Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2026 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 : #include "internal/libspdm_secured_message_lib.h"
10 :
11 : extern uint8_t g_key_exchange_start_mut_auth;
12 :
13 : #pragma pack(1)
14 :
15 : typedef struct {
16 : spdm_message_header_t header;
17 : uint8_t signature[LIBSPDM_MAX_ASYM_SIG_SIZE];
18 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
19 : } libspdm_finish_request_mine_t;
20 :
21 : typedef struct {
22 : spdm_message_header_t header;
23 : uint16_t opaque_data_size;
24 : uint8_t opaque_data[8];
25 : uint8_t signature[LIBSPDM_MAX_ASYM_SIG_SIZE];
26 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
27 : } libspdm_finish_request_mine_14_t;
28 :
29 : #pragma pack()
30 :
31 : libspdm_finish_request_mine_t m_libspdm_finish_request1 = {
32 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 0, 0 },
33 : };
34 : size_t m_libspdm_finish_request1_size = sizeof(m_libspdm_finish_request1);
35 :
36 : libspdm_finish_request_mine_t m_libspdm_finish_request3 = {
37 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0 },
38 : };
39 : size_t m_libspdm_finish_request3_size = sizeof(m_libspdm_finish_request3);
40 :
41 : libspdm_finish_request_mine_t m_libspdm_finish_request4 = {
42 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0xFF },
43 : };
44 : size_t m_libspdm_finish_request4_size = sizeof(m_libspdm_finish_request4);
45 :
46 : libspdm_finish_request_mine_t m_libspdm_finish_request5 = {
47 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 10 },
48 : };
49 : size_t m_libspdm_finish_request5_size = sizeof(m_libspdm_finish_request5);
50 :
51 : libspdm_finish_request_mine_t m_libspdm_finish_request6 = {
52 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 6, 10 },
53 : };
54 : size_t m_libspdm_finish_request6_size = sizeof(m_libspdm_finish_request6);
55 :
56 : libspdm_finish_request_mine_t m_libspdm_finish_request7 = {
57 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 3 },
58 : };
59 : size_t m_libspdm_finish_request7_size = sizeof(m_libspdm_finish_request7);
60 :
61 : libspdm_finish_request_mine_14_t m_libspdm_finish_request8 = {
62 : { SPDM_MESSAGE_VERSION_14, SPDM_FINISH, 0, 0 },
63 : };
64 : size_t m_libspdm_finish_request8_size = sizeof(m_libspdm_finish_request8);
65 :
66 : uint8_t m_dummy_buffer[LIBSPDM_MAX_HASH_SIZE];
67 :
68 : #if LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP
69 :
70 : static libspdm_th_managed_buffer_t th_curr;
71 :
72 28 : void libspdm_secured_message_set_request_finished_key(
73 : void *spdm_secured_message_context, const void *key, size_t key_size)
74 : {
75 : libspdm_secured_message_context_t *secured_message_context;
76 :
77 28 : secured_message_context = spdm_secured_message_context;
78 28 : LIBSPDM_ASSERT(key_size == secured_message_context->hash_size);
79 28 : libspdm_copy_mem(secured_message_context->handshake_secret.request_finished_key,
80 : sizeof(secured_message_context->handshake_secret.request_finished_key),
81 : key, secured_message_context->hash_size);
82 28 : }
83 :
84 : /**
85 : * Test 1: receiving a correct FINISH message from the requester with a
86 : * correct MAC, no signature (no mutual authentication), and 'handshake in
87 : * the clear'.
88 : * Expected behavior: the responder accepts the request and produces a valid
89 : * FINISH_RSP response message.
90 : **/
91 1 : void rsp_finish_rsp_case1(void **state)
92 : {
93 : libspdm_return_t status;
94 : libspdm_test_context_t *spdm_test_context;
95 : libspdm_context_t *spdm_context;
96 : size_t response_size;
97 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
98 : spdm_finish_response_t *spdm_response;
99 : void *data1;
100 : size_t data_size1;
101 : uint8_t *ptr;
102 : uint8_t *cert_buffer;
103 : size_t cert_buffer_size;
104 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
105 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
106 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
107 : libspdm_session_info_t *session_info;
108 : uint32_t session_id;
109 : uint32_t hash_size;
110 : uint32_t hmac_size;
111 :
112 1 : spdm_test_context = *state;
113 1 : spdm_context = spdm_test_context->spdm_context;
114 1 : spdm_test_context->case_id = 0x1;
115 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
116 : SPDM_VERSION_NUMBER_SHIFT_BIT;
117 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
118 1 : spdm_context->connection_info.capability.flags |=
119 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
120 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
121 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
122 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
123 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
124 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
125 : m_libspdm_use_measurement_hash_algo;
126 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
127 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
128 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
129 : m_libspdm_use_asym_algo, &data1,
130 : &data_size1, NULL, NULL);
131 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
132 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
133 :
134 1 : libspdm_reset_message_a(spdm_context);
135 :
136 1 : session_id = 0xFFFFFFFF;
137 1 : spdm_context->latest_session_id = session_id;
138 1 : session_info = &spdm_context->session_info[0];
139 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
140 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
141 1 : session_info->local_used_cert_chain_slot_id = 0;
142 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
143 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
144 1 : libspdm_secured_message_set_request_finished_key(
145 : session_info->secured_message_context, m_dummy_buffer,
146 : hash_size);
147 1 : libspdm_secured_message_set_session_state(
148 : session_info->secured_message_context,
149 : LIBSPDM_SESSION_STATE_HANDSHAKING);
150 :
151 1 : spdm_context->connection_info.capability.flags |=
152 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
153 1 : spdm_context->local_context.capability.flags |=
154 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
155 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
156 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
157 1 : ptr = m_libspdm_finish_request1.signature;
158 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
159 1 : cert_buffer = (uint8_t *)data1;
160 1 : cert_buffer_size = data_size1;
161 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
162 : /* transcript.message_a size is 0*/
163 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
164 : /* session_transcript.message_k is 0*/
165 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
166 : sizeof(spdm_finish_request_t));
167 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
168 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
169 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
170 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
171 : request_finished_key, hash_size, ptr);
172 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
173 1 : response_size = sizeof(response);
174 1 : status = libspdm_get_response_finish(spdm_context,
175 : m_libspdm_finish_request1_size,
176 : &m_libspdm_finish_request1,
177 : &response_size, response);
178 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
179 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
180 1 : spdm_response = (void *)response;
181 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
182 1 : free(data1);
183 1 : }
184 :
185 : /**
186 : * Test 2:
187 : * Expected behavior:
188 : **/
189 1 : void rsp_finish_rsp_case2(void **state)
190 : {
191 1 : }
192 :
193 : /**
194 : * Test 3: receiving a correct FINISH from the requester, but the
195 : * responder is in a Busy state.
196 : * Expected behavior: the responder accepts the request, but produces an
197 : * ERROR message indicating the Busy state.
198 : **/
199 1 : void rsp_finish_rsp_case3(void **state)
200 : {
201 : libspdm_return_t status;
202 : libspdm_test_context_t *spdm_test_context;
203 : libspdm_context_t *spdm_context;
204 : size_t response_size;
205 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
206 : spdm_finish_response_t *spdm_response;
207 : void *data1;
208 : size_t data_size1;
209 : uint8_t *ptr;
210 : uint8_t *cert_buffer;
211 : size_t cert_buffer_size;
212 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
213 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
214 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
215 : libspdm_session_info_t *session_info;
216 : uint32_t session_id;
217 : uint32_t hash_size;
218 : uint32_t hmac_size;
219 :
220 1 : spdm_test_context = *state;
221 1 : spdm_context = spdm_test_context->spdm_context;
222 1 : spdm_test_context->case_id = 0x3;
223 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
224 : SPDM_VERSION_NUMBER_SHIFT_BIT;
225 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
226 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
227 1 : spdm_context->connection_info.capability.flags |=
228 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
229 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
230 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
231 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
232 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
233 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
234 : m_libspdm_use_measurement_hash_algo;
235 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
236 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
237 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
238 : m_libspdm_use_asym_algo, &data1,
239 : &data_size1, NULL, NULL);
240 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
241 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
242 :
243 1 : libspdm_reset_message_a(spdm_context);
244 :
245 1 : session_id = 0xFFFFFFFF;
246 1 : spdm_context->latest_session_id = session_id;
247 1 : session_info = &spdm_context->session_info[0];
248 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
249 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
250 1 : session_info->local_used_cert_chain_slot_id = 0;
251 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
252 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
253 1 : libspdm_secured_message_set_request_finished_key(
254 : session_info->secured_message_context, m_dummy_buffer,
255 : hash_size);
256 1 : libspdm_secured_message_set_session_state(
257 : session_info->secured_message_context,
258 : LIBSPDM_SESSION_STATE_HANDSHAKING);
259 :
260 1 : spdm_context->connection_info.capability.flags |=
261 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
262 1 : spdm_context->local_context.capability.flags |=
263 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
264 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
265 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
266 1 : ptr = m_libspdm_finish_request1.signature;
267 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
268 1 : cert_buffer = (uint8_t *)data1;
269 1 : cert_buffer_size = data_size1;
270 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
271 : /* transcript.message_a size is 0*/
272 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
273 : /* session_transcript.message_k is 0*/
274 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
275 : sizeof(spdm_finish_request_t));
276 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
277 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
278 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
279 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
280 : request_finished_key, hash_size, ptr);
281 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
282 1 : response_size = sizeof(response);
283 1 : status = libspdm_get_response_finish(spdm_context,
284 : m_libspdm_finish_request1_size,
285 : &m_libspdm_finish_request1,
286 : &response_size, response);
287 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
288 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
289 1 : spdm_response = (void *)response;
290 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
291 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
292 1 : assert_int_equal(spdm_response->header.param2, 0);
293 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_BUSY);
294 1 : free(data1);
295 1 : }
296 :
297 : /**
298 : * Test 4: receiving a correct FINISH from the requester, but the responder
299 : * requires resynchronization with the requester.
300 : * Expected behavior: the responder accepts the request, but produces an
301 : * ERROR message indicating the NeedResynch state.
302 : **/
303 1 : void rsp_finish_rsp_case4(void **state)
304 : {
305 : libspdm_return_t status;
306 : libspdm_test_context_t *spdm_test_context;
307 : libspdm_context_t *spdm_context;
308 : size_t response_size;
309 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
310 : spdm_finish_response_t *spdm_response;
311 : void *data1;
312 : size_t data_size1;
313 : uint8_t *ptr;
314 : uint8_t *cert_buffer;
315 : size_t cert_buffer_size;
316 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
317 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
318 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
319 : libspdm_session_info_t *session_info;
320 : uint32_t session_id;
321 : uint32_t hash_size;
322 : uint32_t hmac_size;
323 :
324 1 : spdm_test_context = *state;
325 1 : spdm_context = spdm_test_context->spdm_context;
326 1 : spdm_test_context->case_id = 0x4;
327 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
328 : SPDM_VERSION_NUMBER_SHIFT_BIT;
329 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
330 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
331 1 : spdm_context->connection_info.capability.flags |=
332 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
333 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
334 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
335 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
336 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
337 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
338 : m_libspdm_use_measurement_hash_algo;
339 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
340 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
341 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
342 : m_libspdm_use_asym_algo, &data1,
343 : &data_size1, NULL, NULL);
344 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
345 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
346 :
347 1 : libspdm_reset_message_a(spdm_context);
348 :
349 1 : session_id = 0xFFFFFFFF;
350 1 : spdm_context->latest_session_id = session_id;
351 1 : session_info = &spdm_context->session_info[0];
352 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
353 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
354 1 : session_info->local_used_cert_chain_slot_id = 0;
355 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
356 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
357 1 : libspdm_secured_message_set_request_finished_key(
358 : session_info->secured_message_context, m_dummy_buffer,
359 : hash_size);
360 1 : libspdm_secured_message_set_session_state(
361 : session_info->secured_message_context,
362 : LIBSPDM_SESSION_STATE_HANDSHAKING);
363 :
364 1 : spdm_context->connection_info.capability.flags |=
365 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
366 1 : spdm_context->local_context.capability.flags |=
367 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
368 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
369 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
370 1 : ptr = m_libspdm_finish_request1.signature;
371 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
372 1 : cert_buffer = (uint8_t *)data1;
373 1 : cert_buffer_size = data_size1;
374 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
375 : /* transcript.message_a size is 0*/
376 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
377 : /* session_transcript.message_k is 0*/
378 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
379 : sizeof(spdm_finish_request_t));
380 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
381 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
382 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
383 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
384 : request_finished_key, hash_size, ptr);
385 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
386 1 : response_size = sizeof(response);
387 1 : status = libspdm_get_response_finish(spdm_context,
388 : m_libspdm_finish_request1_size,
389 : &m_libspdm_finish_request1,
390 : &response_size, response);
391 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
392 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
393 1 : spdm_response = (void *)response;
394 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
395 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_REQUEST_RESYNCH);
396 1 : assert_int_equal(spdm_response->header.param2, 0);
397 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
398 1 : free(data1);
399 1 : }
400 :
401 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
402 : /**
403 : * Test 5: receiving a correct FINISH from the requester, but the responder
404 : * could not produce the response in time.
405 : * Expected behavior: the responder accepts the request, but produces an
406 : * ERROR message indicating the ResponseNotReady state.
407 : **/
408 1 : void rsp_finish_rsp_case5(void **state)
409 : {
410 : libspdm_return_t status;
411 : libspdm_test_context_t *spdm_test_context;
412 : libspdm_context_t *spdm_context;
413 : size_t response_size;
414 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
415 : spdm_finish_response_t *spdm_response;
416 : void *data1;
417 : size_t data_size1;
418 : uint8_t *ptr;
419 : uint8_t *cert_buffer;
420 : size_t cert_buffer_size;
421 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
422 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
423 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
424 : libspdm_session_info_t *session_info;
425 : uint32_t session_id;
426 : uint32_t hash_size;
427 : uint32_t hmac_size;
428 : spdm_error_data_response_not_ready_t *error_data;
429 :
430 1 : spdm_test_context = *state;
431 1 : spdm_context = spdm_test_context->spdm_context;
432 1 : spdm_test_context->case_id = 0x5;
433 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
434 : SPDM_VERSION_NUMBER_SHIFT_BIT;
435 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
436 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
437 1 : spdm_context->connection_info.capability.flags |=
438 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
439 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
440 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
441 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
442 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
443 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
444 : m_libspdm_use_measurement_hash_algo;
445 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
446 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
447 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
448 : m_libspdm_use_asym_algo, &data1,
449 : &data_size1, NULL, NULL);
450 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
451 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
452 :
453 1 : libspdm_reset_message_a(spdm_context);
454 :
455 1 : session_id = 0xFFFFFFFF;
456 1 : spdm_context->latest_session_id = session_id;
457 1 : session_info = &spdm_context->session_info[0];
458 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
459 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
460 1 : session_info->local_used_cert_chain_slot_id = 0;
461 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
462 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
463 1 : libspdm_secured_message_set_request_finished_key(
464 : session_info->secured_message_context, m_dummy_buffer,
465 : hash_size);
466 1 : libspdm_secured_message_set_session_state(
467 : session_info->secured_message_context,
468 : LIBSPDM_SESSION_STATE_HANDSHAKING);
469 :
470 1 : spdm_context->connection_info.capability.flags |=
471 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
472 1 : spdm_context->local_context.capability.flags |=
473 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
474 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
475 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
476 1 : ptr = m_libspdm_finish_request1.signature;
477 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
478 1 : cert_buffer = (uint8_t *)data1;
479 1 : cert_buffer_size = data_size1;
480 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
481 : /* transcript.message_a size is 0*/
482 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
483 : /* session_transcript.message_k is 0*/
484 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
485 : sizeof(spdm_finish_request_t));
486 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
487 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
488 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
489 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
490 : request_finished_key, hash_size, ptr);
491 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
492 1 : response_size = sizeof(response);
493 1 : status = libspdm_get_response_finish(spdm_context,
494 : m_libspdm_finish_request1_size,
495 : &m_libspdm_finish_request1,
496 : &response_size, response);
497 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
498 1 : assert_int_equal(response_size,
499 : sizeof(spdm_error_response_t) +
500 : sizeof(spdm_error_data_response_not_ready_t));
501 1 : spdm_response = (void *)response;
502 1 : error_data = (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
503 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
504 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_RESPONSE_NOT_READY);
505 1 : assert_int_equal(spdm_response->header.param2, 0);
506 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_NOT_READY);
507 1 : assert_int_equal(error_data->request_code, SPDM_FINISH);
508 1 : free(data1);
509 1 : }
510 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
511 :
512 : /**
513 : * Test 6: receiving a correct FINISH from the requester, but the responder
514 : * is not set no receive a FINISH message because previous messages (namely,
515 : * GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or GET_DIGESTS) have not been
516 : * received.
