Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 : #include "internal/libspdm_secured_message_lib.h"
10 :
11 : #pragma pack(1)
12 :
13 : typedef struct {
14 : spdm_message_header_t header;
15 : uint8_t signature[LIBSPDM_MAX_ASYM_KEY_SIZE];
16 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
17 : } libspdm_finish_request_mine_t;
18 :
19 : typedef struct {
20 : spdm_message_header_t header;
21 : uint16_t opaque_data_size;
22 : uint8_t opaque_data[8];
23 : uint8_t signature[LIBSPDM_MAX_ASYM_KEY_SIZE];
24 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
25 : } libspdm_finish_request_mine_14_t;
26 :
27 : #pragma pack()
28 :
29 : libspdm_finish_request_mine_t m_libspdm_finish_request1 = {
30 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 0, 0 },
31 : };
32 : size_t m_libspdm_finish_request1_size = sizeof(m_libspdm_finish_request1);
33 :
34 : libspdm_finish_request_mine_t m_libspdm_finish_request3 = {
35 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0 },
36 : };
37 : size_t m_libspdm_finish_request3_size = sizeof(m_libspdm_finish_request3);
38 :
39 : libspdm_finish_request_mine_t m_libspdm_finish_request4 = {
40 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0xFF },
41 : };
42 : size_t m_libspdm_finish_request4_size = sizeof(m_libspdm_finish_request4);
43 :
44 : libspdm_finish_request_mine_t m_libspdm_finish_request5 = {
45 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 10 },
46 : };
47 : size_t m_libspdm_finish_request5_size = sizeof(m_libspdm_finish_request5);
48 :
49 : libspdm_finish_request_mine_t m_libspdm_finish_request6 = {
50 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 6, 10 },
51 : };
52 : size_t m_libspdm_finish_request6_size = sizeof(m_libspdm_finish_request6);
53 :
54 : libspdm_finish_request_mine_t m_libspdm_finish_request7 = {
55 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 3 },
56 : };
57 : size_t m_libspdm_finish_request7_size = sizeof(m_libspdm_finish_request7);
58 :
59 : libspdm_finish_request_mine_14_t m_libspdm_finish_request8 = {
60 : { SPDM_MESSAGE_VERSION_14, SPDM_FINISH, 0, 0 },
61 : };
62 : size_t m_libspdm_finish_request8_size = sizeof(m_libspdm_finish_request8);
63 :
64 : uint8_t m_dummy_buffer[LIBSPDM_MAX_HASH_SIZE];
65 :
66 : #if LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP
67 :
68 : static libspdm_th_managed_buffer_t th_curr;
69 :
70 28 : void libspdm_secured_message_set_request_finished_key(
71 : void *spdm_secured_message_context, const void *key, size_t key_size)
72 : {
73 : libspdm_secured_message_context_t *secured_message_context;
74 :
75 28 : secured_message_context = spdm_secured_message_context;
76 28 : LIBSPDM_ASSERT(key_size == secured_message_context->hash_size);
77 28 : libspdm_copy_mem(secured_message_context->handshake_secret.request_finished_key,
78 : sizeof(secured_message_context->handshake_secret.request_finished_key),
79 : key, secured_message_context->hash_size);
80 28 : }
81 :
82 : /**
83 : * Test 1: receiving a correct FINISH message from the requester with a
84 : * correct MAC, no signature (no mutual authentication), and 'handshake in
85 : * the clear'.
86 : * Expected behavior: the responder accepts the request and produces a valid
87 : * FINISH_RSP response message.
88 : **/
89 1 : void rsp_finish_rsp_case1(void **state)
90 : {
91 : libspdm_return_t status;
92 : libspdm_test_context_t *spdm_test_context;
93 : libspdm_context_t *spdm_context;
94 : size_t response_size;
95 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
96 : spdm_finish_response_t *spdm_response;
97 : void *data1;
98 : size_t data_size1;
99 : uint8_t *ptr;
100 : uint8_t *cert_buffer;
101 : size_t cert_buffer_size;
102 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
103 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
104 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
105 : libspdm_session_info_t *session_info;
106 : uint32_t session_id;
107 : uint32_t hash_size;
108 : uint32_t hmac_size;
109 :
110 1 : spdm_test_context = *state;
111 1 : spdm_context = spdm_test_context->spdm_context;
112 1 : spdm_test_context->case_id = 0x1;
113 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
114 : SPDM_VERSION_NUMBER_SHIFT_BIT;
115 1 : spdm_context->connection_info.connection_state =
116 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
117 1 : spdm_context->connection_info.capability.flags |=
118 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
119 1 : spdm_context->local_context.capability.flags |=
120 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
121 1 : spdm_context->connection_info.algorithm.base_hash_algo =
122 : m_libspdm_use_hash_algo;
123 1 : spdm_context->connection_info.algorithm.base_asym_algo =
124 : m_libspdm_use_asym_algo;
125 1 : spdm_context->connection_info.algorithm.measurement_spec =
126 : m_libspdm_use_measurement_spec;
127 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
128 : m_libspdm_use_measurement_hash_algo;
129 1 : spdm_context->connection_info.algorithm.dhe_named_group =
130 : m_libspdm_use_dhe_algo;
131 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
132 : m_libspdm_use_aead_algo;
133 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
134 : m_libspdm_use_asym_algo, &data1,
135 : &data_size1, NULL, NULL);
136 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
137 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
138 : data_size1;
139 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
140 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
141 : data_size1;
142 :
143 1 : libspdm_reset_message_a(spdm_context);
144 1 : spdm_context->local_context.mut_auth_requested = 0;
145 :
146 1 : session_id = 0xFFFFFFFF;
147 1 : spdm_context->latest_session_id = session_id;
148 1 : session_info = &spdm_context->session_info[0];
149 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
150 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
151 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
152 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
153 1 : libspdm_secured_message_set_request_finished_key(
154 : session_info->secured_message_context, m_dummy_buffer,
155 : hash_size);
156 1 : libspdm_secured_message_set_session_state(
157 : session_info->secured_message_context,
158 : LIBSPDM_SESSION_STATE_HANDSHAKING);
159 :
160 1 : spdm_context->connection_info.capability.flags |=
161 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
162 1 : spdm_context->local_context.capability.flags |=
163 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
164 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
165 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
166 1 : ptr = m_libspdm_finish_request1.signature;
167 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
168 1 : cert_buffer = (uint8_t *)data1;
169 1 : cert_buffer_size = data_size1;
170 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
171 : cert_buffer_hash);
172 : /* transcript.message_a size is 0*/
173 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
174 : /* session_transcript.message_k is 0*/
175 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
176 : sizeof(spdm_finish_request_t));
177 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
178 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
179 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
180 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
181 : request_finished_key, hash_size, ptr);
182 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
183 1 : response_size = sizeof(response);
184 1 : status = libspdm_get_response_finish(spdm_context,
185 : m_libspdm_finish_request1_size,
186 : &m_libspdm_finish_request1,
187 : &response_size, response);
188 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
189 1 : assert_int_equal(response_size,
190 : sizeof(spdm_finish_response_t) + hmac_size);
191 1 : spdm_response = (void *)response;
192 1 : assert_int_equal(spdm_response->header.request_response_code,
193 : SPDM_FINISH_RSP);
194 1 : free(data1);
195 1 : }
196 :
197 : /**
198 : * Test 2:
199 : * Expected behavior:
200 : **/
201 1 : void rsp_finish_rsp_case2(void **state)
202 : {
203 1 : }
204 :
205 : /**
206 : * Test 3: receiving a correct FINISH from the requester, but the
207 : * responder is in a Busy state.
208 : * Expected behavior: the responder accepts the request, but produces an
209 : * ERROR message indicating the Busy state.
210 : **/
211 1 : void rsp_finish_rsp_case3(void **state)
212 : {
213 : libspdm_return_t status;
214 : libspdm_test_context_t *spdm_test_context;
215 : libspdm_context_t *spdm_context;
216 : size_t response_size;
217 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
218 : spdm_finish_response_t *spdm_response;
219 : void *data1;
220 : size_t data_size1;
221 : uint8_t *ptr;
222 : uint8_t *cert_buffer;
223 : size_t cert_buffer_size;
224 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
225 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
226 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
227 : libspdm_session_info_t *session_info;
228 : uint32_t session_id;
229 : uint32_t hash_size;
230 : uint32_t hmac_size;
231 :
232 1 : spdm_test_context = *state;
233 1 : spdm_context = spdm_test_context->spdm_context;
234 1 : spdm_test_context->case_id = 0x3;
235 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
236 : SPDM_VERSION_NUMBER_SHIFT_BIT;
237 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
238 1 : spdm_context->connection_info.connection_state =
239 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
240 1 : spdm_context->connection_info.capability.flags |=
241 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
242 1 : spdm_context->local_context.capability.flags |=
243 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
244 1 : spdm_context->connection_info.algorithm.base_hash_algo =
245 : m_libspdm_use_hash_algo;
246 1 : spdm_context->connection_info.algorithm.base_asym_algo =
247 : m_libspdm_use_asym_algo;
248 1 : spdm_context->connection_info.algorithm.measurement_spec =
249 : m_libspdm_use_measurement_spec;
250 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
251 : m_libspdm_use_measurement_hash_algo;
252 1 : spdm_context->connection_info.algorithm.dhe_named_group =
253 : m_libspdm_use_dhe_algo;
254 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
255 : m_libspdm_use_aead_algo;
256 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
257 : m_libspdm_use_asym_algo, &data1,
258 : &data_size1, NULL, NULL);
259 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
260 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
261 : data_size1;
262 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
263 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
264 : data_size1;
265 :
266 1 : libspdm_reset_message_a(spdm_context);
267 1 : spdm_context->local_context.mut_auth_requested = 0;
268 :
269 1 : session_id = 0xFFFFFFFF;
270 1 : spdm_context->latest_session_id = session_id;
271 1 : session_info = &spdm_context->session_info[0];
272 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
273 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
274 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
275 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
276 1 : libspdm_secured_message_set_request_finished_key(
277 : session_info->secured_message_context, m_dummy_buffer,
278 : hash_size);
279 1 : libspdm_secured_message_set_session_state(
280 : session_info->secured_message_context,
281 : LIBSPDM_SESSION_STATE_HANDSHAKING);
282 :
283 1 : spdm_context->connection_info.capability.flags |=
284 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
285 1 : spdm_context->local_context.capability.flags |=
286 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
287 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
288 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
289 1 : ptr = m_libspdm_finish_request1.signature;
290 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
291 1 : cert_buffer = (uint8_t *)data1;
292 1 : cert_buffer_size = data_size1;
293 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
294 : cert_buffer_hash);
295 : /* transcript.message_a size is 0*/
296 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
297 : /* session_transcript.message_k is 0*/
298 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
299 : sizeof(spdm_finish_request_t));
300 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
301 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
302 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
303 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
304 : request_finished_key, hash_size, ptr);
305 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
306 1 : response_size = sizeof(response);
307 1 : status = libspdm_get_response_finish(spdm_context,
308 : m_libspdm_finish_request1_size,
309 : &m_libspdm_finish_request1,
310 : &response_size, response);
311 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
312 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
313 1 : spdm_response = (void *)response;
314 1 : assert_int_equal(spdm_response->header.request_response_code,
315 : SPDM_ERROR);
316 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
317 1 : assert_int_equal(spdm_response->header.param2, 0);
318 1 : assert_int_equal(spdm_context->response_state,
319 : LIBSPDM_RESPONSE_STATE_BUSY);
320 1 : free(data1);
321 1 : }
322 :
323 : /**
324 : * Test 4: receiving a correct FINISH from the requester, but the responder
325 : * requires resynchronization with the requester.
326 : * Expected behavior: the responder accepts the request, but produces an
327 : * ERROR message indicating the NeedResynch state.
328 : **/
329 1 : void rsp_finish_rsp_case4(void **state)
330 : {
331 : libspdm_return_t status;
332 : libspdm_test_context_t *spdm_test_context;
333 : libspdm_context_t *spdm_context;
334 : size_t response_size;
335 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
336 : spdm_finish_response_t *spdm_response;
337 : void *data1;
338 : size_t data_size1;
339 : uint8_t *ptr;
340 : uint8_t *cert_buffer;
341 : size_t cert_buffer_size;
342 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
343 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
344 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
345 : libspdm_session_info_t *session_info;
346 : uint32_t session_id;
347 : uint32_t hash_size;
348 : uint32_t hmac_size;
349 :
350 1 : spdm_test_context = *state;
351 1 : spdm_context = spdm_test_context->spdm_context;
352 1 : spdm_test_context->case_id = 0x4;
353 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
354 : SPDM_VERSION_NUMBER_SHIFT_BIT;
355 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
356 1 : spdm_context->connection_info.connection_state =
357 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
358 1 : spdm_context->connection_info.capability.flags |=
359 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
360 1 : spdm_context->local_context.capability.flags |=
361 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
362 1 : spdm_context->connection_info.algorithm.base_hash_algo =
363 : m_libspdm_use_hash_algo;
364 1 : spdm_context->connection_info.algorithm.base_asym_algo =
365 : m_libspdm_use_asym_algo;
366 1 : spdm_context->connection_info.algorithm.measurement_spec =
367 : m_libspdm_use_measurement_spec;
368 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
369 : m_libspdm_use_measurement_hash_algo;
370 1 : spdm_context->connection_info.algorithm.dhe_named_group =
371 : m_libspdm_use_dhe_algo;
372 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
373 : m_libspdm_use_aead_algo;
374 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
375 : m_libspdm_use_asym_algo, &data1,
376 : &data_size1, NULL, NULL);
377 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
378 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
379 : data_size1;
380 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
381 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
382 : data_size1;
383 :
384 1 : libspdm_reset_message_a(spdm_context);
385 1 : spdm_context->local_context.mut_auth_requested = 0;
386 :
387 1 : session_id = 0xFFFFFFFF;
388 1 : spdm_context->latest_session_id = session_id;
389 1 : session_info = &spdm_context->session_info[0];
390 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
391 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
392 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
393 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
394 1 : libspdm_secured_message_set_request_finished_key(
395 : session_info->secured_message_context, m_dummy_buffer,
396 : hash_size);
397 1 : libspdm_secured_message_set_session_state(
398 : session_info->secured_message_context,
399 : LIBSPDM_SESSION_STATE_HANDSHAKING);
400 :
401 1 : spdm_context->connection_info.capability.flags |=
402 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
403 1 : spdm_context->local_context.capability.flags |=
404 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
405 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
406 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
407 1 : ptr = m_libspdm_finish_request1.signature;
408 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
409 1 : cert_buffer = (uint8_t *)data1;
410 1 : cert_buffer_size = data_size1;
411 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
412 : cert_buffer_hash);
413 : /* transcript.message_a size is 0*/
414 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
415 : /* session_transcript.message_k is 0*/
416 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
417 : sizeof(spdm_finish_request_t));
418 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
419 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
420 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
421 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
422 : request_finished_key, hash_size, ptr);
423 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
424 1 : response_size = sizeof(response);
425 1 : status = libspdm_get_response_finish(spdm_context,
426 : m_libspdm_finish_request1_size,
427 : &m_libspdm_finish_request1,
428 : &response_size, response);
429 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
430 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
431 1 : spdm_response = (void *)response;
432 1 : assert_int_equal(spdm_response->header.request_response_code,
433 : SPDM_ERROR);
434 1 : assert_int_equal(spdm_response->header.param1,
435 : SPDM_ERROR_CODE_REQUEST_RESYNCH);
436 1 : assert_int_equal(spdm_response->header.param2, 0);
437 1 : assert_int_equal(spdm_context->response_state,
438 : LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
439 1 : free(data1);
440 1 : }
441 :
442 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
443 : /**
444 : * Test 5: receiving a correct FINISH from the requester, but the responder
445 : * could not produce the response in time.
446 : * Expected behavior: the responder accepts the request, but produces an
447 : * ERROR message indicating the ResponseNotReady state.
