Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 : #include "internal/libspdm_secured_message_lib.h"
10 :
11 : extern uint8_t g_key_exchange_start_mut_auth;
12 :
13 : #pragma pack(1)
14 :
15 : typedef struct {
16 : spdm_message_header_t header;
17 : uint8_t signature[LIBSPDM_MAX_ASYM_SIG_SIZE];
18 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
19 : } libspdm_finish_request_mine_t;
20 :
21 : typedef struct {
22 : spdm_message_header_t header;
23 : uint16_t opaque_data_size;
24 : uint8_t opaque_data[8];
25 : uint8_t signature[LIBSPDM_MAX_ASYM_SIG_SIZE];
26 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
27 : } libspdm_finish_request_mine_14_t;
28 :
29 : #pragma pack()
30 :
31 : libspdm_finish_request_mine_t m_libspdm_finish_request1 = {
32 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 0, 0 },
33 : };
34 : size_t m_libspdm_finish_request1_size = sizeof(m_libspdm_finish_request1);
35 :
36 : libspdm_finish_request_mine_t m_libspdm_finish_request3 = {
37 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0 },
38 : };
39 : size_t m_libspdm_finish_request3_size = sizeof(m_libspdm_finish_request3);
40 :
41 : libspdm_finish_request_mine_t m_libspdm_finish_request4 = {
42 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0xFF },
43 : };
44 : size_t m_libspdm_finish_request4_size = sizeof(m_libspdm_finish_request4);
45 :
46 : libspdm_finish_request_mine_t m_libspdm_finish_request5 = {
47 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 10 },
48 : };
49 : size_t m_libspdm_finish_request5_size = sizeof(m_libspdm_finish_request5);
50 :
51 : libspdm_finish_request_mine_t m_libspdm_finish_request6 = {
52 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 6, 10 },
53 : };
54 : size_t m_libspdm_finish_request6_size = sizeof(m_libspdm_finish_request6);
55 :
56 : libspdm_finish_request_mine_t m_libspdm_finish_request7 = {
57 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 3 },
58 : };
59 : size_t m_libspdm_finish_request7_size = sizeof(m_libspdm_finish_request7);
60 :
61 : libspdm_finish_request_mine_14_t m_libspdm_finish_request8 = {
62 : { SPDM_MESSAGE_VERSION_14, SPDM_FINISH, 0, 0 },
63 : };
64 : size_t m_libspdm_finish_request8_size = sizeof(m_libspdm_finish_request8);
65 :
66 : uint8_t m_dummy_buffer[LIBSPDM_MAX_HASH_SIZE];
67 :
68 : #if LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP
69 :
70 : static libspdm_th_managed_buffer_t th_curr;
71 :
72 28 : void libspdm_secured_message_set_request_finished_key(
73 : void *spdm_secured_message_context, const void *key, size_t key_size)
74 : {
75 : libspdm_secured_message_context_t *secured_message_context;
76 :
77 28 : secured_message_context = spdm_secured_message_context;
78 28 : LIBSPDM_ASSERT(key_size == secured_message_context->hash_size);
79 28 : libspdm_copy_mem(secured_message_context->handshake_secret.request_finished_key,
80 : sizeof(secured_message_context->handshake_secret.request_finished_key),
81 : key, secured_message_context->hash_size);
82 28 : }
83 :
84 : /**
85 : * Test 1: receiving a correct FINISH message from the requester with a
86 : * correct MAC, no signature (no mutual authentication), and 'handshake in
87 : * the clear'.
88 : * Expected behavior: the responder accepts the request and produces a valid
89 : * FINISH_RSP response message.
90 : **/
91 1 : void rsp_finish_rsp_case1(void **state)
92 : {
93 : libspdm_return_t status;
94 : libspdm_test_context_t *spdm_test_context;
95 : libspdm_context_t *spdm_context;
96 : size_t response_size;
97 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
98 : spdm_finish_response_t *spdm_response;
99 : void *data1;
100 : size_t data_size1;
101 : uint8_t *ptr;
102 : uint8_t *cert_buffer;
103 : size_t cert_buffer_size;
104 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
105 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
106 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
107 : libspdm_session_info_t *session_info;
108 : uint32_t session_id;
109 : uint32_t hash_size;
110 : uint32_t hmac_size;
111 :
112 1 : spdm_test_context = *state;
113 1 : spdm_context = spdm_test_context->spdm_context;
114 1 : spdm_test_context->case_id = 0x1;
115 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
116 : SPDM_VERSION_NUMBER_SHIFT_BIT;
117 1 : spdm_context->connection_info.connection_state =
118 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
119 1 : spdm_context->connection_info.capability.flags |=
120 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
121 1 : spdm_context->local_context.capability.flags |=
122 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
123 1 : spdm_context->connection_info.algorithm.base_hash_algo =
124 : m_libspdm_use_hash_algo;
125 1 : spdm_context->connection_info.algorithm.base_asym_algo =
126 : m_libspdm_use_asym_algo;
127 1 : spdm_context->connection_info.algorithm.measurement_spec =
128 : m_libspdm_use_measurement_spec;
129 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
130 : m_libspdm_use_measurement_hash_algo;
131 1 : spdm_context->connection_info.algorithm.dhe_named_group =
132 : m_libspdm_use_dhe_algo;
133 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
134 : m_libspdm_use_aead_algo;
135 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
136 : m_libspdm_use_asym_algo, &data1,
137 : &data_size1, NULL, NULL);
138 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
139 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
140 : data_size1;
141 :
142 1 : libspdm_reset_message_a(spdm_context);
143 :
144 1 : session_id = 0xFFFFFFFF;
145 1 : spdm_context->latest_session_id = session_id;
146 1 : session_info = &spdm_context->session_info[0];
147 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
148 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
149 1 : session_info->local_used_cert_chain_slot_id = 0;
150 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
151 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
152 1 : libspdm_secured_message_set_request_finished_key(
153 : session_info->secured_message_context, m_dummy_buffer,
154 : hash_size);
155 1 : libspdm_secured_message_set_session_state(
156 : session_info->secured_message_context,
157 : LIBSPDM_SESSION_STATE_HANDSHAKING);
158 :
159 1 : spdm_context->connection_info.capability.flags |=
160 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
161 1 : spdm_context->local_context.capability.flags |=
162 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
163 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
164 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
165 1 : ptr = m_libspdm_finish_request1.signature;
166 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
167 1 : cert_buffer = (uint8_t *)data1;
168 1 : cert_buffer_size = data_size1;
169 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
170 : cert_buffer_hash);
171 : /* transcript.message_a size is 0*/
172 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
173 : /* session_transcript.message_k is 0*/
174 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
175 : sizeof(spdm_finish_request_t));
176 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
177 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
178 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
179 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
180 : request_finished_key, hash_size, ptr);
181 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
182 1 : response_size = sizeof(response);
183 1 : status = libspdm_get_response_finish(spdm_context,
184 : m_libspdm_finish_request1_size,
185 : &m_libspdm_finish_request1,
186 : &response_size, response);
187 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
188 1 : assert_int_equal(response_size,
189 : sizeof(spdm_finish_response_t) + hmac_size);
190 1 : spdm_response = (void *)response;
191 1 : assert_int_equal(spdm_response->header.request_response_code,
192 : SPDM_FINISH_RSP);
193 1 : free(data1);
194 1 : }
195 :
196 : /**
197 : * Test 2:
198 : * Expected behavior:
199 : **/
200 1 : void rsp_finish_rsp_case2(void **state)
201 : {
202 1 : }
203 :
204 : /**
205 : * Test 3: receiving a correct FINISH from the requester, but the
206 : * responder is in a Busy state.
207 : * Expected behavior: the responder accepts the request, but produces an
208 : * ERROR message indicating the Busy state.
209 : **/
210 1 : void rsp_finish_rsp_case3(void **state)
211 : {
212 : libspdm_return_t status;
213 : libspdm_test_context_t *spdm_test_context;
214 : libspdm_context_t *spdm_context;
215 : size_t response_size;
216 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
217 : spdm_finish_response_t *spdm_response;
218 : void *data1;
219 : size_t data_size1;
220 : uint8_t *ptr;
221 : uint8_t *cert_buffer;
222 : size_t cert_buffer_size;
223 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
224 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
225 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
226 : libspdm_session_info_t *session_info;
227 : uint32_t session_id;
228 : uint32_t hash_size;
229 : uint32_t hmac_size;
230 :
231 1 : spdm_test_context = *state;
232 1 : spdm_context = spdm_test_context->spdm_context;
233 1 : spdm_test_context->case_id = 0x3;
234 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
235 : SPDM_VERSION_NUMBER_SHIFT_BIT;
236 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
237 1 : spdm_context->connection_info.connection_state =
238 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
239 1 : spdm_context->connection_info.capability.flags |=
240 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
241 1 : spdm_context->local_context.capability.flags |=
242 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
243 1 : spdm_context->connection_info.algorithm.base_hash_algo =
244 : m_libspdm_use_hash_algo;
245 1 : spdm_context->connection_info.algorithm.base_asym_algo =
246 : m_libspdm_use_asym_algo;
247 1 : spdm_context->connection_info.algorithm.measurement_spec =
248 : m_libspdm_use_measurement_spec;
249 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
250 : m_libspdm_use_measurement_hash_algo;
251 1 : spdm_context->connection_info.algorithm.dhe_named_group =
252 : m_libspdm_use_dhe_algo;
253 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
254 : m_libspdm_use_aead_algo;
255 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
256 : m_libspdm_use_asym_algo, &data1,
257 : &data_size1, NULL, NULL);
258 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
259 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
260 : data_size1;
261 :
262 1 : libspdm_reset_message_a(spdm_context);
263 :
264 1 : session_id = 0xFFFFFFFF;
265 1 : spdm_context->latest_session_id = session_id;
266 1 : session_info = &spdm_context->session_info[0];
267 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
268 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
269 1 : session_info->local_used_cert_chain_slot_id = 0;
270 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
271 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
272 1 : libspdm_secured_message_set_request_finished_key(
273 : session_info->secured_message_context, m_dummy_buffer,
274 : hash_size);
275 1 : libspdm_secured_message_set_session_state(
276 : session_info->secured_message_context,
277 : LIBSPDM_SESSION_STATE_HANDSHAKING);
278 :
279 1 : spdm_context->connection_info.capability.flags |=
280 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
281 1 : spdm_context->local_context.capability.flags |=
282 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
283 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
284 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
285 1 : ptr = m_libspdm_finish_request1.signature;
286 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
287 1 : cert_buffer = (uint8_t *)data1;
288 1 : cert_buffer_size = data_size1;
289 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
290 : cert_buffer_hash);
291 : /* transcript.message_a size is 0*/
292 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
293 : /* session_transcript.message_k is 0*/
294 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
295 : sizeof(spdm_finish_request_t));
296 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
297 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
298 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
299 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
300 : request_finished_key, hash_size, ptr);
301 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
302 1 : response_size = sizeof(response);
303 1 : status = libspdm_get_response_finish(spdm_context,
304 : m_libspdm_finish_request1_size,
305 : &m_libspdm_finish_request1,
306 : &response_size, response);
307 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
308 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
309 1 : spdm_response = (void *)response;
310 1 : assert_int_equal(spdm_response->header.request_response_code,
311 : SPDM_ERROR);
312 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
313 1 : assert_int_equal(spdm_response->header.param2, 0);
314 1 : assert_int_equal(spdm_context->response_state,
315 : LIBSPDM_RESPONSE_STATE_BUSY);
316 1 : free(data1);
317 1 : }
318 :
319 : /**
320 : * Test 4: receiving a correct FINISH from the requester, but the responder
321 : * requires resynchronization with the requester.
322 : * Expected behavior: the responder accepts the request, but produces an
323 : * ERROR message indicating the NeedResynch state.
324 : **/
325 1 : void rsp_finish_rsp_case4(void **state)
326 : {
327 : libspdm_return_t status;
328 : libspdm_test_context_t *spdm_test_context;
329 : libspdm_context_t *spdm_context;
330 : size_t response_size;
331 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
332 : spdm_finish_response_t *spdm_response;
333 : void *data1;
334 : size_t data_size1;
335 : uint8_t *ptr;
336 : uint8_t *cert_buffer;
337 : size_t cert_buffer_size;
338 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
339 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
340 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
341 : libspdm_session_info_t *session_info;
342 : uint32_t session_id;
343 : uint32_t hash_size;
344 : uint32_t hmac_size;
345 :
346 1 : spdm_test_context = *state;
347 1 : spdm_context = spdm_test_context->spdm_context;
348 1 : spdm_test_context->case_id = 0x4;
349 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
350 : SPDM_VERSION_NUMBER_SHIFT_BIT;
351 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
352 1 : spdm_context->connection_info.connection_state =
353 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
354 1 : spdm_context->connection_info.capability.flags |=
355 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
356 1 : spdm_context->local_context.capability.flags |=
357 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
358 1 : spdm_context->connection_info.algorithm.base_hash_algo =
359 : m_libspdm_use_hash_algo;
360 1 : spdm_context->connection_info.algorithm.base_asym_algo =
361 : m_libspdm_use_asym_algo;
362 1 : spdm_context->connection_info.algorithm.measurement_spec =
363 : m_libspdm_use_measurement_spec;
364 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
365 : m_libspdm_use_measurement_hash_algo;
366 1 : spdm_context->connection_info.algorithm.dhe_named_group =
367 : m_libspdm_use_dhe_algo;
368 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
369 : m_libspdm_use_aead_algo;
370 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
371 : m_libspdm_use_asym_algo, &data1,
372 : &data_size1, NULL, NULL);
373 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
374 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
375 : data_size1;
376 :
377 1 : libspdm_reset_message_a(spdm_context);
378 :
379 1 : session_id = 0xFFFFFFFF;
380 1 : spdm_context->latest_session_id = session_id;
381 1 : session_info = &spdm_context->session_info[0];
382 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
383 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
384 1 : session_info->local_used_cert_chain_slot_id = 0;
385 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
386 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
387 1 : libspdm_secured_message_set_request_finished_key(
388 : session_info->secured_message_context, m_dummy_buffer,
389 : hash_size);
390 1 : libspdm_secured_message_set_session_state(
391 : session_info->secured_message_context,
392 : LIBSPDM_SESSION_STATE_HANDSHAKING);
393 :
394 1 : spdm_context->connection_info.capability.flags |=
395 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
396 1 : spdm_context->local_context.capability.flags |=
397 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
398 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
399 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
400 1 : ptr = m_libspdm_finish_request1.signature;
401 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
402 1 : cert_buffer = (uint8_t *)data1;
403 1 : cert_buffer_size = data_size1;
404 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
405 : cert_buffer_hash);
406 : /* transcript.message_a size is 0*/
407 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
408 : /* session_transcript.message_k is 0*/
409 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
410 : sizeof(spdm_finish_request_t));
411 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
412 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
413 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
414 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
415 : request_finished_key, hash_size, ptr);
416 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
417 1 : response_size = sizeof(response);
418 1 : status = libspdm_get_response_finish(spdm_context,
419 : m_libspdm_finish_request1_size,
420 : &m_libspdm_finish_request1,
421 : &response_size, response);
422 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
423 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
424 1 : spdm_response = (void *)response;
425 1 : assert_int_equal(spdm_response->header.request_response_code,
426 : SPDM_ERROR);
427 1 : assert_int_equal(spdm_response->header.param1,
428 : SPDM_ERROR_CODE_REQUEST_RESYNCH);
429 1 : assert_int_equal(spdm_response->header.param2, 0);
430 1 : assert_int_equal(spdm_context->response_state,
431 : LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
432 1 : free(data1);
433 1 : }
434 :
435 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
436 : /**
437 : * Test 5: receiving a correct FINISH from the requester, but the responder
438 : * could not produce the response in time.
439 : * Expected behavior: the responder accepts the request, but produces an
440 : * ERROR message indicating the ResponseNotReady state.