517 : * Expected behavior: the responder rejects the request, and produces an
518 : * ERROR message indicating the UnexpectedRequest.
519 : **/
520 1 : void rsp_finish_rsp_case6(void **state)
521 : {
522 : libspdm_return_t status;
523 : libspdm_test_context_t *spdm_test_context;
524 : libspdm_context_t *spdm_context;
525 : size_t response_size;
526 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
527 : spdm_finish_response_t *spdm_response;
528 : void *data1;
529 : size_t data_size1;
530 : uint8_t *ptr;
531 : uint8_t *cert_buffer;
532 : size_t cert_buffer_size;
533 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
534 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
535 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
536 : libspdm_session_info_t *session_info;
537 : uint32_t session_id;
538 : uint32_t hash_size;
539 : uint32_t hmac_size;
540 :
541 1 : spdm_test_context = *state;
542 1 : spdm_context = spdm_test_context->spdm_context;
543 1 : spdm_test_context->case_id = 0x6;
544 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
545 : SPDM_VERSION_NUMBER_SHIFT_BIT;
546 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
547 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NOT_STARTED;
548 1 : spdm_context->connection_info.capability.flags |=
549 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
550 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
551 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
552 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
553 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
554 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
555 : m_libspdm_use_measurement_hash_algo;
556 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
557 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
558 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
559 : m_libspdm_use_asym_algo, &data1,
560 : &data_size1, NULL, NULL);
561 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
562 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
563 :
564 1 : libspdm_reset_message_a(spdm_context);
565 :
566 1 : session_id = 0xFFFFFFFF;
567 1 : spdm_context->latest_session_id = session_id;
568 1 : session_info = &spdm_context->session_info[0];
569 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
570 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
571 1 : session_info->local_used_cert_chain_slot_id = 0;
572 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
573 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
574 1 : libspdm_secured_message_set_request_finished_key(
575 : session_info->secured_message_context, m_dummy_buffer,
576 : hash_size);
577 1 : libspdm_secured_message_set_session_state(
578 : session_info->secured_message_context,
579 : LIBSPDM_SESSION_STATE_HANDSHAKING);
580 :
581 1 : spdm_context->connection_info.capability.flags |=
582 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
583 1 : spdm_context->local_context.capability.flags |=
584 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
585 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
586 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
587 1 : ptr = m_libspdm_finish_request1.signature;
588 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
589 1 : cert_buffer = (uint8_t *)data1;
590 1 : cert_buffer_size = data_size1;
591 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
592 : /* transcript.message_a size is 0*/
593 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
594 : /* session_transcript.message_k is 0*/
595 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
596 : sizeof(spdm_finish_request_t));
597 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
598 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
599 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
600 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
601 : request_finished_key, hash_size, ptr);
602 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
603 1 : response_size = sizeof(response);
604 1 : status = libspdm_get_response_finish(spdm_context,
605 : m_libspdm_finish_request1_size,
606 : &m_libspdm_finish_request1,
607 : &response_size, response);
608 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
609 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
610 1 : spdm_response = (void *)response;
611 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
612 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
613 1 : assert_int_equal(spdm_response->header.param2, 0);
614 1 : free(data1);
615 1 : }
616 :
617 1 : void rsp_finish_rsp_case7(void **state)
618 : {
619 : libspdm_return_t status;
620 : libspdm_test_context_t *spdm_test_context;
621 : libspdm_context_t *spdm_context;
622 : size_t response_size;
623 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
624 : spdm_finish_response_t *spdm_response;
625 : void *data1;
626 : size_t data_size1;
627 : uint8_t *ptr;
628 : uint8_t *cert_buffer;
629 : size_t cert_buffer_size;
630 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
631 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
632 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
633 : libspdm_session_info_t *session_info;
634 : uint32_t session_id;
635 : uint32_t hash_size;
636 : uint32_t hmac_size;
637 :
638 1 : spdm_test_context = *state;
639 1 : spdm_context = spdm_test_context->spdm_context;
640 1 : spdm_test_context->case_id = 0x7;
641 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
642 : SPDM_VERSION_NUMBER_SHIFT_BIT;
643 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
644 1 : spdm_context->connection_info.capability.flags |=
645 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
646 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
647 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
648 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
649 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
650 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
651 : m_libspdm_use_measurement_hash_algo;
652 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
653 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
654 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
655 : m_libspdm_use_asym_algo, &data1,
656 : &data_size1, NULL, NULL);
657 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
658 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
659 :
660 1 : libspdm_reset_message_a(spdm_context);
661 :
662 1 : session_id = 0xFFFFFFFF;
663 1 : spdm_context->latest_session_id = session_id;
664 1 : session_info = &spdm_context->session_info[0];
665 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
666 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
667 1 : session_info->local_used_cert_chain_slot_id = 0;
668 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
669 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
670 1 : libspdm_secured_message_set_request_finished_key(
671 : session_info->secured_message_context, m_dummy_buffer,
672 : hash_size);
673 1 : libspdm_secured_message_set_session_state(
674 : session_info->secured_message_context,
675 : LIBSPDM_SESSION_STATE_HANDSHAKING);
676 :
677 1 : spdm_context->connection_info.capability.flags |=
678 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
679 1 : spdm_context->local_context.capability.flags |=
680 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
681 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
682 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
683 1 : ptr = m_libspdm_finish_request1.signature;
684 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
685 1 : cert_buffer = (uint8_t *)data1;
686 1 : cert_buffer_size = data_size1;
687 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
688 : session_info->session_transcript.message_m.buffer_size =
689 : session_info->session_transcript.message_m.max_buffer_size;
690 : spdm_context->transcript.message_b.buffer_size =
691 : spdm_context->transcript.message_b.max_buffer_size;
692 : spdm_context->transcript.message_c.buffer_size =
693 : spdm_context->transcript.message_c.max_buffer_size;
694 : spdm_context->transcript.message_mut_b.buffer_size =
695 : spdm_context->transcript.message_mut_b.max_buffer_size;
696 : spdm_context->transcript.message_mut_c.buffer_size =
697 : spdm_context->transcript.message_mut_c.max_buffer_size;
698 : #endif
699 :
700 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
701 : /* transcript.message_a size is 0*/
702 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
703 : /* session_transcript.message_k is 0*/
704 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
705 : sizeof(spdm_finish_request_t));
706 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
707 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
708 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
709 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
710 : request_finished_key, hash_size, ptr);
711 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
712 1 : response_size = sizeof(response);
713 1 : status = libspdm_get_response_finish(spdm_context,
714 : m_libspdm_finish_request1_size,
715 : &m_libspdm_finish_request1,
716 : &response_size, response);
717 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
718 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
719 1 : spdm_response = (void *)response;
720 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
721 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
722 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
723 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
724 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
725 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
726 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
727 : #endif
728 :
729 1 : free(data1);
730 1 : }
731 :
732 :
733 : /**
734 : * Test 8: receiving a correct FINISH message from the requester with
735 : * correct MAC and signature (with mutual authentication), and 'handshake in
736 : * the clear'.
737 : * Expected behavior: the responder accepts the request and produces a valid
738 : * FINISH_RSP response message.
739 : **/
740 1 : void rsp_finish_rsp_case8(void **state)
741 : {
742 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
743 : libspdm_return_t status;
744 : libspdm_test_context_t *spdm_test_context;
745 : libspdm_context_t *spdm_context;
746 : size_t response_size;
747 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
748 : spdm_finish_response_t *spdm_response;
749 : void *data1;
750 : size_t data_size1;
751 : void *data2;
752 : size_t data_size2;
753 : uint8_t *ptr;
754 : uint8_t *cert_buffer;
755 : size_t cert_buffer_size;
756 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
757 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
758 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
759 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
760 : libspdm_session_info_t *session_info;
761 : uint32_t session_id;
762 : uint32_t hash_size;
763 : uint32_t hmac_size;
764 : size_t req_asym_signature_size;
765 :
766 1 : spdm_test_context = *state;
767 1 : spdm_context = spdm_test_context->spdm_context;
768 1 : spdm_test_context->case_id = 0x8;
769 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
770 : SPDM_VERSION_NUMBER_SHIFT_BIT;
771 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
772 1 : spdm_context->connection_info.capability.flags |=
773 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
774 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
775 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
776 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
777 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
778 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
779 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
780 : m_libspdm_use_measurement_hash_algo;
781 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
782 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
783 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
784 : m_libspdm_use_asym_algo, &data1,
785 : &data_size1, NULL, NULL);
786 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
787 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
788 :
789 1 : libspdm_reset_message_a(spdm_context);
790 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
791 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
792 : m_libspdm_use_req_asym_algo, &data2,
793 : &data_size2, NULL, NULL);
794 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
795 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
796 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
797 : data2, data_size2);
798 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
799 : #else
800 1 : libspdm_hash_all(
801 : spdm_context->connection_info.algorithm.base_hash_algo,
802 : data2, data_size2,
803 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
804 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
805 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
806 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
807 : spdm_context->connection_info.algorithm.base_hash_algo,
808 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
809 : data2,
810 : data_size2,
811 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
812 : #endif
813 :
814 1 : session_id = 0xFFFFFFFF;
815 1 : spdm_context->latest_session_id = session_id;
816 1 : session_info = &spdm_context->session_info[0];
817 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
818 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
819 1 : session_info->peer_used_cert_chain_slot_id = 0;
820 1 : session_info->local_used_cert_chain_slot_id = 0;
821 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
822 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
823 1 : libspdm_secured_message_set_request_finished_key(
824 : session_info->secured_message_context, m_dummy_buffer,
825 : hash_size);
826 1 : libspdm_secured_message_set_session_state(
827 : session_info->secured_message_context,
828 : LIBSPDM_SESSION_STATE_HANDSHAKING);
829 1 : session_info->mut_auth_requested = 1;
830 :
831 1 : spdm_context->connection_info.capability.flags |=
832 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
833 1 : spdm_context->local_context.capability.flags |=
834 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
835 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
836 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
837 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
838 1 : ptr = m_libspdm_finish_request3.signature;
839 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
840 1 : cert_buffer = (uint8_t *)data1;
841 1 : cert_buffer_size = data_size1;
842 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
843 1 : cert_buffer = (uint8_t *)data2;
844 1 : cert_buffer_size = data_size2;
845 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
846 : /* transcript.message_a size is 0*/
847 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
848 : /* session_transcript.message_k is 0*/
849 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
850 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
851 : sizeof(spdm_finish_request_t));
852 :
853 1 : libspdm_requester_data_sign(
854 : spdm_context,
855 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
856 : 0, SPDM_FINISH,
857 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
858 1 : false, libspdm_get_managed_buffer(&th_curr),
859 : libspdm_get_managed_buffer_size(&th_curr),
860 : ptr, &req_asym_signature_size);
861 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
862 1 : ptr += req_asym_signature_size;
863 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
864 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
865 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
866 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
867 : request_finished_key, hash_size, ptr);
868 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
869 1 : req_asym_signature_size + hmac_size;
870 1 : response_size = sizeof(response);
871 1 : status = libspdm_get_response_finish(spdm_context,
872 : m_libspdm_finish_request3_size,
873 : &m_libspdm_finish_request3,
874 : &response_size, response);
875 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
876 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
877 1 : spdm_response = (void *)response;
878 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
879 :
880 1 : g_key_exchange_start_mut_auth = 0;
881 1 : free(data1);
882 1 : free(data2);
883 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
884 1 : }
885 :
886 : /**
887 : * Test 9: receiving a correct FINISH message from the requester, but the
888 : * responder has no capabilities for key exchange.
889 : * Expected behavior: the responder refuses the FINISH message and produces
890 : * an ERROR message indicating the UnsupportedRequest.
891 : **/
892 1 : void rsp_finish_rsp_case9(void **state)
893 : {
894 : libspdm_return_t status;
895 : libspdm_test_context_t *spdm_test_context;
896 : libspdm_context_t *spdm_context;
897 : size_t response_size;
898 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
899 : spdm_finish_response_t *spdm_response;
900 : void *data1;
901 : size_t data_size1;
902 : uint8_t *ptr;
903 : uint8_t *cert_buffer;
904 : size_t cert_buffer_size;
905 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
906 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
907 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
908 : libspdm_session_info_t *session_info;
909 : uint32_t session_id;
910 : uint32_t hash_size;
911 : uint32_t hmac_size;
912 :
913 1 : spdm_test_context = *state;
914 1 : spdm_context = spdm_test_context->spdm_context;
915 1 : spdm_test_context->case_id = 0x9;
916 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
917 : SPDM_VERSION_NUMBER_SHIFT_BIT;
918 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
919 1 : spdm_context->connection_info.capability.flags = 0;
920 1 : spdm_context->local_context.capability.flags = 0;
921 1 : spdm_context->connection_info.capability.flags |=
922 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
923 : /* no key exchange capabilities (responder)*/
924 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
925 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
926 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
927 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
928 : m_libspdm_use_measurement_hash_algo;
929 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
930 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
931 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
932 : m_libspdm_use_asym_algo, &data1,
933 : &data_size1, NULL, NULL);
934 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
935 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
936 :
937 1 : libspdm_reset_message_a(spdm_context);
938 :
939 1 : session_id = 0xFFFFFFFF;
940 1 : spdm_context->latest_session_id = session_id;
941 1 : session_info = &spdm_context->session_info[0];
942 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
943 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
944 1 : session_info->local_used_cert_chain_slot_id = 0;
945 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
946 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
947 1 : libspdm_secured_message_set_request_finished_key(
948 : session_info->secured_message_context, m_dummy_buffer,
949 : hash_size);
950 1 : libspdm_secured_message_set_session_state(
951 : session_info->secured_message_context,
952 : LIBSPDM_SESSION_STATE_HANDSHAKING);
953 :
954 1 : spdm_context->connection_info.capability.flags |=
955 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
956 1 : spdm_context->local_context.capability.flags |=
957 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
958 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
959 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
960 1 : ptr = m_libspdm_finish_request1.signature;
961 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
962 1 : cert_buffer = (uint8_t *)data1;
963 1 : cert_buffer_size = data_size1;
964 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
965 : /* transcript.message_a size is 0*/
966 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
967 : /* session_transcript.message_k is 0*/
968 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
969 : sizeof(spdm_finish_request_t));
970 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
971 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
972 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
973 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
974 : request_finished_key, hash_size, ptr);
975 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
976 1 : response_size = sizeof(response);
977 1 : status = libspdm_get_response_finish(spdm_context,
978 : m_libspdm_finish_request1_size,
979 : &m_libspdm_finish_request1,
980 : &response_size, response);
981 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
982 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
983 1 : spdm_response = (void *)response;
984 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
985 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
986 1 : assert_int_equal(spdm_response->header.param2, SPDM_FINISH);
987 1 : free(data1);
988 1 : }
989 :
990 : /**
991 : * Test 10: receiving a correct FINISH message from the requester, but the
992 : * responder is not correctly setup by not initializing a session during
993 : * KEY_EXCHANGE.
