Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2026 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 : #include "internal/libspdm_secured_message_lib.h"
10 :
11 : extern uint8_t g_key_exchange_start_mut_auth;
12 :
13 : #pragma pack(1)
14 :
15 : typedef struct {
16 : spdm_message_header_t header;
17 : uint8_t signature[LIBSPDM_MAX_ASYM_SIG_SIZE];
18 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
19 : } libspdm_finish_request_mine_t;
20 :
21 : typedef struct {
22 : spdm_message_header_t header;
23 : uint16_t opaque_data_size;
24 : uint8_t opaque_data[8];
25 : uint8_t signature[LIBSPDM_MAX_ASYM_SIG_SIZE];
26 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
27 : } libspdm_finish_request_mine_14_t;
28 :
29 : #pragma pack()
30 :
31 : libspdm_finish_request_mine_t m_libspdm_finish_request1 = {
32 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 0, 0 },
33 : };
34 : size_t m_libspdm_finish_request1_size = sizeof(m_libspdm_finish_request1);
35 :
36 : libspdm_finish_request_mine_t m_libspdm_finish_request3 = {
37 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0 },
38 : };
39 : size_t m_libspdm_finish_request3_size = sizeof(m_libspdm_finish_request3);
40 :
41 : libspdm_finish_request_mine_t m_libspdm_finish_request4 = {
42 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 0xFF },
43 : };
44 : size_t m_libspdm_finish_request4_size = sizeof(m_libspdm_finish_request4);
45 :
46 : libspdm_finish_request_mine_t m_libspdm_finish_request5 = {
47 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 10 },
48 : };
49 : size_t m_libspdm_finish_request5_size = sizeof(m_libspdm_finish_request5);
50 :
51 : libspdm_finish_request_mine_t m_libspdm_finish_request6 = {
52 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 6, 10 },
53 : };
54 : size_t m_libspdm_finish_request6_size = sizeof(m_libspdm_finish_request6);
55 :
56 : libspdm_finish_request_mine_t m_libspdm_finish_request7 = {
57 : { SPDM_MESSAGE_VERSION_11, SPDM_FINISH, 1, 3 },
58 : };
59 : size_t m_libspdm_finish_request7_size = sizeof(m_libspdm_finish_request7);
60 :
61 : libspdm_finish_request_mine_14_t m_libspdm_finish_request8 = {
62 : { SPDM_MESSAGE_VERSION_14, SPDM_FINISH, 0, 0 },
63 : };
64 : size_t m_libspdm_finish_request8_size = sizeof(m_libspdm_finish_request8);
65 :
66 : uint8_t m_dummy_buffer[LIBSPDM_MAX_HASH_SIZE];
67 :
68 : #if LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP
69 :
70 : static libspdm_th_managed_buffer_t th_curr;
71 :
72 : extern size_t libspdm_secret_lib_finish_opaque_data_size;
73 : extern bool g_generate_finish_opaque_data;
74 :
75 29 : void libspdm_secured_message_set_request_finished_key(
76 : void *spdm_secured_message_context, const void *key, size_t key_size)
77 : {
78 : libspdm_secured_message_context_t *secured_message_context;
79 :
80 29 : secured_message_context = spdm_secured_message_context;
81 29 : LIBSPDM_ASSERT(key_size == secured_message_context->hash_size);
82 29 : libspdm_copy_mem(secured_message_context->handshake_secret.request_finished_key,
83 : sizeof(secured_message_context->handshake_secret.request_finished_key),
84 : key, secured_message_context->hash_size);
85 29 : }
86 :
87 : /**
88 : * Test 1: receiving a correct FINISH message from the requester with a
89 : * correct MAC, no signature (no mutual authentication), and 'handshake in
90 : * the clear'.
91 : * Expected behavior: the responder accepts the request and produces a valid
92 : * FINISH_RSP response message.
93 : **/
94 1 : void rsp_finish_rsp_case1(void **state)
95 : {
96 : libspdm_return_t status;
97 : libspdm_test_context_t *spdm_test_context;
98 : libspdm_context_t *spdm_context;
99 : size_t response_size;
100 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
101 : spdm_finish_response_t *spdm_response;
102 : void *data1;
103 : size_t data_size1;
104 : uint8_t *ptr;
105 : uint8_t *cert_buffer;
106 : size_t cert_buffer_size;
107 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
108 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
109 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
110 : libspdm_session_info_t *session_info;
111 : uint32_t session_id;
112 : uint32_t hash_size;
113 : uint32_t hmac_size;
114 :
115 1 : spdm_test_context = *state;
116 1 : spdm_context = spdm_test_context->spdm_context;
117 1 : spdm_test_context->case_id = 0x1;
118 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
119 : SPDM_VERSION_NUMBER_SHIFT_BIT;
120 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
121 1 : spdm_context->connection_info.capability.flags |=
122 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
123 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
124 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
125 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
126 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
127 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
128 : m_libspdm_use_measurement_hash_algo;
129 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
130 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
131 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
132 : m_libspdm_use_asym_algo, &data1,
133 : &data_size1, NULL, NULL);
134 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
135 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
136 :
137 1 : libspdm_reset_message_a(spdm_context);
138 :
139 1 : session_id = 0xFFFFFFFF;
140 1 : spdm_context->latest_session_id = session_id;
141 1 : session_info = &spdm_context->session_info[0];
142 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
143 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
144 1 : session_info->local_used_cert_chain_slot_id = 0;
145 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
146 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
147 1 : libspdm_secured_message_set_request_finished_key(
148 : session_info->secured_message_context, m_dummy_buffer,
149 : hash_size);
150 1 : libspdm_secured_message_set_session_state(
151 : session_info->secured_message_context,
152 : LIBSPDM_SESSION_STATE_HANDSHAKING);
153 :
154 1 : spdm_context->connection_info.capability.flags |=
155 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
156 1 : spdm_context->local_context.capability.flags |=
157 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
158 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
159 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
160 1 : ptr = m_libspdm_finish_request1.signature;
161 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
162 1 : cert_buffer = (uint8_t *)data1;
163 1 : cert_buffer_size = data_size1;
164 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
165 : /* transcript.message_a size is 0*/
166 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
167 : /* session_transcript.message_k is 0*/
168 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
169 : sizeof(spdm_finish_request_t));
170 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
171 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
172 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
173 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
174 : request_finished_key, hash_size, ptr);
175 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
176 1 : response_size = sizeof(response);
177 1 : status = libspdm_get_response_finish(spdm_context,
178 : m_libspdm_finish_request1_size,
179 : &m_libspdm_finish_request1,
180 : &response_size, response);
181 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
182 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
183 1 : spdm_response = (void *)response;
184 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
185 1 : free(data1);
186 1 : }
187 :
188 : /**
189 : * Test 2:
190 : * Expected behavior:
191 : **/
192 1 : void rsp_finish_rsp_case2(void **state)
193 : {
194 1 : }
195 :
196 : /**
197 : * Test 3: receiving a correct FINISH from the requester, but the
198 : * responder is in a Busy state.
199 : * Expected behavior: the responder accepts the request, but produces an
200 : * ERROR message indicating the Busy state.
201 : **/
202 1 : void rsp_finish_rsp_case3(void **state)
203 : {
204 : libspdm_return_t status;
205 : libspdm_test_context_t *spdm_test_context;
206 : libspdm_context_t *spdm_context;
207 : size_t response_size;
208 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
209 : spdm_finish_response_t *spdm_response;
210 : void *data1;
211 : size_t data_size1;
212 : uint8_t *ptr;
213 : uint8_t *cert_buffer;
214 : size_t cert_buffer_size;
215 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
216 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
217 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
218 : libspdm_session_info_t *session_info;
219 : uint32_t session_id;
220 : uint32_t hash_size;
221 : uint32_t hmac_size;
222 :
223 1 : spdm_test_context = *state;
224 1 : spdm_context = spdm_test_context->spdm_context;
225 1 : spdm_test_context->case_id = 0x3;
226 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
227 : SPDM_VERSION_NUMBER_SHIFT_BIT;
228 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
229 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
230 1 : spdm_context->connection_info.capability.flags |=
231 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
232 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
233 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
234 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
235 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
236 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
237 : m_libspdm_use_measurement_hash_algo;
238 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
239 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
240 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
241 : m_libspdm_use_asym_algo, &data1,
242 : &data_size1, NULL, NULL);
243 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
244 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
245 :
246 1 : libspdm_reset_message_a(spdm_context);
247 :
248 1 : session_id = 0xFFFFFFFF;
249 1 : spdm_context->latest_session_id = session_id;
250 1 : session_info = &spdm_context->session_info[0];
251 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
252 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
253 1 : session_info->local_used_cert_chain_slot_id = 0;
254 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
255 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
256 1 : libspdm_secured_message_set_request_finished_key(
257 : session_info->secured_message_context, m_dummy_buffer,
258 : hash_size);
259 1 : libspdm_secured_message_set_session_state(
260 : session_info->secured_message_context,
261 : LIBSPDM_SESSION_STATE_HANDSHAKING);
262 :
263 1 : spdm_context->connection_info.capability.flags |=
264 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
265 1 : spdm_context->local_context.capability.flags |=
266 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
267 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
268 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
269 1 : ptr = m_libspdm_finish_request1.signature;
270 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
271 1 : cert_buffer = (uint8_t *)data1;
272 1 : cert_buffer_size = data_size1;
273 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
274 : /* transcript.message_a size is 0*/
275 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
276 : /* session_transcript.message_k is 0*/
277 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
278 : sizeof(spdm_finish_request_t));
279 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
280 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
281 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
282 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
283 : request_finished_key, hash_size, ptr);
284 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
285 1 : response_size = sizeof(response);
286 1 : status = libspdm_get_response_finish(spdm_context,
287 : m_libspdm_finish_request1_size,
288 : &m_libspdm_finish_request1,
289 : &response_size, response);
290 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
291 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
292 1 : spdm_response = (void *)response;
293 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
294 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
295 1 : assert_int_equal(spdm_response->header.param2, 0);
296 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_BUSY);
297 1 : free(data1);
298 1 : }
299 :
300 : /**
301 : * Test 4: receiving a correct FINISH from the requester, but the responder
302 : * requires resynchronization with the requester.
303 : * Expected behavior: the responder accepts the request, but produces an
304 : * ERROR message indicating the NeedResynch state.
305 : **/
306 1 : void rsp_finish_rsp_case4(void **state)
307 : {
308 : libspdm_return_t status;
309 : libspdm_test_context_t *spdm_test_context;
310 : libspdm_context_t *spdm_context;
311 : size_t response_size;
312 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
313 : spdm_finish_response_t *spdm_response;
314 : void *data1;
315 : size_t data_size1;
316 : uint8_t *ptr;
317 : uint8_t *cert_buffer;
318 : size_t cert_buffer_size;
319 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
320 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
321 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
322 : libspdm_session_info_t *session_info;
323 : uint32_t session_id;
324 : uint32_t hash_size;
325 : uint32_t hmac_size;
326 :
327 1 : spdm_test_context = *state;
328 1 : spdm_context = spdm_test_context->spdm_context;
329 1 : spdm_test_context->case_id = 0x4;
330 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
331 : SPDM_VERSION_NUMBER_SHIFT_BIT;
332 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
333 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
334 1 : spdm_context->connection_info.capability.flags |=
335 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
336 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
337 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
338 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
339 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
340 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
341 : m_libspdm_use_measurement_hash_algo;
342 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
343 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
344 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
345 : m_libspdm_use_asym_algo, &data1,
346 : &data_size1, NULL, NULL);
347 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
348 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
349 :
350 1 : libspdm_reset_message_a(spdm_context);
351 :
352 1 : session_id = 0xFFFFFFFF;
353 1 : spdm_context->latest_session_id = session_id;
354 1 : session_info = &spdm_context->session_info[0];
355 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
356 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
357 1 : session_info->local_used_cert_chain_slot_id = 0;
358 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
359 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
360 1 : libspdm_secured_message_set_request_finished_key(
361 : session_info->secured_message_context, m_dummy_buffer,
362 : hash_size);
363 1 : libspdm_secured_message_set_session_state(
364 : session_info->secured_message_context,
365 : LIBSPDM_SESSION_STATE_HANDSHAKING);
366 :
367 1 : spdm_context->connection_info.capability.flags |=
368 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
369 1 : spdm_context->local_context.capability.flags |=
370 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
371 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
372 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
373 1 : ptr = m_libspdm_finish_request1.signature;
374 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
375 1 : cert_buffer = (uint8_t *)data1;
376 1 : cert_buffer_size = data_size1;
377 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
378 : /* transcript.message_a size is 0*/
379 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
380 : /* session_transcript.message_k is 0*/
381 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
382 : sizeof(spdm_finish_request_t));
383 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
384 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
385 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
386 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
387 : request_finished_key, hash_size, ptr);
388 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
389 1 : response_size = sizeof(response);
390 1 : status = libspdm_get_response_finish(spdm_context,
391 : m_libspdm_finish_request1_size,
392 : &m_libspdm_finish_request1,
393 : &response_size, response);
394 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
395 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
396 1 : spdm_response = (void *)response;
397 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
398 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_REQUEST_RESYNCH);
399 1 : assert_int_equal(spdm_response->header.param2, 0);
400 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
401 1 : free(data1);
402 1 : }
403 :
404 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
405 : /**
406 : * Test 5: receiving a correct FINISH from the requester, but the responder
407 : * could not produce the response in time.
408 : * Expected behavior: the responder accepts the request, but produces an
409 : * ERROR message indicating the ResponseNotReady state.
410 : **/
411 1 : void rsp_finish_rsp_case5(void **state)
412 : {
413 : libspdm_return_t status;
414 : libspdm_test_context_t *spdm_test_context;
415 : libspdm_context_t *spdm_context;
416 : size_t response_size;
417 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
418 : spdm_finish_response_t *spdm_response;
419 : void *data1;
420 : size_t data_size1;
421 : uint8_t *ptr;
422 : uint8_t *cert_buffer;
423 : size_t cert_buffer_size;
424 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
425 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
426 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
427 : libspdm_session_info_t *session_info;
428 : uint32_t session_id;
429 : uint32_t hash_size;
430 : uint32_t hmac_size;
431 : spdm_error_data_response_not_ready_t *error_data;
432 :
433 1 : spdm_test_context = *state;
434 1 : spdm_context = spdm_test_context->spdm_context;
435 1 : spdm_test_context->case_id = 0x5;
436 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
437 : SPDM_VERSION_NUMBER_SHIFT_BIT;
438 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
439 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
440 1 : spdm_context->connection_info.capability.flags |=
441 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
442 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
443 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
444 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
445 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
446 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
447 : m_libspdm_use_measurement_hash_algo;
448 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
449 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
450 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
451 : m_libspdm_use_asym_algo, &data1,
452 : &data_size1, NULL, NULL);
453 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
454 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
455 :
456 1 : libspdm_reset_message_a(spdm_context);
457 :
458 1 : session_id = 0xFFFFFFFF;
459 1 : spdm_context->latest_session_id = session_id;
460 1 : session_info = &spdm_context->session_info[0];
461 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
462 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
463 1 : session_info->local_used_cert_chain_slot_id = 0;
464 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
465 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
466 1 : libspdm_secured_message_set_request_finished_key(
467 : session_info->secured_message_context, m_dummy_buffer,
468 : hash_size);
469 1 : libspdm_secured_message_set_session_state(
470 : session_info->secured_message_context,
471 : LIBSPDM_SESSION_STATE_HANDSHAKING);
472 :
473 1 : spdm_context->connection_info.capability.flags |=
474 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
475 1 : spdm_context->local_context.capability.flags |=
476 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
477 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
478 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
479 1 : ptr = m_libspdm_finish_request1.signature;
480 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
481 1 : cert_buffer = (uint8_t *)data1;
482 1 : cert_buffer_size = data_size1;
483 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
484 : /* transcript.message_a size is 0*/
485 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
486 : /* session_transcript.message_k is 0*/
487 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
488 : sizeof(spdm_finish_request_t));
489 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
490 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
491 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
492 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
493 : request_finished_key, hash_size, ptr);
494 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
495 1 : response_size = sizeof(response);
496 1 : status = libspdm_get_response_finish(spdm_context,
497 : m_libspdm_finish_request1_size,
498 : &m_libspdm_finish_request1,
499 : &response_size, response);
500 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
501 1 : assert_int_equal(response_size,
502 : sizeof(spdm_error_response_t) +
503 : sizeof(spdm_error_data_response_not_ready_t));
504 1 : spdm_response = (void *)response;
505 1 : error_data = (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
506 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
507 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_RESPONSE_NOT_READY);
508 1 : assert_int_equal(spdm_response->header.param2, 0);
509 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_NOT_READY);
510 1 : assert_int_equal(error_data->request_code, SPDM_FINISH);
511 1 : free(data1);
512 1 : }
513 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
514 :
515 : /**
516 : * Test 6: receiving a correct FINISH from the requester, but the responder
517 : * is not set no receive a FINISH message because previous messages (namely,
518 : * GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or GET_DIGESTS) have not been
519 : * received.