448 : **/
449 1 : void rsp_finish_rsp_case5(void **state)
450 : {
451 : libspdm_return_t status;
452 : libspdm_test_context_t *spdm_test_context;
453 : libspdm_context_t *spdm_context;
454 : size_t response_size;
455 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
456 : spdm_finish_response_t *spdm_response;
457 : void *data1;
458 : size_t data_size1;
459 : uint8_t *ptr;
460 : uint8_t *cert_buffer;
461 : size_t cert_buffer_size;
462 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
463 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
464 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
465 : libspdm_session_info_t *session_info;
466 : uint32_t session_id;
467 : uint32_t hash_size;
468 : uint32_t hmac_size;
469 : spdm_error_data_response_not_ready_t *error_data;
470 :
471 1 : spdm_test_context = *state;
472 1 : spdm_context = spdm_test_context->spdm_context;
473 1 : spdm_test_context->case_id = 0x5;
474 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
475 : SPDM_VERSION_NUMBER_SHIFT_BIT;
476 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
477 1 : spdm_context->connection_info.connection_state =
478 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
479 1 : spdm_context->connection_info.capability.flags |=
480 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
481 1 : spdm_context->local_context.capability.flags |=
482 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
483 1 : spdm_context->connection_info.algorithm.base_hash_algo =
484 : m_libspdm_use_hash_algo;
485 1 : spdm_context->connection_info.algorithm.base_asym_algo =
486 : m_libspdm_use_asym_algo;
487 1 : spdm_context->connection_info.algorithm.measurement_spec =
488 : m_libspdm_use_measurement_spec;
489 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
490 : m_libspdm_use_measurement_hash_algo;
491 1 : spdm_context->connection_info.algorithm.dhe_named_group =
492 : m_libspdm_use_dhe_algo;
493 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
494 : m_libspdm_use_aead_algo;
495 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
496 : m_libspdm_use_asym_algo, &data1,
497 : &data_size1, NULL, NULL);
498 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
499 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
500 : data_size1;
501 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
502 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
503 : data_size1;
504 :
505 1 : libspdm_reset_message_a(spdm_context);
506 1 : spdm_context->local_context.mut_auth_requested = 0;
507 :
508 1 : session_id = 0xFFFFFFFF;
509 1 : spdm_context->latest_session_id = session_id;
510 1 : session_info = &spdm_context->session_info[0];
511 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
512 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
513 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
514 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
515 1 : libspdm_secured_message_set_request_finished_key(
516 : session_info->secured_message_context, m_dummy_buffer,
517 : hash_size);
518 1 : libspdm_secured_message_set_session_state(
519 : session_info->secured_message_context,
520 : LIBSPDM_SESSION_STATE_HANDSHAKING);
521 :
522 1 : spdm_context->connection_info.capability.flags |=
523 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
524 1 : spdm_context->local_context.capability.flags |=
525 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
526 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
527 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
528 1 : ptr = m_libspdm_finish_request1.signature;
529 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
530 1 : cert_buffer = (uint8_t *)data1;
531 1 : cert_buffer_size = data_size1;
532 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
533 : cert_buffer_hash);
534 : /* transcript.message_a size is 0*/
535 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
536 : /* session_transcript.message_k is 0*/
537 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
538 : sizeof(spdm_finish_request_t));
539 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
540 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
541 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
542 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
543 : request_finished_key, hash_size, ptr);
544 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
545 1 : response_size = sizeof(response);
546 1 : status = libspdm_get_response_finish(spdm_context,
547 : m_libspdm_finish_request1_size,
548 : &m_libspdm_finish_request1,
549 : &response_size, response);
550 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
551 1 : assert_int_equal(response_size,
552 : sizeof(spdm_error_response_t) +
553 : sizeof(spdm_error_data_response_not_ready_t));
554 1 : spdm_response = (void *)response;
555 1 : error_data =
556 : (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
557 1 : assert_int_equal(spdm_response->header.request_response_code,
558 : SPDM_ERROR);
559 1 : assert_int_equal(spdm_response->header.param1,
560 : SPDM_ERROR_CODE_RESPONSE_NOT_READY);
561 1 : assert_int_equal(spdm_response->header.param2, 0);
562 1 : assert_int_equal(spdm_context->response_state,
563 : LIBSPDM_RESPONSE_STATE_NOT_READY);
564 1 : assert_int_equal(error_data->request_code, SPDM_FINISH);
565 1 : free(data1);
566 1 : }
567 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
568 :
569 : /**
570 : * Test 6: receiving a correct FINISH from the requester, but the responder
571 : * is not set no receive a FINISH message because previous messages (namely,
572 : * GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or GET_DIGESTS) have not been
573 : * received.
574 : * Expected behavior: the responder rejects the request, and produces an
575 : * ERROR message indicating the UnexpectedRequest.
576 : **/
577 1 : void rsp_finish_rsp_case6(void **state)
578 : {
579 : libspdm_return_t status;
580 : libspdm_test_context_t *spdm_test_context;
581 : libspdm_context_t *spdm_context;
582 : size_t response_size;
583 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
584 : spdm_finish_response_t *spdm_response;
585 : void *data1;
586 : size_t data_size1;
587 : uint8_t *ptr;
588 : uint8_t *cert_buffer;
589 : size_t cert_buffer_size;
590 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
591 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
592 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
593 : libspdm_session_info_t *session_info;
594 : uint32_t session_id;
595 : uint32_t hash_size;
596 : uint32_t hmac_size;
597 :
598 1 : spdm_test_context = *state;
599 1 : spdm_context = spdm_test_context->spdm_context;
600 1 : spdm_test_context->case_id = 0x6;
601 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
602 : SPDM_VERSION_NUMBER_SHIFT_BIT;
603 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
604 1 : spdm_context->connection_info.connection_state =
605 : LIBSPDM_CONNECTION_STATE_NOT_STARTED;
606 1 : spdm_context->connection_info.capability.flags |=
607 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
608 1 : spdm_context->local_context.capability.flags |=
609 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
610 1 : spdm_context->connection_info.algorithm.base_hash_algo =
611 : m_libspdm_use_hash_algo;
612 1 : spdm_context->connection_info.algorithm.base_asym_algo =
613 : m_libspdm_use_asym_algo;
614 1 : spdm_context->connection_info.algorithm.measurement_spec =
615 : m_libspdm_use_measurement_spec;
616 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
617 : m_libspdm_use_measurement_hash_algo;
618 1 : spdm_context->connection_info.algorithm.dhe_named_group =
619 : m_libspdm_use_dhe_algo;
620 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
621 : m_libspdm_use_aead_algo;
622 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
623 : m_libspdm_use_asym_algo, &data1,
624 : &data_size1, NULL, NULL);
625 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
626 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
627 : data_size1;
628 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
629 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
630 : data_size1;
631 :
632 1 : libspdm_reset_message_a(spdm_context);
633 1 : spdm_context->local_context.mut_auth_requested = 0;
634 :
635 1 : session_id = 0xFFFFFFFF;
636 1 : spdm_context->latest_session_id = session_id;
637 1 : session_info = &spdm_context->session_info[0];
638 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
639 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
640 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
641 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
642 1 : libspdm_secured_message_set_request_finished_key(
643 : session_info->secured_message_context, m_dummy_buffer,
644 : hash_size);
645 1 : libspdm_secured_message_set_session_state(
646 : session_info->secured_message_context,
647 : LIBSPDM_SESSION_STATE_HANDSHAKING);
648 :
649 1 : spdm_context->connection_info.capability.flags |=
650 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
651 1 : spdm_context->local_context.capability.flags |=
652 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
653 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
654 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
655 1 : ptr = m_libspdm_finish_request1.signature;
656 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
657 1 : cert_buffer = (uint8_t *)data1;
658 1 : cert_buffer_size = data_size1;
659 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
660 : cert_buffer_hash);
661 : /* transcript.message_a size is 0*/
662 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
663 : /* session_transcript.message_k is 0*/
664 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
665 : sizeof(spdm_finish_request_t));
666 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
667 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
668 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
669 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
670 : request_finished_key, hash_size, ptr);
671 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
672 1 : response_size = sizeof(response);
673 1 : status = libspdm_get_response_finish(spdm_context,
674 : m_libspdm_finish_request1_size,
675 : &m_libspdm_finish_request1,
676 : &response_size, response);
677 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
678 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
679 1 : spdm_response = (void *)response;
680 1 : assert_int_equal(spdm_response->header.request_response_code,
681 : SPDM_ERROR);
682 1 : assert_int_equal(spdm_response->header.param1,
683 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
684 1 : assert_int_equal(spdm_response->header.param2, 0);
685 1 : free(data1);
686 1 : }
687 :
688 1 : void rsp_finish_rsp_case7(void **state)
689 : {
690 : libspdm_return_t status;
691 : libspdm_test_context_t *spdm_test_context;
692 : libspdm_context_t *spdm_context;
693 : size_t response_size;
694 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
695 : spdm_finish_response_t *spdm_response;
696 : void *data1;
697 : size_t data_size1;
698 : uint8_t *ptr;
699 : uint8_t *cert_buffer;
700 : size_t cert_buffer_size;
701 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
702 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
703 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
704 : libspdm_session_info_t *session_info;
705 : uint32_t session_id;
706 : uint32_t hash_size;
707 : uint32_t hmac_size;
708 :
709 1 : spdm_test_context = *state;
710 1 : spdm_context = spdm_test_context->spdm_context;
711 1 : spdm_test_context->case_id = 0x7;
712 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
713 : SPDM_VERSION_NUMBER_SHIFT_BIT;
714 1 : spdm_context->connection_info.connection_state =
715 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
716 1 : spdm_context->connection_info.capability.flags |=
717 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
718 1 : spdm_context->local_context.capability.flags |=
719 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
720 1 : spdm_context->connection_info.algorithm.base_hash_algo =
721 : m_libspdm_use_hash_algo;
722 1 : spdm_context->connection_info.algorithm.base_asym_algo =
723 : m_libspdm_use_asym_algo;
724 1 : spdm_context->connection_info.algorithm.measurement_spec =
725 : m_libspdm_use_measurement_spec;
726 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
727 : m_libspdm_use_measurement_hash_algo;
728 1 : spdm_context->connection_info.algorithm.dhe_named_group =
729 : m_libspdm_use_dhe_algo;
730 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
731 : m_libspdm_use_aead_algo;
732 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
733 : m_libspdm_use_asym_algo, &data1,
734 : &data_size1, NULL, NULL);
735 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
736 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
737 : data_size1;
738 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
739 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
740 : data_size1;
741 :
742 1 : libspdm_reset_message_a(spdm_context);
743 1 : spdm_context->local_context.mut_auth_requested = 0;
744 :
745 1 : session_id = 0xFFFFFFFF;
746 1 : spdm_context->latest_session_id = session_id;
747 1 : session_info = &spdm_context->session_info[0];
748 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
749 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
750 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
751 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
752 1 : libspdm_secured_message_set_request_finished_key(
753 : session_info->secured_message_context, m_dummy_buffer,
754 : hash_size);
755 1 : libspdm_secured_message_set_session_state(
756 : session_info->secured_message_context,
757 : LIBSPDM_SESSION_STATE_HANDSHAKING);
758 :
759 1 : spdm_context->connection_info.capability.flags |=
760 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
761 1 : spdm_context->local_context.capability.flags |=
762 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
763 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
764 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
765 1 : ptr = m_libspdm_finish_request1.signature;
766 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
767 1 : cert_buffer = (uint8_t *)data1;
768 1 : cert_buffer_size = data_size1;
769 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
770 : session_info->session_transcript.message_m.buffer_size =
771 : session_info->session_transcript.message_m.max_buffer_size;
772 : spdm_context->transcript.message_b.buffer_size =
773 : spdm_context->transcript.message_b.max_buffer_size;
774 : spdm_context->transcript.message_c.buffer_size =
775 : spdm_context->transcript.message_c.max_buffer_size;
776 : spdm_context->transcript.message_mut_b.buffer_size =
777 : spdm_context->transcript.message_mut_b.max_buffer_size;
778 : spdm_context->transcript.message_mut_c.buffer_size =
779 : spdm_context->transcript.message_mut_c.max_buffer_size;
780 : #endif
781 :
782 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
783 : cert_buffer_hash);
784 : /* transcript.message_a size is 0*/
785 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
786 : /* session_transcript.message_k is 0*/
787 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
788 : sizeof(spdm_finish_request_t));
789 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
790 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
791 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
792 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
793 : request_finished_key, hash_size, ptr);
794 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
795 1 : response_size = sizeof(response);
796 1 : status = libspdm_get_response_finish(spdm_context,
797 : m_libspdm_finish_request1_size,
798 : &m_libspdm_finish_request1,
799 : &response_size, response);
800 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
801 1 : assert_int_equal(response_size,
802 : sizeof(spdm_finish_response_t) + hmac_size);
803 1 : spdm_response = (void *)response;
804 1 : assert_int_equal(spdm_response->header.request_response_code,
805 : SPDM_FINISH_RSP);
806 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
807 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
808 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
809 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
810 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
811 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
812 : #endif
813 :
814 1 : free(data1);
815 1 : }
816 :
817 :
818 : /**
819 : * Test 8: receiving a correct FINISH message from the requester with
820 : * correct MAC and signature (with mutual authentication), and 'handshake in
821 : * the clear'.
822 : * Expected behavior: the responder accepts the request and produces a valid
823 : * FINISH_RSP response message.
824 : **/
825 1 : void rsp_finish_rsp_case8(void **state)
826 : {
827 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
828 : libspdm_return_t status;
829 : libspdm_test_context_t *spdm_test_context;
830 : libspdm_context_t *spdm_context;
831 : size_t response_size;
832 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
833 : spdm_finish_response_t *spdm_response;
834 : void *data1;
835 : size_t data_size1;
836 : void *data2;
837 : size_t data_size2;
838 : uint8_t *ptr;
839 : uint8_t *cert_buffer;
840 : size_t cert_buffer_size;
841 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
842 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
843 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
844 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
845 : libspdm_session_info_t *session_info;
846 : uint32_t session_id;
847 : uint32_t hash_size;
848 : uint32_t hmac_size;
849 : size_t req_asym_signature_size;
850 :
851 1 : spdm_test_context = *state;
852 1 : spdm_context = spdm_test_context->spdm_context;
853 1 : spdm_test_context->case_id = 0x8;
854 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
855 : SPDM_VERSION_NUMBER_SHIFT_BIT;
856 1 : spdm_context->connection_info.connection_state =
857 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
858 1 : spdm_context->connection_info.capability.flags |=
859 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
860 1 : spdm_context->local_context.capability.flags |=
861 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
862 1 : spdm_context->connection_info.algorithm.base_hash_algo =
863 : m_libspdm_use_hash_algo;
864 1 : spdm_context->connection_info.algorithm.base_asym_algo =
865 : m_libspdm_use_asym_algo;
866 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
867 : m_libspdm_use_req_asym_algo;
868 1 : spdm_context->connection_info.algorithm.measurement_spec =
869 : m_libspdm_use_measurement_spec;
870 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
871 : m_libspdm_use_measurement_hash_algo;
872 1 : spdm_context->connection_info.algorithm.dhe_named_group =
873 : m_libspdm_use_dhe_algo;
874 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
875 : m_libspdm_use_aead_algo;
876 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
877 : m_libspdm_use_asym_algo, &data1,
878 : &data_size1, NULL, NULL);
879 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
880 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
881 : data_size1;
882 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
883 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
884 : data_size1;
885 :
886 1 : libspdm_reset_message_a(spdm_context);
887 1 : spdm_context->local_context.mut_auth_requested = 1;
888 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
889 : m_libspdm_use_req_asym_algo, &data2,
890 : &data_size2, NULL, NULL);
891 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
892 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
893 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
894 : data2, data_size2);
895 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
896 : data_size2;
897 : #else
898 1 : libspdm_hash_all(
899 : spdm_context->connection_info.algorithm.base_hash_algo,
900 : data2, data_size2,
901 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
902 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
903 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
904 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
905 : spdm_context->connection_info.algorithm.base_hash_algo,
906 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
907 : data2,
908 : data_size2,
909 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
910 : #endif
911 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
912 :
913 1 : session_id = 0xFFFFFFFF;
914 1 : spdm_context->latest_session_id = session_id;
915 1 : session_info = &spdm_context->session_info[0];
916 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
917 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
918 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
919 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
920 1 : libspdm_secured_message_set_request_finished_key(
921 : session_info->secured_message_context, m_dummy_buffer,
922 : hash_size);
923 1 : libspdm_secured_message_set_session_state(
924 : session_info->secured_message_context,
925 : LIBSPDM_SESSION_STATE_HANDSHAKING);
926 1 : session_info->mut_auth_requested = 1;
927 :
928 1 : spdm_context->connection_info.capability.flags |=
929 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
930 1 : spdm_context->local_context.capability.flags |=
931 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
932 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
933 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
934 1 : req_asym_signature_size =
935 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
936 1 : ptr = m_libspdm_finish_request3.signature;
937 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
938 1 : cert_buffer = (uint8_t *)data1;
939 1 : cert_buffer_size = data_size1;
940 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
941 : cert_buffer_hash);
942 1 : cert_buffer = (uint8_t *)data2;
943 1 : cert_buffer_size = data_size2;
944 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
945 : req_cert_buffer_hash);
946 : /* transcript.message_a size is 0*/
947 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
948 : /* session_transcript.message_k is 0*/
949 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
950 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
951 : sizeof(spdm_finish_request_t));
952 :
953 1 : libspdm_requester_data_sign(
954 : spdm_context,
955 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
956 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
957 1 : false, libspdm_get_managed_buffer(&th_curr),
958 : libspdm_get_managed_buffer_size(&th_curr),
959 : ptr, &req_asym_signature_size);
960 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
961 1 : ptr += req_asym_signature_size;
962 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
963 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
964 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
965 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
966 : request_finished_key, hash_size, ptr);
967 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
968 1 : req_asym_signature_size + hmac_size;
969 1 : response_size = sizeof(response);
970 1 : status = libspdm_get_response_finish(spdm_context,
971 : m_libspdm_finish_request3_size,
972 : &m_libspdm_finish_request3,
973 : &response_size, response);
974 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
975 1 : assert_int_equal(response_size,
976 : sizeof(spdm_finish_response_t) + hmac_size);
977 1 : spdm_response = (void *)response;
978 1 : assert_int_equal(spdm_response->header.request_response_code,
979 : SPDM_FINISH_RSP);
980 1 : free(data1);
981 1 : free(data2);
982 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
983 1 : }
984 :
985 : /**
986 : * Test 9: receiving a correct FINISH message from the requester, but the
987 : * responder has no capabilities for key exchange.
988 : * Expected behavior: the responder refuses the FINISH message and produces
989 : * an ERROR message indicating the UnsupportedRequest.
