Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 : #include "internal/libspdm_secured_message_lib.h"
10 :
11 : #if (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_CAP)
12 :
13 : spdm_key_update_request_t m_libspdm_key_update_request1 = {
14 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
15 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x3 }
16 : };
17 : size_t m_libspdm_key_update_request1_size = sizeof(m_libspdm_key_update_request1);
18 :
19 : spdm_key_update_request_t m_libspdm_key_update_request2 = {
20 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
21 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x3 }
22 : };
23 : size_t m_libspdm_key_update_request2_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
24 :
25 : spdm_key_update_request_t m_libspdm_key_update_request3 = {
26 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
27 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x71 }
28 : };
29 : size_t m_libspdm_key_update_request3_size = sizeof(m_libspdm_key_update_request3);
30 :
31 : spdm_key_update_request_t m_libspdm_key_update_request4 = {
32 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
33 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x71 }
34 : };
35 : size_t m_libspdm_key_update_request4_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
36 :
37 : spdm_key_update_request_t m_libspdm_key_update_request5 = {
38 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
39 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x4A }
40 : };
41 : size_t m_libspdm_key_update_request5_size = sizeof(m_libspdm_key_update_request5);
42 :
43 : spdm_key_update_request_t m_libspdm_key_update_request6 = {
44 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
45 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x4A }
46 : };
47 : size_t m_libspdm_key_update_request6_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
48 :
49 : spdm_key_update_request_t m_libspdm_key_update_request7 = {
50 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
51 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY, 0x92 }
52 : };
53 : size_t m_libspdm_key_update_request7_size = sizeof(m_libspdm_key_update_request7);
54 :
55 : spdm_key_update_request_t m_libspdm_key_update_request8 = {
56 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
57 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS, 0x13 }
58 : };
59 : size_t m_libspdm_key_update_request8_size = sizeof(m_libspdm_key_update_request8);
60 :
61 : spdm_key_update_request_t m_libspdm_key_update_request9 = {
62 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE,
63 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY, 0x22 }
64 : };
65 : size_t m_libspdm_key_update_request9_size = sizeof(m_libspdm_key_update_request9);
66 :
67 : spdm_key_update_request_t m_libspdm_key_update_request10 = {
68 : { SPDM_MESSAGE_VERSION_11, SPDM_KEY_UPDATE, 0xFF, 0x12 }
69 : };
70 : size_t m_libspdm_key_update_request10_size = sizeof(m_libspdm_key_update_request10);
71 :
72 27 : static void libspdm_set_standard_key_update_test_state(
73 : libspdm_context_t *spdm_context, uint32_t *session_id)
74 : {
75 : libspdm_session_info_t *session_info;
76 :
77 27 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
78 27 : spdm_context->connection_info.connection_state =
79 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
80 27 : spdm_context->connection_info.capability.flags |=
81 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP;
82 27 : spdm_context->connection_info.capability.flags |=
83 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP;
84 27 : spdm_context->connection_info.capability.flags |=
85 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP;
86 27 : spdm_context->local_context.capability.flags |=
87 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP;
88 27 : spdm_context->local_context.capability.flags |=
89 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP;
90 27 : spdm_context->local_context.capability.flags |=
91 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP;
92 :
93 27 : spdm_context->transcript.message_a.buffer_size = 0;
94 27 : spdm_context->connection_info.algorithm.base_hash_algo =
95 : m_libspdm_use_hash_algo;
96 27 : spdm_context->connection_info.algorithm.base_asym_algo =
97 : m_libspdm_use_asym_algo;
98 27 : spdm_context->connection_info.algorithm.dhe_named_group =
99 : m_libspdm_use_dhe_algo;
100 27 : spdm_context->connection_info.algorithm.aead_cipher_suite =
101 : m_libspdm_use_aead_algo;
102 :
103 27 : *session_id = 0xFFFFFFFF;
104 27 : spdm_context->latest_session_id = *session_id;
105 27 : spdm_context->last_spdm_request_session_id_valid = true;
106 27 : spdm_context->last_spdm_request_session_id = *session_id;
107 27 : session_info = &spdm_context->session_info[0];
108 27 : libspdm_session_info_init(spdm_context, session_info, *session_id,
109 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
110 27 : libspdm_secured_message_set_session_state(
111 : session_info->secured_message_context,
112 : LIBSPDM_SESSION_STATE_ESTABLISHED);
113 27 : }
114 :
115 27 : static void libspdm_set_standard_key_update_test_secrets(
116 : libspdm_secured_message_context_t *secured_message_context,
117 : uint8_t *m_rsp_secret_buffer, uint8_t rsp_secret_fill,
118 : uint8_t *m_req_secret_buffer, uint8_t req_secret_fill)
119 : {
120 27 : libspdm_set_mem(m_rsp_secret_buffer, secured_message_context
121 : ->hash_size, rsp_secret_fill);
122 27 : libspdm_set_mem(m_req_secret_buffer, secured_message_context
123 : ->hash_size, req_secret_fill);
124 :
125 27 : libspdm_copy_mem(secured_message_context->application_secret.response_data_secret,
126 : sizeof(secured_message_context->application_secret.response_data_secret),
127 : m_rsp_secret_buffer, secured_message_context->aead_key_size);
128 27 : libspdm_copy_mem(secured_message_context->application_secret.request_data_secret,
129 : sizeof(secured_message_context->application_secret.request_data_secret),
130 : m_req_secret_buffer, secured_message_context->aead_key_size);
131 :
132 27 : libspdm_set_mem(secured_message_context->application_secret
133 27 : .response_data_encryption_key,
134 : secured_message_context->aead_key_size, (uint8_t)(0xFF));
135 27 : libspdm_set_mem(secured_message_context->application_secret
136 27 : .response_data_salt,
137 : secured_message_context->aead_iv_size, (uint8_t)(0xFF));
138 :
139 :
140 27 : libspdm_set_mem(secured_message_context->application_secret
141 27 : .request_data_encryption_key,
142 : secured_message_context->aead_key_size, (uint8_t)(0xEE));
143 27 : libspdm_set_mem(secured_message_context->application_secret
144 27 : .request_data_salt,
145 : secured_message_context->aead_iv_size, (uint8_t)(0xEE));
146 :
147 : secured_message_context->application_secret.
148 27 : response_data_sequence_number = 0;
149 : secured_message_context->application_secret.
150 27 : request_data_sequence_number = 0;
151 27 : }
152 :
153 30 : static void libspdm_compute_secret_update(spdm_version_number_t spdm_version,
154 : size_t hash_size,
155 : const uint8_t *in_secret, uint8_t *out_secret,
156 : size_t out_secret_size)
157 : {
158 : uint8_t bin_str9[128];
159 : size_t bin_str9_size;
160 :
161 30 : bin_str9_size = sizeof(bin_str9);
162 30 : libspdm_bin_concat(spdm_version,
163 : SPDM_BIN_STR_9_LABEL, sizeof(SPDM_BIN_STR_9_LABEL) - 1,
164 30 : NULL, (uint16_t)hash_size, hash_size, bin_str9,
165 : &bin_str9_size);
166 :
167 30 : libspdm_hkdf_expand(m_libspdm_use_hash_algo, in_secret, hash_size, bin_str9,
168 : bin_str9_size, out_secret, out_secret_size);
169 30 : }
170 :
171 : /**
172 : * Test 1: receiving a correct KEY_UPDATE message from the requester with
173 : * the UpdateKey operation.
174 : * Expected behavior: the responder accepts the request, produces a valid
175 : * KEY_UPDATE_ACK response message, and the request data key is updated.
176 : **/
177 1 : static void rsp_key_update_ack_case1(void **state)
178 : {
179 : libspdm_return_t status;
180 : libspdm_test_context_t *spdm_test_context;
181 : libspdm_context_t *spdm_context;
182 : uint32_t session_id;
183 : libspdm_session_info_t *session_info;
184 : libspdm_secured_message_context_t *secured_message_context;
185 :
186 : size_t response_size;
187 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
188 : spdm_key_update_response_t *spdm_response;
189 :
190 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
191 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
192 :
193 1 : spdm_test_context = *state;
194 1 : spdm_context = spdm_test_context->spdm_context;
195 1 : spdm_test_context->case_id = 0x1;
196 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
197 : SPDM_VERSION_NUMBER_SHIFT_BIT;
198 :
199 1 : libspdm_set_standard_key_update_test_state(
200 : spdm_context, &session_id);
201 :
202 1 : session_info = &spdm_context->session_info[0];
203 1 : secured_message_context = session_info->secured_message_context;
204 :
205 1 : libspdm_set_standard_key_update_test_secrets(
206 1 : session_info->secured_message_context,
207 : m_rsp_secret_buffer, (uint8_t)(0xFF),
208 : m_req_secret_buffer, (uint8_t)(0xEE));
209 :
210 : /*request side updated*/
211 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
212 : secured_message_context->hash_size,
213 : m_req_secret_buffer, m_req_secret_buffer,
214 : secured_message_context->hash_size);
215 : /*response side *not* updated*/
216 :
217 1 : response_size = sizeof(response);
218 1 : status = libspdm_get_response_key_update(spdm_context,
219 : m_libspdm_key_update_request1_size,
220 : &m_libspdm_key_update_request1,
221 : &response_size, response);
222 :
223 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
224 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
225 1 : spdm_response = (void *)response;
226 1 : assert_int_equal(spdm_response->header.request_response_code,
227 : SPDM_KEY_UPDATE_ACK);
228 1 : assert_int_equal(spdm_response->header.param1,
229 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
230 1 : assert_int_equal(spdm_response->header.param2,
231 : m_libspdm_key_update_request1.header.param2);
232 1 : assert_memory_equal(secured_message_context
233 : ->application_secret.request_data_secret,
234 : m_req_secret_buffer, secured_message_context->hash_size);
235 1 : assert_memory_equal(secured_message_context
236 : ->application_secret.response_data_secret,
237 : m_rsp_secret_buffer, secured_message_context->hash_size);
238 1 : }
239 :
240 : /**
241 : * Test 2: receiving a KEY_UPDATE message larger than specified, with the
242 : * UpdateKey operation.
243 : * Expected behavior: the responder refuses the KEY_UPDATE message and
244 : * produces an ERROR message indicating the InvalidRequest. No keys
245 : * are updated.