520 : * Expected behavior: the responder rejects the request, and produces an
521 : * ERROR message indicating the UnexpectedRequest.
522 : **/
523 1 : void rsp_finish_rsp_case6(void **state)
524 : {
525 : libspdm_return_t status;
526 : libspdm_test_context_t *spdm_test_context;
527 : libspdm_context_t *spdm_context;
528 : size_t response_size;
529 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
530 : spdm_finish_response_t *spdm_response;
531 : void *data1;
532 : size_t data_size1;
533 : uint8_t *ptr;
534 : uint8_t *cert_buffer;
535 : size_t cert_buffer_size;
536 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
537 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
538 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
539 : libspdm_session_info_t *session_info;
540 : uint32_t session_id;
541 : uint32_t hash_size;
542 : uint32_t hmac_size;
543 :
544 1 : spdm_test_context = *state;
545 1 : spdm_context = spdm_test_context->spdm_context;
546 1 : spdm_test_context->case_id = 0x6;
547 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
548 : SPDM_VERSION_NUMBER_SHIFT_BIT;
549 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
550 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NOT_STARTED;
551 1 : spdm_context->connection_info.capability.flags |=
552 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
553 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
554 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
555 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
556 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
557 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
558 : m_libspdm_use_measurement_hash_algo;
559 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
560 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
561 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
562 : m_libspdm_use_asym_algo, &data1,
563 : &data_size1, NULL, NULL);
564 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
565 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
566 :
567 1 : libspdm_reset_message_a(spdm_context);
568 :
569 1 : session_id = 0xFFFFFFFF;
570 1 : spdm_context->latest_session_id = session_id;
571 1 : session_info = &spdm_context->session_info[0];
572 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
573 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
574 1 : session_info->local_used_cert_chain_slot_id = 0;
575 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
576 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
577 1 : libspdm_secured_message_set_request_finished_key(
578 : session_info->secured_message_context, m_dummy_buffer,
579 : hash_size);
580 1 : libspdm_secured_message_set_session_state(
581 : session_info->secured_message_context,
582 : LIBSPDM_SESSION_STATE_HANDSHAKING);
583 :
584 1 : spdm_context->connection_info.capability.flags |=
585 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
586 1 : spdm_context->local_context.capability.flags |=
587 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
588 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
589 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
590 1 : ptr = m_libspdm_finish_request1.signature;
591 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
592 1 : cert_buffer = (uint8_t *)data1;
593 1 : cert_buffer_size = data_size1;
594 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
595 : /* transcript.message_a size is 0*/
596 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
597 : /* session_transcript.message_k is 0*/
598 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
599 : sizeof(spdm_finish_request_t));
600 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
601 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
602 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
603 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
604 : request_finished_key, hash_size, ptr);
605 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
606 1 : response_size = sizeof(response);
607 1 : status = libspdm_get_response_finish(spdm_context,
608 : m_libspdm_finish_request1_size,
609 : &m_libspdm_finish_request1,
610 : &response_size, response);
611 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
612 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
613 1 : spdm_response = (void *)response;
614 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
615 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
616 1 : assert_int_equal(spdm_response->header.param2, 0);
617 1 : free(data1);
618 1 : }
619 :
620 1 : void rsp_finish_rsp_case7(void **state)
621 : {
622 : libspdm_return_t status;
623 : libspdm_test_context_t *spdm_test_context;
624 : libspdm_context_t *spdm_context;
625 : size_t response_size;
626 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
627 : spdm_finish_response_t *spdm_response;
628 : void *data1;
629 : size_t data_size1;
630 : uint8_t *ptr;
631 : uint8_t *cert_buffer;
632 : size_t cert_buffer_size;
633 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
634 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
635 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
636 : libspdm_session_info_t *session_info;
637 : uint32_t session_id;
638 : uint32_t hash_size;
639 : uint32_t hmac_size;
640 :
641 1 : spdm_test_context = *state;
642 1 : spdm_context = spdm_test_context->spdm_context;
643 1 : spdm_test_context->case_id = 0x7;
644 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
645 : SPDM_VERSION_NUMBER_SHIFT_BIT;
646 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
647 1 : spdm_context->connection_info.capability.flags |=
648 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
649 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
650 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
651 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
652 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
653 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
654 : m_libspdm_use_measurement_hash_algo;
655 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
656 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
657 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
658 : m_libspdm_use_asym_algo, &data1,
659 : &data_size1, NULL, NULL);
660 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
661 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
662 :
663 1 : libspdm_reset_message_a(spdm_context);
664 :
665 1 : session_id = 0xFFFFFFFF;
666 1 : spdm_context->latest_session_id = session_id;
667 1 : session_info = &spdm_context->session_info[0];
668 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
669 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
670 1 : session_info->local_used_cert_chain_slot_id = 0;
671 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
672 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
673 1 : libspdm_secured_message_set_request_finished_key(
674 : session_info->secured_message_context, m_dummy_buffer,
675 : hash_size);
676 1 : libspdm_secured_message_set_session_state(
677 : session_info->secured_message_context,
678 : LIBSPDM_SESSION_STATE_HANDSHAKING);
679 :
680 1 : spdm_context->connection_info.capability.flags |=
681 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
682 1 : spdm_context->local_context.capability.flags |=
683 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
684 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
685 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
686 1 : ptr = m_libspdm_finish_request1.signature;
687 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
688 1 : cert_buffer = (uint8_t *)data1;
689 1 : cert_buffer_size = data_size1;
690 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
691 : session_info->session_transcript.message_m.buffer_size =
692 : session_info->session_transcript.message_m.max_buffer_size;
693 : spdm_context->transcript.message_b.buffer_size =
694 : spdm_context->transcript.message_b.max_buffer_size;
695 : spdm_context->transcript.message_c.buffer_size =
696 : spdm_context->transcript.message_c.max_buffer_size;
697 : spdm_context->transcript.message_mut_b.buffer_size =
698 : spdm_context->transcript.message_mut_b.max_buffer_size;
699 : spdm_context->transcript.message_mut_c.buffer_size =
700 : spdm_context->transcript.message_mut_c.max_buffer_size;
701 : #endif
702 :
703 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
704 : /* transcript.message_a size is 0*/
705 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
706 : /* session_transcript.message_k is 0*/
707 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
708 : sizeof(spdm_finish_request_t));
709 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
710 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
711 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
712 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
713 : request_finished_key, hash_size, ptr);
714 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
715 1 : response_size = sizeof(response);
716 1 : status = libspdm_get_response_finish(spdm_context,
717 : m_libspdm_finish_request1_size,
718 : &m_libspdm_finish_request1,
719 : &response_size, response);
720 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
721 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
722 1 : spdm_response = (void *)response;
723 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
724 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
725 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
726 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
727 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
728 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
729 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
730 : #endif
731 :
732 1 : free(data1);
733 1 : }
734 :
735 :
736 : /**
737 : * Test 8: receiving a correct FINISH message from the requester with
738 : * correct MAC and signature (with mutual authentication), and 'handshake in
739 : * the clear'.
740 : * Expected behavior: the responder accepts the request and produces a valid
741 : * FINISH_RSP response message.
742 : **/
743 1 : void rsp_finish_rsp_case8(void **state)
744 : {
745 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
746 : libspdm_return_t status;
747 : libspdm_test_context_t *spdm_test_context;
748 : libspdm_context_t *spdm_context;
749 : size_t response_size;
750 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
751 : spdm_finish_response_t *spdm_response;
752 : void *data1;
753 : size_t data_size1;
754 : void *data2;
755 : size_t data_size2;
756 : uint8_t *ptr;
757 : uint8_t *cert_buffer;
758 : size_t cert_buffer_size;
759 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
760 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
761 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
762 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
763 : libspdm_session_info_t *session_info;
764 : uint32_t session_id;
765 : uint32_t hash_size;
766 : uint32_t hmac_size;
767 : size_t req_asym_signature_size;
768 :
769 1 : spdm_test_context = *state;
770 1 : spdm_context = spdm_test_context->spdm_context;
771 1 : spdm_test_context->case_id = 0x8;
772 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
773 : SPDM_VERSION_NUMBER_SHIFT_BIT;
774 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
775 1 : spdm_context->connection_info.capability.flags |=
776 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
777 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
778 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
779 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
780 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
781 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
782 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
783 : m_libspdm_use_measurement_hash_algo;
784 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
785 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
786 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
787 : m_libspdm_use_asym_algo, &data1,
788 : &data_size1, NULL, NULL);
789 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
790 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
791 :
792 1 : libspdm_reset_message_a(spdm_context);
793 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
794 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
795 : m_libspdm_use_req_asym_algo, &data2,
796 : &data_size2, NULL, NULL);
797 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
798 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
799 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
800 : data2, data_size2);
801 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
802 : #else
803 1 : libspdm_hash_all(
804 : spdm_context->connection_info.algorithm.base_hash_algo,
805 : data2, data_size2,
806 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
807 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
808 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
809 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
810 : spdm_context->connection_info.algorithm.base_hash_algo,
811 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
812 : data2,
813 : data_size2,
814 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
815 : #endif
816 :
817 1 : session_id = 0xFFFFFFFF;
818 1 : spdm_context->latest_session_id = session_id;
819 1 : session_info = &spdm_context->session_info[0];
820 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
821 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
822 1 : session_info->peer_used_cert_chain_slot_id = 0;
823 1 : session_info->local_used_cert_chain_slot_id = 0;
824 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
825 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
826 1 : libspdm_secured_message_set_request_finished_key(
827 : session_info->secured_message_context, m_dummy_buffer,
828 : hash_size);
829 1 : libspdm_secured_message_set_session_state(
830 : session_info->secured_message_context,
831 : LIBSPDM_SESSION_STATE_HANDSHAKING);
832 1 : session_info->mut_auth_requested = 1;
833 :
834 1 : spdm_context->connection_info.capability.flags |=
835 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
836 1 : spdm_context->local_context.capability.flags |=
837 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
838 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
839 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
840 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
841 1 : ptr = m_libspdm_finish_request3.signature;
842 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
843 1 : cert_buffer = (uint8_t *)data1;
844 1 : cert_buffer_size = data_size1;
845 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
846 1 : cert_buffer = (uint8_t *)data2;
847 1 : cert_buffer_size = data_size2;
848 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
849 : /* transcript.message_a size is 0*/
850 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
851 : /* session_transcript.message_k is 0*/
852 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
853 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
854 : sizeof(spdm_finish_request_t));
855 :
856 1 : libspdm_requester_data_sign(
857 : spdm_context,
858 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
859 : 0, SPDM_FINISH,
860 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
861 1 : false, libspdm_get_managed_buffer(&th_curr),
862 : libspdm_get_managed_buffer_size(&th_curr),
863 : ptr, &req_asym_signature_size);
864 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
865 1 : ptr += req_asym_signature_size;
866 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
867 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
868 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
869 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
870 : request_finished_key, hash_size, ptr);
871 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
872 1 : req_asym_signature_size + hmac_size;
873 1 : response_size = sizeof(response);
874 1 : status = libspdm_get_response_finish(spdm_context,
875 : m_libspdm_finish_request3_size,
876 : &m_libspdm_finish_request3,
877 : &response_size, response);
878 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
879 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
880 1 : spdm_response = (void *)response;
881 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
882 :
883 1 : g_key_exchange_start_mut_auth = 0;
884 1 : free(data1);
885 1 : free(data2);
886 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
887 1 : }
888 :
889 : /**
890 : * Test 9: receiving a correct FINISH message from the requester, but the
891 : * responder has no capabilities for key exchange.
892 : * Expected behavior: the responder refuses the FINISH message and produces
893 : * an ERROR message indicating the UnsupportedRequest.
894 : **/
895 1 : void rsp_finish_rsp_case9(void **state)
896 : {
897 : libspdm_return_t status;
898 : libspdm_test_context_t *spdm_test_context;
899 : libspdm_context_t *spdm_context;
900 : size_t response_size;
901 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
902 : spdm_finish_response_t *spdm_response;
903 : void *data1;
904 : size_t data_size1;
905 : uint8_t *ptr;
906 : uint8_t *cert_buffer;
907 : size_t cert_buffer_size;
908 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
909 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
910 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
911 : libspdm_session_info_t *session_info;
912 : uint32_t session_id;
913 : uint32_t hash_size;
914 : uint32_t hmac_size;
915 :
916 1 : spdm_test_context = *state;
917 1 : spdm_context = spdm_test_context->spdm_context;
918 1 : spdm_test_context->case_id = 0x9;
919 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
920 : SPDM_VERSION_NUMBER_SHIFT_BIT;
921 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
922 1 : spdm_context->connection_info.capability.flags = 0;
923 1 : spdm_context->local_context.capability.flags = 0;
924 1 : spdm_context->connection_info.capability.flags |=
925 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
926 : /* no key exchange capabilities (responder)*/
927 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
928 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
929 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
930 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
931 : m_libspdm_use_measurement_hash_algo;
932 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
933 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
934 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
935 : m_libspdm_use_asym_algo, &data1,
936 : &data_size1, NULL, NULL);
937 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
938 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
939 :
940 1 : libspdm_reset_message_a(spdm_context);
941 :
942 1 : session_id = 0xFFFFFFFF;
943 1 : spdm_context->latest_session_id = session_id;
944 1 : session_info = &spdm_context->session_info[0];
945 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
946 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
947 1 : session_info->local_used_cert_chain_slot_id = 0;
948 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
949 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
950 1 : libspdm_secured_message_set_request_finished_key(
951 : session_info->secured_message_context, m_dummy_buffer,
952 : hash_size);
953 1 : libspdm_secured_message_set_session_state(
954 : session_info->secured_message_context,
955 : LIBSPDM_SESSION_STATE_HANDSHAKING);
956 :
957 1 : spdm_context->connection_info.capability.flags |=
958 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
959 1 : spdm_context->local_context.capability.flags |=
960 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
961 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
962 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
963 1 : ptr = m_libspdm_finish_request1.signature;
964 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
965 1 : cert_buffer = (uint8_t *)data1;
966 1 : cert_buffer_size = data_size1;
967 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
968 : /* transcript.message_a size is 0*/
969 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
970 : /* session_transcript.message_k is 0*/
971 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
972 : sizeof(spdm_finish_request_t));
973 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
974 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
975 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
976 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
977 : request_finished_key, hash_size, ptr);
978 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
979 1 : response_size = sizeof(response);
980 1 : status = libspdm_get_response_finish(spdm_context,
981 : m_libspdm_finish_request1_size,
982 : &m_libspdm_finish_request1,
983 : &response_size, response);
984 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
985 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
986 1 : spdm_response = (void *)response;
987 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
988 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
989 1 : assert_int_equal(spdm_response->header.param2, SPDM_FINISH);
990 1 : free(data1);
991 1 : }
992 :
993 : /**
994 : * Test 10: receiving a correct FINISH message from the requester, but the
995 : * responder is not correctly setup by not initializing a session during
996 : * KEY_EXCHANGE.
997 : * Expected behavior: the responder refuses the FINISH message and produces
998 : * an ERROR message indicating the UnsupportedRequest.