994 : * Expected behavior: the responder refuses the FINISH message and produces
995 : * an ERROR message indicating the UnsupportedRequest.
996 : **/
997 1 : void rsp_finish_rsp_case10(void **state)
998 : {
999 : libspdm_return_t status;
1000 : libspdm_test_context_t *spdm_test_context;
1001 : libspdm_context_t *spdm_context;
1002 : size_t response_size;
1003 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1004 : spdm_finish_response_t *spdm_response;
1005 : void *data1;
1006 : size_t data_size1;
1007 : uint8_t *ptr;
1008 : uint8_t *cert_buffer;
1009 : size_t cert_buffer_size;
1010 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1011 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1012 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1013 : libspdm_session_info_t *session_info;
1014 : uint32_t session_id;
1015 : uint32_t hash_size;
1016 : uint32_t hmac_size;
1017 :
1018 1 : spdm_test_context = *state;
1019 1 : spdm_context = spdm_test_context->spdm_context;
1020 1 : spdm_test_context->case_id = 0xA;
1021 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1022 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1023 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1024 1 : spdm_context->connection_info.capability.flags |=
1025 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1026 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1027 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1028 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1029 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1030 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1031 : m_libspdm_use_measurement_hash_algo;
1032 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1033 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1034 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1035 : m_libspdm_use_asym_algo, &data1,
1036 : &data_size1, NULL, NULL);
1037 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1038 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1039 :
1040 1 : libspdm_reset_message_a(spdm_context);
1041 :
1042 1 : session_id = 0xFFFFFFFF;
1043 1 : spdm_context->latest_session_id = session_id;
1044 1 : session_info = &spdm_context->session_info[0];
1045 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1046 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1047 1 : session_info->local_used_cert_chain_slot_id = 0;
1048 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1049 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1050 1 : libspdm_secured_message_set_request_finished_key(
1051 : session_info->secured_message_context, m_dummy_buffer,
1052 : hash_size);
1053 1 : libspdm_secured_message_set_session_state(
1054 : session_info->secured_message_context,
1055 : LIBSPDM_SESSION_STATE_NOT_STARTED);
1056 :
1057 1 : spdm_context->connection_info.capability.flags |=
1058 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1059 1 : spdm_context->local_context.capability.flags |=
1060 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1061 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1062 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1063 1 : ptr = m_libspdm_finish_request1.signature;
1064 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1065 1 : cert_buffer = (uint8_t *)data1;
1066 1 : cert_buffer_size = data_size1;
1067 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1068 : /* transcript.message_a size is 0*/
1069 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1070 : /* session_transcript.message_k is 0*/
1071 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1072 : sizeof(spdm_finish_request_t));
1073 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1074 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1075 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1076 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1077 : request_finished_key, hash_size, ptr);
1078 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1079 1 : response_size = sizeof(response);
1080 1 : status = libspdm_get_response_finish(spdm_context,
1081 : m_libspdm_finish_request1_size,
1082 : &m_libspdm_finish_request1,
1083 : &response_size, response);
1084 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1085 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1086 1 : spdm_response = (void *)response;
1087 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1088 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
1089 1 : assert_int_equal(spdm_response->header.param2, 0);
1090 1 : free(data1);
1091 1 : }
1092 :
1093 : /**
1094 : * Test 11: receiving a FINISH message from the requester with an incorrect
1095 : * MAC (all-zero).
1096 : * Expected behavior: the responder refuses the FINISH message and produces
1097 : * an ERROR message indicating the DecryptError.
1098 : **/
1099 1 : void rsp_finish_rsp_case11(void **state)
1100 : {
1101 : libspdm_return_t status;
1102 : libspdm_test_context_t *spdm_test_context;
1103 : libspdm_context_t *spdm_context;
1104 : size_t response_size;
1105 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1106 : spdm_finish_response_t *spdm_response;
1107 : void *data1;
1108 : size_t data_size1;
1109 : uint8_t *ptr;
1110 : libspdm_session_info_t *session_info;
1111 : uint32_t session_id;
1112 : uint32_t hash_size;
1113 : uint32_t hmac_size;
1114 :
1115 1 : spdm_test_context = *state;
1116 1 : spdm_context = spdm_test_context->spdm_context;
1117 1 : spdm_test_context->case_id = 0xB;
1118 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1119 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1120 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1121 1 : spdm_context->connection_info.capability.flags |=
1122 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1123 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1124 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1125 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1126 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1127 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1128 : m_libspdm_use_measurement_hash_algo;
1129 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1130 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1131 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1132 : m_libspdm_use_asym_algo, &data1,
1133 : &data_size1, NULL, NULL);
1134 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1135 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1136 :
1137 1 : libspdm_reset_message_a(spdm_context);
1138 :
1139 1 : session_id = 0xFFFFFFFF;
1140 1 : spdm_context->latest_session_id = session_id;
1141 1 : session_info = &spdm_context->session_info[0];
1142 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1143 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1144 1 : session_info->local_used_cert_chain_slot_id = 0;
1145 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1146 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1147 1 : libspdm_secured_message_set_request_finished_key(
1148 : session_info->secured_message_context, m_dummy_buffer,
1149 : hash_size);
1150 1 : libspdm_secured_message_set_session_state(
1151 : session_info->secured_message_context,
1152 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1153 :
1154 1 : spdm_context->connection_info.capability.flags |=
1155 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1156 1 : spdm_context->local_context.capability.flags |=
1157 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1158 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1159 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1160 1 : ptr = m_libspdm_finish_request1.signature;
1161 1 : libspdm_set_mem(ptr, hmac_size, (uint8_t)(0x00)); /*all-zero MAC*/
1162 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1163 1 : response_size = sizeof(response);
1164 1 : status = libspdm_get_response_finish(spdm_context,
1165 : m_libspdm_finish_request1_size,
1166 : &m_libspdm_finish_request1,
1167 : &response_size, response);
1168 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1169 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1170 1 : spdm_response = (void *)response;
1171 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1172 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_DECRYPT_ERROR);
1173 1 : assert_int_equal(spdm_response->header.param2, 0);
1174 1 : free(data1);
1175 1 : }
1176 :
1177 : /**
1178 : * Test 12: receiving a FINISH message from the requester with an incorrect
1179 : * MAC (arbitrary).
1180 : * Expected behavior: the responder refuses the FINISH message and produces
1181 : * an ERROR message indicating the DecryptError.
1182 : **/
1183 1 : void rsp_finish_rsp_case12(void **state)
1184 : {
1185 : libspdm_return_t status;
1186 : libspdm_test_context_t *spdm_test_context;
1187 : libspdm_context_t *spdm_context;
1188 : size_t response_size;
1189 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1190 : spdm_finish_response_t *spdm_response;
1191 : void *data1;
1192 : size_t data_size1;
1193 : uint8_t *ptr;
1194 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1195 : uint8_t zero_data[LIBSPDM_MAX_HASH_SIZE];
1196 : libspdm_session_info_t *session_info;
1197 : uint32_t session_id;
1198 : uint32_t hash_size;
1199 : uint32_t hmac_size;
1200 :
1201 1 : spdm_test_context = *state;
1202 1 : spdm_context = spdm_test_context->spdm_context;
1203 1 : spdm_test_context->case_id = 0xC;
1204 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1205 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1206 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1207 1 : spdm_context->connection_info.capability.flags |=
1208 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1209 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1210 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1211 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1212 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1213 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1214 : m_libspdm_use_measurement_hash_algo;
1215 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1216 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1217 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1218 : m_libspdm_use_asym_algo, &data1,
1219 : &data_size1, NULL, NULL);
1220 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1221 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1222 :
1223 1 : libspdm_reset_message_a(spdm_context);
1224 :
1225 1 : session_id = 0xFFFFFFFF;
1226 1 : spdm_context->latest_session_id = session_id;
1227 1 : session_info = &spdm_context->session_info[0];
1228 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1229 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1230 1 : session_info->local_used_cert_chain_slot_id = 0;
1231 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1232 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1233 1 : libspdm_secured_message_set_request_finished_key(
1234 : session_info->secured_message_context, m_dummy_buffer,
1235 : hash_size);
1236 1 : libspdm_secured_message_set_session_state(
1237 : session_info->secured_message_context,
1238 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1239 :
1240 1 : spdm_context->connection_info.capability.flags |=
1241 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1242 1 : spdm_context->local_context.capability.flags |=
1243 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1244 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1245 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1246 1 : ptr = m_libspdm_finish_request1.signature;
1247 : /*arbitrary MAC*/
1248 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1249 1 : libspdm_set_mem(zero_data, hash_size, (uint8_t)(0x00));
1250 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, zero_data, hash_size,
1251 : request_finished_key, hash_size, ptr);
1252 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1253 1 : response_size = sizeof(response);
1254 1 : status = libspdm_get_response_finish(spdm_context,
1255 : m_libspdm_finish_request1_size,
1256 : &m_libspdm_finish_request1,
1257 : &response_size, response);
1258 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1259 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1260 1 : spdm_response = (void *)response;
1261 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1262 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_DECRYPT_ERROR);
1263 1 : assert_int_equal(spdm_response->header.param2, 0);
1264 1 : free(data1);
1265 1 : }
1266 :
1267 : /**
1268 : * Test 13:
1269 : * Expected behavior:
1270 : **/
1271 1 : void rsp_finish_rsp_case13(void **state)
1272 : {
1273 1 : }
1274 :
1275 : /**
1276 : * Test 14: receiving a FINISH message from the requester with an incorrect
1277 : * MAC size (only the correct first half of the MAC).
1278 : * Expected behavior: the responder refuses the FINISH message and produces
1279 : * an ERROR message indicating the InvalidRequest.
1280 : **/
1281 1 : void rsp_finish_rsp_case14(void **state)
1282 : {
1283 : libspdm_return_t status;
1284 : libspdm_test_context_t *spdm_test_context;
1285 : libspdm_context_t *spdm_context;
1286 : size_t response_size;
1287 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1288 : spdm_finish_response_t *spdm_response;
1289 : void *data1;
1290 : size_t data_size1;
1291 : uint8_t *ptr;
1292 : uint8_t *cert_buffer;
1293 : size_t cert_buffer_size;
1294 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1295 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1296 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1297 : libspdm_session_info_t *session_info;
1298 : uint32_t session_id;
1299 : uint32_t hash_size;
1300 : uint32_t hmac_size;
1301 :
1302 1 : spdm_test_context = *state;
1303 1 : spdm_context = spdm_test_context->spdm_context;
1304 1 : spdm_test_context->case_id = 0xE;
1305 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1306 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1307 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1308 1 : spdm_context->connection_info.capability.flags |=
1309 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1310 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1311 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1312 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1313 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1314 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1315 : m_libspdm_use_measurement_hash_algo;
1316 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1317 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1318 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1319 : m_libspdm_use_asym_algo, &data1,
1320 : &data_size1, NULL, NULL);
1321 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1322 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1323 :
1324 1 : libspdm_reset_message_a(spdm_context);
1325 :
1326 1 : session_id = 0xFFFFFFFF;
1327 1 : spdm_context->latest_session_id = session_id;
1328 1 : session_info = &spdm_context->session_info[0];
1329 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1330 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1331 1 : session_info->local_used_cert_chain_slot_id = 0;
1332 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1333 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1334 1 : libspdm_secured_message_set_request_finished_key(
1335 : session_info->secured_message_context, m_dummy_buffer,
1336 : hash_size);
1337 1 : libspdm_secured_message_set_session_state(
1338 : session_info->secured_message_context,
1339 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1340 :
1341 1 : spdm_context->connection_info.capability.flags |=
1342 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1343 1 : spdm_context->local_context.capability.flags |=
1344 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1345 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1346 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1347 1 : ptr = m_libspdm_finish_request1.signature;
1348 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1349 1 : cert_buffer = (uint8_t *)data1;
1350 1 : cert_buffer_size = data_size1;
1351 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1352 : /* transcript.message_a size is 0*/
1353 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1354 : /* session_transcript.message_k is 0*/
1355 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1356 : sizeof(spdm_finish_request_t));
1357 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1358 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1359 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1360 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1361 : request_finished_key, hash_size, ptr);
1362 1 : libspdm_set_mem(ptr + hmac_size/2, hmac_size/2, (uint8_t) 0x00); /* half HMAC size*/
1363 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size/2;
1364 1 : response_size = sizeof(response);
1365 1 : status = libspdm_get_response_finish(spdm_context,
1366 : m_libspdm_finish_request1_size,
1367 : &m_libspdm_finish_request1,
1368 : &response_size, response);
1369 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1370 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1371 1 : spdm_response = (void *)response;
1372 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1373 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1374 1 : assert_int_equal(spdm_response->header.param2, 0);
1375 1 : free(data1);
1376 1 : }
1377 :
1378 : /**
1379 : * Test 15: receiving a FINISH message from the requester with an incorrect
1380 : * signature (all-zero), but a correct MAC.
1381 : * Expected behavior: the responder refuses the FINISH message and produces
1382 : * an ERROR message indicating the DecryptError.