990 : **/
991 1 : void rsp_finish_rsp_case9(void **state)
992 : {
993 : libspdm_return_t status;
994 : libspdm_test_context_t *spdm_test_context;
995 : libspdm_context_t *spdm_context;
996 : size_t response_size;
997 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
998 : spdm_finish_response_t *spdm_response;
999 : void *data1;
1000 : size_t data_size1;
1001 : uint8_t *ptr;
1002 : uint8_t *cert_buffer;
1003 : size_t cert_buffer_size;
1004 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1005 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1006 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1007 : libspdm_session_info_t *session_info;
1008 : uint32_t session_id;
1009 : uint32_t hash_size;
1010 : uint32_t hmac_size;
1011 :
1012 1 : spdm_test_context = *state;
1013 1 : spdm_context = spdm_test_context->spdm_context;
1014 1 : spdm_test_context->case_id = 0x9;
1015 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1016 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1017 1 : spdm_context->connection_info.connection_state =
1018 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1019 1 : spdm_context->connection_info.capability.flags = 0;
1020 1 : spdm_context->local_context.capability.flags = 0;
1021 1 : spdm_context->connection_info.capability.flags |=
1022 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1023 : /* no key exchange capabilities (responder)*/
1024 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1025 : m_libspdm_use_hash_algo;
1026 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1027 : m_libspdm_use_asym_algo;
1028 1 : spdm_context->connection_info.algorithm.measurement_spec =
1029 : m_libspdm_use_measurement_spec;
1030 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1031 : m_libspdm_use_measurement_hash_algo;
1032 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1033 : m_libspdm_use_dhe_algo;
1034 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1035 : m_libspdm_use_aead_algo;
1036 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1037 : m_libspdm_use_asym_algo, &data1,
1038 : &data_size1, NULL, NULL);
1039 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1040 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1041 : data_size1;
1042 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1043 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1044 : data_size1;
1045 :
1046 1 : libspdm_reset_message_a(spdm_context);
1047 1 : spdm_context->local_context.mut_auth_requested = 0;
1048 :
1049 1 : session_id = 0xFFFFFFFF;
1050 1 : spdm_context->latest_session_id = session_id;
1051 1 : session_info = &spdm_context->session_info[0];
1052 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1053 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1054 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1055 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1056 1 : libspdm_secured_message_set_request_finished_key(
1057 : session_info->secured_message_context, m_dummy_buffer,
1058 : hash_size);
1059 1 : libspdm_secured_message_set_session_state(
1060 : session_info->secured_message_context,
1061 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1062 :
1063 1 : spdm_context->connection_info.capability.flags |=
1064 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1065 1 : spdm_context->local_context.capability.flags |=
1066 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1067 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1068 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1069 1 : ptr = m_libspdm_finish_request1.signature;
1070 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1071 1 : cert_buffer = (uint8_t *)data1;
1072 1 : cert_buffer_size = data_size1;
1073 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1074 : cert_buffer_hash);
1075 : /* transcript.message_a size is 0*/
1076 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1077 : /* session_transcript.message_k is 0*/
1078 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1079 : sizeof(spdm_finish_request_t));
1080 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1081 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1082 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1083 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1084 : request_finished_key, hash_size, ptr);
1085 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1086 1 : response_size = sizeof(response);
1087 1 : status = libspdm_get_response_finish(spdm_context,
1088 : m_libspdm_finish_request1_size,
1089 : &m_libspdm_finish_request1,
1090 : &response_size, response);
1091 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1092 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1093 1 : spdm_response = (void *)response;
1094 1 : assert_int_equal(spdm_response->header.request_response_code,
1095 : SPDM_ERROR);
1096 1 : assert_int_equal(spdm_response->header.param1,
1097 : SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
1098 1 : assert_int_equal(spdm_response->header.param2, SPDM_FINISH);
1099 1 : free(data1);
1100 1 : }
1101 :
1102 : /**
1103 : * Test 10: receiving a correct FINISH message from the requester, but the
1104 : * responder is not correctly setup by not initializing a session during
1105 : * KEY_EXCHANGE.
1106 : * Expected behavior: the responder refuses the FINISH message and produces
1107 : * an ERROR message indicating the UnsupportedRequest.
1108 : **/
1109 1 : void rsp_finish_rsp_case10(void **state)
1110 : {
1111 : libspdm_return_t status;
1112 : libspdm_test_context_t *spdm_test_context;
1113 : libspdm_context_t *spdm_context;
1114 : size_t response_size;
1115 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1116 : spdm_finish_response_t *spdm_response;
1117 : void *data1;
1118 : size_t data_size1;
1119 : uint8_t *ptr;
1120 : uint8_t *cert_buffer;
1121 : size_t cert_buffer_size;
1122 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1123 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1124 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1125 : libspdm_session_info_t *session_info;
1126 : uint32_t session_id;
1127 : uint32_t hash_size;
1128 : uint32_t hmac_size;
1129 :
1130 1 : spdm_test_context = *state;
1131 1 : spdm_context = spdm_test_context->spdm_context;
1132 1 : spdm_test_context->case_id = 0xA;
1133 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1134 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1135 1 : spdm_context->connection_info.connection_state =
1136 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1137 1 : spdm_context->connection_info.capability.flags |=
1138 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1139 1 : spdm_context->local_context.capability.flags |=
1140 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1141 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1142 : m_libspdm_use_hash_algo;
1143 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1144 : m_libspdm_use_asym_algo;
1145 1 : spdm_context->connection_info.algorithm.measurement_spec =
1146 : m_libspdm_use_measurement_spec;
1147 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1148 : m_libspdm_use_measurement_hash_algo;
1149 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1150 : m_libspdm_use_dhe_algo;
1151 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1152 : m_libspdm_use_aead_algo;
1153 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1154 : m_libspdm_use_asym_algo, &data1,
1155 : &data_size1, NULL, NULL);
1156 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1157 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1158 : data_size1;
1159 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1160 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1161 : data_size1;
1162 :
1163 1 : libspdm_reset_message_a(spdm_context);
1164 1 : spdm_context->local_context.mut_auth_requested = 0;
1165 :
1166 1 : session_id = 0xFFFFFFFF;
1167 1 : spdm_context->latest_session_id = session_id;
1168 1 : session_info = &spdm_context->session_info[0];
1169 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1170 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1171 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1172 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1173 1 : libspdm_secured_message_set_request_finished_key(
1174 : session_info->secured_message_context, m_dummy_buffer,
1175 : hash_size);
1176 1 : libspdm_secured_message_set_session_state(
1177 : session_info->secured_message_context,
1178 : LIBSPDM_SESSION_STATE_NOT_STARTED);
1179 :
1180 1 : spdm_context->connection_info.capability.flags |=
1181 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1182 1 : spdm_context->local_context.capability.flags |=
1183 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1184 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1185 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1186 1 : ptr = m_libspdm_finish_request1.signature;
1187 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1188 1 : cert_buffer = (uint8_t *)data1;
1189 1 : cert_buffer_size = data_size1;
1190 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1191 : cert_buffer_hash);
1192 : /* transcript.message_a size is 0*/
1193 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1194 : /* session_transcript.message_k is 0*/
1195 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1196 : sizeof(spdm_finish_request_t));
1197 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1198 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1199 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1200 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1201 : request_finished_key, hash_size, ptr);
1202 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1203 1 : response_size = sizeof(response);
1204 1 : status = libspdm_get_response_finish(spdm_context,
1205 : m_libspdm_finish_request1_size,
1206 : &m_libspdm_finish_request1,
1207 : &response_size, response);
1208 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1209 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1210 1 : spdm_response = (void *)response;
1211 1 : assert_int_equal(spdm_response->header.request_response_code,
1212 : SPDM_ERROR);
1213 1 : assert_int_equal(spdm_response->header.param1,
1214 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
1215 1 : assert_int_equal(spdm_response->header.param2, 0);
1216 1 : free(data1);
1217 1 : }
1218 :
1219 : /**
1220 : * Test 11: receiving a FINISH message from the requester with an incorrect
1221 : * MAC (all-zero).
1222 : * Expected behavior: the responder refuses the FINISH message and produces
1223 : * an ERROR message indicating the DecryptError.
1224 : **/
1225 1 : void rsp_finish_rsp_case11(void **state)
1226 : {
1227 : libspdm_return_t status;
1228 : libspdm_test_context_t *spdm_test_context;
1229 : libspdm_context_t *spdm_context;
1230 : size_t response_size;
1231 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1232 : spdm_finish_response_t *spdm_response;
1233 : void *data1;
1234 : size_t data_size1;
1235 : uint8_t *ptr;
1236 : libspdm_session_info_t *session_info;
1237 : uint32_t session_id;
1238 : uint32_t hash_size;
1239 : uint32_t hmac_size;
1240 :
1241 1 : spdm_test_context = *state;
1242 1 : spdm_context = spdm_test_context->spdm_context;
1243 1 : spdm_test_context->case_id = 0xB;
1244 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1245 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1246 1 : spdm_context->connection_info.connection_state =
1247 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1248 1 : spdm_context->connection_info.capability.flags |=
1249 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1250 1 : spdm_context->local_context.capability.flags |=
1251 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1252 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1253 : m_libspdm_use_hash_algo;
1254 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1255 : m_libspdm_use_asym_algo;
1256 1 : spdm_context->connection_info.algorithm.measurement_spec =
1257 : m_libspdm_use_measurement_spec;
1258 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1259 : m_libspdm_use_measurement_hash_algo;
1260 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1261 : m_libspdm_use_dhe_algo;
1262 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1263 : m_libspdm_use_aead_algo;
1264 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1265 : m_libspdm_use_asym_algo, &data1,
1266 : &data_size1, NULL, NULL);
1267 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1268 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1269 : data_size1;
1270 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1271 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1272 : data_size1;
1273 :
1274 1 : libspdm_reset_message_a(spdm_context);
1275 1 : spdm_context->local_context.mut_auth_requested = 0;
1276 :
1277 1 : session_id = 0xFFFFFFFF;
1278 1 : spdm_context->latest_session_id = session_id;
1279 1 : session_info = &spdm_context->session_info[0];
1280 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1281 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1282 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1283 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1284 1 : libspdm_secured_message_set_request_finished_key(
1285 : session_info->secured_message_context, m_dummy_buffer,
1286 : hash_size);
1287 1 : libspdm_secured_message_set_session_state(
1288 : session_info->secured_message_context,
1289 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1290 :
1291 1 : spdm_context->connection_info.capability.flags |=
1292 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1293 1 : spdm_context->local_context.capability.flags |=
1294 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1295 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1296 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1297 1 : ptr = m_libspdm_finish_request1.signature;
1298 1 : libspdm_set_mem(ptr, hmac_size, (uint8_t)(0x00)); /*all-zero MAC*/
1299 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1300 1 : response_size = sizeof(response);
1301 1 : status = libspdm_get_response_finish(spdm_context,
1302 : m_libspdm_finish_request1_size,
1303 : &m_libspdm_finish_request1,
1304 : &response_size, response);
1305 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1306 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1307 1 : spdm_response = (void *)response;
1308 1 : assert_int_equal(spdm_response->header.request_response_code,
1309 : SPDM_ERROR);
1310 1 : assert_int_equal(spdm_response->header.param1,
1311 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1312 1 : assert_int_equal(spdm_response->header.param2, 0);
1313 1 : free(data1);
1314 1 : }
1315 :
1316 : /**
1317 : * Test 12: receiving a FINISH message from the requester with an incorrect
1318 : * MAC (arbitrary).
1319 : * Expected behavior: the responder refuses the FINISH message and produces
1320 : * an ERROR message indicating the DecryptError.
1321 : **/
1322 1 : void rsp_finish_rsp_case12(void **state)
1323 : {
1324 : libspdm_return_t status;
1325 : libspdm_test_context_t *spdm_test_context;
1326 : libspdm_context_t *spdm_context;
1327 : size_t response_size;
1328 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1329 : spdm_finish_response_t *spdm_response;
1330 : void *data1;
1331 : size_t data_size1;
1332 : uint8_t *ptr;
1333 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1334 : uint8_t zero_data[LIBSPDM_MAX_HASH_SIZE];
1335 : libspdm_session_info_t *session_info;
1336 : uint32_t session_id;
1337 : uint32_t hash_size;
1338 : uint32_t hmac_size;
1339 :
1340 1 : spdm_test_context = *state;
1341 1 : spdm_context = spdm_test_context->spdm_context;
1342 1 : spdm_test_context->case_id = 0xC;
1343 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1344 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1345 1 : spdm_context->connection_info.connection_state =
1346 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1347 1 : spdm_context->connection_info.capability.flags |=
1348 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1349 1 : spdm_context->local_context.capability.flags |=
1350 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1351 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1352 : m_libspdm_use_hash_algo;
1353 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1354 : m_libspdm_use_asym_algo;
1355 1 : spdm_context->connection_info.algorithm.measurement_spec =
1356 : m_libspdm_use_measurement_spec;
1357 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1358 : m_libspdm_use_measurement_hash_algo;
1359 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1360 : m_libspdm_use_dhe_algo;
1361 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1362 : m_libspdm_use_aead_algo;
1363 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1364 : m_libspdm_use_asym_algo, &data1,
1365 : &data_size1, NULL, NULL);
1366 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1367 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1368 : data_size1;
1369 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1370 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1371 : data_size1;
1372 :
1373 1 : libspdm_reset_message_a(spdm_context);
1374 1 : spdm_context->local_context.mut_auth_requested = 0;
1375 :
1376 1 : session_id = 0xFFFFFFFF;
1377 1 : spdm_context->latest_session_id = session_id;
1378 1 : session_info = &spdm_context->session_info[0];
1379 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1380 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1381 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1382 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1383 1 : libspdm_secured_message_set_request_finished_key(
1384 : session_info->secured_message_context, m_dummy_buffer,
1385 : hash_size);
1386 1 : libspdm_secured_message_set_session_state(
1387 : session_info->secured_message_context,
1388 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1389 :
1390 1 : spdm_context->connection_info.capability.flags |=
1391 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1392 1 : spdm_context->local_context.capability.flags |=
1393 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1394 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1395 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1396 1 : ptr = m_libspdm_finish_request1.signature;
1397 : /*arbitrary MAC*/
1398 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1399 1 : libspdm_set_mem(zero_data, hash_size, (uint8_t)(0x00));
1400 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, zero_data, hash_size,
1401 : request_finished_key, hash_size, ptr);
1402 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1403 1 : response_size = sizeof(response);
1404 1 : status = libspdm_get_response_finish(spdm_context,
1405 : m_libspdm_finish_request1_size,
1406 : &m_libspdm_finish_request1,
1407 : &response_size, response);
1408 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1409 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1410 1 : spdm_response = (void *)response;
1411 1 : assert_int_equal(spdm_response->header.request_response_code,
1412 : SPDM_ERROR);
1413 1 : assert_int_equal(spdm_response->header.param1,
1414 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1415 1 : assert_int_equal(spdm_response->header.param2, 0);
1416 1 : free(data1);
1417 1 : }
1418 :
1419 : /**
1420 : * Test 13:
1421 : * Expected behavior:
1422 : **/
1423 1 : void rsp_finish_rsp_case13(void **state)
1424 : {
1425 1 : }
1426 :
1427 : /**
1428 : * Test 14: receiving a FINISH message from the requester with an incorrect
1429 : * MAC size (only the correct first half of the MAC).
1430 : * Expected behavior: the responder refuses the FINISH message and produces
1431 : * an ERROR message indicating the InvalidRequest.
