Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2022 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 : #include "internal/libspdm_secured_message_lib.h"
10 :
11 : #if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_CAP)
12 :
13 : spdm_key_update_request_t m_libspdm_key_update_request1 = {
14 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
15 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x3 }
16 : };
17 : size_t m_libspdm_key_update_request1_size = sizeof(m_libspdm_key_update_request1);
18 :
19 : spdm_key_update_request_t m_libspdm_key_update_request2 = {
20 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
21 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x3 }
22 : };
23 : size_t m_libspdm_key_update_request2_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
24 :
25 : spdm_key_update_request_t m_libspdm_key_update_request3 = {
26 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
27 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x71 }
28 : };
29 : size_t m_libspdm_key_update_request3_size = sizeof(m_libspdm_key_update_request3);
30 :
31 : spdm_key_update_request_t m_libspdm_key_update_request4 = {
32 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
33 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x71 }
34 : };
35 : size_t m_libspdm_key_update_request4_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
36 :
37 : spdm_key_update_request_t m_libspdm_key_update_request5 = {
38 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
39 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x4A }
40 : };
41 : size_t m_libspdm_key_update_request5_size = sizeof(m_libspdm_key_update_request5);
42 :
43 : spdm_key_update_request_t m_libspdm_key_update_request6 = {
44 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
45 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x4A }
46 : };
47 : size_t m_libspdm_key_update_request6_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
48 :
49 : spdm_key_update_request_t m_libspdm_key_update_request7 = {
50 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
51 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x92 }
52 : };
53 : size_t m_libspdm_key_update_request7_size = sizeof(m_libspdm_key_update_request7);
54 :
55 : spdm_key_update_request_t m_libspdm_key_update_request8 = {
56 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
57 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x13 }
58 : };
59 : size_t m_libspdm_key_update_request8_size = sizeof(m_libspdm_key_update_request8);
60 :
61 : spdm_key_update_request_t m_libspdm_key_update_request9 = {
62 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
63 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x22 }
64 : };
65 : size_t m_libspdm_key_update_request9_size = sizeof(m_libspdm_key_update_request9);
66 :
67 : spdm_key_update_request_t m_libspdm_key_update_request10 = {
68 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE, 0xFF, 0x12 }
69 : };
70 : size_t m_libspdm_key_update_request10_size = sizeof(m_libspdm_key_update_request10);
71 :
72 27 : static void libspdm_set_standard_key_update_test_state(
73 : libspdm_context_t *spdm_context, uint32_t *session_id)
74 : {
75 : libspdm_session_info_t *session_info;
76 :
77 27 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
78 27 : spdm_context->connection_info.connection_state =
79 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
80 27 : spdm_context->connection_info.capability.flags |=
81 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP;
82 27 : spdm_context->connection_info.capability.flags |=
83 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP;
84 27 : spdm_context->connection_info.capability.flags |=
85 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP;
86 27 : spdm_context->local_context.capability.flags |=
87 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP;
88 27 : spdm_context->local_context.capability.flags |=
89 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP;
90 27 : spdm_context->local_context.capability.flags |=
91 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP;
92 :
93 27 : spdm_context->transcript.message_a.buffer_size = 0;
94 27 : spdm_context->connection_info.algorithm.base_hash_algo =
95 : m_libspdm_use_hash_algo;
96 27 : spdm_context->connection_info.algorithm.base_asym_algo =
97 : m_libspdm_use_asym_algo;
98 27 : spdm_context->connection_info.algorithm.dhe_named_group =
99 : m_libspdm_use_dhe_algo;
100 27 : spdm_context->connection_info.algorithm.aead_cipher_suite =
101 : m_libspdm_use_aead_algo;
102 :
103 27 : *session_id = 0xFFFFFFFF;
104 27 : spdm_context->latest_session_id = *session_id;
105 27 : spdm_context->last_spdm_request_session_id_valid = true;
106 27 : spdm_context->last_spdm_request_session_id = *session_id;
107 27 : session_info = &spdm_context->session_info[0];
108 27 : libspdm_session_info_init(spdm_context, session_info, *session_id, true);
109 27 : libspdm_secured_message_set_session_state(
110 : session_info->secured_message_context,
111 : LIBSPDM_SESSION_STATE_ESTABLISHED);
112 27 : }
113 :
114 27 : static void libspdm_set_standard_key_update_test_secrets(
115 : libspdm_secured_message_context_t *secured_message_context,
116 : uint8_t *m_rsp_secret_buffer, uint8_t rsp_secret_fill,
117 : uint8_t *m_req_secret_buffer, uint8_t req_secret_fill)
118 : {
119 27 : libspdm_set_mem(m_rsp_secret_buffer, secured_message_context
120 : ->hash_size, rsp_secret_fill);
121 27 : libspdm_set_mem(m_req_secret_buffer, secured_message_context
122 : ->hash_size, req_secret_fill);
123 :
124 27 : libspdm_copy_mem(secured_message_context->application_secret.response_data_secret,
125 : sizeof(secured_message_context->application_secret.response_data_secret),
126 : m_rsp_secret_buffer, secured_message_context->aead_key_size);
127 27 : libspdm_copy_mem(secured_message_context->application_secret.request_data_secret,
128 : sizeof(secured_message_context->application_secret.request_data_secret),
129 : m_req_secret_buffer, secured_message_context->aead_key_size);
130 :
131 27 : libspdm_set_mem(secured_message_context->application_secret
132 27 : .response_data_encryption_key,
133 : secured_message_context->aead_key_size, (uint8_t)(0xFF));
134 27 : libspdm_set_mem(secured_message_context->application_secret
135 27 : .response_data_salt,
136 : secured_message_context->aead_iv_size, (uint8_t)(0xFF));
137 :
138 :
139 27 : libspdm_set_mem(secured_message_context->application_secret
140 27 : .request_data_encryption_key,
141 : secured_message_context->aead_key_size, (uint8_t)(0xEE));
142 27 : libspdm_set_mem(secured_message_context->application_secret
143 27 : .request_data_salt,
144 : secured_message_context->aead_iv_size, (uint8_t)(0xEE));
145 :
146 : secured_message_context->application_secret.
147 27 : response_data_sequence_number = 0;
148 : secured_message_context->application_secret.
149 27 : request_data_sequence_number = 0;
150 27 : }
151 :
152 30 : static void libspdm_compute_secret_update(spdm_version_number_t spdm_version,
153 : size_t hash_size,
154 : const uint8_t *in_secret, uint8_t *out_secret,
155 : size_t out_secret_size)
156 : {
157 : uint8_t bin_str9[128];
158 : size_t bin_str9_size;
159 :
160 30 : bin_str9_size = sizeof(bin_str9);
161 30 : libspdm_bin_concat(spdm_version,
162 : SPDM_BIN_STR_9_LABEL, sizeof(SPDM_BIN_STR_9_LABEL) - 1,
163 30 : NULL, (uint16_t)hash_size, hash_size, bin_str9,
164 : &bin_str9_size);
165 :
166 30 : libspdm_hkdf_expand(m_libspdm_use_hash_algo, in_secret, hash_size, bin_str9,
167 : bin_str9_size, out_secret, out_secret_size);
168 30 : }
169 :
170 : /**
171 : * Test 1: receiving a correct KEY_UPDATE message from the requester with
172 : * the UpdateKey operation.
173 : * Expected behavior: the responder accepts the request, produces a valid
174 : * KEY_UPDATE_ACK response message, and the request data key is updated.
175 : **/
176 1 : void libspdm_test_responder_key_update_case1(void **state)
177 : {
178 : libspdm_return_t status;
179 : libspdm_test_context_t *spdm_test_context;
180 : libspdm_context_t *spdm_context;
181 : uint32_t session_id;
182 : libspdm_session_info_t *session_info;
183 : libspdm_secured_message_context_t *secured_message_context;
184 :
185 : size_t response_size;
186 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
187 : spdm_key_update_response_t *spdm_response;
188 :
189 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
190 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
191 :
192 1 : spdm_test_context = *state;
193 1 : spdm_context = spdm_test_context->spdm_context;
194 1 : spdm_test_context->case_id = 0x1;
195 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
196 : SPDM_VERSION_NUMBER_SHIFT_BIT;
197 :
198 1 : libspdm_set_standard_key_update_test_state(
199 : spdm_context, &session_id);
200 :
201 1 : session_info = &spdm_context->session_info[0];
202 1 : secured_message_context = session_info->secured_message_context;
203 :
204 1 : libspdm_set_standard_key_update_test_secrets(
205 1 : session_info->secured_message_context,
206 : m_rsp_secret_buffer, (uint8_t)(0xFF),
207 : m_req_secret_buffer, (uint8_t)(0xEE));
208 :
209 : /*request side updated*/
210 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
211 : secured_message_context->hash_size,
212 : m_req_secret_buffer, m_req_secret_buffer,
213 : secured_message_context->hash_size);
214 : /*response side *not* updated*/
215 :
216 1 : response_size = sizeof(response);
217 1 : status = libspdm_get_response_key_update(spdm_context,
218 : m_libspdm_key_update_request1_size,
219 : &m_libspdm_key_update_request1,
220 : &response_size, response);
221 :
222 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
223 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
224 1 : spdm_response = (void *)response;
225 1 : assert_int_equal(spdm_response->header.request_response_code,
226 : SPDM_KEY_UPDATE_ACK);
227 1 : assert_int_equal(spdm_response->header.param1,
228 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
229 1 : assert_int_equal(spdm_response->header.param2,
230 : m_libspdm_key_update_request1.header.param2);
231 1 : assert_memory_equal(secured_message_context
232 : ->application_secret.request_data_secret,
233 : m_req_secret_buffer, secured_message_context->hash_size);
234 1 : assert_memory_equal(secured_message_context
235 : ->application_secret.response_data_secret,
236 : m_rsp_secret_buffer, secured_message_context->hash_size);
237 1 : }
238 :
239 : /**
240 : * Test 2: receiving a KEY_UPDATE message larger than specified, with the
241 : * UpdateKey operation.
242 : * Expected behavior: the responder refuses the KEY_UPDATE message and
243 : * produces an ERROR message indicating the InvalidRequest. No keys
244 : * are updated.
