Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2026 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 : #include "internal/libspdm_secured_message_lib.h"
10 :
11 : #if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_CAP)
12 :
13 : spdm_key_update_request_t m_libspdm_key_update_request1 = {
14 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
15 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x3 }
16 : };
17 : size_t m_libspdm_key_update_request1_size = sizeof(m_libspdm_key_update_request1);
18 :
19 : spdm_key_update_request_t m_libspdm_key_update_request2 = {
20 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
21 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x3 }
22 : };
23 : size_t m_libspdm_key_update_request2_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
24 :
25 : spdm_key_update_request_t m_libspdm_key_update_request3 = {
26 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
27 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x71 }
28 : };
29 : size_t m_libspdm_key_update_request3_size = sizeof(m_libspdm_key_update_request3);
30 :
31 : spdm_key_update_request_t m_libspdm_key_update_request4 = {
32 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
33 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x71 }
34 : };
35 : size_t m_libspdm_key_update_request4_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
36 :
37 : spdm_key_update_request_t m_libspdm_key_update_request5 = {
38 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
39 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x4A }
40 : };
41 : size_t m_libspdm_key_update_request5_size = sizeof(m_libspdm_key_update_request5);
42 :
43 : spdm_key_update_request_t m_libspdm_key_update_request6 = {
44 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
45 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x4A }
46 : };
47 : size_t m_libspdm_key_update_request6_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
48 :
49 : spdm_key_update_request_t m_libspdm_key_update_request7 = {
50 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
51 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x92 }
52 : };
53 : size_t m_libspdm_key_update_request7_size = sizeof(m_libspdm_key_update_request7);
54 :
55 : spdm_key_update_request_t m_libspdm_key_update_request8 = {
56 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
57 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x13 }
58 : };
59 : size_t m_libspdm_key_update_request8_size = sizeof(m_libspdm_key_update_request8);
60 :
61 : spdm_key_update_request_t m_libspdm_key_update_request9 = {
62 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
63 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x22 }
64 : };
65 : size_t m_libspdm_key_update_request9_size = sizeof(m_libspdm_key_update_request9);
66 :
67 : spdm_key_update_request_t m_libspdm_key_update_request10 = {
68 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE, 0xFF, 0x12 }
69 : };
70 : size_t m_libspdm_key_update_request10_size = sizeof(m_libspdm_key_update_request10);
71 :
72 27 : static void libspdm_set_standard_key_update_test_state(
73 : libspdm_context_t *spdm_context, uint32_t *session_id)
74 : {
75 : libspdm_session_info_t *session_info;
76 :
77 27 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
78 27 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
79 27 : spdm_context->connection_info.capability.flags |=
80 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP;
81 27 : spdm_context->connection_info.capability.flags |=
82 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP;
83 27 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP;
84 :
85 27 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP;
86 27 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP;
87 27 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP;
88 :
89 27 : spdm_context->transcript.message_a.buffer_size = 0;
90 27 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
91 27 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
92 27 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
93 27 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
94 :
95 27 : *session_id = 0xFFFFFFFF;
96 27 : spdm_context->latest_session_id = *session_id;
97 27 : spdm_context->last_spdm_request_session_id_valid = true;
98 27 : spdm_context->last_spdm_request_session_id = *session_id;
99 27 : session_info = &spdm_context->session_info[0];
100 27 : libspdm_session_info_init(spdm_context, session_info, *session_id,
101 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
102 27 : libspdm_secured_message_set_session_state(
103 : session_info->secured_message_context,
104 : LIBSPDM_SESSION_STATE_ESTABLISHED);
105 27 : }
106 :
107 27 : static void libspdm_set_standard_key_update_test_secrets(
108 : libspdm_secured_message_context_t *secured_message_context,
109 : uint8_t *m_rsp_secret_buffer, uint8_t rsp_secret_fill,
110 : uint8_t *m_req_secret_buffer, uint8_t req_secret_fill)
111 : {
112 27 : libspdm_set_mem(m_rsp_secret_buffer, secured_message_context->hash_size, rsp_secret_fill);
113 27 : libspdm_set_mem(m_req_secret_buffer, secured_message_context->hash_size, req_secret_fill);
114 :
115 27 : libspdm_copy_mem(secured_message_context->application_secret.response_data_secret,
116 : sizeof(secured_message_context->application_secret.response_data_secret),
117 : m_rsp_secret_buffer, secured_message_context->aead_key_size);
118 27 : libspdm_copy_mem(secured_message_context->application_secret.request_data_secret,
119 : sizeof(secured_message_context->application_secret.request_data_secret),
120 : m_req_secret_buffer, secured_message_context->aead_key_size);
121 :
122 27 : libspdm_set_mem(secured_message_context->application_secret
123 27 : .response_data_encryption_key,
124 : secured_message_context->aead_key_size, (uint8_t)(0xFF));
125 27 : libspdm_set_mem(secured_message_context->application_secret
126 27 : .response_data_salt,
127 : secured_message_context->aead_iv_size, (uint8_t)(0xFF));
128 :
129 :
130 27 : libspdm_set_mem(secured_message_context->application_secret
131 27 : .request_data_encryption_key,
132 : secured_message_context->aead_key_size, (uint8_t)(0xEE));
133 27 : libspdm_set_mem(secured_message_context->application_secret
134 27 : .request_data_salt,
135 : secured_message_context->aead_iv_size, (uint8_t)(0xEE));
136 :
137 : secured_message_context->application_secret.
138 27 : response_data_sequence_number = 0;
139 : secured_message_context->application_secret.
140 27 : request_data_sequence_number = 0;
141 27 : }
142 :
143 30 : static void libspdm_compute_secret_update(spdm_version_number_t spdm_version,
144 : size_t hash_size,
145 : const uint8_t *in_secret, uint8_t *out_secret,
146 : size_t out_secret_size)
147 : {
148 : uint8_t bin_str9[128];
149 : size_t bin_str9_size;
150 :
151 30 : bin_str9_size = sizeof(bin_str9);
152 30 : libspdm_bin_concat(spdm_version,
153 : SPDM_BIN_STR_9_LABEL, sizeof(SPDM_BIN_STR_9_LABEL) - 1,
154 30 : NULL, (uint16_t)hash_size, hash_size, bin_str9,
155 : &bin_str9_size);
156 :
157 30 : libspdm_hkdf_expand(m_libspdm_use_hash_algo, in_secret, hash_size, bin_str9,
158 : bin_str9_size, out_secret, out_secret_size);
159 30 : }
160 :
161 : /**
162 : * Test 1: receiving a correct KEY_UPDATE message from the requester with
163 : * the UpdateKey operation.
164 : * Expected behavior: the responder accepts the request, produces a valid
165 : * KEY_UPDATE_ACK response message, and the request data key is updated.
166 : **/
167 1 : static void rsp_key_update_ack_case1(void **state)
168 : {
169 : libspdm_return_t status;
170 : libspdm_test_context_t *spdm_test_context;
171 : libspdm_context_t *spdm_context;
172 : uint32_t session_id;
173 : libspdm_session_info_t *session_info;
174 : libspdm_secured_message_context_t *secured_message_context;
175 :
176 : size_t response_size;
177 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
178 : spdm_key_update_response_t *spdm_response;
179 :
180 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
181 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
182 :
183 1 : spdm_test_context = *state;
184 1 : spdm_context = spdm_test_context->spdm_context;
185 1 : spdm_test_context->case_id = 0x1;
186 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
187 : SPDM_VERSION_NUMBER_SHIFT_BIT;
188 :
189 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
190 :
191 1 : session_info = &spdm_context->session_info[0];
192 1 : secured_message_context = session_info->secured_message_context;
193 :
194 1 : libspdm_set_standard_key_update_test_secrets(
195 1 : session_info->secured_message_context,
196 : m_rsp_secret_buffer, (uint8_t)(0xFF),
197 : m_req_secret_buffer, (uint8_t)(0xEE));
198 :
199 : /*request side updated*/
200 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
201 : secured_message_context->hash_size,
202 : m_req_secret_buffer, m_req_secret_buffer,
203 : secured_message_context->hash_size);
204 : /*response side *not* updated*/
205 :
206 1 : response_size = sizeof(response);
207 1 : status = libspdm_get_response_key_update(spdm_context,
208 : m_libspdm_key_update_request1_size,
209 : &m_libspdm_key_update_request1,
210 : &response_size, response);
211 :
212 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
213 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
214 1 : spdm_response = (void *)response;
215 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_KEY_UPDATE_ACK);
216 1 : assert_int_equal(spdm_response->header.param1, SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
217 1 : assert_int_equal(spdm_response->header.param2, m_libspdm_key_update_request1.header.param2);
218 1 : assert_memory_equal(secured_message_context
219 : ->application_secret.request_data_secret,
220 : m_req_secret_buffer, secured_message_context->hash_size);
221 1 : assert_memory_equal(secured_message_context
222 : ->application_secret.response_data_secret,
223 : m_rsp_secret_buffer, secured_message_context->hash_size);
224 1 : }
225 :
226 : /**
227 : * Test 2: receiving a KEY_UPDATE message larger than specified, with the
228 : * UpdateKey operation.
229 : * Expected behavior: the responder refuses the KEY_UPDATE message and
230 : * produces an ERROR message indicating the InvalidRequest. No keys
231 : * are updated.