441 : **/
442 1 : void rsp_finish_rsp_case5(void **state)
443 : {
444 : libspdm_return_t status;
445 : libspdm_test_context_t *spdm_test_context;
446 : libspdm_context_t *spdm_context;
447 : size_t response_size;
448 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
449 : spdm_finish_response_t *spdm_response;
450 : void *data1;
451 : size_t data_size1;
452 : uint8_t *ptr;
453 : uint8_t *cert_buffer;
454 : size_t cert_buffer_size;
455 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
456 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
457 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
458 : libspdm_session_info_t *session_info;
459 : uint32_t session_id;
460 : uint32_t hash_size;
461 : uint32_t hmac_size;
462 : spdm_error_data_response_not_ready_t *error_data;
463 :
464 1 : spdm_test_context = *state;
465 1 : spdm_context = spdm_test_context->spdm_context;
466 1 : spdm_test_context->case_id = 0x5;
467 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
468 : SPDM_VERSION_NUMBER_SHIFT_BIT;
469 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
470 1 : spdm_context->connection_info.connection_state =
471 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
472 1 : spdm_context->connection_info.capability.flags |=
473 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
474 1 : spdm_context->local_context.capability.flags |=
475 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
476 1 : spdm_context->connection_info.algorithm.base_hash_algo =
477 : m_libspdm_use_hash_algo;
478 1 : spdm_context->connection_info.algorithm.base_asym_algo =
479 : m_libspdm_use_asym_algo;
480 1 : spdm_context->connection_info.algorithm.measurement_spec =
481 : m_libspdm_use_measurement_spec;
482 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
483 : m_libspdm_use_measurement_hash_algo;
484 1 : spdm_context->connection_info.algorithm.dhe_named_group =
485 : m_libspdm_use_dhe_algo;
486 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
487 : m_libspdm_use_aead_algo;
488 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
489 : m_libspdm_use_asym_algo, &data1,
490 : &data_size1, NULL, NULL);
491 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
492 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
493 : data_size1;
494 :
495 1 : libspdm_reset_message_a(spdm_context);
496 :
497 1 : session_id = 0xFFFFFFFF;
498 1 : spdm_context->latest_session_id = session_id;
499 1 : session_info = &spdm_context->session_info[0];
500 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
501 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
502 1 : session_info->local_used_cert_chain_slot_id = 0;
503 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
504 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
505 1 : libspdm_secured_message_set_request_finished_key(
506 : session_info->secured_message_context, m_dummy_buffer,
507 : hash_size);
508 1 : libspdm_secured_message_set_session_state(
509 : session_info->secured_message_context,
510 : LIBSPDM_SESSION_STATE_HANDSHAKING);
511 :
512 1 : spdm_context->connection_info.capability.flags |=
513 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
514 1 : spdm_context->local_context.capability.flags |=
515 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
516 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
517 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
518 1 : ptr = m_libspdm_finish_request1.signature;
519 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
520 1 : cert_buffer = (uint8_t *)data1;
521 1 : cert_buffer_size = data_size1;
522 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
523 : cert_buffer_hash);
524 : /* transcript.message_a size is 0*/
525 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
526 : /* session_transcript.message_k is 0*/
527 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
528 : sizeof(spdm_finish_request_t));
529 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
530 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
531 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
532 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
533 : request_finished_key, hash_size, ptr);
534 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
535 1 : response_size = sizeof(response);
536 1 : status = libspdm_get_response_finish(spdm_context,
537 : m_libspdm_finish_request1_size,
538 : &m_libspdm_finish_request1,
539 : &response_size, response);
540 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
541 1 : assert_int_equal(response_size,
542 : sizeof(spdm_error_response_t) +
543 : sizeof(spdm_error_data_response_not_ready_t));
544 1 : spdm_response = (void *)response;
545 1 : error_data =
546 : (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
547 1 : assert_int_equal(spdm_response->header.request_response_code,
548 : SPDM_ERROR);
549 1 : assert_int_equal(spdm_response->header.param1,
550 : SPDM_ERROR_CODE_RESPONSE_NOT_READY);
551 1 : assert_int_equal(spdm_response->header.param2, 0);
552 1 : assert_int_equal(spdm_context->response_state,
553 : LIBSPDM_RESPONSE_STATE_NOT_READY);
554 1 : assert_int_equal(error_data->request_code, SPDM_FINISH);
555 1 : free(data1);
556 1 : }
557 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
558 :
559 : /**
560 : * Test 6: receiving a correct FINISH from the requester, but the responder
561 : * is not set no receive a FINISH message because previous messages (namely,
562 : * GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or GET_DIGESTS) have not been
563 : * received.
564 : * Expected behavior: the responder rejects the request, and produces an
565 : * ERROR message indicating the UnexpectedRequest.
566 : **/
567 1 : void rsp_finish_rsp_case6(void **state)
568 : {
569 : libspdm_return_t status;
570 : libspdm_test_context_t *spdm_test_context;
571 : libspdm_context_t *spdm_context;
572 : size_t response_size;
573 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
574 : spdm_finish_response_t *spdm_response;
575 : void *data1;
576 : size_t data_size1;
577 : uint8_t *ptr;
578 : uint8_t *cert_buffer;
579 : size_t cert_buffer_size;
580 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
581 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
582 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
583 : libspdm_session_info_t *session_info;
584 : uint32_t session_id;
585 : uint32_t hash_size;
586 : uint32_t hmac_size;
587 :
588 1 : spdm_test_context = *state;
589 1 : spdm_context = spdm_test_context->spdm_context;
590 1 : spdm_test_context->case_id = 0x6;
591 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
592 : SPDM_VERSION_NUMBER_SHIFT_BIT;
593 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
594 1 : spdm_context->connection_info.connection_state =
595 : LIBSPDM_CONNECTION_STATE_NOT_STARTED;
596 1 : spdm_context->connection_info.capability.flags |=
597 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
598 1 : spdm_context->local_context.capability.flags |=
599 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
600 1 : spdm_context->connection_info.algorithm.base_hash_algo =
601 : m_libspdm_use_hash_algo;
602 1 : spdm_context->connection_info.algorithm.base_asym_algo =
603 : m_libspdm_use_asym_algo;
604 1 : spdm_context->connection_info.algorithm.measurement_spec =
605 : m_libspdm_use_measurement_spec;
606 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
607 : m_libspdm_use_measurement_hash_algo;
608 1 : spdm_context->connection_info.algorithm.dhe_named_group =
609 : m_libspdm_use_dhe_algo;
610 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
611 : m_libspdm_use_aead_algo;
612 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
613 : m_libspdm_use_asym_algo, &data1,
614 : &data_size1, NULL, NULL);
615 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
616 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
617 : data_size1;
618 :
619 1 : libspdm_reset_message_a(spdm_context);
620 :
621 1 : session_id = 0xFFFFFFFF;
622 1 : spdm_context->latest_session_id = session_id;
623 1 : session_info = &spdm_context->session_info[0];
624 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
625 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
626 1 : session_info->local_used_cert_chain_slot_id = 0;
627 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
628 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
629 1 : libspdm_secured_message_set_request_finished_key(
630 : session_info->secured_message_context, m_dummy_buffer,
631 : hash_size);
632 1 : libspdm_secured_message_set_session_state(
633 : session_info->secured_message_context,
634 : LIBSPDM_SESSION_STATE_HANDSHAKING);
635 :
636 1 : spdm_context->connection_info.capability.flags |=
637 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
638 1 : spdm_context->local_context.capability.flags |=
639 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
640 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
641 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
642 1 : ptr = m_libspdm_finish_request1.signature;
643 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
644 1 : cert_buffer = (uint8_t *)data1;
645 1 : cert_buffer_size = data_size1;
646 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
647 : cert_buffer_hash);
648 : /* transcript.message_a size is 0*/
649 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
650 : /* session_transcript.message_k is 0*/
651 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
652 : sizeof(spdm_finish_request_t));
653 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
654 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
655 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
656 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
657 : request_finished_key, hash_size, ptr);
658 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
659 1 : response_size = sizeof(response);
660 1 : status = libspdm_get_response_finish(spdm_context,
661 : m_libspdm_finish_request1_size,
662 : &m_libspdm_finish_request1,
663 : &response_size, response);
664 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
665 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
666 1 : spdm_response = (void *)response;
667 1 : assert_int_equal(spdm_response->header.request_response_code,
668 : SPDM_ERROR);
669 1 : assert_int_equal(spdm_response->header.param1,
670 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
671 1 : assert_int_equal(spdm_response->header.param2, 0);
672 1 : free(data1);
673 1 : }
674 :
675 1 : void rsp_finish_rsp_case7(void **state)
676 : {
677 : libspdm_return_t status;
678 : libspdm_test_context_t *spdm_test_context;
679 : libspdm_context_t *spdm_context;
680 : size_t response_size;
681 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
682 : spdm_finish_response_t *spdm_response;
683 : void *data1;
684 : size_t data_size1;
685 : uint8_t *ptr;
686 : uint8_t *cert_buffer;
687 : size_t cert_buffer_size;
688 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
689 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
690 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
691 : libspdm_session_info_t *session_info;
692 : uint32_t session_id;
693 : uint32_t hash_size;
694 : uint32_t hmac_size;
695 :
696 1 : spdm_test_context = *state;
697 1 : spdm_context = spdm_test_context->spdm_context;
698 1 : spdm_test_context->case_id = 0x7;
699 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
700 : SPDM_VERSION_NUMBER_SHIFT_BIT;
701 1 : spdm_context->connection_info.connection_state =
702 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
703 1 : spdm_context->connection_info.capability.flags |=
704 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
705 1 : spdm_context->local_context.capability.flags |=
706 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
707 1 : spdm_context->connection_info.algorithm.base_hash_algo =
708 : m_libspdm_use_hash_algo;
709 1 : spdm_context->connection_info.algorithm.base_asym_algo =
710 : m_libspdm_use_asym_algo;
711 1 : spdm_context->connection_info.algorithm.measurement_spec =
712 : m_libspdm_use_measurement_spec;
713 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
714 : m_libspdm_use_measurement_hash_algo;
715 1 : spdm_context->connection_info.algorithm.dhe_named_group =
716 : m_libspdm_use_dhe_algo;
717 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
718 : m_libspdm_use_aead_algo;
719 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
720 : m_libspdm_use_asym_algo, &data1,
721 : &data_size1, NULL, NULL);
722 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
723 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
724 : data_size1;
725 :
726 1 : libspdm_reset_message_a(spdm_context);
727 :
728 1 : session_id = 0xFFFFFFFF;
729 1 : spdm_context->latest_session_id = session_id;
730 1 : session_info = &spdm_context->session_info[0];
731 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
732 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
733 1 : session_info->local_used_cert_chain_slot_id = 0;
734 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
735 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
736 1 : libspdm_secured_message_set_request_finished_key(
737 : session_info->secured_message_context, m_dummy_buffer,
738 : hash_size);
739 1 : libspdm_secured_message_set_session_state(
740 : session_info->secured_message_context,
741 : LIBSPDM_SESSION_STATE_HANDSHAKING);
742 :
743 1 : spdm_context->connection_info.capability.flags |=
744 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
745 1 : spdm_context->local_context.capability.flags |=
746 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
747 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
748 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
749 1 : ptr = m_libspdm_finish_request1.signature;
750 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
751 1 : cert_buffer = (uint8_t *)data1;
752 1 : cert_buffer_size = data_size1;
753 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
754 : session_info->session_transcript.message_m.buffer_size =
755 : session_info->session_transcript.message_m.max_buffer_size;
756 : spdm_context->transcript.message_b.buffer_size =
757 : spdm_context->transcript.message_b.max_buffer_size;
758 : spdm_context->transcript.message_c.buffer_size =
759 : spdm_context->transcript.message_c.max_buffer_size;
760 : spdm_context->transcript.message_mut_b.buffer_size =
761 : spdm_context->transcript.message_mut_b.max_buffer_size;
762 : spdm_context->transcript.message_mut_c.buffer_size =
763 : spdm_context->transcript.message_mut_c.max_buffer_size;
764 : #endif
765 :
766 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
767 : cert_buffer_hash);
768 : /* transcript.message_a size is 0*/
769 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
770 : /* session_transcript.message_k is 0*/
771 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
772 : sizeof(spdm_finish_request_t));
773 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
774 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
775 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
776 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
777 : request_finished_key, hash_size, ptr);
778 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
779 1 : response_size = sizeof(response);
780 1 : status = libspdm_get_response_finish(spdm_context,
781 : m_libspdm_finish_request1_size,
782 : &m_libspdm_finish_request1,
783 : &response_size, response);
784 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
785 1 : assert_int_equal(response_size,
786 : sizeof(spdm_finish_response_t) + hmac_size);
787 1 : spdm_response = (void *)response;
788 1 : assert_int_equal(spdm_response->header.request_response_code,
789 : SPDM_FINISH_RSP);
790 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
791 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
792 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
793 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
794 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
795 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
796 : #endif
797 :
798 1 : free(data1);
799 1 : }
800 :
801 :
802 : /**
803 : * Test 8: receiving a correct FINISH message from the requester with
804 : * correct MAC and signature (with mutual authentication), and 'handshake in
805 : * the clear'.
806 : * Expected behavior: the responder accepts the request and produces a valid
807 : * FINISH_RSP response message.
808 : **/
809 1 : void rsp_finish_rsp_case8(void **state)
810 : {
811 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
812 : libspdm_return_t status;
813 : libspdm_test_context_t *spdm_test_context;
814 : libspdm_context_t *spdm_context;
815 : size_t response_size;
816 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
817 : spdm_finish_response_t *spdm_response;
818 : void *data1;
819 : size_t data_size1;
820 : void *data2;
821 : size_t data_size2;
822 : uint8_t *ptr;
823 : uint8_t *cert_buffer;
824 : size_t cert_buffer_size;
825 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
826 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
827 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
828 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
829 : libspdm_session_info_t *session_info;
830 : uint32_t session_id;
831 : uint32_t hash_size;
832 : uint32_t hmac_size;
833 : size_t req_asym_signature_size;
834 :
835 1 : spdm_test_context = *state;
836 1 : spdm_context = spdm_test_context->spdm_context;
837 1 : spdm_test_context->case_id = 0x8;
838 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
839 : SPDM_VERSION_NUMBER_SHIFT_BIT;
840 1 : spdm_context->connection_info.connection_state =
841 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
842 1 : spdm_context->connection_info.capability.flags |=
843 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
844 1 : spdm_context->local_context.capability.flags |=
845 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
846 1 : spdm_context->connection_info.algorithm.base_hash_algo =
847 : m_libspdm_use_hash_algo;
848 1 : spdm_context->connection_info.algorithm.base_asym_algo =
849 : m_libspdm_use_asym_algo;
850 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
851 : m_libspdm_use_req_asym_algo;
852 1 : spdm_context->connection_info.algorithm.measurement_spec =
853 : m_libspdm_use_measurement_spec;
854 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
855 : m_libspdm_use_measurement_hash_algo;
856 1 : spdm_context->connection_info.algorithm.dhe_named_group =
857 : m_libspdm_use_dhe_algo;
858 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
859 : m_libspdm_use_aead_algo;
860 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
861 : m_libspdm_use_asym_algo, &data1,
862 : &data_size1, NULL, NULL);
863 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
864 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
865 : data_size1;
866 :
867 1 : libspdm_reset_message_a(spdm_context);
868 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
869 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
870 : m_libspdm_use_req_asym_algo, &data2,
871 : &data_size2, NULL, NULL);
872 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
873 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
874 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
875 : data2, data_size2);
876 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
877 : data_size2;
878 : #else
879 1 : libspdm_hash_all(
880 : spdm_context->connection_info.algorithm.base_hash_algo,
881 : data2, data_size2,
882 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
883 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
884 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
885 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
886 : spdm_context->connection_info.algorithm.base_hash_algo,
887 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
888 : data2,
889 : data_size2,
890 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
891 : #endif
892 :
893 1 : session_id = 0xFFFFFFFF;
894 1 : spdm_context->latest_session_id = session_id;
895 1 : session_info = &spdm_context->session_info[0];
896 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
897 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
898 1 : session_info->peer_used_cert_chain_slot_id = 0;
899 1 : session_info->local_used_cert_chain_slot_id = 0;
900 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
901 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
902 1 : libspdm_secured_message_set_request_finished_key(
903 : session_info->secured_message_context, m_dummy_buffer,
904 : hash_size);
905 1 : libspdm_secured_message_set_session_state(
906 : session_info->secured_message_context,
907 : LIBSPDM_SESSION_STATE_HANDSHAKING);
908 1 : session_info->mut_auth_requested = 1;
909 :
910 1 : spdm_context->connection_info.capability.flags |=
911 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
912 1 : spdm_context->local_context.capability.flags |=
913 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
914 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
915 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
916 1 : req_asym_signature_size =
917 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
918 1 : ptr = m_libspdm_finish_request3.signature;
919 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
920 1 : cert_buffer = (uint8_t *)data1;
921 1 : cert_buffer_size = data_size1;
922 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
923 : cert_buffer_hash);
924 1 : cert_buffer = (uint8_t *)data2;
925 1 : cert_buffer_size = data_size2;
926 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
927 : req_cert_buffer_hash);
928 : /* transcript.message_a size is 0*/
929 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
930 : /* session_transcript.message_k is 0*/
931 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
932 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
933 : sizeof(spdm_finish_request_t));
934 :
935 1 : libspdm_requester_data_sign(
936 : spdm_context,
937 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
938 : 0, SPDM_FINISH,
939 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
940 1 : false, libspdm_get_managed_buffer(&th_curr),
941 : libspdm_get_managed_buffer_size(&th_curr),
942 : ptr, &req_asym_signature_size);
943 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
944 1 : ptr += req_asym_signature_size;
945 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
946 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
947 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
948 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
949 : request_finished_key, hash_size, ptr);
950 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
951 1 : req_asym_signature_size + hmac_size;
952 1 : response_size = sizeof(response);
953 1 : status = libspdm_get_response_finish(spdm_context,
954 : m_libspdm_finish_request3_size,
955 : &m_libspdm_finish_request3,
956 : &response_size, response);
957 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
958 1 : assert_int_equal(response_size,
959 : sizeof(spdm_finish_response_t) + hmac_size);
960 1 : spdm_response = (void *)response;
961 1 : assert_int_equal(spdm_response->header.request_response_code,
962 : SPDM_FINISH_RSP);
963 :
964 1 : g_key_exchange_start_mut_auth = 0;
965 1 : free(data1);
966 1 : free(data2);
967 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
968 1 : }
969 :
970 : /**
971 : * Test 9: receiving a correct FINISH message from the requester, but the
972 : * responder has no capabilities for key exchange.
973 : * Expected behavior: the responder refuses the FINISH message and produces
974 : * an ERROR message indicating the UnsupportedRequest.