245 : **/
246 1 : void libspdm_test_responder_key_update_case2(void **state)
247 : {
248 : libspdm_return_t status;
249 : libspdm_test_context_t *spdm_test_context;
250 : libspdm_context_t *spdm_context;
251 : uint32_t session_id;
252 : libspdm_session_info_t *session_info;
253 : libspdm_secured_message_context_t *secured_message_context;
254 :
255 : size_t response_size;
256 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
257 : spdm_key_update_response_t *spdm_response;
258 :
259 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
260 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
261 :
262 1 : spdm_test_context = *state;
263 1 : spdm_context = spdm_test_context->spdm_context;
264 1 : spdm_test_context->case_id = 0x2;
265 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
266 : SPDM_VERSION_NUMBER_SHIFT_BIT;
267 :
268 1 : libspdm_set_standard_key_update_test_state(
269 : spdm_context, &session_id);
270 :
271 1 : session_info = &spdm_context->session_info[0];
272 1 : secured_message_context = session_info->secured_message_context;
273 :
274 1 : libspdm_set_standard_key_update_test_secrets(
275 1 : session_info->secured_message_context,
276 : m_rsp_secret_buffer, (uint8_t)(0xFF),
277 : m_req_secret_buffer, (uint8_t)(0xEE));
278 :
279 : /*no keys are updated*/
280 :
281 1 : response_size = sizeof(response);
282 1 : status = libspdm_get_response_key_update(spdm_context,
283 : m_libspdm_key_update_request2_size,
284 : &m_libspdm_key_update_request2,
285 : &response_size, response);
286 :
287 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
288 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
289 1 : spdm_response = (void *)response;
290 1 : assert_int_equal(spdm_response->header.request_response_code,
291 : SPDM_ERROR);
292 1 : assert_int_equal(spdm_response->header.param1,
293 : SPDM_ERROR_CODE_INVALID_REQUEST);
294 1 : assert_int_equal(spdm_response->header.param2, 0);
295 1 : assert_memory_equal(secured_message_context
296 : ->application_secret.request_data_secret,
297 : m_req_secret_buffer, secured_message_context->hash_size);
298 1 : assert_memory_equal(secured_message_context
299 : ->application_secret.response_data_secret,
300 : m_rsp_secret_buffer, secured_message_context->hash_size);
301 1 : }
302 :
303 : /**
304 : * Test 3: receiving a correct KEY_UPDATE from the requester, but the
305 : * responder is in a Busy state.
306 : * Expected behavior: the responder accepts the request, but produces an
307 : * ERROR message indicating the Busy state. No keys are updated.
308 : **/
309 1 : void libspdm_test_responder_key_update_case3(void **state)
310 : {
311 : libspdm_return_t status;
312 : libspdm_test_context_t *spdm_test_context;
313 : libspdm_context_t *spdm_context;
314 : uint32_t session_id;
315 : libspdm_session_info_t *session_info;
316 : libspdm_secured_message_context_t *secured_message_context;
317 :
318 : size_t response_size;
319 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
320 : spdm_key_update_response_t *spdm_response;
321 :
322 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
323 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
324 :
325 1 : spdm_test_context = *state;
326 1 : spdm_context = spdm_test_context->spdm_context;
327 1 : spdm_test_context->case_id = 0x3;
328 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
329 : SPDM_VERSION_NUMBER_SHIFT_BIT;
330 :
331 1 : libspdm_set_standard_key_update_test_state(
332 : spdm_context, &session_id);
333 :
334 : /*busy state*/
335 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
336 :
337 1 : session_info = &spdm_context->session_info[0];
338 1 : secured_message_context = session_info->secured_message_context;
339 :
340 1 : libspdm_set_standard_key_update_test_secrets(
341 1 : session_info->secured_message_context,
342 : m_rsp_secret_buffer, (uint8_t)(0xFF),
343 : m_req_secret_buffer, (uint8_t)(0xEE));
344 :
345 : /*no keys are updated*/
346 :
347 1 : response_size = sizeof(response);
348 1 : status = libspdm_get_response_key_update(spdm_context,
349 : m_libspdm_key_update_request1_size,
350 : &m_libspdm_key_update_request1,
351 : &response_size, response);
352 :
353 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
354 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
355 1 : spdm_response = (void *)response;
356 1 : assert_int_equal(spdm_response->header.request_response_code,
357 : SPDM_ERROR);
358 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
359 1 : assert_int_equal(spdm_response->header.param2, 0);
360 1 : assert_int_equal(spdm_context->response_state,
361 : LIBSPDM_RESPONSE_STATE_BUSY);
362 1 : assert_memory_equal(secured_message_context
363 : ->application_secret.request_data_secret,
364 : m_req_secret_buffer, secured_message_context->hash_size);
365 1 : assert_memory_equal(secured_message_context
366 : ->application_secret.response_data_secret,
367 : m_rsp_secret_buffer, secured_message_context->hash_size);
368 1 : }
369 :
370 : /**
371 : * Test 4: receiving a correct KEY_UPDATE message from the requester, but
372 : * the responder requires resynchronization with the requester.
373 : * Expected behavior: the responder accepts the request, but produces an
374 : * ERROR message indicating the NeedResynch state. No keys are updated.
375 : **/
376 1 : void libspdm_test_responder_key_update_case4(void **state)
377 : {
378 : libspdm_return_t status;
379 : libspdm_test_context_t *spdm_test_context;
380 : libspdm_context_t *spdm_context;
381 : uint32_t session_id;
382 : libspdm_session_info_t *session_info;
383 : libspdm_secured_message_context_t *secured_message_context;
384 :
385 : size_t response_size;
386 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
387 : spdm_key_update_response_t *spdm_response;
388 :
389 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
390 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
391 :
392 1 : spdm_test_context = *state;
393 1 : spdm_context = spdm_test_context->spdm_context;
394 1 : spdm_test_context->case_id = 0x4;
395 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
396 : SPDM_VERSION_NUMBER_SHIFT_BIT;
397 :
398 1 : libspdm_set_standard_key_update_test_state(
399 : spdm_context, &session_id);
400 :
401 : /*need resync state*/
402 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
403 :
404 1 : session_info = &spdm_context->session_info[0];
405 1 : secured_message_context = session_info->secured_message_context;
406 :
407 1 : libspdm_set_standard_key_update_test_secrets(
408 1 : session_info->secured_message_context,
409 : m_rsp_secret_buffer, (uint8_t)(0xFF),
410 : m_req_secret_buffer, (uint8_t)(0xEE));
411 :
412 : /*no keys are updated*/
413 :
414 1 : response_size = sizeof(response);
415 1 : status = libspdm_get_response_key_update(spdm_context,
416 : m_libspdm_key_update_request1_size,
417 : &m_libspdm_key_update_request1,
418 : &response_size, response);
419 :
420 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
421 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
422 1 : spdm_response = (void *)response;
423 1 : assert_int_equal(spdm_response->header.request_response_code,
424 : SPDM_ERROR);
425 1 : assert_int_equal(spdm_response->header.param1,
426 : SPDM_ERROR_CODE_REQUEST_RESYNCH);
427 1 : assert_int_equal(spdm_response->header.param2, 0);
428 1 : assert_int_equal(spdm_context->response_state,
429 : LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
430 1 : assert_memory_equal(secured_message_context
431 : ->application_secret.request_data_secret,
432 : m_req_secret_buffer, secured_message_context->hash_size);
433 1 : assert_memory_equal(secured_message_context
434 : ->application_secret.response_data_secret,
435 : m_rsp_secret_buffer, secured_message_context->hash_size);
436 1 : }
437 :
438 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
439 : /**
440 : * Test 5: receiving a correct KEY_UPDATE from the requester, but the
441 : * responder could not produce the response in time.
442 : * Expected behavior: the responder accepts the request, but produces an
443 : * ERROR message indicating the ResponseNotReady state. No keys are
444 : * updated.
445 : **/
446 1 : void libspdm_test_responder_key_update_case5(void **state)
447 : {
448 : libspdm_return_t status;
449 : libspdm_test_context_t *spdm_test_context;
450 : libspdm_context_t *spdm_context;
451 : uint32_t session_id;
452 : libspdm_session_info_t *session_info;
453 : libspdm_secured_message_context_t *secured_message_context;
454 :
455 : size_t response_size;
456 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
457 : spdm_key_update_response_t *spdm_response;
458 : spdm_error_data_response_not_ready_t *error_data;
459 :
460 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
461 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
462 :
463 1 : spdm_test_context = *state;
464 1 : spdm_context = spdm_test_context->spdm_context;
465 1 : spdm_test_context->case_id = 0x5;
466 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
467 : SPDM_VERSION_NUMBER_SHIFT_BIT;
468 :
469 1 : libspdm_set_standard_key_update_test_state(
470 : spdm_context, &session_id);
471 :
472 : /*not ready state*/
473 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
474 :
475 1 : session_info = &spdm_context->session_info[0];
476 1 : secured_message_context = session_info->secured_message_context;
477 :
478 1 : libspdm_set_standard_key_update_test_secrets(
479 1 : session_info->secured_message_context,
480 : m_rsp_secret_buffer, (uint8_t)(0xFF),
481 : m_req_secret_buffer, (uint8_t)(0xEE));
482 :
483 : /*no keys are updated*/
484 :
485 1 : response_size = sizeof(response);
486 1 : status = libspdm_get_response_key_update(spdm_context,
487 : m_libspdm_key_update_request1_size,
488 : &m_libspdm_key_update_request1,
489 : &response_size, response);
490 :
491 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
492 1 : assert_int_equal(response_size,
493 : sizeof(spdm_error_response_t) +
494 : sizeof(spdm_error_data_response_not_ready_t));
495 1 : spdm_response = (void *)response;
496 1 : error_data =
497 : (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
498 1 : assert_int_equal(spdm_response->header.request_response_code,
499 : SPDM_ERROR);
500 1 : assert_int_equal(spdm_response->header.param1,
501 : SPDM_ERROR_CODE_RESPONSE_NOT_READY);
502 1 : assert_int_equal(spdm_response->header.param2, 0);
503 1 : assert_int_equal(spdm_context->response_state,
504 : LIBSPDM_RESPONSE_STATE_NOT_READY);
505 1 : assert_int_equal(error_data->request_code, SPDM_KEY_UPDATE);
506 1 : assert_memory_equal(secured_message_context
507 : ->application_secret.request_data_secret,
508 : m_req_secret_buffer, secured_message_context->hash_size);
509 1 : assert_memory_equal(secured_message_context
510 : ->application_secret.response_data_secret,
511 : m_rsp_secret_buffer, secured_message_context->hash_size);
512 1 : }
513 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
514 :
515 : /**
516 : * Test 6: receiving a correct KEY_UPDATE from the requester, but the
517 : * responder is not set no receive a FINISH message because previous messages
518 : * (namely, GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or GET_DIGESTS) have not
519 : * been received.
520 : * Expected behavior: the responder rejects the request, and produces an
521 : * ERROR message indicating the UnexpectedRequest. No keys are updated.
