2707 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2708 1 : spdm_response = (void *)response;
2709 1 : assert_int_equal(spdm_response->header.request_response_code,
2710 : SPDM_FINISH_RSP);
2711 1 : assert_int_equal(response_size,
2712 : sizeof(spdm_finish_response_t) + hmac_size);
2713 1 : free(data1);
2714 1 : free(data2);
2715 1 : }
2716 :
2717 : /**
2718 : * Test 23: Same as test case 22 but test signature endianness.
2719 : * Big-Endian Sign. Little-Endian Verify.
2720 : * Expecting signature to fail.
2721 : **/
2722 1 : void libspdm_test_responder_finish_case23(void** state)
2723 : {
2724 : libspdm_return_t status;
2725 : libspdm_test_context_t* spdm_test_context;
2726 : libspdm_context_t* spdm_context;
2727 : size_t response_size;
2728 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2729 : spdm_finish_response_t* spdm_response;
2730 : void* data1;
2731 : size_t data_size1;
2732 : void* data2;
2733 : size_t data_size2;
2734 : uint8_t* ptr;
2735 : uint8_t* cert_buffer;
2736 : size_t cert_buffer_size;
2737 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2738 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2739 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2740 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2741 : libspdm_session_info_t* session_info;
2742 : uint32_t session_id;
2743 : uint32_t hash_size;
2744 : uint32_t hmac_size;
2745 : size_t req_asym_signature_size;
2746 :
2747 1 : spdm_test_context = *state;
2748 1 : spdm_context = spdm_test_context->spdm_context;
2749 1 : spdm_test_context->case_id = 23;
2750 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2751 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2752 1 : spdm_context->connection_info.connection_state =
2753 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2754 1 : spdm_context->connection_info.capability.flags |=
2755 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2756 1 : spdm_context->local_context.capability.flags |=
2757 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2758 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2759 : m_libspdm_use_hash_algo;
2760 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2761 : m_libspdm_use_asym_algo;
2762 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2763 : m_libspdm_use_req_asym_algo;
2764 1 : spdm_context->connection_info.algorithm.measurement_spec =
2765 : m_libspdm_use_measurement_spec;
2766 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2767 : m_libspdm_use_measurement_hash_algo;
2768 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2769 : m_libspdm_use_dhe_algo;
2770 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2771 : m_libspdm_use_aead_algo;
2772 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2773 : m_libspdm_use_asym_algo, &data1,
2774 : &data_size1, NULL, NULL);
2775 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2776 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2777 : data_size1;
2778 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2779 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2780 : data_size1;
2781 1 : spdm_context->spdm_10_11_verify_signature_endian =
2782 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
2783 :
2784 1 : libspdm_reset_message_a(spdm_context);
2785 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2786 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2787 : m_libspdm_use_req_asym_algo, &data2,
2788 : &data_size2, NULL, NULL);
2789 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2790 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2791 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2792 : data2, data_size2);
2793 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2794 : data_size2;
2795 : #else
2796 1 : libspdm_hash_all(
2797 : spdm_context->connection_info.algorithm.base_hash_algo,
2798 : data2, data_size2,
2799 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2800 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2801 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2802 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2803 : spdm_context->connection_info.algorithm.base_hash_algo,
2804 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2805 : data2,
2806 : data_size2,
2807 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2808 : #endif
2809 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2810 :
2811 1 : session_id = 0xFFFFFFFF;
2812 1 : spdm_context->latest_session_id = session_id;
2813 1 : session_info = &spdm_context->session_info[0];
2814 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2815 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2816 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2817 1 : libspdm_secured_message_set_request_finished_key(
2818 : session_info->secured_message_context, m_dummy_buffer,
2819 : hash_size);
2820 1 : libspdm_secured_message_set_session_state(
2821 : session_info->secured_message_context,
2822 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2823 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2824 :
2825 1 : spdm_context->connection_info.capability.flags |=
2826 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2827 1 : spdm_context->local_context.capability.flags |=
2828 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2829 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2830 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2831 1 : req_asym_signature_size =
2832 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2833 1 : ptr = m_libspdm_finish_request7.signature;
2834 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2835 1 : cert_buffer = (uint8_t*)data1;
2836 1 : cert_buffer_size = data_size1;
2837 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2838 : cert_buffer_hash);
2839 1 : cert_buffer = (uint8_t*)data2;
2840 1 : cert_buffer_size = data_size2;
2841 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2842 : req_cert_buffer_hash);
2843 : /* transcript.message_a size is 0*/
2844 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2845 : /* session_transcript.message_k is 0*/
2846 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2847 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
2848 : sizeof(spdm_finish_request_t));
2849 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2850 1 : libspdm_requester_data_sign(
2851 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
2852 : spdm_context,
2853 : #endif
2854 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
2855 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2856 1 : false, libspdm_get_managed_buffer(&th_curr),
2857 : libspdm_get_managed_buffer_size(&th_curr),
2858 : ptr, &req_asym_signature_size);
2859 : #endif
2860 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2861 1 : ptr += req_asym_signature_size;
2862 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2863 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2864 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2865 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2866 : request_finished_key, hash_size, ptr);
2867 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2868 1 : req_asym_signature_size + hmac_size;
2869 1 : response_size = sizeof(response);
2870 1 : status = libspdm_get_response_finish(spdm_context,
2871 : m_libspdm_finish_request7_size,
2872 : &m_libspdm_finish_request7,
2873 : &response_size, response);
2874 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2875 1 : spdm_response = (void*)response;
2876 :
2877 : /* Expecting failure on little-endian signature */
2878 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
2879 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2880 1 : free(data1);
2881 1 : free(data2);
2882 1 : }
2883 :
2884 : /**
2885 : * Test 24: Same as test case 22 but test signature endianness.
2886 : * Big-Endian Sign. Big-Endian Verify.
2887 : * Expecting signature to PASS.