1432 : **/
1433 1 : void rsp_finish_rsp_case14(void **state)
1434 : {
1435 : libspdm_return_t status;
1436 : libspdm_test_context_t *spdm_test_context;
1437 : libspdm_context_t *spdm_context;
1438 : size_t response_size;
1439 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1440 : spdm_finish_response_t *spdm_response;
1441 : void *data1;
1442 : size_t data_size1;
1443 : uint8_t *ptr;
1444 : uint8_t *cert_buffer;
1445 : size_t cert_buffer_size;
1446 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1447 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1448 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1449 : libspdm_session_info_t *session_info;
1450 : uint32_t session_id;
1451 : uint32_t hash_size;
1452 : uint32_t hmac_size;
1453 :
1454 1 : spdm_test_context = *state;
1455 1 : spdm_context = spdm_test_context->spdm_context;
1456 1 : spdm_test_context->case_id = 0xE;
1457 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1458 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1459 1 : spdm_context->connection_info.connection_state =
1460 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1461 1 : spdm_context->connection_info.capability.flags |=
1462 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1463 1 : spdm_context->local_context.capability.flags |=
1464 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1465 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1466 : m_libspdm_use_hash_algo;
1467 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1468 : m_libspdm_use_asym_algo;
1469 1 : spdm_context->connection_info.algorithm.measurement_spec =
1470 : m_libspdm_use_measurement_spec;
1471 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1472 : m_libspdm_use_measurement_hash_algo;
1473 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1474 : m_libspdm_use_dhe_algo;
1475 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1476 : m_libspdm_use_aead_algo;
1477 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1478 : m_libspdm_use_asym_algo, &data1,
1479 : &data_size1, NULL, NULL);
1480 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1481 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1482 : data_size1;
1483 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1484 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1485 : data_size1;
1486 :
1487 1 : libspdm_reset_message_a(spdm_context);
1488 1 : spdm_context->local_context.mut_auth_requested = 0;
1489 :
1490 1 : session_id = 0xFFFFFFFF;
1491 1 : spdm_context->latest_session_id = session_id;
1492 1 : session_info = &spdm_context->session_info[0];
1493 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1494 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1495 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1496 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1497 1 : libspdm_secured_message_set_request_finished_key(
1498 : session_info->secured_message_context, m_dummy_buffer,
1499 : hash_size);
1500 1 : libspdm_secured_message_set_session_state(
1501 : session_info->secured_message_context,
1502 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1503 :
1504 1 : spdm_context->connection_info.capability.flags |=
1505 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1506 1 : spdm_context->local_context.capability.flags |=
1507 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1508 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1509 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1510 1 : ptr = m_libspdm_finish_request1.signature;
1511 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1512 1 : cert_buffer = (uint8_t *)data1;
1513 1 : cert_buffer_size = data_size1;
1514 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1515 : cert_buffer_hash);
1516 : /* transcript.message_a size is 0*/
1517 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1518 : /* session_transcript.message_k is 0*/
1519 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1520 : sizeof(spdm_finish_request_t));
1521 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1522 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1523 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1524 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1525 : request_finished_key, hash_size, ptr);
1526 1 : libspdm_set_mem(ptr + hmac_size/2, hmac_size/2, (uint8_t) 0x00); /* half HMAC size*/
1527 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size/2;
1528 1 : response_size = sizeof(response);
1529 1 : status = libspdm_get_response_finish(spdm_context,
1530 : m_libspdm_finish_request1_size,
1531 : &m_libspdm_finish_request1,
1532 : &response_size, response);
1533 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1534 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1535 1 : spdm_response = (void *)response;
1536 1 : assert_int_equal(spdm_response->header.request_response_code,
1537 : SPDM_ERROR);
1538 1 : assert_int_equal(spdm_response->header.param1,
1539 : SPDM_ERROR_CODE_INVALID_REQUEST);
1540 1 : assert_int_equal(spdm_response->header.param2, 0);
1541 1 : free(data1);
1542 1 : }
1543 :
1544 : /**
1545 : * Test 15: receiving a FINISH message from the requester with an incorrect
1546 : * signature (all-zero), but a correct MAC.
1547 : * Expected behavior: the responder refuses the FINISH message and produces
1548 : * an ERROR message indicating the DecryptError.
1549 : **/
1550 1 : void rsp_finish_rsp_case15(void **state)
1551 : {
1552 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1553 : libspdm_return_t status;
1554 : libspdm_test_context_t *spdm_test_context;
1555 : libspdm_context_t *spdm_context;
1556 : size_t response_size;
1557 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1558 : spdm_finish_response_t *spdm_response;
1559 : void *data1;
1560 : size_t data_size1;
1561 : void *data2;
1562 : size_t data_size2;
1563 : uint8_t *ptr;
1564 : uint8_t *cert_buffer;
1565 : size_t cert_buffer_size;
1566 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1567 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1568 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1569 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1570 : libspdm_session_info_t *session_info;
1571 : uint32_t session_id;
1572 : uint32_t hash_size;
1573 : uint32_t hmac_size;
1574 : size_t req_asym_signature_size;
1575 :
1576 1 : spdm_test_context = *state;
1577 1 : spdm_context = spdm_test_context->spdm_context;
1578 1 : spdm_test_context->case_id = 0xF;
1579 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1580 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1581 1 : spdm_context->connection_info.connection_state =
1582 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1583 1 : spdm_context->connection_info.capability.flags |=
1584 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1585 1 : spdm_context->local_context.capability.flags |=
1586 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1587 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1588 : m_libspdm_use_hash_algo;
1589 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1590 : m_libspdm_use_asym_algo;
1591 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
1592 : m_libspdm_use_req_asym_algo;
1593 1 : spdm_context->connection_info.algorithm.measurement_spec =
1594 : m_libspdm_use_measurement_spec;
1595 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1596 : m_libspdm_use_measurement_hash_algo;
1597 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1598 : m_libspdm_use_dhe_algo;
1599 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1600 : m_libspdm_use_aead_algo;
1601 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1602 : m_libspdm_use_asym_algo, &data1,
1603 : &data_size1, NULL, NULL);
1604 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1605 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1606 : data_size1;
1607 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1608 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1609 : data_size1;
1610 :
1611 1 : libspdm_reset_message_a(spdm_context);
1612 1 : spdm_context->local_context.mut_auth_requested = 1;
1613 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1614 : m_libspdm_use_req_asym_algo, &data2,
1615 : &data_size2, NULL, NULL);
1616 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1617 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1618 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1619 : data2, data_size2);
1620 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
1621 : data_size2;
1622 : #endif
1623 :
1624 1 : session_id = 0xFFFFFFFF;
1625 1 : spdm_context->latest_session_id = session_id;
1626 1 : session_info = &spdm_context->session_info[0];
1627 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1628 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1629 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1630 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1631 1 : libspdm_secured_message_set_request_finished_key(
1632 : session_info->secured_message_context, m_dummy_buffer,
1633 : hash_size);
1634 1 : libspdm_secured_message_set_session_state(
1635 : session_info->secured_message_context,
1636 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1637 1 : session_info->mut_auth_requested = 1;
1638 :
1639 1 : spdm_context->connection_info.capability.flags |=
1640 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1641 1 : spdm_context->local_context.capability.flags |=
1642 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1643 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1644 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1645 1 : req_asym_signature_size =
1646 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1647 1 : ptr = m_libspdm_finish_request3.signature;
1648 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1649 1 : cert_buffer = (uint8_t *)data1;
1650 1 : cert_buffer_size = data_size1;
1651 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1652 : cert_buffer_hash);
1653 1 : cert_buffer = (uint8_t *)data2;
1654 1 : cert_buffer_size = data_size2;
1655 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1656 : req_cert_buffer_hash);
1657 : /* transcript.message_a size is 0*/
1658 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1659 : /* session_transcript.message_k is 0*/
1660 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1661 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
1662 : sizeof(spdm_finish_request_t));
1663 :
1664 1 : libspdm_requester_data_sign(
1665 : spdm_context,
1666 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
1667 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
1668 1 : false, libspdm_get_managed_buffer(&th_curr),
1669 : libspdm_get_managed_buffer_size(&th_curr),
1670 : ptr, &req_asym_signature_size);
1671 :
1672 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1673 1 : ptr += req_asym_signature_size;
1674 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1675 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1676 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1677 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1678 : request_finished_key, hash_size, ptr);
1679 1 : libspdm_set_mem(m_libspdm_finish_request3.signature,
1680 : req_asym_signature_size, (uint8_t) 0x00); /*zero signature*/
1681 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
1682 1 : req_asym_signature_size + hmac_size;
1683 1 : response_size = sizeof(response);
1684 1 : status = libspdm_get_response_finish(spdm_context,
1685 : m_libspdm_finish_request3_size,
1686 : &m_libspdm_finish_request3,
1687 : &response_size, response);
1688 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1689 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1690 1 : spdm_response = (void *)response;
1691 1 : assert_int_equal(spdm_response->header.request_response_code,
1692 : SPDM_ERROR);
1693 1 : assert_int_equal(spdm_response->header.param1,
1694 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1695 1 : assert_int_equal(spdm_response->header.param2, 0);
1696 1 : free(data1);
1697 1 : free(data2);
1698 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
1699 1 : }
1700 :
1701 : /**
1702 : * Test 16: receiving a FINISH message from the requester with an incorrect
1703 : * signature (arbitrary), but a correct MAC.
1704 : * Expected behavior: the responder refuses the FINISH message and produces
1705 : * an ERROR message indicating the DecryptError.
1706 : **/
1707 1 : void rsp_finish_rsp_case16(void **state)
1708 : {
1709 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1710 : libspdm_return_t status;
1711 : libspdm_test_context_t *spdm_test_context;
1712 : libspdm_context_t *spdm_context;
1713 : size_t response_size;
1714 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1715 : spdm_finish_response_t *spdm_response;
1716 : void *data1;
1717 : size_t data_size1;
1718 : void *data2;
1719 : size_t data_size2;
1720 : uint8_t *ptr;
1721 : uint8_t *cert_buffer;
1722 : size_t cert_buffer_size;
1723 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1724 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1725 : uint8_t random_buffer[LIBSPDM_MAX_HASH_SIZE];
1726 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1727 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1728 : libspdm_session_info_t *session_info;
1729 : uint32_t session_id;
1730 : uint32_t hash_size;
1731 : uint32_t hmac_size;
1732 : size_t req_asym_signature_size;
1733 :
1734 1 : spdm_test_context = *state;
1735 1 : spdm_context = spdm_test_context->spdm_context;
1736 1 : spdm_test_context->case_id = 0x10;
1737 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1738 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1739 1 : spdm_context->connection_info.connection_state =
1740 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1741 1 : spdm_context->connection_info.capability.flags |=
1742 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1743 1 : spdm_context->local_context.capability.flags |=
1744 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1745 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1746 : m_libspdm_use_hash_algo;
1747 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1748 : m_libspdm_use_asym_algo;
1749 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
1750 : m_libspdm_use_req_asym_algo;
1751 1 : spdm_context->connection_info.algorithm.measurement_spec =
1752 : m_libspdm_use_measurement_spec;
1753 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1754 : m_libspdm_use_measurement_hash_algo;
1755 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1756 : m_libspdm_use_dhe_algo;
1757 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1758 : m_libspdm_use_aead_algo;
1759 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1760 : m_libspdm_use_asym_algo, &data1,
1761 : &data_size1, NULL, NULL);
1762 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1763 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1764 : data_size1;
1765 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1766 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1767 : data_size1;
1768 :
1769 1 : libspdm_reset_message_a(spdm_context);
1770 1 : spdm_context->local_context.mut_auth_requested = 1;
1771 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1772 : m_libspdm_use_req_asym_algo, &data2,
1773 : &data_size2, NULL, NULL);
1774 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1775 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1776 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1777 : data2, data_size2);
1778 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
1779 : data_size2;
1780 : #endif
1781 :
1782 1 : session_id = 0xFFFFFFFF;
1783 1 : spdm_context->latest_session_id = session_id;
1784 1 : session_info = &spdm_context->session_info[0];
1785 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1786 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1787 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1788 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1789 1 : libspdm_secured_message_set_request_finished_key(
1790 : session_info->secured_message_context, m_dummy_buffer,
1791 : hash_size);
1792 1 : libspdm_secured_message_set_session_state(
1793 : session_info->secured_message_context,
1794 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1795 1 : session_info->mut_auth_requested = 1;
1796 :
1797 1 : spdm_context->connection_info.capability.flags |=
1798 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1799 1 : spdm_context->local_context.capability.flags |=
1800 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1801 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1802 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1803 1 : req_asym_signature_size =
1804 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1805 1 : ptr = m_libspdm_finish_request3.signature;
1806 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1807 1 : cert_buffer = (uint8_t *)data1;
1808 1 : cert_buffer_size = data_size1;
1809 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1810 : cert_buffer_hash);
1811 1 : cert_buffer = (uint8_t *)data2;
1812 1 : cert_buffer_size = data_size2;
1813 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1814 : req_cert_buffer_hash);
1815 : /* transcript.message_a size is 0*/
1816 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1817 : /* session_transcript.message_k is 0*/
1818 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1819 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
1820 : sizeof(spdm_finish_request_t));
1821 : /*randomize signature*/
1822 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1823 : libspdm_get_managed_buffer_size(&th_curr), random_buffer);
1824 :
1825 1 : libspdm_requester_data_sign(
1826 : spdm_context,
1827 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
1828 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
1829 : false, random_buffer, hash_size, ptr, &req_asym_signature_size);
1830 :
1831 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1832 1 : ptr += req_asym_signature_size;
1833 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1834 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1835 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1836 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1837 : request_finished_key, hash_size, ptr);
1838 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
1839 1 : req_asym_signature_size + hmac_size;
1840 1 : response_size = sizeof(response);
1841 1 : status = libspdm_get_response_finish(spdm_context,
1842 : m_libspdm_finish_request3_size,
1843 : &m_libspdm_finish_request3,
1844 : &response_size, response);
1845 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1846 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1847 1 : spdm_response = (void *)response;
1848 1 : assert_int_equal(spdm_response->header.request_response_code,
1849 : SPDM_ERROR);
1850 1 : assert_int_equal(spdm_response->header.param1,
1851 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1852 1 : assert_int_equal(spdm_response->header.param2, 0);
1853 1 : free(data1);
1854 1 : free(data2);
1855 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
1856 1 : }
1857 :
1858 : /**
1859 : * Test 17: receiving a correct FINISH from the requester.
1860 : * Expected behavior: the responder accepts the request and produces a valid FINISH
1861 : * response message, and buffer F receives the exchanged FINISH and FINISH_RSP messages.
1862 : **/
1863 1 : void rsp_finish_rsp_case17(void **state)
1864 : {
1865 : libspdm_return_t status;
1866 : libspdm_test_context_t *spdm_test_context;
1867 : libspdm_context_t *spdm_context;
1868 : size_t response_size;
1869 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1870 : spdm_finish_response_t *spdm_response;
1871 : void *data1;
1872 : size_t data_size1;
1873 : uint8_t *ptr;
1874 : uint8_t *cert_buffer;
1875 : size_t cert_buffer_size;
1876 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1877 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1878 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1879 : libspdm_session_info_t *session_info;
1880 : uint32_t session_id;
1881 : uint32_t hash_size;
1882 : uint32_t hmac_size;
1883 :
1884 1 : spdm_test_context = *state;
1885 1 : spdm_context = spdm_test_context->spdm_context;
1886 1 : spdm_test_context->case_id = 0x11;
1887 1 : spdm_context->connection_info.connection_state =
1888 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1889 1 : spdm_context->connection_info.capability.flags |=
1890 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1891 1 : spdm_context->local_context.capability.flags |=
1892 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1893 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1894 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1895 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1896 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1897 : m_libspdm_use_measurement_hash_algo;
1898 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1899 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1900 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1901 : m_libspdm_use_asym_algo, &data1,
1902 : &data_size1, NULL, NULL);
1903 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1904 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1905 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1906 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size = data_size1;
1907 :
1908 1 : libspdm_reset_message_a(spdm_context);
1909 1 : spdm_context->local_context.mut_auth_requested = 0;
1910 :
1911 1 : session_id = 0xFFFFFFFF;
1912 1 : spdm_context->latest_session_id = session_id;
1913 1 : session_info = &spdm_context->session_info[0];
1914 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1915 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1916 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1917 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1918 1 : libspdm_secured_message_set_request_finished_key(
1919 : session_info->secured_message_context, m_dummy_buffer, hash_size);
1920 1 : libspdm_secured_message_set_session_state(
1921 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1922 :
1923 1 : spdm_context->connection_info.capability.flags |=
1924 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1925 1 : spdm_context->local_context.capability.flags |=
1926 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1927 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1928 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1929 1 : ptr = m_libspdm_finish_request1.signature;
1930 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1931 1 : cert_buffer = (uint8_t *)data1;
1932 1 : cert_buffer_size = data_size1;
1933 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1934 : /* transcript.message_a size is 0*/
1935 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1936 : /* session_transcript.message_k is 0*/
1937 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1938 : sizeof(spdm_finish_request_t));
1939 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1940 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1941 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1942 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1943 : request_finished_key, hash_size, ptr);
1944 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1945 1 : response_size = sizeof(response);
1946 1 : status = libspdm_get_response_finish(
1947 : spdm_context, m_libspdm_finish_request1_size, &m_libspdm_finish_request1,
1948 : &response_size, response);
1949 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1950 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
1951 1 : spdm_response = (void *)response;
1952 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
1953 :
1954 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1955 : assert_int_equal(spdm_context->session_info[0].session_transcript.message_f.buffer_size,
1956 : m_libspdm_finish_request1_size + response_size);
1957 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer,
1958 : &m_libspdm_finish_request1, m_libspdm_finish_request1_size);
1959 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer +
1960 : m_libspdm_finish_request1_size,
1961 : response, response_size);
1962 : #endif
1963 :
1964 1 : free(data1);
1965 1 : }
1966 :
1967 : /**
1968 : * Test 18: receiving a correct FINISH message from the requester with
1969 : * correct MAC and signature (with mutual authentication), and 'handshake in
1970 : * the clear'. The slot_id for requester mutual authentication is 0xFF.
1971 : * Expected behavior: the responder accepts the request and produces a valid
1972 : * FINISH_RSP response message.