999 : **/
1000 1 : void rsp_finish_rsp_case10(void **state)
1001 : {
1002 : libspdm_return_t status;
1003 : libspdm_test_context_t *spdm_test_context;
1004 : libspdm_context_t *spdm_context;
1005 : size_t response_size;
1006 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1007 : spdm_finish_response_t *spdm_response;
1008 : void *data1;
1009 : size_t data_size1;
1010 : uint8_t *ptr;
1011 : uint8_t *cert_buffer;
1012 : size_t cert_buffer_size;
1013 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1014 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1015 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1016 : libspdm_session_info_t *session_info;
1017 : uint32_t session_id;
1018 : uint32_t hash_size;
1019 : uint32_t hmac_size;
1020 :
1021 1 : spdm_test_context = *state;
1022 1 : spdm_context = spdm_test_context->spdm_context;
1023 1 : spdm_test_context->case_id = 0xA;
1024 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1025 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1026 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1027 1 : spdm_context->connection_info.capability.flags |=
1028 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1029 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1030 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1031 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1032 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1033 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1034 : m_libspdm_use_measurement_hash_algo;
1035 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1036 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1037 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1038 : m_libspdm_use_asym_algo, &data1,
1039 : &data_size1, NULL, NULL);
1040 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1041 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1042 :
1043 1 : libspdm_reset_message_a(spdm_context);
1044 :
1045 1 : session_id = 0xFFFFFFFF;
1046 1 : spdm_context->latest_session_id = session_id;
1047 1 : session_info = &spdm_context->session_info[0];
1048 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1049 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1050 1 : session_info->local_used_cert_chain_slot_id = 0;
1051 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1052 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1053 1 : libspdm_secured_message_set_request_finished_key(
1054 : session_info->secured_message_context, m_dummy_buffer,
1055 : hash_size);
1056 1 : libspdm_secured_message_set_session_state(
1057 : session_info->secured_message_context,
1058 : LIBSPDM_SESSION_STATE_NOT_STARTED);
1059 :
1060 1 : spdm_context->connection_info.capability.flags |=
1061 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1062 1 : spdm_context->local_context.capability.flags |=
1063 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1064 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1065 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1066 1 : ptr = m_libspdm_finish_request1.signature;
1067 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1068 1 : cert_buffer = (uint8_t *)data1;
1069 1 : cert_buffer_size = data_size1;
1070 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1071 : /* transcript.message_a size is 0*/
1072 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1073 : /* session_transcript.message_k is 0*/
1074 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1075 : sizeof(spdm_finish_request_t));
1076 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1077 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1078 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1079 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1080 : request_finished_key, hash_size, ptr);
1081 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1082 1 : response_size = sizeof(response);
1083 1 : status = libspdm_get_response_finish(spdm_context,
1084 : m_libspdm_finish_request1_size,
1085 : &m_libspdm_finish_request1,
1086 : &response_size, response);
1087 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1088 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1089 1 : spdm_response = (void *)response;
1090 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1091 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
1092 1 : assert_int_equal(spdm_response->header.param2, 0);
1093 1 : free(data1);
1094 1 : }
1095 :
1096 : /**
1097 : * Test 11: receiving a FINISH message from the requester with an incorrect
1098 : * MAC (all-zero).
1099 : * Expected behavior: the responder refuses the FINISH message and produces
1100 : * an ERROR message indicating the DecryptError.
1101 : **/
1102 1 : void rsp_finish_rsp_case11(void **state)
1103 : {
1104 : libspdm_return_t status;
1105 : libspdm_test_context_t *spdm_test_context;
1106 : libspdm_context_t *spdm_context;
1107 : size_t response_size;
1108 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1109 : spdm_finish_response_t *spdm_response;
1110 : void *data1;
1111 : size_t data_size1;
1112 : uint8_t *ptr;
1113 : libspdm_session_info_t *session_info;
1114 : uint32_t session_id;
1115 : uint32_t hash_size;
1116 : uint32_t hmac_size;
1117 :
1118 1 : spdm_test_context = *state;
1119 1 : spdm_context = spdm_test_context->spdm_context;
1120 1 : spdm_test_context->case_id = 0xB;
1121 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1122 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1123 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1124 1 : spdm_context->connection_info.capability.flags |=
1125 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1126 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1127 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1128 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1129 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1130 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1131 : m_libspdm_use_measurement_hash_algo;
1132 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1133 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1134 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1135 : m_libspdm_use_asym_algo, &data1,
1136 : &data_size1, NULL, NULL);
1137 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1138 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1139 :
1140 1 : libspdm_reset_message_a(spdm_context);
1141 :
1142 1 : session_id = 0xFFFFFFFF;
1143 1 : spdm_context->latest_session_id = session_id;
1144 1 : session_info = &spdm_context->session_info[0];
1145 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1146 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1147 1 : session_info->local_used_cert_chain_slot_id = 0;
1148 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1149 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1150 1 : libspdm_secured_message_set_request_finished_key(
1151 : session_info->secured_message_context, m_dummy_buffer,
1152 : hash_size);
1153 1 : libspdm_secured_message_set_session_state(
1154 : session_info->secured_message_context,
1155 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1156 :
1157 1 : spdm_context->connection_info.capability.flags |=
1158 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1159 1 : spdm_context->local_context.capability.flags |=
1160 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1161 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1162 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1163 1 : ptr = m_libspdm_finish_request1.signature;
1164 1 : libspdm_set_mem(ptr, hmac_size, (uint8_t)(0x00)); /*all-zero MAC*/
1165 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1166 1 : response_size = sizeof(response);
1167 1 : status = libspdm_get_response_finish(spdm_context,
1168 : m_libspdm_finish_request1_size,
1169 : &m_libspdm_finish_request1,
1170 : &response_size, response);
1171 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1172 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1173 1 : spdm_response = (void *)response;
1174 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1175 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_DECRYPT_ERROR);
1176 1 : assert_int_equal(spdm_response->header.param2, 0);
1177 1 : free(data1);
1178 1 : }
1179 :
1180 : /**
1181 : * Test 12: receiving a FINISH message from the requester with an incorrect
1182 : * MAC (arbitrary).
1183 : * Expected behavior: the responder refuses the FINISH message and produces
1184 : * an ERROR message indicating the DecryptError.
1185 : **/
1186 1 : void rsp_finish_rsp_case12(void **state)
1187 : {
1188 : libspdm_return_t status;
1189 : libspdm_test_context_t *spdm_test_context;
1190 : libspdm_context_t *spdm_context;
1191 : size_t response_size;
1192 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1193 : spdm_finish_response_t *spdm_response;
1194 : void *data1;
1195 : size_t data_size1;
1196 : uint8_t *ptr;
1197 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1198 : uint8_t zero_data[LIBSPDM_MAX_HASH_SIZE];
1199 : libspdm_session_info_t *session_info;
1200 : uint32_t session_id;
1201 : uint32_t hash_size;
1202 : uint32_t hmac_size;
1203 :
1204 1 : spdm_test_context = *state;
1205 1 : spdm_context = spdm_test_context->spdm_context;
1206 1 : spdm_test_context->case_id = 0xC;
1207 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1208 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1209 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1210 1 : spdm_context->connection_info.capability.flags |=
1211 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1212 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1213 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1214 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1215 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1216 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1217 : m_libspdm_use_measurement_hash_algo;
1218 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1219 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1220 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1221 : m_libspdm_use_asym_algo, &data1,
1222 : &data_size1, NULL, NULL);
1223 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1224 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1225 :
1226 1 : libspdm_reset_message_a(spdm_context);
1227 :
1228 1 : session_id = 0xFFFFFFFF;
1229 1 : spdm_context->latest_session_id = session_id;
1230 1 : session_info = &spdm_context->session_info[0];
1231 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1232 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1233 1 : session_info->local_used_cert_chain_slot_id = 0;
1234 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1235 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1236 1 : libspdm_secured_message_set_request_finished_key(
1237 : session_info->secured_message_context, m_dummy_buffer,
1238 : hash_size);
1239 1 : libspdm_secured_message_set_session_state(
1240 : session_info->secured_message_context,
1241 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1242 :
1243 1 : spdm_context->connection_info.capability.flags |=
1244 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1245 1 : spdm_context->local_context.capability.flags |=
1246 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1247 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1248 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1249 1 : ptr = m_libspdm_finish_request1.signature;
1250 : /*arbitrary MAC*/
1251 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1252 1 : libspdm_set_mem(zero_data, hash_size, (uint8_t)(0x00));
1253 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, zero_data, hash_size,
1254 : request_finished_key, hash_size, ptr);
1255 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1256 1 : response_size = sizeof(response);
1257 1 : status = libspdm_get_response_finish(spdm_context,
1258 : m_libspdm_finish_request1_size,
1259 : &m_libspdm_finish_request1,
1260 : &response_size, response);
1261 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1262 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1263 1 : spdm_response = (void *)response;
1264 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1265 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_DECRYPT_ERROR);
1266 1 : assert_int_equal(spdm_response->header.param2, 0);
1267 1 : free(data1);
1268 1 : }
1269 :
1270 : /**
1271 : * Test 13:
1272 : * Expected behavior:
1273 : **/
1274 1 : void rsp_finish_rsp_case13(void **state)
1275 : {
1276 1 : }
1277 :
1278 : /**
1279 : * Test 14: receiving a FINISH message from the requester with an incorrect
1280 : * MAC size (only the correct first half of the MAC).
1281 : * Expected behavior: the responder refuses the FINISH message and produces
1282 : * an ERROR message indicating the InvalidRequest.
1283 : **/
1284 1 : void rsp_finish_rsp_case14(void **state)
1285 : {
1286 : libspdm_return_t status;
1287 : libspdm_test_context_t *spdm_test_context;
1288 : libspdm_context_t *spdm_context;
1289 : size_t response_size;
1290 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1291 : spdm_finish_response_t *spdm_response;
1292 : void *data1;
1293 : size_t data_size1;
1294 : uint8_t *ptr;
1295 : uint8_t *cert_buffer;
1296 : size_t cert_buffer_size;
1297 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1298 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1299 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1300 : libspdm_session_info_t *session_info;
1301 : uint32_t session_id;
1302 : uint32_t hash_size;
1303 : uint32_t hmac_size;
1304 :
1305 1 : spdm_test_context = *state;
1306 1 : spdm_context = spdm_test_context->spdm_context;
1307 1 : spdm_test_context->case_id = 0xE;
1308 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1309 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1310 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1311 1 : spdm_context->connection_info.capability.flags |=
1312 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1313 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1314 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1315 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1316 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1317 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1318 : m_libspdm_use_measurement_hash_algo;
1319 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1320 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1321 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1322 : m_libspdm_use_asym_algo, &data1,
1323 : &data_size1, NULL, NULL);
1324 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1325 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1326 :
1327 1 : libspdm_reset_message_a(spdm_context);
1328 :
1329 1 : session_id = 0xFFFFFFFF;
1330 1 : spdm_context->latest_session_id = session_id;
1331 1 : session_info = &spdm_context->session_info[0];
1332 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1333 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1334 1 : session_info->local_used_cert_chain_slot_id = 0;
1335 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1336 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1337 1 : libspdm_secured_message_set_request_finished_key(
1338 : session_info->secured_message_context, m_dummy_buffer,
1339 : hash_size);
1340 1 : libspdm_secured_message_set_session_state(
1341 : session_info->secured_message_context,
1342 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1343 :
1344 1 : spdm_context->connection_info.capability.flags |=
1345 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1346 1 : spdm_context->local_context.capability.flags |=
1347 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1348 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1349 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1350 1 : ptr = m_libspdm_finish_request1.signature;
1351 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1352 1 : cert_buffer = (uint8_t *)data1;
1353 1 : cert_buffer_size = data_size1;
1354 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1355 : /* transcript.message_a size is 0*/
1356 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1357 : /* session_transcript.message_k is 0*/
1358 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1359 : sizeof(spdm_finish_request_t));
1360 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1361 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1362 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1363 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1364 : request_finished_key, hash_size, ptr);
1365 1 : libspdm_set_mem(ptr + hmac_size/2, hmac_size/2, (uint8_t) 0x00); /* half HMAC size*/
1366 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size/2;
1367 1 : response_size = sizeof(response);
1368 1 : status = libspdm_get_response_finish(spdm_context,
1369 : m_libspdm_finish_request1_size,
1370 : &m_libspdm_finish_request1,
1371 : &response_size, response);
1372 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1373 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1374 1 : spdm_response = (void *)response;
1375 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1376 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1377 1 : assert_int_equal(spdm_response->header.param2, 0);
1378 1 : free(data1);
1379 1 : }
1380 :
1381 : /**
1382 : * Test 15: receiving a FINISH message from the requester with an incorrect
1383 : * signature (all-zero), but a correct MAC.
1384 : * Expected behavior: the responder refuses the FINISH message and produces
1385 : * an ERROR message indicating the DecryptError.
1386 : **/
1387 1 : void rsp_finish_rsp_case15(void **state)
1388 : {
1389 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1390 : libspdm_return_t status;
1391 : libspdm_test_context_t *spdm_test_context;
1392 : libspdm_context_t *spdm_context;
1393 : size_t response_size;
1394 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1395 : spdm_finish_response_t *spdm_response;
1396 : void *data1;
1397 : size_t data_size1;
1398 : void *data2;
1399 : size_t data_size2;
1400 : uint8_t *ptr;
1401 : uint8_t *cert_buffer;
1402 : size_t cert_buffer_size;
1403 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1404 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1405 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1406 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1407 : libspdm_session_info_t *session_info;
1408 : uint32_t session_id;
1409 : uint32_t hash_size;
1410 : uint32_t hmac_size;
1411 : size_t req_asym_signature_size;
1412 :
1413 1 : spdm_test_context = *state;
1414 1 : spdm_context = spdm_test_context->spdm_context;
1415 1 : spdm_test_context->case_id = 0xF;
1416 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1417 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1418 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1419 1 : spdm_context->connection_info.capability.flags |=
1420 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1421 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1422 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1423 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1424 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
1425 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1426 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1427 : m_libspdm_use_measurement_hash_algo;
1428 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1429 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1430 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1431 : m_libspdm_use_asym_algo, &data1,
1432 : &data_size1, NULL, NULL);
1433 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1434 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1435 :
1436 1 : libspdm_reset_message_a(spdm_context);
1437 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
1438 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1439 : m_libspdm_use_req_asym_algo, &data2,
1440 : &data_size2, NULL, NULL);
1441 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1442 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1443 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1444 : data2, data_size2);
1445 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
1446 : #endif
1447 :
1448 1 : session_id = 0xFFFFFFFF;
1449 1 : spdm_context->latest_session_id = session_id;
1450 1 : session_info = &spdm_context->session_info[0];
1451 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1452 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1453 1 : session_info->local_used_cert_chain_slot_id = 0;
1454 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1455 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1456 1 : libspdm_secured_message_set_request_finished_key(
1457 : session_info->secured_message_context, m_dummy_buffer,
1458 : hash_size);
1459 1 : libspdm_secured_message_set_session_state(
1460 : session_info->secured_message_context,
1461 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1462 1 : session_info->mut_auth_requested = 1;
1463 :
1464 1 : spdm_context->connection_info.capability.flags |=
1465 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1466 1 : spdm_context->local_context.capability.flags |=
1467 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1468 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1469 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1470 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1471 1 : ptr = m_libspdm_finish_request3.signature;
1472 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1473 1 : cert_buffer = (uint8_t *)data1;
1474 1 : cert_buffer_size = data_size1;
1475 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1476 1 : cert_buffer = (uint8_t *)data2;
1477 1 : cert_buffer_size = data_size2;
1478 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
1479 : /* transcript.message_a size is 0*/
1480 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1481 : /* session_transcript.message_k is 0*/
1482 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1483 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
1484 : sizeof(spdm_finish_request_t));
1485 :
1486 1 : libspdm_requester_data_sign(
1487 : spdm_context,
1488 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1489 : 0, SPDM_FINISH,
1490 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
1491 1 : false, libspdm_get_managed_buffer(&th_curr),
1492 : libspdm_get_managed_buffer_size(&th_curr),
1493 : ptr, &req_asym_signature_size);
1494 :
1495 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1496 1 : ptr += req_asym_signature_size;
1497 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1498 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1499 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1500 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1501 : request_finished_key, hash_size, ptr);
1502 1 : libspdm_set_mem(m_libspdm_finish_request3.signature,
1503 : req_asym_signature_size, (uint8_t) 0x00); /*zero signature*/
1504 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
1505 1 : req_asym_signature_size + hmac_size;
1506 1 : response_size = sizeof(response);
1507 1 : status = libspdm_get_response_finish(spdm_context,
1508 : m_libspdm_finish_request3_size,
1509 : &m_libspdm_finish_request3,
1510 : &response_size, response);
1511 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1512 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1513 1 : spdm_response = (void *)response;
1514 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1515 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_DECRYPT_ERROR);
1516 1 : assert_int_equal(spdm_response->header.param2, 0);
1517 :
1518 1 : g_key_exchange_start_mut_auth = 0;
1519 1 : free(data1);
1520 1 : free(data2);
1521 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
1522 1 : }
1523 :
1524 : /**
1525 : * Test 16: receiving a FINISH message from the requester with an incorrect
1526 : * signature (arbitrary), but a correct MAC.