975 : **/
976 1 : void rsp_finish_rsp_case9(void **state)
977 : {
978 : libspdm_return_t status;
979 : libspdm_test_context_t *spdm_test_context;
980 : libspdm_context_t *spdm_context;
981 : size_t response_size;
982 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
983 : spdm_finish_response_t *spdm_response;
984 : void *data1;
985 : size_t data_size1;
986 : uint8_t *ptr;
987 : uint8_t *cert_buffer;
988 : size_t cert_buffer_size;
989 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
990 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
991 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
992 : libspdm_session_info_t *session_info;
993 : uint32_t session_id;
994 : uint32_t hash_size;
995 : uint32_t hmac_size;
996 :
997 1 : spdm_test_context = *state;
998 1 : spdm_context = spdm_test_context->spdm_context;
999 1 : spdm_test_context->case_id = 0x9;
1000 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1001 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1002 1 : spdm_context->connection_info.connection_state =
1003 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1004 1 : spdm_context->connection_info.capability.flags = 0;
1005 1 : spdm_context->local_context.capability.flags = 0;
1006 1 : spdm_context->connection_info.capability.flags |=
1007 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1008 : /* no key exchange capabilities (responder)*/
1009 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1010 : m_libspdm_use_hash_algo;
1011 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1012 : m_libspdm_use_asym_algo;
1013 1 : spdm_context->connection_info.algorithm.measurement_spec =
1014 : m_libspdm_use_measurement_spec;
1015 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1016 : m_libspdm_use_measurement_hash_algo;
1017 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1018 : m_libspdm_use_dhe_algo;
1019 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1020 : m_libspdm_use_aead_algo;
1021 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1022 : m_libspdm_use_asym_algo, &data1,
1023 : &data_size1, NULL, NULL);
1024 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1025 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1026 : data_size1;
1027 :
1028 1 : libspdm_reset_message_a(spdm_context);
1029 :
1030 1 : session_id = 0xFFFFFFFF;
1031 1 : spdm_context->latest_session_id = session_id;
1032 1 : session_info = &spdm_context->session_info[0];
1033 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1034 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1035 1 : session_info->local_used_cert_chain_slot_id = 0;
1036 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1037 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1038 1 : libspdm_secured_message_set_request_finished_key(
1039 : session_info->secured_message_context, m_dummy_buffer,
1040 : hash_size);
1041 1 : libspdm_secured_message_set_session_state(
1042 : session_info->secured_message_context,
1043 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1044 :
1045 1 : spdm_context->connection_info.capability.flags |=
1046 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1047 1 : spdm_context->local_context.capability.flags |=
1048 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1049 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1050 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1051 1 : ptr = m_libspdm_finish_request1.signature;
1052 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1053 1 : cert_buffer = (uint8_t *)data1;
1054 1 : cert_buffer_size = data_size1;
1055 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1056 : cert_buffer_hash);
1057 : /* transcript.message_a size is 0*/
1058 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1059 : /* session_transcript.message_k is 0*/
1060 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1061 : sizeof(spdm_finish_request_t));
1062 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1063 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1064 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1065 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1066 : request_finished_key, hash_size, ptr);
1067 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1068 1 : response_size = sizeof(response);
1069 1 : status = libspdm_get_response_finish(spdm_context,
1070 : m_libspdm_finish_request1_size,
1071 : &m_libspdm_finish_request1,
1072 : &response_size, response);
1073 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1074 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1075 1 : spdm_response = (void *)response;
1076 1 : assert_int_equal(spdm_response->header.request_response_code,
1077 : SPDM_ERROR);
1078 1 : assert_int_equal(spdm_response->header.param1,
1079 : SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
1080 1 : assert_int_equal(spdm_response->header.param2, SPDM_FINISH);
1081 1 : free(data1);
1082 1 : }
1083 :
1084 : /**
1085 : * Test 10: receiving a correct FINISH message from the requester, but the
1086 : * responder is not correctly setup by not initializing a session during
1087 : * KEY_EXCHANGE.
1088 : * Expected behavior: the responder refuses the FINISH message and produces
1089 : * an ERROR message indicating the UnsupportedRequest.
1090 : **/
1091 1 : void rsp_finish_rsp_case10(void **state)
1092 : {
1093 : libspdm_return_t status;
1094 : libspdm_test_context_t *spdm_test_context;
1095 : libspdm_context_t *spdm_context;
1096 : size_t response_size;
1097 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1098 : spdm_finish_response_t *spdm_response;
1099 : void *data1;
1100 : size_t data_size1;
1101 : uint8_t *ptr;
1102 : uint8_t *cert_buffer;
1103 : size_t cert_buffer_size;
1104 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1105 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1106 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1107 : libspdm_session_info_t *session_info;
1108 : uint32_t session_id;
1109 : uint32_t hash_size;
1110 : uint32_t hmac_size;
1111 :
1112 1 : spdm_test_context = *state;
1113 1 : spdm_context = spdm_test_context->spdm_context;
1114 1 : spdm_test_context->case_id = 0xA;
1115 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1116 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1117 1 : spdm_context->connection_info.connection_state =
1118 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1119 1 : spdm_context->connection_info.capability.flags |=
1120 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1121 1 : spdm_context->local_context.capability.flags |=
1122 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1123 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1124 : m_libspdm_use_hash_algo;
1125 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1126 : m_libspdm_use_asym_algo;
1127 1 : spdm_context->connection_info.algorithm.measurement_spec =
1128 : m_libspdm_use_measurement_spec;
1129 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1130 : m_libspdm_use_measurement_hash_algo;
1131 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1132 : m_libspdm_use_dhe_algo;
1133 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1134 : m_libspdm_use_aead_algo;
1135 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1136 : m_libspdm_use_asym_algo, &data1,
1137 : &data_size1, NULL, NULL);
1138 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1139 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1140 : data_size1;
1141 :
1142 1 : libspdm_reset_message_a(spdm_context);
1143 :
1144 1 : session_id = 0xFFFFFFFF;
1145 1 : spdm_context->latest_session_id = session_id;
1146 1 : session_info = &spdm_context->session_info[0];
1147 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1148 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1149 1 : session_info->local_used_cert_chain_slot_id = 0;
1150 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1151 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1152 1 : libspdm_secured_message_set_request_finished_key(
1153 : session_info->secured_message_context, m_dummy_buffer,
1154 : hash_size);
1155 1 : libspdm_secured_message_set_session_state(
1156 : session_info->secured_message_context,
1157 : LIBSPDM_SESSION_STATE_NOT_STARTED);
1158 :
1159 1 : spdm_context->connection_info.capability.flags |=
1160 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1161 1 : spdm_context->local_context.capability.flags |=
1162 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1163 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1164 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1165 1 : ptr = m_libspdm_finish_request1.signature;
1166 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1167 1 : cert_buffer = (uint8_t *)data1;
1168 1 : cert_buffer_size = data_size1;
1169 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1170 : cert_buffer_hash);
1171 : /* transcript.message_a size is 0*/
1172 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1173 : /* session_transcript.message_k is 0*/
1174 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1175 : sizeof(spdm_finish_request_t));
1176 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1177 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1178 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1179 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1180 : request_finished_key, hash_size, ptr);
1181 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1182 1 : response_size = sizeof(response);
1183 1 : status = libspdm_get_response_finish(spdm_context,
1184 : m_libspdm_finish_request1_size,
1185 : &m_libspdm_finish_request1,
1186 : &response_size, response);
1187 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1188 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1189 1 : spdm_response = (void *)response;
1190 1 : assert_int_equal(spdm_response->header.request_response_code,
1191 : SPDM_ERROR);
1192 1 : assert_int_equal(spdm_response->header.param1,
1193 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
1194 1 : assert_int_equal(spdm_response->header.param2, 0);
1195 1 : free(data1);
1196 1 : }
1197 :
1198 : /**
1199 : * Test 11: receiving a FINISH message from the requester with an incorrect
1200 : * MAC (all-zero).
1201 : * Expected behavior: the responder refuses the FINISH message and produces
1202 : * an ERROR message indicating the DecryptError.
1203 : **/
1204 1 : void rsp_finish_rsp_case11(void **state)
1205 : {
1206 : libspdm_return_t status;
1207 : libspdm_test_context_t *spdm_test_context;
1208 : libspdm_context_t *spdm_context;
1209 : size_t response_size;
1210 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1211 : spdm_finish_response_t *spdm_response;
1212 : void *data1;
1213 : size_t data_size1;
1214 : uint8_t *ptr;
1215 : libspdm_session_info_t *session_info;
1216 : uint32_t session_id;
1217 : uint32_t hash_size;
1218 : uint32_t hmac_size;
1219 :
1220 1 : spdm_test_context = *state;
1221 1 : spdm_context = spdm_test_context->spdm_context;
1222 1 : spdm_test_context->case_id = 0xB;
1223 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1224 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1225 1 : spdm_context->connection_info.connection_state =
1226 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1227 1 : spdm_context->connection_info.capability.flags |=
1228 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1229 1 : spdm_context->local_context.capability.flags |=
1230 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1231 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1232 : m_libspdm_use_hash_algo;
1233 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1234 : m_libspdm_use_asym_algo;
1235 1 : spdm_context->connection_info.algorithm.measurement_spec =
1236 : m_libspdm_use_measurement_spec;
1237 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1238 : m_libspdm_use_measurement_hash_algo;
1239 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1240 : m_libspdm_use_dhe_algo;
1241 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1242 : m_libspdm_use_aead_algo;
1243 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1244 : m_libspdm_use_asym_algo, &data1,
1245 : &data_size1, NULL, NULL);
1246 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1247 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1248 : data_size1;
1249 :
1250 1 : libspdm_reset_message_a(spdm_context);
1251 :
1252 1 : session_id = 0xFFFFFFFF;
1253 1 : spdm_context->latest_session_id = session_id;
1254 1 : session_info = &spdm_context->session_info[0];
1255 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1256 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1257 1 : session_info->local_used_cert_chain_slot_id = 0;
1258 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1259 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1260 1 : libspdm_secured_message_set_request_finished_key(
1261 : session_info->secured_message_context, m_dummy_buffer,
1262 : hash_size);
1263 1 : libspdm_secured_message_set_session_state(
1264 : session_info->secured_message_context,
1265 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1266 :
1267 1 : spdm_context->connection_info.capability.flags |=
1268 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1269 1 : spdm_context->local_context.capability.flags |=
1270 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1271 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1272 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1273 1 : ptr = m_libspdm_finish_request1.signature;
1274 1 : libspdm_set_mem(ptr, hmac_size, (uint8_t)(0x00)); /*all-zero MAC*/
1275 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1276 1 : response_size = sizeof(response);
1277 1 : status = libspdm_get_response_finish(spdm_context,
1278 : m_libspdm_finish_request1_size,
1279 : &m_libspdm_finish_request1,
1280 : &response_size, response);
1281 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1282 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1283 1 : spdm_response = (void *)response;
1284 1 : assert_int_equal(spdm_response->header.request_response_code,
1285 : SPDM_ERROR);
1286 1 : assert_int_equal(spdm_response->header.param1,
1287 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1288 1 : assert_int_equal(spdm_response->header.param2, 0);
1289 1 : free(data1);
1290 1 : }
1291 :
1292 : /**
1293 : * Test 12: receiving a FINISH message from the requester with an incorrect
1294 : * MAC (arbitrary).
1295 : * Expected behavior: the responder refuses the FINISH message and produces
1296 : * an ERROR message indicating the DecryptError.
1297 : **/
1298 1 : void rsp_finish_rsp_case12(void **state)
1299 : {
1300 : libspdm_return_t status;
1301 : libspdm_test_context_t *spdm_test_context;
1302 : libspdm_context_t *spdm_context;
1303 : size_t response_size;
1304 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1305 : spdm_finish_response_t *spdm_response;
1306 : void *data1;
1307 : size_t data_size1;
1308 : uint8_t *ptr;
1309 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1310 : uint8_t zero_data[LIBSPDM_MAX_HASH_SIZE];
1311 : libspdm_session_info_t *session_info;
1312 : uint32_t session_id;
1313 : uint32_t hash_size;
1314 : uint32_t hmac_size;
1315 :
1316 1 : spdm_test_context = *state;
1317 1 : spdm_context = spdm_test_context->spdm_context;
1318 1 : spdm_test_context->case_id = 0xC;
1319 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1320 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1321 1 : spdm_context->connection_info.connection_state =
1322 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1323 1 : spdm_context->connection_info.capability.flags |=
1324 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1325 1 : spdm_context->local_context.capability.flags |=
1326 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1327 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1328 : m_libspdm_use_hash_algo;
1329 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1330 : m_libspdm_use_asym_algo;
1331 1 : spdm_context->connection_info.algorithm.measurement_spec =
1332 : m_libspdm_use_measurement_spec;
1333 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1334 : m_libspdm_use_measurement_hash_algo;
1335 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1336 : m_libspdm_use_dhe_algo;
1337 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1338 : m_libspdm_use_aead_algo;
1339 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1340 : m_libspdm_use_asym_algo, &data1,
1341 : &data_size1, NULL, NULL);
1342 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1343 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1344 : data_size1;
1345 :
1346 1 : libspdm_reset_message_a(spdm_context);
1347 :
1348 1 : session_id = 0xFFFFFFFF;
1349 1 : spdm_context->latest_session_id = session_id;
1350 1 : session_info = &spdm_context->session_info[0];
1351 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1352 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1353 1 : session_info->local_used_cert_chain_slot_id = 0;
1354 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1355 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1356 1 : libspdm_secured_message_set_request_finished_key(
1357 : session_info->secured_message_context, m_dummy_buffer,
1358 : hash_size);
1359 1 : libspdm_secured_message_set_session_state(
1360 : session_info->secured_message_context,
1361 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1362 :
1363 1 : spdm_context->connection_info.capability.flags |=
1364 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1365 1 : spdm_context->local_context.capability.flags |=
1366 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1367 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1368 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1369 1 : ptr = m_libspdm_finish_request1.signature;
1370 : /*arbitrary MAC*/
1371 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1372 1 : libspdm_set_mem(zero_data, hash_size, (uint8_t)(0x00));
1373 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, zero_data, hash_size,
1374 : request_finished_key, hash_size, ptr);
1375 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1376 1 : response_size = sizeof(response);
1377 1 : status = libspdm_get_response_finish(spdm_context,
1378 : m_libspdm_finish_request1_size,
1379 : &m_libspdm_finish_request1,
1380 : &response_size, response);
1381 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1382 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1383 1 : spdm_response = (void *)response;
1384 1 : assert_int_equal(spdm_response->header.request_response_code,
1385 : SPDM_ERROR);
1386 1 : assert_int_equal(spdm_response->header.param1,
1387 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1388 1 : assert_int_equal(spdm_response->header.param2, 0);
1389 1 : free(data1);
1390 1 : }
1391 :
1392 : /**
1393 : * Test 13:
1394 : * Expected behavior:
1395 : **/
1396 1 : void rsp_finish_rsp_case13(void **state)
1397 : {
1398 1 : }
1399 :
1400 : /**
1401 : * Test 14: receiving a FINISH message from the requester with an incorrect
1402 : * MAC size (only the correct first half of the MAC).
1403 : * Expected behavior: the responder refuses the FINISH message and produces
1404 : * an ERROR message indicating the InvalidRequest.
1405 : **/
1406 1 : void rsp_finish_rsp_case14(void **state)
1407 : {
1408 : libspdm_return_t status;
1409 : libspdm_test_context_t *spdm_test_context;
1410 : libspdm_context_t *spdm_context;
1411 : size_t response_size;
1412 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1413 : spdm_finish_response_t *spdm_response;
1414 : void *data1;
1415 : size_t data_size1;
1416 : uint8_t *ptr;
1417 : uint8_t *cert_buffer;
1418 : size_t cert_buffer_size;
1419 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1420 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1421 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1422 : libspdm_session_info_t *session_info;
1423 : uint32_t session_id;
1424 : uint32_t hash_size;
1425 : uint32_t hmac_size;
1426 :
1427 1 : spdm_test_context = *state;
1428 1 : spdm_context = spdm_test_context->spdm_context;
1429 1 : spdm_test_context->case_id = 0xE;
1430 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1431 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1432 1 : spdm_context->connection_info.connection_state =
1433 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1434 1 : spdm_context->connection_info.capability.flags |=
1435 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1436 1 : spdm_context->local_context.capability.flags |=
1437 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1438 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1439 : m_libspdm_use_hash_algo;
1440 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1441 : m_libspdm_use_asym_algo;
1442 1 : spdm_context->connection_info.algorithm.measurement_spec =
1443 : m_libspdm_use_measurement_spec;
1444 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1445 : m_libspdm_use_measurement_hash_algo;
1446 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1447 : m_libspdm_use_dhe_algo;
1448 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1449 : m_libspdm_use_aead_algo;
1450 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1451 : m_libspdm_use_asym_algo, &data1,
1452 : &data_size1, NULL, NULL);
1453 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1454 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1455 : data_size1;
1456 :
1457 1 : libspdm_reset_message_a(spdm_context);
1458 :
1459 1 : session_id = 0xFFFFFFFF;
1460 1 : spdm_context->latest_session_id = session_id;
1461 1 : session_info = &spdm_context->session_info[0];
1462 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1463 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1464 1 : session_info->local_used_cert_chain_slot_id = 0;
1465 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1466 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1467 1 : libspdm_secured_message_set_request_finished_key(
1468 : session_info->secured_message_context, m_dummy_buffer,
1469 : hash_size);
1470 1 : libspdm_secured_message_set_session_state(
1471 : session_info->secured_message_context,
1472 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1473 :
1474 1 : spdm_context->connection_info.capability.flags |=
1475 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1476 1 : spdm_context->local_context.capability.flags |=
1477 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1478 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1479 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1480 1 : ptr = m_libspdm_finish_request1.signature;
1481 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1482 1 : cert_buffer = (uint8_t *)data1;
1483 1 : cert_buffer_size = data_size1;
1484 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1485 : cert_buffer_hash);
1486 : /* transcript.message_a size is 0*/
1487 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1488 : /* session_transcript.message_k is 0*/
1489 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1490 : sizeof(spdm_finish_request_t));
1491 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1492 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1493 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1494 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1495 : request_finished_key, hash_size, ptr);
1496 1 : libspdm_set_mem(ptr + hmac_size/2, hmac_size/2, (uint8_t) 0x00); /* half HMAC size*/
1497 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size/2;
1498 1 : response_size = sizeof(response);
1499 1 : status = libspdm_get_response_finish(spdm_context,
1500 : m_libspdm_finish_request1_size,
1501 : &m_libspdm_finish_request1,
1502 : &response_size, response);
1503 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1504 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1505 1 : spdm_response = (void *)response;
1506 1 : assert_int_equal(spdm_response->header.request_response_code,
1507 : SPDM_ERROR);
1508 1 : assert_int_equal(spdm_response->header.param1,
1509 : SPDM_ERROR_CODE_INVALID_REQUEST);
1510 1 : assert_int_equal(spdm_response->header.param2, 0);
1511 1 : free(data1);
1512 1 : }
1513 :
1514 : /**
1515 : * Test 15: receiving a FINISH message from the requester with an incorrect
1516 : * signature (all-zero), but a correct MAC.