1383 : **/
1384 1 : void rsp_finish_rsp_case15(void **state)
1385 : {
1386 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1387 : libspdm_return_t status;
1388 : libspdm_test_context_t *spdm_test_context;
1389 : libspdm_context_t *spdm_context;
1390 : size_t response_size;
1391 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1392 : spdm_finish_response_t *spdm_response;
1393 : void *data1;
1394 : size_t data_size1;
1395 : void *data2;
1396 : size_t data_size2;
1397 : uint8_t *ptr;
1398 : uint8_t *cert_buffer;
1399 : size_t cert_buffer_size;
1400 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1401 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1402 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1403 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1404 : libspdm_session_info_t *session_info;
1405 : uint32_t session_id;
1406 : uint32_t hash_size;
1407 : uint32_t hmac_size;
1408 : size_t req_asym_signature_size;
1409 :
1410 1 : spdm_test_context = *state;
1411 1 : spdm_context = spdm_test_context->spdm_context;
1412 1 : spdm_test_context->case_id = 0xF;
1413 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1414 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1415 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1416 1 : spdm_context->connection_info.capability.flags |=
1417 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1418 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1419 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1420 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1421 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
1422 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1423 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1424 : m_libspdm_use_measurement_hash_algo;
1425 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1426 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1427 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1428 : m_libspdm_use_asym_algo, &data1,
1429 : &data_size1, NULL, NULL);
1430 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1431 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1432 :
1433 1 : libspdm_reset_message_a(spdm_context);
1434 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
1435 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1436 : m_libspdm_use_req_asym_algo, &data2,
1437 : &data_size2, NULL, NULL);
1438 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1439 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1440 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1441 : data2, data_size2);
1442 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
1443 : #endif
1444 :
1445 1 : session_id = 0xFFFFFFFF;
1446 1 : spdm_context->latest_session_id = session_id;
1447 1 : session_info = &spdm_context->session_info[0];
1448 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1449 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1450 1 : session_info->local_used_cert_chain_slot_id = 0;
1451 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1452 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1453 1 : libspdm_secured_message_set_request_finished_key(
1454 : session_info->secured_message_context, m_dummy_buffer,
1455 : hash_size);
1456 1 : libspdm_secured_message_set_session_state(
1457 : session_info->secured_message_context,
1458 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1459 1 : session_info->mut_auth_requested = 1;
1460 :
1461 1 : spdm_context->connection_info.capability.flags |=
1462 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1463 1 : spdm_context->local_context.capability.flags |=
1464 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1465 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1466 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1467 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1468 1 : ptr = m_libspdm_finish_request3.signature;
1469 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1470 1 : cert_buffer = (uint8_t *)data1;
1471 1 : cert_buffer_size = data_size1;
1472 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1473 1 : cert_buffer = (uint8_t *)data2;
1474 1 : cert_buffer_size = data_size2;
1475 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
1476 : /* transcript.message_a size is 0*/
1477 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1478 : /* session_transcript.message_k is 0*/
1479 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1480 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
1481 : sizeof(spdm_finish_request_t));
1482 :
1483 1 : libspdm_requester_data_sign(
1484 : spdm_context,
1485 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1486 : 0, SPDM_FINISH,
1487 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
1488 1 : false, libspdm_get_managed_buffer(&th_curr),
1489 : libspdm_get_managed_buffer_size(&th_curr),
1490 : ptr, &req_asym_signature_size);
1491 :
1492 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1493 1 : ptr += req_asym_signature_size;
1494 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1495 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1496 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1497 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1498 : request_finished_key, hash_size, ptr);
1499 1 : libspdm_set_mem(m_libspdm_finish_request3.signature,
1500 : req_asym_signature_size, (uint8_t) 0x00); /*zero signature*/
1501 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
1502 1 : req_asym_signature_size + hmac_size;
1503 1 : response_size = sizeof(response);
1504 1 : status = libspdm_get_response_finish(spdm_context,
1505 : m_libspdm_finish_request3_size,
1506 : &m_libspdm_finish_request3,
1507 : &response_size, response);
1508 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1509 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1510 1 : spdm_response = (void *)response;
1511 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1512 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_DECRYPT_ERROR);
1513 1 : assert_int_equal(spdm_response->header.param2, 0);
1514 :
1515 1 : g_key_exchange_start_mut_auth = 0;
1516 1 : free(data1);
1517 1 : free(data2);
1518 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
1519 1 : }
1520 :
1521 : /**
1522 : * Test 16: receiving a FINISH message from the requester with an incorrect
1523 : * signature (arbitrary), but a correct MAC.
1524 : * Expected behavior: the responder refuses the FINISH message and produces
1525 : * an ERROR message indicating the DecryptError.
1526 : **/
1527 1 : void rsp_finish_rsp_case16(void **state)
1528 : {
1529 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1530 : libspdm_return_t status;
1531 : libspdm_test_context_t *spdm_test_context;
1532 : libspdm_context_t *spdm_context;
1533 : size_t response_size;
1534 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1535 : spdm_finish_response_t *spdm_response;
1536 : void *data1;
1537 : size_t data_size1;
1538 : void *data2;
1539 : size_t data_size2;
1540 : uint8_t *ptr;
1541 : uint8_t *cert_buffer;
1542 : size_t cert_buffer_size;
1543 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1544 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1545 : uint8_t random_buffer[LIBSPDM_MAX_HASH_SIZE];
1546 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1547 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1548 : libspdm_session_info_t *session_info;
1549 : uint32_t session_id;
1550 : uint32_t hash_size;
1551 : uint32_t hmac_size;
1552 : size_t req_asym_signature_size;
1553 :
1554 1 : spdm_test_context = *state;
1555 1 : spdm_context = spdm_test_context->spdm_context;
1556 1 : spdm_test_context->case_id = 0x10;
1557 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1558 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1559 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1560 1 : spdm_context->connection_info.capability.flags |=
1561 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1562 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1563 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1564 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1565 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
1566 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1567 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1568 : m_libspdm_use_measurement_hash_algo;
1569 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1570 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1571 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1572 : m_libspdm_use_asym_algo, &data1,
1573 : &data_size1, NULL, NULL);
1574 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1575 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1576 :
1577 1 : libspdm_reset_message_a(spdm_context);
1578 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
1579 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1580 : m_libspdm_use_req_asym_algo, &data2,
1581 : &data_size2, NULL, NULL);
1582 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1583 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1584 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1585 : data2, data_size2);
1586 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
1587 : #endif
1588 :
1589 1 : session_id = 0xFFFFFFFF;
1590 1 : spdm_context->latest_session_id = session_id;
1591 1 : session_info = &spdm_context->session_info[0];
1592 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1593 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1594 1 : session_info->local_used_cert_chain_slot_id = 0;
1595 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1596 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1597 1 : libspdm_secured_message_set_request_finished_key(
1598 : session_info->secured_message_context, m_dummy_buffer,
1599 : hash_size);
1600 1 : libspdm_secured_message_set_session_state(
1601 : session_info->secured_message_context,
1602 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1603 1 : session_info->mut_auth_requested = 1;
1604 :
1605 1 : spdm_context->connection_info.capability.flags |=
1606 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1607 1 : spdm_context->local_context.capability.flags |=
1608 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1609 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1610 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1611 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1612 1 : ptr = m_libspdm_finish_request3.signature;
1613 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1614 1 : cert_buffer = (uint8_t *)data1;
1615 1 : cert_buffer_size = data_size1;
1616 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1617 1 : cert_buffer = (uint8_t *)data2;
1618 1 : cert_buffer_size = data_size2;
1619 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
1620 : /* transcript.message_a size is 0*/
1621 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1622 : /* session_transcript.message_k is 0*/
1623 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1624 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
1625 : sizeof(spdm_finish_request_t));
1626 : /*randomize signature*/
1627 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1628 : libspdm_get_managed_buffer_size(&th_curr), random_buffer);
1629 :
1630 1 : libspdm_requester_data_sign(
1631 : spdm_context,
1632 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1633 : 0, SPDM_FINISH,
1634 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
1635 : false, random_buffer, hash_size, ptr, &req_asym_signature_size);
1636 :
1637 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1638 1 : ptr += req_asym_signature_size;
1639 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1640 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1641 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1642 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1643 : request_finished_key, hash_size, ptr);
1644 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
1645 1 : req_asym_signature_size + hmac_size;
1646 1 : response_size = sizeof(response);
1647 1 : status = libspdm_get_response_finish(spdm_context,
1648 : m_libspdm_finish_request3_size,
1649 : &m_libspdm_finish_request3,
1650 : &response_size, response);
1651 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1652 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1653 1 : spdm_response = (void *)response;
1654 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1655 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_DECRYPT_ERROR);
1656 1 : assert_int_equal(spdm_response->header.param2, 0);
1657 :
1658 1 : g_key_exchange_start_mut_auth = 0;
1659 1 : free(data1);
1660 1 : free(data2);
1661 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
1662 1 : }
1663 :
1664 : /**
1665 : * Test 17: receiving a correct FINISH from the requester.
1666 : * Expected behavior: the responder accepts the request and produces a valid FINISH
1667 : * response message, and buffer F receives the exchanged FINISH and FINISH_RSP messages.
1668 : **/
1669 1 : void rsp_finish_rsp_case17(void **state)
1670 : {
1671 : libspdm_return_t status;
1672 : libspdm_test_context_t *spdm_test_context;
1673 : libspdm_context_t *spdm_context;
1674 : size_t response_size;
1675 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1676 : spdm_finish_response_t *spdm_response;
1677 : void *data1;
1678 : size_t data_size1;
1679 : uint8_t *ptr;
1680 : uint8_t *cert_buffer;
1681 : size_t cert_buffer_size;
1682 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1683 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1684 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1685 : libspdm_session_info_t *session_info;
1686 : uint32_t session_id;
1687 : uint32_t hash_size;
1688 : uint32_t hmac_size;
1689 :
1690 1 : spdm_test_context = *state;
1691 1 : spdm_context = spdm_test_context->spdm_context;
1692 1 : spdm_test_context->case_id = 0x11;
1693 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1694 1 : spdm_context->connection_info.capability.flags |=
1695 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1696 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1697 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1698 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1699 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1700 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1701 : m_libspdm_use_measurement_hash_algo;
1702 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1703 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1704 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1705 : m_libspdm_use_asym_algo, &data1,
1706 : &data_size1, NULL, NULL);
1707 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1708 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1709 :
1710 1 : libspdm_reset_message_a(spdm_context);
1711 :
1712 1 : session_id = 0xFFFFFFFF;
1713 1 : spdm_context->latest_session_id = session_id;
1714 1 : session_info = &spdm_context->session_info[0];
1715 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1716 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1717 1 : session_info->local_used_cert_chain_slot_id = 0;
1718 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1719 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1720 1 : libspdm_secured_message_set_request_finished_key(
1721 : session_info->secured_message_context, m_dummy_buffer, hash_size);
1722 1 : libspdm_secured_message_set_session_state(
1723 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1724 :
1725 1 : spdm_context->connection_info.capability.flags |=
1726 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1727 1 : spdm_context->local_context.capability.flags |=
1728 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1729 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1730 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1731 1 : ptr = m_libspdm_finish_request1.signature;
1732 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1733 1 : cert_buffer = (uint8_t *)data1;
1734 1 : cert_buffer_size = data_size1;
1735 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1736 : /* transcript.message_a size is 0*/
1737 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1738 : /* session_transcript.message_k is 0*/
1739 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1740 : sizeof(spdm_finish_request_t));
1741 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1742 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1743 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1744 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1745 : request_finished_key, hash_size, ptr);
1746 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1747 1 : response_size = sizeof(response);
1748 1 : status = libspdm_get_response_finish(
1749 : spdm_context, m_libspdm_finish_request1_size, &m_libspdm_finish_request1,
1750 : &response_size, response);
1751 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1752 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
1753 1 : spdm_response = (void *)response;
1754 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
1755 :
1756 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1757 : assert_int_equal(spdm_context->session_info[0].session_transcript.message_f.buffer_size,
1758 : m_libspdm_finish_request1_size + response_size);
1759 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer,
1760 : &m_libspdm_finish_request1, m_libspdm_finish_request1_size);
1761 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer +
1762 : m_libspdm_finish_request1_size,
1763 : response, response_size);
1764 : #endif
1765 :
1766 1 : free(data1);
1767 1 : }
1768 :
1769 : /**
1770 : * Test 18: receiving a correct FINISH message from the requester with
1771 : * correct MAC and signature (with mutual authentication), and 'handshake in
1772 : * the clear'. The slot_id for requester mutual authentication is 0xFF.
1773 : * Expected behavior: the responder accepts the request and produces a valid
1774 : * FINISH_RSP response message.
1775 : **/
1776 1 : void rsp_finish_rsp_case18(void **state)
1777 : {
1778 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1779 : libspdm_return_t status;
1780 : libspdm_test_context_t *spdm_test_context;
1781 : libspdm_context_t *spdm_context;
1782 : size_t response_size;
1783 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1784 : spdm_finish_response_t *spdm_response;
1785 : void *data1;
1786 : size_t data_size1;
1787 : void *data2;
1788 : size_t data_size2;
1789 : uint8_t *ptr;
1790 : uint8_t *cert_buffer;
1791 : size_t cert_buffer_size;
1792 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1793 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1794 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1795 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1796 : libspdm_session_info_t *session_info;
1797 : uint32_t session_id;
1798 : uint32_t hash_size;
1799 : uint32_t hmac_size;
1800 : size_t req_asym_signature_size;
1801 :
1802 1 : spdm_test_context = *state;
1803 1 : spdm_context = spdm_test_context->spdm_context;
1804 1 : spdm_test_context->case_id = 0x12;
1805 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1806 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1807 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1808 1 : spdm_context->connection_info.capability.flags |=
1809 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1810 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1811 1 : spdm_context->connection_info.capability.flags |=
1812 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP;
1813 1 : spdm_context->local_context.capability.flags |=
1814 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP;
1815 1 : spdm_context->connection_info.capability.flags |=
1816 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1817 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1818 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1819 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
1820 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1821 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1822 1 : libspdm_read_responder_public_key(m_libspdm_use_asym_algo, &data1, &data_size1);
1823 1 : spdm_context->local_context.local_public_key_provision = data1;
1824 1 : spdm_context->local_context.local_public_key_provision_size = data_size1;
1825 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
1826 1 : libspdm_read_requester_public_key(m_libspdm_use_req_asym_algo, &data2, &data_size2);
1827 1 : spdm_context->local_context.peer_public_key_provision = data2;
1828 1 : spdm_context->local_context.peer_public_key_provision_size = data_size2;
1829 :
1830 1 : spdm_context->encap_context.req_slot_id = 0xFF;
1831 :
1832 1 : libspdm_reset_message_a(spdm_context);
1833 :
1834 1 : session_id = 0xFFFFFFFF;
1835 1 : spdm_context->latest_session_id = session_id;
1836 1 : session_info = &spdm_context->session_info[0];
1837 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1838 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1839 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1840 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1841 1 : libspdm_secured_message_set_request_finished_key(
1842 : session_info->secured_message_context, m_dummy_buffer,
1843 : hash_size);
1844 1 : libspdm_secured_message_set_session_state(
1845 : session_info->secured_message_context,
1846 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1847 1 : session_info->mut_auth_requested = 1;
1848 1 : session_info->local_used_cert_chain_slot_id = 0xFF;
1849 1 : session_info->peer_used_cert_chain_slot_id = 0xFF;
1850 :
1851 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1852 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1853 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1854 1 : ptr = m_libspdm_finish_request4.signature;
1855 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1856 1 : cert_buffer = (uint8_t *)data1;
1857 1 : cert_buffer_size = data_size1;
1858 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1859 1 : cert_buffer = (uint8_t *)data2;
1860 1 : cert_buffer_size = data_size2;
1861 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
1862 : /* transcript.message_a size is 0*/
1863 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1864 : /* session_transcript.message_k is 0*/
1865 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1866 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request4,
1867 : sizeof(spdm_finish_request_t));
1868 :
1869 1 : libspdm_requester_data_sign(
1870 : spdm_context,
1871 1 : m_libspdm_finish_request4.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1872 : 0, SPDM_FINISH,
1873 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
1874 1 : false, libspdm_get_managed_buffer(&th_curr),
1875 : libspdm_get_managed_buffer_size(&th_curr),
1876 : ptr, &req_asym_signature_size);
1877 :
1878 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1879 1 : ptr += req_asym_signature_size;
1880 :
1881 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1882 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1883 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1884 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1885 : request_finished_key, hash_size, ptr);
1886 1 : m_libspdm_finish_request4_size = sizeof(spdm_finish_request_t) +
1887 1 : req_asym_signature_size + hmac_size;
1888 1 : response_size = sizeof(response);
1889 1 : status = libspdm_get_response_finish(spdm_context,
1890 : m_libspdm_finish_request4_size,
1891 : &m_libspdm_finish_request4,
1892 : &response_size, response);
1893 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1894 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
1895 1 : spdm_response = (void *)response;
1896 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
1897 :
1898 1 : g_key_exchange_start_mut_auth = 0;
1899 1 : free(data1);
1900 1 : free(data2);
1901 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
1902 1 : }
1903 :
1904 : /**
1905 : * Test 19: receiving a invalid FINISH request message, enable mutual authentication without using the encapsulated request flow,
1906 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
1907 : * SlotID in FINISH request message is 10, but it shall be 0xFF or between 0 and 7 inclusive.