2888 : **/
2889 1 : void libspdm_test_responder_finish_case24(void** state)
2890 : {
2891 : libspdm_return_t status;
2892 : libspdm_test_context_t* spdm_test_context;
2893 : libspdm_context_t* spdm_context;
2894 : size_t response_size;
2895 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2896 : spdm_finish_response_t* spdm_response;
2897 : void* data1;
2898 : size_t data_size1;
2899 : void* data2;
2900 : size_t data_size2;
2901 : uint8_t* ptr;
2902 : uint8_t* cert_buffer;
2903 : size_t cert_buffer_size;
2904 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2905 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2906 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2907 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2908 : libspdm_session_info_t* session_info;
2909 : uint32_t session_id;
2910 : uint32_t hash_size;
2911 : uint32_t hmac_size;
2912 : size_t req_asym_signature_size;
2913 :
2914 1 : spdm_test_context = *state;
2915 1 : spdm_context = spdm_test_context->spdm_context;
2916 1 : spdm_test_context->case_id = 24;
2917 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2918 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2919 1 : spdm_context->connection_info.connection_state =
2920 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2921 1 : spdm_context->connection_info.capability.flags |=
2922 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2923 1 : spdm_context->local_context.capability.flags |=
2924 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2925 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2926 : m_libspdm_use_hash_algo;
2927 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2928 : m_libspdm_use_asym_algo;
2929 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2930 : m_libspdm_use_req_asym_algo;
2931 1 : spdm_context->connection_info.algorithm.measurement_spec =
2932 : m_libspdm_use_measurement_spec;
2933 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2934 : m_libspdm_use_measurement_hash_algo;
2935 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2936 : m_libspdm_use_dhe_algo;
2937 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2938 : m_libspdm_use_aead_algo;
2939 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2940 : m_libspdm_use_asym_algo, &data1,
2941 : &data_size1, NULL, NULL);
2942 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2943 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2944 : data_size1;
2945 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2946 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2947 : data_size1;
2948 1 : spdm_context->spdm_10_11_verify_signature_endian =
2949 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
2950 :
2951 1 : libspdm_reset_message_a(spdm_context);
2952 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2953 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2954 : m_libspdm_use_req_asym_algo, &data2,
2955 : &data_size2, NULL, NULL);
2956 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2957 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2958 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2959 : data2, data_size2);
2960 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2961 : data_size2;
2962 : #else
2963 1 : libspdm_hash_all(
2964 : spdm_context->connection_info.algorithm.base_hash_algo,
2965 : data2, data_size2,
2966 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2967 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2968 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2969 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2970 : spdm_context->connection_info.algorithm.base_hash_algo,
2971 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2972 : data2,
2973 : data_size2,
2974 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2975 : #endif
2976 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2977 :
2978 1 : session_id = 0xFFFFFFFF;
2979 1 : spdm_context->latest_session_id = session_id;
2980 1 : session_info = &spdm_context->session_info[0];
2981 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
2982 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2983 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2984 1 : libspdm_secured_message_set_request_finished_key(
2985 : session_info->secured_message_context, m_dummy_buffer,
2986 : hash_size);
2987 1 : libspdm_secured_message_set_session_state(
2988 : session_info->secured_message_context,
2989 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2990 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2991 :
2992 1 : spdm_context->connection_info.capability.flags |=
2993 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2994 1 : spdm_context->local_context.capability.flags |=
2995 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2996 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2997 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2998 1 : req_asym_signature_size =
2999 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3000 1 : ptr = m_libspdm_finish_request7.signature;
3001 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3002 1 : cert_buffer = (uint8_t*)data1;
3003 1 : cert_buffer_size = data_size1;
3004 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3005 : cert_buffer_hash);
3006 1 : cert_buffer = (uint8_t*)data2;
3007 1 : cert_buffer_size = data_size2;
3008 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3009 : req_cert_buffer_hash);
3010 : /* transcript.message_a size is 0*/
3011 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3012 : /* session_transcript.message_k is 0*/
3013 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3014 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3015 : sizeof(spdm_finish_request_t));
3016 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3017 1 : libspdm_requester_data_sign(
3018 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
3019 : spdm_context,
3020 : #endif
3021 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3022 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3023 1 : false, libspdm_get_managed_buffer(&th_curr),
3024 : libspdm_get_managed_buffer_size(&th_curr),
3025 : ptr, &req_asym_signature_size);
3026 : #endif
3027 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3028 1 : ptr += req_asym_signature_size;
3029 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3030 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3031 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3032 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3033 : request_finished_key, hash_size, ptr);
3034 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3035 1 : req_asym_signature_size + hmac_size;
3036 1 : response_size = sizeof(response);
3037 1 : status = libspdm_get_response_finish(spdm_context,
3038 : m_libspdm_finish_request7_size,
3039 : &m_libspdm_finish_request7,
3040 : &response_size, response);
3041 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3042 1 : spdm_response = (void*)response;
3043 :
3044 : /* Expecting pass on big-endian signature */
3045 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3046 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3047 1 : free(data1);
3048 1 : free(data2);
3049 1 : }
3050 :
3051 : /**
3052 : * Test 25: Same as test case 22, but test signature endianness.
3053 : * Big Endian Sign. Big or Little Endian Verify.
3054 : * Expecting signature to PASS.
