Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2026 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 : #include "internal/libspdm_secured_message_lib.h"
10 :
11 : extern uint8_t g_key_exchange_start_mut_auth;
12 :
13 : #pragma pack(1)
14 :
15 : typedef struct {
16 : spdm_message_header_t header;
17 : uint8_t signature[LIBSPDM_MAX_ASYM_SIG_SIZE];
18 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
19 : } libspdm_finish_request_mine_t;
20 :
21 : typedef struct {
22 : spdm_message_header_t header;
23 : uint16_t opaque_data_size;
24 : uint8_t opaque_data[8];
25 : uint8_t signature[LIBSPDM_MAX_ASYM_SIG_SIZE];
26 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
27 : } libspdm_finish_request_mine_14_t;
28 :
29 : #pragma pack()
30 :
31 : libspdm_finish_request_mine_t m_libspdm_finish_request1 = {
32 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 0, 0 },
33 : };
34 : size_t m_libspdm_finish_request1_size = sizeof(m_libspdm_finish_request1);
35 :
36 : libspdm_finish_request_mine_t m_libspdm_finish_request3 = {
37 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0 },
38 : };
39 : size_t m_libspdm_finish_request3_size = sizeof(m_libspdm_finish_request3);
40 :
41 : libspdm_finish_request_mine_t m_libspdm_finish_request4 = {
42 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0xFF },
43 : };
44 : size_t m_libspdm_finish_request4_size = sizeof(m_libspdm_finish_request4);
45 :
46 : libspdm_finish_request_mine_t m_libspdm_finish_request5 = {
47 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 10 },
48 : };
49 : size_t m_libspdm_finish_request5_size = sizeof(m_libspdm_finish_request5);
50 :
51 : libspdm_finish_request_mine_t m_libspdm_finish_request6 = {
52 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 6, 10 },
53 : };
54 : size_t m_libspdm_finish_request6_size = sizeof(m_libspdm_finish_request6);
55 :
56 : libspdm_finish_request_mine_t m_libspdm_finish_request7 = {
57 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 3 },
58 : };
59 : size_t m_libspdm_finish_request7_size = sizeof(m_libspdm_finish_request7);
60 :
61 : libspdm_finish_request_mine_14_t m_libspdm_finish_request8 = {
62 : { SPDM_MESSAGE_VERSION_14, SPDM_FINISH, 0, 0 },
63 : };
64 : size_t m_libspdm_finish_request8_size = sizeof(m_libspdm_finish_request8);
65 :
66 : uint8_t m_dummy_buffer[LIBSPDM_MAX_HASH_SIZE];
67 :
68 : #if LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP
69 :
70 : static libspdm_th_managed_buffer_t th_curr;
71 :
72 : extern size_t libspdm_secret_lib_finish_opaque_data_size;
73 : extern bool g_generate_finish_opaque_data;
74 :
75 29 : void libspdm_secured_message_set_request_finished_key(
76 : void *spdm_secured_message_context, const void *key, size_t key_size)
77 : {
78 : libspdm_secured_message_context_t *secured_message_context;
79 :
80 29 : secured_message_context = spdm_secured_message_context;
81 29 : LIBSPDM_ASSERT(key_size == secured_message_context->hash_size);
82 29 : libspdm_copy_mem(secured_message_context->handshake_secret.request_finished_key,
83 : sizeof(secured_message_context->handshake_secret.request_finished_key),
84 : key, secured_message_context->hash_size);
85 29 : }
86 :
87 : /**
88 : * Test 1: receiving a correct FINISH message from the requester with a
89 : * correct MAC, no signature (no mutual authentication), and 'handshake in
90 : * the clear'.
91 : * Expected behavior: the responder accepts the request and produces a valid
92 : * FINISH_RSP response message.
93 : **/
94 1 : void rsp_finish_rsp_case1(void **state)
95 : {
96 : libspdm_return_t status;
97 : libspdm_test_context_t *spdm_test_context;
98 : libspdm_context_t *spdm_context;
99 : size_t response_size;
100 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
101 : spdm_finish_response_t *spdm_response;
102 : void *data1;
103 : size_t data_size1;
104 : uint8_t *ptr;
105 : uint8_t *cert_buffer;
106 : size_t cert_buffer_size;
107 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
108 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
109 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
110 : libspdm_session_info_t *session_info;
111 : uint32_t session_id;
112 : uint32_t hash_size;
113 : uint32_t hmac_size;
114 :
115 1 : spdm_test_context = *state;
116 1 : spdm_context = spdm_test_context->spdm_context;
117 1 : spdm_test_context->case_id = 0x1;
118 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
119 : SPDM_VERSION_NUMBER_SHIFT_BIT;
120 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
121 1 : spdm_context->connection_info.capability.flags |=
122 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
123 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
124 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
125 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
126 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
127 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
128 : m_libspdm_use_measurement_hash_algo;
129 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
130 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
131 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
132 : m_libspdm_use_asym_algo, &data1,
133 : &data_size1, NULL, NULL)) {
134 0 : return;
135 : }
136 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
137 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
138 :
139 1 : libspdm_reset_message_a(spdm_context);
140 :
141 1 : session_id = 0xFFFFFFFF;
142 1 : spdm_context->latest_session_id = session_id;
143 1 : session_info = &spdm_context->session_info[0];
144 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
145 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
146 1 : session_info->local_used_cert_chain_slot_id = 0;
147 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
148 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
149 1 : libspdm_secured_message_set_request_finished_key(
150 : session_info->secured_message_context, m_dummy_buffer,
151 : hash_size);
152 1 : libspdm_secured_message_set_session_state(
153 : session_info->secured_message_context,
154 : LIBSPDM_SESSION_STATE_HANDSHAKING);
155 :
156 1 : spdm_context->connection_info.capability.flags |=
157 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
158 1 : spdm_context->local_context.capability.flags |=
159 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
160 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
161 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
162 1 : ptr = m_libspdm_finish_request1.signature;
163 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
164 1 : cert_buffer = (uint8_t *)data1;
165 1 : cert_buffer_size = data_size1;
166 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
167 : /* transcript.message_a size is 0*/
168 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
169 : /* session_transcript.message_k is 0*/
170 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
171 : sizeof(spdm_finish_request_t));
172 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
173 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
174 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
175 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
176 : request_finished_key, hash_size, ptr);
177 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
178 1 : response_size = sizeof(response);
179 1 : status = libspdm_get_response_finish(spdm_context,
180 : m_libspdm_finish_request1_size,
181 : &m_libspdm_finish_request1,
182 : &response_size, response);
183 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
184 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
185 1 : spdm_response = (void *)response;
186 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
187 1 : free(data1);
188 : }
189 :
190 : /**
191 : * Test 2:
192 : * Expected behavior:
193 : **/
194 1 : void rsp_finish_rsp_case2(void **state)
195 : {
196 1 : }
197 :
198 : /**
199 : * Test 3: receiving a correct FINISH from the requester, but the
200 : * responder is in a Busy state.
201 : * Expected behavior: the responder accepts the request, but produces an
202 : * ERROR message indicating the Busy state.
203 : **/
204 1 : void rsp_finish_rsp_case3(void **state)
205 : {
206 : libspdm_return_t status;
207 : libspdm_test_context_t *spdm_test_context;
208 : libspdm_context_t *spdm_context;
209 : size_t response_size;
210 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
211 : spdm_finish_response_t *spdm_response;
212 : void *data1;
213 : size_t data_size1;
214 : uint8_t *ptr;
215 : uint8_t *cert_buffer;
216 : size_t cert_buffer_size;
217 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
218 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
219 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
220 : libspdm_session_info_t *session_info;
221 : uint32_t session_id;
222 : uint32_t hash_size;
223 : uint32_t hmac_size;
224 :
225 1 : spdm_test_context = *state;
226 1 : spdm_context = spdm_test_context->spdm_context;
227 1 : spdm_test_context->case_id = 0x3;
228 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
229 : SPDM_VERSION_NUMBER_SHIFT_BIT;
230 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
231 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
232 1 : spdm_context->connection_info.capability.flags |=
233 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
234 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
235 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
236 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
237 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
238 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
239 : m_libspdm_use_measurement_hash_algo;
240 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
241 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
242 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
243 : m_libspdm_use_asym_algo, &data1,
244 : &data_size1, NULL, NULL)) {
245 0 : return;
246 : }
247 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
248 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
249 :
250 1 : libspdm_reset_message_a(spdm_context);
251 :
252 1 : session_id = 0xFFFFFFFF;
253 1 : spdm_context->latest_session_id = session_id;
254 1 : session_info = &spdm_context->session_info[0];
255 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
256 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
257 1 : session_info->local_used_cert_chain_slot_id = 0;
258 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
259 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
260 1 : libspdm_secured_message_set_request_finished_key(
261 : session_info->secured_message_context, m_dummy_buffer,
262 : hash_size);
263 1 : libspdm_secured_message_set_session_state(
264 : session_info->secured_message_context,
265 : LIBSPDM_SESSION_STATE_HANDSHAKING);
266 :
267 1 : spdm_context->connection_info.capability.flags |=
268 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
269 1 : spdm_context->local_context.capability.flags |=
270 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
271 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
272 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
273 1 : ptr = m_libspdm_finish_request1.signature;
274 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
275 1 : cert_buffer = (uint8_t *)data1;
276 1 : cert_buffer_size = data_size1;
277 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
278 : /* transcript.message_a size is 0*/
279 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
280 : /* session_transcript.message_k is 0*/
281 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
282 : sizeof(spdm_finish_request_t));
283 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
284 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
285 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
286 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
287 : request_finished_key, hash_size, ptr);
288 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
289 1 : response_size = sizeof(response);
290 1 : status = libspdm_get_response_finish(spdm_context,
291 : m_libspdm_finish_request1_size,
292 : &m_libspdm_finish_request1,
293 : &response_size, response);
294 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
295 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
296 1 : spdm_response = (void *)response;
297 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
298 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
299 1 : assert_int_equal(spdm_response->header.param2, 0);
300 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_BUSY);
301 1 : free(data1);
302 : }
303 :
304 : /**
305 : * Test 4: receiving a correct FINISH from the requester, but the responder
306 : * requires resynchronization with the requester.
307 : * Expected behavior: the responder accepts the request, but produces an
308 : * ERROR message indicating the NeedResynch state.
309 : **/
310 1 : void rsp_finish_rsp_case4(void **state)
311 : {
312 : libspdm_return_t status;
313 : libspdm_test_context_t *spdm_test_context;
314 : libspdm_context_t *spdm_context;
315 : size_t response_size;
316 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
317 : spdm_finish_response_t *spdm_response;
318 : void *data1;
319 : size_t data_size1;
320 : uint8_t *ptr;
321 : uint8_t *cert_buffer;
322 : size_t cert_buffer_size;
323 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
324 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
325 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
326 : libspdm_session_info_t *session_info;
327 : uint32_t session_id;
328 : uint32_t hash_size;
329 : uint32_t hmac_size;
330 :
331 1 : spdm_test_context = *state;
332 1 : spdm_context = spdm_test_context->spdm_context;
333 1 : spdm_test_context->case_id = 0x4;
334 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
335 : SPDM_VERSION_NUMBER_SHIFT_BIT;
336 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
337 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
338 1 : spdm_context->connection_info.capability.flags |=
339 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
340 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
341 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
342 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
343 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
344 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
345 : m_libspdm_use_measurement_hash_algo;
346 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
347 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
348 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
349 : m_libspdm_use_asym_algo, &data1,
350 : &data_size1, NULL, NULL)) {
351 0 : return;
352 : }
353 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
354 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
355 :
356 1 : libspdm_reset_message_a(spdm_context);
357 :
358 1 : session_id = 0xFFFFFFFF;
359 1 : spdm_context->latest_session_id = session_id;
360 1 : session_info = &spdm_context->session_info[0];
361 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
362 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
363 1 : session_info->local_used_cert_chain_slot_id = 0;
364 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
365 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
366 1 : libspdm_secured_message_set_request_finished_key(
367 : session_info->secured_message_context, m_dummy_buffer,
368 : hash_size);
369 1 : libspdm_secured_message_set_session_state(
370 : session_info->secured_message_context,
371 : LIBSPDM_SESSION_STATE_HANDSHAKING);
372 :
373 1 : spdm_context->connection_info.capability.flags |=
374 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
375 1 : spdm_context->local_context.capability.flags |=
376 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
377 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
378 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
379 1 : ptr = m_libspdm_finish_request1.signature;
380 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
381 1 : cert_buffer = (uint8_t *)data1;
382 1 : cert_buffer_size = data_size1;
383 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
384 : /* transcript.message_a size is 0*/
385 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
386 : /* session_transcript.message_k is 0*/
387 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
388 : sizeof(spdm_finish_request_t));
389 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
390 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
391 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
392 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
393 : request_finished_key, hash_size, ptr);
394 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
395 1 : response_size = sizeof(response);
396 1 : status = libspdm_get_response_finish(spdm_context,
397 : m_libspdm_finish_request1_size,
398 : &m_libspdm_finish_request1,
399 : &response_size, response);
400 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
401 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
402 1 : spdm_response = (void *)response;
403 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
404 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_REQUEST_RESYNCH);
405 1 : assert_int_equal(spdm_response->header.param2, 0);
406 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
407 1 : free(data1);
408 : }
409 :
410 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
411 : /**
412 : * Test 5: receiving a correct FINISH from the requester, but the responder
413 : * could not produce the response in time.
414 : * Expected behavior: the responder accepts the request, but produces an
415 : * ERROR message indicating the ResponseNotReady state.
416 : **/
417 1 : void rsp_finish_rsp_case5(void **state)
418 : {
419 : libspdm_return_t status;
420 : libspdm_test_context_t *spdm_test_context;
421 : libspdm_context_t *spdm_context;
422 : size_t response_size;
423 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
424 : spdm_finish_response_t *spdm_response;
425 : void *data1;
426 : size_t data_size1;
427 : uint8_t *ptr;
428 : uint8_t *cert_buffer;
429 : size_t cert_buffer_size;
430 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
431 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
432 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
433 : libspdm_session_info_t *session_info;
434 : uint32_t session_id;
435 : uint32_t hash_size;
436 : uint32_t hmac_size;
437 : spdm_error_data_response_not_ready_t *error_data;
438 :
439 1 : spdm_test_context = *state;
440 1 : spdm_context = spdm_test_context->spdm_context;
441 1 : spdm_test_context->case_id = 0x5;
442 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
443 : SPDM_VERSION_NUMBER_SHIFT_BIT;
444 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
445 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
446 1 : spdm_context->connection_info.capability.flags |=
447 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
448 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
449 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
450 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
451 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
452 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
453 : m_libspdm_use_measurement_hash_algo;
454 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
455 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
456 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
457 : m_libspdm_use_asym_algo, &data1,
458 : &data_size1, NULL, NULL)) {
459 0 : return;
460 : }
461 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
462 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
463 :
464 1 : libspdm_reset_message_a(spdm_context);
465 :
466 1 : session_id = 0xFFFFFFFF;
467 1 : spdm_context->latest_session_id = session_id;
468 1 : session_info = &spdm_context->session_info[0];
469 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
470 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
471 1 : session_info->local_used_cert_chain_slot_id = 0;
472 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
473 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
474 1 : libspdm_secured_message_set_request_finished_key(
475 : session_info->secured_message_context, m_dummy_buffer,
476 : hash_size);
477 1 : libspdm_secured_message_set_session_state(
478 : session_info->secured_message_context,
479 : LIBSPDM_SESSION_STATE_HANDSHAKING);
480 :
481 1 : spdm_context->connection_info.capability.flags |=
482 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
483 1 : spdm_context->local_context.capability.flags |=
484 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
485 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
486 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
487 1 : ptr = m_libspdm_finish_request1.signature;
488 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
489 1 : cert_buffer = (uint8_t *)data1;
490 1 : cert_buffer_size = data_size1;
491 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
492 : /* transcript.message_a size is 0*/
493 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
494 : /* session_transcript.message_k is 0*/
495 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
496 : sizeof(spdm_finish_request_t));
497 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
498 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
499 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
500 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
501 : request_finished_key, hash_size, ptr);
502 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
503 1 : response_size = sizeof(response);
504 1 : status = libspdm_get_response_finish(spdm_context,
505 : m_libspdm_finish_request1_size,
506 : &m_libspdm_finish_request1,
507 : &response_size, response);
508 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
509 1 : assert_int_equal(response_size,
510 : sizeof(spdm_error_response_t) +
511 : sizeof(spdm_error_data_response_not_ready_t));
512 1 : spdm_response = (void *)response;
513 1 : error_data = (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
514 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
515 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_RESPONSE_NOT_READY);
516 1 : assert_int_equal(spdm_response->header.param2, 0);
517 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_NOT_READY);
518 1 : assert_int_equal(error_data->request_code, SPDM_FINISH);
519 1 : free(data1);
520 : }
521 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
522 :
523 : /**
524 : * Test 6: receiving a correct FINISH from the requester, but the responder
525 : * is not set no receive a FINISH message because previous messages (namely,
526 : * GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or GET_DIGESTS) have not been
527 : * received.