246 : **/
247 1 : static void rsp_key_update_ack_case2(void **state)
248 : {
249 : libspdm_return_t status;
250 : libspdm_test_context_t *spdm_test_context;
251 : libspdm_context_t *spdm_context;
252 : uint32_t session_id;
253 : libspdm_session_info_t *session_info;
254 : libspdm_secured_message_context_t *secured_message_context;
255 :
256 : size_t response_size;
257 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
258 : spdm_key_update_response_t *spdm_response;
259 :
260 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
261 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
262 :
263 1 : spdm_test_context = *state;
264 1 : spdm_context = spdm_test_context->spdm_context;
265 1 : spdm_test_context->case_id = 0x2;
266 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
267 : SPDM_VERSION_NUMBER_SHIFT_BIT;
268 :
269 1 : libspdm_set_standard_key_update_test_state(
270 : spdm_context, &session_id);
271 :
272 1 : session_info = &spdm_context->session_info[0];
273 1 : secured_message_context = session_info->secured_message_context;
274 :
275 1 : libspdm_set_standard_key_update_test_secrets(
276 1 : session_info->secured_message_context,
277 : m_rsp_secret_buffer, (uint8_t)(0xFF),
278 : m_req_secret_buffer, (uint8_t)(0xEE));
279 :
280 : /*no keys are updated*/
281 :
282 1 : response_size = sizeof(response);
283 1 : status = libspdm_get_response_key_update(spdm_context,
284 : m_libspdm_key_update_request2_size,
285 : &m_libspdm_key_update_request2,
286 : &response_size, response);
287 :
288 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
289 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
290 1 : spdm_response = (void *)response;
291 1 : assert_int_equal(spdm_response->header.request_response_code,
292 : SPDM_ERROR);
293 1 : assert_int_equal(spdm_response->header.param1,
294 : SPDM_ERROR_CODE_INVALID_REQUEST);
295 1 : assert_int_equal(spdm_response->header.param2, 0);
296 1 : assert_memory_equal(secured_message_context
297 : ->application_secret.request_data_secret,
298 : m_req_secret_buffer, secured_message_context->hash_size);
299 1 : assert_memory_equal(secured_message_context
300 : ->application_secret.response_data_secret,
301 : m_rsp_secret_buffer, secured_message_context->hash_size);
302 1 : }
303 :
304 : /**
305 : * Test 3: receiving a correct KEY_UPDATE from the requester, but the
306 : * responder is in a Busy state.
307 : * Expected behavior: the responder accepts the request, but produces an
308 : * ERROR message indicating the Busy state. No keys are updated.
309 : **/
310 1 : static void rsp_key_update_ack_case3(void **state)
311 : {
312 : libspdm_return_t status;
313 : libspdm_test_context_t *spdm_test_context;
314 : libspdm_context_t *spdm_context;
315 : uint32_t session_id;
316 : libspdm_session_info_t *session_info;
317 : libspdm_secured_message_context_t *secured_message_context;
318 :
319 : size_t response_size;
320 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
321 : spdm_key_update_response_t *spdm_response;
322 :
323 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
324 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
325 :
326 1 : spdm_test_context = *state;
327 1 : spdm_context = spdm_test_context->spdm_context;
328 1 : spdm_test_context->case_id = 0x3;
329 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
330 : SPDM_VERSION_NUMBER_SHIFT_BIT;
331 :
332 1 : libspdm_set_standard_key_update_test_state(
333 : spdm_context, &session_id);
334 :
335 : /*busy state*/
336 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
337 :
338 1 : session_info = &spdm_context->session_info[0];
339 1 : secured_message_context = session_info->secured_message_context;
340 :
341 1 : libspdm_set_standard_key_update_test_secrets(
342 1 : session_info->secured_message_context,
343 : m_rsp_secret_buffer, (uint8_t)(0xFF),
344 : m_req_secret_buffer, (uint8_t)(0xEE));
345 :
346 : /*no keys are updated*/
347 :
348 1 : response_size = sizeof(response);
349 1 : status = libspdm_get_response_key_update(spdm_context,
350 : m_libspdm_key_update_request1_size,
351 : &m_libspdm_key_update_request1,
352 : &response_size, response);
353 :
354 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
355 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
356 1 : spdm_response = (void *)response;
357 1 : assert_int_equal(spdm_response->header.request_response_code,
358 : SPDM_ERROR);
359 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
360 1 : assert_int_equal(spdm_response->header.param2, 0);
361 1 : assert_int_equal(spdm_context->response_state,
362 : LIBSPDM_RESPONSE_STATE_BUSY);
363 1 : assert_memory_equal(secured_message_context
364 : ->application_secret.request_data_secret,
365 : m_req_secret_buffer, secured_message_context->hash_size);
366 1 : assert_memory_equal(secured_message_context
367 : ->application_secret.response_data_secret,
368 : m_rsp_secret_buffer, secured_message_context->hash_size);
369 1 : }
370 :
371 : /**
372 : * Test 4: receiving a correct KEY_UPDATE message from the requester, but
373 : * the responder requires resynchronization with the requester.
374 : * Expected behavior: the responder accepts the request, but produces an
375 : * ERROR message indicating the NeedResynch state. No keys are updated.
376 : **/
377 1 : static void rsp_key_update_ack_case4(void **state)
378 : {
379 : libspdm_return_t status;
380 : libspdm_test_context_t *spdm_test_context;
381 : libspdm_context_t *spdm_context;
382 : uint32_t session_id;
383 : libspdm_session_info_t *session_info;
384 : libspdm_secured_message_context_t *secured_message_context;
385 :
386 : size_t response_size;
387 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
388 : spdm_key_update_response_t *spdm_response;
389 :
390 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
391 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
392 :
393 1 : spdm_test_context = *state;
394 1 : spdm_context = spdm_test_context->spdm_context;
395 1 : spdm_test_context->case_id = 0x4;
396 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
397 : SPDM_VERSION_NUMBER_SHIFT_BIT;
398 :
399 1 : libspdm_set_standard_key_update_test_state(
400 : spdm_context, &session_id);
401 :
402 : /*need resync state*/
403 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
404 :
405 1 : session_info = &spdm_context->session_info[0];
406 1 : secured_message_context = session_info->secured_message_context;
407 :
408 1 : libspdm_set_standard_key_update_test_secrets(
409 1 : session_info->secured_message_context,
410 : m_rsp_secret_buffer, (uint8_t)(0xFF),
411 : m_req_secret_buffer, (uint8_t)(0xEE));
412 :
413 : /*no keys are updated*/
414 :
415 1 : response_size = sizeof(response);
416 1 : status = libspdm_get_response_key_update(spdm_context,
417 : m_libspdm_key_update_request1_size,
418 : &m_libspdm_key_update_request1,
419 : &response_size, response);
420 :
421 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
422 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
423 1 : spdm_response = (void *)response;
424 1 : assert_int_equal(spdm_response->header.request_response_code,
425 : SPDM_ERROR);
426 1 : assert_int_equal(spdm_response->header.param1,
427 : SPDM_ERROR_CODE_REQUEST_RESYNCH);
428 1 : assert_int_equal(spdm_response->header.param2, 0);
429 1 : assert_int_equal(spdm_context->response_state,
430 : LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
431 1 : assert_memory_equal(secured_message_context
432 : ->application_secret.request_data_secret,
433 : m_req_secret_buffer, secured_message_context->hash_size);
434 1 : assert_memory_equal(secured_message_context
435 : ->application_secret.response_data_secret,
436 : m_rsp_secret_buffer, secured_message_context->hash_size);
437 1 : }
438 :
439 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
440 : /**
441 : * Test 5: receiving a correct KEY_UPDATE from the requester, but the
442 : * responder could not produce the response in time.
443 : * Expected behavior: the responder accepts the request, but produces an
444 : * ERROR message indicating the ResponseNotReady state. No keys are
445 : * updated.
446 : **/
447 1 : static void rsp_key_update_ack_case5(void **state)
448 : {
449 : libspdm_return_t status;
450 : libspdm_test_context_t *spdm_test_context;
451 : libspdm_context_t *spdm_context;
452 : uint32_t session_id;
453 : libspdm_session_info_t *session_info;
454 : libspdm_secured_message_context_t *secured_message_context;
455 :
456 : size_t response_size;
457 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
458 : spdm_key_update_response_t *spdm_response;
459 : spdm_error_data_response_not_ready_t *error_data;
460 :
461 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
462 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
463 :
464 1 : spdm_test_context = *state;
465 1 : spdm_context = spdm_test_context->spdm_context;
466 1 : spdm_test_context->case_id = 0x5;
467 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
468 : SPDM_VERSION_NUMBER_SHIFT_BIT;
469 :
470 1 : libspdm_set_standard_key_update_test_state(
471 : spdm_context, &session_id);
472 :
473 : /*not ready state*/
474 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
475 :
476 1 : session_info = &spdm_context->session_info[0];
477 1 : secured_message_context = session_info->secured_message_context;
478 :
479 1 : libspdm_set_standard_key_update_test_secrets(
480 1 : session_info->secured_message_context,
481 : m_rsp_secret_buffer, (uint8_t)(0xFF),
482 : m_req_secret_buffer, (uint8_t)(0xEE));
483 :
484 : /*no keys are updated*/
485 :
486 1 : response_size = sizeof(response);
487 1 : status = libspdm_get_response_key_update(spdm_context,
488 : m_libspdm_key_update_request1_size,
489 : &m_libspdm_key_update_request1,
490 : &response_size, response);
491 :
492 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
493 1 : assert_int_equal(response_size,
494 : sizeof(spdm_error_response_t) +
495 : sizeof(spdm_error_data_response_not_ready_t));
496 1 : spdm_response = (void *)response;
497 1 : error_data =
498 : (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
499 1 : assert_int_equal(spdm_response->header.request_response_code,
500 : SPDM_ERROR);
501 1 : assert_int_equal(spdm_response->header.param1,
502 : SPDM_ERROR_CODE_RESPONSE_NOT_READY);
503 1 : assert_int_equal(spdm_response->header.param2, 0);
504 1 : assert_int_equal(spdm_context->response_state,
505 : LIBSPDM_RESPONSE_STATE_NOT_READY);
506 1 : assert_int_equal(error_data->request_code, SPDM_KEY_UPDATE);
507 1 : assert_memory_equal(secured_message_context
508 : ->application_secret.request_data_secret,
509 : m_req_secret_buffer, secured_message_context->hash_size);
510 1 : assert_memory_equal(secured_message_context
511 : ->application_secret.response_data_secret,
512 : m_rsp_secret_buffer, secured_message_context->hash_size);
513 1 : }
514 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
515 :
516 : /**
517 : * Test 6: receiving a correct KEY_UPDATE from the requester, but the
518 : * responder is not set no receive a FINISH message because previous messages
519 : * (namely, GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or GET_DIGESTS) have not
520 : * been received.
521 : * Expected behavior: the responder rejects the request, and produces an
522 : * ERROR message indicating the UnexpectedRequest. No keys are updated.