232 : **/
233 1 : static void rsp_key_update_ack_case2(void **state)
234 : {
235 : libspdm_return_t status;
236 : libspdm_test_context_t *spdm_test_context;
237 : libspdm_context_t *spdm_context;
238 : uint32_t session_id;
239 : libspdm_session_info_t *session_info;
240 : libspdm_secured_message_context_t *secured_message_context;
241 :
242 : size_t response_size;
243 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
244 : spdm_key_update_response_t *spdm_response;
245 :
246 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
247 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
248 :
249 1 : spdm_test_context = *state;
250 1 : spdm_context = spdm_test_context->spdm_context;
251 1 : spdm_test_context->case_id = 0x2;
252 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
253 : SPDM_VERSION_NUMBER_SHIFT_BIT;
254 :
255 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
256 :
257 1 : session_info = &spdm_context->session_info[0];
258 1 : secured_message_context = session_info->secured_message_context;
259 :
260 1 : libspdm_set_standard_key_update_test_secrets(
261 1 : session_info->secured_message_context,
262 : m_rsp_secret_buffer, (uint8_t)(0xFF),
263 : m_req_secret_buffer, (uint8_t)(0xEE));
264 :
265 : /*no keys are updated*/
266 :
267 1 : response_size = sizeof(response);
268 1 : status = libspdm_get_response_key_update(spdm_context,
269 : m_libspdm_key_update_request2_size,
270 : &m_libspdm_key_update_request2,
271 : &response_size, response);
272 :
273 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
274 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
275 1 : spdm_response = (void *)response;
276 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
277 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
278 1 : assert_int_equal(spdm_response->header.param2, 0);
279 1 : assert_memory_equal(secured_message_context
280 : ->application_secret.request_data_secret,
281 : m_req_secret_buffer, secured_message_context->hash_size);
282 1 : assert_memory_equal(secured_message_context
283 : ->application_secret.response_data_secret,
284 : m_rsp_secret_buffer, secured_message_context->hash_size);
285 1 : }
286 :
287 : /**
288 : * Test 3: receiving a correct KEY_UPDATE from the requester, but the
289 : * responder is in a Busy state.
290 : * Expected behavior: the responder accepts the request, but produces an
291 : * ERROR message indicating the Busy state. No keys are updated.
292 : **/
293 1 : static void rsp_key_update_ack_case3(void **state)
294 : {
295 : libspdm_return_t status;
296 : libspdm_test_context_t *spdm_test_context;
297 : libspdm_context_t *spdm_context;
298 : uint32_t session_id;
299 : libspdm_session_info_t *session_info;
300 : libspdm_secured_message_context_t *secured_message_context;
301 :
302 : size_t response_size;
303 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
304 : spdm_key_update_response_t *spdm_response;
305 :
306 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
307 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
308 :
309 1 : spdm_test_context = *state;
310 1 : spdm_context = spdm_test_context->spdm_context;
311 1 : spdm_test_context->case_id = 0x3;
312 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
313 : SPDM_VERSION_NUMBER_SHIFT_BIT;
314 :
315 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
316 :
317 : /*busy state*/
318 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
319 :
320 1 : session_info = &spdm_context->session_info[0];
321 1 : secured_message_context = session_info->secured_message_context;
322 :
323 1 : libspdm_set_standard_key_update_test_secrets(
324 1 : session_info->secured_message_context,
325 : m_rsp_secret_buffer, (uint8_t)(0xFF),
326 : m_req_secret_buffer, (uint8_t)(0xEE));
327 :
328 : /*no keys are updated*/
329 :
330 1 : response_size = sizeof(response);
331 1 : status = libspdm_get_response_key_update(spdm_context,
332 : m_libspdm_key_update_request1_size,
333 : &m_libspdm_key_update_request1,
334 : &response_size, response);
335 :
336 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
337 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
338 1 : spdm_response = (void *)response;
339 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
340 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
341 1 : assert_int_equal(spdm_response->header.param2, 0);
342 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_BUSY);
343 1 : assert_memory_equal(secured_message_context
344 : ->application_secret.request_data_secret,
345 : m_req_secret_buffer, secured_message_context->hash_size);
346 1 : assert_memory_equal(secured_message_context
347 : ->application_secret.response_data_secret,
348 : m_rsp_secret_buffer, secured_message_context->hash_size);
349 1 : }
350 :
351 : /**
352 : * Test 4: receiving a correct KEY_UPDATE message from the requester, but
353 : * the responder requires resynchronization with the requester.
354 : * Expected behavior: the responder accepts the request, but produces an
355 : * ERROR message indicating the NeedResynch state. No keys are updated.
356 : **/
357 1 : static void rsp_key_update_ack_case4(void **state)
358 : {
359 : libspdm_return_t status;
360 : libspdm_test_context_t *spdm_test_context;
361 : libspdm_context_t *spdm_context;
362 : uint32_t session_id;
363 : libspdm_session_info_t *session_info;
364 : libspdm_secured_message_context_t *secured_message_context;
365 :
366 : size_t response_size;
367 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
368 : spdm_key_update_response_t *spdm_response;
369 :
370 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
371 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
372 :
373 1 : spdm_test_context = *state;
374 1 : spdm_context = spdm_test_context->spdm_context;
375 1 : spdm_test_context->case_id = 0x4;
376 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
377 : SPDM_VERSION_NUMBER_SHIFT_BIT;
378 :
379 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
380 :
381 : /*need resync state*/
382 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
383 :
384 1 : session_info = &spdm_context->session_info[0];
385 1 : secured_message_context = session_info->secured_message_context;
386 :
387 1 : libspdm_set_standard_key_update_test_secrets(
388 1 : session_info->secured_message_context,
389 : m_rsp_secret_buffer, (uint8_t)(0xFF),
390 : m_req_secret_buffer, (uint8_t)(0xEE));
391 :
392 : /*no keys are updated*/
393 :
394 1 : response_size = sizeof(response);
395 1 : status = libspdm_get_response_key_update(spdm_context,
396 : m_libspdm_key_update_request1_size,
397 : &m_libspdm_key_update_request1,
398 : &response_size, response);
399 :
400 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
401 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
402 1 : spdm_response = (void *)response;
403 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
404 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_REQUEST_RESYNCH);
405 1 : assert_int_equal(spdm_response->header.param2, 0);
406 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
407 1 : assert_memory_equal(secured_message_context
408 : ->application_secret.request_data_secret,
409 : m_req_secret_buffer, secured_message_context->hash_size);
410 1 : assert_memory_equal(secured_message_context
411 : ->application_secret.response_data_secret,
412 : m_rsp_secret_buffer, secured_message_context->hash_size);
413 1 : }
414 :
415 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
416 : /**
417 : * Test 5: receiving a correct KEY_UPDATE from the requester, but the
418 : * responder could not produce the response in time.
419 : * Expected behavior: the responder accepts the request, but produces an
420 : * ERROR message indicating the ResponseNotReady state. No keys are
421 : * updated.
422 : **/
423 1 : static void rsp_key_update_ack_case5(void **state)
424 : {
425 : libspdm_return_t status;
426 : libspdm_test_context_t *spdm_test_context;
427 : libspdm_context_t *spdm_context;
428 : uint32_t session_id;
429 : libspdm_session_info_t *session_info;
430 : libspdm_secured_message_context_t *secured_message_context;
431 :
432 : size_t response_size;
433 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
434 : spdm_key_update_response_t *spdm_response;
435 : spdm_error_data_response_not_ready_t *error_data;
436 :
437 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
438 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
439 :
440 1 : spdm_test_context = *state;
441 1 : spdm_context = spdm_test_context->spdm_context;
442 1 : spdm_test_context->case_id = 0x5;
443 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
444 : SPDM_VERSION_NUMBER_SHIFT_BIT;
445 :
446 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
447 :
448 : /*not ready state*/
449 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
450 :
451 1 : session_info = &spdm_context->session_info[0];
452 1 : secured_message_context = session_info->secured_message_context;
453 :
454 1 : libspdm_set_standard_key_update_test_secrets(
455 1 : session_info->secured_message_context,
456 : m_rsp_secret_buffer, (uint8_t)(0xFF),
457 : m_req_secret_buffer, (uint8_t)(0xEE));
458 :
459 : /*no keys are updated*/
460 :
461 1 : response_size = sizeof(response);
462 1 : status = libspdm_get_response_key_update(spdm_context,
463 : m_libspdm_key_update_request1_size,
464 : &m_libspdm_key_update_request1,
465 : &response_size, response);
466 :
467 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
468 1 : assert_int_equal(response_size,
469 : sizeof(spdm_error_response_t) +
470 : sizeof(spdm_error_data_response_not_ready_t));
471 1 : spdm_response = (void *)response;
472 1 : error_data = (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
473 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
474 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_RESPONSE_NOT_READY);
475 1 : assert_int_equal(spdm_response->header.param2, 0);
476 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_NOT_READY);
477 1 : assert_int_equal(error_data->request_code, SPDM_KEY_UPDATE);
478 1 : assert_memory_equal(secured_message_context
479 : ->application_secret.request_data_secret,
480 : m_req_secret_buffer, secured_message_context->hash_size);
481 1 : assert_memory_equal(secured_message_context
482 : ->application_secret.response_data_secret,
483 : m_rsp_secret_buffer, secured_message_context->hash_size);
484 1 : }
485 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
486 :
487 : /**
488 : * Test 6: receiving a correct KEY_UPDATE from the requester, but the
489 : * responder is not set no receive a FINISH message because previous messages
490 : * (namely, GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or GET_DIGESTS) have not
491 : * been received.
492 : * Expected behavior: the responder rejects the request, and produces an
493 : * ERROR message indicating the UnexpectedRequest. No keys are updated.