1527 : * Expected behavior: the responder refuses the FINISH message and produces
1528 : * an ERROR message indicating the DecryptError.
1529 : **/
1530 1 : void rsp_finish_rsp_case16(void **state)
1531 : {
1532 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1533 : libspdm_return_t status;
1534 : libspdm_test_context_t *spdm_test_context;
1535 : libspdm_context_t *spdm_context;
1536 : size_t response_size;
1537 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1538 : spdm_finish_response_t *spdm_response;
1539 : void *data1;
1540 : size_t data_size1;
1541 : void *data2;
1542 : size_t data_size2;
1543 : uint8_t *ptr;
1544 : uint8_t *cert_buffer;
1545 : size_t cert_buffer_size;
1546 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1547 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1548 : uint8_t random_buffer[LIBSPDM_MAX_HASH_SIZE];
1549 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1550 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1551 : libspdm_session_info_t *session_info;
1552 : uint32_t session_id;
1553 : uint32_t hash_size;
1554 : uint32_t hmac_size;
1555 : size_t req_asym_signature_size;
1556 :
1557 1 : spdm_test_context = *state;
1558 1 : spdm_context = spdm_test_context->spdm_context;
1559 1 : spdm_test_context->case_id = 0x10;
1560 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1561 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1562 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1563 1 : spdm_context->connection_info.capability.flags |=
1564 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1565 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1566 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1567 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1568 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
1569 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1570 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1571 : m_libspdm_use_measurement_hash_algo;
1572 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1573 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1574 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1575 : m_libspdm_use_asym_algo, &data1,
1576 : &data_size1, NULL, NULL);
1577 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1578 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1579 :
1580 1 : libspdm_reset_message_a(spdm_context);
1581 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
1582 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1583 : m_libspdm_use_req_asym_algo, &data2,
1584 : &data_size2, NULL, NULL);
1585 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1586 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1587 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1588 : data2, data_size2);
1589 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
1590 : #endif
1591 :
1592 1 : session_id = 0xFFFFFFFF;
1593 1 : spdm_context->latest_session_id = session_id;
1594 1 : session_info = &spdm_context->session_info[0];
1595 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1596 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1597 1 : session_info->local_used_cert_chain_slot_id = 0;
1598 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1599 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1600 1 : libspdm_secured_message_set_request_finished_key(
1601 : session_info->secured_message_context, m_dummy_buffer,
1602 : hash_size);
1603 1 : libspdm_secured_message_set_session_state(
1604 : session_info->secured_message_context,
1605 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1606 1 : session_info->mut_auth_requested = 1;
1607 :
1608 1 : spdm_context->connection_info.capability.flags |=
1609 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1610 1 : spdm_context->local_context.capability.flags |=
1611 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1612 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1613 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1614 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1615 1 : ptr = m_libspdm_finish_request3.signature;
1616 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1617 1 : cert_buffer = (uint8_t *)data1;
1618 1 : cert_buffer_size = data_size1;
1619 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1620 1 : cert_buffer = (uint8_t *)data2;
1621 1 : cert_buffer_size = data_size2;
1622 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
1623 : /* transcript.message_a size is 0*/
1624 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1625 : /* session_transcript.message_k is 0*/
1626 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1627 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request3,
1628 : sizeof(spdm_finish_request_t));
1629 : /*randomize signature*/
1630 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1631 : libspdm_get_managed_buffer_size(&th_curr), random_buffer);
1632 :
1633 1 : libspdm_requester_data_sign(
1634 : spdm_context,
1635 1 : m_libspdm_finish_request3.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1636 : 0, SPDM_FINISH,
1637 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
1638 : false, random_buffer, hash_size, ptr, &req_asym_signature_size);
1639 :
1640 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1641 1 : ptr += req_asym_signature_size;
1642 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1643 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1644 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1645 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1646 : request_finished_key, hash_size, ptr);
1647 1 : m_libspdm_finish_request3_size = sizeof(spdm_finish_request_t) +
1648 1 : req_asym_signature_size + hmac_size;
1649 1 : response_size = sizeof(response);
1650 1 : status = libspdm_get_response_finish(spdm_context,
1651 : m_libspdm_finish_request3_size,
1652 : &m_libspdm_finish_request3,
1653 : &response_size, response);
1654 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1655 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1656 1 : spdm_response = (void *)response;
1657 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1658 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_DECRYPT_ERROR);
1659 1 : assert_int_equal(spdm_response->header.param2, 0);
1660 :
1661 1 : g_key_exchange_start_mut_auth = 0;
1662 1 : free(data1);
1663 1 : free(data2);
1664 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
1665 1 : }
1666 :
1667 : /**
1668 : * Test 17: receiving a correct FINISH from the requester.
1669 : * Expected behavior: the responder accepts the request and produces a valid FINISH
1670 : * response message, and buffer F receives the exchanged FINISH and FINISH_RSP messages.
1671 : **/
1672 1 : void rsp_finish_rsp_case17(void **state)
1673 : {
1674 : libspdm_return_t status;
1675 : libspdm_test_context_t *spdm_test_context;
1676 : libspdm_context_t *spdm_context;
1677 : size_t response_size;
1678 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1679 : spdm_finish_response_t *spdm_response;
1680 : void *data1;
1681 : size_t data_size1;
1682 : uint8_t *ptr;
1683 : uint8_t *cert_buffer;
1684 : size_t cert_buffer_size;
1685 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1686 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1687 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1688 : libspdm_session_info_t *session_info;
1689 : uint32_t session_id;
1690 : uint32_t hash_size;
1691 : uint32_t hmac_size;
1692 :
1693 1 : spdm_test_context = *state;
1694 1 : spdm_context = spdm_test_context->spdm_context;
1695 1 : spdm_test_context->case_id = 0x11;
1696 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1697 1 : spdm_context->connection_info.capability.flags |=
1698 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1699 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1700 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1701 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1702 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1703 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1704 : m_libspdm_use_measurement_hash_algo;
1705 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1706 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1707 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1708 : m_libspdm_use_asym_algo, &data1,
1709 : &data_size1, NULL, NULL);
1710 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1711 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1712 :
1713 1 : libspdm_reset_message_a(spdm_context);
1714 :
1715 1 : session_id = 0xFFFFFFFF;
1716 1 : spdm_context->latest_session_id = session_id;
1717 1 : session_info = &spdm_context->session_info[0];
1718 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1719 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1720 1 : session_info->local_used_cert_chain_slot_id = 0;
1721 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1722 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1723 1 : libspdm_secured_message_set_request_finished_key(
1724 : session_info->secured_message_context, m_dummy_buffer, hash_size);
1725 1 : libspdm_secured_message_set_session_state(
1726 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1727 :
1728 1 : spdm_context->connection_info.capability.flags |=
1729 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1730 1 : spdm_context->local_context.capability.flags |=
1731 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1732 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1733 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1734 1 : ptr = m_libspdm_finish_request1.signature;
1735 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1736 1 : cert_buffer = (uint8_t *)data1;
1737 1 : cert_buffer_size = data_size1;
1738 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1739 : /* transcript.message_a size is 0*/
1740 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1741 : /* session_transcript.message_k is 0*/
1742 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
1743 : sizeof(spdm_finish_request_t));
1744 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1745 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1746 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1747 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1748 : request_finished_key, hash_size, ptr);
1749 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
1750 1 : response_size = sizeof(response);
1751 1 : status = libspdm_get_response_finish(
1752 : spdm_context, m_libspdm_finish_request1_size, &m_libspdm_finish_request1,
1753 : &response_size, response);
1754 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1755 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
1756 1 : spdm_response = (void *)response;
1757 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
1758 :
1759 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1760 : assert_int_equal(spdm_context->session_info[0].session_transcript.message_f.buffer_size,
1761 : m_libspdm_finish_request1_size + response_size);
1762 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer,
1763 : &m_libspdm_finish_request1, m_libspdm_finish_request1_size);
1764 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer +
1765 : m_libspdm_finish_request1_size,
1766 : response, response_size);
1767 : #endif
1768 :
1769 1 : free(data1);
1770 1 : }
1771 :
1772 : /**
1773 : * Test 18: receiving a correct FINISH message from the requester with
1774 : * correct MAC and signature (with mutual authentication), and 'handshake in
1775 : * the clear'. The slot_id for requester mutual authentication is 0xFF.
1776 : * Expected behavior: the responder accepts the request and produces a valid
1777 : * FINISH_RSP response message.
1778 : **/
1779 1 : void rsp_finish_rsp_case18(void **state)
1780 : {
1781 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
1782 : libspdm_return_t status;
1783 : libspdm_test_context_t *spdm_test_context;
1784 : libspdm_context_t *spdm_context;
1785 : size_t response_size;
1786 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1787 : spdm_finish_response_t *spdm_response;
1788 : void *data1;
1789 : size_t data_size1;
1790 : void *data2;
1791 : size_t data_size2;
1792 : uint8_t *ptr;
1793 : uint8_t *cert_buffer;
1794 : size_t cert_buffer_size;
1795 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1796 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1797 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1798 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1799 : libspdm_session_info_t *session_info;
1800 : uint32_t session_id;
1801 : uint32_t hash_size;
1802 : uint32_t hmac_size;
1803 : size_t req_asym_signature_size;
1804 :
1805 1 : spdm_test_context = *state;
1806 1 : spdm_context = spdm_test_context->spdm_context;
1807 1 : spdm_test_context->case_id = 0x12;
1808 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1809 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1810 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1811 1 : spdm_context->connection_info.capability.flags |=
1812 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1813 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1814 1 : spdm_context->connection_info.capability.flags |=
1815 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP;
1816 1 : spdm_context->local_context.capability.flags |=
1817 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PUB_KEY_ID_CAP;
1818 1 : spdm_context->connection_info.capability.flags |=
1819 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
1820 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1821 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1822 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
1823 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1824 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1825 1 : libspdm_read_responder_public_key(m_libspdm_use_asym_algo, &data1, &data_size1);
1826 1 : spdm_context->local_context.local_public_key_provision = data1;
1827 1 : spdm_context->local_context.local_public_key_provision_size = data_size1;
1828 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
1829 1 : libspdm_read_requester_public_key(m_libspdm_use_req_asym_algo, &data2, &data_size2);
1830 1 : spdm_context->local_context.peer_public_key_provision = data2;
1831 1 : spdm_context->local_context.peer_public_key_provision_size = data_size2;
1832 :
1833 1 : spdm_context->encap_context.req_slot_id = 0xFF;
1834 :
1835 1 : libspdm_reset_message_a(spdm_context);
1836 :
1837 1 : session_id = 0xFFFFFFFF;
1838 1 : spdm_context->latest_session_id = session_id;
1839 1 : session_info = &spdm_context->session_info[0];
1840 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1841 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1842 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1843 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1844 1 : libspdm_secured_message_set_request_finished_key(
1845 : session_info->secured_message_context, m_dummy_buffer,
1846 : hash_size);
1847 1 : libspdm_secured_message_set_session_state(
1848 : session_info->secured_message_context,
1849 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1850 1 : session_info->mut_auth_requested = 1;
1851 1 : session_info->local_used_cert_chain_slot_id = 0xFF;
1852 1 : session_info->peer_used_cert_chain_slot_id = 0xFF;
1853 :
1854 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1855 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1856 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
1857 1 : ptr = m_libspdm_finish_request4.signature;
1858 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1859 1 : cert_buffer = (uint8_t *)data1;
1860 1 : cert_buffer_size = data_size1;
1861 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
1862 1 : cert_buffer = (uint8_t *)data2;
1863 1 : cert_buffer_size = data_size2;
1864 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
1865 : /* transcript.message_a size is 0*/
1866 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
1867 : /* session_transcript.message_k is 0*/
1868 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
1869 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request4,
1870 : sizeof(spdm_finish_request_t));
1871 :
1872 1 : libspdm_requester_data_sign(
1873 : spdm_context,
1874 1 : m_libspdm_finish_request4.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
1875 : 0, SPDM_FINISH,
1876 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
1877 1 : false, libspdm_get_managed_buffer(&th_curr),
1878 : libspdm_get_managed_buffer_size(&th_curr),
1879 : ptr, &req_asym_signature_size);
1880 :
1881 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
1882 1 : ptr += req_asym_signature_size;
1883 :
1884 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1885 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1886 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1887 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1888 : request_finished_key, hash_size, ptr);
1889 1 : m_libspdm_finish_request4_size = sizeof(spdm_finish_request_t) +
1890 1 : req_asym_signature_size + hmac_size;
1891 1 : response_size = sizeof(response);
1892 1 : status = libspdm_get_response_finish(spdm_context,
1893 : m_libspdm_finish_request4_size,
1894 : &m_libspdm_finish_request4,
1895 : &response_size, response);
1896 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1897 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
1898 1 : spdm_response = (void *)response;
1899 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
1900 :
1901 1 : g_key_exchange_start_mut_auth = 0;
1902 1 : free(data1);
1903 1 : free(data2);
1904 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
1905 1 : }
1906 :
1907 : /**
1908 : * Test 19: receiving a invalid FINISH request message, enable mutual authentication without using the encapsulated request flow,
1909 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
1910 : * SlotID in FINISH request message is 10, but it shall be 0xFF or between 0 and 7 inclusive.