523 : **/
524 1 : static void rsp_key_update_ack_case6(void **state)
525 : {
526 : libspdm_return_t status;
527 : libspdm_test_context_t *spdm_test_context;
528 : libspdm_context_t *spdm_context;
529 : uint32_t session_id;
530 : libspdm_session_info_t *session_info;
531 : libspdm_secured_message_context_t *secured_message_context;
532 :
533 : size_t response_size;
534 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
535 : spdm_key_update_response_t *spdm_response;
536 :
537 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
538 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
539 :
540 1 : spdm_test_context = *state;
541 1 : spdm_context = spdm_test_context->spdm_context;
542 1 : spdm_test_context->case_id = 0x6;
543 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
544 : SPDM_VERSION_NUMBER_SHIFT_BIT;
545 :
546 1 : libspdm_set_standard_key_update_test_state(
547 : spdm_context, &session_id);
548 :
549 : /*not negotiated state*/
550 1 : spdm_context->connection_info.connection_state =
551 : LIBSPDM_CONNECTION_STATE_NOT_STARTED;
552 :
553 1 : session_info = &spdm_context->session_info[0];
554 1 : secured_message_context = session_info->secured_message_context;
555 :
556 1 : libspdm_set_standard_key_update_test_secrets(
557 1 : session_info->secured_message_context,
558 : m_rsp_secret_buffer, (uint8_t)(0xFF),
559 : m_req_secret_buffer, (uint8_t)(0xEE));
560 :
561 : /*no keys are updated*/
562 :
563 1 : response_size = sizeof(response);
564 1 : status = libspdm_get_response_key_update(spdm_context,
565 : m_libspdm_key_update_request1_size,
566 : &m_libspdm_key_update_request1,
567 : &response_size, response);
568 :
569 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
570 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
571 1 : spdm_response = (void *)response;
572 1 : assert_int_equal(spdm_response->header.request_response_code,
573 : SPDM_ERROR);
574 1 : assert_int_equal(spdm_response->header.param1,
575 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
576 1 : assert_int_equal(spdm_response->header.param2, 0);
577 1 : assert_memory_equal(secured_message_context
578 : ->application_secret.request_data_secret,
579 : m_req_secret_buffer, secured_message_context->hash_size);
580 1 : assert_memory_equal(secured_message_context
581 : ->application_secret.response_data_secret,
582 : m_rsp_secret_buffer, secured_message_context->hash_size);
583 1 : }
584 :
585 1 : static void rsp_key_update_ack_case7(void **state)
586 : {
587 : libspdm_return_t status;
588 : libspdm_test_context_t *spdm_test_context;
589 : libspdm_context_t *spdm_context;
590 : uint32_t session_id;
591 : libspdm_session_info_t *session_info;
592 : libspdm_secured_message_context_t *secured_message_context;
593 :
594 : size_t response_size;
595 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
596 : spdm_key_update_response_t *spdm_response;
597 :
598 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
599 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
600 :
601 1 : spdm_test_context = *state;
602 1 : spdm_context = spdm_test_context->spdm_context;
603 1 : spdm_test_context->case_id = 0x7;
604 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
605 : SPDM_VERSION_NUMBER_SHIFT_BIT;
606 :
607 1 : libspdm_set_standard_key_update_test_state(
608 : spdm_context, &session_id);
609 :
610 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
611 : /*"filling" buffers*/
612 : spdm_context->transcript.message_m.buffer_size =
613 : spdm_context->transcript.message_m.max_buffer_size;
614 : spdm_context->transcript.message_b.buffer_size =
615 : spdm_context->transcript.message_b.max_buffer_size;
616 : spdm_context->transcript.message_c.buffer_size =
617 : spdm_context->transcript.message_c.max_buffer_size;
618 : spdm_context->transcript.message_mut_b.buffer_size =
619 : spdm_context->transcript.message_mut_b.max_buffer_size;
620 : spdm_context->transcript.message_mut_c.buffer_size =
621 : spdm_context->transcript.message_mut_c.max_buffer_size;
622 : #endif
623 :
624 1 : session_info = &spdm_context->session_info[0];
625 1 : secured_message_context = session_info->secured_message_context;
626 :
627 1 : libspdm_set_standard_key_update_test_secrets(
628 1 : session_info->secured_message_context,
629 : m_rsp_secret_buffer, (uint8_t)(0xFF),
630 : m_req_secret_buffer, (uint8_t)(0xEE));
631 :
632 : /*request side updated*/
633 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
634 : secured_message_context->hash_size,
635 : m_req_secret_buffer, m_req_secret_buffer,
636 : secured_message_context->hash_size);
637 : /*response side *not* updated*/
638 :
639 1 : response_size = sizeof(response);
640 1 : status = libspdm_get_response_key_update(spdm_context,
641 : m_libspdm_key_update_request1_size,
642 : &m_libspdm_key_update_request1,
643 : &response_size, response);
644 :
645 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
646 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
647 1 : spdm_response = (void *)response;
648 1 : assert_int_equal(spdm_response->header.request_response_code,
649 : SPDM_KEY_UPDATE_ACK);
650 1 : assert_int_equal(spdm_response->header.param1,
651 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
652 1 : assert_int_equal(spdm_response->header.param2,
653 : m_libspdm_key_update_request1.header.param2);
654 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
655 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
656 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
657 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
658 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
659 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
660 : #endif
661 1 : assert_memory_equal(secured_message_context
662 : ->application_secret.request_data_secret,
663 : m_req_secret_buffer, secured_message_context->hash_size);
664 1 : assert_memory_equal(secured_message_context
665 : ->application_secret.response_data_secret,
666 : m_rsp_secret_buffer, secured_message_context->hash_size);
667 1 : }
668 :
669 : /**
670 : * Test 8: receiving a correct KEY_UPDATE message from the requester, but the
671 : * responder has no capabilities for key update.
672 : * Expected behavior: the responder refuses the KEY_UPDATE message and
673 : * produces an ERROR message indicating the UnsupportedRequest. No keys are
674 : * updated.
675 : **/
676 1 : static void rsp_key_update_ack_case8(void **state)
677 : {
678 : libspdm_return_t status;
679 : libspdm_test_context_t *spdm_test_context;
680 : libspdm_context_t *spdm_context;
681 : uint32_t session_id;
682 : libspdm_session_info_t *session_info;
683 : libspdm_secured_message_context_t *secured_message_context;
684 :
685 : size_t response_size;
686 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
687 : spdm_key_update_response_t *spdm_response;
688 :
689 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
690 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
691 :
692 1 : spdm_test_context = *state;
693 1 : spdm_context = spdm_test_context->spdm_context;
694 1 : spdm_test_context->case_id = 0x8;
695 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
696 : SPDM_VERSION_NUMBER_SHIFT_BIT;
697 :
698 1 : libspdm_set_standard_key_update_test_state(
699 : spdm_context, &session_id);
700 :
701 : /*no capabilities*/
702 1 : spdm_context->connection_info.capability.flags &=
703 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_UPD_CAP;
704 1 : spdm_context->local_context.capability.flags &=
705 : ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_UPD_CAP;
706 :
707 1 : session_info = &spdm_context->session_info[0];
708 1 : secured_message_context = session_info->secured_message_context;
709 :
710 1 : libspdm_set_standard_key_update_test_secrets(
711 1 : session_info->secured_message_context,
712 : m_rsp_secret_buffer, (uint8_t)(0xFF),
713 : m_req_secret_buffer, (uint8_t)(0xEE));
714 :
715 : /*no keys are updated*/
716 :
717 1 : response_size = sizeof(response);
718 1 : status = libspdm_get_response_key_update(spdm_context,
719 : m_libspdm_key_update_request1_size,
720 : &m_libspdm_key_update_request1,
721 : &response_size, response);
722 :
723 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
724 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
725 1 : spdm_response = (void *)response;
726 1 : assert_int_equal(spdm_response->header.request_response_code,
727 : SPDM_ERROR);
728 1 : assert_int_equal(spdm_response->header.param1,
729 : SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
730 1 : assert_int_equal(spdm_response->header.param2, SPDM_KEY_UPDATE);
731 1 : assert_memory_equal(secured_message_context
732 : ->application_secret.request_data_secret,
733 : m_req_secret_buffer, secured_message_context->hash_size);
734 1 : assert_memory_equal(secured_message_context
735 : ->application_secret.response_data_secret,
736 : m_rsp_secret_buffer, secured_message_context->hash_size);
737 1 : }
738 :
739 : /**
740 : * Test 9: receiving a correct KEY_UPDATE message from the requester, but the
741 : * responder is not correctly setup by not initializing a session during
742 : * KEY_EXCHANGE.
743 : * Expected behavior: the responder refuses the KEY_UPDATE message and produces
744 : * an ERROR message indicating the UnsupportedRequest. No keys are updated.
745 : **/
746 1 : static void rsp_key_update_ack_case9(void **state)
747 : {
748 : libspdm_return_t status;
749 : libspdm_test_context_t *spdm_test_context;
750 : libspdm_context_t *spdm_context;
751 : uint32_t session_id;
752 : libspdm_session_info_t *session_info;
753 : libspdm_secured_message_context_t *secured_message_context;
754 :
755 : size_t response_size;
756 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
757 : spdm_key_update_response_t *spdm_response;
758 :
759 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
760 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
761 :
762 1 : spdm_test_context = *state;
763 1 : spdm_context = spdm_test_context->spdm_context;
764 1 : spdm_test_context->case_id = 0x9;
765 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
766 : SPDM_VERSION_NUMBER_SHIFT_BIT;
767 :
768 1 : libspdm_set_standard_key_update_test_state(
769 : spdm_context, &session_id);
770 :
771 1 : session_info = &spdm_context->session_info[0];
772 1 : secured_message_context = session_info->secured_message_context;
773 :
774 : /*uninitialized session*/
775 1 : libspdm_secured_message_set_session_state(
776 : session_info->secured_message_context,
777 : LIBSPDM_SESSION_STATE_NOT_STARTED);
778 :
779 1 : libspdm_set_standard_key_update_test_secrets(
780 1 : session_info->secured_message_context,
781 : m_rsp_secret_buffer, (uint8_t)(0xFF),
782 : m_req_secret_buffer, (uint8_t)(0xEE));
783 :
784 : /*no keys are updated*/
785 :
786 1 : response_size = sizeof(response);
787 1 : status = libspdm_get_response_key_update(spdm_context,
788 : m_libspdm_key_update_request1_size,
789 : &m_libspdm_key_update_request1,
790 : &response_size, response);
791 :
792 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
793 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
794 1 : spdm_response = (void *)response;
795 1 : assert_int_equal(spdm_response->header.request_response_code,
796 : SPDM_ERROR);
797 1 : assert_int_equal(spdm_response->header.param1,
798 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
799 1 : assert_int_equal(spdm_response->header.param2, 0);
800 1 : assert_memory_equal(secured_message_context
801 : ->application_secret.request_data_secret,
802 : m_req_secret_buffer, secured_message_context->hash_size);
803 1 : assert_memory_equal(secured_message_context
804 : ->application_secret.response_data_secret,
805 : m_rsp_secret_buffer, secured_message_context->hash_size);
806 1 : }
807 :
808 : /**
809 : * Test 10: receiving a correct KEY_UPDATE message from the requester with
810 : * the UpdateAllKeys operation.
811 : * Expected behavior: the responder accepts the request, produces a valid
812 : * KEY_UPDATE_ACK response message, and both the request data key and the
813 : * response data key are updated.