494 : **/
495 1 : static void rsp_key_update_ack_case6(void **state)
496 : {
497 : libspdm_return_t status;
498 : libspdm_test_context_t *spdm_test_context;
499 : libspdm_context_t *spdm_context;
500 : uint32_t session_id;
501 : libspdm_session_info_t *session_info;
502 : libspdm_secured_message_context_t *secured_message_context;
503 :
504 : size_t response_size;
505 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
506 : spdm_key_update_response_t *spdm_response;
507 :
508 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
509 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
510 :
511 1 : spdm_test_context = *state;
512 1 : spdm_context = spdm_test_context->spdm_context;
513 1 : spdm_test_context->case_id = 0x6;
514 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
515 : SPDM_VERSION_NUMBER_SHIFT_BIT;
516 :
517 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
518 :
519 : /*not negotiated state*/
520 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NOT_STARTED;
521 :
522 1 : session_info = &spdm_context->session_info[0];
523 1 : secured_message_context = session_info->secured_message_context;
524 :
525 1 : libspdm_set_standard_key_update_test_secrets(
526 1 : session_info->secured_message_context,
527 : m_rsp_secret_buffer, (uint8_t)(0xFF),
528 : m_req_secret_buffer, (uint8_t)(0xEE));
529 :
530 : /*no keys are updated*/
531 :
532 1 : response_size = sizeof(response);
533 1 : status = libspdm_get_response_key_update(spdm_context,
534 : m_libspdm_key_update_request1_size,
535 : &m_libspdm_key_update_request1,
536 : &response_size, response);
537 :
538 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
539 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
540 1 : spdm_response = (void *)response;
541 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
542 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
543 1 : assert_int_equal(spdm_response->header.param2, 0);
544 1 : assert_memory_equal(secured_message_context
545 : ->application_secret.request_data_secret,
546 : m_req_secret_buffer, secured_message_context->hash_size);
547 1 : assert_memory_equal(secured_message_context
548 : ->application_secret.response_data_secret,
549 : m_rsp_secret_buffer, secured_message_context->hash_size);
550 1 : }
551 :
552 1 : static void rsp_key_update_ack_case7(void **state)
553 : {
554 : libspdm_return_t status;
555 : libspdm_test_context_t *spdm_test_context;
556 : libspdm_context_t *spdm_context;
557 : uint32_t session_id;
558 : libspdm_session_info_t *session_info;
559 : libspdm_secured_message_context_t *secured_message_context;
560 :
561 : size_t response_size;
562 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
563 : spdm_key_update_response_t *spdm_response;
564 :
565 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
566 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
567 :
568 1 : spdm_test_context = *state;
569 1 : spdm_context = spdm_test_context->spdm_context;
570 1 : spdm_test_context->case_id = 0x7;
571 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
572 : SPDM_VERSION_NUMBER_SHIFT_BIT;
573 :
574 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
575 :
576 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
577 : /*"filling" buffers*/
578 : spdm_context->transcript.message_m.buffer_size =
579 : spdm_context->transcript.message_m.max_buffer_size;
580 : spdm_context->transcript.message_b.buffer_size =
581 : spdm_context->transcript.message_b.max_buffer_size;
582 : spdm_context->transcript.message_c.buffer_size =
583 : spdm_context->transcript.message_c.max_buffer_size;
584 : spdm_context->transcript.message_mut_b.buffer_size =
585 : spdm_context->transcript.message_mut_b.max_buffer_size;
586 : spdm_context->transcript.message_mut_c.buffer_size =
587 : spdm_context->transcript.message_mut_c.max_buffer_size;
588 : #endif
589 :
590 1 : session_info = &spdm_context->session_info[0];
591 1 : secured_message_context = session_info->secured_message_context;
592 :
593 1 : libspdm_set_standard_key_update_test_secrets(
594 1 : session_info->secured_message_context,
595 : m_rsp_secret_buffer, (uint8_t)(0xFF),
596 : m_req_secret_buffer, (uint8_t)(0xEE));
597 :
598 : /*request side updated*/
599 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
600 : secured_message_context->hash_size,
601 : m_req_secret_buffer, m_req_secret_buffer,
602 : secured_message_context->hash_size);
603 : /*response side *not* updated*/
604 :
605 1 : response_size = sizeof(response);
606 1 : status = libspdm_get_response_key_update(spdm_context,
607 : m_libspdm_key_update_request1_size,
608 : &m_libspdm_key_update_request1,
609 : &response_size, response);
610 :
611 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
612 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
613 1 : spdm_response = (void *)response;
614 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_KEY_UPDATE_ACK);
615 1 : assert_int_equal(spdm_response->header.param1, SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
616 1 : assert_int_equal(spdm_response->header.param2, m_libspdm_key_update_request1.header.param2);
617 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
618 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
619 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
620 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
621 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
622 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
623 : #endif
624 1 : assert_memory_equal(secured_message_context
625 : ->application_secret.request_data_secret,
626 : m_req_secret_buffer, secured_message_context->hash_size);
627 1 : assert_memory_equal(secured_message_context
628 : ->application_secret.response_data_secret,
629 : m_rsp_secret_buffer, secured_message_context->hash_size);
630 1 : }
631 :
632 : /**
633 : * Test 8: receiving a correct KEY_UPDATE message from the requester, but the
634 : * responder has no capabilities for key update.
635 : * Expected behavior: the responder refuses the KEY_UPDATE message and
636 : * produces an ERROR message indicating the UnsupportedRequest. No keys are
637 : * updated.
638 : **/
639 1 : static void rsp_key_update_ack_case8(void **state)
640 : {
641 : libspdm_return_t status;
642 : libspdm_test_context_t *spdm_test_context;
643 : libspdm_context_t *spdm_context;
644 : uint32_t session_id;
645 : libspdm_session_info_t *session_info;
646 : libspdm_secured_message_context_t *secured_message_context;
647 :
648 : size_t response_size;
649 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
650 : spdm_key_update_response_t *spdm_response;
651 :
652 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
653 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
654 :
655 1 : spdm_test_context = *state;
656 1 : spdm_context = spdm_test_context->spdm_context;
657 1 : spdm_test_context->case_id = 0x8;
658 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
659 : SPDM_VERSION_NUMBER_SHIFT_BIT;
660 :
661 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
662 :
663 : /*no capabilities*/
664 1 : spdm_context->connection_info.capability.flags &=
665 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP;
666 1 : spdm_context->local_context.capability.flags &=
667 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP;
668 :
669 1 : session_info = &spdm_context->session_info[0];
670 1 : secured_message_context = session_info->secured_message_context;
671 :
672 1 : libspdm_set_standard_key_update_test_secrets(
673 1 : session_info->secured_message_context,
674 : m_rsp_secret_buffer, (uint8_t)(0xFF),
675 : m_req_secret_buffer, (uint8_t)(0xEE));
676 :
677 : /*no keys are updated*/
678 :
679 1 : response_size = sizeof(response);
680 1 : status = libspdm_get_response_key_update(spdm_context,
681 : m_libspdm_key_update_request1_size,
682 : &m_libspdm_key_update_request1,
683 : &response_size, response);
684 :
685 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
686 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
687 1 : spdm_response = (void *)response;
688 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
689 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
690 1 : assert_int_equal(spdm_response->header.param2, SPDM_KEY_UPDATE);
691 1 : assert_memory_equal(secured_message_context
692 : ->application_secret.request_data_secret,
693 : m_req_secret_buffer, secured_message_context->hash_size);
694 1 : assert_memory_equal(secured_message_context
695 : ->application_secret.response_data_secret,
696 : m_rsp_secret_buffer, secured_message_context->hash_size);
697 1 : }
698 :
699 : /**
700 : * Test 9: receiving a correct KEY_UPDATE message from the requester, but the
701 : * responder is not correctly setup by not initializing a session during
702 : * KEY_EXCHANGE.
703 : * Expected behavior: the responder refuses the KEY_UPDATE message and produces
704 : * an ERROR message indicating the UnsupportedRequest. No keys are updated.
705 : **/
706 1 : static void rsp_key_update_ack_case9(void **state)
707 : {
708 : libspdm_return_t status;
709 : libspdm_test_context_t *spdm_test_context;
710 : libspdm_context_t *spdm_context;
711 : uint32_t session_id;
712 : libspdm_session_info_t *session_info;
713 : libspdm_secured_message_context_t *secured_message_context;
714 :
715 : size_t response_size;
716 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
717 : spdm_key_update_response_t *spdm_response;
718 :
719 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
720 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
721 :
722 1 : spdm_test_context = *state;
723 1 : spdm_context = spdm_test_context->spdm_context;
724 1 : spdm_test_context->case_id = 0x9;
725 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
726 : SPDM_VERSION_NUMBER_SHIFT_BIT;
727 :
728 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
729 :
730 1 : session_info = &spdm_context->session_info[0];
731 1 : secured_message_context = session_info->secured_message_context;
732 :
733 : /*uninitialized session*/
734 1 : libspdm_secured_message_set_session_state(
735 : session_info->secured_message_context,
736 : LIBSPDM_SESSION_STATE_NOT_STARTED);
737 :
738 1 : libspdm_set_standard_key_update_test_secrets(
739 1 : session_info->secured_message_context,
740 : m_rsp_secret_buffer, (uint8_t)(0xFF),
741 : m_req_secret_buffer, (uint8_t)(0xEE));
742 :
743 : /*no keys are updated*/
744 :
745 1 : response_size = sizeof(response);
746 1 : status = libspdm_get_response_key_update(spdm_context,
747 : m_libspdm_key_update_request1_size,
748 : &m_libspdm_key_update_request1,
749 : &response_size, response);
750 :
751 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
752 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
753 1 : spdm_response = (void *)response;
754 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
755 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
756 1 : assert_int_equal(spdm_response->header.param2, 0);
757 1 : assert_memory_equal(secured_message_context
758 : ->application_secret.request_data_secret,
759 : m_req_secret_buffer, secured_message_context->hash_size);
760 1 : assert_memory_equal(secured_message_context
761 : ->application_secret.response_data_secret,
762 : m_rsp_secret_buffer, secured_message_context->hash_size);
763 1 : }
764 :
765 : /**
766 : * Test 10: receiving a correct KEY_UPDATE message from the requester with
767 : * the UpdateAllKeys operation.
768 : * Expected behavior: the responder accepts the request, produces a valid
769 : * KEY_UPDATE_ACK response message, and both the request data key and the
770 : * response data key are updated.