1911 : * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
1912 : **/
1913 1 : void rsp_finish_rsp_case19(void **state)
1914 : {
1915 : libspdm_return_t status;
1916 : libspdm_test_context_t *spdm_test_context;
1917 : libspdm_context_t *spdm_context;
1918 : size_t response_size;
1919 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1920 : spdm_finish_response_t *spdm_response;
1921 : void *data1;
1922 : size_t data_size1;
1923 : void *data2;
1924 : size_t data_size2;
1925 : uint8_t *ptr;
1926 : uint8_t *cert_buffer;
1927 : size_t cert_buffer_size;
1928 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1929 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
1930 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1931 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1932 : libspdm_session_info_t *session_info;
1933 : uint32_t session_id;
1934 : uint32_t hash_size;
1935 : uint32_t hmac_size;
1936 : size_t req_asym_signature_size;
1937 :
1938 1 : spdm_test_context = *state;
1939 1 : spdm_context = spdm_test_context->spdm_context;
1940 1 : spdm_test_context->case_id = 0x13;
1941 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1942 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1943 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1944 1 : spdm_context->connection_info.capability.flags |=
1945 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
1946 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
1947 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1948 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1949 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
1950 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1951 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1952 : m_libspdm_use_measurement_hash_algo;
1953 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1954 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1955 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1956 : m_libspdm_use_asym_algo, &data1,
1957 : &data_size1, NULL, NULL);
1958 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1959 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1960 :
1961 1 : libspdm_reset_message_a(spdm_context);
1962 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
1963 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
1964 : m_libspdm_use_req_asym_algo, &data2,
1965 : &data_size2, NULL, NULL);
1966 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1967 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
1968 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
1969 : data2, data_size2);
1970 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
1971 : #else
1972 1 : libspdm_hash_all(
1973 : spdm_context->connection_info.algorithm.base_hash_algo,
1974 : data2, data_size2,
1975 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
1976 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
1977 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
1978 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
1979 : spdm_context->connection_info.algorithm.base_hash_algo,
1980 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
1981 : data2,
1982 : data_size2,
1983 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
1984 : #endif
1985 :
1986 1 : session_id = 0xFFFFFFFF;
1987 1 : spdm_context->latest_session_id = session_id;
1988 1 : session_info = &spdm_context->session_info[0];
1989 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1990 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
1991 1 : session_info->peer_used_cert_chain_slot_id = 0;
1992 1 : session_info->local_used_cert_chain_slot_id = 0;
1993 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1994 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
1995 1 : libspdm_secured_message_set_request_finished_key(
1996 : session_info->secured_message_context, m_dummy_buffer,
1997 : hash_size);
1998 1 : libspdm_secured_message_set_session_state(
1999 : session_info->secured_message_context,
2000 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2001 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2002 :
2003 1 : spdm_context->connection_info.capability.flags |=
2004 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2005 1 : spdm_context->local_context.capability.flags |=
2006 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2007 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2008 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2009 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2010 1 : ptr = m_libspdm_finish_request5.signature;
2011 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2012 1 : cert_buffer = (uint8_t *)data1;
2013 1 : cert_buffer_size = data_size1;
2014 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2015 1 : cert_buffer = (uint8_t *)data2;
2016 1 : cert_buffer_size = data_size2;
2017 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2018 : /* transcript.message_a size is 0*/
2019 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2020 : /* session_transcript.message_k is 0*/
2021 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2022 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request5,
2023 : sizeof(spdm_finish_request_t));
2024 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2025 1 : libspdm_requester_data_sign(
2026 : spdm_context,
2027 1 : m_libspdm_finish_request5.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2028 : 0, SPDM_FINISH,
2029 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2030 1 : false, libspdm_get_managed_buffer(&th_curr),
2031 : libspdm_get_managed_buffer_size(&th_curr),
2032 : ptr, &req_asym_signature_size);
2033 : #endif
2034 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2035 1 : ptr += req_asym_signature_size;
2036 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2037 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2038 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2039 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2040 : request_finished_key, hash_size, ptr);
2041 1 : m_libspdm_finish_request5_size = sizeof(spdm_finish_request_t) +
2042 1 : req_asym_signature_size + hmac_size;
2043 1 : response_size = sizeof(response);
2044 1 : status = libspdm_get_response_finish(spdm_context,
2045 : m_libspdm_finish_request5_size,
2046 : &m_libspdm_finish_request5,
2047 : &response_size, response);
2048 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2049 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2050 1 : spdm_response = (void *)response;
2051 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
2052 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
2053 1 : assert_int_equal(spdm_response->header.param2, 0);
2054 :
2055 1 : g_key_exchange_start_mut_auth = 0;
2056 1 : free(data1);
2057 1 : free(data2);
2058 1 : }
2059 :
2060 : /**
2061 : * Test 20: receiving a invalid FINISH request message, enable mutual authentication with using the encapsulated request flow,
2062 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x02.
2063 : * SlotID in FINISH request message is 3, but it shall match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
2064 : * Expected behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST.
2065 : **/
2066 1 : void rsp_finish_rsp_case20(void **state)
2067 : {
2068 : libspdm_return_t status;
2069 : libspdm_test_context_t *spdm_test_context;
2070 : libspdm_context_t *spdm_context;
2071 : size_t response_size;
2072 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2073 : spdm_finish_response_t *spdm_response;
2074 : void *data1;
2075 : size_t data_size1;
2076 : void *data2;
2077 : size_t data_size2;
2078 : uint8_t *ptr;
2079 : uint8_t *cert_buffer;
2080 : size_t cert_buffer_size;
2081 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2082 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2083 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2084 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2085 : libspdm_session_info_t *session_info;
2086 : uint32_t session_id;
2087 : uint32_t hash_size;
2088 : uint32_t hmac_size;
2089 : size_t req_asym_signature_size;
2090 :
2091 1 : spdm_test_context = *state;
2092 1 : spdm_context = spdm_test_context->spdm_context;
2093 1 : spdm_test_context->case_id = 0x14;
2094 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2095 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2096 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2097 1 : spdm_context->connection_info.capability.flags |=
2098 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2099 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2100 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2101 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2102 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
2103 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2104 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2105 : m_libspdm_use_measurement_hash_algo;
2106 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2107 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2108 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2109 : m_libspdm_use_asym_algo, &data1,
2110 : &data_size1, NULL, NULL);
2111 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2112 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2113 :
2114 1 : libspdm_reset_message_a(spdm_context);
2115 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
2116 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2117 : m_libspdm_use_req_asym_algo, &data2,
2118 : &data_size2, NULL, NULL);
2119 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2120 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2121 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2122 : data2, data_size2);
2123 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2124 : #else
2125 1 : libspdm_hash_all(
2126 : spdm_context->connection_info.algorithm.base_hash_algo,
2127 : data2, data_size2,
2128 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2129 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2130 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2131 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2132 : spdm_context->connection_info.algorithm.base_hash_algo,
2133 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2134 : data2,
2135 : data_size2,
2136 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2137 : #endif
2138 :
2139 1 : session_id = 0xFFFFFFFF;
2140 1 : spdm_context->latest_session_id = session_id;
2141 1 : session_info = &spdm_context->session_info[0];
2142 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2143 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2144 1 : session_info->peer_used_cert_chain_slot_id = 0;
2145 1 : session_info->local_used_cert_chain_slot_id = 0;
2146 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2147 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2148 1 : libspdm_secured_message_set_request_finished_key(
2149 : session_info->secured_message_context, m_dummy_buffer,
2150 : hash_size);
2151 1 : libspdm_secured_message_set_session_state(
2152 : session_info->secured_message_context,
2153 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2154 1 : session_info->mut_auth_requested =
2155 : SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST;
2156 :
2157 1 : spdm_context->connection_info.capability.flags |=
2158 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2159 1 : spdm_context->local_context.capability.flags |=
2160 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2161 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2162 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2163 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2164 1 : ptr = m_libspdm_finish_request7.signature;
2165 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2166 1 : cert_buffer = (uint8_t *)data1;
2167 1 : cert_buffer_size = data_size1;
2168 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2169 1 : cert_buffer = (uint8_t *)data2;
2170 1 : cert_buffer_size = data_size2;
2171 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2172 : /* transcript.message_a size is 0*/
2173 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2174 : /* session_transcript.message_k is 0*/
2175 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2176 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
2177 : sizeof(spdm_finish_request_t));
2178 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2179 1 : libspdm_requester_data_sign(
2180 : spdm_context,
2181 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2182 : 0, SPDM_FINISH,
2183 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2184 1 : false, libspdm_get_managed_buffer(&th_curr),
2185 : libspdm_get_managed_buffer_size(&th_curr),
2186 : ptr, &req_asym_signature_size);
2187 : #endif
2188 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2189 1 : ptr += req_asym_signature_size;
2190 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2191 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2192 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2193 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2194 : request_finished_key, hash_size, ptr);
2195 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2196 1 : req_asym_signature_size + hmac_size;
2197 1 : response_size = sizeof(response);
2198 1 : status = libspdm_get_response_finish(spdm_context,
2199 : m_libspdm_finish_request7_size,
2200 : &m_libspdm_finish_request7,
2201 : &response_size, response);
2202 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2203 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2204 1 : spdm_response = (void *)response;
2205 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
2206 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
2207 1 : assert_int_equal(spdm_response->header.param2, 0);
2208 :
2209 1 : g_key_exchange_start_mut_auth = 0;
2210 1 : free(data1);
2211 1 : free(data2);
2212 1 : }
2213 :
2214 : /**
2215 : * Test 21: receiving a valid FINISH request message, due to disable mutual authentication,
2216 : * although SlotID in FINISH request message is 10, it shall be ignored when read.
2217 : * Expected behavior: the responder accepts the request and produces a valid
2218 : * FINISH_RSP response message.
2219 : **/
2220 1 : void rsp_finish_rsp_case21(void **state)
2221 : {
2222 : libspdm_return_t status;
2223 : libspdm_test_context_t *spdm_test_context;
2224 : libspdm_context_t *spdm_context;
2225 : size_t response_size;
2226 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2227 : spdm_finish_response_t *spdm_response;
2228 : void *data1;
2229 : size_t data_size1;
2230 : uint8_t *ptr;
2231 : uint8_t *cert_buffer;
2232 : size_t cert_buffer_size;
2233 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2234 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2235 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2236 : libspdm_session_info_t *session_info;
2237 : uint32_t session_id;
2238 : uint32_t hash_size;
2239 : uint32_t hmac_size;
2240 :
2241 1 : spdm_test_context = *state;
2242 1 : spdm_context = spdm_test_context->spdm_context;
2243 1 : spdm_test_context->case_id = 0x15;
2244 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2245 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2246 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2247 1 : spdm_context->connection_info.capability.flags |=
2248 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2249 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2250 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2251 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2252 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2253 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2254 : m_libspdm_use_measurement_hash_algo;
2255 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2256 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2257 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2258 : m_libspdm_use_asym_algo, &data1,
2259 : &data_size1, NULL, NULL);
2260 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2261 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2262 :
2263 1 : libspdm_reset_message_a(spdm_context);
2264 :
2265 1 : session_id = 0xFFFFFFFF;
2266 1 : spdm_context->latest_session_id = session_id;
2267 1 : session_info = &spdm_context->session_info[0];
2268 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2269 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2270 1 : session_info->local_used_cert_chain_slot_id = 0;
2271 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2272 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2273 1 : libspdm_secured_message_set_request_finished_key(
2274 : session_info->secured_message_context, m_dummy_buffer,
2275 : hash_size);
2276 1 : libspdm_secured_message_set_session_state(
2277 : session_info->secured_message_context,
2278 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2279 1 : session_info->mut_auth_requested = 0;
2280 :
2281 1 : spdm_context->connection_info.capability.flags |=
2282 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2283 1 : spdm_context->local_context.capability.flags |=
2284 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2285 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2286 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2287 1 : ptr = m_libspdm_finish_request6.signature;
2288 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2289 1 : cert_buffer = (uint8_t *)data1;
2290 1 : cert_buffer_size = data_size1;
2291 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2292 : /* transcript.message_a size is 0*/
2293 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2294 : /* session_transcript.message_k is 0*/
2295 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request6,
2296 : sizeof(spdm_finish_request_t));
2297 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2298 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2299 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2300 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2301 : request_finished_key, hash_size, ptr);
2302 1 : m_libspdm_finish_request6_size = sizeof(spdm_finish_request_t) + hmac_size;
2303 1 : response_size = sizeof(response);
2304 1 : status = libspdm_get_response_finish(spdm_context,
2305 : m_libspdm_finish_request6_size,
2306 : &m_libspdm_finish_request6,
2307 : &response_size, response);
2308 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2309 1 : spdm_response = (void *)response;
2310 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
2311 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
2312 1 : free(data1);
2313 1 : }
2314 :
2315 : /**
2316 : * Test 22: receiving a valid FINISH request message, enable mutual authentication without using the encapsulated request flow,
2317 : * that is KEY_EXCHANGE_RSP.MutAuthRequested equals 0x01.
2318 : * although SlotID in FINISH request message is 3, it no need match the value 0 in final ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest.
2319 : * Expected behavior: the responder accepts the request and produces a valid
2320 : * FINISH_RSP response message.
2321 : **/
2322 1 : void rsp_finish_rsp_case22(void **state)
2323 : {
2324 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2325 : libspdm_return_t status;
2326 : libspdm_test_context_t *spdm_test_context;
2327 : libspdm_context_t *spdm_context;
2328 : size_t response_size;
2329 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2330 : spdm_finish_response_t *spdm_response;
2331 : void *data1;
2332 : size_t data_size1;
2333 : void *data2;
2334 : size_t data_size2;
2335 : uint8_t *ptr;
2336 : uint8_t *cert_buffer;
2337 : size_t cert_buffer_size;
2338 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2339 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2340 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2341 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2342 : libspdm_session_info_t *session_info;
2343 : uint32_t session_id;
2344 : uint32_t hash_size;
2345 : uint32_t hmac_size;
2346 : size_t req_asym_signature_size;
2347 :
2348 1 : spdm_test_context = *state;
2349 1 : spdm_context = spdm_test_context->spdm_context;
2350 1 : spdm_test_context->case_id = 0x16;
2351 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2352 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2353 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2354 1 : spdm_context->connection_info.capability.flags |=
2355 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2356 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2357 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2358 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2359 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
2360 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2361 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2362 : m_libspdm_use_measurement_hash_algo;
2363 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2364 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2365 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2366 : m_libspdm_use_asym_algo, &data1,
2367 : &data_size1, NULL, NULL);
2368 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2369 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2370 :
2371 1 : libspdm_reset_message_a(spdm_context);
2372 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2373 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2374 : m_libspdm_use_req_asym_algo, &data2,
2375 : &data_size2, NULL, NULL);
2376 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2377 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2378 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2379 : data2, data_size2);
2380 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2381 : #else
2382 1 : libspdm_hash_all(
2383 : spdm_context->connection_info.algorithm.base_hash_algo,
2384 : data2, data_size2,
2385 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2386 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2387 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2388 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2389 : spdm_context->connection_info.algorithm.base_hash_algo,
2390 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2391 : data2,
2392 : data_size2,
2393 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2394 : #endif
2395 :
2396 1 : session_id = 0xFFFFFFFF;
2397 1 : spdm_context->latest_session_id = session_id;
2398 1 : session_info = &spdm_context->session_info[0];
2399 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2400 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2401 1 : session_info->peer_used_cert_chain_slot_id = 0;
2402 1 : session_info->local_used_cert_chain_slot_id = 0;
2403 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2404 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2405 1 : libspdm_secured_message_set_request_finished_key(
2406 : session_info->secured_message_context, m_dummy_buffer,
2407 : hash_size);
2408 1 : libspdm_secured_message_set_session_state(
2409 : session_info->secured_message_context,
2410 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2411 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2412 :
2413 1 : spdm_context->connection_info.capability.flags |=
2414 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2415 1 : spdm_context->local_context.capability.flags |=
2416 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2417 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2418 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2419 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2420 1 : ptr = m_libspdm_finish_request7.signature;
2421 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2422 1 : cert_buffer = (uint8_t *)data1;
2423 1 : cert_buffer_size = data_size1;
2424 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2425 1 : cert_buffer = (uint8_t *)data2;
2426 1 : cert_buffer_size = data_size2;
2427 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2428 : /* transcript.message_a size is 0*/
2429 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2430 : /* session_transcript.message_k is 0*/
2431 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2432 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request7,
2433 : sizeof(spdm_finish_request_t));
2434 :
2435 1 : libspdm_requester_data_sign(
2436 : spdm_context,
2437 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2438 : 0, SPDM_FINISH,
2439 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2440 1 : false, libspdm_get_managed_buffer(&th_curr),
2441 : libspdm_get_managed_buffer_size(&th_curr),
2442 : ptr, &req_asym_signature_size);
2443 :
2444 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2445 1 : ptr += req_asym_signature_size;
2446 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2447 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2448 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2449 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2450 : request_finished_key, hash_size, ptr);
2451 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2452 1 : req_asym_signature_size + hmac_size;
2453 1 : response_size = sizeof(response);
2454 1 : status = libspdm_get_response_finish(spdm_context,
2455 : m_libspdm_finish_request7_size,
2456 : &m_libspdm_finish_request7,
2457 : &response_size, response);
2458 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2459 1 : spdm_response = (void *)response;
2460 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
2461 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
2462 :
2463 1 : g_key_exchange_start_mut_auth = 0;
2464 1 : free(data1);
2465 1 : free(data2);
2466 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
2467 1 : }
2468 :
2469 : /**
2470 : * Test 23: Same as test case 22 but test signature endianness.