814 : **/
815 1 : static void rsp_key_update_ack_case10(void **state)
816 : {
817 : libspdm_return_t status;
818 : libspdm_test_context_t *spdm_test_context;
819 : libspdm_context_t *spdm_context;
820 : uint32_t session_id;
821 : libspdm_session_info_t *session_info;
822 : libspdm_secured_message_context_t *secured_message_context;
823 :
824 : size_t response_size;
825 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
826 : spdm_key_update_response_t *spdm_response;
827 :
828 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
829 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
830 :
831 1 : spdm_test_context = *state;
832 1 : spdm_context = spdm_test_context->spdm_context;
833 1 : spdm_test_context->case_id = 0xA;
834 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
835 : SPDM_VERSION_NUMBER_SHIFT_BIT;
836 :
837 1 : libspdm_set_standard_key_update_test_state(
838 : spdm_context, &session_id);
839 :
840 1 : session_info = &spdm_context->session_info[0];
841 1 : secured_message_context = session_info->secured_message_context;
842 :
843 1 : libspdm_set_standard_key_update_test_secrets(
844 1 : session_info->secured_message_context,
845 : m_rsp_secret_buffer, (uint8_t)(0xFF),
846 : m_req_secret_buffer, (uint8_t)(0xEE));
847 :
848 : /*request side updated*/
849 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
850 : secured_message_context->hash_size,
851 : m_req_secret_buffer, m_req_secret_buffer,
852 : secured_message_context->hash_size);
853 : /*response side updated*/
854 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
855 : secured_message_context->hash_size,
856 : m_rsp_secret_buffer, m_rsp_secret_buffer,
857 : secured_message_context->hash_size);
858 :
859 1 : response_size = sizeof(response);
860 1 : status = libspdm_get_response_key_update(spdm_context,
861 : m_libspdm_key_update_request3_size,
862 : &m_libspdm_key_update_request3,
863 : &response_size, response);
864 :
865 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
866 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
867 1 : spdm_response = (void *)response;
868 1 : assert_int_equal(spdm_response->header.request_response_code,
869 : SPDM_KEY_UPDATE_ACK);
870 1 : assert_int_equal(spdm_response->header.param1,
871 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS);
872 1 : assert_int_equal(spdm_response->header.param2,
873 : m_libspdm_key_update_request3.header.param2);
874 1 : assert_memory_equal(secured_message_context
875 : ->application_secret.request_data_secret,
876 : m_req_secret_buffer, secured_message_context->hash_size);
877 1 : assert_memory_equal(secured_message_context
878 : ->application_secret.response_data_secret,
879 : m_rsp_secret_buffer, secured_message_context->hash_size);
880 1 : }
881 :
882 : /**
883 : * Test 11: receiving a KEY_UPDATE message larger than specified, with the
884 : * UpdateAllKeys operation.
885 : * Expected behavior: the responder refuses the KEY_UPDATE message and
886 : * produces an ERROR message indicating the InvalidRequest. No keys
887 : * are updated.
888 : **/
889 1 : static void rsp_key_update_ack_case11(void **state)
890 : {
891 : libspdm_return_t status;
892 : libspdm_test_context_t *spdm_test_context;
893 : libspdm_context_t *spdm_context;
894 : uint32_t session_id;
895 : libspdm_session_info_t *session_info;
896 : libspdm_secured_message_context_t *secured_message_context;
897 :
898 : size_t response_size;
899 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
900 : spdm_key_update_response_t *spdm_response;
901 :
902 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
903 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
904 :
905 1 : spdm_test_context = *state;
906 1 : spdm_context = spdm_test_context->spdm_context;
907 1 : spdm_test_context->case_id = 0xB;
908 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
909 : SPDM_VERSION_NUMBER_SHIFT_BIT;
910 :
911 1 : libspdm_set_standard_key_update_test_state(
912 : spdm_context, &session_id);
913 :
914 1 : session_info = &spdm_context->session_info[0];
915 1 : secured_message_context = session_info->secured_message_context;
916 :
917 1 : libspdm_set_standard_key_update_test_secrets(
918 1 : session_info->secured_message_context,
919 : m_rsp_secret_buffer, (uint8_t)(0xFF),
920 : m_req_secret_buffer, (uint8_t)(0xEE));
921 :
922 : /*no keys are updated*/
923 :
924 1 : response_size = sizeof(response);
925 1 : status = libspdm_get_response_key_update(spdm_context,
926 : m_libspdm_key_update_request4_size,
927 : &m_libspdm_key_update_request4,
928 : &response_size, response);
929 :
930 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
931 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
932 1 : spdm_response = (void *)response;
933 1 : assert_int_equal(spdm_response->header.request_response_code,
934 : SPDM_ERROR);
935 1 : assert_int_equal(spdm_response->header.param1,
936 : SPDM_ERROR_CODE_INVALID_REQUEST);
937 1 : assert_int_equal(spdm_response->header.param2, 0);
938 1 : assert_memory_equal(secured_message_context
939 : ->application_secret.request_data_secret,
940 : m_req_secret_buffer, secured_message_context->hash_size);
941 1 : assert_memory_equal(secured_message_context
942 : ->application_secret.response_data_secret,
943 : m_rsp_secret_buffer, secured_message_context->hash_size);
944 1 : }
945 :
946 : /**
947 : * Test 12: receiving a correct KEY_UPDATE message from the requester with
948 : * the VerifyNewKey operation. The responder is setup as if a valid
949 : * KEY_UPDATE request with the UpdateKey has been previously received.
950 : * Expected behavior: the responder accepts the request, produces a valid
951 : * KEY_UPDATE_ACK response message, and the request data key is updated.
952 : **/
953 1 : static void rsp_key_update_ack_case12(void **state)
954 : {
955 : libspdm_return_t status;
956 : libspdm_test_context_t *spdm_test_context;
957 : libspdm_context_t *spdm_context;
958 : uint32_t session_id;
959 : libspdm_session_info_t *session_info;
960 : libspdm_secured_message_context_t *secured_message_context;
961 :
962 : size_t response_size;
963 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
964 : spdm_key_update_response_t *spdm_response;
965 :
966 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
967 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
968 :
969 1 : spdm_test_context = *state;
970 1 : spdm_context = spdm_test_context->spdm_context;
971 1 : spdm_test_context->case_id = 0xC;
972 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
973 : SPDM_VERSION_NUMBER_SHIFT_BIT;
974 :
975 1 : libspdm_set_standard_key_update_test_state(
976 : spdm_context, &session_id);
977 :
978 1 : session_info = &spdm_context->session_info[0];
979 1 : secured_message_context = session_info->secured_message_context;
980 :
981 1 : libspdm_set_standard_key_update_test_secrets(
982 1 : session_info->secured_message_context,
983 : m_rsp_secret_buffer, (uint8_t)(0xFF),
984 : m_req_secret_buffer, (uint8_t)(0xEE));
985 :
986 : /*last request: UpdateKey*/
987 1 : session_info->last_key_update_request = m_libspdm_key_update_request1;
988 :
989 : /*mocked major secret update*/
990 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
991 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
992 1 : &secured_message_context->application_secret.request_data_secret,
993 : LIBSPDM_MAX_HASH_SIZE);
994 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
995 : secured_message_context->hash_size,
996 : secured_message_context->application_secret
997 1 : .request_data_secret,
998 : secured_message_context->application_secret
999 1 : .request_data_secret,
1000 : secured_message_context->hash_size);
1001 :
1002 : /*request side updated*/
1003 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1004 : secured_message_context->hash_size,
1005 : m_req_secret_buffer, m_req_secret_buffer,
1006 : secured_message_context->hash_size);
1007 : /*response side *not* updated*/
1008 :
1009 1 : response_size = sizeof(response);
1010 1 : status = libspdm_get_response_key_update(spdm_context,
1011 : m_libspdm_key_update_request5_size,
1012 : &m_libspdm_key_update_request5,
1013 : &response_size, response);
1014 :
1015 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1016 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1017 1 : spdm_response = (void *)response;
1018 1 : assert_int_equal(spdm_response->header.request_response_code,
1019 : SPDM_KEY_UPDATE_ACK);
1020 1 : assert_int_equal(spdm_response->header.param1,
1021 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY);
1022 1 : assert_int_equal(spdm_response->header.param2,
1023 : m_libspdm_key_update_request5.header.param2);
1024 1 : assert_memory_equal(secured_message_context
1025 : ->application_secret.request_data_secret,
1026 : m_req_secret_buffer, secured_message_context->hash_size);
1027 1 : assert_memory_equal(secured_message_context
1028 : ->application_secret.response_data_secret,
1029 : m_rsp_secret_buffer, secured_message_context->hash_size);
1030 1 : }
1031 :
1032 : /**
1033 : * Test 13: receiving a KEY_UPDATE message larger than specified, with the
1034 : * VerifyNewKey operation. The responder is setup as if a valid KEY_UPDATE
1035 : * request with the UpdateKey has been previously received.
1036 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1037 : * produces an ERROR message indicating the InvalidRequest. The request
1038 : * data key is not rolled back to before the UpdateKey.
1039 : **/
1040 1 : static void rsp_key_update_ack_case13(void **state)
1041 : {
1042 : libspdm_return_t status;
1043 : libspdm_test_context_t *spdm_test_context;
1044 : libspdm_context_t *spdm_context;
1045 : uint32_t session_id;
1046 : libspdm_session_info_t *session_info;
1047 : libspdm_secured_message_context_t *secured_message_context;
1048 :
1049 : size_t response_size;
1050 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1051 : spdm_key_update_response_t *spdm_response;
1052 :
1053 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1054 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1055 :
1056 1 : spdm_test_context = *state;
1057 1 : spdm_context = spdm_test_context->spdm_context;
1058 1 : spdm_test_context->case_id = 0xD;
1059 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1060 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1061 :
1062 1 : libspdm_set_standard_key_update_test_state(
1063 : spdm_context, &session_id);
1064 :
1065 1 : session_info = &spdm_context->session_info[0];
1066 1 : secured_message_context = session_info->secured_message_context;
1067 :
1068 1 : libspdm_set_standard_key_update_test_secrets(
1069 1 : session_info->secured_message_context,
1070 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1071 : m_req_secret_buffer, (uint8_t)(0xEE));
1072 :
1073 : /*last request: UpdateKey*/
1074 1 : session_info->last_key_update_request = m_libspdm_key_update_request1;
1075 :
1076 : /*mocked major secret update*/
1077 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
1078 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
1079 1 : &secured_message_context->application_secret.request_data_secret,
1080 : LIBSPDM_MAX_HASH_SIZE);
1081 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1082 : secured_message_context->hash_size,
1083 : secured_message_context->application_secret
1084 1 : .request_data_secret,
1085 : secured_message_context->application_secret
1086 1 : .request_data_secret,
1087 : secured_message_context->hash_size);
1088 :
1089 : /*request side updated*/
1090 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1091 : secured_message_context->hash_size,
1092 : m_req_secret_buffer, m_req_secret_buffer,
1093 : secured_message_context->hash_size);
1094 : /*response side *not* updated*/
1095 :
1096 1 : response_size = sizeof(response);
1097 1 : status = libspdm_get_response_key_update(spdm_context,
1098 : m_libspdm_key_update_request6_size,
1099 : &m_libspdm_key_update_request6,
1100 : &response_size, response);
1101 :
1102 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1103 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1104 1 : spdm_response = (void *)response;
1105 1 : assert_int_equal(spdm_response->header.request_response_code,
1106 : SPDM_ERROR);
1107 1 : assert_int_equal(spdm_response->header.param1,
1108 : SPDM_ERROR_CODE_INVALID_REQUEST);
1109 1 : assert_int_equal(spdm_response->header.param2, 0);
1110 1 : assert_memory_equal(secured_message_context
1111 : ->application_secret.request_data_secret,
1112 : m_req_secret_buffer, secured_message_context->hash_size);
1113 1 : assert_memory_equal(secured_message_context
1114 : ->application_secret.response_data_secret,
1115 : m_rsp_secret_buffer, secured_message_context->hash_size);
1116 1 : }
1117 :
1118 : /**
1119 : * Test 14: receiving a correct KEY_UPDATE message from the requester with
1120 : * the VerifyNewKey operation. The responder is setup as if a valid
1121 : * KEY_UPDATE request with the UpdateAllKeys has been previously received.
1122 : * Expected behavior: the responder accepts the request, produces a valid
1123 : * KEY_UPDATE_ACK response message, and both the request data key and the
1124 : * response data key are updated.