1908 : * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
1909 : **/
1910 1 : void rsp_finish_rsp_case19(void **state)
1911 : {
1912 : libspdm_return_t status;
1913 : libspdm_test_context_t *spdm_test_context;
1914 : libspdm_context_t *spdm_context;
1915 : size_t response_size;
1916 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1917 : spdm_finish_response_t *spdm_response;
1918 : void *data1;
1919 : size_t data_size1;
1920 : void *data2;
1921 : size_t data_size2;
1922 : uint8_t *ptr;
1923 : uint8_t *cert_buffer;
1924 : size_t cert_buffer_size;
1925 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1926 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1927 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1928 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1929 : libspdm_session_info_t *session_info;
1930 : uint32_t session_id;
1931 : uint32_t hash_size;
1932 : uint32_t hmac_size;
1933 : size_t req_asym_signature_size;
1934 :
1935 1 : spdm_test_context = *state;
1936 1 : spdm_context = spdm_test_context->spdm_context;
1937 1 : spdm_test_context->case_id = 0x13;
1938 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1939 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1940 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1941 1 : spdm_context->connection_info.capability.flags |=
1942 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1943 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1944 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1945 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1946 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
1947 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1948 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1949 : m_libspdm_use_measurement_hash_algo;
1950 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1951 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1952 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1953 : m_libspdm_use_asym_algo, &data1,
1954 : &data_size1, NULL, NULL);
1955 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1956 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1957 :
1958 1 : libspdm_reset_message_a(spdm_context);
1959 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
1960 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1961 : m_libspdm_use_req_asym_algo, &data2,
1962 : &data_size2, NULL, NULL);
1963 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1964 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1965 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1966 : data2, data_size2);
1967 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
1968 : #else
1969 1 : libspdm_hash_all(
1970 : spdm_context->connection_info.algorithm.base_hash_algo,
1971 : data2, data_size2,
1972 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
1973 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
1974 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
1975 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
1976 : spdm_context->connection_info.algorithm.base_hash_algo,
1977 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
1978 : data2,
1979 : data_size2,
1980 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
1981 : #endif
1982 :
1983 1 : session_id = 0xFFFFFFFF;
1984 1 : spdm_context->latest_session_id = session_id;
1985 1 : session_info = &spdm_context->session_info[0];
1986 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1987 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1988 1 : session_info->peer_used_cert_chain_slot_id = 0;
1989 1 : session_info->local_used_cert_chain_slot_id = 0;
1990 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1991 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1992 1 : libspdm_secured_message_set_request_finished_key(
1993 : session_info->secured_message_context, m_dummy_buffer,
1994 : hash_size);
1995 1 : libspdm_secured_message_set_session_state(
1996 : session_info->secured_message_context,
1997 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1998 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
1999 :
2000 1 : spdm_context->connection_info.capability.flags |=
2001 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2002 1 : spdm_context->local_context.capability.flags |=
2003 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2004 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2005 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2006 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2007 1 : ptr = m_libspdm_finish_request5.signature;
2008 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2009 1 : cert_buffer = (uint8_t *)data1;
2010 1 : cert_buffer_size = data_size1;
2011 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2012 1 : cert_buffer = (uint8_t *)data2;
2013 1 : cert_buffer_size = data_size2;
2014 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2015 : /* transcript.message_a size is 0*/
2016 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2017 : /* session_transcript.message_k is 0*/
2018 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2019 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request5,
2020 : sizeof(spdm_finish_request_t));
2021 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2022 1 : libspdm_requester_data_sign(
2023 : spdm_context,
2024 1 : m_libspdm_finish_request5.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2025 : 0, SPDM_FINISH,
2026 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2027 1 : false, libspdm_get_managed_buffer(&th_curr),
2028 : libspdm_get_managed_buffer_size(&th_curr),
2029 : ptr, &req_asym_signature_size);
2030 : #endif
2031 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2032 1 : ptr += req_asym_signature_size;
2033 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2034 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2035 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2036 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2037 : request_finished_key, hash_size, ptr);
2038 1 : m_libspdm_finish_request5_size = sizeof(spdm_finish_request_t) +
2039 1 : req_asym_signature_size + hmac_size;
2040 1 : response_size = sizeof(response);
2041 1 : status = libspdm_get_response_finish(spdm_context,
2042 : m_libspdm_finish_request5_size,
2043 : &m_libspdm_finish_request5,
2044 : &response_size, response);
2045 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2046 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2047 1 : spdm_response = (void *)response;
2048 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
2049 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
2050 1 : assert_int_equal(spdm_response->header.param2, 0);
2051 :
2052 1 : g_key_exchange_start_mut_auth = 0;
2053 1 : free(data1);
2054 1 : free(data2);
2055 1 : }
2056 :
2057 : /**
2058 : * Test 20: receiving a invalid FINISH request message, enable mutual authentication with using the encapsulated request flow,
2059 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x02.
2060 : * SlotID in FINISH request message is 3, but it shall match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
2061 : * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
2062 : **/
2063 1 : void rsp_finish_rsp_case20(void **state)
2064 : {
2065 : libspdm_return_t status;
2066 : libspdm_test_context_t *spdm_test_context;
2067 : libspdm_context_t *spdm_context;
2068 : size_t response_size;
2069 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2070 : spdm_finish_response_t *spdm_response;
2071 : void *data1;
2072 : size_t data_size1;
2073 : void *data2;
2074 : size_t data_size2;
2075 : uint8_t *ptr;
2076 : uint8_t *cert_buffer;
2077 : size_t cert_buffer_size;
2078 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2079 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2080 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2081 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2082 : libspdm_session_info_t *session_info;
2083 : uint32_t session_id;
2084 : uint32_t hash_size;
2085 : uint32_t hmac_size;
2086 : size_t req_asym_signature_size;
2087 :
2088 1 : spdm_test_context = *state;
2089 1 : spdm_context = spdm_test_context->spdm_context;
2090 1 : spdm_test_context->case_id = 0x14;
2091 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2092 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2093 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2094 1 : spdm_context->connection_info.capability.flags |=
2095 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2096 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2097 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2098 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2099 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
2100 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2101 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2102 : m_libspdm_use_measurement_hash_algo;
2103 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2104 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2105 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2106 : m_libspdm_use_asym_algo, &data1,
2107 : &data_size1, NULL, NULL);
2108 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2109 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2110 :
2111 1 : libspdm_reset_message_a(spdm_context);
2112 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
2113 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2114 : m_libspdm_use_req_asym_algo, &data2,
2115 : &data_size2, NULL, NULL);
2116 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2117 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2118 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2119 : data2, data_size2);
2120 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2121 : #else
2122 1 : libspdm_hash_all(
2123 : spdm_context->connection_info.algorithm.base_hash_algo,
2124 : data2, data_size2,
2125 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2126 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2127 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2128 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2129 : spdm_context->connection_info.algorithm.base_hash_algo,
2130 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2131 : data2,
2132 : data_size2,
2133 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2134 : #endif
2135 :
2136 1 : session_id = 0xFFFFFFFF;
2137 1 : spdm_context->latest_session_id = session_id;
2138 1 : session_info = &spdm_context->session_info[0];
2139 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2140 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2141 1 : session_info->peer_used_cert_chain_slot_id = 0;
2142 1 : session_info->local_used_cert_chain_slot_id = 0;
2143 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2144 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2145 1 : libspdm_secured_message_set_request_finished_key(
2146 : session_info->secured_message_context, m_dummy_buffer,
2147 : hash_size);
2148 1 : libspdm_secured_message_set_session_state(
2149 : session_info->secured_message_context,
2150 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2151 1 : session_info->mut_auth_requested =
2152 : SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
2153 :
2154 1 : spdm_context->connection_info.capability.flags |=
2155 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2156 1 : spdm_context->local_context.capability.flags |=
2157 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2158 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2159 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2160 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2161 1 : ptr = m_libspdm_finish_request7.signature;
2162 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2163 1 : cert_buffer = (uint8_t *)data1;
2164 1 : cert_buffer_size = data_size1;
2165 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2166 1 : cert_buffer = (uint8_t *)data2;
2167 1 : cert_buffer_size = data_size2;
2168 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2169 : /* transcript.message_a size is 0*/
2170 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2171 : /* session_transcript.message_k is 0*/
2172 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2173 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
2174 : sizeof(spdm_finish_request_t));
2175 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2176 1 : libspdm_requester_data_sign(
2177 : spdm_context,
2178 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2179 : 0, SPDM_FINISH,
2180 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2181 1 : false, libspdm_get_managed_buffer(&th_curr),
2182 : libspdm_get_managed_buffer_size(&th_curr),
2183 : ptr, &req_asym_signature_size);
2184 : #endif
2185 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2186 1 : ptr += req_asym_signature_size;
2187 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2188 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2189 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2190 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2191 : request_finished_key, hash_size, ptr);
2192 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2193 1 : req_asym_signature_size + hmac_size;
2194 1 : response_size = sizeof(response);
2195 1 : status = libspdm_get_response_finish(spdm_context,
2196 : m_libspdm_finish_request7_size,
2197 : &m_libspdm_finish_request7,
2198 : &response_size, response);
2199 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2200 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2201 1 : spdm_response = (void *)response;
2202 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
2203 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
2204 1 : assert_int_equal(spdm_response->header.param2, 0);
2205 :
2206 1 : g_key_exchange_start_mut_auth = 0;
2207 1 : free(data1);
2208 1 : free(data2);
2209 1 : }
2210 :
2211 : /**
2212 : * Test 21: receiving a valid FINISH request message, due to disable mutual authentication,
2213 : * although SlotID in FINISH request message is 10, it shall be ignored when read.
2214 : * Expected behavior: the responder accepts the request and produces a valid
2215 : * FINISH_RSP response message.
2216 : **/
2217 1 : void rsp_finish_rsp_case21(void **state)
2218 : {
2219 : libspdm_return_t status;
2220 : libspdm_test_context_t *spdm_test_context;
2221 : libspdm_context_t *spdm_context;
2222 : size_t response_size;
2223 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2224 : spdm_finish_response_t *spdm_response;
2225 : void *data1;
2226 : size_t data_size1;
2227 : uint8_t *ptr;
2228 : uint8_t *cert_buffer;
2229 : size_t cert_buffer_size;
2230 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2231 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2232 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2233 : libspdm_session_info_t *session_info;
2234 : uint32_t session_id;
2235 : uint32_t hash_size;
2236 : uint32_t hmac_size;
2237 :
2238 1 : spdm_test_context = *state;
2239 1 : spdm_context = spdm_test_context->spdm_context;
2240 1 : spdm_test_context->case_id = 0x15;
2241 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2242 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2243 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2244 1 : spdm_context->connection_info.capability.flags |=
2245 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2246 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2247 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2248 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2249 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2250 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2251 : m_libspdm_use_measurement_hash_algo;
2252 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2253 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2254 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2255 : m_libspdm_use_asym_algo, &data1,
2256 : &data_size1, NULL, NULL);
2257 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2258 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2259 :
2260 1 : libspdm_reset_message_a(spdm_context);
2261 :
2262 1 : session_id = 0xFFFFFFFF;
2263 1 : spdm_context->latest_session_id = session_id;
2264 1 : session_info = &spdm_context->session_info[0];
2265 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2266 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2267 1 : session_info->local_used_cert_chain_slot_id = 0;
2268 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2269 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2270 1 : libspdm_secured_message_set_request_finished_key(
2271 : session_info->secured_message_context, m_dummy_buffer,
2272 : hash_size);
2273 1 : libspdm_secured_message_set_session_state(
2274 : session_info->secured_message_context,
2275 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2276 1 : session_info->mut_auth_requested = 0;
2277 :
2278 1 : spdm_context->connection_info.capability.flags |=
2279 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2280 1 : spdm_context->local_context.capability.flags |=
2281 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2282 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2283 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2284 1 : ptr = m_libspdm_finish_request6.signature;
2285 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2286 1 : cert_buffer = (uint8_t *)data1;
2287 1 : cert_buffer_size = data_size1;
2288 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2289 : /* transcript.message_a size is 0*/
2290 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2291 : /* session_transcript.message_k is 0*/
2292 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request6,
2293 : sizeof(spdm_finish_request_t));
2294 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2295 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2296 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2297 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2298 : request_finished_key, hash_size, ptr);
2299 1 : m_libspdm_finish_request6_size = sizeof(spdm_finish_request_t) + hmac_size;
2300 1 : response_size = sizeof(response);
2301 1 : status = libspdm_get_response_finish(spdm_context,
2302 : m_libspdm_finish_request6_size,
2303 : &m_libspdm_finish_request6,
2304 : &response_size, response);
2305 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2306 1 : spdm_response = (void *)response;
2307 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
2308 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
2309 1 : free(data1);
2310 1 : }
2311 :
2312 : /**
2313 : * Test 22: receiving a valid FINISH request message, enable mutual authentication without using the encapsulated request flow,
2314 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
2315 : * although SlotID in FINISH request message is 3, it no need match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
2316 : * Expected behavior: the responder accepts the request and produces a valid
2317 : * FINISH_RSP response message.