528 : * Expected behavior: the responder rejects the request, and produces an
529 : * ERROR message indicating the UnexpectedRequest.
530 : **/
531 1 : void rsp_finish_rsp_case6(void **state)
532 : {
533 : libspdm_return_t status;
534 : libspdm_test_context_t *spdm_test_context;
535 : libspdm_context_t *spdm_context;
536 : size_t response_size;
537 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
538 : spdm_finish_response_t *spdm_response;
539 : void *data1;
540 : size_t data_size1;
541 : uint8_t *ptr;
542 : uint8_t *cert_buffer;
543 : size_t cert_buffer_size;
544 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
545 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
546 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
547 : libspdm_session_info_t *session_info;
548 : uint32_t session_id;
549 : uint32_t hash_size;
550 : uint32_t hmac_size;
551 :
552 1 : spdm_test_context = *state;
553 1 : spdm_context = spdm_test_context->spdm_context;
554 1 : spdm_test_context->case_id = 0x6;
555 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
556 : SPDM_VERSION_NUMBER_SHIFT_BIT;
557 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
558 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NOT_STARTED;
559 1 : spdm_context->connection_info.capability.flags |=
560 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
561 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
562 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
563 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
564 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
565 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
566 : m_libspdm_use_measurement_hash_algo;
567 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
568 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
569 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
570 : m_libspdm_use_asym_algo, &data1,
571 : &data_size1, NULL, NULL)) {
572 0 : return;
573 : }
574 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
575 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
576 :
577 1 : libspdm_reset_message_a(spdm_context);
578 :
579 1 : session_id = 0xFFFFFFFF;
580 1 : spdm_context->latest_session_id = session_id;
581 1 : session_info = &spdm_context->session_info[0];
582 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
583 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
584 1 : session_info->local_used_cert_chain_slot_id = 0;
585 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
586 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
587 1 : libspdm_secured_message_set_request_finished_key(
588 : session_info->secured_message_context, m_dummy_buffer,
589 : hash_size);
590 1 : libspdm_secured_message_set_session_state(
591 : session_info->secured_message_context,
592 : LIBSPDM_SESSION_STATE_HANDSHAKING);
593 :
594 1 : spdm_context->connection_info.capability.flags |=
595 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
596 1 : spdm_context->local_context.capability.flags |=
597 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
598 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
599 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
600 1 : ptr = m_libspdm_finish_request1.signature;
601 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
602 1 : cert_buffer = (uint8_t *)data1;
603 1 : cert_buffer_size = data_size1;
604 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
605 : /* transcript.message_a size is 0*/
606 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
607 : /* session_transcript.message_k is 0*/
608 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
609 : sizeof(spdm_finish_request_t));
610 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
611 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
612 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
613 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
614 : request_finished_key, hash_size, ptr);
615 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
616 1 : response_size = sizeof(response);
617 1 : status = libspdm_get_response_finish(spdm_context,
618 : m_libspdm_finish_request1_size,
619 : &m_libspdm_finish_request1,
620 : &response_size, response);
621 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
622 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
623 1 : spdm_response = (void *)response;
624 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
625 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
626 1 : assert_int_equal(spdm_response->header.param2, 0);
627 1 : free(data1);
628 : }
629 :
630 1 : void rsp_finish_rsp_case7(void **state)
631 : {
632 : libspdm_return_t status;
633 : libspdm_test_context_t *spdm_test_context;
634 : libspdm_context_t *spdm_context;
635 : size_t response_size;
636 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
637 : spdm_finish_response_t *spdm_response;
638 : void *data1;
639 : size_t data_size1;
640 : uint8_t *ptr;
641 : uint8_t *cert_buffer;
642 : size_t cert_buffer_size;
643 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
644 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
645 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
646 : libspdm_session_info_t *session_info;
647 : uint32_t session_id;
648 : uint32_t hash_size;
649 : uint32_t hmac_size;
650 :
651 1 : spdm_test_context = *state;
652 1 : spdm_context = spdm_test_context->spdm_context;
653 1 : spdm_test_context->case_id = 0x7;
654 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
655 : SPDM_VERSION_NUMBER_SHIFT_BIT;
656 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
657 1 : spdm_context->connection_info.capability.flags |=
658 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
659 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
660 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
661 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
662 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
663 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
664 : m_libspdm_use_measurement_hash_algo;
665 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
666 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
667 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
668 : m_libspdm_use_asym_algo, &data1,
669 : &data_size1, NULL, NULL)) {
670 0 : return;
671 : }
672 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
673 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
674 :
675 1 : libspdm_reset_message_a(spdm_context);
676 :
677 1 : session_id = 0xFFFFFFFF;
678 1 : spdm_context->latest_session_id = session_id;
679 1 : session_info = &spdm_context->session_info[0];
680 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
681 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
682 1 : session_info->local_used_cert_chain_slot_id = 0;
683 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
684 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
685 1 : libspdm_secured_message_set_request_finished_key(
686 : session_info->secured_message_context, m_dummy_buffer,
687 : hash_size);
688 1 : libspdm_secured_message_set_session_state(
689 : session_info->secured_message_context,
690 : LIBSPDM_SESSION_STATE_HANDSHAKING);
691 :
692 1 : spdm_context->connection_info.capability.flags |=
693 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
694 1 : spdm_context->local_context.capability.flags |=
695 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
696 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
697 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
698 1 : ptr = m_libspdm_finish_request1.signature;
699 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
700 1 : cert_buffer = (uint8_t *)data1;
701 1 : cert_buffer_size = data_size1;
702 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
703 : session_info->session_transcript.message_m.buffer_size =
704 : session_info->session_transcript.message_m.max_buffer_size;
705 : spdm_context->transcript.message_b.buffer_size =
706 : spdm_context->transcript.message_b.max_buffer_size;
707 : spdm_context->transcript.message_c.buffer_size =
708 : spdm_context->transcript.message_c.max_buffer_size;
709 : spdm_context->transcript.message_mut_b.buffer_size =
710 : spdm_context->transcript.message_mut_b.max_buffer_size;
711 : spdm_context->transcript.message_mut_c.buffer_size =
712 : spdm_context->transcript.message_mut_c.max_buffer_size;
713 : #endif
714 :
715 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
716 : /* transcript.message_a size is 0*/
717 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
718 : /* session_transcript.message_k is 0*/
719 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
720 : sizeof(spdm_finish_request_t));
721 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
722 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
723 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
724 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
725 : request_finished_key, hash_size, ptr);
726 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
727 1 : response_size = sizeof(response);
728 1 : status = libspdm_get_response_finish(spdm_context,
729 : m_libspdm_finish_request1_size,
730 : &m_libspdm_finish_request1,
731 : &response_size, response);
732 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
733 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
734 1 : spdm_response = (void *)response;
735 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
736 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
737 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
738 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
739 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
740 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
741 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
742 : #endif
743 :
744 1 : free(data1);
745 : }
746 :
747 :
748 : /**
749 : * Test 8: receiving a correct FINISH message from the requester with
750 : * correct MAC and signature (with mutual authentication), and 'handshake in
751 : * the clear'.
752 : * Expected behavior: the responder accepts the request and produces a valid
753 : * FINISH_RSP response message.
754 : **/
755 1 : void rsp_finish_rsp_case8(void **state)
756 : {
757 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
758 : libspdm_return_t status;
759 : libspdm_test_context_t *spdm_test_context;
760 : libspdm_context_t *spdm_context;
761 : size_t response_size;
762 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
763 : spdm_finish_response_t *spdm_response;
764 : void *data1;
765 : size_t data_size1;
766 : void *data2;
767 : size_t data_size2;
768 : uint8_t *ptr;
769 : uint8_t *cert_buffer;
770 : size_t cert_buffer_size;
771 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
772 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
773 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
774 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
775 : libspdm_session_info_t *session_info;
776 : uint32_t session_id;
777 : uint32_t hash_size;
778 : uint32_t hmac_size;
779 : size_t req_asym_signature_size;
780 :
781 1 : spdm_test_context = *state;
782 1 : spdm_context = spdm_test_context->spdm_context;
783 1 : spdm_test_context->case_id = 0x8;
784 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
785 : SPDM_VERSION_NUMBER_SHIFT_BIT;
786 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
787 1 : spdm_context->connection_info.capability.flags |=
788 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
789 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
790 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
791 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
792 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
793 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
794 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
795 : m_libspdm_use_measurement_hash_algo;
796 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
797 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
798 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
799 : m_libspdm_use_asym_algo, &data1,
800 : &data_size1, NULL, NULL)) {
801 0 : return;
802 : }
803 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
804 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
805 :
806 1 : libspdm_reset_message_a(spdm_context);
807 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
808 1 : if (!libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
809 : m_libspdm_use_req_asym_algo, &data2,
810 : &data_size2, NULL, NULL)) {
811 0 : return;
812 : }
813 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
814 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
815 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
816 : data2, data_size2);
817 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
818 : #else
819 1 : libspdm_hash_all(
820 : spdm_context->connection_info.algorithm.base_hash_algo,
821 : data2, data_size2,
822 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
823 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
824 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
825 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
826 : spdm_context->connection_info.algorithm.base_hash_algo,
827 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
828 : data2,
829 : data_size2,
830 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
831 : #endif
832 :
833 1 : session_id = 0xFFFFFFFF;
834 1 : spdm_context->latest_session_id = session_id;
835 1 : session_info = &spdm_context->session_info[0];
836 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
837 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
838 1 : session_info->peer_used_cert_chain_slot_id = 0;
839 1 : session_info->local_used_cert_chain_slot_id = 0;
840 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
841 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
842 1 : libspdm_secured_message_set_request_finished_key(
843 : session_info->secured_message_context, m_dummy_buffer,
844 : hash_size);
845 1 : libspdm_secured_message_set_session_state(
846 : session_info->secured_message_context,
847 : LIBSPDM_SESSION_STATE_HANDSHAKING);
848 1 : session_info->mut_auth_requested = 1;
849 :
850 1 : spdm_context->connection_info.capability.flags |=
851 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
852 1 : spdm_context->local_context.capability.flags |=
853 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
854 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
855 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
856 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
857 1 : ptr = m_libspdm_finish_request3.signature;
858 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
859 1 : cert_buffer = (uint8_t *)data1;
860 1 : cert_buffer_size = data_size1;
861 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
862 1 : cert_buffer = (uint8_t *)data2;
863 1 : cert_buffer_size = data_size2;
864 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
865 : /* transcript.message_a size is 0*/
866 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
867 : /* session_transcript.message_k is 0*/
868 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
869 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
870 : sizeof(spdm_finish_request_t));
871 :
872 1 : libspdm_requester_data_sign(
873 : spdm_context,
874 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
875 : 0, SPDM_FINISH,
876 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
877 1 : false, libspdm_get_managed_buffer(&th_curr),
878 : libspdm_get_managed_buffer_size(&th_curr),
879 : ptr, &req_asym_signature_size);
880 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
881 1 : ptr += req_asym_signature_size;
882 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
883 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
884 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
885 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
886 : request_finished_key, hash_size, ptr);
887 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
888 1 : req_asym_signature_size + hmac_size;
889 1 : response_size = sizeof(response);
890 1 : status = libspdm_get_response_finish(spdm_context,
891 : m_libspdm_finish_request3_size,
892 : &m_libspdm_finish_request3,
893 : &response_size, response);
894 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
895 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
896 1 : spdm_response = (void *)response;
897 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
898 :
899 1 : g_key_exchange_start_mut_auth = 0;
900 1 : free(data1);
901 1 : free(data2);
902 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
903 : }
904 :
905 : /**
906 : * Test 9: receiving a correct FINISH message from the requester, but the
907 : * responder has no capabilities for key exchange.
908 : * Expected behavior: the responder refuses the FINISH message and produces
909 : * an ERROR message indicating the UnsupportedRequest.
910 : **/
911 1 : void rsp_finish_rsp_case9(void **state)
912 : {
913 : libspdm_return_t status;
914 : libspdm_test_context_t *spdm_test_context;
915 : libspdm_context_t *spdm_context;
916 : size_t response_size;
917 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
918 : spdm_finish_response_t *spdm_response;
919 : void *data1;
920 : size_t data_size1;
921 : uint8_t *ptr;
922 : uint8_t *cert_buffer;
923 : size_t cert_buffer_size;
924 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
925 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
926 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
927 : libspdm_session_info_t *session_info;
928 : uint32_t session_id;
929 : uint32_t hash_size;
930 : uint32_t hmac_size;
931 :
932 1 : spdm_test_context = *state;
933 1 : spdm_context = spdm_test_context->spdm_context;
934 1 : spdm_test_context->case_id = 0x9;
935 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
936 : SPDM_VERSION_NUMBER_SHIFT_BIT;
937 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
938 1 : spdm_context->connection_info.capability.flags = 0;
939 1 : spdm_context->local_context.capability.flags = 0;
940 1 : spdm_context->connection_info.capability.flags |=
941 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
942 : /* no key exchange capabilities (responder)*/
943 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
944 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
945 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
946 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
947 : m_libspdm_use_measurement_hash_algo;
948 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
949 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
950 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
951 : m_libspdm_use_asym_algo, &data1,
952 : &data_size1, NULL, NULL)) {
953 0 : return;
954 : }
955 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
956 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
957 :
958 1 : libspdm_reset_message_a(spdm_context);
959 :
960 1 : session_id = 0xFFFFFFFF;
961 1 : spdm_context->latest_session_id = session_id;
962 1 : session_info = &spdm_context->session_info[0];
963 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
964 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
965 1 : session_info->local_used_cert_chain_slot_id = 0;
966 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
967 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
968 1 : libspdm_secured_message_set_request_finished_key(
969 : session_info->secured_message_context, m_dummy_buffer,
970 : hash_size);
971 1 : libspdm_secured_message_set_session_state(
972 : session_info->secured_message_context,
973 : LIBSPDM_SESSION_STATE_HANDSHAKING);
974 :
975 1 : spdm_context->connection_info.capability.flags |=
976 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
977 1 : spdm_context->local_context.capability.flags |=
978 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
979 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
980 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
981 1 : ptr = m_libspdm_finish_request1.signature;
982 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
983 1 : cert_buffer = (uint8_t *)data1;
984 1 : cert_buffer_size = data_size1;
985 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
986 : /* transcript.message_a size is 0*/
987 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
988 : /* session_transcript.message_k is 0*/
989 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
990 : sizeof(spdm_finish_request_t));
991 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
992 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
993 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
994 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
995 : request_finished_key, hash_size, ptr);
996 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
997 1 : response_size = sizeof(response);
998 1 : status = libspdm_get_response_finish(spdm_context,
999 : m_libspdm_finish_request1_size,
1000 : &m_libspdm_finish_request1,
1001 : &response_size, response);
1002 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1003 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1004 1 : spdm_response = (void *)response;
1005 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1006 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
1007 1 : assert_int_equal(spdm_response->header.param2, SPDM_FINISH);
1008 1 : free(data1);
1009 : }
1010 :
1011 : /**
1012 : * Test 10: receiving a correct FINISH message from the requester, but the
1013 : * responder is not correctly setup by not initializing a session during
1014 : * KEY_EXCHANGE.