1125 : **/
1126 1 : static void rsp_key_update_ack_case14(void **state)
1127 : {
1128 : libspdm_return_t status;
1129 : libspdm_test_context_t *spdm_test_context;
1130 : libspdm_context_t *spdm_context;
1131 : uint32_t session_id;
1132 : libspdm_session_info_t *session_info;
1133 : libspdm_secured_message_context_t *secured_message_context;
1134 :
1135 : size_t response_size;
1136 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1137 : spdm_key_update_response_t *spdm_response;
1138 :
1139 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1140 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1141 :
1142 1 : spdm_test_context = *state;
1143 1 : spdm_context = spdm_test_context->spdm_context;
1144 1 : spdm_test_context->case_id = 0xE;
1145 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1146 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1147 :
1148 1 : libspdm_set_standard_key_update_test_state(
1149 : spdm_context, &session_id);
1150 :
1151 1 : session_info = &spdm_context->session_info[0];
1152 1 : secured_message_context = session_info->secured_message_context;
1153 :
1154 1 : libspdm_set_standard_key_update_test_secrets(
1155 1 : session_info->secured_message_context,
1156 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1157 : m_req_secret_buffer, (uint8_t)(0xEE));
1158 :
1159 : /*last request: UpdateallKeys*/
1160 1 : session_info->last_key_update_request = m_libspdm_key_update_request3;
1161 :
1162 : /*mocked major secret update*/
1163 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
1164 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
1165 1 : &secured_message_context->application_secret.request_data_secret,
1166 : LIBSPDM_MAX_HASH_SIZE);
1167 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.response_data_secret,
1168 : sizeof(secured_message_context->application_secret_backup.response_data_secret),
1169 1 : &secured_message_context->application_secret.response_data_secret,
1170 : LIBSPDM_MAX_HASH_SIZE);
1171 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1172 : secured_message_context->hash_size,
1173 : secured_message_context->application_secret
1174 1 : .request_data_secret,
1175 : secured_message_context->application_secret
1176 1 : .request_data_secret,
1177 : secured_message_context->hash_size);
1178 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1179 : secured_message_context->hash_size,
1180 : secured_message_context->application_secret
1181 1 : .response_data_secret,
1182 : secured_message_context->application_secret
1183 1 : .response_data_secret,
1184 : secured_message_context->hash_size);
1185 :
1186 : /*request side updated*/
1187 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1188 : secured_message_context->hash_size,
1189 : m_req_secret_buffer, m_req_secret_buffer,
1190 : secured_message_context->hash_size);
1191 : /*response side updated*/
1192 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1193 : secured_message_context->hash_size,
1194 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1195 : secured_message_context->hash_size);
1196 :
1197 1 : response_size = sizeof(response);
1198 1 : status = libspdm_get_response_key_update(spdm_context,
1199 : m_libspdm_key_update_request5_size,
1200 : &m_libspdm_key_update_request5,
1201 : &response_size, response);
1202 :
1203 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1204 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1205 1 : spdm_response = (void *)response;
1206 1 : assert_int_equal(spdm_response->header.request_response_code,
1207 : SPDM_KEY_UPDATE_ACK);
1208 1 : assert_int_equal(spdm_response->header.param1,
1209 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY);
1210 1 : assert_int_equal(spdm_response->header.param2,
1211 : m_libspdm_key_update_request5.header.param2);
1212 1 : assert_memory_equal(secured_message_context
1213 : ->application_secret.request_data_secret,
1214 : m_req_secret_buffer, secured_message_context->hash_size);
1215 1 : assert_memory_equal(secured_message_context
1216 : ->application_secret.response_data_secret,
1217 : m_rsp_secret_buffer, secured_message_context->hash_size);
1218 1 : }
1219 :
1220 : /**
1221 : * Test 15: receiving a KEY_UPDATE message larger than specified, with the
1222 : * VerifyNewKey operation. The responder is setup as if a valid KEY_UPDATE
1223 : * request with the UpdateAllKeys has been previously received.
1224 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1225 : * produces an ERROR message indicating the InvalidRequest. Neither the
1226 : * request data key nor the response data key are rolled back to before
1227 : * the UpdateAllKeys.
1228 : **/
1229 1 : static void rsp_key_update_ack_case15(void **state)
1230 : {
1231 : libspdm_return_t status;
1232 : libspdm_test_context_t *spdm_test_context;
1233 : libspdm_context_t *spdm_context;
1234 : uint32_t session_id;
1235 : libspdm_session_info_t *session_info;
1236 : libspdm_secured_message_context_t *secured_message_context;
1237 :
1238 : size_t response_size;
1239 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1240 : spdm_key_update_response_t *spdm_response;
1241 :
1242 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1243 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1244 :
1245 1 : spdm_test_context = *state;
1246 1 : spdm_context = spdm_test_context->spdm_context;
1247 1 : spdm_test_context->case_id = 0xF;
1248 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1249 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1250 :
1251 1 : libspdm_set_standard_key_update_test_state(
1252 : spdm_context, &session_id);
1253 :
1254 1 : session_info = &spdm_context->session_info[0];
1255 1 : secured_message_context = session_info->secured_message_context;
1256 :
1257 1 : libspdm_set_standard_key_update_test_secrets(
1258 1 : session_info->secured_message_context,
1259 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1260 : m_req_secret_buffer, (uint8_t)(0xEE));
1261 :
1262 : /*last request: UpdateAllKeys*/
1263 1 : session_info->last_key_update_request = m_libspdm_key_update_request3;
1264 :
1265 : /*mocked major secret update*/
1266 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
1267 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
1268 1 : &secured_message_context->application_secret.request_data_secret,
1269 : LIBSPDM_MAX_HASH_SIZE);
1270 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.response_data_secret,
1271 : sizeof(secured_message_context->application_secret_backup.response_data_secret),
1272 1 : &secured_message_context->application_secret.response_data_secret,
1273 : LIBSPDM_MAX_HASH_SIZE);
1274 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1275 : secured_message_context->hash_size,
1276 : secured_message_context->application_secret
1277 1 : .request_data_secret,
1278 : secured_message_context->application_secret
1279 1 : .request_data_secret,
1280 : secured_message_context->hash_size);
1281 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1282 : secured_message_context->hash_size,
1283 : secured_message_context->application_secret
1284 1 : .response_data_secret,
1285 : secured_message_context->application_secret
1286 1 : .response_data_secret,
1287 : secured_message_context->hash_size);
1288 :
1289 : /*request side updated*/
1290 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1291 : secured_message_context->hash_size,
1292 : m_req_secret_buffer, m_req_secret_buffer,
1293 : secured_message_context->hash_size);
1294 : /*response side updated*/
1295 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1296 : secured_message_context->hash_size,
1297 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1298 : secured_message_context->hash_size);
1299 :
1300 1 : response_size = sizeof(response);
1301 1 : status = libspdm_get_response_key_update(spdm_context,
1302 : m_libspdm_key_update_request6_size,
1303 : &m_libspdm_key_update_request6,
1304 : &response_size, response);
1305 :
1306 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1307 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1308 1 : spdm_response = (void *)response;
1309 1 : assert_int_equal(spdm_response->header.request_response_code,
1310 : SPDM_ERROR);
1311 1 : assert_int_equal(spdm_response->header.param1,
1312 : SPDM_ERROR_CODE_INVALID_REQUEST);
1313 1 : assert_int_equal(spdm_response->header.param2, 0);
1314 1 : assert_memory_equal(secured_message_context
1315 : ->application_secret.request_data_secret,
1316 : m_req_secret_buffer, secured_message_context->hash_size);
1317 1 : assert_memory_equal(secured_message_context
1318 : ->application_secret.response_data_secret,
1319 : m_rsp_secret_buffer, secured_message_context->hash_size);
1320 1 : }
1321 :
1322 : /**
1323 : * Test 16: receiving a invalid KEY_UPDATE message from the requester with
1324 : * the VerifyNewKey operation. The responder is setup as if no valid
1325 : * KEY_UPDATE request with either the UpdateKey or UpdateAllKeys has been
1326 : * previously received.
1327 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1328 : * produces an ERROR message indicating the InvalidRequest. No keys are
1329 : * updated.
1330 : **/
1331 1 : static void rsp_key_update_ack_case16(void **state)
1332 : {
1333 : libspdm_return_t status;
1334 : libspdm_test_context_t *spdm_test_context;
1335 : libspdm_context_t *spdm_context;
1336 : uint32_t session_id;
1337 : libspdm_session_info_t *session_info;
1338 : libspdm_secured_message_context_t *secured_message_context;
1339 :
1340 : size_t response_size;
1341 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1342 : spdm_key_update_response_t *spdm_response;
1343 :
1344 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1345 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1346 :
1347 1 : spdm_test_context = *state;
1348 1 : spdm_context = spdm_test_context->spdm_context;
1349 1 : spdm_test_context->case_id = 0x10;
1350 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1351 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1352 :
1353 1 : libspdm_set_standard_key_update_test_state(
1354 : spdm_context, &session_id);
1355 :
1356 1 : session_info = &spdm_context->session_info[0];
1357 1 : secured_message_context = session_info->secured_message_context;
1358 :
1359 1 : libspdm_set_standard_key_update_test_secrets(
1360 1 : session_info->secured_message_context,
1361 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1362 : m_req_secret_buffer, (uint8_t)(0xEE));
1363 :
1364 : /*no mocked major secret update*/
1365 :
1366 : /*no keys are updated*/
1367 :
1368 1 : response_size = sizeof(response);
1369 1 : status = libspdm_get_response_key_update(spdm_context,
1370 : m_libspdm_key_update_request5_size,
1371 : &m_libspdm_key_update_request5,
1372 : &response_size, response);
1373 :
1374 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1375 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1376 1 : spdm_response = (void *)response;
1377 1 : assert_int_equal(spdm_response->header.request_response_code,
1378 : SPDM_ERROR);
1379 1 : assert_int_equal(spdm_response->header.param1,
1380 : SPDM_ERROR_CODE_INVALID_REQUEST);
1381 1 : assert_int_equal(spdm_response->header.param2, 0);
1382 1 : assert_memory_equal(secured_message_context
1383 : ->application_secret.request_data_secret,
1384 : m_req_secret_buffer, secured_message_context->hash_size);
1385 1 : assert_memory_equal(secured_message_context
1386 : ->application_secret.response_data_secret,
1387 : m_rsp_secret_buffer, secured_message_context->hash_size);
1388 1 : }
1389 :
1390 : /**
1391 : * Test 17: UpdateKey + UpdateKey, last key operation is update key, current key operation is update key
1392 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1393 : * produces an ERROR message indicating the InvalidRequest. No keys are
1394 : * updated.