3055 : **/
3056 1 : void libspdm_test_responder_finish_case25(void** state)
3057 : {
3058 : libspdm_return_t status;
3059 : libspdm_test_context_t* spdm_test_context;
3060 : libspdm_context_t* spdm_context;
3061 : size_t response_size;
3062 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3063 : spdm_finish_response_t* spdm_response;
3064 : void* data1;
3065 : size_t data_size1;
3066 : void* data2;
3067 : size_t data_size2;
3068 : uint8_t* ptr;
3069 : uint8_t* cert_buffer;
3070 : size_t cert_buffer_size;
3071 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3072 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3073 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3074 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3075 : libspdm_session_info_t* session_info;
3076 : uint32_t session_id;
3077 : uint32_t hash_size;
3078 : uint32_t hmac_size;
3079 : size_t req_asym_signature_size;
3080 :
3081 1 : spdm_test_context = *state;
3082 1 : spdm_context = spdm_test_context->spdm_context;
3083 1 : spdm_test_context->case_id = 25;
3084 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3085 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3086 1 : spdm_context->connection_info.connection_state =
3087 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3088 1 : spdm_context->connection_info.capability.flags |=
3089 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3090 1 : spdm_context->local_context.capability.flags |=
3091 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3092 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3093 : m_libspdm_use_hash_algo;
3094 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3095 : m_libspdm_use_asym_algo;
3096 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3097 : m_libspdm_use_req_asym_algo;
3098 1 : spdm_context->connection_info.algorithm.measurement_spec =
3099 : m_libspdm_use_measurement_spec;
3100 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3101 : m_libspdm_use_measurement_hash_algo;
3102 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3103 : m_libspdm_use_dhe_algo;
3104 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3105 : m_libspdm_use_aead_algo;
3106 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3107 : m_libspdm_use_asym_algo, &data1,
3108 : &data_size1, NULL, NULL);
3109 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3110 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3111 : data_size1;
3112 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3113 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3114 : data_size1;
3115 1 : spdm_context->spdm_10_11_verify_signature_endian =
3116 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
3117 :
3118 1 : libspdm_reset_message_a(spdm_context);
3119 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3120 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3121 : m_libspdm_use_req_asym_algo, &data2,
3122 : &data_size2, NULL, NULL);
3123 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3124 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3125 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3126 : data2, data_size2);
3127 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3128 : data_size2;
3129 : #else
3130 1 : libspdm_hash_all(
3131 : spdm_context->connection_info.algorithm.base_hash_algo,
3132 : data2, data_size2,
3133 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3134 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3135 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3136 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3137 : spdm_context->connection_info.algorithm.base_hash_algo,
3138 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3139 : data2,
3140 : data_size2,
3141 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3142 : #endif
3143 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
3144 :
3145 1 : session_id = 0xFFFFFFFF;
3146 1 : spdm_context->latest_session_id = session_id;
3147 1 : session_info = &spdm_context->session_info[0];
3148 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
3149 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3150 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3151 1 : libspdm_secured_message_set_request_finished_key(
3152 : session_info->secured_message_context, m_dummy_buffer,
3153 : hash_size);
3154 1 : libspdm_secured_message_set_session_state(
3155 : session_info->secured_message_context,
3156 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3157 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3158 :
3159 1 : spdm_context->connection_info.capability.flags |=
3160 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3161 1 : spdm_context->local_context.capability.flags |=
3162 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3163 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3164 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3165 1 : req_asym_signature_size =
3166 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3167 1 : ptr = m_libspdm_finish_request7.signature;
3168 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3169 1 : cert_buffer = (uint8_t*)data1;
3170 1 : cert_buffer_size = data_size1;
3171 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3172 : cert_buffer_hash);
3173 1 : cert_buffer = (uint8_t*)data2;
3174 1 : cert_buffer_size = data_size2;
3175 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3176 : req_cert_buffer_hash);
3177 : /* transcript.message_a size is 0*/
3178 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3179 : /* session_transcript.message_k is 0*/
3180 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3181 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3182 : sizeof(spdm_finish_request_t));
3183 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3184 1 : libspdm_requester_data_sign(
3185 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
3186 : spdm_context,
3187 : #endif
3188 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3189 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3190 1 : false, libspdm_get_managed_buffer(&th_curr),
3191 : libspdm_get_managed_buffer_size(&th_curr),
3192 : ptr, &req_asym_signature_size);
3193 : #endif
3194 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3195 1 : ptr += req_asym_signature_size;
3196 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3197 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3198 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3199 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3200 : request_finished_key, hash_size, ptr);
3201 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3202 1 : req_asym_signature_size + hmac_size;
3203 1 : response_size = sizeof(response);
3204 1 : status = libspdm_get_response_finish(spdm_context,
3205 : m_libspdm_finish_request7_size,
3206 : &m_libspdm_finish_request7,
3207 : &response_size, response);
3208 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3209 1 : spdm_response = (void*)response;
3210 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3211 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3212 1 : free(data1);
3213 1 : free(data2);
3214 1 : }
3215 :
3216 : /**
3217 : * Test 26: Same as test case 22, but test endian verification.
3218 : * Sign as Little Endian, Verify as Little.
3219 : * Expecting signature to PASS.