1517 : * Expected behavior: the responder refuses the FINISH message and produces
1518 : * an ERROR message indicating the DecryptError.
1519 : **/
1520 1 : void rsp_finish_rsp_case15(void **state)
1521 : {
1522 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1523 : libspdm_return_t status;
1524 : libspdm_test_context_t *spdm_test_context;
1525 : libspdm_context_t *spdm_context;
1526 : size_t response_size;
1527 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1528 : spdm_finish_response_t *spdm_response;
1529 : void *data1;
1530 : size_t data_size1;
1531 : void *data2;
1532 : size_t data_size2;
1533 : uint8_t *ptr;
1534 : uint8_t *cert_buffer;
1535 : size_t cert_buffer_size;
1536 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1537 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1538 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1539 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1540 : libspdm_session_info_t *session_info;
1541 : uint32_t session_id;
1542 : uint32_t hash_size;
1543 : uint32_t hmac_size;
1544 : size_t req_asym_signature_size;
1545 :
1546 1 : spdm_test_context = *state;
1547 1 : spdm_context = spdm_test_context->spdm_context;
1548 1 : spdm_test_context->case_id = 0xF;
1549 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1550 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1551 1 : spdm_context->connection_info.connection_state =
1552 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1553 1 : spdm_context->connection_info.capability.flags |=
1554 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1555 1 : spdm_context->local_context.capability.flags |=
1556 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1557 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1558 : m_libspdm_use_hash_algo;
1559 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1560 : m_libspdm_use_asym_algo;
1561 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
1562 : m_libspdm_use_req_asym_algo;
1563 1 : spdm_context->connection_info.algorithm.measurement_spec =
1564 : m_libspdm_use_measurement_spec;
1565 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1566 : m_libspdm_use_measurement_hash_algo;
1567 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1568 : m_libspdm_use_dhe_algo;
1569 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1570 : m_libspdm_use_aead_algo;
1571 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1572 : m_libspdm_use_asym_algo, &data1,
1573 : &data_size1, NULL, NULL);
1574 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1575 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1576 : data_size1;
1577 :
1578 1 : libspdm_reset_message_a(spdm_context);
1579 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
1580 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1581 : m_libspdm_use_req_asym_algo, &data2,
1582 : &data_size2, NULL, NULL);
1583 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1584 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1585 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1586 : data2, data_size2);
1587 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
1588 : data_size2;
1589 : #endif
1590 :
1591 1 : session_id = 0xFFFFFFFF;
1592 1 : spdm_context->latest_session_id = session_id;
1593 1 : session_info = &spdm_context->session_info[0];
1594 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1595 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1596 1 : session_info->local_used_cert_chain_slot_id = 0;
1597 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1598 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1599 1 : libspdm_secured_message_set_request_finished_key(
1600 : session_info->secured_message_context, m_dummy_buffer,
1601 : hash_size);
1602 1 : libspdm_secured_message_set_session_state(
1603 : session_info->secured_message_context,
1604 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1605 1 : session_info->mut_auth_requested = 1;
1606 :
1607 1 : spdm_context->connection_info.capability.flags |=
1608 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1609 1 : spdm_context->local_context.capability.flags |=
1610 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1611 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1612 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1613 1 : req_asym_signature_size =
1614 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1615 1 : ptr = m_libspdm_finish_request3.signature;
1616 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1617 1 : cert_buffer = (uint8_t *)data1;
1618 1 : cert_buffer_size = data_size1;
1619 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1620 : cert_buffer_hash);
1621 1 : cert_buffer = (uint8_t *)data2;
1622 1 : cert_buffer_size = data_size2;
1623 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1624 : req_cert_buffer_hash);
1625 : /* transcript.message_a size is 0*/
1626 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1627 : /* session_transcript.message_k is 0*/
1628 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1629 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
1630 : sizeof(spdm_finish_request_t));
1631 :
1632 1 : libspdm_requester_data_sign(
1633 : spdm_context,
1634 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1635 : 0, SPDM_FINISH,
1636 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
1637 1 : false, libspdm_get_managed_buffer(&th_curr),
1638 : libspdm_get_managed_buffer_size(&th_curr),
1639 : ptr, &req_asym_signature_size);
1640 :
1641 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1642 1 : ptr += req_asym_signature_size;
1643 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1644 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1645 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1646 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1647 : request_finished_key, hash_size, ptr);
1648 1 : libspdm_set_mem(m_libspdm_finish_request3.signature,
1649 : req_asym_signature_size, (uint8_t) 0x00); /*zero signature*/
1650 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
1651 1 : req_asym_signature_size + hmac_size;
1652 1 : response_size = sizeof(response);
1653 1 : status = libspdm_get_response_finish(spdm_context,
1654 : m_libspdm_finish_request3_size,
1655 : &m_libspdm_finish_request3,
1656 : &response_size, response);
1657 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1658 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1659 1 : spdm_response = (void *)response;
1660 1 : assert_int_equal(spdm_response->header.request_response_code,
1661 : SPDM_ERROR);
1662 1 : assert_int_equal(spdm_response->header.param1,
1663 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1664 1 : assert_int_equal(spdm_response->header.param2, 0);
1665 :
1666 1 : g_key_exchange_start_mut_auth = 0;
1667 1 : free(data1);
1668 1 : free(data2);
1669 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
1670 1 : }
1671 :
1672 : /**
1673 : * Test 16: receiving a FINISH message from the requester with an incorrect
1674 : * signature (arbitrary), but a correct MAC.
1675 : * Expected behavior: the responder refuses the FINISH message and produces
1676 : * an ERROR message indicating the DecryptError.
1677 : **/
1678 1 : void rsp_finish_rsp_case16(void **state)
1679 : {
1680 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1681 : libspdm_return_t status;
1682 : libspdm_test_context_t *spdm_test_context;
1683 : libspdm_context_t *spdm_context;
1684 : size_t response_size;
1685 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1686 : spdm_finish_response_t *spdm_response;
1687 : void *data1;
1688 : size_t data_size1;
1689 : void *data2;
1690 : size_t data_size2;
1691 : uint8_t *ptr;
1692 : uint8_t *cert_buffer;
1693 : size_t cert_buffer_size;
1694 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1695 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1696 : uint8_t random_buffer[LIBSPDM_MAX_HASH_SIZE];
1697 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1698 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1699 : libspdm_session_info_t *session_info;
1700 : uint32_t session_id;
1701 : uint32_t hash_size;
1702 : uint32_t hmac_size;
1703 : size_t req_asym_signature_size;
1704 :
1705 1 : spdm_test_context = *state;
1706 1 : spdm_context = spdm_test_context->spdm_context;
1707 1 : spdm_test_context->case_id = 0x10;
1708 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1709 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1710 1 : spdm_context->connection_info.connection_state =
1711 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1712 1 : spdm_context->connection_info.capability.flags |=
1713 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1714 1 : spdm_context->local_context.capability.flags |=
1715 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1716 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1717 : m_libspdm_use_hash_algo;
1718 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1719 : m_libspdm_use_asym_algo;
1720 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
1721 : m_libspdm_use_req_asym_algo;
1722 1 : spdm_context->connection_info.algorithm.measurement_spec =
1723 : m_libspdm_use_measurement_spec;
1724 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1725 : m_libspdm_use_measurement_hash_algo;
1726 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1727 : m_libspdm_use_dhe_algo;
1728 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1729 : m_libspdm_use_aead_algo;
1730 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1731 : m_libspdm_use_asym_algo, &data1,
1732 : &data_size1, NULL, NULL);
1733 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1734 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1735 : data_size1;
1736 :
1737 1 : libspdm_reset_message_a(spdm_context);
1738 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
1739 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1740 : m_libspdm_use_req_asym_algo, &data2,
1741 : &data_size2, NULL, NULL);
1742 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1743 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1744 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1745 : data2, data_size2);
1746 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
1747 : data_size2;
1748 : #endif
1749 :
1750 1 : session_id = 0xFFFFFFFF;
1751 1 : spdm_context->latest_session_id = session_id;
1752 1 : session_info = &spdm_context->session_info[0];
1753 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1754 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1755 1 : session_info->local_used_cert_chain_slot_id = 0;
1756 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1757 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1758 1 : libspdm_secured_message_set_request_finished_key(
1759 : session_info->secured_message_context, m_dummy_buffer,
1760 : hash_size);
1761 1 : libspdm_secured_message_set_session_state(
1762 : session_info->secured_message_context,
1763 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1764 1 : session_info->mut_auth_requested = 1;
1765 :
1766 1 : spdm_context->connection_info.capability.flags |=
1767 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1768 1 : spdm_context->local_context.capability.flags |=
1769 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1770 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1771 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1772 1 : req_asym_signature_size =
1773 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1774 1 : ptr = m_libspdm_finish_request3.signature;
1775 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1776 1 : cert_buffer = (uint8_t *)data1;
1777 1 : cert_buffer_size = data_size1;
1778 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1779 : cert_buffer_hash);
1780 1 : cert_buffer = (uint8_t *)data2;
1781 1 : cert_buffer_size = data_size2;
1782 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
1783 : req_cert_buffer_hash);
1784 : /* transcript.message_a size is 0*/
1785 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1786 : /* session_transcript.message_k is 0*/
1787 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1788 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
1789 : sizeof(spdm_finish_request_t));
1790 : /*randomize signature*/
1791 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1792 : libspdm_get_managed_buffer_size(&th_curr), random_buffer);
1793 :
1794 1 : libspdm_requester_data_sign(
1795 : spdm_context,
1796 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1797 : 0, SPDM_FINISH,
1798 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
1799 : false, random_buffer, hash_size, ptr, &req_asym_signature_size);
1800 :
1801 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1802 1 : ptr += req_asym_signature_size;
1803 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1804 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1805 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1806 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1807 : request_finished_key, hash_size, ptr);
1808 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
1809 1 : req_asym_signature_size + hmac_size;
1810 1 : response_size = sizeof(response);
1811 1 : status = libspdm_get_response_finish(spdm_context,
1812 : m_libspdm_finish_request3_size,
1813 : &m_libspdm_finish_request3,
1814 : &response_size, response);
1815 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1816 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1817 1 : spdm_response = (void *)response;
1818 1 : assert_int_equal(spdm_response->header.request_response_code,
1819 : SPDM_ERROR);
1820 1 : assert_int_equal(spdm_response->header.param1,
1821 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1822 1 : assert_int_equal(spdm_response->header.param2, 0);
1823 :
1824 1 : g_key_exchange_start_mut_auth = 0;
1825 1 : free(data1);
1826 1 : free(data2);
1827 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
1828 1 : }
1829 :
1830 : /**
1831 : * Test 17: receiving a correct FINISH from the requester.
1832 : * Expected behavior: the responder accepts the request and produces a valid FINISH
1833 : * response message, and buffer F receives the exchanged FINISH and FINISH_RSP messages.
1834 : **/
1835 1 : void rsp_finish_rsp_case17(void **state)
1836 : {
1837 : libspdm_return_t status;
1838 : libspdm_test_context_t *spdm_test_context;
1839 : libspdm_context_t *spdm_context;
1840 : size_t response_size;
1841 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1842 : spdm_finish_response_t *spdm_response;
1843 : void *data1;
1844 : size_t data_size1;
1845 : uint8_t *ptr;
1846 : uint8_t *cert_buffer;
1847 : size_t cert_buffer_size;
1848 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1849 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1850 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1851 : libspdm_session_info_t *session_info;
1852 : uint32_t session_id;
1853 : uint32_t hash_size;
1854 : uint32_t hmac_size;
1855 :
1856 1 : spdm_test_context = *state;
1857 1 : spdm_context = spdm_test_context->spdm_context;
1858 1 : spdm_test_context->case_id = 0x11;
1859 1 : spdm_context->connection_info.connection_state =
1860 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1861 1 : spdm_context->connection_info.capability.flags |=
1862 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1863 1 : spdm_context->local_context.capability.flags |=
1864 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1865 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1866 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1867 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1868 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1869 : m_libspdm_use_measurement_hash_algo;
1870 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1871 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1872 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1873 : m_libspdm_use_asym_algo, &data1,
1874 : &data_size1, NULL, NULL);
1875 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1876 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1877 :
1878 1 : libspdm_reset_message_a(spdm_context);
1879 :
1880 1 : session_id = 0xFFFFFFFF;
1881 1 : spdm_context->latest_session_id = session_id;
1882 1 : session_info = &spdm_context->session_info[0];
1883 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1884 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1885 1 : session_info->local_used_cert_chain_slot_id = 0;
1886 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1887 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1888 1 : libspdm_secured_message_set_request_finished_key(
1889 : session_info->secured_message_context, m_dummy_buffer, hash_size);
1890 1 : libspdm_secured_message_set_session_state(
1891 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1892 :
1893 1 : spdm_context->connection_info.capability.flags |=
1894 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1895 1 : spdm_context->local_context.capability.flags |=
1896 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1897 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1898 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1899 1 : ptr = m_libspdm_finish_request1.signature;
1900 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1901 1 : cert_buffer = (uint8_t *)data1;
1902 1 : cert_buffer_size = data_size1;
1903 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1904 : /* transcript.message_a size is 0*/
1905 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1906 : /* session_transcript.message_k is 0*/
1907 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1908 : sizeof(spdm_finish_request_t));
1909 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1910 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1911 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1912 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1913 : request_finished_key, hash_size, ptr);
1914 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1915 1 : response_size = sizeof(response);
1916 1 : status = libspdm_get_response_finish(
1917 : spdm_context, m_libspdm_finish_request1_size, &m_libspdm_finish_request1,
1918 : &response_size, response);
1919 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1920 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
1921 1 : spdm_response = (void *)response;
1922 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
1923 :
1924 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1925 : assert_int_equal(spdm_context->session_info[0].session_transcript.message_f.buffer_size,
1926 : m_libspdm_finish_request1_size + response_size);
1927 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer,
1928 : &m_libspdm_finish_request1, m_libspdm_finish_request1_size);
1929 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer +
1930 : m_libspdm_finish_request1_size,
1931 : response, response_size);
1932 : #endif
1933 :
1934 1 : free(data1);
1935 1 : }
1936 :
1937 : /**
1938 : * Test 18: receiving a correct FINISH message from the requester with
1939 : * correct MAC and signature (with mutual authentication), and 'handshake in
1940 : * the clear'. The slot_id for requester mutual authentication is 0xFF.
1941 : * Expected behavior: the responder accepts the request and produces a valid
1942 : * FINISH_RSP response message.