1973 : **/
1974 1 : void rsp_finish_rsp_case18(void **state)
1975 : {
1976 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1977 : libspdm_return_t status;
1978 : libspdm_test_context_t *spdm_test_context;
1979 : libspdm_context_t *spdm_context;
1980 : size_t response_size;
1981 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1982 : spdm_finish_response_t *spdm_response;
1983 : void *data1;
1984 : size_t data_size1;
1985 : void *data2;
1986 : size_t data_size2;
1987 : uint8_t *ptr;
1988 : uint8_t *cert_buffer;
1989 : size_t cert_buffer_size;
1990 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1991 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1992 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1993 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1994 : libspdm_session_info_t *session_info;
1995 : uint32_t session_id;
1996 : uint32_t hash_size;
1997 : uint32_t hmac_size;
1998 : size_t req_asym_signature_size;
1999 :
2000 1 : spdm_test_context = *state;
2001 1 : spdm_context = spdm_test_context->spdm_context;
2002 1 : spdm_test_context->case_id = 0x12;
2003 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2004 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2005 1 : spdm_context->connection_info.connection_state =
2006 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2007 1 : spdm_context->connection_info.capability.flags |=
2008 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2009 1 : spdm_context->local_context.capability.flags |=
2010 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2011 1 : spdm_context->connection_info.capability.flags |=
2012 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP;
2013 1 : spdm_context->local_context.capability.flags |=
2014 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP;
2015 1 : spdm_context->connection_info.capability.flags |=
2016 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2017 1 : spdm_context->local_context.capability.flags |=
2018 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2019 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2020 : m_libspdm_use_hash_algo;
2021 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2022 : m_libspdm_use_asym_algo;
2023 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2024 : m_libspdm_use_req_asym_algo;
2025 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2026 : m_libspdm_use_dhe_algo;
2027 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2028 : m_libspdm_use_aead_algo;
2029 1 : libspdm_read_responder_public_key(m_libspdm_use_asym_algo, &data1, &data_size1);
2030 1 : spdm_context->local_context.local_public_key_provision = data1;
2031 1 : spdm_context->local_context.local_public_key_provision_size = data_size1;
2032 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2033 1 : libspdm_read_requester_public_key(m_libspdm_use_req_asym_algo, &data2, &data_size2);
2034 1 : spdm_context->local_context.peer_public_key_provision = data2;
2035 1 : spdm_context->local_context.peer_public_key_provision_size = data_size2;
2036 :
2037 1 : spdm_context->encap_context.req_slot_id = 0xFF;
2038 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0xFF;
2039 1 : spdm_context->connection_info.local_used_cert_chain_slot_id = 0xFF;
2040 :
2041 1 : libspdm_reset_message_a(spdm_context);
2042 :
2043 1 : session_id = 0xFFFFFFFF;
2044 1 : spdm_context->latest_session_id = session_id;
2045 1 : session_info = &spdm_context->session_info[0];
2046 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2047 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2048 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2049 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2050 1 : libspdm_secured_message_set_request_finished_key(
2051 : session_info->secured_message_context, m_dummy_buffer,
2052 : hash_size);
2053 1 : libspdm_secured_message_set_session_state(
2054 : session_info->secured_message_context,
2055 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2056 1 : session_info->mut_auth_requested = 1;
2057 :
2058 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2059 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2060 1 : req_asym_signature_size =
2061 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2062 1 : ptr = m_libspdm_finish_request4.signature;
2063 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2064 1 : cert_buffer = (uint8_t *)data1;
2065 1 : cert_buffer_size = data_size1;
2066 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2067 : cert_buffer_hash);
2068 1 : cert_buffer = (uint8_t *)data2;
2069 1 : cert_buffer_size = data_size2;
2070 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2071 : req_cert_buffer_hash);
2072 : /* transcript.message_a size is 0*/
2073 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2074 : /* session_transcript.message_k is 0*/
2075 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2076 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request4,
2077 : sizeof(spdm_finish_request_t));
2078 :
2079 1 : libspdm_requester_data_sign(
2080 : spdm_context,
2081 1 : m_libspdm_finish_request4.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2082 : SPDM_FINISH,
2083 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2084 1 : false, libspdm_get_managed_buffer(&th_curr),
2085 : libspdm_get_managed_buffer_size(&th_curr),
2086 : ptr, &req_asym_signature_size);
2087 :
2088 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2089 1 : ptr += req_asym_signature_size;
2090 :
2091 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2092 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2093 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2094 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2095 : request_finished_key, hash_size, ptr);
2096 1 : m_libspdm_finish_request4_size = sizeof(spdm_finish_request_t) +
2097 1 : req_asym_signature_size + hmac_size;
2098 1 : response_size = sizeof(response);
2099 1 : status = libspdm_get_response_finish(spdm_context,
2100 : m_libspdm_finish_request4_size,
2101 : &m_libspdm_finish_request4,
2102 : &response_size, response);
2103 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2104 1 : assert_int_equal(response_size,
2105 : sizeof(spdm_finish_response_t) + hmac_size);
2106 1 : spdm_response = (void *)response;
2107 1 : assert_int_equal(spdm_response->header.request_response_code,
2108 : SPDM_FINISH_RSP);
2109 1 : free(data1);
2110 1 : free(data2);
2111 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
2112 1 : }
2113 :
2114 : /**
2115 : * Test 19: receiving a invalid FINISH request message, enable mutual authentication without using the encapsulated request flow,
2116 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
2117 : * SlotID in FINISH request message is 10, but it shall be 0xFF or between 0 and 7 inclusive.
2118 : * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
2119 : **/
2120 1 : void rsp_finish_rsp_case19(void **state)
2121 : {
2122 : libspdm_return_t status;
2123 : libspdm_test_context_t *spdm_test_context;
2124 : libspdm_context_t *spdm_context;
2125 : size_t response_size;
2126 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2127 : spdm_finish_response_t *spdm_response;
2128 : void *data1;
2129 : size_t data_size1;
2130 : void *data2;
2131 : size_t data_size2;
2132 : uint8_t *ptr;
2133 : uint8_t *cert_buffer;
2134 : size_t cert_buffer_size;
2135 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2136 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2137 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2138 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2139 : libspdm_session_info_t *session_info;
2140 : uint32_t session_id;
2141 : uint32_t hash_size;
2142 : uint32_t hmac_size;
2143 : size_t req_asym_signature_size;
2144 :
2145 1 : spdm_test_context = *state;
2146 1 : spdm_context = spdm_test_context->spdm_context;
2147 1 : spdm_test_context->case_id = 0x13;
2148 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2149 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2150 1 : spdm_context->connection_info.connection_state =
2151 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2152 1 : spdm_context->connection_info.capability.flags |=
2153 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2154 1 : spdm_context->local_context.capability.flags |=
2155 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2156 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2157 : m_libspdm_use_hash_algo;
2158 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2159 : m_libspdm_use_asym_algo;
2160 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2161 : m_libspdm_use_req_asym_algo;
2162 1 : spdm_context->connection_info.algorithm.measurement_spec =
2163 : m_libspdm_use_measurement_spec;
2164 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2165 : m_libspdm_use_measurement_hash_algo;
2166 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2167 : m_libspdm_use_dhe_algo;
2168 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2169 : m_libspdm_use_aead_algo;
2170 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2171 : m_libspdm_use_asym_algo, &data1,
2172 : &data_size1, NULL, NULL);
2173 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2174 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2175 : data_size1;
2176 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2177 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2178 : data_size1;
2179 :
2180 1 : libspdm_reset_message_a(spdm_context);
2181 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2182 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2183 : m_libspdm_use_req_asym_algo, &data2,
2184 : &data_size2, NULL, NULL);
2185 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2186 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2187 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2188 : data2, data_size2);
2189 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2190 : data_size2;
2191 : #else
2192 1 : libspdm_hash_all(
2193 : spdm_context->connection_info.algorithm.base_hash_algo,
2194 : data2, data_size2,
2195 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2196 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2197 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2198 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2199 : spdm_context->connection_info.algorithm.base_hash_algo,
2200 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2201 : data2,
2202 : data_size2,
2203 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2204 : #endif
2205 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2206 :
2207 1 : session_id = 0xFFFFFFFF;
2208 1 : spdm_context->latest_session_id = session_id;
2209 1 : session_info = &spdm_context->session_info[0];
2210 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2211 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2212 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2213 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2214 1 : libspdm_secured_message_set_request_finished_key(
2215 : session_info->secured_message_context, m_dummy_buffer,
2216 : hash_size);
2217 1 : libspdm_secured_message_set_session_state(
2218 : session_info->secured_message_context,
2219 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2220 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2221 :
2222 1 : spdm_context->connection_info.capability.flags |=
2223 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2224 1 : spdm_context->local_context.capability.flags |=
2225 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2226 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2227 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2228 1 : req_asym_signature_size =
2229 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2230 1 : ptr = m_libspdm_finish_request5.signature;
2231 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2232 1 : cert_buffer = (uint8_t *)data1;
2233 1 : cert_buffer_size = data_size1;
2234 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2235 : cert_buffer_hash);
2236 1 : cert_buffer = (uint8_t *)data2;
2237 1 : cert_buffer_size = data_size2;
2238 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2239 : req_cert_buffer_hash);
2240 : /* transcript.message_a size is 0*/
2241 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2242 : /* session_transcript.message_k is 0*/
2243 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2244 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request5,
2245 : sizeof(spdm_finish_request_t));
2246 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2247 1 : libspdm_requester_data_sign(
2248 : spdm_context,
2249 1 : m_libspdm_finish_request5.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
2250 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2251 1 : false, libspdm_get_managed_buffer(&th_curr),
2252 : libspdm_get_managed_buffer_size(&th_curr),
2253 : ptr, &req_asym_signature_size);
2254 : #endif
2255 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2256 1 : ptr += req_asym_signature_size;
2257 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2258 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2259 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2260 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2261 : request_finished_key, hash_size, ptr);
2262 1 : m_libspdm_finish_request5_size = sizeof(spdm_finish_request_t) +
2263 1 : req_asym_signature_size + hmac_size;
2264 1 : response_size = sizeof(response);
2265 1 : status = libspdm_get_response_finish(spdm_context,
2266 : m_libspdm_finish_request5_size,
2267 : &m_libspdm_finish_request5,
2268 : &response_size, response);
2269 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2270 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2271 1 : spdm_response = (void *)response;
2272 1 : assert_int_equal(spdm_response->header.request_response_code,
2273 : SPDM_ERROR);
2274 1 : assert_int_equal(spdm_response->header.param1,
2275 : SPDM_ERROR_CODE_INVALID_REQUEST);
2276 1 : assert_int_equal(spdm_response->header.param2, 0);
2277 1 : free(data1);
2278 1 : free(data2);
2279 1 : }
2280 :
2281 : /**
2282 : * Test 20: receiving a invalid FINISH request message, enable mutual authentication with using the encapsulated request flow,
2283 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x02.
2284 : * SlotID in FINISH request message is 3, but it shall match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
2285 : * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
2286 : **/
2287 1 : void rsp_finish_rsp_case20(void **state)
2288 : {
2289 : libspdm_return_t status;
2290 : libspdm_test_context_t *spdm_test_context;
2291 : libspdm_context_t *spdm_context;
2292 : size_t response_size;
2293 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2294 : spdm_finish_response_t *spdm_response;
2295 : void *data1;
2296 : size_t data_size1;
2297 : void *data2;
2298 : size_t data_size2;
2299 : uint8_t *ptr;
2300 : uint8_t *cert_buffer;
2301 : size_t cert_buffer_size;
2302 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2303 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2304 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2305 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2306 : libspdm_session_info_t *session_info;
2307 : uint32_t session_id;
2308 : uint32_t hash_size;
2309 : uint32_t hmac_size;
2310 : size_t req_asym_signature_size;
2311 :
2312 1 : spdm_test_context = *state;
2313 1 : spdm_context = spdm_test_context->spdm_context;
2314 1 : spdm_test_context->case_id = 0x14;
2315 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2316 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2317 1 : spdm_context->connection_info.connection_state =
2318 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2319 1 : spdm_context->connection_info.capability.flags |=
2320 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2321 1 : spdm_context->local_context.capability.flags |=
2322 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2323 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2324 : m_libspdm_use_hash_algo;
2325 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2326 : m_libspdm_use_asym_algo;
2327 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2328 : m_libspdm_use_req_asym_algo;
2329 1 : spdm_context->connection_info.algorithm.measurement_spec =
2330 : m_libspdm_use_measurement_spec;
2331 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2332 : m_libspdm_use_measurement_hash_algo;
2333 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2334 : m_libspdm_use_dhe_algo;
2335 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2336 : m_libspdm_use_aead_algo;
2337 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2338 : m_libspdm_use_asym_algo, &data1,
2339 : &data_size1, NULL, NULL);
2340 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2341 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2342 : data_size1;
2343 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2344 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2345 : data_size1;
2346 :
2347 1 : libspdm_reset_message_a(spdm_context);
2348 1 : spdm_context->local_context.mut_auth_requested =
2349 : SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
2350 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2351 : m_libspdm_use_req_asym_algo, &data2,
2352 : &data_size2, NULL, NULL);
2353 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2354 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2355 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2356 : data2, data_size2);
2357 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2358 : data_size2;
2359 : #else
2360 1 : libspdm_hash_all(
2361 : spdm_context->connection_info.algorithm.base_hash_algo,
2362 : data2, data_size2,
2363 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2364 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2365 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2366 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2367 : spdm_context->connection_info.algorithm.base_hash_algo,
2368 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2369 : data2,
2370 : data_size2,
2371 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2372 : #endif
2373 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2374 :
2375 1 : session_id = 0xFFFFFFFF;
2376 1 : spdm_context->latest_session_id = session_id;
2377 1 : session_info = &spdm_context->session_info[0];
2378 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2379 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2380 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2381 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2382 1 : libspdm_secured_message_set_request_finished_key(
2383 : session_info->secured_message_context, m_dummy_buffer,
2384 : hash_size);
2385 1 : libspdm_secured_message_set_session_state(
2386 : session_info->secured_message_context,
2387 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2388 1 : session_info->mut_auth_requested =
2389 : SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
2390 :
2391 1 : spdm_context->connection_info.capability.flags |=
2392 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2393 1 : spdm_context->local_context.capability.flags |=
2394 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2395 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2396 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2397 1 : req_asym_signature_size =
2398 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2399 1 : ptr = m_libspdm_finish_request7.signature;
2400 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2401 1 : cert_buffer = (uint8_t *)data1;
2402 1 : cert_buffer_size = data_size1;
2403 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2404 : cert_buffer_hash);
2405 1 : cert_buffer = (uint8_t *)data2;
2406 1 : cert_buffer_size = data_size2;
2407 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2408 : req_cert_buffer_hash);
2409 : /* transcript.message_a size is 0*/
2410 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2411 : /* session_transcript.message_k is 0*/
2412 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2413 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
2414 : sizeof(spdm_finish_request_t));
2415 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2416 1 : libspdm_requester_data_sign(
2417 : spdm_context,
2418 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
2419 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2420 1 : false, libspdm_get_managed_buffer(&th_curr),
2421 : libspdm_get_managed_buffer_size(&th_curr),
2422 : ptr, &req_asym_signature_size);
2423 : #endif
2424 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2425 1 : ptr += req_asym_signature_size;
2426 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2427 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2428 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2429 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2430 : request_finished_key, hash_size, ptr);
2431 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2432 1 : req_asym_signature_size + hmac_size;
2433 1 : response_size = sizeof(response);
2434 1 : status = libspdm_get_response_finish(spdm_context,
2435 : m_libspdm_finish_request7_size,
2436 : &m_libspdm_finish_request7,
2437 : &response_size, response);
2438 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2439 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2440 1 : spdm_response = (void *)response;
2441 1 : assert_int_equal(spdm_response->header.request_response_code,
2442 : SPDM_ERROR);
2443 1 : assert_int_equal(spdm_response->header.param1,
2444 : SPDM_ERROR_CODE_INVALID_REQUEST);
2445 1 : assert_int_equal(spdm_response->header.param2, 0);
2446 1 : free(data1);
2447 1 : free(data2);
2448 1 : }
2449 :
2450 : /**
2451 : * Test 21: receiving a valid FINISH request message, due to disable mutual authentication,
2452 : * although SlotID in FINISH request message is 10, it shall be ignored when read.
2453 : * Expected behavior: the responder accepts the request and produces a valid
2454 : * FINISH_RSP response message.