2318 : **/
2319 1 : void rsp_finish_rsp_case22(void **state)
2320 : {
2321 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2322 : libspdm_return_t status;
2323 : libspdm_test_context_t *spdm_test_context;
2324 : libspdm_context_t *spdm_context;
2325 : size_t response_size;
2326 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2327 : spdm_finish_response_t *spdm_response;
2328 : void *data1;
2329 : size_t data_size1;
2330 : void *data2;
2331 : size_t data_size2;
2332 : uint8_t *ptr;
2333 : uint8_t *cert_buffer;
2334 : size_t cert_buffer_size;
2335 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2336 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2337 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2338 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2339 : libspdm_session_info_t *session_info;
2340 : uint32_t session_id;
2341 : uint32_t hash_size;
2342 : uint32_t hmac_size;
2343 : size_t req_asym_signature_size;
2344 :
2345 1 : spdm_test_context = *state;
2346 1 : spdm_context = spdm_test_context->spdm_context;
2347 1 : spdm_test_context->case_id = 0x16;
2348 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2349 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2350 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2351 1 : spdm_context->connection_info.capability.flags |=
2352 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2353 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2354 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2355 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2356 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
2357 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2358 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2359 : m_libspdm_use_measurement_hash_algo;
2360 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2361 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2362 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2363 : m_libspdm_use_asym_algo, &data1,
2364 : &data_size1, NULL, NULL);
2365 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2366 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2367 :
2368 1 : libspdm_reset_message_a(spdm_context);
2369 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2370 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2371 : m_libspdm_use_req_asym_algo, &data2,
2372 : &data_size2, NULL, NULL);
2373 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2374 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2375 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2376 : data2, data_size2);
2377 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2378 : #else
2379 1 : libspdm_hash_all(
2380 : spdm_context->connection_info.algorithm.base_hash_algo,
2381 : data2, data_size2,
2382 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2383 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2384 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2385 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2386 : spdm_context->connection_info.algorithm.base_hash_algo,
2387 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2388 : data2,
2389 : data_size2,
2390 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2391 : #endif
2392 :
2393 1 : session_id = 0xFFFFFFFF;
2394 1 : spdm_context->latest_session_id = session_id;
2395 1 : session_info = &spdm_context->session_info[0];
2396 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2397 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2398 1 : session_info->peer_used_cert_chain_slot_id = 0;
2399 1 : session_info->local_used_cert_chain_slot_id = 0;
2400 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2401 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2402 1 : libspdm_secured_message_set_request_finished_key(
2403 : session_info->secured_message_context, m_dummy_buffer,
2404 : hash_size);
2405 1 : libspdm_secured_message_set_session_state(
2406 : session_info->secured_message_context,
2407 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2408 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2409 :
2410 1 : spdm_context->connection_info.capability.flags |=
2411 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2412 1 : spdm_context->local_context.capability.flags |=
2413 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2414 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2415 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2416 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2417 1 : ptr = m_libspdm_finish_request7.signature;
2418 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2419 1 : cert_buffer = (uint8_t *)data1;
2420 1 : cert_buffer_size = data_size1;
2421 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2422 1 : cert_buffer = (uint8_t *)data2;
2423 1 : cert_buffer_size = data_size2;
2424 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2425 : /* transcript.message_a size is 0*/
2426 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2427 : /* session_transcript.message_k is 0*/
2428 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2429 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
2430 : sizeof(spdm_finish_request_t));
2431 :
2432 1 : libspdm_requester_data_sign(
2433 : spdm_context,
2434 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2435 : 0, SPDM_FINISH,
2436 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2437 1 : false, libspdm_get_managed_buffer(&th_curr),
2438 : libspdm_get_managed_buffer_size(&th_curr),
2439 : ptr, &req_asym_signature_size);
2440 :
2441 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2442 1 : ptr += req_asym_signature_size;
2443 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2444 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2445 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2446 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2447 : request_finished_key, hash_size, ptr);
2448 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2449 1 : req_asym_signature_size + hmac_size;
2450 1 : response_size = sizeof(response);
2451 1 : status = libspdm_get_response_finish(spdm_context,
2452 : m_libspdm_finish_request7_size,
2453 : &m_libspdm_finish_request7,
2454 : &response_size, response);
2455 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2456 1 : spdm_response = (void *)response;
2457 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
2458 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
2459 :
2460 1 : g_key_exchange_start_mut_auth = 0;
2461 1 : free(data1);
2462 1 : free(data2);
2463 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
2464 1 : }
2465 :
2466 : /**
2467 : * Test 23: Same as test case 22 but test signature endianness.
2468 : * Big-Endian Sign. Little-Endian Verify.
2469 : * Expecting signature to fail.
2470 : **/
2471 1 : void rsp_finish_rsp_case23(void** state)
2472 : {
2473 : libspdm_return_t status;
2474 : libspdm_test_context_t* spdm_test_context;
2475 : libspdm_context_t* spdm_context;
2476 : size_t response_size;
2477 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2478 : spdm_finish_response_t* spdm_response;
2479 : void* data1;
2480 : size_t data_size1;
2481 : void* data2;
2482 : size_t data_size2;
2483 : uint8_t* ptr;
2484 : uint8_t* cert_buffer;
2485 : size_t cert_buffer_size;
2486 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2487 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2488 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2489 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2490 : libspdm_session_info_t* session_info;
2491 : uint32_t session_id;
2492 : uint32_t hash_size;
2493 : uint32_t hmac_size;
2494 : size_t req_asym_signature_size;
2495 :
2496 1 : spdm_test_context = *state;
2497 1 : spdm_context = spdm_test_context->spdm_context;
2498 1 : spdm_test_context->case_id = 23;
2499 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2500 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2501 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2502 1 : spdm_context->connection_info.capability.flags |=
2503 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2504 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2505 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2506 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2507 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
2508 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2509 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2510 : m_libspdm_use_measurement_hash_algo;
2511 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2512 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2513 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2514 : m_libspdm_use_asym_algo, &data1,
2515 : &data_size1, NULL, NULL);
2516 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2517 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2518 1 : spdm_context->spdm_10_11_verify_signature_endian =
2519 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
2520 :
2521 1 : libspdm_reset_message_a(spdm_context);
2522 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2523 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2524 : m_libspdm_use_req_asym_algo, &data2,
2525 : &data_size2, NULL, NULL);
2526 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2527 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2528 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2529 : data2, data_size2);
2530 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2531 : #else
2532 1 : libspdm_hash_all(
2533 : spdm_context->connection_info.algorithm.base_hash_algo,
2534 : data2, data_size2,
2535 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2536 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2537 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2538 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2539 : spdm_context->connection_info.algorithm.base_hash_algo,
2540 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2541 : data2,
2542 : data_size2,
2543 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2544 : #endif
2545 :
2546 1 : session_id = 0xFFFFFFFF;
2547 1 : spdm_context->latest_session_id = session_id;
2548 1 : session_info = &spdm_context->session_info[0];
2549 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2550 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2551 1 : session_info->peer_used_cert_chain_slot_id = 0;
2552 1 : session_info->local_used_cert_chain_slot_id = 0;
2553 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2554 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2555 1 : libspdm_secured_message_set_request_finished_key(
2556 : session_info->secured_message_context, m_dummy_buffer,
2557 : hash_size);
2558 1 : libspdm_secured_message_set_session_state(
2559 : session_info->secured_message_context,
2560 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2561 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2562 :
2563 1 : spdm_context->connection_info.capability.flags |=
2564 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2565 1 : spdm_context->local_context.capability.flags |=
2566 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2567 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2568 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2569 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2570 1 : ptr = m_libspdm_finish_request7.signature;
2571 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2572 1 : cert_buffer = (uint8_t*)data1;
2573 1 : cert_buffer_size = data_size1;
2574 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2575 1 : cert_buffer = (uint8_t*)data2;
2576 1 : cert_buffer_size = data_size2;
2577 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2578 : /* transcript.message_a size is 0*/
2579 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2580 : /* session_transcript.message_k is 0*/
2581 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2582 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
2583 : sizeof(spdm_finish_request_t));
2584 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2585 1 : libspdm_requester_data_sign(
2586 : spdm_context,
2587 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2588 : 0, SPDM_FINISH,
2589 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2590 1 : false, libspdm_get_managed_buffer(&th_curr),
2591 : libspdm_get_managed_buffer_size(&th_curr),
2592 : ptr, &req_asym_signature_size);
2593 : #endif
2594 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2595 1 : ptr += req_asym_signature_size;
2596 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2597 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2598 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2599 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2600 : request_finished_key, hash_size, ptr);
2601 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2602 1 : req_asym_signature_size + hmac_size;
2603 1 : response_size = sizeof(response);
2604 1 : status = libspdm_get_response_finish(spdm_context,
2605 : m_libspdm_finish_request7_size,
2606 : &m_libspdm_finish_request7,
2607 : &response_size, response);
2608 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2609 1 : spdm_response = (void*)response;
2610 :
2611 : /* Expecting failure on little-endian signature */
2612 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
2613 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2614 :
2615 1 : g_key_exchange_start_mut_auth = 0;
2616 1 : free(data1);
2617 1 : free(data2);
2618 1 : }
2619 :
2620 : /**
2621 : * Test 24: Same as test case 22 but test signature endianness.
2622 : * Big-Endian Sign. Big-Endian Verify.
2623 : * Expecting signature to PASS.
2624 : **/
2625 1 : void rsp_finish_rsp_case24(void** state)
2626 : {
2627 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2628 : libspdm_return_t status;
2629 : libspdm_test_context_t* spdm_test_context;
2630 : libspdm_context_t* spdm_context;
2631 : size_t response_size;
2632 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2633 : spdm_finish_response_t* spdm_response;
2634 : void* data1;
2635 : size_t data_size1;
2636 : void* data2;
2637 : size_t data_size2;
2638 : uint8_t* ptr;
2639 : uint8_t* cert_buffer;
2640 : size_t cert_buffer_size;
2641 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2642 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2643 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2644 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2645 : libspdm_session_info_t* session_info;
2646 : uint32_t session_id;
2647 : uint32_t hash_size;
2648 : uint32_t hmac_size;
2649 : size_t req_asym_signature_size;
2650 :
2651 1 : spdm_test_context = *state;
2652 1 : spdm_context = spdm_test_context->spdm_context;
2653 1 : spdm_test_context->case_id = 24;
2654 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2655 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2656 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2657 1 : spdm_context->connection_info.capability.flags |=
2658 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2659 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2660 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2661 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2662 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
2663 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2664 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2665 : m_libspdm_use_measurement_hash_algo;
2666 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2667 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2668 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2669 : m_libspdm_use_asym_algo, &data1,
2670 : &data_size1, NULL, NULL);
2671 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2672 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2673 1 : spdm_context->spdm_10_11_verify_signature_endian =
2674 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
2675 :
2676 1 : libspdm_reset_message_a(spdm_context);
2677 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2678 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2679 : m_libspdm_use_req_asym_algo, &data2,
2680 : &data_size2, NULL, NULL);
2681 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2682 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2683 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2684 : data2, data_size2);
2685 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2686 : #else
2687 1 : libspdm_hash_all(
2688 : spdm_context->connection_info.algorithm.base_hash_algo,
2689 : data2, data_size2,
2690 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2691 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2692 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2693 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2694 : spdm_context->connection_info.algorithm.base_hash_algo,
2695 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2696 : data2,
2697 : data_size2,
2698 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2699 : #endif
2700 :
2701 1 : session_id = 0xFFFFFFFF;
2702 1 : spdm_context->latest_session_id = session_id;
2703 1 : session_info = &spdm_context->session_info[0];
2704 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2705 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2706 1 : session_info->peer_used_cert_chain_slot_id = 0;
2707 1 : session_info->local_used_cert_chain_slot_id = 0;
2708 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2709 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2710 1 : libspdm_secured_message_set_request_finished_key(
2711 : session_info->secured_message_context, m_dummy_buffer,
2712 : hash_size);
2713 1 : libspdm_secured_message_set_session_state(
2714 : session_info->secured_message_context,
2715 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2716 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2717 :
2718 1 : spdm_context->connection_info.capability.flags |=
2719 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2720 1 : spdm_context->local_context.capability.flags |=
2721 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2722 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2723 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2724 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2725 1 : ptr = m_libspdm_finish_request7.signature;
2726 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2727 1 : cert_buffer = (uint8_t*)data1;
2728 1 : cert_buffer_size = data_size1;
2729 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2730 1 : cert_buffer = (uint8_t*)data2;
2731 1 : cert_buffer_size = data_size2;
2732 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2733 : /* transcript.message_a size is 0*/
2734 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2735 : /* session_transcript.message_k is 0*/
2736 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2737 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
2738 : sizeof(spdm_finish_request_t));
2739 :
2740 1 : libspdm_requester_data_sign(
2741 : spdm_context,
2742 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2743 : 0, SPDM_FINISH,
2744 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2745 1 : false, libspdm_get_managed_buffer(&th_curr),
2746 : libspdm_get_managed_buffer_size(&th_curr),
2747 : ptr, &req_asym_signature_size);
2748 :
2749 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2750 1 : ptr += req_asym_signature_size;
2751 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2752 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2753 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2754 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2755 : request_finished_key, hash_size, ptr);
2756 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2757 1 : req_asym_signature_size + hmac_size;
2758 1 : response_size = sizeof(response);
2759 1 : status = libspdm_get_response_finish(spdm_context,
2760 : m_libspdm_finish_request7_size,
2761 : &m_libspdm_finish_request7,
2762 : &response_size, response);
2763 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2764 1 : spdm_response = (void*)response;
2765 :
2766 : /* Expecting pass on big-endian signature */
2767 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
2768 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
2769 :
2770 1 : g_key_exchange_start_mut_auth = 0;
2771 1 : free(data1);
2772 1 : free(data2);
2773 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
2774 1 : }
2775 :
2776 : /**
2777 : * Test 25: Same as test case 22, but test signature endianness.
2778 : * Big Endian Sign. Big or Little Endian Verify.
2779 : * Expecting signature to PASS.