771 : **/
772 1 : static void rsp_key_update_ack_case10(void **state)
773 : {
774 : libspdm_return_t status;
775 : libspdm_test_context_t *spdm_test_context;
776 : libspdm_context_t *spdm_context;
777 : uint32_t session_id;
778 : libspdm_session_info_t *session_info;
779 : libspdm_secured_message_context_t *secured_message_context;
780 :
781 : size_t response_size;
782 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
783 : spdm_key_update_response_t *spdm_response;
784 :
785 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
786 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
787 :
788 1 : spdm_test_context = *state;
789 1 : spdm_context = spdm_test_context->spdm_context;
790 1 : spdm_test_context->case_id = 0xA;
791 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
792 : SPDM_VERSION_NUMBER_SHIFT_BIT;
793 :
794 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
795 :
796 1 : session_info = &spdm_context->session_info[0];
797 1 : secured_message_context = session_info->secured_message_context;
798 :
799 1 : libspdm_set_standard_key_update_test_secrets(
800 1 : session_info->secured_message_context,
801 : m_rsp_secret_buffer, (uint8_t)(0xFF),
802 : m_req_secret_buffer, (uint8_t)(0xEE));
803 :
804 : /*request side updated*/
805 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
806 : secured_message_context->hash_size,
807 : m_req_secret_buffer, m_req_secret_buffer,
808 : secured_message_context->hash_size);
809 : /*response side updated*/
810 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
811 : secured_message_context->hash_size,
812 : m_rsp_secret_buffer, m_rsp_secret_buffer,
813 : secured_message_context->hash_size);
814 :
815 1 : response_size = sizeof(response);
816 1 : status = libspdm_get_response_key_update(spdm_context,
817 : m_libspdm_key_update_request3_size,
818 : &m_libspdm_key_update_request3,
819 : &response_size, response);
820 :
821 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
822 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
823 1 : spdm_response = (void *)response;
824 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_KEY_UPDATE_ACK);
825 1 : assert_int_equal(spdm_response->header.param1,
826 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS);
827 1 : assert_int_equal(spdm_response->header.param2, m_libspdm_key_update_request3.header.param2);
828 1 : assert_memory_equal(secured_message_context
829 : ->application_secret.request_data_secret,
830 : m_req_secret_buffer, secured_message_context->hash_size);
831 1 : assert_memory_equal(secured_message_context
832 : ->application_secret.response_data_secret,
833 : m_rsp_secret_buffer, secured_message_context->hash_size);
834 1 : }
835 :
836 : /**
837 : * Test 11: receiving a KEY_UPDATE message larger than specified, with the
838 : * UpdateAllKeys operation.
839 : * Expected behavior: the responder refuses the KEY_UPDATE message and
840 : * produces an ERROR message indicating the InvalidRequest. No keys
841 : * are updated.
842 : **/
843 1 : static void rsp_key_update_ack_case11(void **state)
844 : {
845 : libspdm_return_t status;
846 : libspdm_test_context_t *spdm_test_context;
847 : libspdm_context_t *spdm_context;
848 : uint32_t session_id;
849 : libspdm_session_info_t *session_info;
850 : libspdm_secured_message_context_t *secured_message_context;
851 :
852 : size_t response_size;
853 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
854 : spdm_key_update_response_t *spdm_response;
855 :
856 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
857 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
858 :
859 1 : spdm_test_context = *state;
860 1 : spdm_context = spdm_test_context->spdm_context;
861 1 : spdm_test_context->case_id = 0xB;
862 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
863 : SPDM_VERSION_NUMBER_SHIFT_BIT;
864 :
865 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
866 :
867 1 : session_info = &spdm_context->session_info[0];
868 1 : secured_message_context = session_info->secured_message_context;
869 :
870 1 : libspdm_set_standard_key_update_test_secrets(
871 1 : session_info->secured_message_context,
872 : m_rsp_secret_buffer, (uint8_t)(0xFF),
873 : m_req_secret_buffer, (uint8_t)(0xEE));
874 :
875 : /*no keys are updated*/
876 :
877 1 : response_size = sizeof(response);
878 1 : status = libspdm_get_response_key_update(spdm_context,
879 : m_libspdm_key_update_request4_size,
880 : &m_libspdm_key_update_request4,
881 : &response_size, response);
882 :
883 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
884 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
885 1 : spdm_response = (void *)response;
886 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
887 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
888 1 : assert_int_equal(spdm_response->header.param2, 0);
889 1 : assert_memory_equal(secured_message_context
890 : ->application_secret.request_data_secret,
891 : m_req_secret_buffer, secured_message_context->hash_size);
892 1 : assert_memory_equal(secured_message_context
893 : ->application_secret.response_data_secret,
894 : m_rsp_secret_buffer, secured_message_context->hash_size);
895 1 : }
896 :
897 : /**
898 : * Test 12: receiving a correct KEY_UPDATE message from the requester with
899 : * the VerifyNewKey operation. The responder is setup as if a valid
900 : * KEY_UPDATE request with the UpdateKey has been previously received.
901 : * Expected behavior: the responder accepts the request, produces a valid
902 : * KEY_UPDATE_ACK response message, and the request data key is updated.
903 : **/
904 1 : static void rsp_key_update_ack_case12(void **state)
905 : {
906 : libspdm_return_t status;
907 : libspdm_test_context_t *spdm_test_context;
908 : libspdm_context_t *spdm_context;
909 : uint32_t session_id;
910 : libspdm_session_info_t *session_info;
911 : libspdm_secured_message_context_t *secured_message_context;
912 :
913 : size_t response_size;
914 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
915 : spdm_key_update_response_t *spdm_response;
916 :
917 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
918 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
919 :
920 1 : spdm_test_context = *state;
921 1 : spdm_context = spdm_test_context->spdm_context;
922 1 : spdm_test_context->case_id = 0xC;
923 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
924 : SPDM_VERSION_NUMBER_SHIFT_BIT;
925 :
926 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
927 :
928 1 : session_info = &spdm_context->session_info[0];
929 1 : secured_message_context = session_info->secured_message_context;
930 :
931 1 : libspdm_set_standard_key_update_test_secrets(
932 1 : session_info->secured_message_context,
933 : m_rsp_secret_buffer, (uint8_t)(0xFF),
934 : m_req_secret_buffer, (uint8_t)(0xEE));
935 :
936 : /*last request: UpdateKey*/
937 1 : session_info->last_key_update_request = m_libspdm_key_update_request1;
938 :
939 : /*mocked major secret update*/
940 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
941 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
942 1 : &secured_message_context->application_secret.request_data_secret,
943 : LIBSPDM_MAX_HASH_SIZE);
944 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
945 : secured_message_context->hash_size,
946 : secured_message_context->application_secret
947 1 : .request_data_secret,
948 : secured_message_context->application_secret
949 1 : .request_data_secret,
950 : secured_message_context->hash_size);
951 :
952 : /*request side updated*/
953 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
954 : secured_message_context->hash_size,
955 : m_req_secret_buffer, m_req_secret_buffer,
956 : secured_message_context->hash_size);
957 : /*response side *not* updated*/
958 :
959 1 : response_size = sizeof(response);
960 1 : status = libspdm_get_response_key_update(spdm_context,
961 : m_libspdm_key_update_request5_size,
962 : &m_libspdm_key_update_request5,
963 : &response_size, response);
964 :
965 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
966 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
967 1 : spdm_response = (void *)response;
968 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_KEY_UPDATE_ACK);
969 1 : assert_int_equal(spdm_response->header.param1, SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY);
970 1 : assert_int_equal(spdm_response->header.param2, m_libspdm_key_update_request5.header.param2);
971 1 : assert_memory_equal(secured_message_context
972 : ->application_secret.request_data_secret,
973 : m_req_secret_buffer, secured_message_context->hash_size);
974 1 : assert_memory_equal(secured_message_context
975 : ->application_secret.response_data_secret,
976 : m_rsp_secret_buffer, secured_message_context->hash_size);
977 1 : }
978 :
979 : /**
980 : * Test 13: receiving a KEY_UPDATE message larger than specified, with the
981 : * VerifyNewKey operation. The responder is setup as if a valid KEY_UPDATE
982 : * request with the UpdateKey has been previously received.
983 : * Expected behavior: the responder refuses the KEY_UPDATE message and
984 : * produces an ERROR message indicating the InvalidRequest. The request
985 : * data key is not rolled back to before the UpdateKey.
986 : **/
987 1 : static void rsp_key_update_ack_case13(void **state)
988 : {
989 : libspdm_return_t status;
990 : libspdm_test_context_t *spdm_test_context;
991 : libspdm_context_t *spdm_context;
992 : uint32_t session_id;
993 : libspdm_session_info_t *session_info;
994 : libspdm_secured_message_context_t *secured_message_context;
995 :
996 : size_t response_size;
997 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
998 : spdm_key_update_response_t *spdm_response;
999 :
1000 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1001 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1002 :
1003 1 : spdm_test_context = *state;
1004 1 : spdm_context = spdm_test_context->spdm_context;
1005 1 : spdm_test_context->case_id = 0xD;
1006 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1007 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1008 :
1009 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
1010 :
1011 1 : session_info = &spdm_context->session_info[0];
1012 1 : secured_message_context = session_info->secured_message_context;
1013 :
1014 1 : libspdm_set_standard_key_update_test_secrets(
1015 1 : session_info->secured_message_context,
1016 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1017 : m_req_secret_buffer, (uint8_t)(0xEE));
1018 :
1019 : /*last request: UpdateKey*/
1020 1 : session_info->last_key_update_request = m_libspdm_key_update_request1;
1021 :
1022 : /*mocked major secret update*/
1023 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
1024 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
1025 1 : &secured_message_context->application_secret.request_data_secret,
1026 : LIBSPDM_MAX_HASH_SIZE);
1027 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1028 : secured_message_context->hash_size,
1029 : secured_message_context->application_secret
1030 1 : .request_data_secret,
1031 : secured_message_context->application_secret
1032 1 : .request_data_secret,
1033 : secured_message_context->hash_size);
1034 :
1035 : /*request side updated*/
1036 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1037 : secured_message_context->hash_size,
1038 : m_req_secret_buffer, m_req_secret_buffer,
1039 : secured_message_context->hash_size);
1040 : /*response side *not* updated*/
1041 :
1042 1 : response_size = sizeof(response);
1043 1 : status = libspdm_get_response_key_update(spdm_context,
1044 : m_libspdm_key_update_request6_size,
1045 : &m_libspdm_key_update_request6,
1046 : &response_size, response);
1047 :
1048 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1049 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1050 1 : spdm_response = (void *)response;
1051 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1052 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1053 1 : assert_int_equal(spdm_response->header.param2, 0);
1054 1 : assert_memory_equal(secured_message_context
1055 : ->application_secret.request_data_secret,
1056 : m_req_secret_buffer, secured_message_context->hash_size);
1057 1 : assert_memory_equal(secured_message_context
1058 : ->application_secret.response_data_secret,
1059 : m_rsp_secret_buffer, secured_message_context->hash_size);
1060 1 : }
1061 :
1062 : /**
1063 : * Test 14: receiving a correct KEY_UPDATE message from the requester with
1064 : * the VerifyNewKey operation. The responder is setup as if a valid
1065 : * KEY_UPDATE request with the UpdateAllKeys has been previously received.