522 : **/
523 1 : void libspdm_test_responder_key_update_case6(void **state)
524 : {
525 : libspdm_return_t status;
526 : libspdm_test_context_t *spdm_test_context;
527 : libspdm_context_t *spdm_context;
528 : uint32_t session_id;
529 : libspdm_session_info_t *session_info;
530 : libspdm_secured_message_context_t *secured_message_context;
531 :
532 : size_t response_size;
533 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
534 : spdm_key_update_response_t *spdm_response;
535 :
536 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
537 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
538 :
539 1 : spdm_test_context = *state;
540 1 : spdm_context = spdm_test_context->spdm_context;
541 1 : spdm_test_context->case_id = 0x6;
542 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
543 : SPDM_VERSION_NUMBER_SHIFT_BIT;
544 :
545 1 : libspdm_set_standard_key_update_test_state(
546 : spdm_context, &session_id);
547 :
548 : /*not negotiated state*/
549 1 : spdm_context->connection_info.connection_state =
550 : LIBSPDM_CONNECTION_STATE_NOT_STARTED;
551 :
552 1 : session_info = &spdm_context->session_info[0];
553 1 : secured_message_context = session_info->secured_message_context;
554 :
555 1 : libspdm_set_standard_key_update_test_secrets(
556 1 : session_info->secured_message_context,
557 : m_rsp_secret_buffer, (uint8_t)(0xFF),
558 : m_req_secret_buffer, (uint8_t)(0xEE));
559 :
560 : /*no keys are updated*/
561 :
562 1 : response_size = sizeof(response);
563 1 : status = libspdm_get_response_key_update(spdm_context,
564 : m_libspdm_key_update_request1_size,
565 : &m_libspdm_key_update_request1,
566 : &response_size, response);
567 :
568 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
569 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
570 1 : spdm_response = (void *)response;
571 1 : assert_int_equal(spdm_response->header.request_response_code,
572 : SPDM_ERROR);
573 1 : assert_int_equal(spdm_response->header.param1,
574 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
575 1 : assert_int_equal(spdm_response->header.param2, 0);
576 1 : assert_memory_equal(secured_message_context
577 : ->application_secret.request_data_secret,
578 : m_req_secret_buffer, secured_message_context->hash_size);
579 1 : assert_memory_equal(secured_message_context
580 : ->application_secret.response_data_secret,
581 : m_rsp_secret_buffer, secured_message_context->hash_size);
582 1 : }
583 :
584 1 : void libspdm_test_responder_key_update_case7(void **state)
585 : {
586 : libspdm_return_t status;
587 : libspdm_test_context_t *spdm_test_context;
588 : libspdm_context_t *spdm_context;
589 : uint32_t session_id;
590 : libspdm_session_info_t *session_info;
591 : libspdm_secured_message_context_t *secured_message_context;
592 :
593 : size_t response_size;
594 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
595 : spdm_key_update_response_t *spdm_response;
596 :
597 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
598 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
599 :
600 1 : spdm_test_context = *state;
601 1 : spdm_context = spdm_test_context->spdm_context;
602 1 : spdm_test_context->case_id = 0x7;
603 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
604 : SPDM_VERSION_NUMBER_SHIFT_BIT;
605 :
606 1 : libspdm_set_standard_key_update_test_state(
607 : spdm_context, &session_id);
608 :
609 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
610 : /*"filling" buffers*/
611 : spdm_context->transcript.message_m.buffer_size =
612 : spdm_context->transcript.message_m.max_buffer_size;
613 : spdm_context->transcript.message_b.buffer_size =
614 : spdm_context->transcript.message_b.max_buffer_size;
615 : spdm_context->transcript.message_c.buffer_size =
616 : spdm_context->transcript.message_c.max_buffer_size;
617 : spdm_context->transcript.message_mut_b.buffer_size =
618 : spdm_context->transcript.message_mut_b.max_buffer_size;
619 : spdm_context->transcript.message_mut_c.buffer_size =
620 : spdm_context->transcript.message_mut_c.max_buffer_size;
621 : #endif
622 :
623 1 : session_info = &spdm_context->session_info[0];
624 1 : secured_message_context = session_info->secured_message_context;
625 :
626 1 : libspdm_set_standard_key_update_test_secrets(
627 1 : session_info->secured_message_context,
628 : m_rsp_secret_buffer, (uint8_t)(0xFF),
629 : m_req_secret_buffer, (uint8_t)(0xEE));
630 :
631 : /*request side updated*/
632 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
633 : secured_message_context->hash_size,
634 : m_req_secret_buffer, m_req_secret_buffer,
635 : secured_message_context->hash_size);
636 : /*response side *not* updated*/
637 :
638 1 : response_size = sizeof(response);
639 1 : status = libspdm_get_response_key_update(spdm_context,
640 : m_libspdm_key_update_request1_size,
641 : &m_libspdm_key_update_request1,
642 : &response_size, response);
643 :
644 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
645 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
646 1 : spdm_response = (void *)response;
647 1 : assert_int_equal(spdm_response->header.request_response_code,
648 : SPDM_KEY_UPDATE_ACK);
649 1 : assert_int_equal(spdm_response->header.param1,
650 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
651 1 : assert_int_equal(spdm_response->header.param2,
652 : m_libspdm_key_update_request1.header.param2);
653 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
654 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
655 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
656 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
657 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
658 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
659 : #endif
660 1 : assert_memory_equal(secured_message_context
661 : ->application_secret.request_data_secret,
662 : m_req_secret_buffer, secured_message_context->hash_size);
663 1 : assert_memory_equal(secured_message_context
664 : ->application_secret.response_data_secret,
665 : m_rsp_secret_buffer, secured_message_context->hash_size);
666 1 : }
667 :
668 : /**
669 : * Test 8: receiving a correct KEY_UPDATE message from the requester, but the
670 : * responder has no capabilities for key update.
671 : * Expected behavior: the responder refuses the KEY_UPDATE message and
672 : * produces an ERROR message indicating the UnsupportedRequest. No keys are
673 : * updated.
674 : **/
675 1 : void libspdm_test_responder_key_update_case8(void **state)
676 : {
677 : libspdm_return_t status;
678 : libspdm_test_context_t *spdm_test_context;
679 : libspdm_context_t *spdm_context;
680 : uint32_t session_id;
681 : libspdm_session_info_t *session_info;
682 : libspdm_secured_message_context_t *secured_message_context;
683 :
684 : size_t response_size;
685 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
686 : spdm_key_update_response_t *spdm_response;
687 :
688 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
689 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
690 :
691 1 : spdm_test_context = *state;
692 1 : spdm_context = spdm_test_context->spdm_context;
693 1 : spdm_test_context->case_id = 0x8;
694 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
695 : SPDM_VERSION_NUMBER_SHIFT_BIT;
696 :
697 1 : libspdm_set_standard_key_update_test_state(
698 : spdm_context, &session_id);
699 :
700 : /*no capabilities*/
701 1 : spdm_context->connection_info.capability.flags &=
702 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP;
703 1 : spdm_context->local_context.capability.flags &=
704 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP;
705 :
706 1 : session_info = &spdm_context->session_info[0];
707 1 : secured_message_context = session_info->secured_message_context;
708 :
709 1 : libspdm_set_standard_key_update_test_secrets(
710 1 : session_info->secured_message_context,
711 : m_rsp_secret_buffer, (uint8_t)(0xFF),
712 : m_req_secret_buffer, (uint8_t)(0xEE));
713 :
714 : /*no keys are updated*/
715 :
716 1 : response_size = sizeof(response);
717 1 : status = libspdm_get_response_key_update(spdm_context,
718 : m_libspdm_key_update_request1_size,
719 : &m_libspdm_key_update_request1,
720 : &response_size, response);
721 :
722 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
723 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
724 1 : spdm_response = (void *)response;
725 1 : assert_int_equal(spdm_response->header.request_response_code,
726 : SPDM_ERROR);
727 1 : assert_int_equal(spdm_response->header.param1,
728 : SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
729 1 : assert_int_equal(spdm_response->header.param2, SPDM_KEY_UPDATE);
730 1 : assert_memory_equal(secured_message_context
731 : ->application_secret.request_data_secret,
732 : m_req_secret_buffer, secured_message_context->hash_size);
733 1 : assert_memory_equal(secured_message_context
734 : ->application_secret.response_data_secret,
735 : m_rsp_secret_buffer, secured_message_context->hash_size);
736 1 : }
737 :
738 : /**
739 : * Test 9: receiving a correct KEY_UPDATE message from the requester, but the
740 : * responder is not correctly setup by not initializing a session during
741 : * KEY_EXCHANGE.
742 : * Expected behavior: the responder refuses the KEY_UPDATE message and produces
743 : * an ERROR message indicating the UnsupportedRequest. No keys are updated.
744 : **/
745 1 : void libspdm_test_responder_key_update_case9(void **state)
746 : {
747 : libspdm_return_t status;
748 : libspdm_test_context_t *spdm_test_context;
749 : libspdm_context_t *spdm_context;
750 : uint32_t session_id;
751 : libspdm_session_info_t *session_info;
752 : libspdm_secured_message_context_t *secured_message_context;
753 :
754 : size_t response_size;
755 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
756 : spdm_key_update_response_t *spdm_response;
757 :
758 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
759 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
760 :
761 1 : spdm_test_context = *state;
762 1 : spdm_context = spdm_test_context->spdm_context;
763 1 : spdm_test_context->case_id = 0x9;
764 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
765 : SPDM_VERSION_NUMBER_SHIFT_BIT;
766 :
767 1 : libspdm_set_standard_key_update_test_state(
768 : spdm_context, &session_id);
769 :
770 1 : session_info = &spdm_context->session_info[0];
771 1 : secured_message_context = session_info->secured_message_context;
772 :
773 : /*uninitialized session*/
774 1 : libspdm_secured_message_set_session_state(
775 : session_info->secured_message_context,
776 : LIBSPDM_SESSION_STATE_NOT_STARTED);
777 :
778 1 : libspdm_set_standard_key_update_test_secrets(
779 1 : session_info->secured_message_context,
780 : m_rsp_secret_buffer, (uint8_t)(0xFF),
781 : m_req_secret_buffer, (uint8_t)(0xEE));
782 :
783 : /*no keys are updated*/
784 :
785 1 : response_size = sizeof(response);
786 1 : status = libspdm_get_response_key_update(spdm_context,
787 : m_libspdm_key_update_request1_size,
788 : &m_libspdm_key_update_request1,
789 : &response_size, response);
790 :
791 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
792 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
793 1 : spdm_response = (void *)response;
794 1 : assert_int_equal(spdm_response->header.request_response_code,
795 : SPDM_ERROR);
796 1 : assert_int_equal(spdm_response->header.param1,
797 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
798 1 : assert_int_equal(spdm_response->header.param2, 0);
799 1 : assert_memory_equal(secured_message_context
800 : ->application_secret.request_data_secret,
801 : m_req_secret_buffer, secured_message_context->hash_size);
802 1 : assert_memory_equal(secured_message_context
803 : ->application_secret.response_data_secret,
804 : m_rsp_secret_buffer, secured_message_context->hash_size);
805 1 : }
806 :
807 : /**
808 : * Test 10: receiving a correct KEY_UPDATE message from the requester with
809 : * the UpdateAllKeys operation.
810 : * Expected behavior: the responder accepts the request, produces a valid
811 : * KEY_UPDATE_ACK response message, and both the request data key and the
812 : * response data key are updated.