1395 : **/
1396 1 : static void rsp_key_update_ack_case17(void **state)
1397 : {
1398 : libspdm_return_t status;
1399 : libspdm_test_context_t *spdm_test_context;
1400 : libspdm_context_t *spdm_context;
1401 : uint32_t session_id;
1402 : libspdm_session_info_t *session_info;
1403 : libspdm_secured_message_context_t *secured_message_context;
1404 :
1405 : size_t response_size;
1406 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1407 : spdm_key_update_response_t *spdm_response;
1408 :
1409 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1410 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1411 :
1412 1 : spdm_test_context = *state;
1413 1 : spdm_context = spdm_test_context->spdm_context;
1414 1 : spdm_test_context->case_id = 0x11;
1415 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1416 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1417 :
1418 1 : libspdm_set_standard_key_update_test_state(
1419 : spdm_context, &session_id);
1420 :
1421 1 : session_info = &spdm_context->session_info[0];
1422 1 : secured_message_context = session_info->secured_message_context;
1423 :
1424 1 : libspdm_set_standard_key_update_test_secrets(
1425 1 : session_info->secured_message_context,
1426 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1427 : m_req_secret_buffer, (uint8_t)(0xEE));
1428 :
1429 : /*last request: UpdateKey*/
1430 1 : session_info->last_key_update_request = m_libspdm_key_update_request1;
1431 :
1432 : /*mocked major secret update*/
1433 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
1434 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
1435 1 : &secured_message_context->application_secret.request_data_secret,
1436 : LIBSPDM_MAX_HASH_SIZE);
1437 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1438 : secured_message_context->hash_size,
1439 : secured_message_context->application_secret
1440 1 : .request_data_secret,
1441 : secured_message_context->application_secret
1442 1 : .request_data_secret,
1443 : secured_message_context->hash_size);
1444 :
1445 : /*request side updated (once)*/
1446 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1447 : secured_message_context->hash_size,
1448 : m_req_secret_buffer, m_req_secret_buffer,
1449 : secured_message_context->hash_size);
1450 : /*response side *not* updated*/
1451 :
1452 1 : response_size = sizeof(response);
1453 1 : status = libspdm_get_response_key_update(spdm_context,
1454 : m_libspdm_key_update_request1_size,
1455 : &m_libspdm_key_update_request1,
1456 : &response_size, response);
1457 :
1458 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1459 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1460 1 : spdm_response = (void *)response;
1461 1 : assert_int_equal(spdm_response->header.request_response_code,
1462 : SPDM_ERROR);
1463 1 : assert_int_equal(spdm_response->header.param1,
1464 : SPDM_ERROR_CODE_INVALID_REQUEST);
1465 1 : }
1466 :
1467 : /**
1468 : * Test 18: UpdateKey + UpdateAllKeys, last key operation is update key, current key operation is update all key
1469 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1470 : * produces an ERROR message indicating the InvalidRequest. No keys are
1471 : * updated.
1472 : **/
1473 1 : static void rsp_key_update_ack_case18(void **state)
1474 : {
1475 : libspdm_return_t status;
1476 : libspdm_test_context_t *spdm_test_context;
1477 : libspdm_context_t *spdm_context;
1478 : uint32_t session_id;
1479 : libspdm_session_info_t *session_info;
1480 : libspdm_secured_message_context_t *secured_message_context;
1481 :
1482 : size_t response_size;
1483 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1484 : spdm_key_update_response_t *spdm_response;
1485 :
1486 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1487 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1488 :
1489 1 : spdm_test_context = *state;
1490 1 : spdm_context = spdm_test_context->spdm_context;
1491 1 : spdm_test_context->case_id = 0x12;
1492 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1493 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1494 :
1495 1 : libspdm_set_standard_key_update_test_state(
1496 : spdm_context, &session_id);
1497 :
1498 1 : session_info = &spdm_context->session_info[0];
1499 1 : secured_message_context = session_info->secured_message_context;
1500 :
1501 1 : libspdm_set_standard_key_update_test_secrets(
1502 1 : session_info->secured_message_context,
1503 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1504 : m_req_secret_buffer, (uint8_t)(0xEE));
1505 :
1506 : /*last request: UpdateKey*/
1507 1 : session_info->last_key_update_request = m_libspdm_key_update_request1;
1508 :
1509 : /*mocked major secret update*/
1510 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.request_data_secret,
1511 : sizeof(secured_message_context->application_secret_backup.request_data_secret),
1512 1 : &secured_message_context->application_secret.request_data_secret,
1513 : LIBSPDM_MAX_HASH_SIZE);
1514 1 : libspdm_copy_mem(&secured_message_context->application_secret_backup.response_data_secret,
1515 : sizeof(secured_message_context->application_secret_backup.response_data_secret),
1516 1 : &secured_message_context->application_secret.response_data_secret,
1517 : LIBSPDM_MAX_HASH_SIZE);
1518 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1519 : secured_message_context->hash_size,
1520 : secured_message_context->application_secret
1521 1 : .request_data_secret,
1522 : secured_message_context->application_secret
1523 1 : .request_data_secret,
1524 : secured_message_context->hash_size);
1525 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1526 : secured_message_context->hash_size,
1527 : secured_message_context->application_secret
1528 1 : .response_data_secret,
1529 : secured_message_context->application_secret
1530 1 : .response_data_secret,
1531 : secured_message_context->hash_size);
1532 :
1533 : /*request side updated (once)*/
1534 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1535 : secured_message_context->hash_size,
1536 : m_req_secret_buffer, m_req_secret_buffer,
1537 : secured_message_context->hash_size);
1538 : /*response side updated (once)*/
1539 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1540 : secured_message_context->hash_size,
1541 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1542 : secured_message_context->hash_size);
1543 :
1544 1 : response_size = sizeof(response);
1545 : /*UpdateAllKeys*/
1546 1 : status = libspdm_get_response_key_update(spdm_context,
1547 : m_libspdm_key_update_request3_size,
1548 : &m_libspdm_key_update_request3,
1549 : &response_size, response);
1550 :
1551 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1552 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1553 1 : spdm_response = (void *)response;
1554 1 : assert_int_equal(spdm_response->header.request_response_code,
1555 : SPDM_ERROR);
1556 1 : assert_int_equal(spdm_response->header.param1,
1557 : SPDM_ERROR_CODE_INVALID_REQUEST);
1558 1 : }
1559 :
1560 : /**
1561 : * Test 19:UpdateAllKeys + UpdateKey, last key operation is update all key, current key operation is update key
1562 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1563 : * produces an ERROR message indicating the InvalidRequest. No keys are
1564 : * updated.
1565 : **/
1566 1 : static void rsp_key_update_ack_case19(void **state)
1567 : {
1568 : libspdm_return_t status;
1569 : libspdm_test_context_t *spdm_test_context;
1570 : libspdm_context_t *spdm_context;
1571 : uint32_t session_id;
1572 : libspdm_session_info_t *session_info;
1573 :
1574 : size_t response_size;
1575 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1576 : spdm_key_update_response_t *spdm_response;
1577 :
1578 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1579 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1580 :
1581 1 : spdm_test_context = *state;
1582 1 : spdm_context = spdm_test_context->spdm_context;
1583 1 : spdm_test_context->case_id = 0x13;
1584 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1585 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1586 :
1587 1 : libspdm_set_standard_key_update_test_state(
1588 : spdm_context, &session_id);
1589 :
1590 1 : session_info = &spdm_context->session_info[0];
1591 :
1592 1 : libspdm_set_standard_key_update_test_secrets(
1593 1 : session_info->secured_message_context,
1594 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1595 : m_req_secret_buffer, (uint8_t)(0xEE));
1596 :
1597 : /*last request: UpdateAllKeys*/
1598 1 : session_info->last_key_update_request = m_libspdm_key_update_request3;
1599 :
1600 : /*UpdateKey*/
1601 1 : response_size = sizeof(response);
1602 1 : status = libspdm_get_response_key_update(spdm_context,
1603 : m_libspdm_key_update_request1_size,
1604 : &m_libspdm_key_update_request1,
1605 : &response_size, response);
1606 :
1607 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1608 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1609 1 : spdm_response = (void *)response;
1610 1 : assert_int_equal(spdm_response->header.request_response_code,
1611 : SPDM_ERROR);
1612 1 : assert_int_equal(spdm_response->header.param1,
1613 : SPDM_ERROR_CODE_INVALID_REQUEST);
1614 1 : }
1615 :
1616 : /**
1617 : * Test 20:UpdateAllKeys + UpdateALlKeys, last key operation is update all key, current key operation is update all key
1618 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1619 : * produces an ERROR message indicating the InvalidRequest. No keys are
1620 : * updated.
1621 : **/
1622 1 : static void rsp_key_update_ack_case20(void **state)
1623 : {
1624 : libspdm_return_t status;
1625 : libspdm_test_context_t *spdm_test_context;
1626 : libspdm_context_t *spdm_context;
1627 : uint32_t session_id;
1628 : libspdm_session_info_t *session_info;
1629 :
1630 : size_t response_size;
1631 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1632 : spdm_key_update_response_t *spdm_response;
1633 :
1634 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1635 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1636 :
1637 1 : spdm_test_context = *state;
1638 1 : spdm_context = spdm_test_context->spdm_context;
1639 1 : spdm_test_context->case_id = 0x14;
1640 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1641 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1642 :
1643 1 : libspdm_set_standard_key_update_test_state(
1644 : spdm_context, &session_id);
1645 :
1646 1 : session_info = &spdm_context->session_info[0];
1647 :
1648 1 : libspdm_set_standard_key_update_test_secrets(
1649 1 : session_info->secured_message_context,
1650 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1651 : m_req_secret_buffer, (uint8_t)(0xEE));
1652 :
1653 : /*last request: UpdateAllKeys*/
1654 1 : session_info->last_key_update_request = m_libspdm_key_update_request3;
1655 :
1656 : /*UpdateAllKeys*/
1657 1 : response_size = sizeof(response);
1658 1 : status = libspdm_get_response_key_update(spdm_context,
1659 : m_libspdm_key_update_request3_size,
1660 : &m_libspdm_key_update_request3,
1661 : &response_size, response);
1662 :
1663 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1664 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1665 1 : spdm_response = (void *)response;
1666 1 : assert_int_equal(spdm_response->header.request_response_code,
1667 : SPDM_ERROR);
1668 1 : assert_int_equal(spdm_response->header.param1,
1669 : SPDM_ERROR_CODE_INVALID_REQUEST);
1670 1 : }
1671 :
1672 : /**
1673 : * Test 21: :VerifyNewKey + UpdateKey, last key operation is verify key, current key operation is update key
1674 : * Expected behavior: the responder accepts the request, produces a valid
1675 : * KEY_UPDATE_ACK response message, and the request data key is updated.