1066 : * Expected behavior: the responder accepts the request, produces a valid
1067 : * KEY_UPDATE_ACK response message, and both the request data key and the
1068 : * response data key are updated.
1069 : **/
1070 1 : static void rsp_key_update_ack_case14(void **state)
1071 : {
1072 : libspdm_return_t status;
1073 : libspdm_test_context_t *spdm_test_context;
1074 : libspdm_context_t *spdm_context;
1075 : uint32_t session_id;
1076 : libspdm_session_info_t *session_info;
1077 : libspdm_secured_message_context_t *secured_message_context;
1078 :
1079 : size_t response_size;
1080 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1081 : spdm_key_update_response_t *spdm_response;
1082 :
1083 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1084 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1085 :
1086 1 : spdm_test_context = *state;
1087 1 : spdm_context = spdm_test_context->spdm_context;
1088 1 : spdm_test_context->case_id = 0xE;
1089 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1090 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1091 :
1092 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
1093 :
1094 1 : session_info = &spdm_context->session_info[0];
1095 1 : secured_message_context = session_info->secured_message_context;
1096 :
1097 1 : libspdm_set_standard_key_update_test_secrets(
1098 1 : session_info->secured_message_context,
1099 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1100 : m_req_secret_buffer, (uint8_t)(0xEE));
1101 :
1102 : /*last request: UpdateallKeys*/
1103 1 : session_info->last_key_update_request = m_libspdm_key_update_request3;
1104 :
1105 : /*mocked major secret update*/
1106 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
1107 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
1108 1 : &secured_message_context->application_secret.request_data_secret,
1109 : LIBSPDM_MAX_HASH_SIZE);
1110 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.response_data_secret,
1111 : sizeof(secured_message_context->application_secret_backup.response_data_secret),
1112 1 : &secured_message_context->application_secret.response_data_secret,
1113 : LIBSPDM_MAX_HASH_SIZE);
1114 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1115 : secured_message_context->hash_size,
1116 : secured_message_context->application_secret
1117 1 : .request_data_secret,
1118 : secured_message_context->application_secret
1119 1 : .request_data_secret,
1120 : secured_message_context->hash_size);
1121 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1122 : secured_message_context->hash_size,
1123 : secured_message_context->application_secret
1124 1 : .response_data_secret,
1125 : secured_message_context->application_secret
1126 1 : .response_data_secret,
1127 : secured_message_context->hash_size);
1128 :
1129 : /*request side updated*/
1130 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1131 : secured_message_context->hash_size,
1132 : m_req_secret_buffer, m_req_secret_buffer,
1133 : secured_message_context->hash_size);
1134 : /*response side updated*/
1135 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1136 : secured_message_context->hash_size,
1137 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1138 : secured_message_context->hash_size);
1139 :
1140 1 : response_size = sizeof(response);
1141 1 : status = libspdm_get_response_key_update(spdm_context,
1142 : m_libspdm_key_update_request5_size,
1143 : &m_libspdm_key_update_request5,
1144 : &response_size, response);
1145 :
1146 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1147 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1148 1 : spdm_response = (void *)response;
1149 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_KEY_UPDATE_ACK);
1150 1 : assert_int_equal(spdm_response->header.param1, SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY);
1151 1 : assert_int_equal(spdm_response->header.param2, m_libspdm_key_update_request5.header.param2);
1152 1 : assert_memory_equal(secured_message_context
1153 : ->application_secret.request_data_secret,
1154 : m_req_secret_buffer, secured_message_context->hash_size);
1155 1 : assert_memory_equal(secured_message_context
1156 : ->application_secret.response_data_secret,
1157 : m_rsp_secret_buffer, secured_message_context->hash_size);
1158 1 : }
1159 :
1160 : /**
1161 : * Test 15: receiving a KEY_UPDATE message larger than specified, with the
1162 : * VerifyNewKey operation. The responder is setup as if a valid KEY_UPDATE
1163 : * request with the UpdateAllKeys has been previously received.
1164 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1165 : * produces an ERROR message indicating the InvalidRequest. Neither the
1166 : * request data key nor the response data key are rolled back to before
1167 : * the UpdateAllKeys.
1168 : **/
1169 1 : static void rsp_key_update_ack_case15(void **state)
1170 : {
1171 : libspdm_return_t status;
1172 : libspdm_test_context_t *spdm_test_context;
1173 : libspdm_context_t *spdm_context;
1174 : uint32_t session_id;
1175 : libspdm_session_info_t *session_info;
1176 : libspdm_secured_message_context_t *secured_message_context;
1177 :
1178 : size_t response_size;
1179 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1180 : spdm_key_update_response_t *spdm_response;
1181 :
1182 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1183 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1184 :
1185 1 : spdm_test_context = *state;
1186 1 : spdm_context = spdm_test_context->spdm_context;
1187 1 : spdm_test_context->case_id = 0xF;
1188 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1189 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1190 :
1191 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
1192 :
1193 1 : session_info = &spdm_context->session_info[0];
1194 1 : secured_message_context = session_info->secured_message_context;
1195 :
1196 1 : libspdm_set_standard_key_update_test_secrets(
1197 1 : session_info->secured_message_context,
1198 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1199 : m_req_secret_buffer, (uint8_t)(0xEE));
1200 :
1201 : /*last request: UpdateAllKeys*/
1202 1 : session_info->last_key_update_request = m_libspdm_key_update_request3;
1203 :
1204 : /*mocked major secret update*/
1205 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
1206 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
1207 1 : &secured_message_context->application_secret.request_data_secret,
1208 : LIBSPDM_MAX_HASH_SIZE);
1209 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.response_data_secret,
1210 : sizeof(secured_message_context->application_secret_backup.response_data_secret),
1211 1 : &secured_message_context->application_secret.response_data_secret,
1212 : LIBSPDM_MAX_HASH_SIZE);
1213 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1214 : secured_message_context->hash_size,
1215 : secured_message_context->application_secret
1216 1 : .request_data_secret,
1217 : secured_message_context->application_secret
1218 1 : .request_data_secret,
1219 : secured_message_context->hash_size);
1220 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1221 : secured_message_context->hash_size,
1222 : secured_message_context->application_secret
1223 1 : .response_data_secret,
1224 : secured_message_context->application_secret
1225 1 : .response_data_secret,
1226 : secured_message_context->hash_size);
1227 :
1228 : /*request side updated*/
1229 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1230 : secured_message_context->hash_size,
1231 : m_req_secret_buffer, m_req_secret_buffer,
1232 : secured_message_context->hash_size);
1233 : /*response side updated*/
1234 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1235 : secured_message_context->hash_size,
1236 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1237 : secured_message_context->hash_size);
1238 :
1239 1 : response_size = sizeof(response);
1240 1 : status = libspdm_get_response_key_update(spdm_context,
1241 : m_libspdm_key_update_request6_size,
1242 : &m_libspdm_key_update_request6,
1243 : &response_size, response);
1244 :
1245 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1246 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1247 1 : spdm_response = (void *)response;
1248 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1249 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1250 1 : assert_int_equal(spdm_response->header.param2, 0);
1251 1 : assert_memory_equal(secured_message_context
1252 : ->application_secret.request_data_secret,
1253 : m_req_secret_buffer, secured_message_context->hash_size);
1254 1 : assert_memory_equal(secured_message_context
1255 : ->application_secret.response_data_secret,
1256 : m_rsp_secret_buffer, secured_message_context->hash_size);
1257 1 : }
1258 :
1259 : /**
1260 : * Test 16: receiving a invalid KEY_UPDATE message from the requester with
1261 : * the VerifyNewKey operation. The responder is setup as if no valid
1262 : * KEY_UPDATE request with either the UpdateKey or UpdateAllKeys has been
1263 : * previously received.
1264 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1265 : * produces an ERROR message indicating the InvalidRequest. No keys are
1266 : * updated.
1267 : **/
1268 1 : static void rsp_key_update_ack_case16(void **state)
1269 : {
1270 : libspdm_return_t status;
1271 : libspdm_test_context_t *spdm_test_context;
1272 : libspdm_context_t *spdm_context;
1273 : uint32_t session_id;
1274 : libspdm_session_info_t *session_info;
1275 : libspdm_secured_message_context_t *secured_message_context;
1276 :
1277 : size_t response_size;
1278 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1279 : spdm_key_update_response_t *spdm_response;
1280 :
1281 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1282 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1283 :
1284 1 : spdm_test_context = *state;
1285 1 : spdm_context = spdm_test_context->spdm_context;
1286 1 : spdm_test_context->case_id = 0x10;
1287 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1288 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1289 :
1290 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
1291 :
1292 1 : session_info = &spdm_context->session_info[0];
1293 1 : secured_message_context = session_info->secured_message_context;
1294 :
1295 1 : libspdm_set_standard_key_update_test_secrets(
1296 1 : session_info->secured_message_context,
1297 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1298 : m_req_secret_buffer, (uint8_t)(0xEE));
1299 :
1300 : /*no mocked major secret update*/
1301 :
1302 : /*no keys are updated*/
1303 :
1304 1 : response_size = sizeof(response);
1305 1 : status = libspdm_get_response_key_update(spdm_context,
1306 : m_libspdm_key_update_request5_size,
1307 : &m_libspdm_key_update_request5,
1308 : &response_size, response);
1309 :
1310 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1311 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1312 1 : spdm_response = (void *)response;
1313 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1314 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1315 1 : assert_int_equal(spdm_response->header.param2, 0);
1316 1 : assert_memory_equal(secured_message_context
1317 : ->application_secret.request_data_secret,
1318 : m_req_secret_buffer, secured_message_context->hash_size);
1319 1 : assert_memory_equal(secured_message_context
1320 : ->application_secret.response_data_secret,
1321 : m_rsp_secret_buffer, secured_message_context->hash_size);
1322 1 : }
1323 :
1324 : /**
1325 : * Test 17: UpdateKey + UpdateKey, last key operation is update key, current key operation is update key
1326 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1327 : * produces an ERROR message indicating the InvalidRequest. No keys are
1328 : * updated.