813 : **/
814 1 : void libspdm_test_responder_key_update_case10(void **state)
815 : {
816 : libspdm_return_t status;
817 : libspdm_test_context_t *spdm_test_context;
818 : libspdm_context_t *spdm_context;
819 : uint32_t session_id;
820 : libspdm_session_info_t *session_info;
821 : libspdm_secured_message_context_t *secured_message_context;
822 :
823 : size_t response_size;
824 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
825 : spdm_key_update_response_t *spdm_response;
826 :
827 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
828 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
829 :
830 1 : spdm_test_context = *state;
831 1 : spdm_context = spdm_test_context->spdm_context;
832 1 : spdm_test_context->case_id = 0xA;
833 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
834 : SPDM_VERSION_NUMBER_SHIFT_BIT;
835 :
836 1 : libspdm_set_standard_key_update_test_state(
837 : spdm_context, &session_id);
838 :
839 1 : session_info = &spdm_context->session_info[0];
840 1 : secured_message_context = session_info->secured_message_context;
841 :
842 1 : libspdm_set_standard_key_update_test_secrets(
843 1 : session_info->secured_message_context,
844 : m_rsp_secret_buffer, (uint8_t)(0xFF),
845 : m_req_secret_buffer, (uint8_t)(0xEE));
846 :
847 : /*request side updated*/
848 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
849 : secured_message_context->hash_size,
850 : m_req_secret_buffer, m_req_secret_buffer,
851 : secured_message_context->hash_size);
852 : /*response side updated*/
853 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
854 : secured_message_context->hash_size,
855 : m_rsp_secret_buffer, m_rsp_secret_buffer,
856 : secured_message_context->hash_size);
857 :
858 1 : response_size = sizeof(response);
859 1 : status = libspdm_get_response_key_update(spdm_context,
860 : m_libspdm_key_update_request3_size,
861 : &m_libspdm_key_update_request3,
862 : &response_size, response);
863 :
864 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
865 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
866 1 : spdm_response = (void *)response;
867 1 : assert_int_equal(spdm_response->header.request_response_code,
868 : SPDM_KEY_UPDATE_ACK);
869 1 : assert_int_equal(spdm_response->header.param1,
870 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS);
871 1 : assert_int_equal(spdm_response->header.param2,
872 : m_libspdm_key_update_request3.header.param2);
873 1 : assert_memory_equal(secured_message_context
874 : ->application_secret.request_data_secret,
875 : m_req_secret_buffer, secured_message_context->hash_size);
876 1 : assert_memory_equal(secured_message_context
877 : ->application_secret.response_data_secret,
878 : m_rsp_secret_buffer, secured_message_context->hash_size);
879 1 : }
880 :
881 : /**
882 : * Test 11: receiving a KEY_UPDATE message larger than specified, with the
883 : * UpdateAllKeys operation.
884 : * Expected behavior: the responder refuses the KEY_UPDATE message and
885 : * produces an ERROR message indicating the InvalidRequest. No keys
886 : * are updated.
887 : **/
888 1 : void libspdm_test_responder_key_update_case11(void **state)
889 : {
890 : libspdm_return_t status;
891 : libspdm_test_context_t *spdm_test_context;
892 : libspdm_context_t *spdm_context;
893 : uint32_t session_id;
894 : libspdm_session_info_t *session_info;
895 : libspdm_secured_message_context_t *secured_message_context;
896 :
897 : size_t response_size;
898 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
899 : spdm_key_update_response_t *spdm_response;
900 :
901 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
902 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
903 :
904 1 : spdm_test_context = *state;
905 1 : spdm_context = spdm_test_context->spdm_context;
906 1 : spdm_test_context->case_id = 0xB;
907 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
908 : SPDM_VERSION_NUMBER_SHIFT_BIT;
909 :
910 1 : libspdm_set_standard_key_update_test_state(
911 : spdm_context, &session_id);
912 :
913 1 : session_info = &spdm_context->session_info[0];
914 1 : secured_message_context = session_info->secured_message_context;
915 :
916 1 : libspdm_set_standard_key_update_test_secrets(
917 1 : session_info->secured_message_context,
918 : m_rsp_secret_buffer, (uint8_t)(0xFF),
919 : m_req_secret_buffer, (uint8_t)(0xEE));
920 :
921 : /*no keys are updated*/
922 :
923 1 : response_size = sizeof(response);
924 1 : status = libspdm_get_response_key_update(spdm_context,
925 : m_libspdm_key_update_request4_size,
926 : &m_libspdm_key_update_request4,
927 : &response_size, response);
928 :
929 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
930 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
931 1 : spdm_response = (void *)response;
932 1 : assert_int_equal(spdm_response->header.request_response_code,
933 : SPDM_ERROR);
934 1 : assert_int_equal(spdm_response->header.param1,
935 : SPDM_ERROR_CODE_INVALID_REQUEST);
936 1 : assert_int_equal(spdm_response->header.param2, 0);
937 1 : assert_memory_equal(secured_message_context
938 : ->application_secret.request_data_secret,
939 : m_req_secret_buffer, secured_message_context->hash_size);
940 1 : assert_memory_equal(secured_message_context
941 : ->application_secret.response_data_secret,
942 : m_rsp_secret_buffer, secured_message_context->hash_size);
943 1 : }
944 :
945 : /**
946 : * Test 12: receiving a correct KEY_UPDATE message from the requester with
947 : * the VerifyNewKey operation. The responder is setup as if a valid
948 : * KEY_UPDATE request with the UpdateKey has been previously received.
949 : * Expected behavior: the responder accepts the request, produces a valid
950 : * KEY_UPDATE_ACK response message, and the request data key is updated.
951 : **/
952 1 : void libspdm_test_responder_key_update_case12(void **state)
953 : {
954 : libspdm_return_t status;
955 : libspdm_test_context_t *spdm_test_context;
956 : libspdm_context_t *spdm_context;
957 : uint32_t session_id;
958 : libspdm_session_info_t *session_info;
959 : libspdm_secured_message_context_t *secured_message_context;
960 :
961 : size_t response_size;
962 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
963 : spdm_key_update_response_t *spdm_response;
964 :
965 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
966 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
967 :
968 1 : spdm_test_context = *state;
969 1 : spdm_context = spdm_test_context->spdm_context;
970 1 : spdm_test_context->case_id = 0xC;
971 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
972 : SPDM_VERSION_NUMBER_SHIFT_BIT;
973 :
974 1 : libspdm_set_standard_key_update_test_state(
975 : spdm_context, &session_id);
976 :
977 1 : session_info = &spdm_context->session_info[0];
978 1 : secured_message_context = session_info->secured_message_context;
979 :
980 1 : libspdm_set_standard_key_update_test_secrets(
981 1 : session_info->secured_message_context,
982 : m_rsp_secret_buffer, (uint8_t)(0xFF),
983 : m_req_secret_buffer, (uint8_t)(0xEE));
984 :
985 : /*last request: UpdateKey*/
986 1 : session_info->last_key_update_request = m_libspdm_key_update_request1;
987 :
988 : /*mocked major secret update*/
989 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
990 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
991 1 : &secured_message_context->application_secret.request_data_secret,
992 : LIBSPDM_MAX_HASH_SIZE);
993 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
994 : secured_message_context->hash_size,
995 : secured_message_context->application_secret
996 1 : .request_data_secret,
997 : secured_message_context->application_secret
998 1 : .request_data_secret,
999 : secured_message_context->hash_size);
1000 :
1001 : /*request side updated*/
1002 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1003 : secured_message_context->hash_size,
1004 : m_req_secret_buffer, m_req_secret_buffer,
1005 : secured_message_context->hash_size);
1006 : /*response side *not* updated*/
1007 :
1008 1 : response_size = sizeof(response);
1009 1 : status = libspdm_get_response_key_update(spdm_context,
1010 : m_libspdm_key_update_request5_size,
1011 : &m_libspdm_key_update_request5,
1012 : &response_size, response);
1013 :
1014 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1015 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1016 1 : spdm_response = (void *)response;
1017 1 : assert_int_equal(spdm_response->header.request_response_code,
1018 : SPDM_KEY_UPDATE_ACK);
1019 1 : assert_int_equal(spdm_response->header.param1,
1020 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY);
1021 1 : assert_int_equal(spdm_response->header.param2,
1022 : m_libspdm_key_update_request5.header.param2);
1023 1 : assert_memory_equal(secured_message_context
1024 : ->application_secret.request_data_secret,
1025 : m_req_secret_buffer, secured_message_context->hash_size);
1026 1 : assert_memory_equal(secured_message_context
1027 : ->application_secret.response_data_secret,
1028 : m_rsp_secret_buffer, secured_message_context->hash_size);
1029 1 : }
1030 :
1031 : /**
1032 : * Test 13: receiving a KEY_UPDATE message larger than specified, with the
1033 : * VerifyNewKey operation. The responder is setup as if a valid KEY_UPDATE
1034 : * request with the UpdateKey has been previously received.
1035 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1036 : * produces an ERROR message indicating the InvalidRequest. The request
1037 : * data key is not rolled back to before the UpdateKey.
1038 : **/
1039 1 : void libspdm_test_responder_key_update_case13(void **state)
1040 : {
1041 : libspdm_return_t status;
1042 : libspdm_test_context_t *spdm_test_context;
1043 : libspdm_context_t *spdm_context;
1044 : uint32_t session_id;
1045 : libspdm_session_info_t *session_info;
1046 : libspdm_secured_message_context_t *secured_message_context;
1047 :
1048 : size_t response_size;
1049 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1050 : spdm_key_update_response_t *spdm_response;
1051 :
1052 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1053 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1054 :
1055 1 : spdm_test_context = *state;
1056 1 : spdm_context = spdm_test_context->spdm_context;
1057 1 : spdm_test_context->case_id = 0xD;
1058 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1059 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1060 :
1061 1 : libspdm_set_standard_key_update_test_state(
1062 : spdm_context, &session_id);
1063 :
1064 1 : session_info = &spdm_context->session_info[0];
1065 1 : secured_message_context = session_info->secured_message_context;
1066 :
1067 1 : libspdm_set_standard_key_update_test_secrets(
1068 1 : session_info->secured_message_context,
1069 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1070 : m_req_secret_buffer, (uint8_t)(0xEE));
1071 :
1072 : /*last request: UpdateKey*/
1073 1 : session_info->last_key_update_request = m_libspdm_key_update_request1;
1074 :
1075 : /*mocked major secret update*/
1076 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
1077 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
1078 1 : &secured_message_context->application_secret.request_data_secret,
1079 : LIBSPDM_MAX_HASH_SIZE);
1080 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1081 : secured_message_context->hash_size,
1082 : secured_message_context->application_secret
1083 1 : .request_data_secret,
1084 : secured_message_context->application_secret
1085 1 : .request_data_secret,
1086 : secured_message_context->hash_size);
1087 :
1088 : /*request side updated*/
1089 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1090 : secured_message_context->hash_size,
1091 : m_req_secret_buffer, m_req_secret_buffer,
1092 : secured_message_context->hash_size);
1093 : /*response side *not* updated*/
1094 :
1095 1 : response_size = sizeof(response);
1096 1 : status = libspdm_get_response_key_update(spdm_context,
1097 : m_libspdm_key_update_request6_size,
1098 : &m_libspdm_key_update_request6,
1099 : &response_size, response);
1100 :
1101 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1102 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1103 1 : spdm_response = (void *)response;
1104 1 : assert_int_equal(spdm_response->header.request_response_code,
1105 : SPDM_ERROR);
1106 1 : assert_int_equal(spdm_response->header.param1,
1107 : SPDM_ERROR_CODE_INVALID_REQUEST);
1108 1 : assert_int_equal(spdm_response->header.param2, 0);
1109 1 : assert_memory_equal(secured_message_context
1110 : ->application_secret.request_data_secret,
1111 : m_req_secret_buffer, secured_message_context->hash_size);
1112 1 : assert_memory_equal(secured_message_context
1113 : ->application_secret.response_data_secret,
1114 : m_rsp_secret_buffer, secured_message_context->hash_size);
1115 1 : }
1116 :
1117 : /**
1118 : * Test 14: receiving a correct KEY_UPDATE message from the requester with
1119 : * the VerifyNewKey operation. The responder is setup as if a valid
1120 : * KEY_UPDATE request with the UpdateAllKeys has been previously received.