3220 : **/
3221 1 : void libspdm_test_responder_finish_case26(void** state)
3222 : {
3223 : libspdm_return_t status;
3224 : libspdm_test_context_t* spdm_test_context;
3225 : libspdm_context_t* spdm_context;
3226 : size_t response_size;
3227 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3228 : spdm_finish_response_t* spdm_response;
3229 : void* data1;
3230 : size_t data_size1;
3231 : void* data2;
3232 : size_t data_size2;
3233 : uint8_t* ptr;
3234 : uint8_t* cert_buffer;
3235 : size_t cert_buffer_size;
3236 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3237 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3238 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3239 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3240 : libspdm_session_info_t* session_info;
3241 : uint32_t session_id;
3242 : uint32_t hash_size;
3243 : uint32_t hmac_size;
3244 : size_t req_asym_signature_size;
3245 :
3246 1 : spdm_test_context = *state;
3247 1 : spdm_context = spdm_test_context->spdm_context;
3248 1 : spdm_test_context->case_id = 26;
3249 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3250 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3251 1 : spdm_context->connection_info.connection_state =
3252 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3253 1 : spdm_context->connection_info.capability.flags |=
3254 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3255 1 : spdm_context->local_context.capability.flags |=
3256 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3257 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3258 : m_libspdm_use_hash_algo;
3259 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3260 : m_libspdm_use_asym_algo;
3261 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3262 : m_libspdm_use_req_asym_algo;
3263 1 : spdm_context->connection_info.algorithm.measurement_spec =
3264 : m_libspdm_use_measurement_spec;
3265 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3266 : m_libspdm_use_measurement_hash_algo;
3267 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3268 : m_libspdm_use_dhe_algo;
3269 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3270 : m_libspdm_use_aead_algo;
3271 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3272 : m_libspdm_use_asym_algo, &data1,
3273 : &data_size1, NULL, NULL);
3274 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3275 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3276 : data_size1;
3277 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3278 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3279 : data_size1;
3280 1 : spdm_context->spdm_10_11_verify_signature_endian =
3281 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
3282 :
3283 1 : libspdm_reset_message_a(spdm_context);
3284 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3285 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3286 : m_libspdm_use_req_asym_algo, &data2,
3287 : &data_size2, NULL, NULL);
3288 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3289 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3290 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3291 : data2, data_size2);
3292 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3293 : data_size2;
3294 : #else
3295 1 : libspdm_hash_all(
3296 : spdm_context->connection_info.algorithm.base_hash_algo,
3297 : data2, data_size2,
3298 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3299 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3300 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3301 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3302 : spdm_context->connection_info.algorithm.base_hash_algo,
3303 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3304 : data2,
3305 : data_size2,
3306 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3307 : #endif
3308 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
3309 :
3310 1 : session_id = 0xFFFFFFFF;
3311 1 : spdm_context->latest_session_id = session_id;
3312 1 : session_info = &spdm_context->session_info[0];
3313 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
3314 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3315 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3316 1 : libspdm_secured_message_set_request_finished_key(
3317 : session_info->secured_message_context, m_dummy_buffer,
3318 : hash_size);
3319 1 : libspdm_secured_message_set_session_state(
3320 : session_info->secured_message_context,
3321 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3322 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3323 :
3324 1 : spdm_context->connection_info.capability.flags |=
3325 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3326 1 : spdm_context->local_context.capability.flags |=
3327 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3328 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3329 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3330 1 : req_asym_signature_size =
3331 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3332 1 : ptr = m_libspdm_finish_request7.signature;
3333 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3334 1 : cert_buffer = (uint8_t*)data1;
3335 1 : cert_buffer_size = data_size1;
3336 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3337 : cert_buffer_hash);
3338 1 : cert_buffer = (uint8_t*)data2;
3339 1 : cert_buffer_size = data_size2;
3340 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3341 : req_cert_buffer_hash);
3342 : /* transcript.message_a size is 0*/
3343 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3344 : /* session_transcript.message_k is 0*/
3345 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3346 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3347 : sizeof(spdm_finish_request_t));
3348 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3349 1 : libspdm_requester_data_sign(
3350 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
3351 : spdm_context,
3352 : #endif
3353 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3354 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3355 1 : false, libspdm_get_managed_buffer(&th_curr),
3356 : libspdm_get_managed_buffer_size(&th_curr),
3357 : ptr, &req_asym_signature_size);
3358 :
3359 : /* Switch signature to little endian */
3360 1 : libspdm_copy_signature_swap_endian(
3361 : m_libspdm_use_req_asym_algo,
3362 : ptr, req_asym_signature_size,
3363 : ptr, req_asym_signature_size);
3364 : #endif
3365 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3366 1 : ptr += req_asym_signature_size;
3367 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3368 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3369 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3370 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3371 : request_finished_key, hash_size, ptr);
3372 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3373 1 : req_asym_signature_size + hmac_size;
3374 1 : response_size = sizeof(response);
3375 1 : status = libspdm_get_response_finish(spdm_context,
3376 : m_libspdm_finish_request7_size,
3377 : &m_libspdm_finish_request7,
3378 : &response_size, response);
3379 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3380 1 : spdm_response = (void*)response;
3381 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3382 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3383 1 : free(data1);
3384 1 : free(data2);
3385 1 : }
3386 :
3387 : /**
3388 : * Test 27: Same as test case 22, but test endian verification.
3389 : * Sign as Little Endian, Verify as Big.
3390 : * Expecting signature to FAIL.