1015 : * Expected behavior: the responder refuses the FINISH message and produces
1016 : * an ERROR message indicating the UnsupportedRequest.
1017 : **/
1018 1 : void rsp_finish_rsp_case10(void **state)
1019 : {
1020 : libspdm_return_t status;
1021 : libspdm_test_context_t *spdm_test_context;
1022 : libspdm_context_t *spdm_context;
1023 : size_t response_size;
1024 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1025 : spdm_finish_response_t *spdm_response;
1026 : void *data1;
1027 : size_t data_size1;
1028 : uint8_t *ptr;
1029 : uint8_t *cert_buffer;
1030 : size_t cert_buffer_size;
1031 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1032 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1033 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1034 : libspdm_session_info_t *session_info;
1035 : uint32_t session_id;
1036 : uint32_t hash_size;
1037 : uint32_t hmac_size;
1038 :
1039 1 : spdm_test_context = *state;
1040 1 : spdm_context = spdm_test_context->spdm_context;
1041 1 : spdm_test_context->case_id = 0xA;
1042 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1043 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1044 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1045 1 : spdm_context->connection_info.capability.flags |=
1046 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1047 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1048 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1049 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1050 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1051 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1052 : m_libspdm_use_measurement_hash_algo;
1053 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1054 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1055 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1056 : m_libspdm_use_asym_algo, &data1,
1057 : &data_size1, NULL, NULL)) {
1058 0 : return;
1059 : }
1060 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1061 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1062 :
1063 1 : libspdm_reset_message_a(spdm_context);
1064 :
1065 1 : session_id = 0xFFFFFFFF;
1066 1 : spdm_context->latest_session_id = session_id;
1067 1 : session_info = &spdm_context->session_info[0];
1068 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1069 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1070 1 : session_info->local_used_cert_chain_slot_id = 0;
1071 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1072 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1073 1 : libspdm_secured_message_set_request_finished_key(
1074 : session_info->secured_message_context, m_dummy_buffer,
1075 : hash_size);
1076 1 : libspdm_secured_message_set_session_state(
1077 : session_info->secured_message_context,
1078 : LIBSPDM_SESSION_STATE_NOT_STARTED);
1079 :
1080 1 : spdm_context->connection_info.capability.flags |=
1081 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1082 1 : spdm_context->local_context.capability.flags |=
1083 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1084 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1085 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1086 1 : ptr = m_libspdm_finish_request1.signature;
1087 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1088 1 : cert_buffer = (uint8_t *)data1;
1089 1 : cert_buffer_size = data_size1;
1090 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1091 : /* transcript.message_a size is 0*/
1092 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1093 : /* session_transcript.message_k is 0*/
1094 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1095 : sizeof(spdm_finish_request_t));
1096 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1097 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1098 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1099 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1100 : request_finished_key, hash_size, ptr);
1101 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1102 1 : response_size = sizeof(response);
1103 1 : status = libspdm_get_response_finish(spdm_context,
1104 : m_libspdm_finish_request1_size,
1105 : &m_libspdm_finish_request1,
1106 : &response_size, response);
1107 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1108 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1109 1 : spdm_response = (void *)response;
1110 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1111 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
1112 1 : assert_int_equal(spdm_response->header.param2, 0);
1113 1 : free(data1);
1114 : }
1115 :
1116 : /**
1117 : * Test 11: receiving a FINISH message from the requester with an incorrect
1118 : * MAC (all-zero).
1119 : * Expected behavior: the responder refuses the FINISH message and produces
1120 : * an ERROR message indicating the DecryptError.
1121 : **/
1122 1 : void rsp_finish_rsp_case11(void **state)
1123 : {
1124 : libspdm_return_t status;
1125 : libspdm_test_context_t *spdm_test_context;
1126 : libspdm_context_t *spdm_context;
1127 : size_t response_size;
1128 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1129 : spdm_finish_response_t *spdm_response;
1130 : void *data1;
1131 : size_t data_size1;
1132 : uint8_t *ptr;
1133 : libspdm_session_info_t *session_info;
1134 : uint32_t session_id;
1135 : uint32_t hash_size;
1136 : uint32_t hmac_size;
1137 :
1138 1 : spdm_test_context = *state;
1139 1 : spdm_context = spdm_test_context->spdm_context;
1140 1 : spdm_test_context->case_id = 0xB;
1141 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1142 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1143 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1144 1 : spdm_context->connection_info.capability.flags |=
1145 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1146 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1147 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1148 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1149 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1150 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1151 : m_libspdm_use_measurement_hash_algo;
1152 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1153 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1154 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1155 : m_libspdm_use_asym_algo, &data1,
1156 : &data_size1, NULL, NULL)) {
1157 0 : return;
1158 : }
1159 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1160 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1161 :
1162 1 : libspdm_reset_message_a(spdm_context);
1163 :
1164 1 : session_id = 0xFFFFFFFF;
1165 1 : spdm_context->latest_session_id = session_id;
1166 1 : session_info = &spdm_context->session_info[0];
1167 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1168 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1169 1 : session_info->local_used_cert_chain_slot_id = 0;
1170 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1171 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1172 1 : libspdm_secured_message_set_request_finished_key(
1173 : session_info->secured_message_context, m_dummy_buffer,
1174 : hash_size);
1175 1 : libspdm_secured_message_set_session_state(
1176 : session_info->secured_message_context,
1177 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1178 :
1179 1 : spdm_context->connection_info.capability.flags |=
1180 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1181 1 : spdm_context->local_context.capability.flags |=
1182 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1183 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1184 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1185 1 : ptr = m_libspdm_finish_request1.signature;
1186 1 : libspdm_set_mem(ptr, hmac_size, (uint8_t)(0x00)); /*all-zero MAC*/
1187 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1188 1 : response_size = sizeof(response);
1189 1 : status = libspdm_get_response_finish(spdm_context,
1190 : m_libspdm_finish_request1_size,
1191 : &m_libspdm_finish_request1,
1192 : &response_size, response);
1193 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1194 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1195 1 : spdm_response = (void *)response;
1196 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1197 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_DECRYPT_ERROR);
1198 1 : assert_int_equal(spdm_response->header.param2, 0);
1199 1 : free(data1);
1200 : }
1201 :
1202 : /**
1203 : * Test 12: receiving a FINISH message from the requester with an incorrect
1204 : * MAC (arbitrary).
1205 : * Expected behavior: the responder refuses the FINISH message and produces
1206 : * an ERROR message indicating the DecryptError.
1207 : **/
1208 1 : void rsp_finish_rsp_case12(void **state)
1209 : {
1210 : libspdm_return_t status;
1211 : libspdm_test_context_t *spdm_test_context;
1212 : libspdm_context_t *spdm_context;
1213 : size_t response_size;
1214 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1215 : spdm_finish_response_t *spdm_response;
1216 : void *data1;
1217 : size_t data_size1;
1218 : uint8_t *ptr;
1219 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1220 : uint8_t zero_data[LIBSPDM_MAX_HASH_SIZE];
1221 : libspdm_session_info_t *session_info;
1222 : uint32_t session_id;
1223 : uint32_t hash_size;
1224 : uint32_t hmac_size;
1225 :
1226 1 : spdm_test_context = *state;
1227 1 : spdm_context = spdm_test_context->spdm_context;
1228 1 : spdm_test_context->case_id = 0xC;
1229 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1230 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1231 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1232 1 : spdm_context->connection_info.capability.flags |=
1233 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1234 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1235 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1236 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1237 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1238 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1239 : m_libspdm_use_measurement_hash_algo;
1240 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1241 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1242 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1243 : m_libspdm_use_asym_algo, &data1,
1244 : &data_size1, NULL, NULL)) {
1245 0 : return;
1246 : }
1247 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1248 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1249 :
1250 1 : libspdm_reset_message_a(spdm_context);
1251 :
1252 1 : session_id = 0xFFFFFFFF;
1253 1 : spdm_context->latest_session_id = session_id;
1254 1 : session_info = &spdm_context->session_info[0];
1255 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1256 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1257 1 : session_info->local_used_cert_chain_slot_id = 0;
1258 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1259 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1260 1 : libspdm_secured_message_set_request_finished_key(
1261 : session_info->secured_message_context, m_dummy_buffer,
1262 : hash_size);
1263 1 : libspdm_secured_message_set_session_state(
1264 : session_info->secured_message_context,
1265 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1266 :
1267 1 : spdm_context->connection_info.capability.flags |=
1268 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1269 1 : spdm_context->local_context.capability.flags |=
1270 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1271 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1272 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1273 1 : ptr = m_libspdm_finish_request1.signature;
1274 : /*arbitrary MAC*/
1275 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1276 1 : libspdm_set_mem(zero_data, hash_size, (uint8_t)(0x00));
1277 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, zero_data, hash_size,
1278 : request_finished_key, hash_size, ptr);
1279 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1280 1 : response_size = sizeof(response);
1281 1 : status = libspdm_get_response_finish(spdm_context,
1282 : m_libspdm_finish_request1_size,
1283 : &m_libspdm_finish_request1,
1284 : &response_size, response);
1285 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1286 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1287 1 : spdm_response = (void *)response;
1288 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1289 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_DECRYPT_ERROR);
1290 1 : assert_int_equal(spdm_response->header.param2, 0);
1291 1 : free(data1);
1292 : }
1293 :
1294 : /**
1295 : * Test 13:
1296 : * Expected behavior:
1297 : **/
1298 1 : void rsp_finish_rsp_case13(void **state)
1299 : {
1300 1 : }
1301 :
1302 : /**
1303 : * Test 14: receiving a FINISH message from the requester with an incorrect
1304 : * MAC size (only the correct first half of the MAC).
1305 : * Expected behavior: the responder refuses the FINISH message and produces
1306 : * an ERROR message indicating the InvalidRequest.
1307 : **/
1308 1 : void rsp_finish_rsp_case14(void **state)
1309 : {
1310 : libspdm_return_t status;
1311 : libspdm_test_context_t *spdm_test_context;
1312 : libspdm_context_t *spdm_context;
1313 : size_t response_size;
1314 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1315 : spdm_finish_response_t *spdm_response;
1316 : void *data1;
1317 : size_t data_size1;
1318 : uint8_t *ptr;
1319 : uint8_t *cert_buffer;
1320 : size_t cert_buffer_size;
1321 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1322 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1323 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1324 : libspdm_session_info_t *session_info;
1325 : uint32_t session_id;
1326 : uint32_t hash_size;
1327 : uint32_t hmac_size;
1328 :
1329 1 : spdm_test_context = *state;
1330 1 : spdm_context = spdm_test_context->spdm_context;
1331 1 : spdm_test_context->case_id = 0xE;
1332 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1333 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1334 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1335 1 : spdm_context->connection_info.capability.flags |=
1336 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1337 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1338 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1339 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1340 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1341 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1342 : m_libspdm_use_measurement_hash_algo;
1343 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1344 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1345 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1346 : m_libspdm_use_asym_algo, &data1,
1347 : &data_size1, NULL, NULL)) {
1348 0 : return;
1349 : }
1350 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1351 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1352 :
1353 1 : libspdm_reset_message_a(spdm_context);
1354 :
1355 1 : session_id = 0xFFFFFFFF;
1356 1 : spdm_context->latest_session_id = session_id;
1357 1 : session_info = &spdm_context->session_info[0];
1358 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1359 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1360 1 : session_info->local_used_cert_chain_slot_id = 0;
1361 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1362 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1363 1 : libspdm_secured_message_set_request_finished_key(
1364 : session_info->secured_message_context, m_dummy_buffer,
1365 : hash_size);
1366 1 : libspdm_secured_message_set_session_state(
1367 : session_info->secured_message_context,
1368 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1369 :
1370 1 : spdm_context->connection_info.capability.flags |=
1371 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1372 1 : spdm_context->local_context.capability.flags |=
1373 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1374 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1375 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1376 1 : ptr = m_libspdm_finish_request1.signature;
1377 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1378 1 : cert_buffer = (uint8_t *)data1;
1379 1 : cert_buffer_size = data_size1;
1380 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1381 : /* transcript.message_a size is 0*/
1382 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1383 : /* session_transcript.message_k is 0*/
1384 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1385 : sizeof(spdm_finish_request_t));
1386 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1387 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1388 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1389 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1390 : request_finished_key, hash_size, ptr);
1391 1 : libspdm_set_mem(ptr + hmac_size/2, hmac_size/2, (uint8_t) 0x00); /* half HMAC size*/
1392 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size/2;
1393 1 : response_size = sizeof(response);
1394 1 : status = libspdm_get_response_finish(spdm_context,
1395 : m_libspdm_finish_request1_size,
1396 : &m_libspdm_finish_request1,
1397 : &response_size, response);
1398 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1399 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1400 1 : spdm_response = (void *)response;
1401 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1402 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1403 1 : assert_int_equal(spdm_response->header.param2, 0);
1404 1 : free(data1);
1405 : }
1406 :
1407 : /**
1408 : * Test 15: receiving a FINISH message from the requester with an incorrect
1409 : * signature (all-zero), but a correct MAC.
1410 : * Expected behavior: the responder refuses the FINISH message and produces
1411 : * an ERROR message indicating the DecryptError.
1412 : **/
1413 1 : void rsp_finish_rsp_case15(void **state)
1414 : {
1415 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1416 : libspdm_return_t status;
1417 : libspdm_test_context_t *spdm_test_context;
1418 : libspdm_context_t *spdm_context;
1419 : size_t response_size;
1420 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1421 : spdm_finish_response_t *spdm_response;
1422 : void *data1;
1423 : size_t data_size1;
1424 : void *data2;
1425 : size_t data_size2;
1426 : uint8_t *ptr;
1427 : uint8_t *cert_buffer;
1428 : size_t cert_buffer_size;
1429 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1430 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1431 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1432 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1433 : libspdm_session_info_t *session_info;
1434 : uint32_t session_id;
1435 : uint32_t hash_size;
1436 : uint32_t hmac_size;
1437 : size_t req_asym_signature_size;
1438 :
1439 1 : spdm_test_context = *state;
1440 1 : spdm_context = spdm_test_context->spdm_context;
1441 1 : spdm_test_context->case_id = 0xF;
1442 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1443 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1444 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1445 1 : spdm_context->connection_info.capability.flags |=
1446 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1447 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1448 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1449 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1450 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
1451 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1452 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1453 : m_libspdm_use_measurement_hash_algo;
1454 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1455 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1456 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1457 : m_libspdm_use_asym_algo, &data1,
1458 : &data_size1, NULL, NULL)) {
1459 0 : return;
1460 : }
1461 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1462 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1463 :
1464 1 : libspdm_reset_message_a(spdm_context);
1465 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
1466 1 : if (!libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1467 : m_libspdm_use_req_asym_algo, &data2,
1468 : &data_size2, NULL, NULL)) {
1469 0 : return;
1470 : }
1471 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1472 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1473 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1474 : data2, data_size2);
1475 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
1476 : #endif
1477 :
1478 1 : session_id = 0xFFFFFFFF;
1479 1 : spdm_context->latest_session_id = session_id;
1480 1 : session_info = &spdm_context->session_info[0];
1481 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1482 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1483 1 : session_info->local_used_cert_chain_slot_id = 0;
1484 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1485 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1486 1 : libspdm_secured_message_set_request_finished_key(
1487 : session_info->secured_message_context, m_dummy_buffer,
1488 : hash_size);
1489 1 : libspdm_secured_message_set_session_state(
1490 : session_info->secured_message_context,
1491 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1492 1 : session_info->mut_auth_requested = 1;
1493 :
1494 1 : spdm_context->connection_info.capability.flags |=
1495 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1496 1 : spdm_context->local_context.capability.flags |=
1497 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1498 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1499 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1500 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1501 1 : ptr = m_libspdm_finish_request3.signature;
1502 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1503 1 : cert_buffer = (uint8_t *)data1;
1504 1 : cert_buffer_size = data_size1;
1505 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1506 1 : cert_buffer = (uint8_t *)data2;
1507 1 : cert_buffer_size = data_size2;
1508 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
1509 : /* transcript.message_a size is 0*/
1510 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1511 : /* session_transcript.message_k is 0*/
1512 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1513 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
1514 : sizeof(spdm_finish_request_t));
1515 :
1516 1 : libspdm_requester_data_sign(
1517 : spdm_context,
1518 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1519 : 0, SPDM_FINISH,
1520 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
1521 1 : false, libspdm_get_managed_buffer(&th_curr),
1522 : libspdm_get_managed_buffer_size(&th_curr),
1523 : ptr, &req_asym_signature_size);
1524 :
1525 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1526 1 : ptr += req_asym_signature_size;
1527 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1528 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1529 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1530 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1531 : request_finished_key, hash_size, ptr);
1532 1 : libspdm_set_mem(m_libspdm_finish_request3.signature,
1533 : req_asym_signature_size, (uint8_t) 0x00); /*zero signature*/
1534 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
1535 1 : req_asym_signature_size + hmac_size;
1536 1 : response_size = sizeof(response);
1537 1 : status = libspdm_get_response_finish(spdm_context,
1538 : m_libspdm_finish_request3_size,
1539 : &m_libspdm_finish_request3,
1540 : &response_size, response);
1541 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1542 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1543 1 : spdm_response = (void *)response;
1544 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1545 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_DECRYPT_ERROR);
1546 1 : assert_int_equal(spdm_response->header.param2, 0);
1547 :
1548 1 : g_key_exchange_start_mut_auth = 0;
1549 1 : free(data1);
1550 1 : free(data2);
1551 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
1552 : }
1553 :
1554 : /**
1555 : * Test 16: receiving a FINISH message from the requester with an incorrect
1556 : * signature (arbitrary), but a correct MAC.