1943 : **/
1944 1 : void rsp_finish_rsp_case18(void **state)
1945 : {
1946 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1947 : libspdm_return_t status;
1948 : libspdm_test_context_t *spdm_test_context;
1949 : libspdm_context_t *spdm_context;
1950 : size_t response_size;
1951 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1952 : spdm_finish_response_t *spdm_response;
1953 : void *data1;
1954 : size_t data_size1;
1955 : void *data2;
1956 : size_t data_size2;
1957 : uint8_t *ptr;
1958 : uint8_t *cert_buffer;
1959 : size_t cert_buffer_size;
1960 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1961 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1962 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1963 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1964 : libspdm_session_info_t *session_info;
1965 : uint32_t session_id;
1966 : uint32_t hash_size;
1967 : uint32_t hmac_size;
1968 : size_t req_asym_signature_size;
1969 :
1970 1 : spdm_test_context = *state;
1971 1 : spdm_context = spdm_test_context->spdm_context;
1972 1 : spdm_test_context->case_id = 0x12;
1973 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1974 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1975 1 : spdm_context->connection_info.connection_state =
1976 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1977 1 : spdm_context->connection_info.capability.flags |=
1978 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1979 1 : spdm_context->local_context.capability.flags |=
1980 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1981 1 : spdm_context->connection_info.capability.flags |=
1982 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP;
1983 1 : spdm_context->local_context.capability.flags |=
1984 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PUB_KEY_ID_CAP;
1985 1 : spdm_context->connection_info.capability.flags |=
1986 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1987 1 : spdm_context->local_context.capability.flags |=
1988 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1989 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1990 : m_libspdm_use_hash_algo;
1991 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1992 : m_libspdm_use_asym_algo;
1993 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
1994 : m_libspdm_use_req_asym_algo;
1995 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1996 : m_libspdm_use_dhe_algo;
1997 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1998 : m_libspdm_use_aead_algo;
1999 1 : libspdm_read_responder_public_key(m_libspdm_use_asym_algo, &data1, &data_size1);
2000 1 : spdm_context->local_context.local_public_key_provision = data1;
2001 1 : spdm_context->local_context.local_public_key_provision_size = data_size1;
2002 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2003 1 : libspdm_read_requester_public_key(m_libspdm_use_req_asym_algo, &data2, &data_size2);
2004 1 : spdm_context->local_context.peer_public_key_provision = data2;
2005 1 : spdm_context->local_context.peer_public_key_provision_size = data_size2;
2006 :
2007 1 : spdm_context->encap_context.req_slot_id = 0xFF;
2008 :
2009 1 : libspdm_reset_message_a(spdm_context);
2010 :
2011 1 : session_id = 0xFFFFFFFF;
2012 1 : spdm_context->latest_session_id = session_id;
2013 1 : session_info = &spdm_context->session_info[0];
2014 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2015 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2016 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2017 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2018 1 : libspdm_secured_message_set_request_finished_key(
2019 : session_info->secured_message_context, m_dummy_buffer,
2020 : hash_size);
2021 1 : libspdm_secured_message_set_session_state(
2022 : session_info->secured_message_context,
2023 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2024 1 : session_info->mut_auth_requested = 1;
2025 1 : session_info->local_used_cert_chain_slot_id = 0xFF;
2026 1 : session_info->peer_used_cert_chain_slot_id = 0xFF;
2027 :
2028 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2029 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2030 1 : req_asym_signature_size =
2031 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2032 1 : ptr = m_libspdm_finish_request4.signature;
2033 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2034 1 : cert_buffer = (uint8_t *)data1;
2035 1 : cert_buffer_size = data_size1;
2036 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2037 : cert_buffer_hash);
2038 1 : cert_buffer = (uint8_t *)data2;
2039 1 : cert_buffer_size = data_size2;
2040 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2041 : req_cert_buffer_hash);
2042 : /* transcript.message_a size is 0*/
2043 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2044 : /* session_transcript.message_k is 0*/
2045 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2046 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request4,
2047 : sizeof(spdm_finish_request_t));
2048 :
2049 1 : libspdm_requester_data_sign(
2050 : spdm_context,
2051 1 : m_libspdm_finish_request4.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2052 : 0, SPDM_FINISH,
2053 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2054 1 : false, libspdm_get_managed_buffer(&th_curr),
2055 : libspdm_get_managed_buffer_size(&th_curr),
2056 : ptr, &req_asym_signature_size);
2057 :
2058 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2059 1 : ptr += req_asym_signature_size;
2060 :
2061 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2062 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2063 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2064 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2065 : request_finished_key, hash_size, ptr);
2066 1 : m_libspdm_finish_request4_size = sizeof(spdm_finish_request_t) +
2067 1 : req_asym_signature_size + hmac_size;
2068 1 : response_size = sizeof(response);
2069 1 : status = libspdm_get_response_finish(spdm_context,
2070 : m_libspdm_finish_request4_size,
2071 : &m_libspdm_finish_request4,
2072 : &response_size, response);
2073 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2074 1 : assert_int_equal(response_size,
2075 : sizeof(spdm_finish_response_t) + hmac_size);
2076 1 : spdm_response = (void *)response;
2077 1 : assert_int_equal(spdm_response->header.request_response_code,
2078 : SPDM_FINISH_RSP);
2079 :
2080 1 : g_key_exchange_start_mut_auth = 0;
2081 1 : free(data1);
2082 1 : free(data2);
2083 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
2084 1 : }
2085 :
2086 : /**
2087 : * Test 19: receiving a invalid FINISH request message, enable mutual authentication without using the encapsulated request flow,
2088 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
2089 : * SlotID in FINISH request message is 10, but it shall be 0xFF or between 0 and 7 inclusive.
2090 : * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
2091 : **/
2092 1 : void rsp_finish_rsp_case19(void **state)
2093 : {
2094 : libspdm_return_t status;
2095 : libspdm_test_context_t *spdm_test_context;
2096 : libspdm_context_t *spdm_context;
2097 : size_t response_size;
2098 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2099 : spdm_finish_response_t *spdm_response;
2100 : void *data1;
2101 : size_t data_size1;
2102 : void *data2;
2103 : size_t data_size2;
2104 : uint8_t *ptr;
2105 : uint8_t *cert_buffer;
2106 : size_t cert_buffer_size;
2107 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2108 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2109 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2110 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2111 : libspdm_session_info_t *session_info;
2112 : uint32_t session_id;
2113 : uint32_t hash_size;
2114 : uint32_t hmac_size;
2115 : size_t req_asym_signature_size;
2116 :
2117 1 : spdm_test_context = *state;
2118 1 : spdm_context = spdm_test_context->spdm_context;
2119 1 : spdm_test_context->case_id = 0x13;
2120 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2121 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2122 1 : spdm_context->connection_info.connection_state =
2123 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2124 1 : spdm_context->connection_info.capability.flags |=
2125 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2126 1 : spdm_context->local_context.capability.flags |=
2127 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2128 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2129 : m_libspdm_use_hash_algo;
2130 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2131 : m_libspdm_use_asym_algo;
2132 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2133 : m_libspdm_use_req_asym_algo;
2134 1 : spdm_context->connection_info.algorithm.measurement_spec =
2135 : m_libspdm_use_measurement_spec;
2136 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2137 : m_libspdm_use_measurement_hash_algo;
2138 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2139 : m_libspdm_use_dhe_algo;
2140 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2141 : m_libspdm_use_aead_algo;
2142 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2143 : m_libspdm_use_asym_algo, &data1,
2144 : &data_size1, NULL, NULL);
2145 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2146 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2147 : data_size1;
2148 :
2149 1 : libspdm_reset_message_a(spdm_context);
2150 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2151 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2152 : m_libspdm_use_req_asym_algo, &data2,
2153 : &data_size2, NULL, NULL);
2154 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2155 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2156 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2157 : data2, data_size2);
2158 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2159 : data_size2;
2160 : #else
2161 1 : libspdm_hash_all(
2162 : spdm_context->connection_info.algorithm.base_hash_algo,
2163 : data2, data_size2,
2164 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2165 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2166 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2167 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2168 : spdm_context->connection_info.algorithm.base_hash_algo,
2169 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2170 : data2,
2171 : data_size2,
2172 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2173 : #endif
2174 :
2175 1 : session_id = 0xFFFFFFFF;
2176 1 : spdm_context->latest_session_id = session_id;
2177 1 : session_info = &spdm_context->session_info[0];
2178 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2179 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2180 1 : session_info->peer_used_cert_chain_slot_id = 0;
2181 1 : session_info->local_used_cert_chain_slot_id = 0;
2182 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2183 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2184 1 : libspdm_secured_message_set_request_finished_key(
2185 : session_info->secured_message_context, m_dummy_buffer,
2186 : hash_size);
2187 1 : libspdm_secured_message_set_session_state(
2188 : session_info->secured_message_context,
2189 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2190 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2191 :
2192 1 : spdm_context->connection_info.capability.flags |=
2193 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2194 1 : spdm_context->local_context.capability.flags |=
2195 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2196 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2197 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2198 1 : req_asym_signature_size =
2199 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2200 1 : ptr = m_libspdm_finish_request5.signature;
2201 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2202 1 : cert_buffer = (uint8_t *)data1;
2203 1 : cert_buffer_size = data_size1;
2204 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2205 : cert_buffer_hash);
2206 1 : cert_buffer = (uint8_t *)data2;
2207 1 : cert_buffer_size = data_size2;
2208 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2209 : req_cert_buffer_hash);
2210 : /* transcript.message_a size is 0*/
2211 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2212 : /* session_transcript.message_k is 0*/
2213 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2214 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request5,
2215 : sizeof(spdm_finish_request_t));
2216 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2217 1 : libspdm_requester_data_sign(
2218 : spdm_context,
2219 1 : m_libspdm_finish_request5.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2220 : 0, SPDM_FINISH,
2221 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2222 1 : false, libspdm_get_managed_buffer(&th_curr),
2223 : libspdm_get_managed_buffer_size(&th_curr),
2224 : ptr, &req_asym_signature_size);
2225 : #endif
2226 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2227 1 : ptr += req_asym_signature_size;
2228 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2229 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2230 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2231 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2232 : request_finished_key, hash_size, ptr);
2233 1 : m_libspdm_finish_request5_size = sizeof(spdm_finish_request_t) +
2234 1 : req_asym_signature_size + hmac_size;
2235 1 : response_size = sizeof(response);
2236 1 : status = libspdm_get_response_finish(spdm_context,
2237 : m_libspdm_finish_request5_size,
2238 : &m_libspdm_finish_request5,
2239 : &response_size, response);
2240 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2241 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2242 1 : spdm_response = (void *)response;
2243 1 : assert_int_equal(spdm_response->header.request_response_code,
2244 : SPDM_ERROR);
2245 1 : assert_int_equal(spdm_response->header.param1,
2246 : SPDM_ERROR_CODE_INVALID_REQUEST);
2247 1 : assert_int_equal(spdm_response->header.param2, 0);
2248 :
2249 1 : g_key_exchange_start_mut_auth = 0;
2250 1 : free(data1);
2251 1 : free(data2);
2252 1 : }
2253 :
2254 : /**
2255 : * Test 20: receiving a invalid FINISH request message, enable mutual authentication with using the encapsulated request flow,
2256 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x02.
2257 : * SlotID in FINISH request message is 3, but it shall match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
2258 : * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
2259 : **/
2260 1 : void rsp_finish_rsp_case20(void **state)
2261 : {
2262 : libspdm_return_t status;
2263 : libspdm_test_context_t *spdm_test_context;
2264 : libspdm_context_t *spdm_context;
2265 : size_t response_size;
2266 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2267 : spdm_finish_response_t *spdm_response;
2268 : void *data1;
2269 : size_t data_size1;
2270 : void *data2;
2271 : size_t data_size2;
2272 : uint8_t *ptr;
2273 : uint8_t *cert_buffer;
2274 : size_t cert_buffer_size;
2275 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2276 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2277 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2278 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2279 : libspdm_session_info_t *session_info;
2280 : uint32_t session_id;
2281 : uint32_t hash_size;
2282 : uint32_t hmac_size;
2283 : size_t req_asym_signature_size;
2284 :
2285 1 : spdm_test_context = *state;
2286 1 : spdm_context = spdm_test_context->spdm_context;
2287 1 : spdm_test_context->case_id = 0x14;
2288 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2289 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2290 1 : spdm_context->connection_info.connection_state =
2291 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2292 1 : spdm_context->connection_info.capability.flags |=
2293 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2294 1 : spdm_context->local_context.capability.flags |=
2295 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2296 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2297 : m_libspdm_use_hash_algo;
2298 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2299 : m_libspdm_use_asym_algo;
2300 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2301 : m_libspdm_use_req_asym_algo;
2302 1 : spdm_context->connection_info.algorithm.measurement_spec =
2303 : m_libspdm_use_measurement_spec;
2304 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2305 : m_libspdm_use_measurement_hash_algo;
2306 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2307 : m_libspdm_use_dhe_algo;
2308 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2309 : m_libspdm_use_aead_algo;
2310 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2311 : m_libspdm_use_asym_algo, &data1,
2312 : &data_size1, NULL, NULL);
2313 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2314 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2315 : data_size1;
2316 :
2317 1 : libspdm_reset_message_a(spdm_context);
2318 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
2319 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2320 : m_libspdm_use_req_asym_algo, &data2,
2321 : &data_size2, NULL, NULL);
2322 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2323 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2324 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2325 : data2, data_size2);
2326 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2327 : data_size2;
2328 : #else
2329 1 : libspdm_hash_all(
2330 : spdm_context->connection_info.algorithm.base_hash_algo,
2331 : data2, data_size2,
2332 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2333 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2334 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2335 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2336 : spdm_context->connection_info.algorithm.base_hash_algo,
2337 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2338 : data2,
2339 : data_size2,
2340 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2341 : #endif
2342 :
2343 1 : session_id = 0xFFFFFFFF;
2344 1 : spdm_context->latest_session_id = session_id;
2345 1 : session_info = &spdm_context->session_info[0];
2346 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2347 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2348 1 : session_info->peer_used_cert_chain_slot_id = 0;
2349 1 : session_info->local_used_cert_chain_slot_id = 0;
2350 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2351 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2352 1 : libspdm_secured_message_set_request_finished_key(
2353 : session_info->secured_message_context, m_dummy_buffer,
2354 : hash_size);
2355 1 : libspdm_secured_message_set_session_state(
2356 : session_info->secured_message_context,
2357 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2358 1 : session_info->mut_auth_requested =
2359 : SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
2360 :
2361 1 : spdm_context->connection_info.capability.flags |=
2362 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2363 1 : spdm_context->local_context.capability.flags |=
2364 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2365 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2366 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2367 1 : req_asym_signature_size =
2368 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2369 1 : ptr = m_libspdm_finish_request7.signature;
2370 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2371 1 : cert_buffer = (uint8_t *)data1;
2372 1 : cert_buffer_size = data_size1;
2373 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2374 : cert_buffer_hash);
2375 1 : cert_buffer = (uint8_t *)data2;
2376 1 : cert_buffer_size = data_size2;
2377 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2378 : req_cert_buffer_hash);
2379 : /* transcript.message_a size is 0*/
2380 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2381 : /* session_transcript.message_k is 0*/
2382 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2383 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
2384 : sizeof(spdm_finish_request_t));
2385 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2386 1 : libspdm_requester_data_sign(
2387 : spdm_context,
2388 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2389 : 0, SPDM_FINISH,
2390 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2391 1 : false, libspdm_get_managed_buffer(&th_curr),
2392 : libspdm_get_managed_buffer_size(&th_curr),
2393 : ptr, &req_asym_signature_size);
2394 : #endif
2395 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2396 1 : ptr += req_asym_signature_size;
2397 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2398 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2399 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2400 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2401 : request_finished_key, hash_size, ptr);
2402 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2403 1 : req_asym_signature_size + hmac_size;
2404 1 : response_size = sizeof(response);
2405 1 : status = libspdm_get_response_finish(spdm_context,
2406 : m_libspdm_finish_request7_size,
2407 : &m_libspdm_finish_request7,
2408 : &response_size, response);
2409 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2410 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2411 1 : spdm_response = (void *)response;
2412 1 : assert_int_equal(spdm_response->header.request_response_code,
2413 : SPDM_ERROR);
2414 1 : assert_int_equal(spdm_response->header.param1,
2415 : SPDM_ERROR_CODE_INVALID_REQUEST);
2416 1 : assert_int_equal(spdm_response->header.param2, 0);
2417 :
2418 1 : g_key_exchange_start_mut_auth = 0;
2419 1 : free(data1);
2420 1 : free(data2);
2421 1 : }
2422 :
2423 : /**
2424 : * Test 21: receiving a valid FINISH request message, due to disable mutual authentication,
2425 : * although SlotID in FINISH request message is 10, it shall be ignored when read.
2426 : * Expected behavior: the responder accepts the request and produces a valid
2427 : * FINISH_RSP response message.
2428 : **/
2429 1 : void rsp_finish_rsp_case21(void **state)
2430 : {
2431 : libspdm_return_t status;
2432 : libspdm_test_context_t *spdm_test_context;
2433 : libspdm_context_t *spdm_context;
2434 : size_t response_size;
2435 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2436 : spdm_finish_response_t *spdm_response;
2437 : void *data1;
2438 : size_t data_size1;
2439 : uint8_t *ptr;
2440 : uint8_t *cert_buffer;
2441 : size_t cert_buffer_size;
2442 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2443 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2444 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2445 : libspdm_session_info_t *session_info;
2446 : uint32_t session_id;
2447 : uint32_t hash_size;
2448 : uint32_t hmac_size;
2449 :
2450 1 : spdm_test_context = *state;
2451 1 : spdm_context = spdm_test_context->spdm_context;
2452 1 : spdm_test_context->case_id = 0x15;
2453 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2454 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2455 1 : spdm_context->connection_info.connection_state =
2456 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2457 1 : spdm_context->connection_info.capability.flags |=
2458 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2459 1 : spdm_context->local_context.capability.flags |=
2460 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2461 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2462 : m_libspdm_use_hash_algo;
2463 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2464 : m_libspdm_use_asym_algo;
2465 1 : spdm_context->connection_info.algorithm.measurement_spec =
2466 : m_libspdm_use_measurement_spec;
2467 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2468 : m_libspdm_use_measurement_hash_algo;
2469 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2470 : m_libspdm_use_dhe_algo;
2471 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2472 : m_libspdm_use_aead_algo;
2473 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2474 : m_libspdm_use_asym_algo, &data1,
2475 : &data_size1, NULL, NULL);
2476 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2477 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2478 : data_size1;
2479 :
2480 1 : libspdm_reset_message_a(spdm_context);
2481 :
2482 1 : session_id = 0xFFFFFFFF;
2483 1 : spdm_context->latest_session_id = session_id;
2484 1 : session_info = &spdm_context->session_info[0];
2485 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2486 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2487 1 : session_info->local_used_cert_chain_slot_id = 0;
2488 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2489 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2490 1 : libspdm_secured_message_set_request_finished_key(
2491 : session_info->secured_message_context, m_dummy_buffer,
2492 : hash_size);
2493 1 : libspdm_secured_message_set_session_state(
2494 : session_info->secured_message_context,
2495 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2496 1 : session_info->mut_auth_requested = 0;
2497 :
2498 1 : spdm_context->connection_info.capability.flags |=
2499 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2500 1 : spdm_context->local_context.capability.flags |=
2501 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2502 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2503 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2504 1 : ptr = m_libspdm_finish_request6.signature;
2505 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2506 1 : cert_buffer = (uint8_t *)data1;
2507 1 : cert_buffer_size = data_size1;
2508 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2509 : cert_buffer_hash);
2510 : /* transcript.message_a size is 0*/
2511 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2512 : /* session_transcript.message_k is 0*/
2513 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request6,
2514 : sizeof(spdm_finish_request_t));
2515 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2516 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2517 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2518 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2519 : request_finished_key, hash_size, ptr);
2520 1 : m_libspdm_finish_request6_size = sizeof(spdm_finish_request_t) + hmac_size;
2521 1 : response_size = sizeof(response);
2522 1 : status = libspdm_get_response_finish(spdm_context,
2523 : m_libspdm_finish_request6_size,
2524 : &m_libspdm_finish_request6,
2525 : &response_size, response);
2526 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2527 1 : spdm_response = (void *)response;
2528 1 : assert_int_equal(spdm_response->header.request_response_code,
2529 : SPDM_FINISH_RSP);
2530 1 : assert_int_equal(response_size,
2531 : sizeof(spdm_finish_response_t) + hmac_size);
2532 1 : free(data1);
2533 1 : }
2534 :
2535 : /**
2536 : * Test 22: receiving a valid FINISH request message, enable mutual authentication without using the encapsulated request flow,
2537 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
2538 : * although SlotID in FINISH request message is 3, it no need match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
2539 : * Expected behavior: the responder accepts the request and produces a valid
2540 : * FINISH_RSP response message.