3391 : **/
3392 1 : void libspdm_test_responder_finish_case27(void** state)
3393 : {
3394 : libspdm_return_t status;
3395 : libspdm_test_context_t* spdm_test_context;
3396 : libspdm_context_t* spdm_context;
3397 : size_t response_size;
3398 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3399 : spdm_finish_response_t* spdm_response;
3400 : void* data1;
3401 : size_t data_size1;
3402 : void* data2;
3403 : size_t data_size2;
3404 : uint8_t* ptr;
3405 : uint8_t* cert_buffer;
3406 : size_t cert_buffer_size;
3407 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3408 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3409 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3410 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3411 : libspdm_session_info_t* session_info;
3412 : uint32_t session_id;
3413 : uint32_t hash_size;
3414 : uint32_t hmac_size;
3415 : size_t req_asym_signature_size;
3416 :
3417 1 : spdm_test_context = *state;
3418 1 : spdm_context = spdm_test_context->spdm_context;
3419 1 : spdm_test_context->case_id = 27;
3420 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3421 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3422 1 : spdm_context->connection_info.connection_state =
3423 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3424 1 : spdm_context->connection_info.capability.flags |=
3425 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3426 1 : spdm_context->local_context.capability.flags |=
3427 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3428 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3429 : m_libspdm_use_hash_algo;
3430 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3431 : m_libspdm_use_asym_algo;
3432 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3433 : m_libspdm_use_req_asym_algo;
3434 1 : spdm_context->connection_info.algorithm.measurement_spec =
3435 : m_libspdm_use_measurement_spec;
3436 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3437 : m_libspdm_use_measurement_hash_algo;
3438 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3439 : m_libspdm_use_dhe_algo;
3440 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3441 : m_libspdm_use_aead_algo;
3442 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3443 : m_libspdm_use_asym_algo, &data1,
3444 : &data_size1, NULL, NULL);
3445 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3446 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3447 : data_size1;
3448 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3449 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3450 : data_size1;
3451 1 : spdm_context->spdm_10_11_verify_signature_endian =
3452 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
3453 :
3454 1 : libspdm_reset_message_a(spdm_context);
3455 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3456 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3457 : m_libspdm_use_req_asym_algo, &data2,
3458 : &data_size2, NULL, NULL);
3459 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3460 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3461 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3462 : data2, data_size2);
3463 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3464 : data_size2;
3465 : #else
3466 1 : libspdm_hash_all(
3467 : spdm_context->connection_info.algorithm.base_hash_algo,
3468 : data2, data_size2,
3469 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3470 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3471 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3472 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3473 : spdm_context->connection_info.algorithm.base_hash_algo,
3474 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3475 : data2,
3476 : data_size2,
3477 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3478 : #endif
3479 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
3480 :
3481 1 : session_id = 0xFFFFFFFF;
3482 1 : spdm_context->latest_session_id = session_id;
3483 1 : session_info = &spdm_context->session_info[0];
3484 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
3485 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3486 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3487 1 : libspdm_secured_message_set_request_finished_key(
3488 : session_info->secured_message_context, m_dummy_buffer,
3489 : hash_size);
3490 1 : libspdm_secured_message_set_session_state(
3491 : session_info->secured_message_context,
3492 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3493 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3494 :
3495 1 : spdm_context->connection_info.capability.flags |=
3496 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3497 1 : spdm_context->local_context.capability.flags |=
3498 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3499 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3500 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3501 1 : req_asym_signature_size =
3502 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3503 1 : ptr = m_libspdm_finish_request7.signature;
3504 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3505 1 : cert_buffer = (uint8_t*)data1;
3506 1 : cert_buffer_size = data_size1;
3507 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3508 : cert_buffer_hash);
3509 1 : cert_buffer = (uint8_t*)data2;
3510 1 : cert_buffer_size = data_size2;
3511 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3512 : req_cert_buffer_hash);
3513 : /* transcript.message_a size is 0*/
3514 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3515 : /* session_transcript.message_k is 0*/
3516 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3517 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3518 : sizeof(spdm_finish_request_t));
3519 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3520 1 : libspdm_requester_data_sign(
3521 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
3522 : spdm_context,
3523 : #endif
3524 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3525 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3526 1 : false, libspdm_get_managed_buffer(&th_curr),
3527 : libspdm_get_managed_buffer_size(&th_curr),
3528 : ptr, &req_asym_signature_size);
3529 :
3530 : /* Switch signature to little endian */
3531 1 : libspdm_copy_signature_swap_endian(
3532 : m_libspdm_use_req_asym_algo,
3533 : ptr, req_asym_signature_size,
3534 : ptr, req_asym_signature_size);
3535 : #endif
3536 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3537 1 : ptr += req_asym_signature_size;
3538 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3539 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3540 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3541 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3542 : request_finished_key, hash_size, ptr);
3543 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3544 1 : req_asym_signature_size + hmac_size;
3545 1 : response_size = sizeof(response);
3546 1 : status = libspdm_get_response_finish(spdm_context,
3547 : m_libspdm_finish_request7_size,
3548 : &m_libspdm_finish_request7,
3549 : &response_size, response);
3550 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3551 1 : spdm_response = (void*)response;
3552 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
3553 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
3554 1 : free(data1);
3555 1 : free(data2);
3556 1 : }
3557 :
3558 : /**
3559 : * Test 28: Same as test case 22, but test endian verification.
3560 : * Sign as Little Endian, Verify as Big Or Little.
3561 : * Expecting signature to PASS.
3562 : **/