2471 : * Big-Endian Sign. Little-Endian Verify.
2472 : * Expecting signature to fail.
2473 : **/
2474 1 : void rsp_finish_rsp_case23(void** state)
2475 : {
2476 : libspdm_return_t status;
2477 : libspdm_test_context_t* spdm_test_context;
2478 : libspdm_context_t* spdm_context;
2479 : size_t response_size;
2480 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2481 : spdm_finish_response_t* spdm_response;
2482 : void* data1;
2483 : size_t data_size1;
2484 : void* data2;
2485 : size_t data_size2;
2486 : uint8_t* ptr;
2487 : uint8_t* cert_buffer;
2488 : size_t cert_buffer_size;
2489 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2490 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2491 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2492 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2493 : libspdm_session_info_t* session_info;
2494 : uint32_t session_id;
2495 : uint32_t hash_size;
2496 : uint32_t hmac_size;
2497 : size_t req_asym_signature_size;
2498 :
2499 1 : spdm_test_context = *state;
2500 1 : spdm_context = spdm_test_context->spdm_context;
2501 1 : spdm_test_context->case_id = 23;
2502 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2503 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2504 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2505 1 : spdm_context->connection_info.capability.flags |=
2506 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2507 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2508 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2509 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2510 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
2511 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2512 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2513 : m_libspdm_use_measurement_hash_algo;
2514 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2515 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2516 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2517 : m_libspdm_use_asym_algo, &data1,
2518 : &data_size1, NULL, NULL);
2519 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2520 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2521 1 : spdm_context->spdm_10_11_verify_signature_endian =
2522 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
2523 :
2524 1 : libspdm_reset_message_a(spdm_context);
2525 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2526 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2527 : m_libspdm_use_req_asym_algo, &data2,
2528 : &data_size2, NULL, NULL);
2529 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2530 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2531 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2532 : data2, data_size2);
2533 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2534 : #else
2535 1 : libspdm_hash_all(
2536 : spdm_context->connection_info.algorithm.base_hash_algo,
2537 : data2, data_size2,
2538 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2539 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2540 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2541 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2542 : spdm_context->connection_info.algorithm.base_hash_algo,
2543 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2544 : data2,
2545 : data_size2,
2546 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2547 : #endif
2548 :
2549 1 : session_id = 0xFFFFFFFF;
2550 1 : spdm_context->latest_session_id = session_id;
2551 1 : session_info = &spdm_context->session_info[0];
2552 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2553 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2554 1 : session_info->peer_used_cert_chain_slot_id = 0;
2555 1 : session_info->local_used_cert_chain_slot_id = 0;
2556 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2557 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2558 1 : libspdm_secured_message_set_request_finished_key(
2559 : session_info->secured_message_context, m_dummy_buffer,
2560 : hash_size);
2561 1 : libspdm_secured_message_set_session_state(
2562 : session_info->secured_message_context,
2563 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2564 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2565 :
2566 1 : spdm_context->connection_info.capability.flags |=
2567 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2568 1 : spdm_context->local_context.capability.flags |=
2569 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2570 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2571 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2572 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2573 1 : ptr = m_libspdm_finish_request7.signature;
2574 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2575 1 : cert_buffer = (uint8_t*)data1;
2576 1 : cert_buffer_size = data_size1;
2577 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2578 1 : cert_buffer = (uint8_t*)data2;
2579 1 : cert_buffer_size = data_size2;
2580 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2581 : /* transcript.message_a size is 0*/
2582 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2583 : /* session_transcript.message_k is 0*/
2584 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2585 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
2586 : sizeof(spdm_finish_request_t));
2587 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2588 1 : libspdm_requester_data_sign(
2589 : spdm_context,
2590 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2591 : 0, SPDM_FINISH,
2592 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2593 1 : false, libspdm_get_managed_buffer(&th_curr),
2594 : libspdm_get_managed_buffer_size(&th_curr),
2595 : ptr, &req_asym_signature_size);
2596 : #endif
2597 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2598 1 : ptr += req_asym_signature_size;
2599 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2600 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2601 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2602 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2603 : request_finished_key, hash_size, ptr);
2604 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2605 1 : req_asym_signature_size + hmac_size;
2606 1 : response_size = sizeof(response);
2607 1 : status = libspdm_get_response_finish(spdm_context,
2608 : m_libspdm_finish_request7_size,
2609 : &m_libspdm_finish_request7,
2610 : &response_size, response);
2611 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2612 1 : spdm_response = (void*)response;
2613 :
2614 : /* Expecting failure on little-endian signature */
2615 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
2616 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2617 :
2618 1 : g_key_exchange_start_mut_auth = 0;
2619 1 : free(data1);
2620 1 : free(data2);
2621 1 : }
2622 :
2623 : /**
2624 : * Test 24: Same as test case 22 but test signature endianness.
2625 : * Big-Endian Sign. Big-Endian Verify.
2626 : * Expecting signature to PASS.
2627 : **/
2628 1 : void rsp_finish_rsp_case24(void** state)
2629 : {
2630 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2631 : libspdm_return_t status;
2632 : libspdm_test_context_t* spdm_test_context;
2633 : libspdm_context_t* spdm_context;
2634 : size_t response_size;
2635 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2636 : spdm_finish_response_t* spdm_response;
2637 : void* data1;
2638 : size_t data_size1;
2639 : void* data2;
2640 : size_t data_size2;
2641 : uint8_t* ptr;
2642 : uint8_t* cert_buffer;
2643 : size_t cert_buffer_size;
2644 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2645 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2646 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2647 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2648 : libspdm_session_info_t* session_info;
2649 : uint32_t session_id;
2650 : uint32_t hash_size;
2651 : uint32_t hmac_size;
2652 : size_t req_asym_signature_size;
2653 :
2654 1 : spdm_test_context = *state;
2655 1 : spdm_context = spdm_test_context->spdm_context;
2656 1 : spdm_test_context->case_id = 24;
2657 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2658 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2659 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2660 1 : spdm_context->connection_info.capability.flags |=
2661 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2662 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2663 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2664 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2665 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
2666 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2667 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2668 : m_libspdm_use_measurement_hash_algo;
2669 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2670 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2671 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2672 : m_libspdm_use_asym_algo, &data1,
2673 : &data_size1, NULL, NULL);
2674 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2675 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2676 1 : spdm_context->spdm_10_11_verify_signature_endian =
2677 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
2678 :
2679 1 : libspdm_reset_message_a(spdm_context);
2680 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2681 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2682 : m_libspdm_use_req_asym_algo, &data2,
2683 : &data_size2, NULL, NULL);
2684 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2685 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2686 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2687 : data2, data_size2);
2688 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2689 : #else
2690 1 : libspdm_hash_all(
2691 : spdm_context->connection_info.algorithm.base_hash_algo,
2692 : data2, data_size2,
2693 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2694 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2695 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2696 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2697 : spdm_context->connection_info.algorithm.base_hash_algo,
2698 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2699 : data2,
2700 : data_size2,
2701 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2702 : #endif
2703 :
2704 1 : session_id = 0xFFFFFFFF;
2705 1 : spdm_context->latest_session_id = session_id;
2706 1 : session_info = &spdm_context->session_info[0];
2707 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2708 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2709 1 : session_info->peer_used_cert_chain_slot_id = 0;
2710 1 : session_info->local_used_cert_chain_slot_id = 0;
2711 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2712 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2713 1 : libspdm_secured_message_set_request_finished_key(
2714 : session_info->secured_message_context, m_dummy_buffer,
2715 : hash_size);
2716 1 : libspdm_secured_message_set_session_state(
2717 : session_info->secured_message_context,
2718 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2719 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2720 :
2721 1 : spdm_context->connection_info.capability.flags |=
2722 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2723 1 : spdm_context->local_context.capability.flags |=
2724 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2725 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2726 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2727 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2728 1 : ptr = m_libspdm_finish_request7.signature;
2729 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2730 1 : cert_buffer = (uint8_t*)data1;
2731 1 : cert_buffer_size = data_size1;
2732 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2733 1 : cert_buffer = (uint8_t*)data2;
2734 1 : cert_buffer_size = data_size2;
2735 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2736 : /* transcript.message_a size is 0*/
2737 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2738 : /* session_transcript.message_k is 0*/
2739 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2740 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
2741 : sizeof(spdm_finish_request_t));
2742 :
2743 1 : libspdm_requester_data_sign(
2744 : spdm_context,
2745 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2746 : 0, SPDM_FINISH,
2747 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2748 1 : false, libspdm_get_managed_buffer(&th_curr),
2749 : libspdm_get_managed_buffer_size(&th_curr),
2750 : ptr, &req_asym_signature_size);
2751 :
2752 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2753 1 : ptr += req_asym_signature_size;
2754 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2755 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2756 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2757 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2758 : request_finished_key, hash_size, ptr);
2759 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2760 1 : req_asym_signature_size + hmac_size;
2761 1 : response_size = sizeof(response);
2762 1 : status = libspdm_get_response_finish(spdm_context,
2763 : m_libspdm_finish_request7_size,
2764 : &m_libspdm_finish_request7,
2765 : &response_size, response);
2766 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2767 1 : spdm_response = (void*)response;
2768 :
2769 : /* Expecting pass on big-endian signature */
2770 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
2771 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
2772 :
2773 1 : g_key_exchange_start_mut_auth = 0;
2774 1 : free(data1);
2775 1 : free(data2);
2776 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
2777 1 : }
2778 :
2779 : /**
2780 : * Test 25: Same as test case 22, but test signature endianness.
2781 : * Big Endian Sign. Big or Little Endian Verify.
2782 : * Expecting signature to PASS.
2783 : **/
2784 1 : void rsp_finish_rsp_case25(void** state)
2785 : {
2786 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2787 : libspdm_return_t status;
2788 : libspdm_test_context_t* spdm_test_context;
2789 : libspdm_context_t* spdm_context;
2790 : size_t response_size;
2791 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2792 : spdm_finish_response_t* spdm_response;
2793 : void* data1;
2794 : size_t data_size1;
2795 : void* data2;
2796 : size_t data_size2;
2797 : uint8_t* ptr;
2798 : uint8_t* cert_buffer;
2799 : size_t cert_buffer_size;
2800 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2801 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2802 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2803 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2804 : libspdm_session_info_t* session_info;
2805 : uint32_t session_id;
2806 : uint32_t hash_size;
2807 : uint32_t hmac_size;
2808 : size_t req_asym_signature_size;
2809 :
2810 1 : spdm_test_context = *state;
2811 1 : spdm_context = spdm_test_context->spdm_context;
2812 1 : spdm_test_context->case_id = 25;
2813 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2814 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2815 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2816 1 : spdm_context->connection_info.capability.flags |=
2817 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2818 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2819 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2820 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2821 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
2822 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2823 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2824 : m_libspdm_use_measurement_hash_algo;
2825 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2826 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2827 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2828 : m_libspdm_use_asym_algo, &data1,
2829 : &data_size1, NULL, NULL);
2830 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2831 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2832 1 : spdm_context->spdm_10_11_verify_signature_endian =
2833 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE;
2834 :
2835 1 : libspdm_reset_message_a(spdm_context);
2836 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2837 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2838 : m_libspdm_use_req_asym_algo, &data2,
2839 : &data_size2, NULL, NULL);
2840 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2841 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2842 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2843 : data2, data_size2);
2844 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2845 : #else
2846 1 : libspdm_hash_all(
2847 : spdm_context->connection_info.algorithm.base_hash_algo,
2848 : data2, data_size2,
2849 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
2850 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
2851 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
2852 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
2853 : spdm_context->connection_info.algorithm.base_hash_algo,
2854 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
2855 : data2,
2856 : data_size2,
2857 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
2858 : #endif
2859 :
2860 1 : session_id = 0xFFFFFFFF;
2861 1 : spdm_context->latest_session_id = session_id;
2862 1 : session_info = &spdm_context->session_info[0];
2863 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
2864 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
2865 1 : session_info->peer_used_cert_chain_slot_id = 0;
2866 1 : session_info->local_used_cert_chain_slot_id = 0;
2867 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2868 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
2869 1 : libspdm_secured_message_set_request_finished_key(
2870 : session_info->secured_message_context, m_dummy_buffer,
2871 : hash_size);
2872 1 : libspdm_secured_message_set_session_state(
2873 : session_info->secured_message_context,
2874 : LIBSPDM_SESSION_STATE_HANDSHAKING);
2875 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2876 :
2877 1 : spdm_context->connection_info.capability.flags |=
2878 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2879 1 : spdm_context->local_context.capability.flags |=
2880 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
2881 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2882 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
2883 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
2884 1 : ptr = m_libspdm_finish_request7.signature;
2885 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
2886 1 : cert_buffer = (uint8_t*)data1;
2887 1 : cert_buffer_size = data_size1;
2888 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
2889 1 : cert_buffer = (uint8_t*)data2;
2890 1 : cert_buffer_size = data_size2;
2891 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
2892 : /* transcript.message_a size is 0*/
2893 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
2894 : /* session_transcript.message_k is 0*/
2895 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
2896 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
2897 : sizeof(spdm_finish_request_t));
2898 :
2899 1 : libspdm_requester_data_sign(
2900 : spdm_context,
2901 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
2902 : 0, SPDM_FINISH,
2903 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
2904 1 : false, libspdm_get_managed_buffer(&th_curr),
2905 : libspdm_get_managed_buffer_size(&th_curr),
2906 : ptr, &req_asym_signature_size);
2907 :
2908 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
2909 1 : ptr += req_asym_signature_size;
2910 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
2911 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
2912 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
2913 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
2914 : request_finished_key, hash_size, ptr);
2915 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
2916 1 : req_asym_signature_size + hmac_size;
2917 1 : response_size = sizeof(response);
2918 1 : status = libspdm_get_response_finish(spdm_context,
2919 : m_libspdm_finish_request7_size,
2920 : &m_libspdm_finish_request7,
2921 : &response_size, response);
2922 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2923 1 : spdm_response = (void*)response;
2924 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
2925 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
2926 :
2927 1 : g_key_exchange_start_mut_auth = 0;
2928 1 : free(data1);
2929 1 : free(data2);
2930 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
2931 1 : }
2932 :
2933 : /**
2934 : * Test 26: Same as test case 22, but test endian verification.
2935 : * Sign as Little Endian, Verify as Little.
2936 : * Expecting signature to PASS.