2541 : **/
2542 1 : void rsp_finish_rsp_case22(void **state)
2543 : {
2544 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2545 : libspdm_return_t status;
2546 : libspdm_test_context_t *spdm_test_context;
2547 : libspdm_context_t *spdm_context;
2548 : size_t response_size;
2549 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2550 : spdm_finish_response_t *spdm_response;
2551 : void *data1;
2552 : size_t data_size1;
2553 : void *data2;
2554 : size_t data_size2;
2555 : uint8_t *ptr;
2556 : uint8_t *cert_buffer;
2557 : size_t cert_buffer_size;
2558 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2559 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2560 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2561 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2562 : libspdm_session_info_t *session_info;
2563 : uint32_t session_id;
2564 : uint32_t hash_size;
2565 : uint32_t hmac_size;
2566 : size_t req_asym_signature_size;
2567 :
2568 1 : spdm_test_context = *state;
2569 1 : spdm_context = spdm_test_context->spdm_context;
2570 1 : spdm_test_context->case_id = 0x16;
2571 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2572 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2573 1 : spdm_context->connection_info.connection_state =
2574 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2575 1 : spdm_context->connection_info.capability.flags |=
2576 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2577 1 : spdm_context->local_context.capability.flags |=
2578 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2579 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2580 : m_libspdm_use_hash_algo;
2581 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2582 : m_libspdm_use_asym_algo;
2583 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2584 : m_libspdm_use_req_asym_algo;
2585 1 : spdm_context->connection_info.algorithm.measurement_spec =
2586 : m_libspdm_use_measurement_spec;
2587 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2588 : m_libspdm_use_measurement_hash_algo;
2589 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2590 : m_libspdm_use_dhe_algo;
2591 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2592 : m_libspdm_use_aead_algo;
2593 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2594 : m_libspdm_use_asym_algo, &data1,
2595 : &data_size1, NULL, NULL);
2596 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2597 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2598 : data_size1;
2599 :
2600 1 : libspdm_reset_message_a(spdm_context);
2601 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2602 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2603 : m_libspdm_use_req_asym_algo, &data2,
2604 : &data_size2, NULL, NULL);
2605 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2606 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2607 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2608 : data2, data_size2);
2609 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2610 : data_size2;
2611 : #else
2612 1 : libspdm_hash_all(
2613 : spdm_context->connection_info.algorithm.base_hash_algo,
2614 : data2, data_size2,
2615 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2616 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2617 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2618 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2619 : spdm_context->connection_info.algorithm.base_hash_algo,
2620 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2621 : data2,
2622 : data_size2,
2623 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2624 : #endif
2625 :
2626 1 : session_id = 0xFFFFFFFF;
2627 1 : spdm_context->latest_session_id = session_id;
2628 1 : session_info = &spdm_context->session_info[0];
2629 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2630 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2631 1 : session_info->peer_used_cert_chain_slot_id = 0;
2632 1 : session_info->local_used_cert_chain_slot_id = 0;
2633 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2634 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2635 1 : libspdm_secured_message_set_request_finished_key(
2636 : session_info->secured_message_context, m_dummy_buffer,
2637 : hash_size);
2638 1 : libspdm_secured_message_set_session_state(
2639 : session_info->secured_message_context,
2640 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2641 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2642 :
2643 1 : spdm_context->connection_info.capability.flags |=
2644 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2645 1 : spdm_context->local_context.capability.flags |=
2646 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2647 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2648 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2649 1 : req_asym_signature_size =
2650 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2651 1 : ptr = m_libspdm_finish_request7.signature;
2652 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2653 1 : cert_buffer = (uint8_t *)data1;
2654 1 : cert_buffer_size = data_size1;
2655 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2656 : cert_buffer_hash);
2657 1 : cert_buffer = (uint8_t *)data2;
2658 1 : cert_buffer_size = data_size2;
2659 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2660 : req_cert_buffer_hash);
2661 : /* transcript.message_a size is 0*/
2662 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2663 : /* session_transcript.message_k is 0*/
2664 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2665 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
2666 : sizeof(spdm_finish_request_t));
2667 :
2668 1 : libspdm_requester_data_sign(
2669 : spdm_context,
2670 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2671 : 0, SPDM_FINISH,
2672 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2673 1 : false, libspdm_get_managed_buffer(&th_curr),
2674 : libspdm_get_managed_buffer_size(&th_curr),
2675 : ptr, &req_asym_signature_size);
2676 :
2677 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2678 1 : ptr += req_asym_signature_size;
2679 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2680 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2681 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2682 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2683 : request_finished_key, hash_size, ptr);
2684 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2685 1 : req_asym_signature_size + hmac_size;
2686 1 : response_size = sizeof(response);
2687 1 : status = libspdm_get_response_finish(spdm_context,
2688 : m_libspdm_finish_request7_size,
2689 : &m_libspdm_finish_request7,
2690 : &response_size, response);
2691 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2692 1 : spdm_response = (void *)response;
2693 1 : assert_int_equal(spdm_response->header.request_response_code,
2694 : SPDM_FINISH_RSP);
2695 1 : assert_int_equal(response_size,
2696 : sizeof(spdm_finish_response_t) + hmac_size);
2697 :
2698 1 : g_key_exchange_start_mut_auth = 0;
2699 1 : free(data1);
2700 1 : free(data2);
2701 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
2702 1 : }
2703 :
2704 : /**
2705 : * Test 23: Same as test case 22 but test signature endianness.
2706 : * Big-Endian Sign. Little-Endian Verify.
2707 : * Expecting signature to fail.
2708 : **/
2709 1 : void rsp_finish_rsp_case23(void** state)
2710 : {
2711 : libspdm_return_t status;
2712 : libspdm_test_context_t* spdm_test_context;
2713 : libspdm_context_t* spdm_context;
2714 : size_t response_size;
2715 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2716 : spdm_finish_response_t* spdm_response;
2717 : void* data1;
2718 : size_t data_size1;
2719 : void* data2;
2720 : size_t data_size2;
2721 : uint8_t* ptr;
2722 : uint8_t* cert_buffer;
2723 : size_t cert_buffer_size;
2724 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2725 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2726 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2727 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2728 : libspdm_session_info_t* session_info;
2729 : uint32_t session_id;
2730 : uint32_t hash_size;
2731 : uint32_t hmac_size;
2732 : size_t req_asym_signature_size;
2733 :
2734 1 : spdm_test_context = *state;
2735 1 : spdm_context = spdm_test_context->spdm_context;
2736 1 : spdm_test_context->case_id = 23;
2737 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2738 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2739 1 : spdm_context->connection_info.connection_state =
2740 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2741 1 : spdm_context->connection_info.capability.flags |=
2742 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2743 1 : spdm_context->local_context.capability.flags |=
2744 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2745 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2746 : m_libspdm_use_hash_algo;
2747 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2748 : m_libspdm_use_asym_algo;
2749 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2750 : m_libspdm_use_req_asym_algo;
2751 1 : spdm_context->connection_info.algorithm.measurement_spec =
2752 : m_libspdm_use_measurement_spec;
2753 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2754 : m_libspdm_use_measurement_hash_algo;
2755 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2756 : m_libspdm_use_dhe_algo;
2757 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2758 : m_libspdm_use_aead_algo;
2759 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2760 : m_libspdm_use_asym_algo, &data1,
2761 : &data_size1, NULL, NULL);
2762 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2763 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2764 : data_size1;
2765 1 : spdm_context->spdm_10_11_verify_signature_endian =
2766 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
2767 :
2768 1 : libspdm_reset_message_a(spdm_context);
2769 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2770 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2771 : m_libspdm_use_req_asym_algo, &data2,
2772 : &data_size2, NULL, NULL);
2773 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2774 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2775 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2776 : data2, data_size2);
2777 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2778 : data_size2;
2779 : #else
2780 1 : libspdm_hash_all(
2781 : spdm_context->connection_info.algorithm.base_hash_algo,
2782 : data2, data_size2,
2783 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2784 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2785 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2786 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2787 : spdm_context->connection_info.algorithm.base_hash_algo,
2788 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2789 : data2,
2790 : data_size2,
2791 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2792 : #endif
2793 :
2794 1 : session_id = 0xFFFFFFFF;
2795 1 : spdm_context->latest_session_id = session_id;
2796 1 : session_info = &spdm_context->session_info[0];
2797 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2798 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2799 1 : session_info->peer_used_cert_chain_slot_id = 0;
2800 1 : session_info->local_used_cert_chain_slot_id = 0;
2801 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2802 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2803 1 : libspdm_secured_message_set_request_finished_key(
2804 : session_info->secured_message_context, m_dummy_buffer,
2805 : hash_size);
2806 1 : libspdm_secured_message_set_session_state(
2807 : session_info->secured_message_context,
2808 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2809 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2810 :
2811 1 : spdm_context->connection_info.capability.flags |=
2812 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2813 1 : spdm_context->local_context.capability.flags |=
2814 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2815 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2816 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2817 1 : req_asym_signature_size =
2818 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2819 1 : ptr = m_libspdm_finish_request7.signature;
2820 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2821 1 : cert_buffer = (uint8_t*)data1;
2822 1 : cert_buffer_size = data_size1;
2823 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2824 : cert_buffer_hash);
2825 1 : cert_buffer = (uint8_t*)data2;
2826 1 : cert_buffer_size = data_size2;
2827 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2828 : req_cert_buffer_hash);
2829 : /* transcript.message_a size is 0*/
2830 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2831 : /* session_transcript.message_k is 0*/
2832 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2833 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
2834 : sizeof(spdm_finish_request_t));
2835 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2836 1 : libspdm_requester_data_sign(
2837 : spdm_context,
2838 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2839 : 0, SPDM_FINISH,
2840 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2841 1 : false, libspdm_get_managed_buffer(&th_curr),
2842 : libspdm_get_managed_buffer_size(&th_curr),
2843 : ptr, &req_asym_signature_size);
2844 : #endif
2845 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2846 1 : ptr += req_asym_signature_size;
2847 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2848 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2849 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2850 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2851 : request_finished_key, hash_size, ptr);
2852 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2853 1 : req_asym_signature_size + hmac_size;
2854 1 : response_size = sizeof(response);
2855 1 : status = libspdm_get_response_finish(spdm_context,
2856 : m_libspdm_finish_request7_size,
2857 : &m_libspdm_finish_request7,
2858 : &response_size, response);
2859 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2860 1 : spdm_response = (void*)response;
2861 :
2862 : /* Expecting failure on little-endian signature */
2863 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
2864 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2865 :
2866 1 : g_key_exchange_start_mut_auth = 0;
2867 1 : free(data1);
2868 1 : free(data2);
2869 1 : }
2870 :
2871 : /**
2872 : * Test 24: Same as test case 22 but test signature endianness.
2873 : * Big-Endian Sign. Big-Endian Verify.
2874 : * Expecting signature to PASS.
2875 : **/
2876 1 : void rsp_finish_rsp_case24(void** state)
2877 : {
2878 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2879 : libspdm_return_t status;
2880 : libspdm_test_context_t* spdm_test_context;
2881 : libspdm_context_t* spdm_context;
2882 : size_t response_size;
2883 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2884 : spdm_finish_response_t* spdm_response;
2885 : void* data1;
2886 : size_t data_size1;
2887 : void* data2;
2888 : size_t data_size2;
2889 : uint8_t* ptr;
2890 : uint8_t* cert_buffer;
2891 : size_t cert_buffer_size;
2892 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2893 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2894 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2895 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2896 : libspdm_session_info_t* session_info;
2897 : uint32_t session_id;
2898 : uint32_t hash_size;
2899 : uint32_t hmac_size;
2900 : size_t req_asym_signature_size;
2901 :
2902 1 : spdm_test_context = *state;
2903 1 : spdm_context = spdm_test_context->spdm_context;
2904 1 : spdm_test_context->case_id = 24;
2905 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2906 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2907 1 : spdm_context->connection_info.connection_state =
2908 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2909 1 : spdm_context->connection_info.capability.flags |=
2910 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2911 1 : spdm_context->local_context.capability.flags |=
2912 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2913 1 : spdm_context->connection_info.algorithm.base_hash_algo =
2914 : m_libspdm_use_hash_algo;
2915 1 : spdm_context->connection_info.algorithm.base_asym_algo =
2916 : m_libspdm_use_asym_algo;
2917 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
2918 : m_libspdm_use_req_asym_algo;
2919 1 : spdm_context->connection_info.algorithm.measurement_spec =
2920 : m_libspdm_use_measurement_spec;
2921 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2922 : m_libspdm_use_measurement_hash_algo;
2923 1 : spdm_context->connection_info.algorithm.dhe_named_group =
2924 : m_libspdm_use_dhe_algo;
2925 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
2926 : m_libspdm_use_aead_algo;
2927 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2928 : m_libspdm_use_asym_algo, &data1,
2929 : &data_size1, NULL, NULL);
2930 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2931 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
2932 : data_size1;
2933 1 : spdm_context->spdm_10_11_verify_signature_endian =
2934 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
2935 :
2936 1 : libspdm_reset_message_a(spdm_context);
2937 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2938 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2939 : m_libspdm_use_req_asym_algo, &data2,
2940 : &data_size2, NULL, NULL);
2941 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2942 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2943 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2944 : data2, data_size2);
2945 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
2946 : data_size2;
2947 : #else
2948 1 : libspdm_hash_all(
2949 : spdm_context->connection_info.algorithm.base_hash_algo,
2950 : data2, data_size2,
2951 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2952 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2953 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2954 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2955 : spdm_context->connection_info.algorithm.base_hash_algo,
2956 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2957 : data2,
2958 : data_size2,
2959 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2960 : #endif
2961 :
2962 1 : session_id = 0xFFFFFFFF;
2963 1 : spdm_context->latest_session_id = session_id;
2964 1 : session_info = &spdm_context->session_info[0];
2965 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2966 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2967 1 : session_info->peer_used_cert_chain_slot_id = 0;
2968 1 : session_info->local_used_cert_chain_slot_id = 0;
2969 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2970 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2971 1 : libspdm_secured_message_set_request_finished_key(
2972 : session_info->secured_message_context, m_dummy_buffer,
2973 : hash_size);
2974 1 : libspdm_secured_message_set_session_state(
2975 : session_info->secured_message_context,
2976 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2977 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2978 :
2979 1 : spdm_context->connection_info.capability.flags |=
2980 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2981 1 : spdm_context->local_context.capability.flags |=
2982 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2983 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2984 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2985 1 : req_asym_signature_size =
2986 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2987 1 : ptr = m_libspdm_finish_request7.signature;
2988 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2989 1 : cert_buffer = (uint8_t*)data1;
2990 1 : cert_buffer_size = data_size1;
2991 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2992 : cert_buffer_hash);
2993 1 : cert_buffer = (uint8_t*)data2;
2994 1 : cert_buffer_size = data_size2;
2995 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
2996 : req_cert_buffer_hash);
2997 : /* transcript.message_a size is 0*/
2998 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2999 : /* session_transcript.message_k is 0*/
3000 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3001 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3002 : sizeof(spdm_finish_request_t));
3003 :
3004 1 : libspdm_requester_data_sign(
3005 : spdm_context,
3006 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
3007 : 0, SPDM_FINISH,
3008 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3009 1 : false, libspdm_get_managed_buffer(&th_curr),
3010 : libspdm_get_managed_buffer_size(&th_curr),
3011 : ptr, &req_asym_signature_size);
3012 :
3013 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3014 1 : ptr += req_asym_signature_size;
3015 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3016 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3017 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3018 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3019 : request_finished_key, hash_size, ptr);
3020 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3021 1 : req_asym_signature_size + hmac_size;
3022 1 : response_size = sizeof(response);
3023 1 : status = libspdm_get_response_finish(spdm_context,
3024 : m_libspdm_finish_request7_size,
3025 : &m_libspdm_finish_request7,
3026 : &response_size, response);
3027 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3028 1 : spdm_response = (void*)response;
3029 :
3030 : /* Expecting pass on big-endian signature */
3031 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3032 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3033 :
3034 1 : g_key_exchange_start_mut_auth = 0;
3035 1 : free(data1);
3036 1 : free(data2);
3037 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3038 1 : }
3039 :
3040 : /**
3041 : * Test 25: Same as test case 22, but test signature endianness.
3042 : * Big Endian Sign. Big or Little Endian Verify.
3043 : * Expecting signature to PASS.