1329 : **/
1330 1 : static void rsp_key_update_ack_case17(void **state)
1331 : {
1332 : libspdm_return_t status;
1333 : libspdm_test_context_t *spdm_test_context;
1334 : libspdm_context_t *spdm_context;
1335 : uint32_t session_id;
1336 : libspdm_session_info_t *session_info;
1337 : libspdm_secured_message_context_t *secured_message_context;
1338 :
1339 : size_t response_size;
1340 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1341 : spdm_key_update_response_t *spdm_response;
1342 :
1343 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1344 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1345 :
1346 1 : spdm_test_context = *state;
1347 1 : spdm_context = spdm_test_context->spdm_context;
1348 1 : spdm_test_context->case_id = 0x11;
1349 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1350 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1351 :
1352 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
1353 :
1354 1 : session_info = &spdm_context->session_info[0];
1355 1 : secured_message_context = session_info->secured_message_context;
1356 :
1357 1 : libspdm_set_standard_key_update_test_secrets(
1358 1 : session_info->secured_message_context,
1359 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1360 : m_req_secret_buffer, (uint8_t)(0xEE));
1361 :
1362 : /*last request: UpdateKey*/
1363 1 : session_info->last_key_update_request = m_libspdm_key_update_request1;
1364 :
1365 : /*mocked major secret update*/
1366 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
1367 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
1368 1 : &secured_message_context->application_secret.request_data_secret,
1369 : LIBSPDM_MAX_HASH_SIZE);
1370 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1371 : secured_message_context->hash_size,
1372 : secured_message_context->application_secret
1373 1 : .request_data_secret,
1374 : secured_message_context->application_secret
1375 1 : .request_data_secret,
1376 : secured_message_context->hash_size);
1377 :
1378 : /*request side updated (once)*/
1379 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1380 : secured_message_context->hash_size,
1381 : m_req_secret_buffer, m_req_secret_buffer,
1382 : secured_message_context->hash_size);
1383 : /*response side *not* updated*/
1384 :
1385 1 : response_size = sizeof(response);
1386 1 : status = libspdm_get_response_key_update(spdm_context,
1387 : m_libspdm_key_update_request1_size,
1388 : &m_libspdm_key_update_request1,
1389 : &response_size, response);
1390 :
1391 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1392 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1393 1 : spdm_response = (void *)response;
1394 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1395 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1396 1 : }
1397 :
1398 : /**
1399 : * Test 18: UpdateKey + UpdateAllKeys, last key operation is update key, current key operation is update all key
1400 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1401 : * produces an ERROR message indicating the InvalidRequest. No keys are
1402 : * updated.
1403 : **/
1404 1 : static void rsp_key_update_ack_case18(void **state)
1405 : {
1406 : libspdm_return_t status;
1407 : libspdm_test_context_t *spdm_test_context;
1408 : libspdm_context_t *spdm_context;
1409 : uint32_t session_id;
1410 : libspdm_session_info_t *session_info;
1411 : libspdm_secured_message_context_t *secured_message_context;
1412 :
1413 : size_t response_size;
1414 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1415 : spdm_key_update_response_t *spdm_response;
1416 :
1417 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1418 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1419 :
1420 1 : spdm_test_context = *state;
1421 1 : spdm_context = spdm_test_context->spdm_context;
1422 1 : spdm_test_context->case_id = 0x12;
1423 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1424 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1425 :
1426 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
1427 :
1428 1 : session_info = &spdm_context->session_info[0];
1429 1 : secured_message_context = session_info->secured_message_context;
1430 :
1431 1 : libspdm_set_standard_key_update_test_secrets(
1432 1 : session_info->secured_message_context,
1433 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1434 : m_req_secret_buffer, (uint8_t)(0xEE));
1435 :
1436 : /*last request: UpdateKey*/
1437 1 : session_info->last_key_update_request = m_libspdm_key_update_request1;
1438 :
1439 : /*mocked major secret update*/
1440 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
1441 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
1442 1 : &secured_message_context->application_secret.request_data_secret,
1443 : LIBSPDM_MAX_HASH_SIZE);
1444 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.response_data_secret,
1445 : sizeof(secured_message_context->application_secret_backup.response_data_secret),
1446 1 : &secured_message_context->application_secret.response_data_secret,
1447 : LIBSPDM_MAX_HASH_SIZE);
1448 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1449 : secured_message_context->hash_size,
1450 : secured_message_context->application_secret
1451 1 : .request_data_secret,
1452 : secured_message_context->application_secret
1453 1 : .request_data_secret,
1454 : secured_message_context->hash_size);
1455 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1456 : secured_message_context->hash_size,
1457 : secured_message_context->application_secret
1458 1 : .response_data_secret,
1459 : secured_message_context->application_secret
1460 1 : .response_data_secret,
1461 : secured_message_context->hash_size);
1462 :
1463 : /*request side updated (once)*/
1464 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1465 : secured_message_context->hash_size,
1466 : m_req_secret_buffer, m_req_secret_buffer,
1467 : secured_message_context->hash_size);
1468 : /*response side updated (once)*/
1469 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1470 : secured_message_context->hash_size,
1471 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1472 : secured_message_context->hash_size);
1473 :
1474 1 : response_size = sizeof(response);
1475 : /*UpdateAllKeys*/
1476 1 : status = libspdm_get_response_key_update(spdm_context,
1477 : m_libspdm_key_update_request3_size,
1478 : &m_libspdm_key_update_request3,
1479 : &response_size, response);
1480 :
1481 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1482 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1483 1 : spdm_response = (void *)response;
1484 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1485 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1486 1 : }
1487 :
1488 : /**
1489 : * Test 19:UpdateAllKeys + UpdateKey, last key operation is update all key, current key operation is update key
1490 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1491 : * produces an ERROR message indicating the InvalidRequest. No keys are
1492 : * updated.
1493 : **/
1494 1 : static void rsp_key_update_ack_case19(void **state)
1495 : {
1496 : libspdm_return_t status;
1497 : libspdm_test_context_t *spdm_test_context;
1498 : libspdm_context_t *spdm_context;
1499 : uint32_t session_id;
1500 : libspdm_session_info_t *session_info;
1501 :
1502 : size_t response_size;
1503 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1504 : spdm_key_update_response_t *spdm_response;
1505 :
1506 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1507 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1508 :
1509 1 : spdm_test_context = *state;
1510 1 : spdm_context = spdm_test_context->spdm_context;
1511 1 : spdm_test_context->case_id = 0x13;
1512 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1513 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1514 :
1515 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
1516 :
1517 1 : session_info = &spdm_context->session_info[0];
1518 :
1519 1 : libspdm_set_standard_key_update_test_secrets(
1520 1 : session_info->secured_message_context,
1521 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1522 : m_req_secret_buffer, (uint8_t)(0xEE));
1523 :
1524 : /*last request: UpdateAllKeys*/
1525 1 : session_info->last_key_update_request = m_libspdm_key_update_request3;
1526 :
1527 : /*UpdateKey*/
1528 1 : response_size = sizeof(response);
1529 1 : status = libspdm_get_response_key_update(spdm_context,
1530 : m_libspdm_key_update_request1_size,
1531 : &m_libspdm_key_update_request1,
1532 : &response_size, response);
1533 :
1534 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1535 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1536 1 : spdm_response = (void *)response;
1537 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1538 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1539 1 : }
1540 :
1541 : /**
1542 : * Test 20:UpdateAllKeys + UpdateALlKeys, last key operation is update all key, current key operation is update all key
1543 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1544 : * produces an ERROR message indicating the InvalidRequest. No keys are
1545 : * updated.
1546 : **/
1547 1 : static void rsp_key_update_ack_case20(void **state)
1548 : {
1549 : libspdm_return_t status;
1550 : libspdm_test_context_t *spdm_test_context;
1551 : libspdm_context_t *spdm_context;
1552 : uint32_t session_id;
1553 : libspdm_session_info_t *session_info;
1554 :
1555 : size_t response_size;
1556 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1557 : spdm_key_update_response_t *spdm_response;
1558 :
1559 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1560 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1561 :
1562 1 : spdm_test_context = *state;
1563 1 : spdm_context = spdm_test_context->spdm_context;
1564 1 : spdm_test_context->case_id = 0x14;
1565 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1566 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1567 :
1568 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
1569 :
1570 1 : session_info = &spdm_context->session_info[0];
1571 :
1572 1 : libspdm_set_standard_key_update_test_secrets(
1573 1 : session_info->secured_message_context,
1574 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1575 : m_req_secret_buffer, (uint8_t)(0xEE));
1576 :
1577 : /*last request: UpdateAllKeys*/
1578 1 : session_info->last_key_update_request = m_libspdm_key_update_request3;
1579 :
1580 : /*UpdateAllKeys*/
1581 1 : response_size = sizeof(response);
1582 1 : status = libspdm_get_response_key_update(spdm_context,
1583 : m_libspdm_key_update_request3_size,
1584 : &m_libspdm_key_update_request3,
1585 : &response_size, response);
1586 :
1587 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1588 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1589 1 : spdm_response = (void *)response;
1590 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1591 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1592 1 : }
1593 :
1594 : /**
1595 : * Test 21: :VerifyNewKey + UpdateKey, last key operation is verify key, current key operation is update key
1596 : * Expected behavior: the responder accepts the request, produces a valid
1597 : * KEY_UPDATE_ACK response message, and the request data key is updated.