1557 : * Expected behavior: the responder refuses the FINISH message and produces
1558 : * an ERROR message indicating the DecryptError.
1559 : **/
1560 1 : void rsp_finish_rsp_case16(void **state)
1561 : {
1562 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1563 : libspdm_return_t status;
1564 : libspdm_test_context_t *spdm_test_context;
1565 : libspdm_context_t *spdm_context;
1566 : size_t response_size;
1567 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1568 : spdm_finish_response_t *spdm_response;
1569 : void *data1;
1570 : size_t data_size1;
1571 : void *data2;
1572 : size_t data_size2;
1573 : uint8_t *ptr;
1574 : uint8_t *cert_buffer;
1575 : size_t cert_buffer_size;
1576 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1577 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1578 : uint8_t random_buffer[LIBSPDM_MAX_HASH_SIZE];
1579 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1580 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1581 : libspdm_session_info_t *session_info;
1582 : uint32_t session_id;
1583 : uint32_t hash_size;
1584 : uint32_t hmac_size;
1585 : size_t req_asym_signature_size;
1586 :
1587 1 : spdm_test_context = *state;
1588 1 : spdm_context = spdm_test_context->spdm_context;
1589 1 : spdm_test_context->case_id = 0x10;
1590 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1591 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1592 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1593 1 : spdm_context->connection_info.capability.flags |=
1594 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1595 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1596 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1597 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1598 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
1599 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1600 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1601 : m_libspdm_use_measurement_hash_algo;
1602 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1603 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1604 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1605 : m_libspdm_use_asym_algo, &data1,
1606 : &data_size1, NULL, NULL)) {
1607 0 : return;
1608 : }
1609 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1610 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1611 :
1612 1 : libspdm_reset_message_a(spdm_context);
1613 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
1614 1 : if (!libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1615 : m_libspdm_use_req_asym_algo, &data2,
1616 : &data_size2, NULL, NULL)) {
1617 0 : return;
1618 : }
1619 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1620 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1621 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1622 : data2, data_size2);
1623 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
1624 : #endif
1625 :
1626 1 : session_id = 0xFFFFFFFF;
1627 1 : spdm_context->latest_session_id = session_id;
1628 1 : session_info = &spdm_context->session_info[0];
1629 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1630 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1631 1 : session_info->local_used_cert_chain_slot_id = 0;
1632 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1633 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1634 1 : libspdm_secured_message_set_request_finished_key(
1635 : session_info->secured_message_context, m_dummy_buffer,
1636 : hash_size);
1637 1 : libspdm_secured_message_set_session_state(
1638 : session_info->secured_message_context,
1639 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1640 1 : session_info->mut_auth_requested = 1;
1641 :
1642 1 : spdm_context->connection_info.capability.flags |=
1643 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1644 1 : spdm_context->local_context.capability.flags |=
1645 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1646 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1647 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1648 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1649 1 : ptr = m_libspdm_finish_request3.signature;
1650 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1651 1 : cert_buffer = (uint8_t *)data1;
1652 1 : cert_buffer_size = data_size1;
1653 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1654 1 : cert_buffer = (uint8_t *)data2;
1655 1 : cert_buffer_size = data_size2;
1656 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
1657 : /* transcript.message_a size is 0*/
1658 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1659 : /* session_transcript.message_k is 0*/
1660 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1661 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
1662 : sizeof(spdm_finish_request_t));
1663 : /*randomize signature*/
1664 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1665 : libspdm_get_managed_buffer_size(&th_curr), random_buffer);
1666 :
1667 1 : libspdm_requester_data_sign(
1668 : spdm_context,
1669 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1670 : 0, SPDM_FINISH,
1671 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
1672 : false, random_buffer, hash_size, ptr, &req_asym_signature_size);
1673 :
1674 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1675 1 : ptr += req_asym_signature_size;
1676 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1677 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1678 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1679 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1680 : request_finished_key, hash_size, ptr);
1681 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
1682 1 : req_asym_signature_size + hmac_size;
1683 1 : response_size = sizeof(response);
1684 1 : status = libspdm_get_response_finish(spdm_context,
1685 : m_libspdm_finish_request3_size,
1686 : &m_libspdm_finish_request3,
1687 : &response_size, response);
1688 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1689 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1690 1 : spdm_response = (void *)response;
1691 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1692 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_DECRYPT_ERROR);
1693 1 : assert_int_equal(spdm_response->header.param2, 0);
1694 :
1695 1 : g_key_exchange_start_mut_auth = 0;
1696 1 : free(data1);
1697 1 : free(data2);
1698 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
1699 : }
1700 :
1701 : /**
1702 : * Test 17: receiving a correct FINISH from the requester.
1703 : * Expected behavior: the responder accepts the request and produces a valid FINISH
1704 : * response message, and buffer F receives the exchanged FINISH and FINISH_RSP messages.
1705 : **/
1706 1 : void rsp_finish_rsp_case17(void **state)
1707 : {
1708 : libspdm_return_t status;
1709 : libspdm_test_context_t *spdm_test_context;
1710 : libspdm_context_t *spdm_context;
1711 : size_t response_size;
1712 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1713 : spdm_finish_response_t *spdm_response;
1714 : void *data1;
1715 : size_t data_size1;
1716 : uint8_t *ptr;
1717 : uint8_t *cert_buffer;
1718 : size_t cert_buffer_size;
1719 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1720 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1721 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1722 : libspdm_session_info_t *session_info;
1723 : uint32_t session_id;
1724 : uint32_t hash_size;
1725 : uint32_t hmac_size;
1726 :
1727 1 : spdm_test_context = *state;
1728 1 : spdm_context = spdm_test_context->spdm_context;
1729 1 : spdm_test_context->case_id = 0x11;
1730 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1731 1 : spdm_context->connection_info.capability.flags |=
1732 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1733 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1734 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1735 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1736 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1737 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1738 : m_libspdm_use_measurement_hash_algo;
1739 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1740 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1741 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1742 : m_libspdm_use_asym_algo, &data1,
1743 : &data_size1, NULL, NULL)) {
1744 0 : return;
1745 : }
1746 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1747 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1748 :
1749 1 : libspdm_reset_message_a(spdm_context);
1750 :
1751 1 : session_id = 0xFFFFFFFF;
1752 1 : spdm_context->latest_session_id = session_id;
1753 1 : session_info = &spdm_context->session_info[0];
1754 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1755 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1756 1 : session_info->local_used_cert_chain_slot_id = 0;
1757 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1758 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1759 1 : libspdm_secured_message_set_request_finished_key(
1760 : session_info->secured_message_context, m_dummy_buffer, hash_size);
1761 1 : libspdm_secured_message_set_session_state(
1762 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1763 :
1764 1 : spdm_context->connection_info.capability.flags |=
1765 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1766 1 : spdm_context->local_context.capability.flags |=
1767 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1768 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1769 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1770 1 : ptr = m_libspdm_finish_request1.signature;
1771 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1772 1 : cert_buffer = (uint8_t *)data1;
1773 1 : cert_buffer_size = data_size1;
1774 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1775 : /* transcript.message_a size is 0*/
1776 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1777 : /* session_transcript.message_k is 0*/
1778 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1779 : sizeof(spdm_finish_request_t));
1780 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1781 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1782 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1783 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1784 : request_finished_key, hash_size, ptr);
1785 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1786 1 : response_size = sizeof(response);
1787 1 : status = libspdm_get_response_finish(
1788 : spdm_context, m_libspdm_finish_request1_size, &m_libspdm_finish_request1,
1789 : &response_size, response);
1790 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1791 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
1792 1 : spdm_response = (void *)response;
1793 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
1794 :
1795 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1796 : assert_int_equal(spdm_context->session_info[0].session_transcript.message_f.buffer_size,
1797 : m_libspdm_finish_request1_size + response_size);
1798 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer,
1799 : &m_libspdm_finish_request1, m_libspdm_finish_request1_size);
1800 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer +
1801 : m_libspdm_finish_request1_size,
1802 : response, response_size);
1803 : #endif
1804 :
1805 1 : free(data1);
1806 : }
1807 :
1808 : /**
1809 : * Test 18: receiving a correct FINISH message from the requester with
1810 : * correct MAC and signature (with mutual authentication), and 'handshake in
1811 : * the clear'. The slot_id for requester mutual authentication is 0xFF.
1812 : * Expected behavior: the responder accepts the request and produces a valid
1813 : * FINISH_RSP response message.
1814 : **/
1815 1 : void rsp_finish_rsp_case18(void **state)
1816 : {
1817 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1818 : libspdm_return_t status;
1819 : libspdm_test_context_t *spdm_test_context;
1820 : libspdm_context_t *spdm_context;
1821 : size_t response_size;
1822 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1823 : spdm_finish_response_t *spdm_response;
1824 : void *data1;
1825 : size_t data_size1;
1826 : void *data2;
1827 : size_t data_size2;
1828 : uint8_t *ptr;
1829 : uint8_t *cert_buffer;
1830 : size_t cert_buffer_size;
1831 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1832 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1833 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1834 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1835 : libspdm_session_info_t *session_info;
1836 : uint32_t session_id;
1837 : uint32_t hash_size;
1838 : uint32_t hmac_size;
1839 : size_t req_asym_signature_size;
1840 :
1841 1 : spdm_test_context = *state;
1842 1 : spdm_context = spdm_test_context->spdm_context;
1843 1 : spdm_test_context->case_id = 0x12;
1844 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1845 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1846 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1847 1 : spdm_context->connection_info.capability.flags |=
1848 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1849 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1850 1 : spdm_context->connection_info.capability.flags |=
1851 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP;
1852 1 : spdm_context->local_context.capability.flags |=
1853 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP;
1854 1 : spdm_context->connection_info.capability.flags |=
1855 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1856 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1857 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1858 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
1859 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1860 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1861 1 : if (!libspdm_read_responder_public_key(m_libspdm_use_asym_algo, &data1, &data_size1)) {
1862 0 : return;
1863 : }
1864 1 : spdm_context->local_context.local_public_key_provision = data1;
1865 1 : spdm_context->local_context.local_public_key_provision_size = data_size1;
1866 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
1867 1 : if (!libspdm_read_requester_public_key(m_libspdm_use_req_asym_algo, &data2, &data_size2)) {
1868 0 : return;
1869 : }
1870 1 : spdm_context->local_context.peer_public_key_provision = data2;
1871 1 : spdm_context->local_context.peer_public_key_provision_size = data_size2;
1872 :
1873 1 : spdm_context->encap_context.req_slot_id = 0xFF;
1874 :
1875 1 : libspdm_reset_message_a(spdm_context);
1876 :
1877 1 : session_id = 0xFFFFFFFF;
1878 1 : spdm_context->latest_session_id = session_id;
1879 1 : session_info = &spdm_context->session_info[0];
1880 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1881 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1882 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1883 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1884 1 : libspdm_secured_message_set_request_finished_key(
1885 : session_info->secured_message_context, m_dummy_buffer,
1886 : hash_size);
1887 1 : libspdm_secured_message_set_session_state(
1888 : session_info->secured_message_context,
1889 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1890 1 : session_info->mut_auth_requested = 1;
1891 1 : session_info->local_used_cert_chain_slot_id = 0xFF;
1892 1 : session_info->peer_used_cert_chain_slot_id = 0xFF;
1893 :
1894 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1895 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1896 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1897 1 : ptr = m_libspdm_finish_request4.signature;
1898 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1899 1 : cert_buffer = (uint8_t *)data1;
1900 1 : cert_buffer_size = data_size1;
1901 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1902 1 : cert_buffer = (uint8_t *)data2;
1903 1 : cert_buffer_size = data_size2;
1904 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
1905 : /* transcript.message_a size is 0*/
1906 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1907 : /* session_transcript.message_k is 0*/
1908 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1909 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request4,
1910 : sizeof(spdm_finish_request_t));
1911 :
1912 1 : libspdm_requester_data_sign(
1913 : spdm_context,
1914 1 : m_libspdm_finish_request4.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1915 : 0, SPDM_FINISH,
1916 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
1917 1 : false, libspdm_get_managed_buffer(&th_curr),
1918 : libspdm_get_managed_buffer_size(&th_curr),
1919 : ptr, &req_asym_signature_size);
1920 :
1921 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1922 1 : ptr += req_asym_signature_size;
1923 :
1924 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1925 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1926 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1927 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1928 : request_finished_key, hash_size, ptr);
1929 1 : m_libspdm_finish_request4_size = sizeof(spdm_finish_request_t) +
1930 1 : req_asym_signature_size + hmac_size;
1931 1 : response_size = sizeof(response);
1932 1 : status = libspdm_get_response_finish(spdm_context,
1933 : m_libspdm_finish_request4_size,
1934 : &m_libspdm_finish_request4,
1935 : &response_size, response);
1936 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1937 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
1938 1 : spdm_response = (void *)response;
1939 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
1940 :
1941 1 : g_key_exchange_start_mut_auth = 0;
1942 1 : free(data1);
1943 1 : free(data2);
1944 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
1945 : }
1946 :
1947 : /**
1948 : * Test 19: receiving a invalid FINISH request message, enable mutual authentication without using the encapsulated request flow,
1949 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
1950 : * SlotID in FINISH request message is 10, but it shall be 0xFF or between 0 and 7 inclusive.