3044 : **/
3045 1 : void rsp_finish_rsp_case25(void** state)
3046 : {
3047 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3048 : libspdm_return_t status;
3049 : libspdm_test_context_t* spdm_test_context;
3050 : libspdm_context_t* spdm_context;
3051 : size_t response_size;
3052 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3053 : spdm_finish_response_t* spdm_response;
3054 : void* data1;
3055 : size_t data_size1;
3056 : void* data2;
3057 : size_t data_size2;
3058 : uint8_t* ptr;
3059 : uint8_t* cert_buffer;
3060 : size_t cert_buffer_size;
3061 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3062 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3063 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3064 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3065 : libspdm_session_info_t* session_info;
3066 : uint32_t session_id;
3067 : uint32_t hash_size;
3068 : uint32_t hmac_size;
3069 : size_t req_asym_signature_size;
3070 :
3071 1 : spdm_test_context = *state;
3072 1 : spdm_context = spdm_test_context->spdm_context;
3073 1 : spdm_test_context->case_id = 25;
3074 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3075 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3076 1 : spdm_context->connection_info.connection_state =
3077 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3078 1 : spdm_context->connection_info.capability.flags |=
3079 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3080 1 : spdm_context->local_context.capability.flags |=
3081 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3082 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3083 : m_libspdm_use_hash_algo;
3084 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3085 : m_libspdm_use_asym_algo;
3086 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3087 : m_libspdm_use_req_asym_algo;
3088 1 : spdm_context->connection_info.algorithm.measurement_spec =
3089 : m_libspdm_use_measurement_spec;
3090 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3091 : m_libspdm_use_measurement_hash_algo;
3092 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3093 : m_libspdm_use_dhe_algo;
3094 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3095 : m_libspdm_use_aead_algo;
3096 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3097 : m_libspdm_use_asym_algo, &data1,
3098 : &data_size1, NULL, NULL);
3099 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3100 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3101 : data_size1;
3102 1 : spdm_context->spdm_10_11_verify_signature_endian =
3103 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
3104 :
3105 1 : libspdm_reset_message_a(spdm_context);
3106 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3107 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3108 : m_libspdm_use_req_asym_algo, &data2,
3109 : &data_size2, NULL, NULL);
3110 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3111 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3112 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3113 : data2, data_size2);
3114 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3115 : data_size2;
3116 : #else
3117 1 : libspdm_hash_all(
3118 : spdm_context->connection_info.algorithm.base_hash_algo,
3119 : data2, data_size2,
3120 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3121 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3122 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3123 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3124 : spdm_context->connection_info.algorithm.base_hash_algo,
3125 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3126 : data2,
3127 : data_size2,
3128 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3129 : #endif
3130 :
3131 1 : session_id = 0xFFFFFFFF;
3132 1 : spdm_context->latest_session_id = session_id;
3133 1 : session_info = &spdm_context->session_info[0];
3134 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3135 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3136 1 : session_info->peer_used_cert_chain_slot_id = 0;
3137 1 : session_info->local_used_cert_chain_slot_id = 0;
3138 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3139 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3140 1 : libspdm_secured_message_set_request_finished_key(
3141 : session_info->secured_message_context, m_dummy_buffer,
3142 : hash_size);
3143 1 : libspdm_secured_message_set_session_state(
3144 : session_info->secured_message_context,
3145 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3146 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3147 :
3148 1 : spdm_context->connection_info.capability.flags |=
3149 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3150 1 : spdm_context->local_context.capability.flags |=
3151 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3152 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3153 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3154 1 : req_asym_signature_size =
3155 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3156 1 : ptr = m_libspdm_finish_request7.signature;
3157 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3158 1 : cert_buffer = (uint8_t*)data1;
3159 1 : cert_buffer_size = data_size1;
3160 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3161 : cert_buffer_hash);
3162 1 : cert_buffer = (uint8_t*)data2;
3163 1 : cert_buffer_size = data_size2;
3164 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3165 : req_cert_buffer_hash);
3166 : /* transcript.message_a size is 0*/
3167 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3168 : /* session_transcript.message_k is 0*/
3169 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3170 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3171 : sizeof(spdm_finish_request_t));
3172 :
3173 1 : libspdm_requester_data_sign(
3174 : spdm_context,
3175 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
3176 : 0, SPDM_FINISH,
3177 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3178 1 : false, libspdm_get_managed_buffer(&th_curr),
3179 : libspdm_get_managed_buffer_size(&th_curr),
3180 : ptr, &req_asym_signature_size);
3181 :
3182 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3183 1 : ptr += req_asym_signature_size;
3184 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3185 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3186 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3187 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3188 : request_finished_key, hash_size, ptr);
3189 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3190 1 : req_asym_signature_size + hmac_size;
3191 1 : response_size = sizeof(response);
3192 1 : status = libspdm_get_response_finish(spdm_context,
3193 : m_libspdm_finish_request7_size,
3194 : &m_libspdm_finish_request7,
3195 : &response_size, response);
3196 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3197 1 : spdm_response = (void*)response;
3198 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3199 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3200 :
3201 1 : g_key_exchange_start_mut_auth = 0;
3202 1 : free(data1);
3203 1 : free(data2);
3204 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3205 1 : }
3206 :
3207 : /**
3208 : * Test 26: Same as test case 22, but test endian verification.
3209 : * Sign as Little Endian, Verify as Little.
3210 : * Expecting signature to PASS.
3211 : **/
3212 1 : void rsp_finish_rsp_case26(void** state)
3213 : {
3214 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3215 : libspdm_return_t status;
3216 : libspdm_test_context_t* spdm_test_context;
3217 : libspdm_context_t* spdm_context;
3218 : size_t response_size;
3219 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3220 : spdm_finish_response_t* spdm_response;
3221 : void* data1;
3222 : size_t data_size1;
3223 : void* data2;
3224 : size_t data_size2;
3225 : uint8_t* ptr;
3226 : uint8_t* cert_buffer;
3227 : size_t cert_buffer_size;
3228 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3229 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3230 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3231 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3232 : libspdm_session_info_t* session_info;
3233 : uint32_t session_id;
3234 : uint32_t hash_size;
3235 : uint32_t hmac_size;
3236 : size_t req_asym_signature_size;
3237 :
3238 1 : spdm_test_context = *state;
3239 1 : spdm_context = spdm_test_context->spdm_context;
3240 1 : spdm_test_context->case_id = 26;
3241 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3242 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3243 1 : spdm_context->connection_info.connection_state =
3244 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3245 1 : spdm_context->connection_info.capability.flags |=
3246 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3247 1 : spdm_context->local_context.capability.flags |=
3248 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3249 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3250 : m_libspdm_use_hash_algo;
3251 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3252 : m_libspdm_use_asym_algo;
3253 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3254 : m_libspdm_use_req_asym_algo;
3255 1 : spdm_context->connection_info.algorithm.measurement_spec =
3256 : m_libspdm_use_measurement_spec;
3257 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3258 : m_libspdm_use_measurement_hash_algo;
3259 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3260 : m_libspdm_use_dhe_algo;
3261 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3262 : m_libspdm_use_aead_algo;
3263 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3264 : m_libspdm_use_asym_algo, &data1,
3265 : &data_size1, NULL, NULL);
3266 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3267 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3268 : data_size1;
3269 1 : spdm_context->spdm_10_11_verify_signature_endian =
3270 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
3271 :
3272 1 : libspdm_reset_message_a(spdm_context);
3273 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3274 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3275 : m_libspdm_use_req_asym_algo, &data2,
3276 : &data_size2, NULL, NULL);
3277 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3278 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3279 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3280 : data2, data_size2);
3281 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3282 : data_size2;
3283 : #else
3284 1 : libspdm_hash_all(
3285 : spdm_context->connection_info.algorithm.base_hash_algo,
3286 : data2, data_size2,
3287 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3288 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3289 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3290 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3291 : spdm_context->connection_info.algorithm.base_hash_algo,
3292 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3293 : data2,
3294 : data_size2,
3295 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3296 : #endif
3297 :
3298 1 : session_id = 0xFFFFFFFF;
3299 1 : spdm_context->latest_session_id = session_id;
3300 1 : session_info = &spdm_context->session_info[0];
3301 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3302 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3303 1 : session_info->peer_used_cert_chain_slot_id = 0;
3304 1 : session_info->local_used_cert_chain_slot_id = 0;
3305 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3306 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3307 1 : libspdm_secured_message_set_request_finished_key(
3308 : session_info->secured_message_context, m_dummy_buffer,
3309 : hash_size);
3310 1 : libspdm_secured_message_set_session_state(
3311 : session_info->secured_message_context,
3312 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3313 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3314 :
3315 1 : spdm_context->connection_info.capability.flags |=
3316 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3317 1 : spdm_context->local_context.capability.flags |=
3318 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3319 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3320 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3321 1 : req_asym_signature_size =
3322 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3323 1 : ptr = m_libspdm_finish_request7.signature;
3324 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3325 1 : cert_buffer = (uint8_t*)data1;
3326 1 : cert_buffer_size = data_size1;
3327 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3328 : cert_buffer_hash);
3329 1 : cert_buffer = (uint8_t*)data2;
3330 1 : cert_buffer_size = data_size2;
3331 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3332 : req_cert_buffer_hash);
3333 : /* transcript.message_a size is 0*/
3334 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3335 : /* session_transcript.message_k is 0*/
3336 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3337 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3338 : sizeof(spdm_finish_request_t));
3339 :
3340 1 : libspdm_requester_data_sign(
3341 : spdm_context,
3342 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
3343 : 0, SPDM_FINISH,
3344 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3345 1 : false, libspdm_get_managed_buffer(&th_curr),
3346 : libspdm_get_managed_buffer_size(&th_curr),
3347 : ptr, &req_asym_signature_size);
3348 :
3349 : /* Switch signature to little endian */
3350 1 : libspdm_copy_signature_swap_endian(
3351 : m_libspdm_use_req_asym_algo,
3352 : ptr, req_asym_signature_size,
3353 : ptr, req_asym_signature_size);
3354 :
3355 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3356 1 : ptr += req_asym_signature_size;
3357 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3358 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3359 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3360 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3361 : request_finished_key, hash_size, ptr);
3362 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3363 1 : req_asym_signature_size + hmac_size;
3364 1 : response_size = sizeof(response);
3365 1 : status = libspdm_get_response_finish(spdm_context,
3366 : m_libspdm_finish_request7_size,
3367 : &m_libspdm_finish_request7,
3368 : &response_size, response);
3369 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3370 1 : spdm_response = (void*)response;
3371 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3372 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3373 :
3374 1 : g_key_exchange_start_mut_auth = 0;
3375 1 : free(data1);
3376 1 : free(data2);
3377 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3378 1 : }
3379 :
3380 : /**
3381 : * Test 27: Same as test case 22, but test endian verification.
3382 : * Sign as Little Endian, Verify as Big.
3383 : * Expecting signature to FAIL.
3384 : **/
3385 1 : void rsp_finish_rsp_case27(void** state)
3386 : {
3387 : libspdm_return_t status;
3388 : libspdm_test_context_t* spdm_test_context;
3389 : libspdm_context_t* spdm_context;
3390 : size_t response_size;
3391 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3392 : spdm_finish_response_t* spdm_response;
3393 : void* data1;
3394 : size_t data_size1;
3395 : void* data2;
3396 : size_t data_size2;
3397 : uint8_t* ptr;
3398 : uint8_t* cert_buffer;
3399 : size_t cert_buffer_size;
3400 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3401 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3402 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3403 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3404 : libspdm_session_info_t* session_info;
3405 : uint32_t session_id;
3406 : uint32_t hash_size;
3407 : uint32_t hmac_size;
3408 : size_t req_asym_signature_size;
3409 :
3410 1 : spdm_test_context = *state;
3411 1 : spdm_context = spdm_test_context->spdm_context;
3412 1 : spdm_test_context->case_id = 27;
3413 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3414 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3415 1 : spdm_context->connection_info.connection_state =
3416 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3417 1 : spdm_context->connection_info.capability.flags |=
3418 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3419 1 : spdm_context->local_context.capability.flags |=
3420 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3421 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3422 : m_libspdm_use_hash_algo;
3423 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3424 : m_libspdm_use_asym_algo;
3425 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3426 : m_libspdm_use_req_asym_algo;
3427 1 : spdm_context->connection_info.algorithm.measurement_spec =
3428 : m_libspdm_use_measurement_spec;
3429 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3430 : m_libspdm_use_measurement_hash_algo;
3431 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3432 : m_libspdm_use_dhe_algo;
3433 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3434 : m_libspdm_use_aead_algo;
3435 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3436 : m_libspdm_use_asym_algo, &data1,
3437 : &data_size1, NULL, NULL);
3438 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3439 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3440 : data_size1;
3441 1 : spdm_context->spdm_10_11_verify_signature_endian =
3442 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
3443 :
3444 1 : libspdm_reset_message_a(spdm_context);
3445 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3446 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3447 : m_libspdm_use_req_asym_algo, &data2,
3448 : &data_size2, NULL, NULL);
3449 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3450 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3451 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3452 : data2, data_size2);
3453 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3454 : data_size2;
3455 : #else
3456 1 : libspdm_hash_all(
3457 : spdm_context->connection_info.algorithm.base_hash_algo,
3458 : data2, data_size2,
3459 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3460 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3461 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3462 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3463 : spdm_context->connection_info.algorithm.base_hash_algo,
3464 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3465 : data2,
3466 : data_size2,
3467 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3468 : #endif
3469 :
3470 1 : session_id = 0xFFFFFFFF;
3471 1 : spdm_context->latest_session_id = session_id;
3472 1 : session_info = &spdm_context->session_info[0];
3473 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3474 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3475 1 : session_info->peer_used_cert_chain_slot_id = 0;
3476 1 : session_info->local_used_cert_chain_slot_id = 0;
3477 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3478 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3479 1 : libspdm_secured_message_set_request_finished_key(
3480 : session_info->secured_message_context, m_dummy_buffer,
3481 : hash_size);
3482 1 : libspdm_secured_message_set_session_state(
3483 : session_info->secured_message_context,
3484 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3485 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3486 :
3487 1 : spdm_context->connection_info.capability.flags |=
3488 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3489 1 : spdm_context->local_context.capability.flags |=
3490 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3491 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3492 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3493 1 : req_asym_signature_size =
3494 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3495 1 : ptr = m_libspdm_finish_request7.signature;
3496 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3497 1 : cert_buffer = (uint8_t*)data1;
3498 1 : cert_buffer_size = data_size1;
3499 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3500 : cert_buffer_hash);
3501 1 : cert_buffer = (uint8_t*)data2;
3502 1 : cert_buffer_size = data_size2;
3503 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3504 : req_cert_buffer_hash);
3505 : /* transcript.message_a size is 0*/
3506 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3507 : /* session_transcript.message_k is 0*/
3508 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3509 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3510 : sizeof(spdm_finish_request_t));
3511 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3512 1 : libspdm_requester_data_sign(
3513 : spdm_context,
3514 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
3515 : 0, SPDM_FINISH,
3516 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3517 1 : false, libspdm_get_managed_buffer(&th_curr),
3518 : libspdm_get_managed_buffer_size(&th_curr),
3519 : ptr, &req_asym_signature_size);
3520 :
3521 : /* Switch signature to little endian */
3522 1 : libspdm_copy_signature_swap_endian(
3523 : m_libspdm_use_req_asym_algo,
3524 : ptr, req_asym_signature_size,
3525 : ptr, req_asym_signature_size);
3526 : #endif
3527 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3528 1 : ptr += req_asym_signature_size;
3529 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3530 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3531 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3532 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3533 : request_finished_key, hash_size, ptr);
3534 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3535 1 : req_asym_signature_size + hmac_size;
3536 1 : response_size = sizeof(response);
3537 1 : status = libspdm_get_response_finish(spdm_context,
3538 : m_libspdm_finish_request7_size,
3539 : &m_libspdm_finish_request7,
3540 : &response_size, response);
3541 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3542 1 : spdm_response = (void*)response;
3543 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
3544 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
3545 :
3546 1 : g_key_exchange_start_mut_auth = 0;
3547 1 : free(data1);
3548 1 : free(data2);
3549 1 : }
3550 :
3551 : /**
3552 : * Test 28: Same as test case 22, but test endian verification.
3553 : * Sign as Little Endian, Verify as Big Or Little.
3554 : * Expecting signature to PASS.