1598 : **/
1599 1 : static void rsp_key_update_ack_case21(void **state)
1600 : {
1601 : libspdm_return_t status;
1602 : libspdm_test_context_t *spdm_test_context;
1603 : libspdm_context_t *spdm_context;
1604 : uint32_t session_id;
1605 : libspdm_session_info_t *session_info;
1606 : libspdm_secured_message_context_t *secured_message_context;
1607 :
1608 : size_t response_size;
1609 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1610 : spdm_key_update_response_t *spdm_response;
1611 :
1612 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1613 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1614 :
1615 1 : spdm_test_context = *state;
1616 1 : spdm_context = spdm_test_context->spdm_context;
1617 1 : spdm_test_context->case_id = 0x15;
1618 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1619 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1620 :
1621 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
1622 :
1623 1 : session_info = &spdm_context->session_info[0];
1624 1 : secured_message_context = session_info->secured_message_context;
1625 :
1626 1 : libspdm_set_standard_key_update_test_secrets(
1627 1 : session_info->secured_message_context,
1628 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1629 : m_req_secret_buffer, (uint8_t)(0xEE));
1630 :
1631 : /*request side updated*/
1632 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1633 : secured_message_context->hash_size,
1634 : m_req_secret_buffer, m_req_secret_buffer,
1635 : secured_message_context->hash_size);
1636 : /*response side *not* updated*/
1637 :
1638 : /*last request: verify new key*/
1639 1 : session_info->last_key_update_request = m_libspdm_key_update_request5;
1640 : /*verify new key clear last_key_update_request*/
1641 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
1642 :
1643 : /*updatekey*/
1644 1 : response_size = sizeof(response);
1645 1 : status = libspdm_get_response_key_update(spdm_context,
1646 : m_libspdm_key_update_request1_size,
1647 : &m_libspdm_key_update_request1,
1648 : &response_size, response);
1649 :
1650 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1651 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1652 1 : spdm_response = (void *)response;
1653 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_KEY_UPDATE_ACK);
1654 1 : assert_int_equal(spdm_response->header.param1, SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
1655 1 : assert_int_equal(spdm_response->header.param2, m_libspdm_key_update_request1.header.param2);
1656 1 : assert_memory_equal(secured_message_context
1657 : ->application_secret.request_data_secret,
1658 : m_req_secret_buffer, secured_message_context->hash_size);
1659 1 : assert_memory_equal(secured_message_context
1660 : ->application_secret.response_data_secret,
1661 : m_rsp_secret_buffer, secured_message_context->hash_size);
1662 1 : }
1663 :
1664 : /**
1665 : * Test 22: :VerifyNewKey + UpdateAllKeys, last key operation is verify key, current key operation is update all key
1666 : * Expected behavior: the responder accepts the request, produces a valid
1667 : * KEY_UPDATE_ACK response message, and the request data key is updated.
1668 : **/
1669 1 : static void rsp_key_update_ack_case22(void **state)
1670 : {
1671 : libspdm_return_t status;
1672 : libspdm_test_context_t *spdm_test_context;
1673 : libspdm_context_t *spdm_context;
1674 : uint32_t session_id;
1675 : libspdm_session_info_t *session_info;
1676 : libspdm_secured_message_context_t *secured_message_context;
1677 :
1678 : size_t response_size;
1679 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1680 : spdm_key_update_response_t *spdm_response;
1681 :
1682 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1683 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1684 :
1685 1 : spdm_test_context = *state;
1686 1 : spdm_context = spdm_test_context->spdm_context;
1687 1 : spdm_test_context->case_id = 0x16;
1688 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1689 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1690 :
1691 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
1692 :
1693 1 : session_info = &spdm_context->session_info[0];
1694 1 : secured_message_context = session_info->secured_message_context;
1695 :
1696 1 : libspdm_set_standard_key_update_test_secrets(
1697 1 : session_info->secured_message_context,
1698 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1699 : m_req_secret_buffer, (uint8_t)(0xEE));
1700 :
1701 : /*request side updated*/
1702 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1703 : secured_message_context->hash_size,
1704 : m_req_secret_buffer, m_req_secret_buffer,
1705 : secured_message_context->hash_size);
1706 : /*response side updated*/
1707 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1708 : secured_message_context->hash_size,
1709 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1710 : secured_message_context->hash_size);
1711 :
1712 : /*last request: verify new key*/
1713 1 : session_info->last_key_update_request = m_libspdm_key_update_request5;
1714 : /*clear last_key_update_request*/
1715 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
1716 :
1717 1 : response_size = sizeof(response);
1718 1 : status = libspdm_get_response_key_update(spdm_context,
1719 : m_libspdm_key_update_request3_size,
1720 : &m_libspdm_key_update_request3,
1721 : &response_size, response);
1722 :
1723 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1724 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1725 1 : spdm_response = (void *)response;
1726 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_KEY_UPDATE_ACK);
1727 1 : assert_int_equal(spdm_response->header.param1,
1728 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS);
1729 1 : assert_int_equal(spdm_response->header.param2, m_libspdm_key_update_request3.header.param2);
1730 1 : assert_memory_equal(secured_message_context
1731 : ->application_secret.request_data_secret,
1732 : m_req_secret_buffer, secured_message_context->hash_size);
1733 1 : assert_memory_equal(secured_message_context
1734 : ->application_secret.response_data_secret,
1735 : m_rsp_secret_buffer, secured_message_context->hash_size);
1736 1 : }
1737 :
1738 : /**
1739 : * Test 23: VerifyNewKey + VerifyNewKey, last key operation is verify key, current key operation is verify key
1740 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1741 : * produces an ERROR message indicating the InvalidRequest. No keys are
1742 : * updated.
1743 : **/
1744 1 : static void rsp_key_update_ack_case23(void **state)
1745 : {
1746 : libspdm_return_t status;
1747 : libspdm_test_context_t *spdm_test_context;
1748 : libspdm_context_t *spdm_context;
1749 : uint32_t session_id;
1750 : libspdm_session_info_t *session_info;
1751 :
1752 : size_t response_size;
1753 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1754 : spdm_key_update_response_t *spdm_response;
1755 :
1756 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1757 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1758 :
1759 1 : spdm_test_context = *state;
1760 1 : spdm_context = spdm_test_context->spdm_context;
1761 1 : spdm_test_context->case_id = 0x17;
1762 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1763 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1764 :
1765 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
1766 :
1767 1 : session_info = &spdm_context->session_info[0];
1768 :
1769 1 : libspdm_set_standard_key_update_test_secrets(
1770 1 : session_info->secured_message_context,
1771 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1772 : m_req_secret_buffer, (uint8_t)(0xEE));
1773 :
1774 : /*last request: VerifyNewKey*/
1775 1 : session_info->last_key_update_request = m_libspdm_key_update_request5;
1776 : /*clear last_key_update_request*/
1777 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
1778 :
1779 : /*VerifyNewKey*/
1780 1 : response_size = sizeof(response);
1781 1 : status = libspdm_get_response_key_update(spdm_context,
1782 : m_libspdm_key_update_request5_size,
1783 : &m_libspdm_key_update_request5,
1784 : &response_size, response);
1785 :
1786 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1787 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1788 1 : spdm_response = (void *)response;
1789 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1790 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1791 1 : }
1792 :
1793 : /**
1794 : * Test 24: :other command + UpdateKey, last request is not key_update command, current key operation is update key
1795 : * Expected behavior: the responder accepts the request, produces a valid
1796 : * KEY_UPDATE_ACK response message, and the request data key is updated.
1797 : **/
1798 1 : static void rsp_key_update_ack_case24(void **state)
1799 : {
1800 : libspdm_return_t status;
1801 : libspdm_test_context_t *spdm_test_context;
1802 : libspdm_context_t *spdm_context;
1803 : uint32_t session_id;
1804 : libspdm_session_info_t *session_info;
1805 : libspdm_secured_message_context_t *secured_message_context;
1806 :
1807 : size_t response_size;
1808 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1809 : spdm_key_update_response_t *spdm_response;
1810 :
1811 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1812 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1813 :
1814 1 : spdm_test_context = *state;
1815 1 : spdm_context = spdm_test_context->spdm_context;
1816 1 : spdm_test_context->case_id = 0x18;
1817 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1818 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1819 :
1820 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
1821 :
1822 1 : session_info = &spdm_context->session_info[0];
1823 1 : secured_message_context = session_info->secured_message_context;
1824 :
1825 1 : libspdm_set_standard_key_update_test_secrets(
1826 1 : session_info->secured_message_context,
1827 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1828 : m_req_secret_buffer, (uint8_t)(0xEE));
1829 :
1830 : /*request side updated*/
1831 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1832 : secured_message_context->hash_size,
1833 : m_req_secret_buffer, m_req_secret_buffer,
1834 : secured_message_context->hash_size);
1835 : /*response side *not* updated*/
1836 :
1837 : /*other command with cleared last_key_update_request*/
1838 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
1839 :
1840 : /*updatekey*/
1841 1 : response_size = sizeof(response);
1842 1 : status = libspdm_get_response_key_update(spdm_context,
1843 : m_libspdm_key_update_request1_size,
1844 : &m_libspdm_key_update_request1,
1845 : &response_size, response);
1846 :
1847 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1848 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1849 1 : spdm_response = (void *)response;
1850 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_KEY_UPDATE_ACK);
1851 1 : assert_int_equal(spdm_response->header.param1, SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
1852 1 : assert_int_equal(spdm_response->header.param2, m_libspdm_key_update_request1.header.param2);
1853 1 : assert_memory_equal(secured_message_context
1854 : ->application_secret.request_data_secret,
1855 : m_req_secret_buffer, secured_message_context->hash_size);
1856 1 : assert_memory_equal(secured_message_context
1857 : ->application_secret.response_data_secret,
1858 : m_rsp_secret_buffer, secured_message_context->hash_size);
1859 1 : }
1860 :
1861 : /**
1862 : * Test 25: :other command + UpdateAllKeys, last request is not key_update command, current key operation is update all key
1863 : * Expected behavior: the responder accepts the request, produces a valid
1864 : * KEY_UPDATE_ACK response message, and the request data key is updated.