1951 : * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
1952 : **/
1953 1 : void rsp_finish_rsp_case19(void **state)
1954 : {
1955 : libspdm_return_t status;
1956 : libspdm_test_context_t *spdm_test_context;
1957 : libspdm_context_t *spdm_context;
1958 : size_t response_size;
1959 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1960 : spdm_finish_response_t *spdm_response;
1961 : void *data1;
1962 : size_t data_size1;
1963 : void *data2;
1964 : size_t data_size2;
1965 : uint8_t *ptr;
1966 : uint8_t *cert_buffer;
1967 : size_t cert_buffer_size;
1968 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1969 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1970 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1971 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1972 : libspdm_session_info_t *session_info;
1973 : uint32_t session_id;
1974 : uint32_t hash_size;
1975 : uint32_t hmac_size;
1976 : size_t req_asym_signature_size;
1977 :
1978 1 : spdm_test_context = *state;
1979 1 : spdm_context = spdm_test_context->spdm_context;
1980 1 : spdm_test_context->case_id = 0x13;
1981 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1982 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1983 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1984 1 : spdm_context->connection_info.capability.flags |=
1985 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1986 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1987 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1988 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1989 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
1990 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1991 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1992 : m_libspdm_use_measurement_hash_algo;
1993 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1994 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1995 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1996 : m_libspdm_use_asym_algo, &data1,
1997 : &data_size1, NULL, NULL)) {
1998 0 : return;
1999 : }
2000 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2001 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2002 :
2003 1 : libspdm_reset_message_a(spdm_context);
2004 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2005 1 : if (!libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2006 : m_libspdm_use_req_asym_algo, &data2,
2007 : &data_size2, NULL, NULL)) {
2008 0 : return;
2009 : }
2010 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2011 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2012 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2013 : data2, data_size2);
2014 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2015 : #else
2016 1 : libspdm_hash_all(
2017 : spdm_context->connection_info.algorithm.base_hash_algo,
2018 : data2, data_size2,
2019 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2020 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2021 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2022 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2023 : spdm_context->connection_info.algorithm.base_hash_algo,
2024 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2025 : data2,
2026 : data_size2,
2027 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2028 : #endif
2029 :
2030 1 : session_id = 0xFFFFFFFF;
2031 1 : spdm_context->latest_session_id = session_id;
2032 1 : session_info = &spdm_context->session_info[0];
2033 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2034 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2035 1 : session_info->peer_used_cert_chain_slot_id = 0;
2036 1 : session_info->local_used_cert_chain_slot_id = 0;
2037 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2038 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2039 1 : libspdm_secured_message_set_request_finished_key(
2040 : session_info->secured_message_context, m_dummy_buffer,
2041 : hash_size);
2042 1 : libspdm_secured_message_set_session_state(
2043 : session_info->secured_message_context,
2044 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2045 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2046 :
2047 1 : spdm_context->connection_info.capability.flags |=
2048 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2049 1 : spdm_context->local_context.capability.flags |=
2050 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2051 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2052 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2053 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2054 1 : ptr = m_libspdm_finish_request5.signature;
2055 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2056 1 : cert_buffer = (uint8_t *)data1;
2057 1 : cert_buffer_size = data_size1;
2058 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2059 1 : cert_buffer = (uint8_t *)data2;
2060 1 : cert_buffer_size = data_size2;
2061 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2062 : /* transcript.message_a size is 0*/
2063 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2064 : /* session_transcript.message_k is 0*/
2065 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2066 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request5,
2067 : sizeof(spdm_finish_request_t));
2068 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2069 1 : libspdm_requester_data_sign(
2070 : spdm_context,
2071 1 : m_libspdm_finish_request5.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2072 : 0, SPDM_FINISH,
2073 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2074 1 : false, libspdm_get_managed_buffer(&th_curr),
2075 : libspdm_get_managed_buffer_size(&th_curr),
2076 : ptr, &req_asym_signature_size);
2077 : #endif
2078 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2079 1 : ptr += req_asym_signature_size;
2080 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2081 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2082 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2083 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2084 : request_finished_key, hash_size, ptr);
2085 1 : m_libspdm_finish_request5_size = sizeof(spdm_finish_request_t) +
2086 1 : req_asym_signature_size + hmac_size;
2087 1 : response_size = sizeof(response);
2088 1 : status = libspdm_get_response_finish(spdm_context,
2089 : m_libspdm_finish_request5_size,
2090 : &m_libspdm_finish_request5,
2091 : &response_size, response);
2092 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2093 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2094 1 : spdm_response = (void *)response;
2095 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
2096 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
2097 1 : assert_int_equal(spdm_response->header.param2, 0);
2098 :
2099 1 : g_key_exchange_start_mut_auth = 0;
2100 1 : free(data1);
2101 1 : free(data2);
2102 : }
2103 :
2104 : /**
2105 : * Test 20: receiving a invalid FINISH request message, enable mutual authentication with using the encapsulated request flow,
2106 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x02.
2107 : * SlotID in FINISH request message is 3, but it shall match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
2108 : * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
2109 : **/
2110 1 : void rsp_finish_rsp_case20(void **state)
2111 : {
2112 : libspdm_return_t status;
2113 : libspdm_test_context_t *spdm_test_context;
2114 : libspdm_context_t *spdm_context;
2115 : size_t response_size;
2116 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2117 : spdm_finish_response_t *spdm_response;
2118 : void *data1;
2119 : size_t data_size1;
2120 : void *data2;
2121 : size_t data_size2;
2122 : uint8_t *ptr;
2123 : uint8_t *cert_buffer;
2124 : size_t cert_buffer_size;
2125 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2126 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2127 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2128 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2129 : libspdm_session_info_t *session_info;
2130 : uint32_t session_id;
2131 : uint32_t hash_size;
2132 : uint32_t hmac_size;
2133 : size_t req_asym_signature_size;
2134 :
2135 1 : spdm_test_context = *state;
2136 1 : spdm_context = spdm_test_context->spdm_context;
2137 1 : spdm_test_context->case_id = 0x14;
2138 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2139 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2140 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2141 1 : spdm_context->connection_info.capability.flags |=
2142 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2143 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2144 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2145 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2146 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
2147 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2148 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2149 : m_libspdm_use_measurement_hash_algo;
2150 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2151 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2152 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2153 : m_libspdm_use_asym_algo, &data1,
2154 : &data_size1, NULL, NULL)) {
2155 0 : return;
2156 : }
2157 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2158 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2159 :
2160 1 : libspdm_reset_message_a(spdm_context);
2161 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
2162 1 : if (!libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2163 : m_libspdm_use_req_asym_algo, &data2,
2164 : &data_size2, NULL, NULL)) {
2165 0 : return;
2166 : }
2167 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2168 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2169 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2170 : data2, data_size2);
2171 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2172 : #else
2173 1 : libspdm_hash_all(
2174 : spdm_context->connection_info.algorithm.base_hash_algo,
2175 : data2, data_size2,
2176 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2177 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2178 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2179 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2180 : spdm_context->connection_info.algorithm.base_hash_algo,
2181 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2182 : data2,
2183 : data_size2,
2184 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2185 : #endif
2186 :
2187 1 : session_id = 0xFFFFFFFF;
2188 1 : spdm_context->latest_session_id = session_id;
2189 1 : session_info = &spdm_context->session_info[0];
2190 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2191 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2192 1 : session_info->peer_used_cert_chain_slot_id = 0;
2193 1 : session_info->local_used_cert_chain_slot_id = 0;
2194 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2195 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2196 1 : libspdm_secured_message_set_request_finished_key(
2197 : session_info->secured_message_context, m_dummy_buffer,
2198 : hash_size);
2199 1 : libspdm_secured_message_set_session_state(
2200 : session_info->secured_message_context,
2201 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2202 1 : session_info->mut_auth_requested =
2203 : SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
2204 :
2205 1 : spdm_context->connection_info.capability.flags |=
2206 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2207 1 : spdm_context->local_context.capability.flags |=
2208 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2209 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2210 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2211 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2212 1 : ptr = m_libspdm_finish_request7.signature;
2213 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2214 1 : cert_buffer = (uint8_t *)data1;
2215 1 : cert_buffer_size = data_size1;
2216 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2217 1 : cert_buffer = (uint8_t *)data2;
2218 1 : cert_buffer_size = data_size2;
2219 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2220 : /* transcript.message_a size is 0*/
2221 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2222 : /* session_transcript.message_k is 0*/
2223 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2224 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
2225 : sizeof(spdm_finish_request_t));
2226 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2227 1 : libspdm_requester_data_sign(
2228 : spdm_context,
2229 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2230 : 0, SPDM_FINISH,
2231 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2232 1 : false, libspdm_get_managed_buffer(&th_curr),
2233 : libspdm_get_managed_buffer_size(&th_curr),
2234 : ptr, &req_asym_signature_size);
2235 : #endif
2236 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2237 1 : ptr += req_asym_signature_size;
2238 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2239 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2240 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2241 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2242 : request_finished_key, hash_size, ptr);
2243 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2244 1 : req_asym_signature_size + hmac_size;
2245 1 : response_size = sizeof(response);
2246 1 : status = libspdm_get_response_finish(spdm_context,
2247 : m_libspdm_finish_request7_size,
2248 : &m_libspdm_finish_request7,
2249 : &response_size, response);
2250 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2251 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2252 1 : spdm_response = (void *)response;
2253 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
2254 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
2255 1 : assert_int_equal(spdm_response->header.param2, 0);
2256 :
2257 1 : g_key_exchange_start_mut_auth = 0;
2258 1 : free(data1);
2259 1 : free(data2);
2260 : }
2261 :
2262 : /**
2263 : * Test 21: receiving a valid FINISH request message, due to disable mutual authentication,
2264 : * although SlotID in FINISH request message is 10, it shall be ignored when read.
2265 : * Expected behavior: the responder accepts the request and produces a valid
2266 : * FINISH_RSP response message.
2267 : **/
2268 1 : void rsp_finish_rsp_case21(void **state)
2269 : {
2270 : libspdm_return_t status;
2271 : libspdm_test_context_t *spdm_test_context;
2272 : libspdm_context_t *spdm_context;
2273 : size_t response_size;
2274 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2275 : spdm_finish_response_t *spdm_response;
2276 : void *data1;
2277 : size_t data_size1;
2278 : uint8_t *ptr;
2279 : uint8_t *cert_buffer;
2280 : size_t cert_buffer_size;
2281 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2282 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2283 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2284 : libspdm_session_info_t *session_info;
2285 : uint32_t session_id;
2286 : uint32_t hash_size;
2287 : uint32_t hmac_size;
2288 :
2289 1 : spdm_test_context = *state;
2290 1 : spdm_context = spdm_test_context->spdm_context;
2291 1 : spdm_test_context->case_id = 0x15;
2292 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2293 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2294 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2295 1 : spdm_context->connection_info.capability.flags |=
2296 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2297 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2298 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2299 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2300 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2301 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2302 : m_libspdm_use_measurement_hash_algo;
2303 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2304 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2305 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2306 : m_libspdm_use_asym_algo, &data1,
2307 : &data_size1, NULL, NULL)) {
2308 0 : return;
2309 : }
2310 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2311 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2312 :
2313 1 : libspdm_reset_message_a(spdm_context);
2314 :
2315 1 : session_id = 0xFFFFFFFF;
2316 1 : spdm_context->latest_session_id = session_id;
2317 1 : session_info = &spdm_context->session_info[0];
2318 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2319 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2320 1 : session_info->local_used_cert_chain_slot_id = 0;
2321 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2322 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2323 1 : libspdm_secured_message_set_request_finished_key(
2324 : session_info->secured_message_context, m_dummy_buffer,
2325 : hash_size);
2326 1 : libspdm_secured_message_set_session_state(
2327 : session_info->secured_message_context,
2328 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2329 1 : session_info->mut_auth_requested = 0;
2330 :
2331 1 : spdm_context->connection_info.capability.flags |=
2332 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2333 1 : spdm_context->local_context.capability.flags |=
2334 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2335 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2336 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2337 1 : ptr = m_libspdm_finish_request6.signature;
2338 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2339 1 : cert_buffer = (uint8_t *)data1;
2340 1 : cert_buffer_size = data_size1;
2341 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2342 : /* transcript.message_a size is 0*/
2343 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2344 : /* session_transcript.message_k is 0*/
2345 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request6,
2346 : sizeof(spdm_finish_request_t));
2347 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2348 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2349 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2350 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2351 : request_finished_key, hash_size, ptr);
2352 1 : m_libspdm_finish_request6_size = sizeof(spdm_finish_request_t) + hmac_size;
2353 1 : response_size = sizeof(response);
2354 1 : status = libspdm_get_response_finish(spdm_context,
2355 : m_libspdm_finish_request6_size,
2356 : &m_libspdm_finish_request6,
2357 : &response_size, response);
2358 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2359 1 : spdm_response = (void *)response;
2360 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
2361 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
2362 1 : free(data1);
2363 : }
2364 :
2365 : /**
2366 : * Test 22: receiving a valid FINISH request message, enable mutual authentication without using the encapsulated request flow,
2367 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
2368 : * although SlotID in FINISH request message is 3, it no need match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
2369 : * Expected behavior: the responder accepts the request and produces a valid
2370 : * FINISH_RSP response message.
2371 : **/
2372 1 : void rsp_finish_rsp_case22(void **state)
2373 : {
2374 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2375 : libspdm_return_t status;
2376 : libspdm_test_context_t *spdm_test_context;
2377 : libspdm_context_t *spdm_context;
2378 : size_t response_size;
2379 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2380 : spdm_finish_response_t *spdm_response;
2381 : void *data1;
2382 : size_t data_size1;
2383 : void *data2;
2384 : size_t data_size2;
2385 : uint8_t *ptr;
2386 : uint8_t *cert_buffer;
2387 : size_t cert_buffer_size;
2388 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2389 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2390 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2391 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2392 : libspdm_session_info_t *session_info;
2393 : uint32_t session_id;
2394 : uint32_t hash_size;
2395 : uint32_t hmac_size;
2396 : size_t req_asym_signature_size;
2397 :
2398 1 : spdm_test_context = *state;
2399 1 : spdm_context = spdm_test_context->spdm_context;
2400 1 : spdm_test_context->case_id = 0x16;
2401 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2402 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2403 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2404 1 : spdm_context->connection_info.capability.flags |=
2405 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2406 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2407 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2408 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2409 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
2410 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2411 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2412 : m_libspdm_use_measurement_hash_algo;
2413 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2414 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2415 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2416 : m_libspdm_use_asym_algo, &data1,
2417 : &data_size1, NULL, NULL)) {
2418 0 : return;
2419 : }
2420 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2421 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2422 :
2423 1 : libspdm_reset_message_a(spdm_context);
2424 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2425 1 : if (!libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2426 : m_libspdm_use_req_asym_algo, &data2,
2427 : &data_size2, NULL, NULL)) {
2428 0 : return;
2429 : }
2430 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2431 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2432 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2433 : data2, data_size2);
2434 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2435 : #else
2436 1 : libspdm_hash_all(
2437 : spdm_context->connection_info.algorithm.base_hash_algo,
2438 : data2, data_size2,
2439 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2440 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2441 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2442 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2443 : spdm_context->connection_info.algorithm.base_hash_algo,
2444 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2445 : data2,
2446 : data_size2,
2447 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2448 : #endif
2449 :
2450 1 : session_id = 0xFFFFFFFF;
2451 1 : spdm_context->latest_session_id = session_id;
2452 1 : session_info = &spdm_context->session_info[0];
2453 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2454 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2455 1 : session_info->peer_used_cert_chain_slot_id = 0;
2456 1 : session_info->local_used_cert_chain_slot_id = 0;
2457 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2458 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2459 1 : libspdm_secured_message_set_request_finished_key(
2460 : session_info->secured_message_context, m_dummy_buffer,
2461 : hash_size);
2462 1 : libspdm_secured_message_set_session_state(
2463 : session_info->secured_message_context,
2464 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2465 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2466 :
2467 1 : spdm_context->connection_info.capability.flags |=
2468 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2469 1 : spdm_context->local_context.capability.flags |=
2470 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2471 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2472 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2473 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2474 1 : ptr = m_libspdm_finish_request7.signature;
2475 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2476 1 : cert_buffer = (uint8_t *)data1;
2477 1 : cert_buffer_size = data_size1;
2478 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2479 1 : cert_buffer = (uint8_t *)data2;
2480 1 : cert_buffer_size = data_size2;
2481 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2482 : /* transcript.message_a size is 0*/
2483 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2484 : /* session_transcript.message_k is 0*/
2485 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2486 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
2487 : sizeof(spdm_finish_request_t));
2488 :
2489 1 : libspdm_requester_data_sign(
2490 : spdm_context,
2491 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2492 : 0, SPDM_FINISH,
2493 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2494 1 : false, libspdm_get_managed_buffer(&th_curr),
2495 : libspdm_get_managed_buffer_size(&th_curr),
2496 : ptr, &req_asym_signature_size);
2497 :
2498 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2499 1 : ptr += req_asym_signature_size;
2500 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2501 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2502 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2503 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2504 : request_finished_key, hash_size, ptr);
2505 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2506 1 : req_asym_signature_size + hmac_size;
2507 1 : response_size = sizeof(response);
2508 1 : status = libspdm_get_response_finish(spdm_context,
2509 : m_libspdm_finish_request7_size,
2510 : &m_libspdm_finish_request7,
2511 : &response_size, response);
2512 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2513 1 : spdm_response = (void *)response;
2514 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
2515 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
2516 :
2517 1 : g_key_exchange_start_mut_auth = 0;
2518 1 : free(data1);
2519 1 : free(data2);
2520 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
2521 : }
2522 :
2523 : /**
2524 : * Test 23: Same as test case 22 but test signature endianness.