2455 : **/
2456 1 : void rsp_finish_rsp_case21(void **state)
2457 : {
2458 : libspdm_return_t status;
2459 : libspdm_test_context_t *spdm_test_context;
2460 : libspdm_context_t *spdm_context;
2461 : size_t response_size;
2462 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2463 : spdm_finish_response_t *spdm_response;
2464 : void *data1;
2465 : size_t data_size1;
2466 : uint8_t *ptr;
2467 : uint8_t *cert_buffer;
2468 : size_t cert_buffer_size;
2469 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2470 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2471 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2472 : libspdm_session_info_t *session_info;
2473 : uint32_t session_id;
2474 : uint32_t hash_size;
2475 : uint32_t hmac_size;
2476 :
2477 1 : spdm_test_context = *state;
2478 1 : spdm_context = spdm_test_context->spdm_context;
2479 1 : spdm_test_context->case_id = 0x15;
2480 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2481 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2482 1 : spdm_context->connection_info.connection_state =
2483 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2484 1 : spdm_context->connection_info.capability.flags |=
2485 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2486 1 : spdm_context->local_context.capability.flags |=
2487 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2488 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2489 : m_libspdm_use_hash_algo;
2490 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2491 : m_libspdm_use_asym_algo;
2492 1 : spdm_context->connection_info.algorithm.measurement_spec =
2493 : m_libspdm_use_measurement_spec;
2494 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2495 : m_libspdm_use_measurement_hash_algo;
2496 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2497 : m_libspdm_use_dhe_algo;
2498 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2499 : m_libspdm_use_aead_algo;
2500 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2501 : m_libspdm_use_asym_algo, &data1,
2502 : &data_size1, NULL, NULL);
2503 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2504 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2505 : data_size1;
2506 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2507 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2508 : data_size1;
2509 :
2510 1 : libspdm_reset_message_a(spdm_context);
2511 1 : spdm_context->local_context.mut_auth_requested = 0;
2512 :
2513 1 : session_id = 0xFFFFFFFF;
2514 1 : spdm_context->latest_session_id = session_id;
2515 1 : session_info = &spdm_context->session_info[0];
2516 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2517 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2518 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2519 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2520 1 : libspdm_secured_message_set_request_finished_key(
2521 : session_info->secured_message_context, m_dummy_buffer,
2522 : hash_size);
2523 1 : libspdm_secured_message_set_session_state(
2524 : session_info->secured_message_context,
2525 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2526 1 : session_info->mut_auth_requested = 0;
2527 :
2528 1 : spdm_context->connection_info.capability.flags |=
2529 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2530 1 : spdm_context->local_context.capability.flags |=
2531 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2532 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2533 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2534 1 : ptr = m_libspdm_finish_request6.signature;
2535 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2536 1 : cert_buffer = (uint8_t *)data1;
2537 1 : cert_buffer_size = data_size1;
2538 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2539 : cert_buffer_hash);
2540 : /* transcript.message_a size is 0*/
2541 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2542 : /* session_transcript.message_k is 0*/
2543 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request6,
2544 : sizeof(spdm_finish_request_t));
2545 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2546 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2547 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2548 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2549 : request_finished_key, hash_size, ptr);
2550 1 : m_libspdm_finish_request6_size = sizeof(spdm_finish_request_t) + hmac_size;
2551 1 : response_size = sizeof(response);
2552 1 : status = libspdm_get_response_finish(spdm_context,
2553 : m_libspdm_finish_request6_size,
2554 : &m_libspdm_finish_request6,
2555 : &response_size, response);
2556 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2557 1 : spdm_response = (void *)response;
2558 1 : assert_int_equal(spdm_response->header.request_response_code,
2559 : SPDM_FINISH_RSP);
2560 1 : assert_int_equal(response_size,
2561 : sizeof(spdm_finish_response_t) + hmac_size);
2562 1 : free(data1);
2563 1 : }
2564 :
2565 : /**
2566 : * Test 22: receiving a valid FINISH request message, enable mutual authentication without using the encapsulated request flow,
2567 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
2568 : * although SlotID in FINISH request message is 3, it no need match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
2569 : * Expected behavior: the responder accepts the request and produces a valid
2570 : * FINISH_RSP response message.
2571 : **/
2572 1 : void rsp_finish_rsp_case22(void **state)
2573 : {
2574 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2575 : libspdm_return_t status;
2576 : libspdm_test_context_t *spdm_test_context;
2577 : libspdm_context_t *spdm_context;
2578 : size_t response_size;
2579 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2580 : spdm_finish_response_t *spdm_response;
2581 : void *data1;
2582 : size_t data_size1;
2583 : void *data2;
2584 : size_t data_size2;
2585 : uint8_t *ptr;
2586 : uint8_t *cert_buffer;
2587 : size_t cert_buffer_size;
2588 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2589 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2590 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2591 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2592 : libspdm_session_info_t *session_info;
2593 : uint32_t session_id;
2594 : uint32_t hash_size;
2595 : uint32_t hmac_size;
2596 : size_t req_asym_signature_size;
2597 :
2598 1 : spdm_test_context = *state;
2599 1 : spdm_context = spdm_test_context->spdm_context;
2600 1 : spdm_test_context->case_id = 0x16;
2601 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2602 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2603 1 : spdm_context->connection_info.connection_state =
2604 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2605 1 : spdm_context->connection_info.capability.flags |=
2606 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2607 1 : spdm_context->local_context.capability.flags |=
2608 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2609 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2610 : m_libspdm_use_hash_algo;
2611 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2612 : m_libspdm_use_asym_algo;
2613 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2614 : m_libspdm_use_req_asym_algo;
2615 1 : spdm_context->connection_info.algorithm.measurement_spec =
2616 : m_libspdm_use_measurement_spec;
2617 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2618 : m_libspdm_use_measurement_hash_algo;
2619 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2620 : m_libspdm_use_dhe_algo;
2621 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2622 : m_libspdm_use_aead_algo;
2623 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2624 : m_libspdm_use_asym_algo, &data1,
2625 : &data_size1, NULL, NULL);
2626 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2627 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2628 : data_size1;
2629 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2630 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2631 : data_size1;
2632 :
2633 1 : libspdm_reset_message_a(spdm_context);
2634 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2635 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2636 : m_libspdm_use_req_asym_algo, &data2,
2637 : &data_size2, NULL, NULL);
2638 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2639 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2640 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2641 : data2, data_size2);
2642 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2643 : data_size2;
2644 : #else
2645 1 : libspdm_hash_all(
2646 : spdm_context->connection_info.algorithm.base_hash_algo,
2647 : data2, data_size2,
2648 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2649 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2650 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2651 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2652 : spdm_context->connection_info.algorithm.base_hash_algo,
2653 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2654 : data2,
2655 : data_size2,
2656 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2657 : #endif
2658 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2659 :
2660 1 : session_id = 0xFFFFFFFF;
2661 1 : spdm_context->latest_session_id = session_id;
2662 1 : session_info = &spdm_context->session_info[0];
2663 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2664 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2665 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2666 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2667 1 : libspdm_secured_message_set_request_finished_key(
2668 : session_info->secured_message_context, m_dummy_buffer,
2669 : hash_size);
2670 1 : libspdm_secured_message_set_session_state(
2671 : session_info->secured_message_context,
2672 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2673 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2674 :
2675 1 : spdm_context->connection_info.capability.flags |=
2676 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2677 1 : spdm_context->local_context.capability.flags |=
2678 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2679 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2680 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2681 1 : req_asym_signature_size =
2682 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2683 1 : ptr = m_libspdm_finish_request7.signature;
2684 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2685 1 : cert_buffer = (uint8_t *)data1;
2686 1 : cert_buffer_size = data_size1;
2687 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2688 : cert_buffer_hash);
2689 1 : cert_buffer = (uint8_t *)data2;
2690 1 : cert_buffer_size = data_size2;
2691 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2692 : req_cert_buffer_hash);
2693 : /* transcript.message_a size is 0*/
2694 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2695 : /* session_transcript.message_k is 0*/
2696 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2697 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
2698 : sizeof(spdm_finish_request_t));
2699 :
2700 1 : libspdm_requester_data_sign(
2701 : spdm_context,
2702 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
2703 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2704 1 : false, libspdm_get_managed_buffer(&th_curr),
2705 : libspdm_get_managed_buffer_size(&th_curr),
2706 : ptr, &req_asym_signature_size);
2707 :
2708 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2709 1 : ptr += req_asym_signature_size;
2710 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2711 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2712 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2713 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2714 : request_finished_key, hash_size, ptr);
2715 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2716 1 : req_asym_signature_size + hmac_size;
2717 1 : response_size = sizeof(response);
2718 1 : status = libspdm_get_response_finish(spdm_context,
2719 : m_libspdm_finish_request7_size,
2720 : &m_libspdm_finish_request7,
2721 : &response_size, response);
2722 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2723 1 : spdm_response = (void *)response;
2724 1 : assert_int_equal(spdm_response->header.request_response_code,
2725 : SPDM_FINISH_RSP);
2726 1 : assert_int_equal(response_size,
2727 : sizeof(spdm_finish_response_t) + hmac_size);
2728 1 : free(data1);
2729 1 : free(data2);
2730 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
2731 1 : }
2732 :
2733 : /**
2734 : * Test 23: Same as test case 22 but test signature endianness.
2735 : * Big-Endian Sign. Little-Endian Verify.
2736 : * Expecting signature to fail.
2737 : **/
2738 1 : void rsp_finish_rsp_case23(void** state)
2739 : {
2740 : libspdm_return_t status;
2741 : libspdm_test_context_t* spdm_test_context;
2742 : libspdm_context_t* spdm_context;
2743 : size_t response_size;
2744 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2745 : spdm_finish_response_t* spdm_response;
2746 : void* data1;
2747 : size_t data_size1;
2748 : void* data2;
2749 : size_t data_size2;
2750 : uint8_t* ptr;
2751 : uint8_t* cert_buffer;
2752 : size_t cert_buffer_size;
2753 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2754 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2755 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2756 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2757 : libspdm_session_info_t* session_info;
2758 : uint32_t session_id;
2759 : uint32_t hash_size;
2760 : uint32_t hmac_size;
2761 : size_t req_asym_signature_size;
2762 :
2763 1 : spdm_test_context = *state;
2764 1 : spdm_context = spdm_test_context->spdm_context;
2765 1 : spdm_test_context->case_id = 23;
2766 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2767 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2768 1 : spdm_context->connection_info.connection_state =
2769 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2770 1 : spdm_context->connection_info.capability.flags |=
2771 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2772 1 : spdm_context->local_context.capability.flags |=
2773 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2774 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2775 : m_libspdm_use_hash_algo;
2776 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2777 : m_libspdm_use_asym_algo;
2778 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2779 : m_libspdm_use_req_asym_algo;
2780 1 : spdm_context->connection_info.algorithm.measurement_spec =
2781 : m_libspdm_use_measurement_spec;
2782 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2783 : m_libspdm_use_measurement_hash_algo;
2784 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2785 : m_libspdm_use_dhe_algo;
2786 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2787 : m_libspdm_use_aead_algo;
2788 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2789 : m_libspdm_use_asym_algo, &data1,
2790 : &data_size1, NULL, NULL);
2791 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2792 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2793 : data_size1;
2794 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2795 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2796 : data_size1;
2797 1 : spdm_context->spdm_10_11_verify_signature_endian =
2798 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
2799 :
2800 1 : libspdm_reset_message_a(spdm_context);
2801 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2802 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2803 : m_libspdm_use_req_asym_algo, &data2,
2804 : &data_size2, NULL, NULL);
2805 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2806 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2807 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2808 : data2, data_size2);
2809 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2810 : data_size2;
2811 : #else
2812 1 : libspdm_hash_all(
2813 : spdm_context->connection_info.algorithm.base_hash_algo,
2814 : data2, data_size2,
2815 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2816 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2817 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2818 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2819 : spdm_context->connection_info.algorithm.base_hash_algo,
2820 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2821 : data2,
2822 : data_size2,
2823 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2824 : #endif
2825 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2826 :
2827 1 : session_id = 0xFFFFFFFF;
2828 1 : spdm_context->latest_session_id = session_id;
2829 1 : session_info = &spdm_context->session_info[0];
2830 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2831 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2832 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2833 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2834 1 : libspdm_secured_message_set_request_finished_key(
2835 : session_info->secured_message_context, m_dummy_buffer,
2836 : hash_size);
2837 1 : libspdm_secured_message_set_session_state(
2838 : session_info->secured_message_context,
2839 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2840 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2841 :
2842 1 : spdm_context->connection_info.capability.flags |=
2843 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2844 1 : spdm_context->local_context.capability.flags |=
2845 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2846 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2847 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2848 1 : req_asym_signature_size =
2849 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2850 1 : ptr = m_libspdm_finish_request7.signature;
2851 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2852 1 : cert_buffer = (uint8_t*)data1;
2853 1 : cert_buffer_size = data_size1;
2854 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2855 : cert_buffer_hash);
2856 1 : cert_buffer = (uint8_t*)data2;
2857 1 : cert_buffer_size = data_size2;
2858 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2859 : req_cert_buffer_hash);
2860 : /* transcript.message_a size is 0*/
2861 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2862 : /* session_transcript.message_k is 0*/
2863 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2864 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
2865 : sizeof(spdm_finish_request_t));
2866 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2867 1 : libspdm_requester_data_sign(
2868 : spdm_context,
2869 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
2870 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2871 1 : false, libspdm_get_managed_buffer(&th_curr),
2872 : libspdm_get_managed_buffer_size(&th_curr),
2873 : ptr, &req_asym_signature_size);
2874 : #endif
2875 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2876 1 : ptr += req_asym_signature_size;
2877 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2878 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2879 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2880 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2881 : request_finished_key, hash_size, ptr);
2882 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2883 1 : req_asym_signature_size + hmac_size;
2884 1 : response_size = sizeof(response);
2885 1 : status = libspdm_get_response_finish(spdm_context,
2886 : m_libspdm_finish_request7_size,
2887 : &m_libspdm_finish_request7,
2888 : &response_size, response);
2889 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2890 1 : spdm_response = (void*)response;
2891 :
2892 : /* Expecting failure on little-endian signature */
2893 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
2894 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2895 1 : free(data1);
2896 1 : free(data2);
2897 1 : }
2898 :
2899 : /**
2900 : * Test 24: Same as test case 22 but test signature endianness.
2901 : * Big-Endian Sign. Big-Endian Verify.
2902 : * Expecting signature to PASS.
2903 : **/
2904 1 : void rsp_finish_rsp_case24(void** state)
2905 : {
2906 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2907 : libspdm_return_t status;
2908 : libspdm_test_context_t* spdm_test_context;
2909 : libspdm_context_t* spdm_context;
2910 : size_t response_size;
2911 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2912 : spdm_finish_response_t* spdm_response;
2913 : void* data1;
2914 : size_t data_size1;
2915 : void* data2;
2916 : size_t data_size2;
2917 : uint8_t* ptr;
2918 : uint8_t* cert_buffer;
2919 : size_t cert_buffer_size;
2920 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2921 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2922 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2923 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2924 : libspdm_session_info_t* session_info;
2925 : uint32_t session_id;
2926 : uint32_t hash_size;
2927 : uint32_t hmac_size;
2928 : size_t req_asym_signature_size;
2929 :
2930 1 : spdm_test_context = *state;
2931 1 : spdm_context = spdm_test_context->spdm_context;
2932 1 : spdm_test_context->case_id = 24;
2933 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2934 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2935 1 : spdm_context->connection_info.connection_state =
2936 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2937 1 : spdm_context->connection_info.capability.flags |=
2938 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2939 1 : spdm_context->local_context.capability.flags |=
2940 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2941 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2942 : m_libspdm_use_hash_algo;
2943 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2944 : m_libspdm_use_asym_algo;
2945 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2946 : m_libspdm_use_req_asym_algo;
2947 1 : spdm_context->connection_info.algorithm.measurement_spec =
2948 : m_libspdm_use_measurement_spec;
2949 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2950 : m_libspdm_use_measurement_hash_algo;
2951 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2952 : m_libspdm_use_dhe_algo;
2953 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2954 : m_libspdm_use_aead_algo;
2955 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2956 : m_libspdm_use_asym_algo, &data1,
2957 : &data_size1, NULL, NULL);
2958 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2959 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2960 : data_size1;
2961 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
2962 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
2963 : data_size1;
2964 1 : spdm_context->spdm_10_11_verify_signature_endian =
2965 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
2966 :
2967 1 : libspdm_reset_message_a(spdm_context);
2968 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2969 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2970 : m_libspdm_use_req_asym_algo, &data2,
2971 : &data_size2, NULL, NULL);
2972 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2973 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2974 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2975 : data2, data_size2);
2976 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2977 : data_size2;
2978 : #else
2979 1 : libspdm_hash_all(
2980 : spdm_context->connection_info.algorithm.base_hash_algo,
2981 : data2, data_size2,
2982 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2983 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2984 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2985 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2986 : spdm_context->connection_info.algorithm.base_hash_algo,
2987 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2988 : data2,
2989 : data_size2,
2990 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2991 : #endif
2992 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
2993 :
2994 1 : session_id = 0xFFFFFFFF;
2995 1 : spdm_context->latest_session_id = session_id;
2996 1 : session_info = &spdm_context->session_info[0];
2997 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2998 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2999 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3000 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3001 1 : libspdm_secured_message_set_request_finished_key(
3002 : session_info->secured_message_context, m_dummy_buffer,
3003 : hash_size);
3004 1 : libspdm_secured_message_set_session_state(
3005 : session_info->secured_message_context,
3006 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3007 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3008 :
3009 1 : spdm_context->connection_info.capability.flags |=
3010 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3011 1 : spdm_context->local_context.capability.flags |=
3012 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3013 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3014 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3015 1 : req_asym_signature_size =
3016 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3017 1 : ptr = m_libspdm_finish_request7.signature;
3018 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3019 1 : cert_buffer = (uint8_t*)data1;
3020 1 : cert_buffer_size = data_size1;
3021 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3022 : cert_buffer_hash);
3023 1 : cert_buffer = (uint8_t*)data2;
3024 1 : cert_buffer_size = data_size2;
3025 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3026 : req_cert_buffer_hash);
3027 : /* transcript.message_a size is 0*/
3028 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3029 : /* session_transcript.message_k is 0*/
3030 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3031 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3032 : sizeof(spdm_finish_request_t));
3033 :
3034 1 : libspdm_requester_data_sign(
3035 : spdm_context,
3036 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3037 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3038 1 : false, libspdm_get_managed_buffer(&th_curr),
3039 : libspdm_get_managed_buffer_size(&th_curr),
3040 : ptr, &req_asym_signature_size);
3041 :
3042 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3043 1 : ptr += req_asym_signature_size;
3044 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3045 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3046 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3047 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3048 : request_finished_key, hash_size, ptr);
3049 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3050 1 : req_asym_signature_size + hmac_size;
3051 1 : response_size = sizeof(response);
3052 1 : status = libspdm_get_response_finish(spdm_context,
3053 : m_libspdm_finish_request7_size,
3054 : &m_libspdm_finish_request7,
3055 : &response_size, response);
3056 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3057 1 : spdm_response = (void*)response;
3058 :
3059 : /* Expecting pass on big-endian signature */
3060 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3061 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3062 1 : free(data1);
3063 1 : free(data2);
3064 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3065 1 : }
3066 :
3067 : /**
3068 : * Test 25: Same as test case 22, but test signature endianness.