1865 : **/
1866 1 : static void rsp_key_update_ack_case25(void **state)
1867 : {
1868 : libspdm_return_t status;
1869 : libspdm_test_context_t *spdm_test_context;
1870 : libspdm_context_t *spdm_context;
1871 : uint32_t session_id;
1872 : libspdm_session_info_t *session_info;
1873 : libspdm_secured_message_context_t *secured_message_context;
1874 :
1875 : size_t response_size;
1876 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1877 : spdm_key_update_response_t *spdm_response;
1878 :
1879 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1880 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1881 :
1882 1 : spdm_test_context = *state;
1883 1 : spdm_context = spdm_test_context->spdm_context;
1884 1 : spdm_test_context->case_id = 0x19;
1885 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1886 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1887 :
1888 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
1889 :
1890 1 : session_info = &spdm_context->session_info[0];
1891 1 : secured_message_context = session_info->secured_message_context;
1892 :
1893 1 : libspdm_set_standard_key_update_test_secrets(
1894 1 : session_info->secured_message_context,
1895 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1896 : m_req_secret_buffer, (uint8_t)(0xEE));
1897 :
1898 : /*request side updated*/
1899 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1900 : secured_message_context->hash_size,
1901 : m_req_secret_buffer, m_req_secret_buffer,
1902 : secured_message_context->hash_size);
1903 : /*response side updated*/
1904 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1905 : secured_message_context->hash_size,
1906 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1907 : secured_message_context->hash_size);
1908 :
1909 : /*other command with cleared last_key_update_request*/
1910 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
1911 :
1912 1 : response_size = sizeof(response);
1913 1 : status = libspdm_get_response_key_update(spdm_context,
1914 : m_libspdm_key_update_request3_size,
1915 : &m_libspdm_key_update_request3,
1916 : &response_size, response);
1917 :
1918 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1919 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1920 1 : spdm_response = (void *)response;
1921 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_KEY_UPDATE_ACK);
1922 1 : assert_int_equal(spdm_response->header.param1,
1923 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS);
1924 1 : assert_int_equal(spdm_response->header.param2, m_libspdm_key_update_request3.header.param2);
1925 1 : assert_memory_equal(secured_message_context
1926 : ->application_secret.request_data_secret,
1927 : m_req_secret_buffer, secured_message_context->hash_size);
1928 1 : assert_memory_equal(secured_message_context
1929 : ->application_secret.response_data_secret,
1930 : m_rsp_secret_buffer, secured_message_context->hash_size);
1931 1 : }
1932 :
1933 : /**
1934 : * Test 26: :other command + VerifyNewKey, last request is not key_update command, current key operation is verify key
1935 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1936 : * produces an ERROR message indicating the InvalidRequest. No keys are
1937 : * updated.
1938 : **/
1939 1 : static void rsp_key_update_ack_case26(void **state)
1940 : {
1941 : libspdm_return_t status;
1942 : libspdm_test_context_t *spdm_test_context;
1943 : libspdm_context_t *spdm_context;
1944 : uint32_t session_id;
1945 : libspdm_session_info_t *session_info;
1946 : libspdm_secured_message_context_t *secured_message_context;
1947 :
1948 : size_t response_size;
1949 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1950 : spdm_key_update_response_t *spdm_response;
1951 :
1952 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1953 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1954 :
1955 1 : spdm_test_context = *state;
1956 1 : spdm_context = spdm_test_context->spdm_context;
1957 1 : spdm_test_context->case_id = 0x1A;
1958 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1959 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1960 :
1961 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
1962 :
1963 1 : session_info = &spdm_context->session_info[0];
1964 1 : secured_message_context = session_info->secured_message_context;
1965 :
1966 1 : libspdm_set_standard_key_update_test_secrets(
1967 1 : session_info->secured_message_context,
1968 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1969 : m_req_secret_buffer, (uint8_t)(0xEE));
1970 :
1971 : /*request side updated*/
1972 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1973 : secured_message_context->hash_size,
1974 : m_req_secret_buffer, m_req_secret_buffer,
1975 : secured_message_context->hash_size);
1976 : /*response side updated*/
1977 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1978 : secured_message_context->hash_size,
1979 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1980 : secured_message_context->hash_size);
1981 :
1982 : /*other command with cleared last_key_update_request*/
1983 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
1984 :
1985 : /*VerifyNewKey*/
1986 1 : response_size = sizeof(response);
1987 1 : status = libspdm_get_response_key_update(spdm_context,
1988 : m_libspdm_key_update_request5_size,
1989 : &m_libspdm_key_update_request5,
1990 : &response_size, response);
1991 :
1992 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1993 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1994 1 : spdm_response = (void *)response;
1995 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1996 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1997 1 : }
1998 :
1999 : /**
2000 : * Test 27: receiving a KEY_UPDATE message with a reserved operation code.
2001 : * Expected behavior: the responder refuses the KEY_UPDATE message and
2002 : * produces an ERROR message indicating the InvalidRequest. No keys
2003 : * are updated.
2004 : **/
2005 1 : static void rsp_key_update_ack_case27(void **state)
2006 : {
2007 : libspdm_return_t status;
2008 : libspdm_test_context_t *spdm_test_context;
2009 : libspdm_context_t *spdm_context;
2010 : uint32_t session_id;
2011 : libspdm_session_info_t *session_info;
2012 : libspdm_secured_message_context_t *secured_message_context;
2013 :
2014 : size_t response_size;
2015 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2016 : spdm_key_update_response_t *spdm_response;
2017 :
2018 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
2019 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
2020 :
2021 1 : spdm_test_context = *state;
2022 1 : spdm_context = spdm_test_context->spdm_context;
2023 1 : spdm_test_context->case_id = 0x1B;
2024 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2025 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2026 :
2027 1 : libspdm_set_standard_key_update_test_state( spdm_context, &session_id);
2028 :
2029 1 : session_info = &spdm_context->session_info[0];
2030 1 : secured_message_context = session_info->secured_message_context;
2031 :
2032 1 : libspdm_set_standard_key_update_test_secrets(
2033 1 : session_info->secured_message_context,
2034 : m_rsp_secret_buffer, (uint8_t)(0xFF),
2035 : m_req_secret_buffer, (uint8_t)(0xEE));
2036 :
2037 : /*no keys are updated*/
2038 :
2039 1 : response_size = sizeof(response);
2040 1 : status = libspdm_get_response_key_update(spdm_context,
2041 : m_libspdm_key_update_request10_size,
2042 : &m_libspdm_key_update_request10,
2043 : &response_size, response);
2044 :
2045 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2046 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2047 1 : spdm_response = (void *)response;
2048 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
2049 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
2050 1 : assert_int_equal(spdm_response->header.param2, 0);
2051 1 : assert_memory_equal(secured_message_context
2052 : ->application_secret.request_data_secret,
2053 : m_req_secret_buffer, secured_message_context->hash_size);
2054 1 : assert_memory_equal(secured_message_context
2055 : ->application_secret.response_data_secret,
2056 : m_rsp_secret_buffer, secured_message_context->hash_size);
2057 1 : }
2058 :
2059 1 : int libspdm_rsp_key_update_ack_test(void)
2060 : {
2061 1 : const struct CMUnitTest test_cases[] = {
2062 : /* Success Case -- UpdateKey*/
2063 : cmocka_unit_test(rsp_key_update_ack_case1),
2064 : /* Bad request size*/
2065 : cmocka_unit_test(rsp_key_update_ack_case2),
2066 : /* response_state: SPDM_RESPONSE_STATE_BUSY*/
2067 : cmocka_unit_test(rsp_key_update_ack_case3),
2068 : /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
2069 : cmocka_unit_test(rsp_key_update_ack_case4),
2070 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
2071 : /* response_state: SPDM_RESPONSE_STATE_NOT_READY*/
2072 : cmocka_unit_test(rsp_key_update_ack_case5),
2073 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
2074 : /* connection_state Check*/
2075 : cmocka_unit_test(rsp_key_update_ack_case6),
2076 : /* Buffer reset*/
2077 : cmocka_unit_test(rsp_key_update_ack_case7),
2078 : /* Unsupported KEY_UPD capabilities*/
2079 : cmocka_unit_test(rsp_key_update_ack_case8),
2080 : /* Uninitialized session*/
2081 : cmocka_unit_test(rsp_key_update_ack_case9),
2082 : /* Success Case -- UpdateAllKeys*/
2083 : cmocka_unit_test(rsp_key_update_ack_case10),
2084 : /* Bad request size*/
2085 : cmocka_unit_test(rsp_key_update_ack_case11),
2086 : /* UpdateKey + VerifyNewKey: Success*/
2087 : cmocka_unit_test(rsp_key_update_ack_case12),
2088 : /* Bad request size*/
2089 : cmocka_unit_test(rsp_key_update_ack_case13),
2090 : /* UpdateALLKeys + VerifyNewKey: Success*/
2091 : cmocka_unit_test(rsp_key_update_ack_case14),
2092 : /* Bad request size*/
2093 : cmocka_unit_test(rsp_key_update_ack_case15),
2094 : /* Uninitialized key update*/
2095 : cmocka_unit_test(rsp_key_update_ack_case16),
2096 : /* UpdateKey + UpdateKey: failed*/
2097 : cmocka_unit_test(rsp_key_update_ack_case17),
2098 : /* UpdateKey + UpdateAllKeys: failed*/
2099 : cmocka_unit_test(rsp_key_update_ack_case18),
2100 : /* UpdateALLKeys + UpdateKey: failed*/
2101 : cmocka_unit_test(rsp_key_update_ack_case19),
2102 : /* UpdateALLKeys + UpdateALLKeys: failed*/
2103 : cmocka_unit_test(rsp_key_update_ack_case20),
2104 : /* VerifyNewKey + UpdateKey: success*/
2105 : cmocka_unit_test(rsp_key_update_ack_case21),
2106 : /* VerifyNewKey + UpdateAllKeys: success*/
2107 : cmocka_unit_test(rsp_key_update_ack_case22),
2108 : /* VerifyNewKey + VerifyNewKey: failed*/
2109 : cmocka_unit_test(rsp_key_update_ack_case23),
2110 : /* other command + UpdateKey: success*/
2111 : cmocka_unit_test(rsp_key_update_ack_case24),
2112 : /* other command + UpdateAllKeys: success*/
2113 : cmocka_unit_test(rsp_key_update_ack_case25),
2114 : /* other command + VerifyNewKey: failed*/
2115 : cmocka_unit_test(rsp_key_update_ack_case26),
2116 : /* Invalid operation,other key_update operation: failed*/
2117 : cmocka_unit_test(rsp_key_update_ack_case27),
2118 : };
2119 :
2120 1 : libspdm_test_context_t test_context = {
2121 : LIBSPDM_TEST_CONTEXT_VERSION,
2122 : false,
2123 : };
2124 :
2125 1 : libspdm_setup_test_context(&test_context);
2126 :
2127 1 : return cmocka_run_group_tests(test_cases,
2128 : libspdm_unit_test_group_setup,
2129 : libspdm_unit_test_group_teardown);
2130 : }
2131 :
2132 : #endif /* (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_CAP) */
|