3555 : **/
3556 1 : void rsp_finish_rsp_case28(void** state)
3557 : {
3558 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3559 : libspdm_return_t status;
3560 : libspdm_test_context_t* spdm_test_context;
3561 : libspdm_context_t* spdm_context;
3562 : size_t response_size;
3563 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3564 : spdm_finish_response_t* spdm_response;
3565 : void* data1;
3566 : size_t data_size1;
3567 : void* data2;
3568 : size_t data_size2;
3569 : uint8_t* ptr;
3570 : uint8_t* cert_buffer;
3571 : size_t cert_buffer_size;
3572 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3573 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3574 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3575 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3576 : libspdm_session_info_t* session_info;
3577 : uint32_t session_id;
3578 : uint32_t hash_size;
3579 : uint32_t hmac_size;
3580 : size_t req_asym_signature_size;
3581 :
3582 1 : spdm_test_context = *state;
3583 1 : spdm_context = spdm_test_context->spdm_context;
3584 1 : spdm_test_context->case_id = 28;
3585 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3586 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3587 1 : spdm_context->connection_info.connection_state =
3588 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3589 1 : spdm_context->connection_info.capability.flags |=
3590 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3591 1 : spdm_context->local_context.capability.flags |=
3592 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3593 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3594 : m_libspdm_use_hash_algo;
3595 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3596 : m_libspdm_use_asym_algo;
3597 1 : spdm_context->connection_info.algorithm.req_base_asym_alg =
3598 : m_libspdm_use_req_asym_algo;
3599 1 : spdm_context->connection_info.algorithm.measurement_spec =
3600 : m_libspdm_use_measurement_spec;
3601 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3602 : m_libspdm_use_measurement_hash_algo;
3603 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3604 : m_libspdm_use_dhe_algo;
3605 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3606 : m_libspdm_use_aead_algo;
3607 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3608 : m_libspdm_use_asym_algo, &data1,
3609 : &data_size1, NULL, NULL);
3610 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3611 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3612 : data_size1;
3613 1 : spdm_context->spdm_10_11_verify_signature_endian =
3614 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
3615 :
3616 1 : libspdm_reset_message_a(spdm_context);
3617 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3618 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3619 : m_libspdm_use_req_asym_algo, &data2,
3620 : &data_size2, NULL, NULL);
3621 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3622 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3623 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3624 : data2, data_size2);
3625 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size =
3626 : data_size2;
3627 : #else
3628 1 : libspdm_hash_all(
3629 : spdm_context->connection_info.algorithm.base_hash_algo,
3630 : data2, data_size2,
3631 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3632 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3633 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3634 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3635 : spdm_context->connection_info.algorithm.base_hash_algo,
3636 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3637 : data2,
3638 : data_size2,
3639 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3640 : #endif
3641 :
3642 1 : session_id = 0xFFFFFFFF;
3643 1 : spdm_context->latest_session_id = session_id;
3644 1 : session_info = &spdm_context->session_info[0];
3645 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3646 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3647 1 : session_info->peer_used_cert_chain_slot_id = 0;
3648 1 : session_info->local_used_cert_chain_slot_id = 0;
3649 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3650 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3651 1 : libspdm_secured_message_set_request_finished_key(
3652 : session_info->secured_message_context, m_dummy_buffer,
3653 : hash_size);
3654 1 : libspdm_secured_message_set_session_state(
3655 : session_info->secured_message_context,
3656 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3657 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3658 :
3659 1 : spdm_context->connection_info.capability.flags |=
3660 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3661 1 : spdm_context->local_context.capability.flags |=
3662 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3663 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3664 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3665 1 : req_asym_signature_size =
3666 1 : libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3667 1 : ptr = m_libspdm_finish_request7.signature;
3668 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3669 1 : cert_buffer = (uint8_t*)data1;
3670 1 : cert_buffer_size = data_size1;
3671 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3672 : cert_buffer_hash);
3673 1 : cert_buffer = (uint8_t*)data2;
3674 1 : cert_buffer_size = data_size2;
3675 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3676 : req_cert_buffer_hash);
3677 : /* transcript.message_a size is 0*/
3678 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3679 : /* session_transcript.message_k is 0*/
3680 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3681 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3682 : sizeof(spdm_finish_request_t));
3683 :
3684 1 : libspdm_requester_data_sign(
3685 : spdm_context,
3686 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
3687 : 0, SPDM_FINISH,
3688 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3689 1 : false, libspdm_get_managed_buffer(&th_curr),
3690 : libspdm_get_managed_buffer_size(&th_curr),
3691 : ptr, &req_asym_signature_size);
3692 :
3693 : /* Switch signature to little endian */
3694 1 : libspdm_copy_signature_swap_endian(
3695 : m_libspdm_use_req_asym_algo,
3696 : ptr, req_asym_signature_size,
3697 : ptr, req_asym_signature_size);
3698 :
3699 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3700 1 : ptr += req_asym_signature_size;
3701 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3702 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3703 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3704 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3705 : request_finished_key, hash_size, ptr);
3706 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3707 1 : req_asym_signature_size + hmac_size;
3708 1 : response_size = sizeof(response);
3709 1 : status = libspdm_get_response_finish(spdm_context,
3710 : m_libspdm_finish_request7_size,
3711 : &m_libspdm_finish_request7,
3712 : &response_size, response);
3713 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3714 1 : spdm_response = (void*)response;
3715 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3716 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3717 :
3718 1 : g_key_exchange_start_mut_auth = 0;
3719 1 : free(data1);
3720 1 : free(data2);
3721 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3722 1 : }
3723 :
3724 : /**
3725 : * Test 29: Receive the correct FINISH from the requester, and
3726 : * the requester and responder have not set HANDSHAKE_IN_THE_CLEAR.
3727 : * Expected behavior: the responder accepts the request and produces a valid
3728 : * FINISH_RSP response message, and The ResponderVerifyData field is absent.
3729 : **/
3730 1 : void rsp_finish_rsp_case29(void **state)
3731 : {
3732 : libspdm_return_t status;
3733 : libspdm_test_context_t *spdm_test_context;
3734 : libspdm_context_t *spdm_context;
3735 : size_t response_size;
3736 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3737 : spdm_finish_response_t *spdm_response;
3738 : void *data1;
3739 : size_t data_size1;
3740 : uint8_t *ptr;
3741 : uint8_t *cert_buffer;
3742 : size_t cert_buffer_size;
3743 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3744 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3745 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3746 : libspdm_session_info_t *session_info;
3747 : uint32_t session_id;
3748 : uint32_t hash_size;
3749 : uint32_t hmac_size;
3750 :
3751 1 : spdm_test_context = *state;
3752 1 : spdm_context = spdm_test_context->spdm_context;
3753 1 : spdm_test_context->case_id = 29;
3754 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3755 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3756 1 : spdm_context->connection_info.connection_state =
3757 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3758 1 : spdm_context->connection_info.capability.flags |=
3759 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3760 1 : spdm_context->local_context.capability.flags |=
3761 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3762 :
3763 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3764 : m_libspdm_use_hash_algo;
3765 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3766 : m_libspdm_use_asym_algo;
3767 1 : spdm_context->connection_info.algorithm.measurement_spec =
3768 : m_libspdm_use_measurement_spec;
3769 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3770 : m_libspdm_use_measurement_hash_algo;
3771 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3772 : m_libspdm_use_dhe_algo;
3773 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3774 : m_libspdm_use_aead_algo;
3775 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3776 : m_libspdm_use_asym_algo, &data1,
3777 : &data_size1, NULL, NULL);
3778 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3779 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3780 : data_size1;
3781 :
3782 1 : libspdm_reset_message_a(spdm_context);
3783 :
3784 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3785 1 : spdm_context->connection_info.capability.flags &=
3786 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3787 1 : spdm_context->local_context.capability.flags &=
3788 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3789 :
3790 1 : session_id = 0xFFFFFFFF;
3791 1 : spdm_context->latest_session_id = session_id;
3792 1 : spdm_context->last_spdm_request_session_id_valid = true;
3793 1 : spdm_context->last_spdm_request_session_id = session_id;
3794 1 : session_info = &spdm_context->session_info[0];
3795 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3796 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3797 1 : session_info->local_used_cert_chain_slot_id = 0;
3798 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3799 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3800 :
3801 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3802 1 : libspdm_secured_message_set_request_finished_key(
3803 : session_info->secured_message_context, m_dummy_buffer,
3804 : hash_size);
3805 1 : libspdm_secured_message_set_session_state(
3806 : session_info->secured_message_context,
3807 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3808 :
3809 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3810 1 : ptr = m_libspdm_finish_request1.signature;
3811 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3812 1 : cert_buffer = (uint8_t *)data1;
3813 1 : cert_buffer_size = data_size1;
3814 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3815 : cert_buffer_hash);
3816 : /* transcript.message_a size is 0*/
3817 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3818 : /* session_transcript.message_k is 0*/
3819 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
3820 : sizeof(spdm_finish_request_t));
3821 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3822 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3823 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3824 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3825 : request_finished_key, hash_size, ptr);
3826 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
3827 1 : response_size = sizeof(response);
3828 1 : status = libspdm_get_response_finish(spdm_context,
3829 : m_libspdm_finish_request1_size,
3830 : &m_libspdm_finish_request1,
3831 : &response_size, response);
3832 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3833 : /* The ResponderVerifyData field shall be absent.*/
3834 1 : assert_int_equal(response_size,
3835 : sizeof(spdm_finish_response_t));
3836 1 : spdm_response = (void *)response;
3837 1 : assert_int_equal(spdm_response->header.request_response_code,
3838 : SPDM_FINISH_RSP);
3839 1 : free(data1);
3840 1 : }
3841 :
3842 : /**
3843 : * Test 30: SPDM version 1.4, with OpaqueData.
3844 : * Expected behavior: the responder accepts the request and produces a valid
3845 : * FINISH_RSP response message.
3846 : **/
3847 1 : void rsp_finish_rsp_case30(void **state)
3848 : {
3849 : libspdm_return_t status;
3850 : libspdm_test_context_t *spdm_test_context;
3851 : libspdm_context_t *spdm_context;
3852 : size_t response_size;
3853 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3854 : spdm_finish_response_t *spdm_response;
3855 : void *data1;
3856 : size_t data_size1;
3857 : uint8_t *ptr;
3858 : uint8_t *cert_buffer;
3859 : size_t cert_buffer_size;
3860 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3861 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3862 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3863 : libspdm_session_info_t *session_info;
3864 : uint32_t session_id;
3865 : uint32_t hash_size;
3866 : uint32_t hmac_size;
3867 :
3868 1 : spdm_test_context = *state;
3869 1 : spdm_context = spdm_test_context->spdm_context;
3870 1 : spdm_test_context->case_id = 30;
3871 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
3872 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3873 1 : spdm_context->connection_info.connection_state =
3874 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3875 1 : spdm_context->connection_info.capability.flags |=
3876 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3877 1 : spdm_context->local_context.capability.flags |=
3878 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3879 :
3880 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3881 : m_libspdm_use_hash_algo;
3882 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3883 : m_libspdm_use_asym_algo;
3884 1 : spdm_context->connection_info.algorithm.measurement_spec =
3885 : m_libspdm_use_measurement_spec;
3886 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3887 : m_libspdm_use_measurement_hash_algo;
3888 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3889 : m_libspdm_use_dhe_algo;
3890 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3891 : m_libspdm_use_aead_algo;
3892 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3893 : m_libspdm_use_asym_algo, &data1,
3894 : &data_size1, NULL, NULL);
3895 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3896 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3897 : data_size1;
3898 :
3899 1 : libspdm_reset_message_a(spdm_context);
3900 :
3901 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3902 1 : spdm_context->connection_info.capability.flags &=
3903 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3904 1 : spdm_context->local_context.capability.flags &=
3905 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3906 :
3907 1 : session_id = 0xFFFFFFFF;
3908 1 : spdm_context->latest_session_id = session_id;
3909 1 : spdm_context->last_spdm_request_session_id_valid = true;
3910 1 : spdm_context->last_spdm_request_session_id = session_id;
3911 1 : session_info = &spdm_context->session_info[0];
3912 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3913 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3914 :
3915 1 : session_info->local_used_cert_chain_slot_id = 0;
3916 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3917 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3918 :
3919 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3920 1 : libspdm_secured_message_set_request_finished_key(
3921 : session_info->secured_message_context, m_dummy_buffer,
3922 : hash_size);
3923 1 : libspdm_secured_message_set_session_state(
3924 : session_info->secured_message_context,
3925 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3926 :
3927 1 : m_libspdm_finish_request8.opaque_data_size = sizeof(m_libspdm_finish_request8.opaque_data);
3928 :
3929 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3930 1 : ptr = m_libspdm_finish_request8.signature;
3931 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3932 1 : cert_buffer = (uint8_t *)data1;
3933 1 : cert_buffer_size = data_size1;
3934 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3935 : cert_buffer_hash);
3936 : /* transcript.message_a size is 0*/
3937 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3938 : /* session_transcript.message_k is 0*/
3939 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request8,
3940 : sizeof(spdm_finish_request_t) + sizeof(uint16_t) +
3941 1 : m_libspdm_finish_request8.opaque_data_size);
3942 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3943 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3944 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3945 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3946 : request_finished_key, hash_size, ptr);
3947 1 : m_libspdm_finish_request8_size = sizeof(spdm_finish_request_t) + hmac_size +
3948 1 : sizeof(uint16_t) + m_libspdm_finish_request8.opaque_data_size;
3949 1 : response_size = sizeof(response);
3950 1 : status = libspdm_get_response_finish(spdm_context,
3951 : m_libspdm_finish_request8_size,
3952 : &m_libspdm_finish_request8,
3953 : &response_size, response);
3954 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3955 : /* The ResponderVerifyData field shall be absent.*/
3956 1 : ptr = (uint8_t *)response + sizeof(spdm_finish_response_t);
3957 1 : assert_int_equal(response_size,
3958 : sizeof(spdm_finish_response_t) + sizeof(uint16_t) +
3959 : libspdm_read_uint16(ptr));
3960 1 : spdm_response = (void *)response;
3961 1 : assert_int_equal(spdm_response->header.request_response_code,
3962 : SPDM_FINISH_RSP);
3963 1 : free(data1);
3964 1 : }
3965 :
3966 1 : int libspdm_rsp_finish_test(void)
3967 : {
3968 1 : const struct CMUnitTest test_cases[] = {
3969 : /* Success Case*/
3970 : cmocka_unit_test(rsp_finish_rsp_case1),
3971 : /* Can be populated with new test.*/
3972 : cmocka_unit_test(rsp_finish_rsp_case2),
3973 : /* response_state: SPDM_RESPONSE_STATE_BUSY*/
3974 : cmocka_unit_test(rsp_finish_rsp_case3),
3975 : /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
3976 : cmocka_unit_test(rsp_finish_rsp_case4),
3977 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
3978 : /* response_state: LIBSPDM_RESPONSE_STATE_NOT_READY*/
3979 : cmocka_unit_test(rsp_finish_rsp_case5),
3980 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
3981 : /* connection_state Check*/
3982 : cmocka_unit_test(rsp_finish_rsp_case6),
3983 : /* Buffer reset*/
3984 : cmocka_unit_test(rsp_finish_rsp_case7),
3985 : /* Success Case*/
3986 : cmocka_unit_test(rsp_finish_rsp_case8),
3987 : /* Unsupported KEY_EX capabilities*/
3988 : cmocka_unit_test(rsp_finish_rsp_case9),
3989 : /* Uninitialized session*/
3990 : cmocka_unit_test(rsp_finish_rsp_case10),
3991 : /* Incorrect MAC*/
3992 : cmocka_unit_test(rsp_finish_rsp_case11),
3993 : cmocka_unit_test(rsp_finish_rsp_case12),
3994 : /* Can be populated with new test.*/
3995 : cmocka_unit_test(rsp_finish_rsp_case13),
3996 : cmocka_unit_test(rsp_finish_rsp_case14),
3997 : /* Incorrect signature*/
3998 : cmocka_unit_test(rsp_finish_rsp_case15),
3999 : cmocka_unit_test(rsp_finish_rsp_case16),
4000 : /* Buffer verification*/
4001 : cmocka_unit_test(rsp_finish_rsp_case17),
4002 : /* Success Case, enable mutual authentication and use slot_id 0xFF */
4003 : cmocka_unit_test(rsp_finish_rsp_case18),
4004 : /* Invalid SlotID in FINISH request message when mutual authentication */
4005 : cmocka_unit_test_setup(rsp_finish_rsp_case19, libspdm_unit_test_group_setup),
4006 : cmocka_unit_test_setup(rsp_finish_rsp_case20, libspdm_unit_test_group_setup),
4007 : /* If FINISH.Param1 != 0x01, then FINISH.Param2 is reserved, shall be ignored when read */
4008 : cmocka_unit_test_setup(rsp_finish_rsp_case21, libspdm_unit_test_group_setup),
4009 : /* If KEY_EXCHANGE_RSP.MutAuthRequested equals neither 0x02 nor 0x04, FINISH.Param2 no need match ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest */
4010 : cmocka_unit_test_setup(rsp_finish_rsp_case22, libspdm_unit_test_group_setup),
4011 : /* Big Endian Sign - Little Endian Verify */
4012 : cmocka_unit_test_setup(rsp_finish_rsp_case23, libspdm_unit_test_group_setup),
4013 : /* Big Endian Sign - Big Endian Verify */
4014 : cmocka_unit_test_setup(rsp_finish_rsp_case24, libspdm_unit_test_group_setup),
4015 : /* Big Endian Sign - Big or Little Endian Verify */
4016 : cmocka_unit_test_setup(rsp_finish_rsp_case25, libspdm_unit_test_group_setup),
4017 : /* Little Endian Sign - Little Endian Verify*/
4018 : cmocka_unit_test_setup(rsp_finish_rsp_case26, libspdm_unit_test_group_setup),
4019 : /* Little Endian Sign - Big Endian Verify */
4020 : cmocka_unit_test_setup(rsp_finish_rsp_case27, libspdm_unit_test_group_setup),
4021 : /* Little Endian Sign - Big or Little Endian Verify */
4022 : cmocka_unit_test_setup(rsp_finish_rsp_case28, libspdm_unit_test_group_setup),
4023 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
4024 : cmocka_unit_test(rsp_finish_rsp_case29),
4025 : /* SPDM 1.4 with OpaqueData */
4026 : cmocka_unit_test(rsp_finish_rsp_case30),
4027 : };
4028 :
4029 1 : libspdm_test_context_t test_context = {
4030 : LIBSPDM_TEST_CONTEXT_VERSION,
4031 : false,
4032 : };
4033 :
4034 1 : libspdm_setup_test_context(&test_context);
4035 :
4036 1 : return cmocka_run_group_tests(test_cases,
4037 : libspdm_unit_test_group_setup,
4038 : libspdm_unit_test_group_teardown);
4039 : }
4040 :
4041 : #endif /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/
|