2937 : **/
2938 1 : void rsp_finish_rsp_case26(void** state)
2939 : {
2940 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
2941 : libspdm_return_t status;
2942 : libspdm_test_context_t* spdm_test_context;
2943 : libspdm_context_t* spdm_context;
2944 : size_t response_size;
2945 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2946 : spdm_finish_response_t* spdm_response;
2947 : void* data1;
2948 : size_t data_size1;
2949 : void* data2;
2950 : size_t data_size2;
2951 : uint8_t* ptr;
2952 : uint8_t* cert_buffer;
2953 : size_t cert_buffer_size;
2954 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2955 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
2956 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
2957 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
2958 : libspdm_session_info_t* session_info;
2959 : uint32_t session_id;
2960 : uint32_t hash_size;
2961 : uint32_t hmac_size;
2962 : size_t req_asym_signature_size;
2963 :
2964 1 : spdm_test_context = *state;
2965 1 : spdm_context = spdm_test_context->spdm_context;
2966 1 : spdm_test_context->case_id = 26;
2967 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2968 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2969 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
2970 1 : spdm_context->connection_info.capability.flags |=
2971 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
2972 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
2973 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
2974 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
2975 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
2976 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
2977 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
2978 : m_libspdm_use_measurement_hash_algo;
2979 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
2980 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
2981 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
2982 : m_libspdm_use_asym_algo, &data1,
2983 : &data_size1, NULL, NULL);
2984 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
2985 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
2986 1 : spdm_context->spdm_10_11_verify_signature_endian =
2987 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
2988 :
2989 1 : libspdm_reset_message_a(spdm_context);
2990 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
2991 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
2992 : m_libspdm_use_req_asym_algo, &data2,
2993 : &data_size2, NULL, NULL);
2994 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
2995 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
2996 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
2997 : data2, data_size2);
2998 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
2999 : #else
3000 1 : libspdm_hash_all(
3001 : spdm_context->connection_info.algorithm.base_hash_algo,
3002 : data2, data_size2,
3003 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3004 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3005 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3006 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3007 : spdm_context->connection_info.algorithm.base_hash_algo,
3008 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3009 : data2,
3010 : data_size2,
3011 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3012 : #endif
3013 :
3014 1 : session_id = 0xFFFFFFFF;
3015 1 : spdm_context->latest_session_id = session_id;
3016 1 : session_info = &spdm_context->session_info[0];
3017 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3018 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3019 1 : session_info->peer_used_cert_chain_slot_id = 0;
3020 1 : session_info->local_used_cert_chain_slot_id = 0;
3021 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3022 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3023 1 : libspdm_secured_message_set_request_finished_key(
3024 : session_info->secured_message_context, m_dummy_buffer,
3025 : hash_size);
3026 1 : libspdm_secured_message_set_session_state(
3027 : session_info->secured_message_context,
3028 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3029 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3030 :
3031 1 : spdm_context->connection_info.capability.flags |=
3032 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3033 1 : spdm_context->local_context.capability.flags |=
3034 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3035 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3036 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3037 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3038 1 : ptr = m_libspdm_finish_request7.signature;
3039 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3040 1 : cert_buffer = (uint8_t*)data1;
3041 1 : cert_buffer_size = data_size1;
3042 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
3043 1 : cert_buffer = (uint8_t*)data2;
3044 1 : cert_buffer_size = data_size2;
3045 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
3046 : /* transcript.message_a size is 0*/
3047 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3048 : /* session_transcript.message_k is 0*/
3049 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3050 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3051 : sizeof(spdm_finish_request_t));
3052 :
3053 1 : libspdm_requester_data_sign(
3054 : spdm_context,
3055 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
3056 : 0, SPDM_FINISH,
3057 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3058 1 : false, libspdm_get_managed_buffer(&th_curr),
3059 : libspdm_get_managed_buffer_size(&th_curr),
3060 : ptr, &req_asym_signature_size);
3061 :
3062 : /* Switch signature to little endian */
3063 1 : libspdm_copy_signature_swap_endian(
3064 : m_libspdm_use_req_asym_algo,
3065 : ptr, req_asym_signature_size,
3066 : ptr, req_asym_signature_size);
3067 :
3068 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3069 1 : ptr += req_asym_signature_size;
3070 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3071 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3072 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3073 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3074 : request_finished_key, hash_size, ptr);
3075 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3076 1 : req_asym_signature_size + hmac_size;
3077 1 : response_size = sizeof(response);
3078 1 : status = libspdm_get_response_finish(spdm_context,
3079 : m_libspdm_finish_request7_size,
3080 : &m_libspdm_finish_request7,
3081 : &response_size, response);
3082 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3083 1 : spdm_response = (void*)response;
3084 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3085 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3086 :
3087 1 : g_key_exchange_start_mut_auth = 0;
3088 1 : free(data1);
3089 1 : free(data2);
3090 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3091 1 : }
3092 :
3093 : /**
3094 : * Test 27: Same as test case 22, but test endian verification.
3095 : * Sign as Little Endian, Verify as Big.
3096 : * Expecting signature to FAIL.
3097 : **/
3098 1 : void rsp_finish_rsp_case27(void** state)
3099 : {
3100 : libspdm_return_t status;
3101 : libspdm_test_context_t* spdm_test_context;
3102 : libspdm_context_t* spdm_context;
3103 : size_t response_size;
3104 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3105 : spdm_finish_response_t* spdm_response;
3106 : void* data1;
3107 : size_t data_size1;
3108 : void* data2;
3109 : size_t data_size2;
3110 : uint8_t* ptr;
3111 : uint8_t* cert_buffer;
3112 : size_t cert_buffer_size;
3113 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3114 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3115 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3116 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3117 : libspdm_session_info_t* session_info;
3118 : uint32_t session_id;
3119 : uint32_t hash_size;
3120 : uint32_t hmac_size;
3121 : size_t req_asym_signature_size;
3122 :
3123 1 : spdm_test_context = *state;
3124 1 : spdm_context = spdm_test_context->spdm_context;
3125 1 : spdm_test_context->case_id = 27;
3126 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3127 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3128 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3129 1 : spdm_context->connection_info.capability.flags |=
3130 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3131 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3132 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
3133 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
3134 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
3135 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
3136 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3137 : m_libspdm_use_measurement_hash_algo;
3138 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
3139 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
3140 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3141 : m_libspdm_use_asym_algo, &data1,
3142 : &data_size1, NULL, NULL);
3143 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3144 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
3145 1 : spdm_context->spdm_10_11_verify_signature_endian =
3146 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY;
3147 :
3148 1 : libspdm_reset_message_a(spdm_context);
3149 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3150 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3151 : m_libspdm_use_req_asym_algo, &data2,
3152 : &data_size2, NULL, NULL);
3153 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3154 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3155 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3156 : data2, data_size2);
3157 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
3158 : #else
3159 1 : libspdm_hash_all(
3160 : spdm_context->connection_info.algorithm.base_hash_algo,
3161 : data2, data_size2,
3162 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3163 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3164 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3165 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3166 : spdm_context->connection_info.algorithm.base_hash_algo,
3167 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3168 : data2,
3169 : data_size2,
3170 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3171 : #endif
3172 :
3173 1 : session_id = 0xFFFFFFFF;
3174 1 : spdm_context->latest_session_id = session_id;
3175 1 : session_info = &spdm_context->session_info[0];
3176 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3177 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3178 1 : session_info->peer_used_cert_chain_slot_id = 0;
3179 1 : session_info->local_used_cert_chain_slot_id = 0;
3180 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3181 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3182 1 : libspdm_secured_message_set_request_finished_key(
3183 : session_info->secured_message_context, m_dummy_buffer,
3184 : hash_size);
3185 1 : libspdm_secured_message_set_session_state(
3186 : session_info->secured_message_context,
3187 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3188 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3189 :
3190 1 : spdm_context->connection_info.capability.flags |=
3191 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3192 1 : spdm_context->local_context.capability.flags |=
3193 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3194 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3195 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3196 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3197 1 : ptr = m_libspdm_finish_request7.signature;
3198 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3199 1 : cert_buffer = (uint8_t*)data1;
3200 1 : cert_buffer_size = data_size1;
3201 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
3202 1 : cert_buffer = (uint8_t*)data2;
3203 1 : cert_buffer_size = data_size2;
3204 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
3205 : /* transcript.message_a size is 0*/
3206 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3207 : /* session_transcript.message_k is 0*/
3208 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3209 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3210 : sizeof(spdm_finish_request_t));
3211 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3212 1 : libspdm_requester_data_sign(
3213 : spdm_context,
3214 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
3215 : 0, SPDM_FINISH,
3216 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3217 1 : false, libspdm_get_managed_buffer(&th_curr),
3218 : libspdm_get_managed_buffer_size(&th_curr),
3219 : ptr, &req_asym_signature_size);
3220 :
3221 : /* Switch signature to little endian */
3222 1 : libspdm_copy_signature_swap_endian(
3223 : m_libspdm_use_req_asym_algo,
3224 : ptr, req_asym_signature_size,
3225 : ptr, req_asym_signature_size);
3226 : #endif
3227 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3228 1 : ptr += req_asym_signature_size;
3229 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3230 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3231 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3232 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3233 : request_finished_key, hash_size, ptr);
3234 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3235 1 : req_asym_signature_size + hmac_size;
3236 1 : response_size = sizeof(response);
3237 1 : status = libspdm_get_response_finish(spdm_context,
3238 : m_libspdm_finish_request7_size,
3239 : &m_libspdm_finish_request7,
3240 : &response_size, response);
3241 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3242 1 : spdm_response = (void*)response;
3243 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
3244 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
3245 :
3246 1 : g_key_exchange_start_mut_auth = 0;
3247 1 : free(data1);
3248 1 : free(data2);
3249 1 : }
3250 :
3251 : /**
3252 : * Test 28: Same as test case 22, but test endian verification.
3253 : * Sign as Little Endian, Verify as Big Or Little.
3254 : * Expecting signature to PASS.
3255 : **/
3256 1 : void rsp_finish_rsp_case28(void** state)
3257 : {
3258 : #if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP
3259 : libspdm_return_t status;
3260 : libspdm_test_context_t* spdm_test_context;
3261 : libspdm_context_t* spdm_context;
3262 : size_t response_size;
3263 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3264 : spdm_finish_response_t* spdm_response;
3265 : void* data1;
3266 : size_t data_size1;
3267 : void* data2;
3268 : size_t data_size2;
3269 : uint8_t* ptr;
3270 : uint8_t* cert_buffer;
3271 : size_t cert_buffer_size;
3272 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3273 : uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3274 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3275 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3276 : libspdm_session_info_t* session_info;
3277 : uint32_t session_id;
3278 : uint32_t hash_size;
3279 : uint32_t hmac_size;
3280 : size_t req_asym_signature_size;
3281 :
3282 1 : spdm_test_context = *state;
3283 1 : spdm_context = spdm_test_context->spdm_context;
3284 1 : spdm_test_context->case_id = 28;
3285 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3286 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3287 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3288 1 : spdm_context->connection_info.capability.flags |=
3289 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3290 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3291 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
3292 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
3293 1 : spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo;
3294 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
3295 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3296 : m_libspdm_use_measurement_hash_algo;
3297 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
3298 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
3299 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3300 : m_libspdm_use_asym_algo, &data1,
3301 : &data_size1, NULL, NULL);
3302 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3303 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
3304 1 : spdm_context->spdm_10_11_verify_signature_endian =
3305 : LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY;
3306 :
3307 1 : libspdm_reset_message_a(spdm_context);
3308 1 : g_key_exchange_start_mut_auth = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3309 1 : libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo,
3310 : m_libspdm_use_req_asym_algo, &data2,
3311 : &data_size2, NULL, NULL);
3312 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
3313 : libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer,
3314 : sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer),
3315 : data2, data_size2);
3316 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2;
3317 : #else
3318 1 : libspdm_hash_all(
3319 : spdm_context->connection_info.algorithm.base_hash_algo,
3320 : data2, data_size2,
3321 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash);
3322 1 : spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size =
3323 1 : libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
3324 1 : libspdm_get_leaf_cert_public_key_from_cert_chain(
3325 : spdm_context->connection_info.algorithm.base_hash_algo,
3326 1 : spdm_context->connection_info.algorithm.req_base_asym_alg,
3327 : data2,
3328 : data_size2,
3329 : &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key);
3330 : #endif
3331 :
3332 1 : session_id = 0xFFFFFFFF;
3333 1 : spdm_context->latest_session_id = session_id;
3334 1 : session_info = &spdm_context->session_info[0];
3335 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3336 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3337 1 : session_info->peer_used_cert_chain_slot_id = 0;
3338 1 : session_info->local_used_cert_chain_slot_id = 0;
3339 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3340 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3341 1 : libspdm_secured_message_set_request_finished_key(
3342 : session_info->secured_message_context, m_dummy_buffer,
3343 : hash_size);
3344 1 : libspdm_secured_message_set_session_state(
3345 : session_info->secured_message_context,
3346 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3347 1 : session_info->mut_auth_requested = SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED;
3348 :
3349 1 : spdm_context->connection_info.capability.flags |=
3350 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3351 1 : spdm_context->local_context.capability.flags |=
3352 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3353 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3354 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3355 1 : req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo);
3356 1 : ptr = m_libspdm_finish_request7.signature;
3357 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3358 1 : cert_buffer = (uint8_t*)data1;
3359 1 : cert_buffer_size = data_size1;
3360 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
3361 1 : cert_buffer = (uint8_t*)data2;
3362 1 : cert_buffer_size = data_size2;
3363 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash);
3364 : /* transcript.message_a size is 0*/
3365 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3366 : /* session_transcript.message_k is 0*/
3367 1 : libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size);
3368 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t*)&m_libspdm_finish_request7,
3369 : sizeof(spdm_finish_request_t));
3370 :
3371 1 : libspdm_requester_data_sign(
3372 : spdm_context,
3373 1 : m_libspdm_finish_request7.header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT,
3374 : 0, SPDM_FINISH,
3375 : m_libspdm_use_req_asym_algo, m_libspdm_use_req_pqc_asym_algo, m_libspdm_use_hash_algo,
3376 1 : false, libspdm_get_managed_buffer(&th_curr),
3377 : libspdm_get_managed_buffer_size(&th_curr),
3378 : ptr, &req_asym_signature_size);
3379 :
3380 : /* Switch signature to little endian */
3381 1 : libspdm_copy_signature_swap_endian(
3382 : m_libspdm_use_req_asym_algo,
3383 : ptr, req_asym_signature_size,
3384 : ptr, req_asym_signature_size);
3385 :
3386 1 : libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size);
3387 1 : ptr += req_asym_signature_size;
3388 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3389 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3390 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3391 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3392 : request_finished_key, hash_size, ptr);
3393 1 : m_libspdm_finish_request7_size = sizeof(spdm_finish_request_t) +
3394 1 : req_asym_signature_size + hmac_size;
3395 1 : response_size = sizeof(response);
3396 1 : status = libspdm_get_response_finish(spdm_context,
3397 : m_libspdm_finish_request7_size,
3398 : &m_libspdm_finish_request7,
3399 : &response_size, response);
3400 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3401 1 : spdm_response = (void*)response;
3402 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3403 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t) + hmac_size);
3404 :
3405 1 : g_key_exchange_start_mut_auth = 0;
3406 1 : free(data1);
3407 1 : free(data2);
3408 : #endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */
3409 1 : }
3410 :
3411 : /**
3412 : * Test 29: Receive the correct FINISH from the requester, and
3413 : * the requester and responder have not set HANDSHAKE_IN_THE_CLEAR.
3414 : * Expected behavior: the responder accepts the request and produces a valid
3415 : * FINISH_RSP response message, and The ResponderVerifyData field is absent.
3416 : **/
3417 1 : void rsp_finish_rsp_case29(void **state)
3418 : {
3419 : libspdm_return_t status;
3420 : libspdm_test_context_t *spdm_test_context;
3421 : libspdm_context_t *spdm_context;
3422 : size_t response_size;
3423 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3424 : spdm_finish_response_t *spdm_response;
3425 : void *data1;
3426 : size_t data_size1;
3427 : uint8_t *ptr;
3428 : uint8_t *cert_buffer;
3429 : size_t cert_buffer_size;
3430 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3431 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3432 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3433 : libspdm_session_info_t *session_info;
3434 : uint32_t session_id;
3435 : uint32_t hash_size;
3436 : uint32_t hmac_size;
3437 :
3438 1 : spdm_test_context = *state;
3439 1 : spdm_context = spdm_test_context->spdm_context;
3440 1 : spdm_test_context->case_id = 29;
3441 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
3442 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3443 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3444 1 : spdm_context->connection_info.capability.flags |=
3445 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3446 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3447 :
3448 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
3449 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
3450 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
3451 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3452 : m_libspdm_use_measurement_hash_algo;
3453 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
3454 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
3455 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3456 : m_libspdm_use_asym_algo, &data1,
3457 : &data_size1, NULL, NULL);
3458 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3459 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
3460 :
3461 1 : libspdm_reset_message_a(spdm_context);
3462 :
3463 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3464 1 : spdm_context->connection_info.capability.flags &=
3465 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3466 1 : spdm_context->local_context.capability.flags &=
3467 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3468 :
3469 1 : session_id = 0xFFFFFFFF;
3470 1 : spdm_context->latest_session_id = session_id;
3471 1 : spdm_context->last_spdm_request_session_id_valid = true;
3472 1 : spdm_context->last_spdm_request_session_id = session_id;
3473 1 : session_info = &spdm_context->session_info[0];
3474 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3475 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3476 1 : session_info->local_used_cert_chain_slot_id = 0;
3477 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3478 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3479 :
3480 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3481 1 : libspdm_secured_message_set_request_finished_key(
3482 : session_info->secured_message_context, m_dummy_buffer,
3483 : hash_size);
3484 1 : libspdm_secured_message_set_session_state(
3485 : session_info->secured_message_context,
3486 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3487 :
3488 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3489 1 : ptr = m_libspdm_finish_request1.signature;
3490 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3491 1 : cert_buffer = (uint8_t *)data1;
3492 1 : cert_buffer_size = data_size1;
3493 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
3494 : /* transcript.message_a size is 0*/
3495 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3496 : /* session_transcript.message_k is 0*/
3497 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request1,
3498 : sizeof(spdm_finish_request_t));
3499 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3500 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3501 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3502 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3503 : request_finished_key, hash_size, ptr);
3504 1 : m_libspdm_finish_request1_size = sizeof(spdm_finish_request_t) + hmac_size;
3505 1 : response_size = sizeof(response);
3506 1 : status = libspdm_get_response_finish(spdm_context,
3507 : m_libspdm_finish_request1_size,
3508 : &m_libspdm_finish_request1,
3509 : &response_size, response);
3510 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3511 : /* The ResponderVerifyData field shall be absent.*/
3512 1 : assert_int_equal(response_size, sizeof(spdm_finish_response_t));
3513 1 : spdm_response = (void *)response;
3514 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3515 1 : free(data1);
3516 1 : }
3517 :
3518 : /**
3519 : * Test 30: SPDM version 1.4, with OpaqueData.