2525 : * Big-Endian Sign. Little-Endian Verify.
2526 : * Expecting signature to fail.
2527 : **/
2528 1 : void rsp_finish_rsp_case23(void** state)
2529 : {
2530 : libspdm_return_t status;
2531 : libspdm_test_context_t* spdm_test_context;
2532 : libspdm_context_t* spdm_context;
2533 : size_t response_size;
2534 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2535 : spdm_finish_response_t* spdm_response;
2536 : void* data1;
2537 : size_t data_size1;
2538 : void* data2;
2539 : size_t data_size2;
2540 : uint8_t* ptr;
2541 : uint8_t* cert_buffer;
2542 : size_t cert_buffer_size;
2543 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2544 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2545 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2546 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2547 : libspdm_session_info_t* session_info;
2548 : uint32_t session_id;
2549 : uint32_t hash_size;
2550 : uint32_t hmac_size;
2551 : size_t req_asym_signature_size;
2552 :
2553 1 : spdm_test_context = *state;
2554 1 : spdm_context = spdm_test_context->spdm_context;
2555 1 : spdm_test_context->case_id = 23;
2556 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2557 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2558 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2559 1 : spdm_context->connection_info.capability.flags |=
2560 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2561 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2562 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2563 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2564 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
2565 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2566 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2567 : m_libspdm_use_measurement_hash_algo;
2568 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2569 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2570 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2571 : m_libspdm_use_asym_algo, &data1,
2572 : &data_size1, NULL, NULL)) {
2573 0 : return;
2574 : }
2575 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2576 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2577 1 : spdm_context->spdm_10_11_verify_signature_endian =
2578 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
2579 :
2580 1 : libspdm_reset_message_a(spdm_context);
2581 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2582 1 : if (!libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2583 : m_libspdm_use_req_asym_algo, &data2,
2584 : &data_size2, NULL, NULL)) {
2585 0 : return;
2586 : }
2587 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2588 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2589 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2590 : data2, data_size2);
2591 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2592 : #else
2593 1 : libspdm_hash_all(
2594 : spdm_context->connection_info.algorithm.base_hash_algo,
2595 : data2, data_size2,
2596 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2597 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2598 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2599 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2600 : spdm_context->connection_info.algorithm.base_hash_algo,
2601 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2602 : data2,
2603 : data_size2,
2604 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2605 : #endif
2606 :
2607 1 : session_id = 0xFFFFFFFF;
2608 1 : spdm_context->latest_session_id = session_id;
2609 1 : session_info = &spdm_context->session_info[0];
2610 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2611 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2612 1 : session_info->peer_used_cert_chain_slot_id = 0;
2613 1 : session_info->local_used_cert_chain_slot_id = 0;
2614 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2615 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2616 1 : libspdm_secured_message_set_request_finished_key(
2617 : session_info->secured_message_context, m_dummy_buffer,
2618 : hash_size);
2619 1 : libspdm_secured_message_set_session_state(
2620 : session_info->secured_message_context,
2621 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2622 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2623 :
2624 1 : spdm_context->connection_info.capability.flags |=
2625 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2626 1 : spdm_context->local_context.capability.flags |=
2627 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2628 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2629 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2630 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2631 1 : ptr = m_libspdm_finish_request7.signature;
2632 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2633 1 : cert_buffer = (uint8_t*)data1;
2634 1 : cert_buffer_size = data_size1;
2635 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2636 1 : cert_buffer = (uint8_t*)data2;
2637 1 : cert_buffer_size = data_size2;
2638 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2639 : /* transcript.message_a size is 0*/
2640 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2641 : /* session_transcript.message_k is 0*/
2642 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2643 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
2644 : sizeof(spdm_finish_request_t));
2645 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2646 1 : libspdm_requester_data_sign(
2647 : spdm_context,
2648 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2649 : 0, SPDM_FINISH,
2650 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2651 1 : false, libspdm_get_managed_buffer(&th_curr),
2652 : libspdm_get_managed_buffer_size(&th_curr),
2653 : ptr, &req_asym_signature_size);
2654 : #endif
2655 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2656 1 : ptr += req_asym_signature_size;
2657 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2658 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2659 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2660 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2661 : request_finished_key, hash_size, ptr);
2662 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2663 1 : req_asym_signature_size + hmac_size;
2664 1 : response_size = sizeof(response);
2665 1 : status = libspdm_get_response_finish(spdm_context,
2666 : m_libspdm_finish_request7_size,
2667 : &m_libspdm_finish_request7,
2668 : &response_size, response);
2669 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2670 1 : spdm_response = (void*)response;
2671 :
2672 : /* Expecting failure on little-endian signature */
2673 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
2674 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2675 :
2676 1 : g_key_exchange_start_mut_auth = 0;
2677 1 : free(data1);
2678 1 : free(data2);
2679 : }
2680 :
2681 : /**
2682 : * Test 24: Same as test case 22 but test signature endianness.
2683 : * Big-Endian Sign. Big-Endian Verify.
2684 : * Expecting signature to PASS.
2685 : **/
2686 1 : void rsp_finish_rsp_case24(void** state)
2687 : {
2688 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2689 : libspdm_return_t status;
2690 : libspdm_test_context_t* spdm_test_context;
2691 : libspdm_context_t* spdm_context;
2692 : size_t response_size;
2693 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2694 : spdm_finish_response_t* spdm_response;
2695 : void* data1;
2696 : size_t data_size1;
2697 : void* data2;
2698 : size_t data_size2;
2699 : uint8_t* ptr;
2700 : uint8_t* cert_buffer;
2701 : size_t cert_buffer_size;
2702 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2703 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2704 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2705 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2706 : libspdm_session_info_t* session_info;
2707 : uint32_t session_id;
2708 : uint32_t hash_size;
2709 : uint32_t hmac_size;
2710 : size_t req_asym_signature_size;
2711 :
2712 1 : spdm_test_context = *state;
2713 1 : spdm_context = spdm_test_context->spdm_context;
2714 1 : spdm_test_context->case_id = 24;
2715 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2716 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2717 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2718 1 : spdm_context->connection_info.capability.flags |=
2719 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2720 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2721 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2722 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2723 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
2724 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2725 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2726 : m_libspdm_use_measurement_hash_algo;
2727 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2728 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2729 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2730 : m_libspdm_use_asym_algo, &data1,
2731 : &data_size1, NULL, NULL)) {
2732 0 : return;
2733 : }
2734 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2735 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2736 1 : spdm_context->spdm_10_11_verify_signature_endian =
2737 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
2738 :
2739 1 : libspdm_reset_message_a(spdm_context);
2740 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2741 1 : if (!libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2742 : m_libspdm_use_req_asym_algo, &data2,
2743 : &data_size2, NULL, NULL)) {
2744 0 : return;
2745 : }
2746 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2747 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2748 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2749 : data2, data_size2);
2750 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2751 : #else
2752 1 : libspdm_hash_all(
2753 : spdm_context->connection_info.algorithm.base_hash_algo,
2754 : data2, data_size2,
2755 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2756 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2757 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2758 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2759 : spdm_context->connection_info.algorithm.base_hash_algo,
2760 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2761 : data2,
2762 : data_size2,
2763 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2764 : #endif
2765 :
2766 1 : session_id = 0xFFFFFFFF;
2767 1 : spdm_context->latest_session_id = session_id;
2768 1 : session_info = &spdm_context->session_info[0];
2769 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2770 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2771 1 : session_info->peer_used_cert_chain_slot_id = 0;
2772 1 : session_info->local_used_cert_chain_slot_id = 0;
2773 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2774 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2775 1 : libspdm_secured_message_set_request_finished_key(
2776 : session_info->secured_message_context, m_dummy_buffer,
2777 : hash_size);
2778 1 : libspdm_secured_message_set_session_state(
2779 : session_info->secured_message_context,
2780 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2781 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2782 :
2783 1 : spdm_context->connection_info.capability.flags |=
2784 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2785 1 : spdm_context->local_context.capability.flags |=
2786 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2787 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2788 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2789 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2790 1 : ptr = m_libspdm_finish_request7.signature;
2791 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2792 1 : cert_buffer = (uint8_t*)data1;
2793 1 : cert_buffer_size = data_size1;
2794 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2795 1 : cert_buffer = (uint8_t*)data2;
2796 1 : cert_buffer_size = data_size2;
2797 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2798 : /* transcript.message_a size is 0*/
2799 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2800 : /* session_transcript.message_k is 0*/
2801 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2802 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
2803 : sizeof(spdm_finish_request_t));
2804 :
2805 1 : libspdm_requester_data_sign(
2806 : spdm_context,
2807 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2808 : 0, SPDM_FINISH,
2809 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2810 1 : false, libspdm_get_managed_buffer(&th_curr),
2811 : libspdm_get_managed_buffer_size(&th_curr),
2812 : ptr, &req_asym_signature_size);
2813 :
2814 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2815 1 : ptr += req_asym_signature_size;
2816 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2817 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2818 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2819 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2820 : request_finished_key, hash_size, ptr);
2821 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2822 1 : req_asym_signature_size + hmac_size;
2823 1 : response_size = sizeof(response);
2824 1 : status = libspdm_get_response_finish(spdm_context,
2825 : m_libspdm_finish_request7_size,
2826 : &m_libspdm_finish_request7,
2827 : &response_size, response);
2828 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2829 1 : spdm_response = (void*)response;
2830 :
2831 : /* Expecting pass on big-endian signature */
2832 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
2833 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
2834 :
2835 1 : g_key_exchange_start_mut_auth = 0;
2836 1 : free(data1);
2837 1 : free(data2);
2838 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
2839 : }
2840 :
2841 : /**
2842 : * Test 25: Same as test case 22, but test signature endianness.
2843 : * Big Endian Sign. Big or Little Endian Verify.
2844 : * Expecting signature to PASS.
2845 : **/
2846 1 : void rsp_finish_rsp_case25(void** state)
2847 : {
2848 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2849 : libspdm_return_t status;
2850 : libspdm_test_context_t* spdm_test_context;
2851 : libspdm_context_t* spdm_context;
2852 : size_t response_size;
2853 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2854 : spdm_finish_response_t* spdm_response;
2855 : void* data1;
2856 : size_t data_size1;
2857 : void* data2;
2858 : size_t data_size2;
2859 : uint8_t* ptr;
2860 : uint8_t* cert_buffer;
2861 : size_t cert_buffer_size;
2862 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2863 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2864 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2865 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2866 : libspdm_session_info_t* session_info;
2867 : uint32_t session_id;
2868 : uint32_t hash_size;
2869 : uint32_t hmac_size;
2870 : size_t req_asym_signature_size;
2871 :
2872 1 : spdm_test_context = *state;
2873 1 : spdm_context = spdm_test_context->spdm_context;
2874 1 : spdm_test_context->case_id = 25;
2875 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2876 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2877 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2878 1 : spdm_context->connection_info.capability.flags |=
2879 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2880 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2881 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2882 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2883 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
2884 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2885 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2886 : m_libspdm_use_measurement_hash_algo;
2887 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2888 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2889 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2890 : m_libspdm_use_asym_algo, &data1,
2891 : &data_size1, NULL, NULL)) {
2892 0 : return;
2893 : }
2894 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2895 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2896 1 : spdm_context->spdm_10_11_verify_signature_endian =
2897 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
2898 :
2899 1 : libspdm_reset_message_a(spdm_context);
2900 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2901 1 : if (!libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2902 : m_libspdm_use_req_asym_algo, &data2,
2903 : &data_size2, NULL, NULL)) {
2904 0 : return;
2905 : }
2906 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2907 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2908 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2909 : data2, data_size2);
2910 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2911 : #else
2912 1 : libspdm_hash_all(
2913 : spdm_context->connection_info.algorithm.base_hash_algo,
2914 : data2, data_size2,
2915 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2916 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2917 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2918 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2919 : spdm_context->connection_info.algorithm.base_hash_algo,
2920 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2921 : data2,
2922 : data_size2,
2923 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2924 : #endif
2925 :
2926 1 : session_id = 0xFFFFFFFF;
2927 1 : spdm_context->latest_session_id = session_id;
2928 1 : session_info = &spdm_context->session_info[0];
2929 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2930 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2931 1 : session_info->peer_used_cert_chain_slot_id = 0;
2932 1 : session_info->local_used_cert_chain_slot_id = 0;
2933 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2934 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2935 1 : libspdm_secured_message_set_request_finished_key(
2936 : session_info->secured_message_context, m_dummy_buffer,
2937 : hash_size);
2938 1 : libspdm_secured_message_set_session_state(
2939 : session_info->secured_message_context,
2940 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2941 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2942 :
2943 1 : spdm_context->connection_info.capability.flags |=
2944 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2945 1 : spdm_context->local_context.capability.flags |=
2946 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2947 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2948 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2949 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2950 1 : ptr = m_libspdm_finish_request7.signature;
2951 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2952 1 : cert_buffer = (uint8_t*)data1;
2953 1 : cert_buffer_size = data_size1;
2954 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2955 1 : cert_buffer = (uint8_t*)data2;
2956 1 : cert_buffer_size = data_size2;
2957 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2958 : /* transcript.message_a size is 0*/
2959 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2960 : /* session_transcript.message_k is 0*/
2961 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2962 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
2963 : sizeof(spdm_finish_request_t));
2964 :
2965 1 : libspdm_requester_data_sign(
2966 : spdm_context,
2967 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2968 : 0, SPDM_FINISH,
2969 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2970 1 : false, libspdm_get_managed_buffer(&th_curr),
2971 : libspdm_get_managed_buffer_size(&th_curr),
2972 : ptr, &req_asym_signature_size);
2973 :
2974 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2975 1 : ptr += req_asym_signature_size;
2976 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2977 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2978 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2979 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2980 : request_finished_key, hash_size, ptr);
2981 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2982 1 : req_asym_signature_size + hmac_size;
2983 1 : response_size = sizeof(response);
2984 1 : status = libspdm_get_response_finish(spdm_context,
2985 : m_libspdm_finish_request7_size,
2986 : &m_libspdm_finish_request7,
2987 : &response_size, response);
2988 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2989 1 : spdm_response = (void*)response;
2990 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
2991 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
2992 :
2993 1 : g_key_exchange_start_mut_auth = 0;
2994 1 : free(data1);
2995 1 : free(data2);
2996 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
2997 : }
2998 :
2999 : /**
3000 : * Test 26: Same as test case 22, but test endian verification.
3001 : * Sign as Little Endian, Verify as Little.
3002 : * Expecting signature to PASS.