3069 : * Big Endian Sign. Big or Little Endian Verify.
3070 : * Expecting signature to PASS.
3071 : **/
3072 1 : void rsp_finish_rsp_case25(void** state)
3073 : {
3074 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3075 : libspdm_return_t status;
3076 : libspdm_test_context_t* spdm_test_context;
3077 : libspdm_context_t* spdm_context;
3078 : size_t response_size;
3079 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3080 : spdm_finish_response_t* spdm_response;
3081 : void* data1;
3082 : size_t data_size1;
3083 : void* data2;
3084 : size_t data_size2;
3085 : uint8_t* ptr;
3086 : uint8_t* cert_buffer;
3087 : size_t cert_buffer_size;
3088 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3089 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3090 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3091 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3092 : libspdm_session_info_t* session_info;
3093 : uint32_t session_id;
3094 : uint32_t hash_size;
3095 : uint32_t hmac_size;
3096 : size_t req_asym_signature_size;
3097 :
3098 1 : spdm_test_context = *state;
3099 1 : spdm_context = spdm_test_context->spdm_context;
3100 1 : spdm_test_context->case_id = 25;
3101 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3102 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3103 1 : spdm_context->connection_info.connection_state =
3104 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3105 1 : spdm_context->connection_info.capability.flags |=
3106 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3107 1 : spdm_context->local_context.capability.flags |=
3108 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3109 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3110 : m_libspdm_use_hash_algo;
3111 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3112 : m_libspdm_use_asym_algo;
3113 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3114 : m_libspdm_use_req_asym_algo;
3115 1 : spdm_context->connection_info.algorithm.measurement_spec =
3116 : m_libspdm_use_measurement_spec;
3117 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3118 : m_libspdm_use_measurement_hash_algo;
3119 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3120 : m_libspdm_use_dhe_algo;
3121 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3122 : m_libspdm_use_aead_algo;
3123 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3124 : m_libspdm_use_asym_algo, &data1,
3125 : &data_size1, NULL, NULL);
3126 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3127 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3128 : data_size1;
3129 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3130 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3131 : data_size1;
3132 1 : spdm_context->spdm_10_11_verify_signature_endian =
3133 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
3134 :
3135 1 : libspdm_reset_message_a(spdm_context);
3136 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3137 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3138 : m_libspdm_use_req_asym_algo, &data2,
3139 : &data_size2, NULL, NULL);
3140 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3141 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3142 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3143 : data2, data_size2);
3144 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3145 : data_size2;
3146 : #else
3147 1 : libspdm_hash_all(
3148 : spdm_context->connection_info.algorithm.base_hash_algo,
3149 : data2, data_size2,
3150 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3151 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3152 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3153 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3154 : spdm_context->connection_info.algorithm.base_hash_algo,
3155 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3156 : data2,
3157 : data_size2,
3158 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3159 : #endif
3160 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
3161 :
3162 1 : session_id = 0xFFFFFFFF;
3163 1 : spdm_context->latest_session_id = session_id;
3164 1 : session_info = &spdm_context->session_info[0];
3165 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3166 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3167 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3168 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3169 1 : libspdm_secured_message_set_request_finished_key(
3170 : session_info->secured_message_context, m_dummy_buffer,
3171 : hash_size);
3172 1 : libspdm_secured_message_set_session_state(
3173 : session_info->secured_message_context,
3174 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3175 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3176 :
3177 1 : spdm_context->connection_info.capability.flags |=
3178 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3179 1 : spdm_context->local_context.capability.flags |=
3180 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3181 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3182 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3183 1 : req_asym_signature_size =
3184 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3185 1 : ptr = m_libspdm_finish_request7.signature;
3186 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3187 1 : cert_buffer = (uint8_t*)data1;
3188 1 : cert_buffer_size = data_size1;
3189 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3190 : cert_buffer_hash);
3191 1 : cert_buffer = (uint8_t*)data2;
3192 1 : cert_buffer_size = data_size2;
3193 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3194 : req_cert_buffer_hash);
3195 : /* transcript.message_a size is 0*/
3196 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3197 : /* session_transcript.message_k is 0*/
3198 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3199 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3200 : sizeof(spdm_finish_request_t));
3201 :
3202 1 : libspdm_requester_data_sign(
3203 : spdm_context,
3204 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3205 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3206 1 : false, libspdm_get_managed_buffer(&th_curr),
3207 : libspdm_get_managed_buffer_size(&th_curr),
3208 : ptr, &req_asym_signature_size);
3209 :
3210 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3211 1 : ptr += req_asym_signature_size;
3212 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3213 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3214 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3215 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3216 : request_finished_key, hash_size, ptr);
3217 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3218 1 : req_asym_signature_size + hmac_size;
3219 1 : response_size = sizeof(response);
3220 1 : status = libspdm_get_response_finish(spdm_context,
3221 : m_libspdm_finish_request7_size,
3222 : &m_libspdm_finish_request7,
3223 : &response_size, response);
3224 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3225 1 : spdm_response = (void*)response;
3226 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3227 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3228 1 : free(data1);
3229 1 : free(data2);
3230 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3231 1 : }
3232 :
3233 : /**
3234 : * Test 26: Same as test case 22, but test endian verification.
3235 : * Sign as Little Endian, Verify as Little.
3236 : * Expecting signature to PASS.
3237 : **/
3238 1 : void rsp_finish_rsp_case26(void** state)
3239 : {
3240 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3241 : libspdm_return_t status;
3242 : libspdm_test_context_t* spdm_test_context;
3243 : libspdm_context_t* spdm_context;
3244 : size_t response_size;
3245 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3246 : spdm_finish_response_t* spdm_response;
3247 : void* data1;
3248 : size_t data_size1;
3249 : void* data2;
3250 : size_t data_size2;
3251 : uint8_t* ptr;
3252 : uint8_t* cert_buffer;
3253 : size_t cert_buffer_size;
3254 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3255 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3256 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3257 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3258 : libspdm_session_info_t* session_info;
3259 : uint32_t session_id;
3260 : uint32_t hash_size;
3261 : uint32_t hmac_size;
3262 : size_t req_asym_signature_size;
3263 :
3264 1 : spdm_test_context = *state;
3265 1 : spdm_context = spdm_test_context->spdm_context;
3266 1 : spdm_test_context->case_id = 26;
3267 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3268 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3269 1 : spdm_context->connection_info.connection_state =
3270 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3271 1 : spdm_context->connection_info.capability.flags |=
3272 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3273 1 : spdm_context->local_context.capability.flags |=
3274 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3275 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3276 : m_libspdm_use_hash_algo;
3277 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3278 : m_libspdm_use_asym_algo;
3279 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3280 : m_libspdm_use_req_asym_algo;
3281 1 : spdm_context->connection_info.algorithm.measurement_spec =
3282 : m_libspdm_use_measurement_spec;
3283 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3284 : m_libspdm_use_measurement_hash_algo;
3285 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3286 : m_libspdm_use_dhe_algo;
3287 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3288 : m_libspdm_use_aead_algo;
3289 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3290 : m_libspdm_use_asym_algo, &data1,
3291 : &data_size1, NULL, NULL);
3292 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3293 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3294 : data_size1;
3295 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3296 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3297 : data_size1;
3298 1 : spdm_context->spdm_10_11_verify_signature_endian =
3299 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
3300 :
3301 1 : libspdm_reset_message_a(spdm_context);
3302 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3303 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3304 : m_libspdm_use_req_asym_algo, &data2,
3305 : &data_size2, NULL, NULL);
3306 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3307 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3308 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3309 : data2, data_size2);
3310 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3311 : data_size2;
3312 : #else
3313 1 : libspdm_hash_all(
3314 : spdm_context->connection_info.algorithm.base_hash_algo,
3315 : data2, data_size2,
3316 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3317 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3318 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3319 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3320 : spdm_context->connection_info.algorithm.base_hash_algo,
3321 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3322 : data2,
3323 : data_size2,
3324 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3325 : #endif
3326 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
3327 :
3328 1 : session_id = 0xFFFFFFFF;
3329 1 : spdm_context->latest_session_id = session_id;
3330 1 : session_info = &spdm_context->session_info[0];
3331 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3332 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3333 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3334 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3335 1 : libspdm_secured_message_set_request_finished_key(
3336 : session_info->secured_message_context, m_dummy_buffer,
3337 : hash_size);
3338 1 : libspdm_secured_message_set_session_state(
3339 : session_info->secured_message_context,
3340 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3341 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3342 :
3343 1 : spdm_context->connection_info.capability.flags |=
3344 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3345 1 : spdm_context->local_context.capability.flags |=
3346 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3347 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3348 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3349 1 : req_asym_signature_size =
3350 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3351 1 : ptr = m_libspdm_finish_request7.signature;
3352 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3353 1 : cert_buffer = (uint8_t*)data1;
3354 1 : cert_buffer_size = data_size1;
3355 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3356 : cert_buffer_hash);
3357 1 : cert_buffer = (uint8_t*)data2;
3358 1 : cert_buffer_size = data_size2;
3359 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3360 : req_cert_buffer_hash);
3361 : /* transcript.message_a size is 0*/
3362 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3363 : /* session_transcript.message_k is 0*/
3364 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3365 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3366 : sizeof(spdm_finish_request_t));
3367 :
3368 1 : libspdm_requester_data_sign(
3369 : spdm_context,
3370 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3371 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3372 1 : false, libspdm_get_managed_buffer(&th_curr),
3373 : libspdm_get_managed_buffer_size(&th_curr),
3374 : ptr, &req_asym_signature_size);
3375 :
3376 : /* Switch signature to little endian */
3377 1 : libspdm_copy_signature_swap_endian(
3378 : m_libspdm_use_req_asym_algo,
3379 : ptr, req_asym_signature_size,
3380 : ptr, req_asym_signature_size);
3381 :
3382 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3383 1 : ptr += req_asym_signature_size;
3384 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3385 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3386 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3387 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3388 : request_finished_key, hash_size, ptr);
3389 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3390 1 : req_asym_signature_size + hmac_size;
3391 1 : response_size = sizeof(response);
3392 1 : status = libspdm_get_response_finish(spdm_context,
3393 : m_libspdm_finish_request7_size,
3394 : &m_libspdm_finish_request7,
3395 : &response_size, response);
3396 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3397 1 : spdm_response = (void*)response;
3398 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3399 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3400 1 : free(data1);
3401 1 : free(data2);
3402 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3403 1 : }
3404 :
3405 : /**
3406 : * Test 27: Same as test case 22, but test endian verification.
3407 : * Sign as Little Endian, Verify as Big.
3408 : * Expecting signature to FAIL.
3409 : **/
3410 1 : void rsp_finish_rsp_case27(void** state)
3411 : {
3412 : libspdm_return_t status;
3413 : libspdm_test_context_t* spdm_test_context;
3414 : libspdm_context_t* spdm_context;
3415 : size_t response_size;
3416 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3417 : spdm_finish_response_t* spdm_response;
3418 : void* data1;
3419 : size_t data_size1;
3420 : void* data2;
3421 : size_t data_size2;
3422 : uint8_t* ptr;
3423 : uint8_t* cert_buffer;
3424 : size_t cert_buffer_size;
3425 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3426 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3427 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3428 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3429 : libspdm_session_info_t* session_info;
3430 : uint32_t session_id;
3431 : uint32_t hash_size;
3432 : uint32_t hmac_size;
3433 : size_t req_asym_signature_size;
3434 :
3435 1 : spdm_test_context = *state;
3436 1 : spdm_context = spdm_test_context->spdm_context;
3437 1 : spdm_test_context->case_id = 27;
3438 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3439 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3440 1 : spdm_context->connection_info.connection_state =
3441 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3442 1 : spdm_context->connection_info.capability.flags |=
3443 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3444 1 : spdm_context->local_context.capability.flags |=
3445 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3446 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3447 : m_libspdm_use_hash_algo;
3448 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3449 : m_libspdm_use_asym_algo;
3450 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3451 : m_libspdm_use_req_asym_algo;
3452 1 : spdm_context->connection_info.algorithm.measurement_spec =
3453 : m_libspdm_use_measurement_spec;
3454 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3455 : m_libspdm_use_measurement_hash_algo;
3456 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3457 : m_libspdm_use_dhe_algo;
3458 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3459 : m_libspdm_use_aead_algo;
3460 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3461 : m_libspdm_use_asym_algo, &data1,
3462 : &data_size1, NULL, NULL);
3463 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3464 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3465 : data_size1;
3466 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3467 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3468 : data_size1;
3469 1 : spdm_context->spdm_10_11_verify_signature_endian =
3470 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
3471 :
3472 1 : libspdm_reset_message_a(spdm_context);
3473 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3474 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3475 : m_libspdm_use_req_asym_algo, &data2,
3476 : &data_size2, NULL, NULL);
3477 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3478 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3479 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3480 : data2, data_size2);
3481 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3482 : data_size2;
3483 : #else
3484 1 : libspdm_hash_all(
3485 : spdm_context->connection_info.algorithm.base_hash_algo,
3486 : data2, data_size2,
3487 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3488 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3489 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3490 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3491 : spdm_context->connection_info.algorithm.base_hash_algo,
3492 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3493 : data2,
3494 : data_size2,
3495 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3496 : #endif
3497 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
3498 :
3499 1 : session_id = 0xFFFFFFFF;
3500 1 : spdm_context->latest_session_id = session_id;
3501 1 : session_info = &spdm_context->session_info[0];
3502 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3503 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3504 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3505 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3506 1 : libspdm_secured_message_set_request_finished_key(
3507 : session_info->secured_message_context, m_dummy_buffer,
3508 : hash_size);
3509 1 : libspdm_secured_message_set_session_state(
3510 : session_info->secured_message_context,
3511 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3512 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3513 :
3514 1 : spdm_context->connection_info.capability.flags |=
3515 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3516 1 : spdm_context->local_context.capability.flags |=
3517 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3518 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3519 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3520 1 : req_asym_signature_size =
3521 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3522 1 : ptr = m_libspdm_finish_request7.signature;
3523 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3524 1 : cert_buffer = (uint8_t*)data1;
3525 1 : cert_buffer_size = data_size1;
3526 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3527 : cert_buffer_hash);
3528 1 : cert_buffer = (uint8_t*)data2;
3529 1 : cert_buffer_size = data_size2;
3530 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3531 : req_cert_buffer_hash);
3532 : /* transcript.message_a size is 0*/
3533 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3534 : /* session_transcript.message_k is 0*/
3535 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3536 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3537 : sizeof(spdm_finish_request_t));
3538 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3539 1 : libspdm_requester_data_sign(
3540 : spdm_context,
3541 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3542 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3543 1 : false, libspdm_get_managed_buffer(&th_curr),
3544 : libspdm_get_managed_buffer_size(&th_curr),
3545 : ptr, &req_asym_signature_size);
3546 :
3547 : /* Switch signature to little endian */
3548 1 : libspdm_copy_signature_swap_endian(
3549 : m_libspdm_use_req_asym_algo,
3550 : ptr, req_asym_signature_size,
3551 : ptr, req_asym_signature_size);
3552 : #endif
3553 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3554 1 : ptr += req_asym_signature_size;
3555 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3556 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3557 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3558 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3559 : request_finished_key, hash_size, ptr);
3560 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3561 1 : req_asym_signature_size + hmac_size;
3562 1 : response_size = sizeof(response);
3563 1 : status = libspdm_get_response_finish(spdm_context,
3564 : m_libspdm_finish_request7_size,
3565 : &m_libspdm_finish_request7,
3566 : &response_size, response);
3567 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3568 1 : spdm_response = (void*)response;
3569 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
3570 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
3571 1 : free(data1);
3572 1 : free(data2);
3573 1 : }
3574 :
3575 : /**
3576 : * Test 28: Same as test case 22, but test endian verification.
3577 : * Sign as Little Endian, Verify as Big Or Little.
3578 : * Expecting signature to PASS.