3563 1 : void libspdm_test_responder_finish_case28(void** state)
3564 : {
3565 : libspdm_return_t status;
3566 : libspdm_test_context_t* spdm_test_context;
3567 : libspdm_context_t* spdm_context;
3568 : size_t response_size;
3569 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3570 : spdm_finish_response_t* spdm_response;
3571 : void* data1;
3572 : size_t data_size1;
3573 : void* data2;
3574 : size_t data_size2;
3575 : uint8_t* ptr;
3576 : uint8_t* cert_buffer;
3577 : size_t cert_buffer_size;
3578 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3579 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3580 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3581 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3582 : libspdm_session_info_t* session_info;
3583 : uint32_t session_id;
3584 : uint32_t hash_size;
3585 : uint32_t hmac_size;
3586 : size_t req_asym_signature_size;
3587 :
3588 1 : spdm_test_context = *state;
3589 1 : spdm_context = spdm_test_context->spdm_context;
3590 1 : spdm_test_context->case_id = 28;
3591 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3592 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3593 1 : spdm_context->connection_info.connection_state =
3594 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3595 1 : spdm_context->connection_info.capability.flags |=
3596 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3597 1 : spdm_context->local_context.capability.flags |=
3598 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3599 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3600 : m_libspdm_use_hash_algo;
3601 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3602 : m_libspdm_use_asym_algo;
3603 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3604 : m_libspdm_use_req_asym_algo;
3605 1 : spdm_context->connection_info.algorithm.measurement_spec =
3606 : m_libspdm_use_measurement_spec;
3607 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3608 : m_libspdm_use_measurement_hash_algo;
3609 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3610 : m_libspdm_use_dhe_algo;
3611 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3612 : m_libspdm_use_aead_algo;
3613 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3614 : m_libspdm_use_asym_algo, &data1,
3615 : &data_size1, NULL, NULL);
3616 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3617 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3618 : data_size1;
3619 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3620 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3621 : data_size1;
3622 1 : spdm_context->spdm_10_11_verify_signature_endian =
3623 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
3624 :
3625 1 : libspdm_reset_message_a(spdm_context);
3626 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3627 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3628 : m_libspdm_use_req_asym_algo, &data2,
3629 : &data_size2, NULL, NULL);
3630 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3631 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3632 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3633 : data2, data_size2);
3634 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3635 : data_size2;
3636 : #else
3637 1 : libspdm_hash_all(
3638 : spdm_context->connection_info.algorithm.base_hash_algo,
3639 : data2, data_size2,
3640 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3641 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3642 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3643 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3644 : spdm_context->connection_info.algorithm.base_hash_algo,
3645 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3646 : data2,
3647 : data_size2,
3648 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3649 : #endif
3650 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
3651 :
3652 1 : session_id = 0xFFFFFFFF;
3653 1 : spdm_context->latest_session_id = session_id;
3654 1 : session_info = &spdm_context->session_info[0];
3655 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
3656 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3657 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3658 1 : libspdm_secured_message_set_request_finished_key(
3659 : session_info->secured_message_context, m_dummy_buffer,
3660 : hash_size);
3661 1 : libspdm_secured_message_set_session_state(
3662 : session_info->secured_message_context,
3663 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3664 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3665 :
3666 1 : spdm_context->connection_info.capability.flags |=
3667 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3668 1 : spdm_context->local_context.capability.flags |=
3669 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3670 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3671 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3672 1 : req_asym_signature_size =
3673 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3674 1 : ptr = m_libspdm_finish_request7.signature;
3675 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3676 1 : cert_buffer = (uint8_t*)data1;
3677 1 : cert_buffer_size = data_size1;
3678 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3679 : cert_buffer_hash);
3680 1 : cert_buffer = (uint8_t*)data2;
3681 1 : cert_buffer_size = data_size2;
3682 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3683 : req_cert_buffer_hash);
3684 : /* transcript.message_a size is 0*/
3685 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3686 : /* session_transcript.message_k is 0*/
3687 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3688 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3689 : sizeof(spdm_finish_request_t));
3690 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3691 1 : libspdm_requester_data_sign(
3692 : #if LIBSPDM_HAL_PASS_SPDM_CONTEXT
3693 : spdm_context,
3694 : #endif
3695 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3696 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3697 1 : false, libspdm_get_managed_buffer(&th_curr),
3698 : libspdm_get_managed_buffer_size(&th_curr),
3699 : ptr, &req_asym_signature_size);
3700 :
3701 : /* Switch signature to little endian */
3702 1 : libspdm_copy_signature_swap_endian(
3703 : m_libspdm_use_req_asym_algo,
3704 : ptr, req_asym_signature_size,
3705 : ptr, req_asym_signature_size);
3706 : #endif
3707 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3708 1 : ptr += req_asym_signature_size;
3709 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3710 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3711 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3712 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3713 : request_finished_key, hash_size, ptr);
3714 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3715 1 : req_asym_signature_size + hmac_size;
3716 1 : response_size = sizeof(response);
3717 1 : status = libspdm_get_response_finish(spdm_context,
3718 : m_libspdm_finish_request7_size,
3719 : &m_libspdm_finish_request7,
3720 : &response_size, response);
3721 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3722 1 : spdm_response = (void*)response;
3723 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3724 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3725 1 : free(data1);
3726 1 : free(data2);
3727 1 : }
3728 :
3729 : /**
3730 : * Test 29: Receive the correct FINISH from the requester, and
3731 : * the requester and responder have not set HANDSHAKE_IN_THE_CLEAR.
3732 : * Expected behavior: the responder accepts the request and produces a valid