3003 : **/
3004 1 : void rsp_finish_rsp_case26(void** state)
3005 : {
3006 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3007 : libspdm_return_t status;
3008 : libspdm_test_context_t* spdm_test_context;
3009 : libspdm_context_t* spdm_context;
3010 : size_t response_size;
3011 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3012 : spdm_finish_response_t* spdm_response;
3013 : void* data1;
3014 : size_t data_size1;
3015 : void* data2;
3016 : size_t data_size2;
3017 : uint8_t* ptr;
3018 : uint8_t* cert_buffer;
3019 : size_t cert_buffer_size;
3020 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3021 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3022 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3023 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3024 : libspdm_session_info_t* session_info;
3025 : uint32_t session_id;
3026 : uint32_t hash_size;
3027 : uint32_t hmac_size;
3028 : size_t req_asym_signature_size;
3029 :
3030 1 : spdm_test_context = *state;
3031 1 : spdm_context = spdm_test_context->spdm_context;
3032 1 : spdm_test_context->case_id = 26;
3033 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3034 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3035 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3036 1 : spdm_context->connection_info.capability.flags |=
3037 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3038 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3039 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
3040 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
3041 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
3042 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
3043 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3044 : m_libspdm_use_measurement_hash_algo;
3045 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
3046 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
3047 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3048 : m_libspdm_use_asym_algo, &data1,
3049 : &data_size1, NULL, NULL)) {
3050 0 : return;
3051 : }
3052 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3053 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
3054 1 : spdm_context->spdm_10_11_verify_signature_endian =
3055 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
3056 :
3057 1 : libspdm_reset_message_a(spdm_context);
3058 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3059 1 : if (!libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3060 : m_libspdm_use_req_asym_algo, &data2,
3061 : &data_size2, NULL, NULL)) {
3062 0 : return;
3063 : }
3064 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3065 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3066 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3067 : data2, data_size2);
3068 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
3069 : #else
3070 1 : libspdm_hash_all(
3071 : spdm_context->connection_info.algorithm.base_hash_algo,
3072 : data2, data_size2,
3073 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3074 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3075 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3076 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3077 : spdm_context->connection_info.algorithm.base_hash_algo,
3078 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3079 : data2,
3080 : data_size2,
3081 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3082 : #endif
3083 :
3084 1 : session_id = 0xFFFFFFFF;
3085 1 : spdm_context->latest_session_id = session_id;
3086 1 : session_info = &spdm_context->session_info[0];
3087 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3088 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3089 1 : session_info->peer_used_cert_chain_slot_id = 0;
3090 1 : session_info->local_used_cert_chain_slot_id = 0;
3091 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3092 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3093 1 : libspdm_secured_message_set_request_finished_key(
3094 : session_info->secured_message_context, m_dummy_buffer,
3095 : hash_size);
3096 1 : libspdm_secured_message_set_session_state(
3097 : session_info->secured_message_context,
3098 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3099 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3100 :
3101 1 : spdm_context->connection_info.capability.flags |=
3102 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3103 1 : spdm_context->local_context.capability.flags |=
3104 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3105 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3106 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3107 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3108 1 : ptr = m_libspdm_finish_request7.signature;
3109 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3110 1 : cert_buffer = (uint8_t*)data1;
3111 1 : cert_buffer_size = data_size1;
3112 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
3113 1 : cert_buffer = (uint8_t*)data2;
3114 1 : cert_buffer_size = data_size2;
3115 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
3116 : /* transcript.message_a size is 0*/
3117 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3118 : /* session_transcript.message_k is 0*/
3119 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3120 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3121 : sizeof(spdm_finish_request_t));
3122 :
3123 1 : libspdm_requester_data_sign(
3124 : spdm_context,
3125 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
3126 : 0, SPDM_FINISH,
3127 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3128 1 : false, libspdm_get_managed_buffer(&th_curr),
3129 : libspdm_get_managed_buffer_size(&th_curr),
3130 : ptr, &req_asym_signature_size);
3131 :
3132 : /* Switch signature to little endian */
3133 1 : libspdm_copy_signature_swap_endian(
3134 : m_libspdm_use_req_asym_algo,
3135 : ptr, req_asym_signature_size,
3136 : ptr, req_asym_signature_size);
3137 :
3138 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3139 1 : ptr += req_asym_signature_size;
3140 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3141 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3142 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3143 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3144 : request_finished_key, hash_size, ptr);
3145 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3146 1 : req_asym_signature_size + hmac_size;
3147 1 : response_size = sizeof(response);
3148 1 : status = libspdm_get_response_finish(spdm_context,
3149 : m_libspdm_finish_request7_size,
3150 : &m_libspdm_finish_request7,
3151 : &response_size, response);
3152 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3153 1 : spdm_response = (void*)response;
3154 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3155 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3156 :
3157 1 : g_key_exchange_start_mut_auth = 0;
3158 1 : free(data1);
3159 1 : free(data2);
3160 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3161 : }
3162 :
3163 : /**
3164 : * Test 27: Same as test case 22, but test endian verification.
3165 : * Sign as Little Endian, Verify as Big.
3166 : * Expecting signature to FAIL.
3167 : **/
3168 1 : void rsp_finish_rsp_case27(void** state)
3169 : {
3170 : libspdm_return_t status;
3171 : libspdm_test_context_t* spdm_test_context;
3172 : libspdm_context_t* spdm_context;
3173 : size_t response_size;
3174 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3175 : spdm_finish_response_t* spdm_response;
3176 : void* data1;
3177 : size_t data_size1;
3178 : void* data2;
3179 : size_t data_size2;
3180 : uint8_t* ptr;
3181 : uint8_t* cert_buffer;
3182 : size_t cert_buffer_size;
3183 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3184 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3185 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3186 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3187 : libspdm_session_info_t* session_info;
3188 : uint32_t session_id;
3189 : uint32_t hash_size;
3190 : uint32_t hmac_size;
3191 : size_t req_asym_signature_size;
3192 :
3193 1 : spdm_test_context = *state;
3194 1 : spdm_context = spdm_test_context->spdm_context;
3195 1 : spdm_test_context->case_id = 27;
3196 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3197 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3198 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3199 1 : spdm_context->connection_info.capability.flags |=
3200 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3201 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3202 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
3203 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
3204 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
3205 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
3206 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3207 : m_libspdm_use_measurement_hash_algo;
3208 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
3209 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
3210 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3211 : m_libspdm_use_asym_algo, &data1,
3212 : &data_size1, NULL, NULL)) {
3213 0 : return;
3214 : }
3215 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3216 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
3217 1 : spdm_context->spdm_10_11_verify_signature_endian =
3218 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
3219 :
3220 1 : libspdm_reset_message_a(spdm_context);
3221 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3222 1 : if (!libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3223 : m_libspdm_use_req_asym_algo, &data2,
3224 : &data_size2, NULL, NULL)) {
3225 0 : return;
3226 : }
3227 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3228 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3229 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3230 : data2, data_size2);
3231 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
3232 : #else
3233 1 : libspdm_hash_all(
3234 : spdm_context->connection_info.algorithm.base_hash_algo,
3235 : data2, data_size2,
3236 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3237 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3238 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3239 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3240 : spdm_context->connection_info.algorithm.base_hash_algo,
3241 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3242 : data2,
3243 : data_size2,
3244 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3245 : #endif
3246 :
3247 1 : session_id = 0xFFFFFFFF;
3248 1 : spdm_context->latest_session_id = session_id;
3249 1 : session_info = &spdm_context->session_info[0];
3250 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3251 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3252 1 : session_info->peer_used_cert_chain_slot_id = 0;
3253 1 : session_info->local_used_cert_chain_slot_id = 0;
3254 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3255 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3256 1 : libspdm_secured_message_set_request_finished_key(
3257 : session_info->secured_message_context, m_dummy_buffer,
3258 : hash_size);
3259 1 : libspdm_secured_message_set_session_state(
3260 : session_info->secured_message_context,
3261 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3262 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3263 :
3264 1 : spdm_context->connection_info.capability.flags |=
3265 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3266 1 : spdm_context->local_context.capability.flags |=
3267 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3268 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3269 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3270 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3271 1 : ptr = m_libspdm_finish_request7.signature;
3272 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3273 1 : cert_buffer = (uint8_t*)data1;
3274 1 : cert_buffer_size = data_size1;
3275 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
3276 1 : cert_buffer = (uint8_t*)data2;
3277 1 : cert_buffer_size = data_size2;
3278 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
3279 : /* transcript.message_a size is 0*/
3280 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3281 : /* session_transcript.message_k is 0*/
3282 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3283 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3284 : sizeof(spdm_finish_request_t));
3285 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3286 1 : libspdm_requester_data_sign(
3287 : spdm_context,
3288 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
3289 : 0, SPDM_FINISH,
3290 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3291 1 : false, libspdm_get_managed_buffer(&th_curr),
3292 : libspdm_get_managed_buffer_size(&th_curr),
3293 : ptr, &req_asym_signature_size);
3294 :
3295 : /* Switch signature to little endian */
3296 1 : libspdm_copy_signature_swap_endian(
3297 : m_libspdm_use_req_asym_algo,
3298 : ptr, req_asym_signature_size,
3299 : ptr, req_asym_signature_size);
3300 : #endif
3301 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3302 1 : ptr += req_asym_signature_size;
3303 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3304 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3305 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3306 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3307 : request_finished_key, hash_size, ptr);
3308 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3309 1 : req_asym_signature_size + hmac_size;
3310 1 : response_size = sizeof(response);
3311 1 : status = libspdm_get_response_finish(spdm_context,
3312 : m_libspdm_finish_request7_size,
3313 : &m_libspdm_finish_request7,
3314 : &response_size, response);
3315 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3316 1 : spdm_response = (void*)response;
3317 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
3318 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
3319 :
3320 1 : g_key_exchange_start_mut_auth = 0;
3321 1 : free(data1);
3322 1 : free(data2);
3323 : }
3324 :
3325 : /**
3326 : * Test 28: Same as test case 22, but test endian verification.
3327 : * Sign as Little Endian, Verify as Big Or Little.
3328 : * Expecting signature to PASS.
3329 : **/
3330 1 : void rsp_finish_rsp_case28(void** state)
3331 : {
3332 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3333 : libspdm_return_t status;
3334 : libspdm_test_context_t* spdm_test_context;
3335 : libspdm_context_t* spdm_context;
3336 : size_t response_size;
3337 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3338 : spdm_finish_response_t* spdm_response;
3339 : void* data1;
3340 : size_t data_size1;
3341 : void* data2;
3342 : size_t data_size2;
3343 : uint8_t* ptr;
3344 : uint8_t* cert_buffer;
3345 : size_t cert_buffer_size;
3346 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3347 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3348 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3349 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3350 : libspdm_session_info_t* session_info;
3351 : uint32_t session_id;
3352 : uint32_t hash_size;
3353 : uint32_t hmac_size;
3354 : size_t req_asym_signature_size;
3355 :
3356 1 : spdm_test_context = *state;
3357 1 : spdm_context = spdm_test_context->spdm_context;
3358 1 : spdm_test_context->case_id = 28;
3359 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3360 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3361 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3362 1 : spdm_context->connection_info.capability.flags |=
3363 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3364 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3365 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
3366 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
3367 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
3368 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
3369 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3370 : m_libspdm_use_measurement_hash_algo;
3371 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
3372 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
3373 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3374 : m_libspdm_use_asym_algo, &data1,
3375 : &data_size1, NULL, NULL)) {
3376 0 : return;
3377 : }
3378 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3379 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
3380 1 : spdm_context->spdm_10_11_verify_signature_endian =
3381 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
3382 :
3383 1 : libspdm_reset_message_a(spdm_context);
3384 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3385 1 : if (!libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3386 : m_libspdm_use_req_asym_algo, &data2,
3387 : &data_size2, NULL, NULL)) {
3388 0 : return;
3389 : }
3390 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3391 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3392 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3393 : data2, data_size2);
3394 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
3395 : #else
3396 1 : libspdm_hash_all(
3397 : spdm_context->connection_info.algorithm.base_hash_algo,
3398 : data2, data_size2,
3399 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3400 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3401 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3402 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3403 : spdm_context->connection_info.algorithm.base_hash_algo,
3404 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3405 : data2,
3406 : data_size2,
3407 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3408 : #endif
3409 :
3410 1 : session_id = 0xFFFFFFFF;
3411 1 : spdm_context->latest_session_id = session_id;
3412 1 : session_info = &spdm_context->session_info[0];
3413 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3414 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3415 1 : session_info->peer_used_cert_chain_slot_id = 0;
3416 1 : session_info->local_used_cert_chain_slot_id = 0;
3417 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3418 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3419 1 : libspdm_secured_message_set_request_finished_key(
3420 : session_info->secured_message_context, m_dummy_buffer,
3421 : hash_size);
3422 1 : libspdm_secured_message_set_session_state(
3423 : session_info->secured_message_context,
3424 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3425 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3426 :
3427 1 : spdm_context->connection_info.capability.flags |=
3428 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3429 1 : spdm_context->local_context.capability.flags |=
3430 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3431 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3432 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3433 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3434 1 : ptr = m_libspdm_finish_request7.signature;
3435 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3436 1 : cert_buffer = (uint8_t*)data1;
3437 1 : cert_buffer_size = data_size1;
3438 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
3439 1 : cert_buffer = (uint8_t*)data2;
3440 1 : cert_buffer_size = data_size2;
3441 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
3442 : /* transcript.message_a size is 0*/
3443 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3444 : /* session_transcript.message_k is 0*/
3445 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3446 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3447 : sizeof(spdm_finish_request_t));
3448 :
3449 1 : libspdm_requester_data_sign(
3450 : spdm_context,
3451 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
3452 : 0, SPDM_FINISH,
3453 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3454 1 : false, libspdm_get_managed_buffer(&th_curr),
3455 : libspdm_get_managed_buffer_size(&th_curr),
3456 : ptr, &req_asym_signature_size);
3457 :
3458 : /* Switch signature to little endian */
3459 1 : libspdm_copy_signature_swap_endian(
3460 : m_libspdm_use_req_asym_algo,
3461 : ptr, req_asym_signature_size,
3462 : ptr, req_asym_signature_size);
3463 :
3464 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3465 1 : ptr += req_asym_signature_size;
3466 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3467 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3468 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3469 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3470 : request_finished_key, hash_size, ptr);
3471 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3472 1 : req_asym_signature_size + hmac_size;
3473 1 : response_size = sizeof(response);
3474 1 : status = libspdm_get_response_finish(spdm_context,
3475 : m_libspdm_finish_request7_size,
3476 : &m_libspdm_finish_request7,
3477 : &response_size, response);
3478 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3479 1 : spdm_response = (void*)response;
3480 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3481 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3482 :
3483 1 : g_key_exchange_start_mut_auth = 0;
3484 1 : free(data1);
3485 1 : free(data2);
3486 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3487 : }
3488 :
3489 : /**
3490 : * Test 29: Receive the correct FINISH from the requester, and
3491 : * the requester and responder have not set HANDSHAKE_IN_THE_CLEAR.
3492 : * Expected behavior: the responder accepts the request and produces a valid
3493 : * FINISH_RSP response message, and The ResponderVerifyData field is absent.