1121 : * Expected behavior: the responder accepts the request, produces a valid
1122 : * KEY_UPDATE_ACK response message, and both the request data key and the
1123 : * response data key are updated.
1124 : **/
1125 1 : void libspdm_test_responder_key_update_case14(void **state)
1126 : {
1127 : libspdm_return_t status;
1128 : libspdm_test_context_t *spdm_test_context;
1129 : libspdm_context_t *spdm_context;
1130 : uint32_t session_id;
1131 : libspdm_session_info_t *session_info;
1132 : libspdm_secured_message_context_t *secured_message_context;
1133 :
1134 : size_t response_size;
1135 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1136 : spdm_key_update_response_t *spdm_response;
1137 :
1138 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1139 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1140 :
1141 1 : spdm_test_context = *state;
1142 1 : spdm_context = spdm_test_context->spdm_context;
1143 1 : spdm_test_context->case_id = 0xE;
1144 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1145 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1146 :
1147 1 : libspdm_set_standard_key_update_test_state(
1148 : spdm_context, &session_id);
1149 :
1150 1 : session_info = &spdm_context->session_info[0];
1151 1 : secured_message_context = session_info->secured_message_context;
1152 :
1153 1 : libspdm_set_standard_key_update_test_secrets(
1154 1 : session_info->secured_message_context,
1155 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1156 : m_req_secret_buffer, (uint8_t)(0xEE));
1157 :
1158 : /*last request: UpdateallKeys*/
1159 1 : session_info->last_key_update_request = m_libspdm_key_update_request3;
1160 :
1161 : /*mocked major secret update*/
1162 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
1163 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
1164 1 : &secured_message_context->application_secret.request_data_secret,
1165 : LIBSPDM_MAX_HASH_SIZE);
1166 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.response_data_secret,
1167 : sizeof(secured_message_context->application_secret_backup.response_data_secret),
1168 1 : &secured_message_context->application_secret.response_data_secret,
1169 : LIBSPDM_MAX_HASH_SIZE);
1170 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1171 : secured_message_context->hash_size,
1172 : secured_message_context->application_secret
1173 1 : .request_data_secret,
1174 : secured_message_context->application_secret
1175 1 : .request_data_secret,
1176 : secured_message_context->hash_size);
1177 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1178 : secured_message_context->hash_size,
1179 : secured_message_context->application_secret
1180 1 : .response_data_secret,
1181 : secured_message_context->application_secret
1182 1 : .response_data_secret,
1183 : secured_message_context->hash_size);
1184 :
1185 : /*request side updated*/
1186 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1187 : secured_message_context->hash_size,
1188 : m_req_secret_buffer, m_req_secret_buffer,
1189 : secured_message_context->hash_size);
1190 : /*response side updated*/
1191 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1192 : secured_message_context->hash_size,
1193 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1194 : secured_message_context->hash_size);
1195 :
1196 1 : response_size = sizeof(response);
1197 1 : status = libspdm_get_response_key_update(spdm_context,
1198 : m_libspdm_key_update_request5_size,
1199 : &m_libspdm_key_update_request5,
1200 : &response_size, response);
1201 :
1202 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1203 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1204 1 : spdm_response = (void *)response;
1205 1 : assert_int_equal(spdm_response->header.request_response_code,
1206 : SPDM_KEY_UPDATE_ACK);
1207 1 : assert_int_equal(spdm_response->header.param1,
1208 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY);
1209 1 : assert_int_equal(spdm_response->header.param2,
1210 : m_libspdm_key_update_request5.header.param2);
1211 1 : assert_memory_equal(secured_message_context
1212 : ->application_secret.request_data_secret,
1213 : m_req_secret_buffer, secured_message_context->hash_size);
1214 1 : assert_memory_equal(secured_message_context
1215 : ->application_secret.response_data_secret,
1216 : m_rsp_secret_buffer, secured_message_context->hash_size);
1217 1 : }
1218 :
1219 : /**
1220 : * Test 15: receiving a KEY_UPDATE message larger than specified, with the
1221 : * VerifyNewKey operation. The responder is setup as if a valid KEY_UPDATE
1222 : * request with the UpdateAllKeys has been previously received.
1223 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1224 : * produces an ERROR message indicating the InvalidRequest. Neither the
1225 : * request data key nor the response data key are rolled back to before
1226 : * the UpdateAllKeys.
1227 : **/
1228 1 : void libspdm_test_responder_key_update_case15(void **state)
1229 : {
1230 : libspdm_return_t status;
1231 : libspdm_test_context_t *spdm_test_context;
1232 : libspdm_context_t *spdm_context;
1233 : uint32_t session_id;
1234 : libspdm_session_info_t *session_info;
1235 : libspdm_secured_message_context_t *secured_message_context;
1236 :
1237 : size_t response_size;
1238 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1239 : spdm_key_update_response_t *spdm_response;
1240 :
1241 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1242 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1243 :
1244 1 : spdm_test_context = *state;
1245 1 : spdm_context = spdm_test_context->spdm_context;
1246 1 : spdm_test_context->case_id = 0xF;
1247 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1248 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1249 :
1250 1 : libspdm_set_standard_key_update_test_state(
1251 : spdm_context, &session_id);
1252 :
1253 1 : session_info = &spdm_context->session_info[0];
1254 1 : secured_message_context = session_info->secured_message_context;
1255 :
1256 1 : libspdm_set_standard_key_update_test_secrets(
1257 1 : session_info->secured_message_context,
1258 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1259 : m_req_secret_buffer, (uint8_t)(0xEE));
1260 :
1261 : /*last request: UpdateAllKeys*/
1262 1 : session_info->last_key_update_request = m_libspdm_key_update_request3;
1263 :
1264 : /*mocked major secret update*/
1265 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
1266 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
1267 1 : &secured_message_context->application_secret.request_data_secret,
1268 : LIBSPDM_MAX_HASH_SIZE);
1269 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.response_data_secret,
1270 : sizeof(secured_message_context->application_secret_backup.response_data_secret),
1271 1 : &secured_message_context->application_secret.response_data_secret,
1272 : LIBSPDM_MAX_HASH_SIZE);
1273 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1274 : secured_message_context->hash_size,
1275 : secured_message_context->application_secret
1276 1 : .request_data_secret,
1277 : secured_message_context->application_secret
1278 1 : .request_data_secret,
1279 : secured_message_context->hash_size);
1280 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1281 : secured_message_context->hash_size,
1282 : secured_message_context->application_secret
1283 1 : .response_data_secret,
1284 : secured_message_context->application_secret
1285 1 : .response_data_secret,
1286 : secured_message_context->hash_size);
1287 :
1288 : /*request side updated*/
1289 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1290 : secured_message_context->hash_size,
1291 : m_req_secret_buffer, m_req_secret_buffer,
1292 : secured_message_context->hash_size);
1293 : /*response side updated*/
1294 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1295 : secured_message_context->hash_size,
1296 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1297 : secured_message_context->hash_size);
1298 :
1299 1 : response_size = sizeof(response);
1300 1 : status = libspdm_get_response_key_update(spdm_context,
1301 : m_libspdm_key_update_request6_size,
1302 : &m_libspdm_key_update_request6,
1303 : &response_size, response);
1304 :
1305 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1306 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1307 1 : spdm_response = (void *)response;
1308 1 : assert_int_equal(spdm_response->header.request_response_code,
1309 : SPDM_ERROR);
1310 1 : assert_int_equal(spdm_response->header.param1,
1311 : SPDM_ERROR_CODE_INVALID_REQUEST);
1312 1 : assert_int_equal(spdm_response->header.param2, 0);
1313 1 : assert_memory_equal(secured_message_context
1314 : ->application_secret.request_data_secret,
1315 : m_req_secret_buffer, secured_message_context->hash_size);
1316 1 : assert_memory_equal(secured_message_context
1317 : ->application_secret.response_data_secret,
1318 : m_rsp_secret_buffer, secured_message_context->hash_size);
1319 1 : }
1320 :
1321 : /**
1322 : * Test 16: receiving a invalid KEY_UPDATE message from the requester with
1323 : * the VerifyNewKey operation. The responder is setup as if no valid
1324 : * KEY_UPDATE request with either the UpdateKey or UpdateAllKeys has been
1325 : * previously received.
1326 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1327 : * produces an ERROR message indicating the InvalidRequest. No keys are
1328 : * updated.
1329 : **/
1330 1 : void libspdm_test_responder_key_update_case16(void **state)
1331 : {
1332 : libspdm_return_t status;
1333 : libspdm_test_context_t *spdm_test_context;
1334 : libspdm_context_t *spdm_context;
1335 : uint32_t session_id;
1336 : libspdm_session_info_t *session_info;
1337 : libspdm_secured_message_context_t *secured_message_context;
1338 :
1339 : size_t response_size;
1340 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1341 : spdm_key_update_response_t *spdm_response;
1342 :
1343 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1344 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1345 :
1346 1 : spdm_test_context = *state;
1347 1 : spdm_context = spdm_test_context->spdm_context;
1348 1 : spdm_test_context->case_id = 0x10;
1349 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1350 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1351 :
1352 1 : libspdm_set_standard_key_update_test_state(
1353 : spdm_context, &session_id);
1354 :
1355 1 : session_info = &spdm_context->session_info[0];
1356 1 : secured_message_context = session_info->secured_message_context;
1357 :
1358 1 : libspdm_set_standard_key_update_test_secrets(
1359 1 : session_info->secured_message_context,
1360 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1361 : m_req_secret_buffer, (uint8_t)(0xEE));
1362 :
1363 : /*no mocked major secret update*/
1364 :
1365 : /*no keys are updated*/
1366 :
1367 1 : response_size = sizeof(response);
1368 1 : status = libspdm_get_response_key_update(spdm_context,
1369 : m_libspdm_key_update_request5_size,
1370 : &m_libspdm_key_update_request5,
1371 : &response_size, response);
1372 :
1373 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1374 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1375 1 : spdm_response = (void *)response;
1376 1 : assert_int_equal(spdm_response->header.request_response_code,
1377 : SPDM_ERROR);
1378 1 : assert_int_equal(spdm_response->header.param1,
1379 : SPDM_ERROR_CODE_INVALID_REQUEST);
1380 1 : assert_int_equal(spdm_response->header.param2, 0);
1381 1 : assert_memory_equal(secured_message_context
1382 : ->application_secret.request_data_secret,
1383 : m_req_secret_buffer, secured_message_context->hash_size);
1384 1 : assert_memory_equal(secured_message_context
1385 : ->application_secret.response_data_secret,
1386 : m_rsp_secret_buffer, secured_message_context->hash_size);
1387 1 : }
1388 :
1389 : /**
1390 : * Test 17: UpdateKey + UpdateKey, last key operation is update key, current key operation is update key
1391 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1392 : * produces an ERROR message indicating the InvalidRequest. No keys are
1393 : * updated.