3733 : * FINISH_RSP response message, and The ResponderVerifyData field is absent.
3734 : **/
3735 1 : void libspdm_test_responder_finish_case29(void **state)
3736 : {
3737 : libspdm_return_t status;
3738 : libspdm_test_context_t *spdm_test_context;
3739 : libspdm_context_t *spdm_context;
3740 : size_t response_size;
3741 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3742 : spdm_finish_response_t *spdm_response;
3743 : void *data1;
3744 : size_t data_size1;
3745 : uint8_t *ptr;
3746 : uint8_t *cert_buffer;
3747 : size_t cert_buffer_size;
3748 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3749 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3750 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3751 : libspdm_session_info_t *session_info;
3752 : uint32_t session_id;
3753 : uint32_t hash_size;
3754 : uint32_t hmac_size;
3755 :
3756 1 : spdm_test_context = *state;
3757 1 : spdm_context = spdm_test_context->spdm_context;
3758 1 : spdm_test_context->case_id = 29;
3759 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3760 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3761 1 : spdm_context->connection_info.connection_state =
3762 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3763 1 : spdm_context->connection_info.capability.flags |=
3764 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3765 1 : spdm_context->local_context.capability.flags |=
3766 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3767 :
3768 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3769 : m_libspdm_use_hash_algo;
3770 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3771 : m_libspdm_use_asym_algo;
3772 1 : spdm_context->connection_info.algorithm.measurement_spec =
3773 : m_libspdm_use_measurement_spec;
3774 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3775 : m_libspdm_use_measurement_hash_algo;
3776 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3777 : m_libspdm_use_dhe_algo;
3778 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3779 : m_libspdm_use_aead_algo;
3780 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3781 : m_libspdm_use_asym_algo, &data1,
3782 : &data_size1, NULL, NULL);
3783 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3784 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3785 : data_size1;
3786 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3787 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3788 : data_size1;
3789 :
3790 1 : libspdm_reset_message_a(spdm_context);
3791 1 : spdm_context->local_context.mut_auth_requested = 0;
3792 :
3793 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3794 1 : spdm_context->connection_info.capability.flags &=
3795 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3796 1 : spdm_context->local_context.capability.flags &=
3797 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3798 :
3799 1 : session_id = 0xFFFFFFFF;
3800 1 : spdm_context->latest_session_id = session_id;
3801 1 : spdm_context->last_spdm_request_session_id_valid = true;
3802 1 : spdm_context->last_spdm_request_session_id = session_id;
3803 1 : session_info = &spdm_context->session_info[0];
3804 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
3805 :
3806 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3807 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3808 :
3809 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3810 1 : libspdm_secured_message_set_request_finished_key(
3811 : session_info->secured_message_context, m_dummy_buffer,
3812 : hash_size);
3813 1 : libspdm_secured_message_set_session_state(
3814 : session_info->secured_message_context,
3815 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3816 :
3817 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3818 1 : ptr = m_libspdm_finish_request1.signature;
3819 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3820 1 : cert_buffer = (uint8_t *)data1;
3821 1 : cert_buffer_size = data_size1;
3822 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3823 : cert_buffer_hash);
3824 : /* transcript.message_a size is 0*/
3825 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3826 : /* session_transcript.message_k is 0*/
3827 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
3828 : sizeof(spdm_finish_request_t));
3829 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3830 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3831 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3832 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3833 : request_finished_key, hash_size, ptr);
3834 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
3835 1 : response_size = sizeof(response);
3836 1 : status = libspdm_get_response_finish(spdm_context,
3837 : m_libspdm_finish_request1_size,
3838 : &m_libspdm_finish_request1,
3839 : &response_size, response);
3840 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3841 : /* The ResponderVerifyData field shall be absent.*/
3842 1 : assert_int_equal(response_size,
3843 : sizeof(spdm_finish_response_t));
3844 1 : spdm_response = (void *)response;
3845 1 : assert_int_equal(spdm_response->header.request_response_code,
3846 : SPDM_FINISH_RSP);
3847 1 : free(data1);
3848 1 : }
3849 :
3850 : /**
3851 : * Test 30: SPDM version 1.4, with OpaqueData.
3852 : * Expected behavior: the responder accepts the request and produces a valid
3853 : * FINISH_RSP response message.
3854 : **/
3855 1 : void libspdm_test_responder_finish_case30(void **state)
3856 : {
3857 : libspdm_return_t status;
3858 : libspdm_test_context_t *spdm_test_context;
3859 : libspdm_context_t *spdm_context;
3860 : size_t response_size;
3861 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3862 : spdm_finish_response_t *spdm_response;
3863 : void *data1;
3864 : size_t data_size1;
3865 : uint8_t *ptr;
3866 : uint8_t *cert_buffer;
3867 : size_t cert_buffer_size;
3868 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3869 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3870 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3871 : libspdm_session_info_t *session_info;
3872 : uint32_t session_id;
3873 : uint32_t hash_size;
3874 : uint32_t hmac_size;
3875 :
3876 1 : spdm_test_context = *state;
3877 1 : spdm_context = spdm_test_context->spdm_context;
3878 1 : spdm_test_context->case_id = 30;
3879 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
3880 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3881 1 : spdm_context->connection_info.connection_state =
3882 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3883 1 : spdm_context->connection_info.capability.flags |=
3884 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3885 1 : spdm_context->local_context.capability.flags |=
3886 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3887 :
3888 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3889 : m_libspdm_use_hash_algo;
3890 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3891 : m_libspdm_use_asym_algo;
3892 1 : spdm_context->connection_info.algorithm.measurement_spec =
3893 : m_libspdm_use_measurement_spec;
3894 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3895 : m_libspdm_use_measurement_hash_algo;
3896 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3897 : m_libspdm_use_dhe_algo;
3898 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3899 : m_libspdm_use_aead_algo;
3900 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3901 : m_libspdm_use_asym_algo, &data1,
3902 : &data_size1, NULL, NULL);
3903 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3904 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3905 : data_size1;