2780 : **/
2781 1 : void rsp_finish_rsp_case25(void** state)
2782 : {
2783 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2784 : libspdm_return_t status;
2785 : libspdm_test_context_t* spdm_test_context;
2786 : libspdm_context_t* spdm_context;
2787 : size_t response_size;
2788 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2789 : spdm_finish_response_t* spdm_response;
2790 : void* data1;
2791 : size_t data_size1;
2792 : void* data2;
2793 : size_t data_size2;
2794 : uint8_t* ptr;
2795 : uint8_t* cert_buffer;
2796 : size_t cert_buffer_size;
2797 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2798 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2799 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2800 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2801 : libspdm_session_info_t* session_info;
2802 : uint32_t session_id;
2803 : uint32_t hash_size;
2804 : uint32_t hmac_size;
2805 : size_t req_asym_signature_size;
2806 :
2807 1 : spdm_test_context = *state;
2808 1 : spdm_context = spdm_test_context->spdm_context;
2809 1 : spdm_test_context->case_id = 25;
2810 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2811 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2812 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2813 1 : spdm_context->connection_info.capability.flags |=
2814 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2815 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2816 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2817 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2818 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
2819 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2820 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2821 : m_libspdm_use_measurement_hash_algo;
2822 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2823 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2824 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2825 : m_libspdm_use_asym_algo, &data1,
2826 : &data_size1, NULL, NULL);
2827 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2828 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2829 1 : spdm_context->spdm_10_11_verify_signature_endian =
2830 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
2831 :
2832 1 : libspdm_reset_message_a(spdm_context);
2833 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2834 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2835 : m_libspdm_use_req_asym_algo, &data2,
2836 : &data_size2, NULL, NULL);
2837 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2838 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2839 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2840 : data2, data_size2);
2841 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2842 : #else
2843 1 : libspdm_hash_all(
2844 : spdm_context->connection_info.algorithm.base_hash_algo,
2845 : data2, data_size2,
2846 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2847 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2848 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2849 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2850 : spdm_context->connection_info.algorithm.base_hash_algo,
2851 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2852 : data2,
2853 : data_size2,
2854 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2855 : #endif
2856 :
2857 1 : session_id = 0xFFFFFFFF;
2858 1 : spdm_context->latest_session_id = session_id;
2859 1 : session_info = &spdm_context->session_info[0];
2860 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2861 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2862 1 : session_info->peer_used_cert_chain_slot_id = 0;
2863 1 : session_info->local_used_cert_chain_slot_id = 0;
2864 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2865 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2866 1 : libspdm_secured_message_set_request_finished_key(
2867 : session_info->secured_message_context, m_dummy_buffer,
2868 : hash_size);
2869 1 : libspdm_secured_message_set_session_state(
2870 : session_info->secured_message_context,
2871 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2872 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2873 :
2874 1 : spdm_context->connection_info.capability.flags |=
2875 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2876 1 : spdm_context->local_context.capability.flags |=
2877 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2878 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2879 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2880 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2881 1 : ptr = m_libspdm_finish_request7.signature;
2882 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2883 1 : cert_buffer = (uint8_t*)data1;
2884 1 : cert_buffer_size = data_size1;
2885 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2886 1 : cert_buffer = (uint8_t*)data2;
2887 1 : cert_buffer_size = data_size2;
2888 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2889 : /* transcript.message_a size is 0*/
2890 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2891 : /* session_transcript.message_k is 0*/
2892 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2893 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
2894 : sizeof(spdm_finish_request_t));
2895 :
2896 1 : libspdm_requester_data_sign(
2897 : spdm_context,
2898 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2899 : 0, SPDM_FINISH,
2900 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2901 1 : false, libspdm_get_managed_buffer(&th_curr),
2902 : libspdm_get_managed_buffer_size(&th_curr),
2903 : ptr, &req_asym_signature_size);
2904 :
2905 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2906 1 : ptr += req_asym_signature_size;
2907 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2908 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2909 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2910 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2911 : request_finished_key, hash_size, ptr);
2912 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2913 1 : req_asym_signature_size + hmac_size;
2914 1 : response_size = sizeof(response);
2915 1 : status = libspdm_get_response_finish(spdm_context,
2916 : m_libspdm_finish_request7_size,
2917 : &m_libspdm_finish_request7,
2918 : &response_size, response);
2919 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2920 1 : spdm_response = (void*)response;
2921 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
2922 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
2923 :
2924 1 : g_key_exchange_start_mut_auth = 0;
2925 1 : free(data1);
2926 1 : free(data2);
2927 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
2928 1 : }
2929 :
2930 : /**
2931 : * Test 26: Same as test case 22, but test endian verification.
2932 : * Sign as Little Endian, Verify as Little.
2933 : * Expecting signature to PASS.
2934 : **/
2935 1 : void rsp_finish_rsp_case26(void** state)
2936 : {
2937 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2938 : libspdm_return_t status;
2939 : libspdm_test_context_t* spdm_test_context;
2940 : libspdm_context_t* spdm_context;
2941 : size_t response_size;
2942 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2943 : spdm_finish_response_t* spdm_response;
2944 : void* data1;
2945 : size_t data_size1;
2946 : void* data2;
2947 : size_t data_size2;
2948 : uint8_t* ptr;
2949 : uint8_t* cert_buffer;
2950 : size_t cert_buffer_size;
2951 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2952 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2953 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2954 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2955 : libspdm_session_info_t* session_info;
2956 : uint32_t session_id;
2957 : uint32_t hash_size;
2958 : uint32_t hmac_size;
2959 : size_t req_asym_signature_size;
2960 :
2961 1 : spdm_test_context = *state;
2962 1 : spdm_context = spdm_test_context->spdm_context;
2963 1 : spdm_test_context->case_id = 26;
2964 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2965 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2966 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2967 1 : spdm_context->connection_info.capability.flags |=
2968 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2969 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2970 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2971 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2972 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
2973 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2974 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2975 : m_libspdm_use_measurement_hash_algo;
2976 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2977 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2978 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2979 : m_libspdm_use_asym_algo, &data1,
2980 : &data_size1, NULL, NULL);
2981 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2982 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2983 1 : spdm_context->spdm_10_11_verify_signature_endian =
2984 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
2985 :
2986 1 : libspdm_reset_message_a(spdm_context);
2987 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2988 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2989 : m_libspdm_use_req_asym_algo, &data2,
2990 : &data_size2, NULL, NULL);
2991 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2992 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2993 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2994 : data2, data_size2);
2995 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2996 : #else
2997 1 : libspdm_hash_all(
2998 : spdm_context->connection_info.algorithm.base_hash_algo,
2999 : data2, data_size2,
3000 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3001 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3002 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3003 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3004 : spdm_context->connection_info.algorithm.base_hash_algo,
3005 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3006 : data2,
3007 : data_size2,
3008 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3009 : #endif
3010 :
3011 1 : session_id = 0xFFFFFFFF;
3012 1 : spdm_context->latest_session_id = session_id;
3013 1 : session_info = &spdm_context->session_info[0];
3014 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3015 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3016 1 : session_info->peer_used_cert_chain_slot_id = 0;
3017 1 : session_info->local_used_cert_chain_slot_id = 0;
3018 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3019 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3020 1 : libspdm_secured_message_set_request_finished_key(
3021 : session_info->secured_message_context, m_dummy_buffer,
3022 : hash_size);
3023 1 : libspdm_secured_message_set_session_state(
3024 : session_info->secured_message_context,
3025 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3026 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3027 :
3028 1 : spdm_context->connection_info.capability.flags |=
3029 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3030 1 : spdm_context->local_context.capability.flags |=
3031 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3032 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3033 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3034 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3035 1 : ptr = m_libspdm_finish_request7.signature;
3036 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3037 1 : cert_buffer = (uint8_t*)data1;
3038 1 : cert_buffer_size = data_size1;
3039 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
3040 1 : cert_buffer = (uint8_t*)data2;
3041 1 : cert_buffer_size = data_size2;
3042 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
3043 : /* transcript.message_a size is 0*/
3044 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3045 : /* session_transcript.message_k is 0*/
3046 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3047 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3048 : sizeof(spdm_finish_request_t));
3049 :
3050 1 : libspdm_requester_data_sign(
3051 : spdm_context,
3052 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
3053 : 0, SPDM_FINISH,
3054 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3055 1 : false, libspdm_get_managed_buffer(&th_curr),
3056 : libspdm_get_managed_buffer_size(&th_curr),
3057 : ptr, &req_asym_signature_size);
3058 :
3059 : /* Switch signature to little endian */
3060 1 : libspdm_copy_signature_swap_endian(
3061 : m_libspdm_use_req_asym_algo,
3062 : ptr, req_asym_signature_size,
3063 : ptr, req_asym_signature_size);
3064 :
3065 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3066 1 : ptr += req_asym_signature_size;
3067 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3068 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3069 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3070 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3071 : request_finished_key, hash_size, ptr);
3072 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3073 1 : req_asym_signature_size + hmac_size;
3074 1 : response_size = sizeof(response);
3075 1 : status = libspdm_get_response_finish(spdm_context,
3076 : m_libspdm_finish_request7_size,
3077 : &m_libspdm_finish_request7,
3078 : &response_size, response);
3079 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3080 1 : spdm_response = (void*)response;
3081 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3082 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3083 :
3084 1 : g_key_exchange_start_mut_auth = 0;
3085 1 : free(data1);
3086 1 : free(data2);
3087 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3088 1 : }
3089 :
3090 : /**
3091 : * Test 27: Same as test case 22, but test endian verification.
3092 : * Sign as Little Endian, Verify as Big.
3093 : * Expecting signature to FAIL.
3094 : **/
3095 1 : void rsp_finish_rsp_case27(void** state)
3096 : {
3097 : libspdm_return_t status;
3098 : libspdm_test_context_t* spdm_test_context;
3099 : libspdm_context_t* spdm_context;
3100 : size_t response_size;
3101 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3102 : spdm_finish_response_t* spdm_response;
3103 : void* data1;
3104 : size_t data_size1;
3105 : void* data2;
3106 : size_t data_size2;
3107 : uint8_t* ptr;
3108 : uint8_t* cert_buffer;
3109 : size_t cert_buffer_size;
3110 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3111 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3112 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3113 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3114 : libspdm_session_info_t* session_info;
3115 : uint32_t session_id;
3116 : uint32_t hash_size;
3117 : uint32_t hmac_size;
3118 : size_t req_asym_signature_size;
3119 :
3120 1 : spdm_test_context = *state;
3121 1 : spdm_context = spdm_test_context->spdm_context;
3122 1 : spdm_test_context->case_id = 27;
3123 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3124 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3125 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3126 1 : spdm_context->connection_info.capability.flags |=
3127 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3128 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3129 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
3130 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
3131 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
3132 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
3133 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3134 : m_libspdm_use_measurement_hash_algo;
3135 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
3136 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
3137 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3138 : m_libspdm_use_asym_algo, &data1,
3139 : &data_size1, NULL, NULL);
3140 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3141 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
3142 1 : spdm_context->spdm_10_11_verify_signature_endian =
3143 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
3144 :
3145 1 : libspdm_reset_message_a(spdm_context);
3146 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3147 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3148 : m_libspdm_use_req_asym_algo, &data2,
3149 : &data_size2, NULL, NULL);
3150 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3151 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3152 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3153 : data2, data_size2);
3154 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
3155 : #else
3156 1 : libspdm_hash_all(
3157 : spdm_context->connection_info.algorithm.base_hash_algo,
3158 : data2, data_size2,
3159 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3160 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3161 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3162 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3163 : spdm_context->connection_info.algorithm.base_hash_algo,
3164 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3165 : data2,
3166 : data_size2,
3167 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3168 : #endif
3169 :
3170 1 : session_id = 0xFFFFFFFF;
3171 1 : spdm_context->latest_session_id = session_id;
3172 1 : session_info = &spdm_context->session_info[0];
3173 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3174 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3175 1 : session_info->peer_used_cert_chain_slot_id = 0;
3176 1 : session_info->local_used_cert_chain_slot_id = 0;
3177 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3178 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3179 1 : libspdm_secured_message_set_request_finished_key(
3180 : session_info->secured_message_context, m_dummy_buffer,
3181 : hash_size);
3182 1 : libspdm_secured_message_set_session_state(
3183 : session_info->secured_message_context,
3184 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3185 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3186 :
3187 1 : spdm_context->connection_info.capability.flags |=
3188 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3189 1 : spdm_context->local_context.capability.flags |=
3190 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3191 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3192 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3193 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3194 1 : ptr = m_libspdm_finish_request7.signature;
3195 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3196 1 : cert_buffer = (uint8_t*)data1;
3197 1 : cert_buffer_size = data_size1;
3198 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
3199 1 : cert_buffer = (uint8_t*)data2;
3200 1 : cert_buffer_size = data_size2;
3201 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
3202 : /* transcript.message_a size is 0*/
3203 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3204 : /* session_transcript.message_k is 0*/
3205 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3206 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3207 : sizeof(spdm_finish_request_t));
3208 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3209 1 : libspdm_requester_data_sign(
3210 : spdm_context,
3211 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
3212 : 0, SPDM_FINISH,
3213 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3214 1 : false, libspdm_get_managed_buffer(&th_curr),
3215 : libspdm_get_managed_buffer_size(&th_curr),
3216 : ptr, &req_asym_signature_size);
3217 :
3218 : /* Switch signature to little endian */
3219 1 : libspdm_copy_signature_swap_endian(
3220 : m_libspdm_use_req_asym_algo,
3221 : ptr, req_asym_signature_size,
3222 : ptr, req_asym_signature_size);
3223 : #endif
3224 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3225 1 : ptr += req_asym_signature_size;
3226 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3227 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3228 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3229 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3230 : request_finished_key, hash_size, ptr);
3231 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3232 1 : req_asym_signature_size + hmac_size;
3233 1 : response_size = sizeof(response);
3234 1 : status = libspdm_get_response_finish(spdm_context,
3235 : m_libspdm_finish_request7_size,
3236 : &m_libspdm_finish_request7,
3237 : &response_size, response);
3238 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3239 1 : spdm_response = (void*)response;
3240 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
3241 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
3242 :
3243 1 : g_key_exchange_start_mut_auth = 0;
3244 1 : free(data1);
3245 1 : free(data2);
3246 1 : }
3247 :
3248 : /**
3249 : * Test 28: Same as test case 22, but test endian verification.
3250 : * Sign as Little Endian, Verify as Big Or Little.
3251 : * Expecting signature to PASS.