1394 : **/
1395 1 : void libspdm_test_responder_key_update_case17(void **state)
1396 : {
1397 : libspdm_return_t status;
1398 : libspdm_test_context_t *spdm_test_context;
1399 : libspdm_context_t *spdm_context;
1400 : uint32_t session_id;
1401 : libspdm_session_info_t *session_info;
1402 : libspdm_secured_message_context_t *secured_message_context;
1403 :
1404 : size_t response_size;
1405 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1406 : spdm_key_update_response_t *spdm_response;
1407 :
1408 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1409 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1410 :
1411 1 : spdm_test_context = *state;
1412 1 : spdm_context = spdm_test_context->spdm_context;
1413 1 : spdm_test_context->case_id = 0x11;
1414 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1415 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1416 :
1417 1 : libspdm_set_standard_key_update_test_state(
1418 : spdm_context, &session_id);
1419 :
1420 1 : session_info = &spdm_context->session_info[0];
1421 1 : secured_message_context = session_info->secured_message_context;
1422 :
1423 1 : libspdm_set_standard_key_update_test_secrets(
1424 1 : session_info->secured_message_context,
1425 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1426 : m_req_secret_buffer, (uint8_t)(0xEE));
1427 :
1428 : /*last request: UpdateKey*/
1429 1 : session_info->last_key_update_request = m_libspdm_key_update_request1;
1430 :
1431 : /*mocked major secret update*/
1432 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
1433 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
1434 1 : &secured_message_context->application_secret.request_data_secret,
1435 : LIBSPDM_MAX_HASH_SIZE);
1436 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1437 : secured_message_context->hash_size,
1438 : secured_message_context->application_secret
1439 1 : .request_data_secret,
1440 : secured_message_context->application_secret
1441 1 : .request_data_secret,
1442 : secured_message_context->hash_size);
1443 :
1444 : /*request side updated (once)*/
1445 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1446 : secured_message_context->hash_size,
1447 : m_req_secret_buffer, m_req_secret_buffer,
1448 : secured_message_context->hash_size);
1449 : /*response side *not* updated*/
1450 :
1451 1 : response_size = sizeof(response);
1452 1 : status = libspdm_get_response_key_update(spdm_context,
1453 : m_libspdm_key_update_request1_size,
1454 : &m_libspdm_key_update_request1,
1455 : &response_size, response);
1456 :
1457 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1458 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1459 1 : spdm_response = (void *)response;
1460 1 : assert_int_equal(spdm_response->header.request_response_code,
1461 : SPDM_ERROR);
1462 1 : assert_int_equal(spdm_response->header.param1,
1463 : SPDM_ERROR_CODE_INVALID_REQUEST);
1464 1 : }
1465 :
1466 : /**
1467 : * Test 18: UpdateKey + UpdateAllKeys, last key operation is update key, current key operation is update all key
1468 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1469 : * produces an ERROR message indicating the InvalidRequest. No keys are
1470 : * updated.
1471 : **/
1472 1 : void libspdm_test_responder_key_update_case18(void **state)
1473 : {
1474 : libspdm_return_t status;
1475 : libspdm_test_context_t *spdm_test_context;
1476 : libspdm_context_t *spdm_context;
1477 : uint32_t session_id;
1478 : libspdm_session_info_t *session_info;
1479 : libspdm_secured_message_context_t *secured_message_context;
1480 :
1481 : size_t response_size;
1482 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1483 : spdm_key_update_response_t *spdm_response;
1484 :
1485 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1486 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1487 :
1488 1 : spdm_test_context = *state;
1489 1 : spdm_context = spdm_test_context->spdm_context;
1490 1 : spdm_test_context->case_id = 0x12;
1491 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1492 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1493 :
1494 1 : libspdm_set_standard_key_update_test_state(
1495 : spdm_context, &session_id);
1496 :
1497 1 : session_info = &spdm_context->session_info[0];
1498 1 : secured_message_context = session_info->secured_message_context;
1499 :
1500 1 : libspdm_set_standard_key_update_test_secrets(
1501 1 : session_info->secured_message_context,
1502 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1503 : m_req_secret_buffer, (uint8_t)(0xEE));
1504 :
1505 : /*last request: UpdateKey*/
1506 1 : session_info->last_key_update_request = m_libspdm_key_update_request1;
1507 :
1508 : /*mocked major secret update*/
1509 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
1510 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
1511 1 : &secured_message_context->application_secret.request_data_secret,
1512 : LIBSPDM_MAX_HASH_SIZE);
1513 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.response_data_secret,
1514 : sizeof(secured_message_context->application_secret_backup.response_data_secret),
1515 1 : &secured_message_context->application_secret.response_data_secret,
1516 : LIBSPDM_MAX_HASH_SIZE);
1517 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1518 : secured_message_context->hash_size,
1519 : secured_message_context->application_secret
1520 1 : .request_data_secret,
1521 : secured_message_context->application_secret
1522 1 : .request_data_secret,
1523 : secured_message_context->hash_size);
1524 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1525 : secured_message_context->hash_size,
1526 : secured_message_context->application_secret
1527 1 : .response_data_secret,
1528 : secured_message_context->application_secret
1529 1 : .response_data_secret,
1530 : secured_message_context->hash_size);
1531 :
1532 : /*request side updated (once)*/
1533 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1534 : secured_message_context->hash_size,
1535 : m_req_secret_buffer, m_req_secret_buffer,
1536 : secured_message_context->hash_size);
1537 : /*response side updated (once)*/
1538 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1539 : secured_message_context->hash_size,
1540 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1541 : secured_message_context->hash_size);
1542 :
1543 1 : response_size = sizeof(response);
1544 : /*UpdateAllKeys*/
1545 1 : status = libspdm_get_response_key_update(spdm_context,
1546 : m_libspdm_key_update_request3_size,
1547 : &m_libspdm_key_update_request3,
1548 : &response_size, response);
1549 :
1550 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1551 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1552 1 : spdm_response = (void *)response;
1553 1 : assert_int_equal(spdm_response->header.request_response_code,
1554 : SPDM_ERROR);
1555 1 : assert_int_equal(spdm_response->header.param1,
1556 : SPDM_ERROR_CODE_INVALID_REQUEST);
1557 1 : }
1558 :
1559 : /**
1560 : * Test 19:UpdateAllKeys + UpdateKey, last key operation is update all key, current key operation is update key
1561 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1562 : * produces an ERROR message indicating the InvalidRequest. No keys are
1563 : * updated.
1564 : **/
1565 1 : void libspdm_test_responder_key_update_case19(void **state)
1566 : {
1567 : libspdm_return_t status;
1568 : libspdm_test_context_t *spdm_test_context;
1569 : libspdm_context_t *spdm_context;
1570 : uint32_t session_id;
1571 : libspdm_session_info_t *session_info;
1572 :
1573 : size_t response_size;
1574 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1575 : spdm_key_update_response_t *spdm_response;
1576 :
1577 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1578 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1579 :
1580 1 : spdm_test_context = *state;
1581 1 : spdm_context = spdm_test_context->spdm_context;
1582 1 : spdm_test_context->case_id = 0x13;
1583 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1584 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1585 :
1586 1 : libspdm_set_standard_key_update_test_state(
1587 : spdm_context, &session_id);
1588 :
1589 1 : session_info = &spdm_context->session_info[0];
1590 :
1591 1 : libspdm_set_standard_key_update_test_secrets(
1592 1 : session_info->secured_message_context,
1593 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1594 : m_req_secret_buffer, (uint8_t)(0xEE));
1595 :
1596 : /*last request: UpdateAllKeys*/
1597 1 : session_info->last_key_update_request = m_libspdm_key_update_request3;
1598 :
1599 : /*UpdateKey*/
1600 1 : response_size = sizeof(response);
1601 1 : status = libspdm_get_response_key_update(spdm_context,
1602 : m_libspdm_key_update_request1_size,
1603 : &m_libspdm_key_update_request1,
1604 : &response_size, response);
1605 :
1606 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1607 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1608 1 : spdm_response = (void *)response;
1609 1 : assert_int_equal(spdm_response->header.request_response_code,
1610 : SPDM_ERROR);
1611 1 : assert_int_equal(spdm_response->header.param1,
1612 : SPDM_ERROR_CODE_INVALID_REQUEST);
1613 1 : }
1614 :
1615 : /**
1616 : * Test 20:UpdateAllKeys + UpdateALlKeys, last key operation is update all key, current key operation is update all key
1617 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1618 : * produces an ERROR message indicating the InvalidRequest. No keys are
1619 : * updated.
1620 : **/
1621 1 : void libspdm_test_responder_key_update_case20(void **state)
1622 : {
1623 : libspdm_return_t status;
1624 : libspdm_test_context_t *spdm_test_context;
1625 : libspdm_context_t *spdm_context;
1626 : uint32_t session_id;
1627 : libspdm_session_info_t *session_info;
1628 :
1629 : size_t response_size;
1630 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1631 : spdm_key_update_response_t *spdm_response;
1632 :
1633 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1634 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1635 :
1636 1 : spdm_test_context = *state;
1637 1 : spdm_context = spdm_test_context->spdm_context;
1638 1 : spdm_test_context->case_id = 0x14;
1639 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1640 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1641 :
1642 1 : libspdm_set_standard_key_update_test_state(
1643 : spdm_context, &session_id);
1644 :
1645 1 : session_info = &spdm_context->session_info[0];
1646 :
1647 1 : libspdm_set_standard_key_update_test_secrets(
1648 1 : session_info->secured_message_context,
1649 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1650 : m_req_secret_buffer, (uint8_t)(0xEE));
1651 :
1652 : /*last request: UpdateAllKeys*/
1653 1 : session_info->last_key_update_request = m_libspdm_key_update_request3;
1654 :
1655 : /*UpdateAllKeys*/
1656 1 : response_size = sizeof(response);
1657 1 : status = libspdm_get_response_key_update(spdm_context,
1658 : m_libspdm_key_update_request3_size,
1659 : &m_libspdm_key_update_request3,
1660 : &response_size, response);
1661 :
1662 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1663 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1664 1 : spdm_response = (void *)response;
1665 1 : assert_int_equal(spdm_response->header.request_response_code,
1666 : SPDM_ERROR);
1667 1 : assert_int_equal(spdm_response->header.param1,
1668 : SPDM_ERROR_CODE_INVALID_REQUEST);
1669 1 : }
1670 :
1671 : /**
1672 : * Test 21: :VerifyNewKey + UpdateKey, last key operation is verify key, current key operation is update key
1673 : * Expected behavior: the responder accepts the request, produces a valid
1674 : * KEY_UPDATE_ACK response message, and the request data key is updated.