3906 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3907 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3908 : data_size1;
3909 :
3910 1 : libspdm_reset_message_a(spdm_context);
3911 1 : spdm_context->local_context.mut_auth_requested = 0;
3912 :
3913 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3914 1 : spdm_context->connection_info.capability.flags &=
3915 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3916 1 : spdm_context->local_context.capability.flags &=
3917 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3918 :
3919 1 : session_id = 0xFFFFFFFF;
3920 1 : spdm_context->latest_session_id = session_id;
3921 1 : spdm_context->last_spdm_request_session_id_valid = true;
3922 1 : spdm_context->last_spdm_request_session_id = session_id;
3923 1 : session_info = &spdm_context->session_info[0];
3924 1 : libspdm_session_info_init(spdm_context, session_info, session_id, false);
3925 :
3926 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3927 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3928 :
3929 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3930 1 : libspdm_secured_message_set_request_finished_key(
3931 : session_info->secured_message_context, m_dummy_buffer,
3932 : hash_size);
3933 1 : libspdm_secured_message_set_session_state(
3934 : session_info->secured_message_context,
3935 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3936 :
3937 1 : m_libspdm_finish_request8.opaque_data_size = sizeof(m_libspdm_finish_request8.opaque_data);
3938 :
3939 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3940 1 : ptr = m_libspdm_finish_request8.signature;
3941 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3942 1 : cert_buffer = (uint8_t *)data1;
3943 1 : cert_buffer_size = data_size1;
3944 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3945 : cert_buffer_hash);
3946 : /* transcript.message_a size is 0*/
3947 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3948 : /* session_transcript.message_k is 0*/
3949 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request8,
3950 : sizeof(spdm_finish_request_t) + sizeof(uint16_t) +
3951 1 : m_libspdm_finish_request8.opaque_data_size);
3952 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3953 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3954 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3955 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3956 : request_finished_key, hash_size, ptr);
3957 1 : m_libspdm_finish_request8_size = sizeof(spdm_finish_request_t) + hmac_size +
3958 1 : sizeof(uint16_t) + m_libspdm_finish_request8.opaque_data_size;
3959 1 : response_size = sizeof(response);
3960 1 : status = libspdm_get_response_finish(spdm_context,
3961 : m_libspdm_finish_request8_size,
3962 : &m_libspdm_finish_request8,
3963 : &response_size, response);
3964 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3965 : /* The ResponderVerifyData field shall be absent.*/
3966 1 : ptr = (uint8_t *)response + sizeof(spdm_finish_response_t);
3967 1 : assert_int_equal(response_size,
3968 : sizeof(spdm_finish_response_t) + sizeof(uint16_t) +
3969 : libspdm_read_uint16(ptr));
3970 1 : spdm_response = (void *)response;
3971 1 : assert_int_equal(spdm_response->header.request_response_code,
3972 : SPDM_FINISH_RSP);
3973 1 : free(data1);
3974 1 : }
3975 :
3976 1 : int libspdm_responder_finish_test_main(void)
3977 : {
3978 1 : const struct CMUnitTest spdm_responder_finish_tests[] = {
3979 : /* Success Case*/
3980 : cmocka_unit_test(libspdm_test_responder_finish_case1),
3981 : /* Can be populated with new test.*/
3982 : cmocka_unit_test(libspdm_test_responder_finish_case2),
3983 : /* response_state: SPDM_RESPONSE_STATE_BUSY*/
3984 : cmocka_unit_test(libspdm_test_responder_finish_case3),
3985 : /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
3986 : cmocka_unit_test(libspdm_test_responder_finish_case4),
3987 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
3988 : /* response_state: LIBSPDM_RESPONSE_STATE_NOT_READY*/
3989 : cmocka_unit_test(libspdm_test_responder_finish_case5),
3990 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
3991 : /* connection_state Check*/
3992 : cmocka_unit_test(libspdm_test_responder_finish_case6),
3993 : /* Buffer reset*/
3994 : cmocka_unit_test(libspdm_test_responder_finish_case7),
3995 : /* Success Case*/
3996 : cmocka_unit_test(libspdm_test_responder_finish_case8),
3997 : /* Unsupported KEY_EX capabilities*/
3998 : cmocka_unit_test(libspdm_test_responder_finish_case9),
3999 : /* Uninitialized session*/
4000 : cmocka_unit_test(libspdm_test_responder_finish_case10),
4001 : /* Incorrect MAC*/
4002 : cmocka_unit_test(libspdm_test_responder_finish_case11),
4003 : cmocka_unit_test(libspdm_test_responder_finish_case12),
4004 : /* Can be populated with new test.*/
4005 : cmocka_unit_test(libspdm_test_responder_finish_case13),
4006 : cmocka_unit_test(libspdm_test_responder_finish_case14),
4007 : /* Incorrect signature*/
4008 : cmocka_unit_test(libspdm_test_responder_finish_case15),
4009 : cmocka_unit_test(libspdm_test_responder_finish_case16),
4010 : /* Buffer verification*/
4011 : cmocka_unit_test(libspdm_test_responder_finish_case17),
4012 : /* Success Case, enable mutual authentication and use slot_id 0xFF */
4013 : cmocka_unit_test(libspdm_test_responder_finish_case18),
4014 : /* Invalid SlotID in FINISH request message when mutual authentication */
4015 : cmocka_unit_test_setup(libspdm_test_responder_finish_case19, libspdm_unit_test_group_setup),
4016 : cmocka_unit_test_setup(libspdm_test_responder_finish_case20, libspdm_unit_test_group_setup),
4017 : /* If FINISH.Param1 != 0x01, then FINISH.Param2 is reserved, shall be ignored when read */
4018 : cmocka_unit_test_setup(libspdm_test_responder_finish_case21, libspdm_unit_test_group_setup),
4019 : /* If KEY_EXCHANGE_RSP.MutAuthRequested equals neither 0x02 nor 0x04, FINISH.Param2 no need match ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest */
4020 : cmocka_unit_test_setup(libspdm_test_responder_finish_case22, libspdm_unit_test_group_setup),
4021 : /* Big Endian Sign - Little Endian Verify */
4022 : cmocka_unit_test_setup(libspdm_test_responder_finish_case23, libspdm_unit_test_group_setup),
4023 : /* Big Endian Sign - Big Endian Verify */
4024 : cmocka_unit_test_setup(libspdm_test_responder_finish_case24, libspdm_unit_test_group_setup),
4025 : /* Big Endian Sign - Big or Little Endian Verify */
4026 : cmocka_unit_test_setup(libspdm_test_responder_finish_case25, libspdm_unit_test_group_setup),
4027 : /* Little Endian Sign - Little Endian Verify*/
4028 : cmocka_unit_test_setup(libspdm_test_responder_finish_case26, libspdm_unit_test_group_setup),
4029 : /* Little Endian Sign - Big Endian Verify */
4030 : cmocka_unit_test_setup(libspdm_test_responder_finish_case27, libspdm_unit_test_group_setup),
4031 : /* Little Endian Sign - Big or Little Endian Verify */
4032 : cmocka_unit_test_setup(libspdm_test_responder_finish_case28, libspdm_unit_test_group_setup),
4033 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
4034 : cmocka_unit_test(libspdm_test_responder_finish_case29),
4035 : /* SPDM 1.4 with OpaqueData */
4036 : cmocka_unit_test(libspdm_test_responder_finish_case30),
4037 : };
4038 :
4039 1 : libspdm_test_context_t test_context = {
4040 : LIBSPDM_TEST_CONTEXT_VERSION,
4041 : false,
4042 : };
4043 :
4044 1 : libspdm_setup_test_context(&test_context);
4045 :
4046 1 : return cmocka_run_group_tests(spdm_responder_finish_tests,
4047 : libspdm_unit_test_group_setup,
4048 : libspdm_unit_test_group_teardown);
4049 : }
4050 :
4051 : #endif /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/
|