3252 : **/
3253 1 : void rsp_finish_rsp_case28(void** state)
3254 : {
3255 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3256 : libspdm_return_t status;
3257 : libspdm_test_context_t* spdm_test_context;
3258 : libspdm_context_t* spdm_context;
3259 : size_t response_size;
3260 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3261 : spdm_finish_response_t* spdm_response;
3262 : void* data1;
3263 : size_t data_size1;
3264 : void* data2;
3265 : size_t data_size2;
3266 : uint8_t* ptr;
3267 : uint8_t* cert_buffer;
3268 : size_t cert_buffer_size;
3269 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3270 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3271 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3272 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3273 : libspdm_session_info_t* session_info;
3274 : uint32_t session_id;
3275 : uint32_t hash_size;
3276 : uint32_t hmac_size;
3277 : size_t req_asym_signature_size;
3278 :
3279 1 : spdm_test_context = *state;
3280 1 : spdm_context = spdm_test_context->spdm_context;
3281 1 : spdm_test_context->case_id = 28;
3282 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3283 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3284 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3285 1 : spdm_context->connection_info.capability.flags |=
3286 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3287 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3288 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
3289 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
3290 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
3291 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
3292 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3293 : m_libspdm_use_measurement_hash_algo;
3294 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
3295 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
3296 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3297 : m_libspdm_use_asym_algo, &data1,
3298 : &data_size1, NULL, NULL);
3299 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3300 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
3301 1 : spdm_context->spdm_10_11_verify_signature_endian =
3302 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
3303 :
3304 1 : libspdm_reset_message_a(spdm_context);
3305 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3306 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3307 : m_libspdm_use_req_asym_algo, &data2,
3308 : &data_size2, NULL, NULL);
3309 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3310 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3311 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3312 : data2, data_size2);
3313 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
3314 : #else
3315 1 : libspdm_hash_all(
3316 : spdm_context->connection_info.algorithm.base_hash_algo,
3317 : data2, data_size2,
3318 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3319 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3320 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3321 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3322 : spdm_context->connection_info.algorithm.base_hash_algo,
3323 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3324 : data2,
3325 : data_size2,
3326 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3327 : #endif
3328 :
3329 1 : session_id = 0xFFFFFFFF;
3330 1 : spdm_context->latest_session_id = session_id;
3331 1 : session_info = &spdm_context->session_info[0];
3332 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3333 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3334 1 : session_info->peer_used_cert_chain_slot_id = 0;
3335 1 : session_info->local_used_cert_chain_slot_id = 0;
3336 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3337 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3338 1 : libspdm_secured_message_set_request_finished_key(
3339 : session_info->secured_message_context, m_dummy_buffer,
3340 : hash_size);
3341 1 : libspdm_secured_message_set_session_state(
3342 : session_info->secured_message_context,
3343 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3344 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3345 :
3346 1 : spdm_context->connection_info.capability.flags |=
3347 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3348 1 : spdm_context->local_context.capability.flags |=
3349 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3350 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3351 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3352 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3353 1 : ptr = m_libspdm_finish_request7.signature;
3354 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3355 1 : cert_buffer = (uint8_t*)data1;
3356 1 : cert_buffer_size = data_size1;
3357 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
3358 1 : cert_buffer = (uint8_t*)data2;
3359 1 : cert_buffer_size = data_size2;
3360 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
3361 : /* transcript.message_a size is 0*/
3362 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3363 : /* session_transcript.message_k is 0*/
3364 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3365 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3366 : sizeof(spdm_finish_request_t));
3367 :
3368 1 : libspdm_requester_data_sign(
3369 : spdm_context,
3370 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
3371 : 0, SPDM_FINISH,
3372 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3373 1 : false, libspdm_get_managed_buffer(&th_curr),
3374 : libspdm_get_managed_buffer_size(&th_curr),
3375 : ptr, &req_asym_signature_size);
3376 :
3377 : /* Switch signature to little endian */
3378 1 : libspdm_copy_signature_swap_endian(
3379 : m_libspdm_use_req_asym_algo,
3380 : ptr, req_asym_signature_size,
3381 : ptr, req_asym_signature_size);
3382 :
3383 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3384 1 : ptr += req_asym_signature_size;
3385 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3386 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3387 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3388 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3389 : request_finished_key, hash_size, ptr);
3390 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3391 1 : req_asym_signature_size + hmac_size;
3392 1 : response_size = sizeof(response);
3393 1 : status = libspdm_get_response_finish(spdm_context,
3394 : m_libspdm_finish_request7_size,
3395 : &m_libspdm_finish_request7,
3396 : &response_size, response);
3397 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3398 1 : spdm_response = (void*)response;
3399 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3400 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3401 :
3402 1 : g_key_exchange_start_mut_auth = 0;
3403 1 : free(data1);
3404 1 : free(data2);
3405 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3406 1 : }
3407 :
3408 : /**
3409 : * Test 29: Receive the correct FINISH from the requester, and
3410 : * the requester and responder have not set HANDSHAKE_IN_THE_CLEAR.
3411 : * Expected behavior: the responder accepts the request and produces a valid
3412 : * FINISH_RSP response message, and The ResponderVerifyData field is absent.
3413 : **/
3414 1 : void rsp_finish_rsp_case29(void **state)
3415 : {
3416 : libspdm_return_t status;
3417 : libspdm_test_context_t *spdm_test_context;
3418 : libspdm_context_t *spdm_context;
3419 : size_t response_size;
3420 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3421 : spdm_finish_response_t *spdm_response;
3422 : void *data1;
3423 : size_t data_size1;
3424 : uint8_t *ptr;
3425 : uint8_t *cert_buffer;
3426 : size_t cert_buffer_size;
3427 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3428 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3429 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3430 : libspdm_session_info_t *session_info;
3431 : uint32_t session_id;
3432 : uint32_t hash_size;
3433 : uint32_t hmac_size;
3434 :
3435 1 : spdm_test_context = *state;
3436 1 : spdm_context = spdm_test_context->spdm_context;
3437 1 : spdm_test_context->case_id = 29;
3438 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3439 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3440 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3441 1 : spdm_context->connection_info.capability.flags |=
3442 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3443 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3444 :
3445 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
3446 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
3447 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
3448 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3449 : m_libspdm_use_measurement_hash_algo;
3450 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
3451 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
3452 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3453 : m_libspdm_use_asym_algo, &data1,
3454 : &data_size1, NULL, NULL);
3455 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3456 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
3457 :
3458 1 : libspdm_reset_message_a(spdm_context);
3459 :
3460 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3461 1 : spdm_context->connection_info.capability.flags &=
3462 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3463 1 : spdm_context->local_context.capability.flags &=
3464 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3465 :
3466 1 : session_id = 0xFFFFFFFF;
3467 1 : spdm_context->latest_session_id = session_id;
3468 1 : spdm_context->last_spdm_request_session_id_valid = true;
3469 1 : spdm_context->last_spdm_request_session_id = session_id;
3470 1 : session_info = &spdm_context->session_info[0];
3471 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3472 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3473 1 : session_info->local_used_cert_chain_slot_id = 0;
3474 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3475 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3476 :
3477 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3478 1 : libspdm_secured_message_set_request_finished_key(
3479 : session_info->secured_message_context, m_dummy_buffer,
3480 : hash_size);
3481 1 : libspdm_secured_message_set_session_state(
3482 : session_info->secured_message_context,
3483 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3484 :
3485 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3486 1 : ptr = m_libspdm_finish_request1.signature;
3487 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3488 1 : cert_buffer = (uint8_t *)data1;
3489 1 : cert_buffer_size = data_size1;
3490 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
3491 : /* transcript.message_a size is 0*/
3492 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3493 : /* session_transcript.message_k is 0*/
3494 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
3495 : sizeof(spdm_finish_request_t));
3496 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3497 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3498 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3499 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3500 : request_finished_key, hash_size, ptr);
3501 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
3502 1 : response_size = sizeof(response);
3503 1 : status = libspdm_get_response_finish(spdm_context,
3504 : m_libspdm_finish_request1_size,
3505 : &m_libspdm_finish_request1,
3506 : &response_size, response);
3507 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3508 : /* The ResponderVerifyData field shall be absent.*/
3509 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t));
3510 1 : spdm_response = (void *)response;
3511 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3512 1 : free(data1);
3513 1 : }
3514 :
3515 : /**
3516 : * Test 30: SPDM version 1.4, with OpaqueData.
3517 : * Expected behavior: the responder accepts the request and produces a valid
3518 : * FINISH_RSP response message.
3519 : **/
3520 1 : void rsp_finish_rsp_case30(void **state)
3521 : {
3522 : libspdm_return_t status;
3523 : libspdm_test_context_t *spdm_test_context;
3524 : libspdm_context_t *spdm_context;
3525 : size_t response_size;
3526 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3527 : spdm_finish_response_t *spdm_response;
3528 : void *data1;
3529 : size_t data_size1;
3530 : uint8_t *ptr;
3531 : uint8_t *cert_buffer;
3532 : size_t cert_buffer_size;
3533 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3534 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3535 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3536 : libspdm_session_info_t *session_info;
3537 : uint32_t session_id;
3538 : uint32_t hash_size;
3539 : uint32_t hmac_size;
3540 :
3541 1 : spdm_test_context = *state;
3542 1 : spdm_context = spdm_test_context->spdm_context;
3543 1 : spdm_test_context->case_id = 30;
3544 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
3545 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3546 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3547 1 : spdm_context->connection_info.capability.flags |=
3548 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3549 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3550 :
3551 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
3552 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
3553 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
3554 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3555 : m_libspdm_use_measurement_hash_algo;
3556 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
3557 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
3558 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3559 : m_libspdm_use_asym_algo, &data1,
3560 : &data_size1, NULL, NULL);
3561 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3562 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
3563 :
3564 1 : libspdm_reset_message_a(spdm_context);
3565 :
3566 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3567 1 : spdm_context->connection_info.capability.flags &=
3568 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3569 1 : spdm_context->local_context.capability.flags &=
3570 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3571 :
3572 1 : session_id = 0xFFFFFFFF;
3573 1 : spdm_context->latest_session_id = session_id;
3574 1 : spdm_context->last_spdm_request_session_id_valid = true;
3575 1 : spdm_context->last_spdm_request_session_id = session_id;
3576 1 : session_info = &spdm_context->session_info[0];
3577 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3578 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3579 :
3580 1 : session_info->local_used_cert_chain_slot_id = 0;
3581 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3582 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3583 :
3584 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3585 1 : libspdm_secured_message_set_request_finished_key(
3586 : session_info->secured_message_context, m_dummy_buffer,
3587 : hash_size);
3588 1 : libspdm_secured_message_set_session_state(
3589 : session_info->secured_message_context,
3590 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3591 :
3592 1 : m_libspdm_finish_request8.opaque_data_size = sizeof(m_libspdm_finish_request8.opaque_data);
3593 :
3594 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3595 1 : ptr = m_libspdm_finish_request8.signature;
3596 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3597 1 : cert_buffer = (uint8_t *)data1;
3598 1 : cert_buffer_size = data_size1;
3599 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
3600 : /* transcript.message_a size is 0*/
3601 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3602 : /* session_transcript.message_k is 0*/
3603 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request8,
3604 : sizeof(spdm_finish_request_t) + sizeof(uint16_t) +
3605 1 : m_libspdm_finish_request8.opaque_data_size);
3606 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3607 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3608 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3609 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3610 : request_finished_key, hash_size, ptr);
3611 1 : m_libspdm_finish_request8_size = sizeof(spdm_finish_request_t) + hmac_size +
3612 1 : sizeof(uint16_t) + m_libspdm_finish_request8.opaque_data_size;
3613 1 : response_size = sizeof(response);
3614 1 : status = libspdm_get_response_finish(spdm_context,
3615 : m_libspdm_finish_request8_size,
3616 : &m_libspdm_finish_request8,
3617 : &response_size, response);
3618 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3619 : /* The ResponderVerifyData field shall be absent.*/
3620 1 : ptr = (uint8_t *)response + sizeof(spdm_finish_response_t);
3621 1 : assert_int_equal(response_size,
3622 : sizeof(spdm_finish_response_t) + sizeof(uint16_t) +
3623 : libspdm_read_uint16(ptr));
3624 1 : spdm_response = (void *)response;
3625 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3626 1 : free(data1);
3627 1 : }
3628 :
3629 1 : int libspdm_rsp_finish_test(void)
3630 : {
3631 1 : const struct CMUnitTest test_cases[] = {
3632 : /* Success Case*/
3633 : cmocka_unit_test(rsp_finish_rsp_case1),
3634 : /* Can be populated with new test.*/
3635 : cmocka_unit_test(rsp_finish_rsp_case2),
3636 : /* response_state: SPDM_RESPONSE_STATE_BUSY*/
3637 : cmocka_unit_test(rsp_finish_rsp_case3),
3638 : /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
3639 : cmocka_unit_test(rsp_finish_rsp_case4),
3640 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
3641 : /* response_state: LIBSPDM_RESPONSE_STATE_NOT_READY*/
3642 : cmocka_unit_test(rsp_finish_rsp_case5),
3643 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
3644 : /* connection_state Check*/
3645 : cmocka_unit_test(rsp_finish_rsp_case6),
3646 : /* Buffer reset*/
3647 : cmocka_unit_test(rsp_finish_rsp_case7),
3648 : /* Success Case*/
3649 : cmocka_unit_test(rsp_finish_rsp_case8),
3650 : /* Unsupported KEY_EX capabilities*/
3651 : cmocka_unit_test(rsp_finish_rsp_case9),
3652 : /* Uninitialized session*/
3653 : cmocka_unit_test(rsp_finish_rsp_case10),
3654 : /* Incorrect MAC*/
3655 : cmocka_unit_test(rsp_finish_rsp_case11),
3656 : cmocka_unit_test(rsp_finish_rsp_case12),
3657 : /* Can be populated with new test.*/
3658 : cmocka_unit_test(rsp_finish_rsp_case13),
3659 : cmocka_unit_test(rsp_finish_rsp_case14),
3660 : /* Incorrect signature*/
3661 : cmocka_unit_test(rsp_finish_rsp_case15),
3662 : cmocka_unit_test(rsp_finish_rsp_case16),
3663 : /* Buffer verification*/
3664 : cmocka_unit_test(rsp_finish_rsp_case17),
3665 : /* Success Case, enable mutual authentication and use slot_id 0xFF */
3666 : cmocka_unit_test(rsp_finish_rsp_case18),
3667 : /* Invalid SlotID in FINISH request message when mutual authentication */
3668 : cmocka_unit_test_setup(rsp_finish_rsp_case19, libspdm_unit_test_group_setup),
3669 : cmocka_unit_test_setup(rsp_finish_rsp_case20, libspdm_unit_test_group_setup),
3670 : /* If FINISH.Param1 != 0x01, then FINISH.Param2 is reserved, shall be ignored when read */
3671 : cmocka_unit_test_setup(rsp_finish_rsp_case21, libspdm_unit_test_group_setup),
3672 : /* If KEY_EXCHANGE_RSP.MutAuthRequested equals neither 0x02 nor 0x04, FINISH.Param2 no need match ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest */
3673 : cmocka_unit_test_setup(rsp_finish_rsp_case22, libspdm_unit_test_group_setup),
3674 : /* Big Endian Sign - Little Endian Verify */
3675 : cmocka_unit_test_setup(rsp_finish_rsp_case23, libspdm_unit_test_group_setup),
3676 : /* Big Endian Sign - Big Endian Verify */
3677 : cmocka_unit_test_setup(rsp_finish_rsp_case24, libspdm_unit_test_group_setup),
3678 : /* Big Endian Sign - Big or Little Endian Verify */
3679 : cmocka_unit_test_setup(rsp_finish_rsp_case25, libspdm_unit_test_group_setup),
3680 : /* Little Endian Sign - Little Endian Verify*/
3681 : cmocka_unit_test_setup(rsp_finish_rsp_case26, libspdm_unit_test_group_setup),
3682 : /* Little Endian Sign - Big Endian Verify */
3683 : cmocka_unit_test_setup(rsp_finish_rsp_case27, libspdm_unit_test_group_setup),
3684 : /* Little Endian Sign - Big or Little Endian Verify */
3685 : cmocka_unit_test_setup(rsp_finish_rsp_case28, libspdm_unit_test_group_setup),
3686 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3687 : cmocka_unit_test(rsp_finish_rsp_case29),
3688 : /* SPDM 1.4 with OpaqueData */
3689 : cmocka_unit_test(rsp_finish_rsp_case30),
3690 : };
3691 :
3692 1 : libspdm_test_context_t test_context = {
3693 : LIBSPDM_TEST_CONTEXT_VERSION,
3694 : false,
3695 : };
3696 :
3697 1 : libspdm_setup_test_context(&test_context);
3698 :
3699 1 : return cmocka_run_group_tests(test_cases,
3700 : libspdm_unit_test_group_setup,
3701 : libspdm_unit_test_group_teardown);
3702 : }
3703 :
3704 : #endif /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/
|