1675 : **/
1676 1 : void libspdm_test_responder_key_update_case21(void **state)
1677 : {
1678 : libspdm_return_t status;
1679 : libspdm_test_context_t *spdm_test_context;
1680 : libspdm_context_t *spdm_context;
1681 : uint32_t session_id;
1682 : libspdm_session_info_t *session_info;
1683 : libspdm_secured_message_context_t *secured_message_context;
1684 :
1685 : size_t response_size;
1686 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1687 : spdm_key_update_response_t *spdm_response;
1688 :
1689 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1690 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1691 :
1692 1 : spdm_test_context = *state;
1693 1 : spdm_context = spdm_test_context->spdm_context;
1694 1 : spdm_test_context->case_id = 0x15;
1695 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1696 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1697 :
1698 1 : libspdm_set_standard_key_update_test_state(
1699 : spdm_context, &session_id);
1700 :
1701 1 : session_info = &spdm_context->session_info[0];
1702 1 : secured_message_context = session_info->secured_message_context;
1703 :
1704 1 : libspdm_set_standard_key_update_test_secrets(
1705 1 : session_info->secured_message_context,
1706 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1707 : m_req_secret_buffer, (uint8_t)(0xEE));
1708 :
1709 : /*request side updated*/
1710 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1711 : secured_message_context->hash_size,
1712 : m_req_secret_buffer, m_req_secret_buffer,
1713 : secured_message_context->hash_size);
1714 : /*response side *not* updated*/
1715 :
1716 : /*last request: verify new key*/
1717 1 : session_info->last_key_update_request = m_libspdm_key_update_request5;
1718 : /*verify new key clear last_key_update_request*/
1719 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
1720 :
1721 : /*updatekey*/
1722 1 : response_size = sizeof(response);
1723 1 : status = libspdm_get_response_key_update(spdm_context,
1724 : m_libspdm_key_update_request1_size,
1725 : &m_libspdm_key_update_request1,
1726 : &response_size, response);
1727 :
1728 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1729 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1730 1 : spdm_response = (void *)response;
1731 1 : assert_int_equal(spdm_response->header.request_response_code,
1732 : SPDM_KEY_UPDATE_ACK);
1733 1 : assert_int_equal(spdm_response->header.param1,
1734 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
1735 1 : assert_int_equal(spdm_response->header.param2,
1736 : m_libspdm_key_update_request1.header.param2);
1737 1 : assert_memory_equal(secured_message_context
1738 : ->application_secret.request_data_secret,
1739 : m_req_secret_buffer, secured_message_context->hash_size);
1740 1 : assert_memory_equal(secured_message_context
1741 : ->application_secret.response_data_secret,
1742 : m_rsp_secret_buffer, secured_message_context->hash_size);
1743 1 : }
1744 :
1745 : /**
1746 : * Test 22: :VerifyNewKey + UpdateAllKeys, last key operation is verify key, current key operation is update all key
1747 : * Expected behavior: the responder accepts the request, produces a valid
1748 : * KEY_UPDATE_ACK response message, and the request data key is updated.
1749 : **/
1750 1 : void libspdm_test_responder_key_update_case22(void **state)
1751 : {
1752 : libspdm_return_t status;
1753 : libspdm_test_context_t *spdm_test_context;
1754 : libspdm_context_t *spdm_context;
1755 : uint32_t session_id;
1756 : libspdm_session_info_t *session_info;
1757 : libspdm_secured_message_context_t *secured_message_context;
1758 :
1759 : size_t response_size;
1760 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1761 : spdm_key_update_response_t *spdm_response;
1762 :
1763 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1764 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1765 :
1766 1 : spdm_test_context = *state;
1767 1 : spdm_context = spdm_test_context->spdm_context;
1768 1 : spdm_test_context->case_id = 0x16;
1769 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1770 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1771 :
1772 1 : libspdm_set_standard_key_update_test_state(
1773 : spdm_context, &session_id);
1774 :
1775 1 : session_info = &spdm_context->session_info[0];
1776 1 : secured_message_context = session_info->secured_message_context;
1777 :
1778 1 : libspdm_set_standard_key_update_test_secrets(
1779 1 : session_info->secured_message_context,
1780 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1781 : m_req_secret_buffer, (uint8_t)(0xEE));
1782 :
1783 : /*request side updated*/
1784 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1785 : secured_message_context->hash_size,
1786 : m_req_secret_buffer, m_req_secret_buffer,
1787 : secured_message_context->hash_size);
1788 : /*response side updated*/
1789 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1790 : secured_message_context->hash_size,
1791 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1792 : secured_message_context->hash_size);
1793 :
1794 : /*last request: verify new key*/
1795 1 : session_info->last_key_update_request = m_libspdm_key_update_request5;
1796 : /*clear last_key_update_request*/
1797 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
1798 :
1799 1 : response_size = sizeof(response);
1800 1 : status = libspdm_get_response_key_update(spdm_context,
1801 : m_libspdm_key_update_request3_size,
1802 : &m_libspdm_key_update_request3,
1803 : &response_size, response);
1804 :
1805 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1806 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1807 1 : spdm_response = (void *)response;
1808 1 : assert_int_equal(spdm_response->header.request_response_code,
1809 : SPDM_KEY_UPDATE_ACK);
1810 1 : assert_int_equal(spdm_response->header.param1,
1811 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS);
1812 1 : assert_int_equal(spdm_response->header.param2,
1813 : m_libspdm_key_update_request3.header.param2);
1814 1 : assert_memory_equal(secured_message_context
1815 : ->application_secret.request_data_secret,
1816 : m_req_secret_buffer, secured_message_context->hash_size);
1817 1 : assert_memory_equal(secured_message_context
1818 : ->application_secret.response_data_secret,
1819 : m_rsp_secret_buffer, secured_message_context->hash_size);
1820 1 : }
1821 :
1822 : /**
1823 : * Test 23: VerifyNewKey + VerifyNewKey, last key operation is verify key, current key operation is verify key
1824 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1825 : * produces an ERROR message indicating the InvalidRequest. No keys are
1826 : * updated.
1827 : **/
1828 1 : void libspdm_test_responder_key_update_case23(void **state)
1829 : {
1830 : libspdm_return_t status;
1831 : libspdm_test_context_t *spdm_test_context;
1832 : libspdm_context_t *spdm_context;
1833 : uint32_t session_id;
1834 : libspdm_session_info_t *session_info;
1835 :
1836 : size_t response_size;
1837 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1838 : spdm_key_update_response_t *spdm_response;
1839 :
1840 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1841 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1842 :
1843 1 : spdm_test_context = *state;
1844 1 : spdm_context = spdm_test_context->spdm_context;
1845 1 : spdm_test_context->case_id = 0x17;
1846 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1847 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1848 :
1849 1 : libspdm_set_standard_key_update_test_state(
1850 : spdm_context, &session_id);
1851 :
1852 1 : session_info = &spdm_context->session_info[0];
1853 :
1854 1 : libspdm_set_standard_key_update_test_secrets(
1855 1 : session_info->secured_message_context,
1856 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1857 : m_req_secret_buffer, (uint8_t)(0xEE));
1858 :
1859 : /*last request: VerifyNewKey*/
1860 1 : session_info->last_key_update_request = m_libspdm_key_update_request5;
1861 : /*clear last_key_update_request*/
1862 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
1863 :
1864 : /*VerifyNewKey*/
1865 1 : response_size = sizeof(response);
1866 1 : status = libspdm_get_response_key_update(spdm_context,
1867 : m_libspdm_key_update_request5_size,
1868 : &m_libspdm_key_update_request5,
1869 : &response_size, response);
1870 :
1871 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1872 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1873 1 : spdm_response = (void *)response;
1874 1 : assert_int_equal(spdm_response->header.request_response_code,
1875 : SPDM_ERROR);
1876 1 : assert_int_equal(spdm_response->header.param1,
1877 : SPDM_ERROR_CODE_INVALID_REQUEST);
1878 1 : }
1879 :
1880 : /**
1881 : * Test 24: :other command + UpdateKey, last request is not key_update command, current key operation is update key
1882 : * Expected behavior: the responder accepts the request, produces a valid
1883 : * KEY_UPDATE_ACK response message, and the request data key is updated.
1884 : **/
1885 1 : void libspdm_test_responder_key_update_case24(void **state)
1886 : {
1887 : libspdm_return_t status;
1888 : libspdm_test_context_t *spdm_test_context;
1889 : libspdm_context_t *spdm_context;
1890 : uint32_t session_id;
1891 : libspdm_session_info_t *session_info;
1892 : libspdm_secured_message_context_t *secured_message_context;
1893 :
1894 : size_t response_size;
1895 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1896 : spdm_key_update_response_t *spdm_response;
1897 :
1898 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1899 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1900 :
1901 1 : spdm_test_context = *state;
1902 1 : spdm_context = spdm_test_context->spdm_context;
1903 1 : spdm_test_context->case_id = 0x18;
1904 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1905 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1906 :
1907 1 : libspdm_set_standard_key_update_test_state(
1908 : spdm_context, &session_id);
1909 :
1910 1 : session_info = &spdm_context->session_info[0];
1911 1 : secured_message_context = session_info->secured_message_context;
1912 :
1913 1 : libspdm_set_standard_key_update_test_secrets(
1914 1 : session_info->secured_message_context,
1915 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1916 : m_req_secret_buffer, (uint8_t)(0xEE));
1917 :
1918 : /*request side updated*/
1919 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1920 : secured_message_context->hash_size,
1921 : m_req_secret_buffer, m_req_secret_buffer,
1922 : secured_message_context->hash_size);
1923 : /*response side *not* updated*/
1924 :
1925 : /*other command with cleared last_key_update_request*/
1926 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
1927 :
1928 : /*updatekey*/
1929 1 : response_size = sizeof(response);
1930 1 : status = libspdm_get_response_key_update(spdm_context,
1931 : m_libspdm_key_update_request1_size,
1932 : &m_libspdm_key_update_request1,
1933 : &response_size, response);
1934 :
1935 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1936 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1937 1 : spdm_response = (void *)response;
1938 1 : assert_int_equal(spdm_response->header.request_response_code,
1939 : SPDM_KEY_UPDATE_ACK);
1940 1 : assert_int_equal(spdm_response->header.param1,
1941 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
1942 1 : assert_int_equal(spdm_response->header.param2,
1943 : m_libspdm_key_update_request1.header.param2);
1944 1 : assert_memory_equal(secured_message_context
1945 : ->application_secret.request_data_secret,
1946 : m_req_secret_buffer, secured_message_context->hash_size);
1947 1 : assert_memory_equal(secured_message_context
1948 : ->application_secret.response_data_secret,
1949 : m_rsp_secret_buffer, secured_message_context->hash_size);
1950 1 : }
1951 :
1952 : /**
1953 : * Test 25: :other command + UpdateAllKeys, last request is not key_update command, current key operation is update all key
1954 : * Expected behavior: the responder accepts the request, produces a valid
1955 : * KEY_UPDATE_ACK response message, and the request data key is updated.