1676 : **/
1677 1 : static void rsp_key_update_ack_case21(void **state)
1678 : {
1679 : libspdm_return_t status;
1680 : libspdm_test_context_t *spdm_test_context;
1681 : libspdm_context_t *spdm_context;
1682 : uint32_t session_id;
1683 : libspdm_session_info_t *session_info;
1684 : libspdm_secured_message_context_t *secured_message_context;
1685 :
1686 : size_t response_size;
1687 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1688 : spdm_key_update_response_t *spdm_response;
1689 :
1690 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1691 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1692 :
1693 1 : spdm_test_context = *state;
1694 1 : spdm_context = spdm_test_context->spdm_context;
1695 1 : spdm_test_context->case_id = 0x15;
1696 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1697 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1698 :
1699 1 : libspdm_set_standard_key_update_test_state(
1700 : spdm_context, &session_id);
1701 :
1702 1 : session_info = &spdm_context->session_info[0];
1703 1 : secured_message_context = session_info->secured_message_context;
1704 :
1705 1 : libspdm_set_standard_key_update_test_secrets(
1706 1 : session_info->secured_message_context,
1707 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1708 : m_req_secret_buffer, (uint8_t)(0xEE));
1709 :
1710 : /*request side updated*/
1711 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1712 : secured_message_context->hash_size,
1713 : m_req_secret_buffer, m_req_secret_buffer,
1714 : secured_message_context->hash_size);
1715 : /*response side *not* updated*/
1716 :
1717 : /*last request: verify new key*/
1718 1 : session_info->last_key_update_request = m_libspdm_key_update_request5;
1719 : /*verify new key clear last_key_update_request*/
1720 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
1721 :
1722 : /*updatekey*/
1723 1 : response_size = sizeof(response);
1724 1 : status = libspdm_get_response_key_update(spdm_context,
1725 : m_libspdm_key_update_request1_size,
1726 : &m_libspdm_key_update_request1,
1727 : &response_size, response);
1728 :
1729 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1730 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1731 1 : spdm_response = (void *)response;
1732 1 : assert_int_equal(spdm_response->header.request_response_code,
1733 : SPDM_KEY_UPDATE_ACK);
1734 1 : assert_int_equal(spdm_response->header.param1,
1735 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
1736 1 : assert_int_equal(spdm_response->header.param2,
1737 : m_libspdm_key_update_request1.header.param2);
1738 1 : assert_memory_equal(secured_message_context
1739 : ->application_secret.request_data_secret,
1740 : m_req_secret_buffer, secured_message_context->hash_size);
1741 1 : assert_memory_equal(secured_message_context
1742 : ->application_secret.response_data_secret,
1743 : m_rsp_secret_buffer, secured_message_context->hash_size);
1744 1 : }
1745 :
1746 : /**
1747 : * Test 22: :VerifyNewKey + UpdateAllKeys, last key operation is verify key, current key operation is update all key
1748 : * Expected behavior: the responder accepts the request, produces a valid
1749 : * KEY_UPDATE_ACK response message, and the request data key is updated.
1750 : **/
1751 1 : static void rsp_key_update_ack_case22(void **state)
1752 : {
1753 : libspdm_return_t status;
1754 : libspdm_test_context_t *spdm_test_context;
1755 : libspdm_context_t *spdm_context;
1756 : uint32_t session_id;
1757 : libspdm_session_info_t *session_info;
1758 : libspdm_secured_message_context_t *secured_message_context;
1759 :
1760 : size_t response_size;
1761 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1762 : spdm_key_update_response_t *spdm_response;
1763 :
1764 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1765 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1766 :
1767 1 : spdm_test_context = *state;
1768 1 : spdm_context = spdm_test_context->spdm_context;
1769 1 : spdm_test_context->case_id = 0x16;
1770 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1771 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1772 :
1773 1 : libspdm_set_standard_key_update_test_state(
1774 : spdm_context, &session_id);
1775 :
1776 1 : session_info = &spdm_context->session_info[0];
1777 1 : secured_message_context = session_info->secured_message_context;
1778 :
1779 1 : libspdm_set_standard_key_update_test_secrets(
1780 1 : session_info->secured_message_context,
1781 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1782 : m_req_secret_buffer, (uint8_t)(0xEE));
1783 :
1784 : /*request side updated*/
1785 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1786 : secured_message_context->hash_size,
1787 : m_req_secret_buffer, m_req_secret_buffer,
1788 : secured_message_context->hash_size);
1789 : /*response side updated*/
1790 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1791 : secured_message_context->hash_size,
1792 : m_rsp_secret_buffer, m_rsp_secret_buffer,
1793 : secured_message_context->hash_size);
1794 :
1795 : /*last request: verify new key*/
1796 1 : session_info->last_key_update_request = m_libspdm_key_update_request5;
1797 : /*clear last_key_update_request*/
1798 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
1799 :
1800 1 : response_size = sizeof(response);
1801 1 : status = libspdm_get_response_key_update(spdm_context,
1802 : m_libspdm_key_update_request3_size,
1803 : &m_libspdm_key_update_request3,
1804 : &response_size, response);
1805 :
1806 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1807 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1808 1 : spdm_response = (void *)response;
1809 1 : assert_int_equal(spdm_response->header.request_response_code,
1810 : SPDM_KEY_UPDATE_ACK);
1811 1 : assert_int_equal(spdm_response->header.param1,
1812 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS);
1813 1 : assert_int_equal(spdm_response->header.param2,
1814 : m_libspdm_key_update_request3.header.param2);
1815 1 : assert_memory_equal(secured_message_context
1816 : ->application_secret.request_data_secret,
1817 : m_req_secret_buffer, secured_message_context->hash_size);
1818 1 : assert_memory_equal(secured_message_context
1819 : ->application_secret.response_data_secret,
1820 : m_rsp_secret_buffer, secured_message_context->hash_size);
1821 1 : }
1822 :
1823 : /**
1824 : * Test 23: VerifyNewKey + VerifyNewKey, last key operation is verify key, current key operation is verify key
1825 : * Expected behavior: the responder refuses the KEY_UPDATE message and
1826 : * produces an ERROR message indicating the InvalidRequest. No keys are
1827 : * updated.
1828 : **/
1829 1 : static void rsp_key_update_ack_case23(void **state)
1830 : {
1831 : libspdm_return_t status;
1832 : libspdm_test_context_t *spdm_test_context;
1833 : libspdm_context_t *spdm_context;
1834 : uint32_t session_id;
1835 : libspdm_session_info_t *session_info;
1836 :
1837 : size_t response_size;
1838 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1839 : spdm_key_update_response_t *spdm_response;
1840 :
1841 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1842 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1843 :
1844 1 : spdm_test_context = *state;
1845 1 : spdm_context = spdm_test_context->spdm_context;
1846 1 : spdm_test_context->case_id = 0x17;
1847 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1848 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1849 :
1850 1 : libspdm_set_standard_key_update_test_state(
1851 : spdm_context, &session_id);
1852 :
1853 1 : session_info = &spdm_context->session_info[0];
1854 :
1855 1 : libspdm_set_standard_key_update_test_secrets(
1856 1 : session_info->secured_message_context,
1857 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1858 : m_req_secret_buffer, (uint8_t)(0xEE));
1859 :
1860 : /*last request: VerifyNewKey*/
1861 1 : session_info->last_key_update_request = m_libspdm_key_update_request5;
1862 : /*clear last_key_update_request*/
1863 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
1864 :
1865 : /*VerifyNewKey*/
1866 1 : response_size = sizeof(response);
1867 1 : status = libspdm_get_response_key_update(spdm_context,
1868 : m_libspdm_key_update_request5_size,
1869 : &m_libspdm_key_update_request5,
1870 : &response_size, response);
1871 :
1872 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1873 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1874 1 : spdm_response = (void *)response;
1875 1 : assert_int_equal(spdm_response->header.request_response_code,
1876 : SPDM_ERROR);
1877 1 : assert_int_equal(spdm_response->header.param1,
1878 : SPDM_ERROR_CODE_INVALID_REQUEST);
1879 1 : }
1880 :
1881 : /**
1882 : * Test 24: :other command + UpdateKey, last request is not key_update command, current key operation is update key
1883 : * Expected behavior: the responder accepts the request, produces a valid
1884 : * KEY_UPDATE_ACK response message, and the request data key is updated.
1885 : **/
1886 1 : static void rsp_key_update_ack_case24(void **state)
1887 : {
1888 : libspdm_return_t status;
1889 : libspdm_test_context_t *spdm_test_context;
1890 : libspdm_context_t *spdm_context;
1891 : uint32_t session_id;
1892 : libspdm_session_info_t *session_info;
1893 : libspdm_secured_message_context_t *secured_message_context;
1894 :
1895 : size_t response_size;
1896 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1897 : spdm_key_update_response_t *spdm_response;
1898 :
1899 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1900 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1901 :
1902 1 : spdm_test_context = *state;
1903 1 : spdm_context = spdm_test_context->spdm_context;
1904 1 : spdm_test_context->case_id = 0x18;
1905 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1906 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1907 :
1908 1 : libspdm_set_standard_key_update_test_state(
1909 : spdm_context, &session_id);
1910 :
1911 1 : session_info = &spdm_context->session_info[0];
1912 1 : secured_message_context = session_info->secured_message_context;
1913 :
1914 1 : libspdm_set_standard_key_update_test_secrets(
1915 1 : session_info->secured_message_context,
1916 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1917 : m_req_secret_buffer, (uint8_t)(0xEE));
1918 :
1919 : /*request side updated*/
1920 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1921 : secured_message_context->hash_size,
1922 : m_req_secret_buffer, m_req_secret_buffer,
1923 : secured_message_context->hash_size);
1924 : /*response side *not* updated*/
1925 :
1926 : /*other command with cleared last_key_update_request*/
1927 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
1928 :
1929 : /*updatekey*/
1930 1 : response_size = sizeof(response);
1931 1 : status = libspdm_get_response_key_update(spdm_context,
1932 : m_libspdm_key_update_request1_size,
1933 : &m_libspdm_key_update_request1,
1934 : &response_size, response);
1935 :
1936 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1937 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
1938 1 : spdm_response = (void *)response;
1939 1 : assert_int_equal(spdm_response->header.request_response_code,
1940 : SPDM_KEY_UPDATE_ACK);
1941 1 : assert_int_equal(spdm_response->header.param1,
1942 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_KEY);
1943 1 : assert_int_equal(spdm_response->header.param2,
1944 : m_libspdm_key_update_request1.header.param2);
1945 1 : assert_memory_equal(secured_message_context
1946 : ->application_secret.request_data_secret,
1947 : m_req_secret_buffer, secured_message_context->hash_size);
1948 1 : assert_memory_equal(secured_message_context
1949 : ->application_secret.response_data_secret,
1950 : m_rsp_secret_buffer, secured_message_context->hash_size);
1951 1 : }
1952 :
1953 : /**
1954 : * Test 25: :other command + UpdateAllKeys, last request is not key_update command, current key operation is update all key
1955 : * Expected behavior: the responder accepts the request, produces a valid
1956 : * KEY_UPDATE_ACK response message, and the request data key is updated.