3520 : * Expected behavior: the responder accepts the request and produces a valid
3521 : * FINISH_RSP response message.
3522 : **/
3523 1 : void rsp_finish_rsp_case30(void **state)
3524 : {
3525 : libspdm_return_t status;
3526 : libspdm_test_context_t *spdm_test_context;
3527 : libspdm_context_t *spdm_context;
3528 : size_t response_size;
3529 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3530 : spdm_finish_response_t *spdm_response;
3531 : void *data1;
3532 : size_t data_size1;
3533 : uint8_t *ptr;
3534 : uint8_t *cert_buffer;
3535 : size_t cert_buffer_size;
3536 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3537 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3538 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3539 : libspdm_session_info_t *session_info;
3540 : uint32_t session_id;
3541 : uint32_t hash_size;
3542 : uint32_t hmac_size;
3543 :
3544 1 : spdm_test_context = *state;
3545 1 : spdm_context = spdm_test_context->spdm_context;
3546 1 : spdm_test_context->case_id = 30;
3547 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
3548 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3549 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3550 1 : spdm_context->connection_info.capability.flags |=
3551 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3552 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3553 :
3554 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
3555 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
3556 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
3557 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3558 : m_libspdm_use_measurement_hash_algo;
3559 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
3560 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
3561 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3562 : m_libspdm_use_asym_algo, &data1,
3563 : &data_size1, NULL, NULL);
3564 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3565 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
3566 :
3567 1 : libspdm_reset_message_a(spdm_context);
3568 :
3569 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3570 1 : spdm_context->connection_info.capability.flags &=
3571 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3572 1 : spdm_context->local_context.capability.flags &=
3573 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3574 :
3575 1 : session_id = 0xFFFFFFFF;
3576 1 : spdm_context->latest_session_id = session_id;
3577 1 : spdm_context->last_spdm_request_session_id_valid = true;
3578 1 : spdm_context->last_spdm_request_session_id = session_id;
3579 1 : session_info = &spdm_context->session_info[0];
3580 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3581 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3582 :
3583 1 : session_info->local_used_cert_chain_slot_id = 0;
3584 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3585 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3586 :
3587 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3588 1 : libspdm_secured_message_set_request_finished_key(
3589 : session_info->secured_message_context, m_dummy_buffer,
3590 : hash_size);
3591 1 : libspdm_secured_message_set_session_state(
3592 : session_info->secured_message_context,
3593 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3594 :
3595 1 : m_libspdm_finish_request8.opaque_data_size = sizeof(m_libspdm_finish_request8.opaque_data);
3596 :
3597 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3598 1 : ptr = m_libspdm_finish_request8.signature;
3599 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3600 1 : cert_buffer = (uint8_t *)data1;
3601 1 : cert_buffer_size = data_size1;
3602 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash);
3603 : /* transcript.message_a size is 0*/
3604 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3605 : /* session_transcript.message_k is 0*/
3606 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request8,
3607 : sizeof(spdm_finish_request_t) + sizeof(uint16_t) +
3608 1 : m_libspdm_finish_request8.opaque_data_size);
3609 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3610 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3611 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3612 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3613 : request_finished_key, hash_size, ptr);
3614 1 : m_libspdm_finish_request8_size = sizeof(spdm_finish_request_t) + hmac_size +
3615 1 : sizeof(uint16_t) + m_libspdm_finish_request8.opaque_data_size;
3616 1 : response_size = sizeof(response);
3617 1 : status = libspdm_get_response_finish(spdm_context,
3618 : m_libspdm_finish_request8_size,
3619 : &m_libspdm_finish_request8,
3620 : &response_size, response);
3621 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3622 : /* The ResponderVerifyData field shall be absent.*/
3623 1 : ptr = (uint8_t *)response + sizeof(spdm_finish_response_t);
3624 1 : assert_int_equal(response_size,
3625 : sizeof(spdm_finish_response_t) + sizeof(uint16_t) +
3626 : libspdm_read_uint16(ptr));
3627 1 : spdm_response = (void *)response;
3628 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_FINISH_RSP);
3629 1 : free(data1);
3630 1 : }
3631 :
3632 : /**
3633 : * Test 31: SPDM version 1.4, with OpaqueData.
3634 : * Expected behavior: the responder accepts the request and produces a valid
3635 : * FINISH_RSP response message with integrator defined opaque data in the response.
3636 : **/
3637 1 : void rsp_finish_rsp_case31(void **state)
3638 : {
3639 : libspdm_return_t status;
3640 : libspdm_test_context_t *spdm_test_context;
3641 : libspdm_context_t *spdm_context;
3642 : size_t response_size;
3643 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
3644 : spdm_finish_response_t *spdm_response;
3645 : void *data1;
3646 : size_t data_size1;
3647 : uint8_t *ptr;
3648 : uint8_t *cert_buffer;
3649 : size_t cert_buffer_size;
3650 : uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
3651 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
3652 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
3653 : libspdm_session_info_t *session_info;
3654 : uint32_t session_id;
3655 : uint32_t hash_size;
3656 : uint32_t hmac_size;
3657 :
3658 1 : spdm_test_context = *state;
3659 1 : spdm_context = spdm_test_context->spdm_context;
3660 1 : spdm_test_context->case_id = 31;
3661 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
3662 : SPDM_VERSION_NUMBER_SHIFT_BIT;
3663 1 : spdm_context->connection_info.connection_state =
3664 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
3665 1 : spdm_context->connection_info.capability.flags |=
3666 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
3667 1 : spdm_context->local_context.capability.flags |=
3668 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
3669 :
3670 1 : spdm_context->connection_info.algorithm.base_hash_algo =
3671 : m_libspdm_use_hash_algo;
3672 1 : spdm_context->connection_info.algorithm.base_asym_algo =
3673 : m_libspdm_use_asym_algo;
3674 1 : spdm_context->connection_info.algorithm.measurement_spec =
3675 : m_libspdm_use_measurement_spec;
3676 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
3677 : m_libspdm_use_measurement_hash_algo;
3678 1 : spdm_context->connection_info.algorithm.dhe_named_group =
3679 : m_libspdm_use_dhe_algo;
3680 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
3681 : m_libspdm_use_aead_algo;
3682 1 : spdm_context->connection_info.algorithm.other_params_support =
3683 : SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1;
3684 1 : g_generate_finish_opaque_data = true;
3685 1 : libspdm_secret_lib_finish_opaque_data_size = 8;
3686 :
3687 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
3688 : m_libspdm_use_asym_algo, &data1,
3689 : &data_size1, NULL, NULL);
3690 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
3691 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
3692 : data_size1;
3693 :
3694 1 : libspdm_reset_message_a(spdm_context);
3695 :
3696 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3697 1 : spdm_context->connection_info.capability.flags &=
3698 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3699 1 : spdm_context->local_context.capability.flags &=
3700 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
3701 :
3702 1 : session_id = 0xFFFFFFFF;
3703 1 : spdm_context->latest_session_id = session_id;
3704 1 : spdm_context->last_spdm_request_session_id_valid = true;
3705 1 : spdm_context->last_spdm_request_session_id = session_id;
3706 1 : session_info = &spdm_context->session_info[0];
3707 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
3708 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, false);
3709 :
3710 1 : session_info->local_used_cert_chain_slot_id = 0;
3711 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3712 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3713 :
3714 1 : libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
3715 1 : libspdm_secured_message_set_request_finished_key(
3716 : session_info->secured_message_context, m_dummy_buffer,
3717 : hash_size);
3718 1 : libspdm_secured_message_set_session_state(
3719 : session_info->secured_message_context,
3720 : LIBSPDM_SESSION_STATE_HANDSHAKING);
3721 :
3722 1 : m_libspdm_finish_request8.opaque_data_size = sizeof(m_libspdm_finish_request8.opaque_data);
3723 :
3724 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
3725 1 : ptr = m_libspdm_finish_request8.signature;
3726 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
3727 1 : cert_buffer = (uint8_t *)data1;
3728 1 : cert_buffer_size = data_size1;
3729 1 : libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
3730 : cert_buffer_hash);
3731 : /* transcript.message_a size is 0*/
3732 1 : libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
3733 : /* session_transcript.message_k is 0*/
3734 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request8,
3735 : sizeof(spdm_finish_request_t) + sizeof(uint16_t) +
3736 1 : m_libspdm_finish_request8.opaque_data_size);
3737 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
3738 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
3739 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
3740 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
3741 : request_finished_key, hash_size, ptr);
3742 1 : m_libspdm_finish_request8_size = sizeof(spdm_finish_request_t) + hmac_size +
3743 1 : sizeof(uint16_t) + m_libspdm_finish_request8.opaque_data_size;
3744 1 : response_size = sizeof(response);
3745 1 : status = libspdm_get_response_finish(spdm_context,
3746 : m_libspdm_finish_request8_size,
3747 : &m_libspdm_finish_request8,
3748 : &response_size, response);
3749 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
3750 : /* The ResponderVerifyData field shall be absent.*/
3751 1 : ptr = (uint8_t *)response + sizeof(spdm_finish_response_t);
3752 1 : assert_int_equal(libspdm_read_uint16(ptr),
3753 : libspdm_secret_lib_finish_opaque_data_size);
3754 1 : assert_int_equal(response_size,
3755 : sizeof(spdm_finish_response_t) + sizeof(uint16_t) +
3756 : libspdm_read_uint16(ptr));
3757 1 : spdm_response = (void *)response;
3758 1 : assert_int_equal(spdm_response->header.request_response_code,
3759 : SPDM_FINISH_RSP);
3760 1 : g_generate_finish_opaque_data = false;
3761 1 : free(data1);
3762 1 : }
3763 :
3764 1 : int libspdm_rsp_finish_test(void)
3765 : {
3766 1 : const struct CMUnitTest test_cases[] = {
3767 : /* Success Case*/
3768 : cmocka_unit_test(rsp_finish_rsp_case1),
3769 : /* Can be populated with new test.*/
3770 : cmocka_unit_test(rsp_finish_rsp_case2),
3771 : /* response_state: SPDM_RESPONSE_STATE_BUSY*/
3772 : cmocka_unit_test(rsp_finish_rsp_case3),
3773 : /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
3774 : cmocka_unit_test(rsp_finish_rsp_case4),
3775 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
3776 : /* response_state: LIBSPDM_RESPONSE_STATE_NOT_READY*/
3777 : cmocka_unit_test(rsp_finish_rsp_case5),
3778 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
3779 : /* connection_state Check*/
3780 : cmocka_unit_test(rsp_finish_rsp_case6),
3781 : /* Buffer reset*/
3782 : cmocka_unit_test(rsp_finish_rsp_case7),
3783 : /* Success Case*/
3784 : cmocka_unit_test(rsp_finish_rsp_case8),
3785 : /* Unsupported KEY_EX capabilities*/
3786 : cmocka_unit_test(rsp_finish_rsp_case9),
3787 : /* Uninitialized session*/
3788 : cmocka_unit_test(rsp_finish_rsp_case10),
3789 : /* Incorrect MAC*/
3790 : cmocka_unit_test(rsp_finish_rsp_case11),
3791 : cmocka_unit_test(rsp_finish_rsp_case12),
3792 : /* Can be populated with new test.*/
3793 : cmocka_unit_test(rsp_finish_rsp_case13),
3794 : cmocka_unit_test(rsp_finish_rsp_case14),
3795 : /* Incorrect signature*/
3796 : cmocka_unit_test(rsp_finish_rsp_case15),
3797 : cmocka_unit_test(rsp_finish_rsp_case16),
3798 : /* Buffer verification*/
3799 : cmocka_unit_test(rsp_finish_rsp_case17),
3800 : /* Success Case, enable mutual authentication and use slot_id 0xFF */
3801 : cmocka_unit_test(rsp_finish_rsp_case18),
3802 : /* Invalid SlotID in FINISH request message when mutual authentication */
3803 : cmocka_unit_test_setup(rsp_finish_rsp_case19, libspdm_unit_test_group_setup),
3804 : cmocka_unit_test_setup(rsp_finish_rsp_case20, libspdm_unit_test_group_setup),
3805 : /* If FINISH.Param1 != 0x01, then FINISH.Param2 is reserved, shall be ignored when read */
3806 : cmocka_unit_test_setup(rsp_finish_rsp_case21, libspdm_unit_test_group_setup),
3807 : /* If KEY_EXCHANGE_RSP.MutAuthRequested equals neither 0x02 nor 0x04, FINISH.Param2 no need match ENCAPSULATED_RESPONSE_ACK.EncapsulatedRequest */
3808 : cmocka_unit_test_setup(rsp_finish_rsp_case22, libspdm_unit_test_group_setup),
3809 : /* Big Endian Sign - Little Endian Verify */
3810 : cmocka_unit_test_setup(rsp_finish_rsp_case23, libspdm_unit_test_group_setup),
3811 : /* Big Endian Sign - Big Endian Verify */
3812 : cmocka_unit_test_setup(rsp_finish_rsp_case24, libspdm_unit_test_group_setup),
3813 : /* Big Endian Sign - Big or Little Endian Verify */
3814 : cmocka_unit_test_setup(rsp_finish_rsp_case25, libspdm_unit_test_group_setup),
3815 : /* Little Endian Sign - Little Endian Verify*/
3816 : cmocka_unit_test_setup(rsp_finish_rsp_case26, libspdm_unit_test_group_setup),
3817 : /* Little Endian Sign - Big Endian Verify */
3818 : cmocka_unit_test_setup(rsp_finish_rsp_case27, libspdm_unit_test_group_setup),
3819 : /* Little Endian Sign - Big or Little Endian Verify */
3820 : cmocka_unit_test_setup(rsp_finish_rsp_case28, libspdm_unit_test_group_setup),
3821 : /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
3822 : cmocka_unit_test(rsp_finish_rsp_case29),
3823 : /* SPDM 1.4 with OpaqueData */
3824 : cmocka_unit_test(rsp_finish_rsp_case30),
3825 : /* SPDM 1.4, the Responder using integrator defined opaque data */
3826 : cmocka_unit_test(rsp_finish_rsp_case31),
3827 : };
3828 :
3829 1 : libspdm_test_context_t test_context = {
3830 : LIBSPDM_TEST_CONTEXT_VERSION,
3831 : false,
3832 : };
3833 :
3834 1 : libspdm_setup_test_context(&test_context);
3835 :
3836 1 : return cmocka_run_group_tests(test_cases,
3837 : libspdm_unit_test_group_setup,
3838 : libspdm_unit_test_group_teardown);
3839 : }
3840 :
3841 : #endif /* LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP*/
|