1956 : **/
1957 1 : void libspdm_test_responder_key_update_case25(void **state)
1958 : {
1959 : libspdm_return_t status;
1960 : libspdm_test_context_t *spdm_test_context;
1961 : libspdm_context_t *spdm_context;
1962 : uint32_t session_id;
1963 : libspdm_session_info_t *session_info;
1964 : libspdm_secured_message_context_t *secured_message_context;
1965 :
1966 : size_t response_size;
1967 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1968 : spdm_key_update_response_t *spdm_response;
1969 :
1970 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1971 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1972 :
1973 1 : spdm_test_context = *state;
1974 1 : spdm_context = spdm_test_context->spdm_context;
1975 1 : spdm_test_context->case_id = 0x19;
1976 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1977 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1978 :
1979 1 : libspdm_set_standard_key_update_test_state(
1980 : spdm_context, &session_id);
1981 :
1982 1 : session_info = &spdm_context->session_info[0];
1983 1 : secured_message_context = session_info->secured_message_context;
1984 :
1985 1 : libspdm_set_standard_key_update_test_secrets(
1986 1 : session_info->secured_message_context,
1987 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1988 : m_req_secret_buffer, (uint8_t)(0xEE));
1989 :
1990 : /*request side updated*/
1991 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1992 : secured_message_context->hash_size,
1993 : m_req_secret_buffer, m_req_secret_buffer,
1994 : secured_message_context->hash_size);
1995 : /*response side updated*/
1996 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1997 : secured_message_context->hash_size,
1998 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1999 : secured_message_context->hash_size);
2000 :
2001 : /*other command with cleared last_key_update_request*/
2002 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
2003 :
2004 1 : response_size = sizeof(response);
2005 1 : status = libspdm_get_response_key_update(spdm_context,
2006 : m_libspdm_key_update_request3_size,
2007 : &m_libspdm_key_update_request3,
2008 : &response_size, response);
2009 :
2010 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2011 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
2012 1 : spdm_response = (void *)response;
2013 1 : assert_int_equal(spdm_response->header.request_response_code,
2014 : SPDM_KEY_UPDATE_ACK);
2015 1 : assert_int_equal(spdm_response->header.param1,
2016 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS);
2017 1 : assert_int_equal(spdm_response->header.param2,
2018 : m_libspdm_key_update_request3.header.param2);
2019 1 : assert_memory_equal(secured_message_context
2020 : ->application_secret.request_data_secret,
2021 : m_req_secret_buffer, secured_message_context->hash_size);
2022 1 : assert_memory_equal(secured_message_context
2023 : ->application_secret.response_data_secret,
2024 : m_rsp_secret_buffer, secured_message_context->hash_size);
2025 1 : }
2026 :
2027 : /**
2028 : * Test 26: :other command + VerifyNewKey, last request is not key_update command, current key operation is verify key
2029 : * Expected behavior: the responder refuses the KEY_UPDATE message and
2030 : * produces an ERROR message indicating the InvalidRequest. No keys are
2031 : * updated.
2032 : **/
2033 1 : void libspdm_test_responder_key_update_case26(void **state)
2034 : {
2035 : libspdm_return_t status;
2036 : libspdm_test_context_t *spdm_test_context;
2037 : libspdm_context_t *spdm_context;
2038 : uint32_t session_id;
2039 : libspdm_session_info_t *session_info;
2040 : libspdm_secured_message_context_t *secured_message_context;
2041 :
2042 : size_t response_size;
2043 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2044 : spdm_key_update_response_t *spdm_response;
2045 :
2046 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
2047 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
2048 :
2049 1 : spdm_test_context = *state;
2050 1 : spdm_context = spdm_test_context->spdm_context;
2051 1 : spdm_test_context->case_id = 0x1A;
2052 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2053 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2054 :
2055 1 : libspdm_set_standard_key_update_test_state(
2056 : spdm_context, &session_id);
2057 :
2058 1 : session_info = &spdm_context->session_info[0];
2059 1 : secured_message_context = session_info->secured_message_context;
2060 :
2061 1 : libspdm_set_standard_key_update_test_secrets(
2062 1 : session_info->secured_message_context,
2063 : m_rsp_secret_buffer, (uint8_t)(0xFF),
2064 : m_req_secret_buffer, (uint8_t)(0xEE));
2065 :
2066 : /*request side updated*/
2067 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
2068 : secured_message_context->hash_size,
2069 : m_req_secret_buffer, m_req_secret_buffer,
2070 : secured_message_context->hash_size);
2071 : /*response side updated*/
2072 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
2073 : secured_message_context->hash_size,
2074 : m_rsp_secret_buffer, m_rsp_secret_buffer,
2075 : secured_message_context->hash_size);
2076 :
2077 : /*other command with cleared last_key_update_request*/
2078 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
2079 :
2080 : /*VerifyNewKey*/
2081 1 : response_size = sizeof(response);
2082 1 : status = libspdm_get_response_key_update(spdm_context,
2083 : m_libspdm_key_update_request5_size,
2084 : &m_libspdm_key_update_request5,
2085 : &response_size, response);
2086 :
2087 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2088 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
2089 1 : spdm_response = (void *)response;
2090 1 : assert_int_equal(spdm_response->header.request_response_code,
2091 : SPDM_ERROR);
2092 1 : assert_int_equal(spdm_response->header.param1,
2093 : SPDM_ERROR_CODE_INVALID_REQUEST);
2094 1 : }
2095 :
2096 : /**
2097 : * Test 27: receiving a KEY_UPDATE message with a reserved operation code.
2098 : * Expected behavior: the responder refuses the KEY_UPDATE message and
2099 : * produces an ERROR message indicating the InvalidRequest. No keys
2100 : * are updated.
2101 : **/
2102 1 : void libspdm_test_responder_key_update_case27(void **state)
2103 : {
2104 : libspdm_return_t status;
2105 : libspdm_test_context_t *spdm_test_context;
2106 : libspdm_context_t *spdm_context;
2107 : uint32_t session_id;
2108 : libspdm_session_info_t *session_info;
2109 : libspdm_secured_message_context_t *secured_message_context;
2110 :
2111 : size_t response_size;
2112 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2113 : spdm_key_update_response_t *spdm_response;
2114 :
2115 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
2116 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
2117 :
2118 1 : spdm_test_context = *state;
2119 1 : spdm_context = spdm_test_context->spdm_context;
2120 1 : spdm_test_context->case_id = 0x1B;
2121 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2122 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2123 :
2124 1 : libspdm_set_standard_key_update_test_state(
2125 : spdm_context, &session_id);
2126 :
2127 1 : session_info = &spdm_context->session_info[0];
2128 1 : secured_message_context = session_info->secured_message_context;
2129 :
2130 1 : libspdm_set_standard_key_update_test_secrets(
2131 1 : session_info->secured_message_context,
2132 : m_rsp_secret_buffer, (uint8_t)(0xFF),
2133 : m_req_secret_buffer, (uint8_t)(0xEE));
2134 :
2135 : /*no keys are updated*/
2136 :
2137 1 : response_size = sizeof(response);
2138 1 : status = libspdm_get_response_key_update(spdm_context,
2139 : m_libspdm_key_update_request10_size,
2140 : &m_libspdm_key_update_request10,
2141 : &response_size, response);
2142 :
2143 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2144 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2145 1 : spdm_response = (void *)response;
2146 1 : assert_int_equal(spdm_response->header.request_response_code,
2147 : SPDM_ERROR);
2148 1 : assert_int_equal(spdm_response->header.param1,
2149 : SPDM_ERROR_CODE_INVALID_REQUEST);
2150 1 : assert_int_equal(spdm_response->header.param2, 0);
2151 1 : assert_memory_equal(secured_message_context
2152 : ->application_secret.request_data_secret,
2153 : m_req_secret_buffer, secured_message_context->hash_size);
2154 1 : assert_memory_equal(secured_message_context
2155 : ->application_secret.response_data_secret,
2156 : m_rsp_secret_buffer, secured_message_context->hash_size);
2157 1 : }
2158 :
2159 1 : int libspdm_responder_key_update_test_main(void)
2160 : {
2161 1 : const struct CMUnitTest spdm_responder_key_update_tests[] = {
2162 : /* Success Case -- UpdateKey*/
2163 : cmocka_unit_test(libspdm_test_responder_key_update_case1),
2164 : /* Bad request size*/
2165 : cmocka_unit_test(libspdm_test_responder_key_update_case2),
2166 : /* response_state: SPDM_RESPONSE_STATE_BUSY*/
2167 : cmocka_unit_test(libspdm_test_responder_key_update_case3),
2168 : /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
2169 : cmocka_unit_test(libspdm_test_responder_key_update_case4),
2170 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
2171 : /* response_state: SPDM_RESPONSE_STATE_NOT_READY*/
2172 : cmocka_unit_test(libspdm_test_responder_key_update_case5),
2173 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
2174 : /* connection_state Check*/
2175 : cmocka_unit_test(libspdm_test_responder_key_update_case6),
2176 : /* Buffer reset*/
2177 : cmocka_unit_test(libspdm_test_responder_key_update_case7),
2178 : /* Unsupported KEY_UPD capabilities*/
2179 : cmocka_unit_test(libspdm_test_responder_key_update_case8),
2180 : /* Uninitialized session*/
2181 : cmocka_unit_test(libspdm_test_responder_key_update_case9),
2182 : /* Success Case -- UpdateAllKeys*/
2183 : cmocka_unit_test(libspdm_test_responder_key_update_case10),
2184 : /* Bad request size*/
2185 : cmocka_unit_test(libspdm_test_responder_key_update_case11),
2186 : /* UpdateKey + VerifyNewKey: Success*/
2187 : cmocka_unit_test(libspdm_test_responder_key_update_case12),
2188 : /* Bad request size*/
2189 : cmocka_unit_test(libspdm_test_responder_key_update_case13),
2190 : /* UpdateALLKeys + VerifyNewKey: Success*/
2191 : cmocka_unit_test(libspdm_test_responder_key_update_case14),
2192 : /* Bad request size*/
2193 : cmocka_unit_test(libspdm_test_responder_key_update_case15),
2194 : /* Uninitialized key update*/
2195 : cmocka_unit_test(libspdm_test_responder_key_update_case16),
2196 : /* UpdateKey + UpdateKey: failed*/
2197 : cmocka_unit_test(libspdm_test_responder_key_update_case17),
2198 : /* UpdateKey + UpdateAllKeys: failed*/
2199 : cmocka_unit_test(libspdm_test_responder_key_update_case18),
2200 : /* UpdateALLKeys + UpdateKey: failed*/
2201 : cmocka_unit_test(libspdm_test_responder_key_update_case19),
2202 : /* UpdateALLKeys + UpdateALLKeys: failed*/
2203 : cmocka_unit_test(libspdm_test_responder_key_update_case20),
2204 : /* VerifyNewKey + UpdateKey: success*/
2205 : cmocka_unit_test(libspdm_test_responder_key_update_case21),
2206 : /* VerifyNewKey + UpdateAllKeys: success*/
2207 : cmocka_unit_test(libspdm_test_responder_key_update_case22),
2208 : /* VerifyNewKey + VerifyNewKey: failed*/
2209 : cmocka_unit_test(libspdm_test_responder_key_update_case23),
2210 : /* other command + UpdateKey: success*/
2211 : cmocka_unit_test(libspdm_test_responder_key_update_case24),
2212 : /* other command + UpdateAllKeys: success*/
2213 : cmocka_unit_test(libspdm_test_responder_key_update_case25),
2214 : /* other command + VerifyNewKey: failed*/
2215 : cmocka_unit_test(libspdm_test_responder_key_update_case26),
2216 : /* Invalid operation,other key_update operation: failed*/
2217 : cmocka_unit_test(libspdm_test_responder_key_update_case27),
2218 : };
2219 :
2220 1 : libspdm_test_context_t test_context = {
2221 : LIBSPDM_TEST_CONTEXT_VERSION,
2222 : false,
2223 : };
2224 :
2225 1 : libspdm_setup_test_context(&test_context);
2226 :
2227 1 : return cmocka_run_group_tests(spdm_responder_key_update_tests,
2228 : libspdm_unit_test_group_setup,
2229 : libspdm_unit_test_group_teardown);
2230 : }
2231 :
2232 : #endif /* (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_CAP) */
|