3579 : **/
3580 1 : void rsp_finish_rsp_case28(void** state)
3581 : {
3582 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3583 : libspdm_return_t status;
3584 : libspdm_test_context_t* spdm_test_context;
3585 : libspdm_context_t* spdm_context;
3586 : size_t response_size;
3587 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3588 : spdm_finish_response_t* spdm_response;
3589 : void* data1;
3590 : size_t data_size1;
3591 : void* data2;
3592 : size_t data_size2;
3593 : uint8_t* ptr;
3594 : uint8_t* cert_buffer;
3595 : size_t cert_buffer_size;
3596 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3597 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3598 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3599 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3600 : libspdm_session_info_t* session_info;
3601 : uint32_t session_id;
3602 : uint32_t hash_size;
3603 : uint32_t hmac_size;
3604 : size_t req_asym_signature_size;
3605 :
3606 1 : spdm_test_context = *state;
3607 1 : spdm_context = spdm_test_context->spdm_context;
3608 1 : spdm_test_context->case_id = 28;
3609 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3610 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3611 1 : spdm_context->connection_info.connection_state =
3612 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3613 1 : spdm_context->connection_info.capability.flags |=
3614 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3615 1 : spdm_context->local_context.capability.flags |=
3616 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3617 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3618 : m_libspdm_use_hash_algo;
3619 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3620 : m_libspdm_use_asym_algo;
3621 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3622 : m_libspdm_use_req_asym_algo;
3623 1 : spdm_context->connection_info.algorithm.measurement_spec =
3624 : m_libspdm_use_measurement_spec;
3625 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3626 : m_libspdm_use_measurement_hash_algo;
3627 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3628 : m_libspdm_use_dhe_algo;
3629 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3630 : m_libspdm_use_aead_algo;
3631 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3632 : m_libspdm_use_asym_algo, &data1,
3633 : &data_size1, NULL, NULL);
3634 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3635 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3636 : data_size1;
3637 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3638 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3639 : data_size1;
3640 1 : spdm_context->spdm_10_11_verify_signature_endian =
3641 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
3642 :
3643 1 : libspdm_reset_message_a(spdm_context);
3644 1 : spdm_context->local_context.mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3645 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3646 : m_libspdm_use_req_asym_algo, &data2,
3647 : &data_size2, NULL, NULL);
3648 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3649 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3650 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3651 : data2, data_size2);
3652 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3653 : data_size2;
3654 : #else
3655 1 : libspdm_hash_all(
3656 : spdm_context->connection_info.algorithm.base_hash_algo,
3657 : data2, data_size2,
3658 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3659 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3660 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3661 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3662 : spdm_context->connection_info.algorithm.base_hash_algo,
3663 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3664 : data2,
3665 : data_size2,
3666 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3667 : #endif
3668 1 : spdm_context->connection_info.peer_used_cert_chain_slot_id = 0;
3669 :
3670 1 : session_id = 0xFFFFFFFF;
3671 1 : spdm_context->latest_session_id = session_id;
3672 1 : session_info = &spdm_context->session_info[0];
3673 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3674 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3675 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3676 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3677 1 : libspdm_secured_message_set_request_finished_key(
3678 : session_info->secured_message_context, m_dummy_buffer,
3679 : hash_size);
3680 1 : libspdm_secured_message_set_session_state(
3681 : session_info->secured_message_context,
3682 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3683 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3684 :
3685 1 : spdm_context->connection_info.capability.flags |=
3686 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3687 1 : spdm_context->local_context.capability.flags |=
3688 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3689 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3690 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3691 1 : req_asym_signature_size =
3692 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3693 1 : ptr = m_libspdm_finish_request7.signature;
3694 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3695 1 : cert_buffer = (uint8_t*)data1;
3696 1 : cert_buffer_size = data_size1;
3697 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3698 : cert_buffer_hash);
3699 1 : cert_buffer = (uint8_t*)data2;
3700 1 : cert_buffer_size = data_size2;
3701 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3702 : req_cert_buffer_hash);
3703 : /* transcript.message_a size is 0*/
3704 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3705 : /* session_transcript.message_k is 0*/
3706 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3707 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3708 : sizeof(spdm_finish_request_t));
3709 :
3710 1 : libspdm_requester_data_sign(
3711 : spdm_context,
3712 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH,
3713 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3714 1 : false, libspdm_get_managed_buffer(&th_curr),
3715 : libspdm_get_managed_buffer_size(&th_curr),
3716 : ptr, &req_asym_signature_size);
3717 :
3718 : /* Switch signature to little endian */
3719 1 : libspdm_copy_signature_swap_endian(
3720 : m_libspdm_use_req_asym_algo,
3721 : ptr, req_asym_signature_size,
3722 : ptr, req_asym_signature_size);
3723 :
3724 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3725 1 : ptr += req_asym_signature_size;
3726 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3727 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3728 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3729 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3730 : request_finished_key, hash_size, ptr);
3731 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3732 1 : req_asym_signature_size + hmac_size;
3733 1 : response_size = sizeof(response);
3734 1 : status = libspdm_get_response_finish(spdm_context,
3735 : m_libspdm_finish_request7_size,
3736 : &m_libspdm_finish_request7,
3737 : &response_size, response);
3738 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3739 1 : spdm_response = (void*)response;
3740 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3741 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3742 1 : free(data1);
3743 1 : free(data2);
3744 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3745 1 : }
3746 :
3747 : /**
3748 : * Test 29: Receive the correct FINISH from the requester, and
3749 : * the requester and responder have not set HANDSHAKE_IN_THE_CLEAR.
3750 : * Expected behavior: the responder accepts the request and produces a valid
3751 : * FINISH_RSP response message, and The ResponderVerifyData field is absent.
3752 : **/
3753 1 : void rsp_finish_rsp_case29(void **state)
3754 : {
3755 : libspdm_return_t status;
3756 : libspdm_test_context_t *spdm_test_context;
3757 : libspdm_context_t *spdm_context;
3758 : size_t response_size;
3759 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3760 : spdm_finish_response_t *spdm_response;
3761 : void *data1;
3762 : size_t data_size1;
3763 : uint8_t *ptr;
3764 : uint8_t *cert_buffer;
3765 : size_t cert_buffer_size;
3766 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3767 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3768 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3769 : libspdm_session_info_t *session_info;
3770 : uint32_t session_id;
3771 : uint32_t hash_size;
3772 : uint32_t hmac_size;
3773 :
3774 1 : spdm_test_context = *state;
3775 1 : spdm_context = spdm_test_context->spdm_context;
3776 1 : spdm_test_context->case_id = 29;
3777 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3778 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3779 1 : spdm_context->connection_info.connection_state =
3780 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3781 1 : spdm_context->connection_info.capability.flags |=
3782 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3783 1 : spdm_context->local_context.capability.flags |=
3784 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3785 :
3786 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3787 : m_libspdm_use_hash_algo;
3788 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3789 : m_libspdm_use_asym_algo;
3790 1 : spdm_context->connection_info.algorithm.measurement_spec =
3791 : m_libspdm_use_measurement_spec;
3792 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3793 : m_libspdm_use_measurement_hash_algo;
3794 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3795 : m_libspdm_use_dhe_algo;
3796 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3797 : m_libspdm_use_aead_algo;
3798 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3799 : m_libspdm_use_asym_algo, &data1,
3800 : &data_size1, NULL, NULL);
3801 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3802 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3803 : data_size1;
3804 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3805 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3806 : data_size1;
3807 :
3808 1 : libspdm_reset_message_a(spdm_context);
3809 1 : spdm_context->local_context.mut_auth_requested = 0;
3810 :
3811 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3812 1 : spdm_context->connection_info.capability.flags &=
3813 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3814 1 : spdm_context->local_context.capability.flags &=
3815 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3816 :
3817 1 : session_id = 0xFFFFFFFF;
3818 1 : spdm_context->latest_session_id = session_id;
3819 1 : spdm_context->last_spdm_request_session_id_valid = true;
3820 1 : spdm_context->last_spdm_request_session_id = session_id;
3821 1 : session_info = &spdm_context->session_info[0];
3822 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3823 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3824 :
3825 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3826 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3827 :
3828 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3829 1 : libspdm_secured_message_set_request_finished_key(
3830 : session_info->secured_message_context, m_dummy_buffer,
3831 : hash_size);
3832 1 : libspdm_secured_message_set_session_state(
3833 : session_info->secured_message_context,
3834 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3835 :
3836 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3837 1 : ptr = m_libspdm_finish_request1.signature;
3838 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3839 1 : cert_buffer = (uint8_t *)data1;
3840 1 : cert_buffer_size = data_size1;
3841 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3842 : cert_buffer_hash);
3843 : /* transcript.message_a size is 0*/
3844 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3845 : /* session_transcript.message_k is 0*/
3846 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
3847 : sizeof(spdm_finish_request_t));
3848 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3849 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3850 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3851 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3852 : request_finished_key, hash_size, ptr);
3853 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
3854 1 : response_size = sizeof(response);
3855 1 : status = libspdm_get_response_finish(spdm_context,
3856 : m_libspdm_finish_request1_size,
3857 : &m_libspdm_finish_request1,
3858 : &response_size, response);
3859 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3860 : /* The ResponderVerifyData field shall be absent.*/
3861 1 : assert_int_equal(response_size,
3862 : sizeof(spdm_finish_response_t));
3863 1 : spdm_response = (void *)response;
3864 1 : assert_int_equal(spdm_response->header.request_response_code,
3865 : SPDM_FINISH_RSP);
3866 1 : free(data1);
3867 1 : }
3868 :
3869 : /**
3870 : * Test 30: SPDM version 1.4, with OpaqueData.
3871 : * Expected behavior: the responder accepts the request and produces a valid
3872 : * FINISH_RSP response message.
3873 : **/
3874 1 : void rsp_finish_rsp_case30(void **state)
3875 : {
3876 : libspdm_return_t status;
3877 : libspdm_test_context_t *spdm_test_context;
3878 : libspdm_context_t *spdm_context;
3879 : size_t response_size;
3880 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3881 : spdm_finish_response_t *spdm_response;
3882 : void *data1;
3883 : size_t data_size1;
3884 : uint8_t *ptr;
3885 : uint8_t *cert_buffer;
3886 : size_t cert_buffer_size;
3887 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3888 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3889 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3890 : libspdm_session_info_t *session_info;
3891 : uint32_t session_id;
3892 : uint32_t hash_size;
3893 : uint32_t hmac_size;
3894 :
3895 1 : spdm_test_context = *state;
3896 1 : spdm_context = spdm_test_context->spdm_context;
3897 1 : spdm_test_context->case_id = 30;
3898 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
3899 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3900 1 : spdm_context->connection_info.connection_state =
3901 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3902 1 : spdm_context->connection_info.capability.flags |=
3903 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3904 1 : spdm_context->local_context.capability.flags |=
3905 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3906 :
3907 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3908 : m_libspdm_use_hash_algo;
3909 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3910 : m_libspdm_use_asym_algo;
3911 1 : spdm_context->connection_info.algorithm.measurement_spec =
3912 : m_libspdm_use_measurement_spec;
3913 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3914 : m_libspdm_use_measurement_hash_algo;
3915 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3916 : m_libspdm_use_dhe_algo;
3917 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3918 : m_libspdm_use_aead_algo;
3919 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3920 : m_libspdm_use_asym_algo, &data1,
3921 : &data_size1, NULL, NULL);
3922 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3923 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3924 : data_size1;
3925 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
3926 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
3927 : data_size1;
3928 :
3929 1 : libspdm_reset_message_a(spdm_context);
3930 1 : spdm_context->local_context.mut_auth_requested = 0;
3931 :
3932 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3933 1 : spdm_context->connection_info.capability.flags &=
3934 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3935 1 : spdm_context->local_context.capability.flags &=
3936 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3937 :
3938 1 : session_id = 0xFFFFFFFF;
3939 1 : spdm_context->latest_session_id = session_id;
3940 1 : spdm_context->last_spdm_request_session_id_valid = true;
3941 1 : spdm_context->last_spdm_request_session_id = session_id;
3942 1 : session_info = &spdm_context->session_info[0];
3943 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3944 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3945 :
3946 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3947 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3948 :
3949 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3950 1 : libspdm_secured_message_set_request_finished_key(
3951 : session_info->secured_message_context, m_dummy_buffer,
3952 : hash_size);
3953 1 : libspdm_secured_message_set_session_state(
3954 : session_info->secured_message_context,
3955 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3956 :
3957 1 : m_libspdm_finish_request8.opaque_data_size = sizeof(m_libspdm_finish_request8.opaque_data);
3958 :
3959 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3960 1 : ptr = m_libspdm_finish_request8.signature;
3961 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3962 1 : cert_buffer = (uint8_t *)data1;
3963 1 : cert_buffer_size = data_size1;
3964 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3965 : cert_buffer_hash);
3966 : /* transcript.message_a size is 0*/
3967 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3968 : /* session_transcript.message_k is 0*/
3969 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request8,
3970 : sizeof(spdm_finish_request_t) + sizeof(uint16_t) +
3971 1 : m_libspdm_finish_request8.opaque_data_size);
3972 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3973 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3974 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3975 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3976 : request_finished_key, hash_size, ptr);
3977 1 : m_libspdm_finish_request8_size = sizeof(spdm_finish_request_t) + hmac_size +
3978 1 : sizeof(uint16_t) + m_libspdm_finish_request8.opaque_data_size;
3979 1 : response_size = sizeof(response);
3980 1 : status = libspdm_get_response_finish(spdm_context,
3981 : m_libspdm_finish_request8_size,
3982 : &m_libspdm_finish_request8,
3983 : &response_size, response);
3984 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3985 : /* The ResponderVerifyData field shall be absent.*/
3986 1 : ptr = (uint8_t *)response + sizeof(spdm_finish_response_t);
3987 1 : assert_int_equal(response_size,
3988 : sizeof(spdm_finish_response_t) + sizeof(uint16_t) +
3989 : libspdm_read_uint16(ptr));
3990 1 : spdm_response = (void *)response;
3991 1 : assert_int_equal(spdm_response->header.request_response_code,
3992 : SPDM_FINISH_RSP);
3993 1 : free(data1);
3994 1 : }
3995 :
3996 1 : int libspdm_rsp_finish_test(void)
3997 : {
3998 1 : const struct CMUnitTest test_cases[] = {
3999 : /* Success Case*/
4000 : cmocka_unit_test(rsp_finish_rsp_case1),
4001 : /* Can be populated with new test.*/
4002 : cmocka_unit_test(rsp_finish_rsp_case2),
4003 : /* response_state: SPDM_RESPONSE_STATE_BUSY*/
4004 : cmocka_unit_test(rsp_finish_rsp_case3),
4005 : /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
4006 : cmocka_unit_test(rsp_finish_rsp_case4),
4007 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
4008 : /* response_state: LIBSPDM_RESPONSE_STATE_NOT_READY*/
4009 : cmocka_unit_test(rsp_finish_rsp_case5),
4010 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
4011 : /* connection_state Check*/
4012 : cmocka_unit_test(rsp_finish_rsp_case6),
4013 : /* Buffer reset*/
4014 : cmocka_unit_test(rsp_finish_rsp_case7),
4015 : /* Success Case*/
4016 : cmocka_unit_test(rsp_finish_rsp_case8),
4017 : /* Unsupported KEY_EX capabilities*/
4018 : cmocka_unit_test(rsp_finish_rsp_case9),
4019 : /* Uninitialized session*/
4020 : cmocka_unit_test(rsp_finish_rsp_case10),
4021 : /* Incorrect MAC*/
4022 : cmocka_unit_test(rsp_finish_rsp_case11),
4023 : cmocka_unit_test(rsp_finish_rsp_case12),
4024 : /* Can be populated with new test.*/
4025 : cmocka_unit_test(rsp_finish_rsp_case13),
4026 : cmocka_unit_test(rsp_finish_rsp_case14),
4027 : /* Incorrect signature*/
4028 : cmocka_unit_test(rsp_finish_rsp_case15),
4029 : cmocka_unit_test(rsp_finish_rsp_case16),
4030 : /* Buffer verification*/
4031 : cmocka_unit_test(rsp_finish_rsp_case17),
4032 : /* Success Case, enable mutual authentication and use slot_id 0xFF */
4033 : cmocka_unit_test(rsp_finish_rsp_case18),
4034 : /* Invalid SlotID in FINISH request message when mutual authentication */
4035 : cmocka_unit_test_setup(rsp_finish_rsp_case19, libspdm_unit_test_group_setup),
4036 : cmocka_unit_test_setup(rsp_finish_rsp_case20, libspdm_unit_test_group_setup),
4037 : /* If FINISH.Param1 != 0x01, then FINISH.Param2 is reserved, shall be ignored when read */
4038 : cmocka_unit_test_setup(rsp_finish_rsp_case21, libspdm_unit_test_group_setup),
4039 : /* If KEY_EXCHANGE_RSP.MutAuthRequested equals neither 0x02 nor 0x04, FINISH.Param2 no need match ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest */
4040 : cmocka_unit_test_setup(rsp_finish_rsp_case22, libspdm_unit_test_group_setup),
4041 : /* Big Endian Sign - Little Endian Verify */
4042 : cmocka_unit_test_setup(rsp_finish_rsp_case23, libspdm_unit_test_group_setup),
4043 : /* Big Endian Sign - Big Endian Verify */
4044 : cmocka_unit_test_setup(rsp_finish_rsp_case24, libspdm_unit_test_group_setup),
4045 : /* Big Endian Sign - Big or Little Endian Verify */
4046 : cmocka_unit_test_setup(rsp_finish_rsp_case25, libspdm_unit_test_group_setup),
4047 : /* Little Endian Sign - Little Endian Verify*/
4048 : cmocka_unit_test_setup(rsp_finish_rsp_case26, libspdm_unit_test_group_setup),
4049 : /* Little Endian Sign - Big Endian Verify */
4050 : cmocka_unit_test_setup(rsp_finish_rsp_case27, libspdm_unit_test_group_setup),
4051 : /* Little Endian Sign - Big or Little Endian Verify */
4052 : cmocka_unit_test_setup(rsp_finish_rsp_case28, libspdm_unit_test_group_setup),
4053 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
4054 : cmocka_unit_test(rsp_finish_rsp_case29),
4055 : /* SPDM 1.4 with OpaqueData */
4056 : cmocka_unit_test(rsp_finish_rsp_case30),
4057 : };
4058 :
4059 1 : libspdm_test_context_t test_context = {
4060 : LIBSPDM_TEST_CONTEXT_VERSION,
4061 : false,
4062 : };
4063 :
4064 1 : libspdm_setup_test_context(&test_context);
4065 :
4066 1 : return cmocka_run_group_tests(test_cases,
4067 : libspdm_unit_test_group_setup,
4068 : libspdm_unit_test_group_teardown);
4069 : }
4070 :
4071 : #endif /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/
|