1957 : **/
1958 1 : static void rsp_key_update_ack_case25(void **state)
1959 : {
1960 : libspdm_return_t status;
1961 : libspdm_test_context_t *spdm_test_context;
1962 : libspdm_context_t *spdm_context;
1963 : uint32_t session_id;
1964 : libspdm_session_info_t *session_info;
1965 : libspdm_secured_message_context_t *secured_message_context;
1966 :
1967 : size_t response_size;
1968 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1969 : spdm_key_update_response_t *spdm_response;
1970 :
1971 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1972 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
1973 :
1974 1 : spdm_test_context = *state;
1975 1 : spdm_context = spdm_test_context->spdm_context;
1976 1 : spdm_test_context->case_id = 0x19;
1977 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1978 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1979 :
1980 1 : libspdm_set_standard_key_update_test_state(
1981 : spdm_context, &session_id);
1982 :
1983 1 : session_info = &spdm_context->session_info[0];
1984 1 : secured_message_context = session_info->secured_message_context;
1985 :
1986 1 : libspdm_set_standard_key_update_test_secrets(
1987 1 : session_info->secured_message_context,
1988 : m_rsp_secret_buffer, (uint8_t)(0xFF),
1989 : m_req_secret_buffer, (uint8_t)(0xEE));
1990 :
1991 : /*request side updated*/
1992 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1993 : secured_message_context->hash_size,
1994 : m_req_secret_buffer, m_req_secret_buffer,
1995 : secured_message_context->hash_size);
1996 : /*response side updated*/
1997 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
1998 : secured_message_context->hash_size,
1999 : m_rsp_secret_buffer, m_rsp_secret_buffer,
2000 : secured_message_context->hash_size);
2001 :
2002 : /*other command with cleared last_key_update_request*/
2003 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
2004 :
2005 1 : response_size = sizeof(response);
2006 1 : status = libspdm_get_response_key_update(spdm_context,
2007 : m_libspdm_key_update_request3_size,
2008 : &m_libspdm_key_update_request3,
2009 : &response_size, response);
2010 :
2011 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2012 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
2013 1 : spdm_response = (void *)response;
2014 1 : assert_int_equal(spdm_response->header.request_response_code,
2015 : SPDM_KEY_UPDATE_ACK);
2016 1 : assert_int_equal(spdm_response->header.param1,
2017 : SPDM_KEY_UPDATE_OPERATIONS_TABLE_UPDATE_ALL_KEYS);
2018 1 : assert_int_equal(spdm_response->header.param2,
2019 : m_libspdm_key_update_request3.header.param2);
2020 1 : assert_memory_equal(secured_message_context
2021 : ->application_secret.request_data_secret,
2022 : m_req_secret_buffer, secured_message_context->hash_size);
2023 1 : assert_memory_equal(secured_message_context
2024 : ->application_secret.response_data_secret,
2025 : m_rsp_secret_buffer, secured_message_context->hash_size);
2026 1 : }
2027 :
2028 : /**
2029 : * Test 26: :other command + VerifyNewKey, last request is not key_update command, current key operation is verify key
2030 : * Expected behavior: the responder refuses the KEY_UPDATE message and
2031 : * produces an ERROR message indicating the InvalidRequest. No keys are
2032 : * updated.
2033 : **/
2034 1 : static void rsp_key_update_ack_case26(void **state)
2035 : {
2036 : libspdm_return_t status;
2037 : libspdm_test_context_t *spdm_test_context;
2038 : libspdm_context_t *spdm_context;
2039 : uint32_t session_id;
2040 : libspdm_session_info_t *session_info;
2041 : libspdm_secured_message_context_t *secured_message_context;
2042 :
2043 : size_t response_size;
2044 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2045 : spdm_key_update_response_t *spdm_response;
2046 :
2047 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
2048 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
2049 :
2050 1 : spdm_test_context = *state;
2051 1 : spdm_context = spdm_test_context->spdm_context;
2052 1 : spdm_test_context->case_id = 0x1A;
2053 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2054 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2055 :
2056 1 : libspdm_set_standard_key_update_test_state(
2057 : spdm_context, &session_id);
2058 :
2059 1 : session_info = &spdm_context->session_info[0];
2060 1 : secured_message_context = session_info->secured_message_context;
2061 :
2062 1 : libspdm_set_standard_key_update_test_secrets(
2063 1 : session_info->secured_message_context,
2064 : m_rsp_secret_buffer, (uint8_t)(0xFF),
2065 : m_req_secret_buffer, (uint8_t)(0xEE));
2066 :
2067 : /*request side updated*/
2068 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
2069 : secured_message_context->hash_size,
2070 : m_req_secret_buffer, m_req_secret_buffer,
2071 : secured_message_context->hash_size);
2072 : /*response side updated*/
2073 1 : libspdm_compute_secret_update(spdm_context->connection_info.version,
2074 : secured_message_context->hash_size,
2075 : m_rsp_secret_buffer, m_rsp_secret_buffer,
2076 : secured_message_context->hash_size);
2077 :
2078 : /*other command with cleared last_key_update_request*/
2079 1 : libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t));
2080 :
2081 : /*VerifyNewKey*/
2082 1 : response_size = sizeof(response);
2083 1 : status = libspdm_get_response_key_update(spdm_context,
2084 : m_libspdm_key_update_request5_size,
2085 : &m_libspdm_key_update_request5,
2086 : &response_size, response);
2087 :
2088 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2089 1 : assert_int_equal(response_size, sizeof(spdm_key_update_response_t));
2090 1 : spdm_response = (void *)response;
2091 1 : assert_int_equal(spdm_response->header.request_response_code,
2092 : SPDM_ERROR);
2093 1 : assert_int_equal(spdm_response->header.param1,
2094 : SPDM_ERROR_CODE_INVALID_REQUEST);
2095 1 : }
2096 :
2097 : /**
2098 : * Test 27: receiving a KEY_UPDATE message with a reserved operation code.
2099 : * Expected behavior: the responder refuses the KEY_UPDATE message and
2100 : * produces an ERROR message indicating the InvalidRequest. No keys
2101 : * are updated.
2102 : **/
2103 1 : static void rsp_key_update_ack_case27(void **state)
2104 : {
2105 : libspdm_return_t status;
2106 : libspdm_test_context_t *spdm_test_context;
2107 : libspdm_context_t *spdm_context;
2108 : uint32_t session_id;
2109 : libspdm_session_info_t *session_info;
2110 : libspdm_secured_message_context_t *secured_message_context;
2111 :
2112 : size_t response_size;
2113 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
2114 : spdm_key_update_response_t *spdm_response;
2115 :
2116 : uint8_t m_req_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
2117 : uint8_t m_rsp_secret_buffer[LIBSPDM_MAX_HASH_SIZE];
2118 :
2119 1 : spdm_test_context = *state;
2120 1 : spdm_context = spdm_test_context->spdm_context;
2121 1 : spdm_test_context->case_id = 0x1B;
2122 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
2123 : SPDM_VERSION_NUMBER_SHIFT_BIT;
2124 :
2125 1 : libspdm_set_standard_key_update_test_state(
2126 : spdm_context, &session_id);
2127 :
2128 1 : session_info = &spdm_context->session_info[0];
2129 1 : secured_message_context = session_info->secured_message_context;
2130 :
2131 1 : libspdm_set_standard_key_update_test_secrets(
2132 1 : session_info->secured_message_context,
2133 : m_rsp_secret_buffer, (uint8_t)(0xFF),
2134 : m_req_secret_buffer, (uint8_t)(0xEE));
2135 :
2136 : /*no keys are updated*/
2137 :
2138 1 : response_size = sizeof(response);
2139 1 : status = libspdm_get_response_key_update(spdm_context,
2140 : m_libspdm_key_update_request10_size,
2141 : &m_libspdm_key_update_request10,
2142 : &response_size, response);
2143 :
2144 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
2145 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
2146 1 : spdm_response = (void *)response;
2147 1 : assert_int_equal(spdm_response->header.request_response_code,
2148 : SPDM_ERROR);
2149 1 : assert_int_equal(spdm_response->header.param1,
2150 : SPDM_ERROR_CODE_INVALID_REQUEST);
2151 1 : assert_int_equal(spdm_response->header.param2, 0);
2152 1 : assert_memory_equal(secured_message_context
2153 : ->application_secret.request_data_secret,
2154 : m_req_secret_buffer, secured_message_context->hash_size);
2155 1 : assert_memory_equal(secured_message_context
2156 : ->application_secret.response_data_secret,
2157 : m_rsp_secret_buffer, secured_message_context->hash_size);
2158 1 : }
2159 :
2160 1 : int libspdm_rsp_key_update_ack_test(void)
2161 : {
2162 1 : const struct CMUnitTest test_cases[] = {
2163 : /* Success Case -- UpdateKey*/
2164 : cmocka_unit_test(rsp_key_update_ack_case1),
2165 : /* Bad request size*/
2166 : cmocka_unit_test(rsp_key_update_ack_case2),
2167 : /* response_state: SPDM_RESPONSE_STATE_BUSY*/
2168 : cmocka_unit_test(rsp_key_update_ack_case3),
2169 : /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
2170 : cmocka_unit_test(rsp_key_update_ack_case4),
2171 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
2172 : /* response_state: SPDM_RESPONSE_STATE_NOT_READY*/
2173 : cmocka_unit_test(rsp_key_update_ack_case5),
2174 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
2175 : /* connection_state Check*/
2176 : cmocka_unit_test(rsp_key_update_ack_case6),
2177 : /* Buffer reset*/
2178 : cmocka_unit_test(rsp_key_update_ack_case7),
2179 : /* Unsupported KEY_UPD capabilities*/
2180 : cmocka_unit_test(rsp_key_update_ack_case8),
2181 : /* Uninitialized session*/
2182 : cmocka_unit_test(rsp_key_update_ack_case9),
2183 : /* Success Case -- UpdateAllKeys*/
2184 : cmocka_unit_test(rsp_key_update_ack_case10),
2185 : /* Bad request size*/
2186 : cmocka_unit_test(rsp_key_update_ack_case11),
2187 : /* UpdateKey + VerifyNewKey: Success*/
2188 : cmocka_unit_test(rsp_key_update_ack_case12),
2189 : /* Bad request size*/
2190 : cmocka_unit_test(rsp_key_update_ack_case13),
2191 : /* UpdateALLKeys + VerifyNewKey: Success*/
2192 : cmocka_unit_test(rsp_key_update_ack_case14),
2193 : /* Bad request size*/
2194 : cmocka_unit_test(rsp_key_update_ack_case15),
2195 : /* Uninitialized key update*/
2196 : cmocka_unit_test(rsp_key_update_ack_case16),
2197 : /* UpdateKey + UpdateKey: failed*/
2198 : cmocka_unit_test(rsp_key_update_ack_case17),
2199 : /* UpdateKey + UpdateAllKeys: failed*/
2200 : cmocka_unit_test(rsp_key_update_ack_case18),
2201 : /* UpdateALLKeys + UpdateKey: failed*/
2202 : cmocka_unit_test(rsp_key_update_ack_case19),
2203 : /* UpdateALLKeys + UpdateALLKeys: failed*/
2204 : cmocka_unit_test(rsp_key_update_ack_case20),
2205 : /* VerifyNewKey + UpdateKey: success*/
2206 : cmocka_unit_test(rsp_key_update_ack_case21),
2207 : /* VerifyNewKey + UpdateAllKeys: success*/
2208 : cmocka_unit_test(rsp_key_update_ack_case22),
2209 : /* VerifyNewKey + VerifyNewKey: failed*/
2210 : cmocka_unit_test(rsp_key_update_ack_case23),
2211 : /* other command + UpdateKey: success*/
2212 : cmocka_unit_test(rsp_key_update_ack_case24),
2213 : /* other command + UpdateAllKeys: success*/
2214 : cmocka_unit_test(rsp_key_update_ack_case25),
2215 : /* other command + VerifyNewKey: failed*/
2216 : cmocka_unit_test(rsp_key_update_ack_case26),
2217 : /* Invalid operation,other key_update operation: failed*/
2218 : cmocka_unit_test(rsp_key_update_ack_case27),
2219 : };
2220 :
2221 1 : libspdm_test_context_t test_context = {
2222 : LIBSPDM_TEST_CONTEXT_VERSION,
2223 : false,
2224 : };
2225 :
2226 1 : libspdm_setup_test_context(&test_context);
2227 :
2228 1 : return cmocka_run_group_tests(test_cases,
2229 : libspdm_unit_test_group_setup,
2230 : libspdm_unit_test_group_teardown);
2231 : }
2232 :
2233 : #endif /* (LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP) || (LIBSPDM_ENABLE_CAPABILITY_PSK_CAP) */
|