3494 : **/
3495 1 : void rsp_finish_rsp_case29(void **state)
3496 : {
3497 : libspdm_return_t status;
3498 : libspdm_test_context_t *spdm_test_context;
3499 : libspdm_context_t *spdm_context;
3500 : size_t response_size;
3501 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3502 : spdm_finish_response_t *spdm_response;
3503 : void *data1;
3504 : size_t data_size1;
3505 : uint8_t *ptr;
3506 : uint8_t *cert_buffer;
3507 : size_t cert_buffer_size;
3508 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3509 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3510 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3511 : libspdm_session_info_t *session_info;
3512 : uint32_t session_id;
3513 : uint32_t hash_size;
3514 : uint32_t hmac_size;
3515 :
3516 1 : spdm_test_context = *state;
3517 1 : spdm_context = spdm_test_context->spdm_context;
3518 1 : spdm_test_context->case_id = 29;
3519 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3520 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3521 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3522 1 : spdm_context->connection_info.capability.flags |=
3523 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3524 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3525 :
3526 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
3527 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
3528 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
3529 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3530 : m_libspdm_use_measurement_hash_algo;
3531 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
3532 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
3533 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3534 : m_libspdm_use_asym_algo, &data1,
3535 : &data_size1, NULL, NULL)) {
3536 0 : return;
3537 : }
3538 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3539 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
3540 :
3541 1 : libspdm_reset_message_a(spdm_context);
3542 :
3543 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3544 1 : spdm_context->connection_info.capability.flags &=
3545 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3546 1 : spdm_context->local_context.capability.flags &=
3547 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3548 :
3549 1 : session_id = 0xFFFFFFFF;
3550 1 : spdm_context->latest_session_id = session_id;
3551 1 : spdm_context->last_spdm_request_session_id_valid = true;
3552 1 : spdm_context->last_spdm_request_session_id = session_id;
3553 1 : session_info = &spdm_context->session_info[0];
3554 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3555 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3556 1 : session_info->local_used_cert_chain_slot_id = 0;
3557 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3558 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3559 :
3560 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3561 1 : libspdm_secured_message_set_request_finished_key(
3562 : session_info->secured_message_context, m_dummy_buffer,
3563 : hash_size);
3564 1 : libspdm_secured_message_set_session_state(
3565 : session_info->secured_message_context,
3566 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3567 :
3568 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3569 1 : ptr = m_libspdm_finish_request1.signature;
3570 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3571 1 : cert_buffer = (uint8_t *)data1;
3572 1 : cert_buffer_size = data_size1;
3573 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
3574 : /* transcript.message_a size is 0*/
3575 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3576 : /* session_transcript.message_k is 0*/
3577 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
3578 : sizeof(spdm_finish_request_t));
3579 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3580 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3581 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3582 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3583 : request_finished_key, hash_size, ptr);
3584 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
3585 1 : response_size = sizeof(response);
3586 1 : status = libspdm_get_response_finish(spdm_context,
3587 : m_libspdm_finish_request1_size,
3588 : &m_libspdm_finish_request1,
3589 : &response_size, response);
3590 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3591 : /* The ResponderVerifyData field shall be absent.*/
3592 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t));
3593 1 : spdm_response = (void *)response;
3594 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3595 1 : free(data1);
3596 : }
3597 :
3598 : /**
3599 : * Test 30: SPDM version 1.4, with OpaqueData.
3600 : * Expected behavior: the responder accepts the request and produces a valid
3601 : * FINISH_RSP response message.
3602 : **/
3603 1 : void rsp_finish_rsp_case30(void **state)
3604 : {
3605 : libspdm_return_t status;
3606 : libspdm_test_context_t *spdm_test_context;
3607 : libspdm_context_t *spdm_context;
3608 : size_t response_size;
3609 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3610 : spdm_finish_response_t *spdm_response;
3611 : void *data1;
3612 : size_t data_size1;
3613 : uint8_t *ptr;
3614 : uint8_t *cert_buffer;
3615 : size_t cert_buffer_size;
3616 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3617 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3618 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3619 : libspdm_session_info_t *session_info;
3620 : uint32_t session_id;
3621 : uint32_t hash_size;
3622 : uint32_t hmac_size;
3623 :
3624 1 : spdm_test_context = *state;
3625 1 : spdm_context = spdm_test_context->spdm_context;
3626 1 : spdm_test_context->case_id = 30;
3627 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
3628 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3629 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3630 1 : spdm_context->connection_info.capability.flags |=
3631 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3632 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3633 :
3634 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
3635 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
3636 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
3637 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3638 : m_libspdm_use_measurement_hash_algo;
3639 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
3640 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
3641 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3642 : m_libspdm_use_asym_algo, &data1,
3643 : &data_size1, NULL, NULL)) {
3644 0 : return;
3645 : }
3646 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3647 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
3648 :
3649 1 : libspdm_reset_message_a(spdm_context);
3650 :
3651 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3652 1 : spdm_context->connection_info.capability.flags &=
3653 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3654 1 : spdm_context->local_context.capability.flags &=
3655 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3656 :
3657 1 : session_id = 0xFFFFFFFF;
3658 1 : spdm_context->latest_session_id = session_id;
3659 1 : spdm_context->last_spdm_request_session_id_valid = true;
3660 1 : spdm_context->last_spdm_request_session_id = session_id;
3661 1 : session_info = &spdm_context->session_info[0];
3662 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3663 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3664 :
3665 1 : session_info->local_used_cert_chain_slot_id = 0;
3666 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3667 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3668 :
3669 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3670 1 : libspdm_secured_message_set_request_finished_key(
3671 : session_info->secured_message_context, m_dummy_buffer,
3672 : hash_size);
3673 1 : libspdm_secured_message_set_session_state(
3674 : session_info->secured_message_context,
3675 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3676 :
3677 1 : m_libspdm_finish_request8.opaque_data_size = sizeof(m_libspdm_finish_request8.opaque_data);
3678 :
3679 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3680 1 : ptr = m_libspdm_finish_request8.signature;
3681 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3682 1 : cert_buffer = (uint8_t *)data1;
3683 1 : cert_buffer_size = data_size1;
3684 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
3685 : /* transcript.message_a size is 0*/
3686 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3687 : /* session_transcript.message_k is 0*/
3688 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request8,
3689 : sizeof(spdm_finish_request_t) + sizeof(uint16_t) +
3690 1 : m_libspdm_finish_request8.opaque_data_size);
3691 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3692 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3693 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3694 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3695 : request_finished_key, hash_size, ptr);
3696 1 : m_libspdm_finish_request8_size = sizeof(spdm_finish_request_t) + hmac_size +
3697 1 : sizeof(uint16_t) + m_libspdm_finish_request8.opaque_data_size;
3698 1 : response_size = sizeof(response);
3699 1 : status = libspdm_get_response_finish(spdm_context,
3700 : m_libspdm_finish_request8_size,
3701 : &m_libspdm_finish_request8,
3702 : &response_size, response);
3703 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3704 : /* The ResponderVerifyData field shall be absent.*/
3705 1 : ptr = (uint8_t *)response + sizeof(spdm_finish_response_t);
3706 1 : assert_int_equal(response_size,
3707 : sizeof(spdm_finish_response_t) + sizeof(uint16_t) +
3708 : libspdm_read_uint16(ptr));
3709 1 : spdm_response = (void *)response;
3710 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3711 1 : free(data1);
3712 : }
3713 :
3714 : /**
3715 : * Test 31: SPDM version 1.4, with OpaqueData.
3716 : * Expected behavior: the responder accepts the request and produces a valid
3717 : * FINISH_RSP response message with integrator defined opaque data in the response.
3718 : **/
3719 1 : void rsp_finish_rsp_case31(void **state)
3720 : {
3721 : libspdm_return_t status;
3722 : libspdm_test_context_t *spdm_test_context;
3723 : libspdm_context_t *spdm_context;
3724 : size_t response_size;
3725 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3726 : spdm_finish_response_t *spdm_response;
3727 : void *data1;
3728 : size_t data_size1;
3729 : uint8_t *ptr;
3730 : uint8_t *cert_buffer;
3731 : size_t cert_buffer_size;
3732 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3733 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3734 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3735 : libspdm_session_info_t *session_info;
3736 : uint32_t session_id;
3737 : uint32_t hash_size;
3738 : uint32_t hmac_size;
3739 :
3740 1 : spdm_test_context = *state;
3741 1 : spdm_context = spdm_test_context->spdm_context;
3742 1 : spdm_test_context->case_id = 31;
3743 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
3744 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3745 1 : spdm_context->connection_info.connection_state =
3746 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3747 1 : spdm_context->connection_info.capability.flags |=
3748 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3749 1 : spdm_context->local_context.capability.flags |=
3750 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3751 :
3752 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3753 : m_libspdm_use_hash_algo;
3754 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3755 : m_libspdm_use_asym_algo;
3756 1 : spdm_context->connection_info.algorithm.measurement_spec =
3757 : m_libspdm_use_measurement_spec;
3758 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3759 : m_libspdm_use_measurement_hash_algo;
3760 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3761 : m_libspdm_use_dhe_algo;
3762 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3763 : m_libspdm_use_aead_algo;
3764 1 : spdm_context->connection_info.algorithm.other_params_support =
3765 : SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1;
3766 1 : g_generate_finish_opaque_data = true;
3767 1 : libspdm_secret_lib_finish_opaque_data_size = 8;
3768 :
3769 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3770 : m_libspdm_use_asym_algo, &data1,
3771 : &data_size1, NULL, NULL)) {
3772 0 : return;
3773 : }
3774 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3775 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3776 : data_size1;
3777 :
3778 1 : libspdm_reset_message_a(spdm_context);
3779 :
3780 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3781 1 : spdm_context->connection_info.capability.flags &=
3782 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3783 1 : spdm_context->local_context.capability.flags &=
3784 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3785 :
3786 1 : session_id = 0xFFFFFFFF;
3787 1 : spdm_context->latest_session_id = session_id;
3788 1 : spdm_context->last_spdm_request_session_id_valid = true;
3789 1 : spdm_context->last_spdm_request_session_id = session_id;
3790 1 : session_info = &spdm_context->session_info[0];
3791 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3792 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3793 :
3794 1 : session_info->local_used_cert_chain_slot_id = 0;
3795 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3796 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3797 :
3798 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3799 1 : libspdm_secured_message_set_request_finished_key(
3800 : session_info->secured_message_context, m_dummy_buffer,
3801 : hash_size);
3802 1 : libspdm_secured_message_set_session_state(
3803 : session_info->secured_message_context,
3804 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3805 :
3806 1 : m_libspdm_finish_request8.opaque_data_size = sizeof(m_libspdm_finish_request8.opaque_data);
3807 :
3808 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3809 1 : ptr = m_libspdm_finish_request8.signature;
3810 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3811 1 : cert_buffer = (uint8_t *)data1;
3812 1 : cert_buffer_size = data_size1;
3813 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3814 : cert_buffer_hash);
3815 : /* transcript.message_a size is 0*/
3816 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3817 : /* session_transcript.message_k is 0*/
3818 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request8,
3819 : sizeof(spdm_finish_request_t) + sizeof(uint16_t) +
3820 1 : m_libspdm_finish_request8.opaque_data_size);
3821 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3822 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3823 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3824 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3825 : request_finished_key, hash_size, ptr);
3826 1 : m_libspdm_finish_request8_size = sizeof(spdm_finish_request_t) + hmac_size +
3827 1 : sizeof(uint16_t) + m_libspdm_finish_request8.opaque_data_size;
3828 1 : response_size = sizeof(response);
3829 1 : status = libspdm_get_response_finish(spdm_context,
3830 : m_libspdm_finish_request8_size,
3831 : &m_libspdm_finish_request8,
3832 : &response_size, response);
3833 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3834 : /* The ResponderVerifyData field shall be absent.*/
3835 1 : ptr = (uint8_t *)response + sizeof(spdm_finish_response_t);
3836 1 : assert_int_equal(libspdm_read_uint16(ptr),
3837 : libspdm_secret_lib_finish_opaque_data_size);
3838 1 : assert_int_equal(response_size,
3839 : sizeof(spdm_finish_response_t) + sizeof(uint16_t) +
3840 : libspdm_read_uint16(ptr));
3841 1 : spdm_response = (void *)response;
3842 1 : assert_int_equal(spdm_response->header.request_response_code,
3843 : SPDM_FINISH_RSP);
3844 1 : g_generate_finish_opaque_data = false;
3845 1 : free(data1);
3846 : }
3847 :
3848 1 : int libspdm_rsp_finish_test(void)
3849 : {
3850 1 : const struct CMUnitTest test_cases[] = {
3851 : /* Success Case*/
3852 : cmocka_unit_test(rsp_finish_rsp_case1),
3853 : /* Can be populated with new test.*/
3854 : cmocka_unit_test(rsp_finish_rsp_case2),
3855 : /* response_state: SPDM_RESPONSE_STATE_BUSY*/
3856 : cmocka_unit_test(rsp_finish_rsp_case3),
3857 : /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
3858 : cmocka_unit_test(rsp_finish_rsp_case4),
3859 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
3860 : /* response_state: LIBSPDM_RESPONSE_STATE_NOT_READY*/
3861 : cmocka_unit_test(rsp_finish_rsp_case5),
3862 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
3863 : /* connection_state Check*/
3864 : cmocka_unit_test(rsp_finish_rsp_case6),
3865 : /* Buffer reset*/
3866 : cmocka_unit_test(rsp_finish_rsp_case7),
3867 : /* Success Case*/
3868 : cmocka_unit_test(rsp_finish_rsp_case8),
3869 : /* Unsupported KEY_EX capabilities*/
3870 : cmocka_unit_test(rsp_finish_rsp_case9),
3871 : /* Uninitialized session*/
3872 : cmocka_unit_test(rsp_finish_rsp_case10),
3873 : /* Incorrect MAC*/
3874 : cmocka_unit_test(rsp_finish_rsp_case11),
3875 : cmocka_unit_test(rsp_finish_rsp_case12),
3876 : /* Can be populated with new test.*/
3877 : cmocka_unit_test(rsp_finish_rsp_case13),
3878 : cmocka_unit_test(rsp_finish_rsp_case14),
3879 : /* Incorrect signature*/
3880 : cmocka_unit_test(rsp_finish_rsp_case15),
3881 : cmocka_unit_test(rsp_finish_rsp_case16),
3882 : /* Buffer verification*/
3883 : cmocka_unit_test(rsp_finish_rsp_case17),
3884 : /* Success Case, enable mutual authentication and use slot_id 0xFF */
3885 : cmocka_unit_test(rsp_finish_rsp_case18),
3886 : /* Invalid SlotID in FINISH request message when mutual authentication */
3887 : cmocka_unit_test_setup(rsp_finish_rsp_case19, libspdm_unit_test_group_setup),
3888 : cmocka_unit_test_setup(rsp_finish_rsp_case20, libspdm_unit_test_group_setup),
3889 : /* If FINISH.Param1 != 0x01, then FINISH.Param2 is reserved, shall be ignored when read */
3890 : cmocka_unit_test_setup(rsp_finish_rsp_case21, libspdm_unit_test_group_setup),
3891 : /* If KEY_EXCHANGE_RSP.MutAuthRequested equals neither 0x02 nor 0x04, FINISH.Param2 no need match ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest */
3892 : cmocka_unit_test_setup(rsp_finish_rsp_case22, libspdm_unit_test_group_setup),
3893 : /* Big Endian Sign - Little Endian Verify */
3894 : cmocka_unit_test_setup(rsp_finish_rsp_case23, libspdm_unit_test_group_setup),
3895 : /* Big Endian Sign - Big Endian Verify */
3896 : cmocka_unit_test_setup(rsp_finish_rsp_case24, libspdm_unit_test_group_setup),
3897 : /* Big Endian Sign - Big or Little Endian Verify */
3898 : cmocka_unit_test_setup(rsp_finish_rsp_case25, libspdm_unit_test_group_setup),
3899 : /* Little Endian Sign - Little Endian Verify*/
3900 : cmocka_unit_test_setup(rsp_finish_rsp_case26, libspdm_unit_test_group_setup),
3901 : /* Little Endian Sign - Big Endian Verify */
3902 : cmocka_unit_test_setup(rsp_finish_rsp_case27, libspdm_unit_test_group_setup),
3903 : /* Little Endian Sign - Big or Little Endian Verify */
3904 : cmocka_unit_test_setup(rsp_finish_rsp_case28, libspdm_unit_test_group_setup),
3905 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3906 : cmocka_unit_test(rsp_finish_rsp_case29),
3907 : /* SPDM 1.4 with OpaqueData */
3908 : cmocka_unit_test(rsp_finish_rsp_case30),
3909 : /* SPDM 1.4, the Responder using integrator defined opaque data */
3910 : cmocka_unit_test(rsp_finish_rsp_case31),
3911 : };
3912 :
3913 1 : libspdm_test_context_t test_context = {
3914 : LIBSPDM_TEST_CONTEXT_VERSION,
3915 : false,
3916 : };
3917 :
3918 1 : libspdm_setup_test_context(&test_context);
3919 :
3920 1 : return cmocka_run_group_tests(test_cases,
3921 : libspdm_unit_test_group_setup,
3922 : libspdm_unit_test_group_teardown);
3923 : }
3924 :
3925 : #endif /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/
|
