Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2022 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 : #include "internal/libspdm_secured_message_lib.h"
10 :
11 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
12 : #pragma pack(1)
13 : typedef struct {
14 : spdm_message_header_t header;
15 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
16 : } libspdm_psk_finish_request_mine_t;
17 : #pragma pack()
18 :
19 : static libspdm_th_managed_buffer_t th_curr;
20 :
21 : libspdm_psk_finish_request_mine_t m_libspdm_psk_finish_request1 = {
22 : { SPDM_MESSAGE_VERSION_11, SPDM_PSK_FINISH, 0, 0 },
23 : };
24 : size_t m_libspdm_psk_finish_request1_size = sizeof(m_libspdm_psk_finish_request1);
25 :
26 : libspdm_psk_finish_request_mine_t m_libspdm_psk_finish_request2 = {
27 : { SPDM_MESSAGE_VERSION_11, SPDM_PSK_FINISH, 0, 0 },
28 : };
29 : size_t m_libspdm_psk_finish_request2_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
30 :
31 : static uint8_t m_libspdm_dummy_buffer[LIBSPDM_MAX_HASH_SIZE];
32 :
33 14 : static void libspdm_secured_message_set_request_finished_key(
34 : void *spdm_secured_message_context, const void *key, size_t key_size)
35 : {
36 : libspdm_secured_message_context_t *secured_message_context;
37 :
38 14 : secured_message_context = spdm_secured_message_context;
39 14 : LIBSPDM_ASSERT(key_size == secured_message_context->hash_size);
40 14 : libspdm_copy_mem(secured_message_context->handshake_secret.request_finished_key,
41 : sizeof(secured_message_context->handshake_secret.request_finished_key),
42 : key, secured_message_context->hash_size);
43 14 : }
44 :
45 : /**
46 : * Test 1: receiving a correct PSK_FINISH message from the requester with a
47 : * correct MAC.
48 : * Expected behavior: the responder accepts the request and produces a valid
49 : * PSK_FINISH_RSP response message.
50 : **/
51 1 : void libspdm_test_responder_psk_finish_case1(void **state)
52 : {
53 : libspdm_return_t status;
54 : libspdm_test_context_t *spdm_test_context;
55 : libspdm_context_t *spdm_context;
56 : size_t response_size;
57 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
58 : spdm_psk_finish_response_t *spdm_response;
59 : void *data1;
60 : size_t data_size1;
61 : uint8_t *ptr;
62 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
63 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
64 : libspdm_session_info_t *session_info;
65 : uint32_t session_id;
66 : uint32_t hash_size;
67 : uint32_t hmac_size;
68 :
69 1 : spdm_test_context = *state;
70 1 : spdm_context = spdm_test_context->spdm_context;
71 1 : spdm_test_context->case_id = 0x1;
72 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
73 : SPDM_VERSION_NUMBER_SHIFT_BIT;
74 1 : spdm_context->connection_info.connection_state =
75 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
76 1 : spdm_context->connection_info.capability.flags |=
77 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
78 1 : spdm_context->local_context.capability.flags |=
79 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
80 1 : spdm_context->connection_info.algorithm.base_hash_algo =
81 : m_libspdm_use_hash_algo;
82 1 : spdm_context->connection_info.algorithm.base_asym_algo =
83 : m_libspdm_use_asym_algo;
84 1 : spdm_context->connection_info.algorithm.measurement_spec =
85 : m_libspdm_use_measurement_spec;
86 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
87 : m_libspdm_use_measurement_hash_algo;
88 1 : spdm_context->connection_info.algorithm.dhe_named_group =
89 : m_libspdm_use_dhe_algo;
90 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
91 : m_libspdm_use_aead_algo;
92 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
93 : m_libspdm_use_asym_algo, &data1,
94 : &data_size1, NULL, NULL);
95 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
96 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
97 : data_size1;
98 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
99 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
100 : data_size1;
101 :
102 1 : libspdm_reset_message_a(spdm_context);
103 1 : spdm_context->local_context.mut_auth_requested = 0;
104 :
105 1 : session_id = 0xFFFFFFFF;
106 1 : spdm_context->latest_session_id = session_id;
107 1 : spdm_context->last_spdm_request_session_id_valid = true;
108 1 : spdm_context->last_spdm_request_session_id = session_id;
109 1 : session_info = &spdm_context->session_info[0];
110 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
111 1 : libspdm_session_info_set_psk_hint(session_info,
112 : LIBSPDM_TEST_PSK_HINT_STRING,
113 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
114 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
115 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
116 1 : libspdm_secured_message_set_request_finished_key(
117 : session_info->secured_message_context, m_libspdm_dummy_buffer,
118 : hash_size);
119 1 : libspdm_secured_message_set_session_state(
120 : session_info->secured_message_context,
121 : LIBSPDM_SESSION_STATE_HANDSHAKING);
122 :
123 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
124 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
125 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
126 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
127 : /* transcript.message_a size is 0
128 : * session_transcript.message_k is 0*/
129 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
130 : sizeof(spdm_psk_finish_request_t));
131 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
132 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
133 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
134 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
135 : request_finished_key, hash_size, ptr);
136 1 : m_libspdm_psk_finish_request1_size =
137 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
138 1 : response_size = sizeof(response);
139 1 : status = libspdm_get_response_psk_finish(spdm_context,
140 : m_libspdm_psk_finish_request1_size,
141 : &m_libspdm_psk_finish_request1,
142 : &response_size, response);
143 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
144 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t));
145 1 : spdm_response = (void *)response;
146 1 : assert_int_equal(spdm_response->header.request_response_code,
147 : SPDM_PSK_FINISH_RSP);
148 1 : free(data1);
149 1 : }
150 :
151 : /**
152 : * Test 2: receiving a PSK_FINISH message larger than specified.
153 : * Expected behavior: the responder refuses the PSK_FINISH message and
154 : * produces an ERROR message indicating the InvalidRequest.
155 : **/
156 1 : void libspdm_test_responder_psk_finish_case2(void **state)
157 : {
158 : libspdm_return_t status;
159 : libspdm_test_context_t *spdm_test_context;
160 : libspdm_context_t *spdm_context;
161 : size_t response_size;
162 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
163 : spdm_psk_finish_response_t *spdm_response;
164 : void *data1;
165 : size_t data_size1;
166 : uint8_t *ptr;
167 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
168 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
169 : libspdm_session_info_t *session_info;
170 : uint32_t session_id;
171 : uint32_t hash_size;
172 :
173 1 : spdm_test_context = *state;
174 1 : spdm_context = spdm_test_context->spdm_context;
175 1 : spdm_test_context->case_id = 0x2;
176 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
177 : SPDM_VERSION_NUMBER_SHIFT_BIT;
178 1 : spdm_context->connection_info.connection_state =
179 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
180 1 : spdm_context->connection_info.capability.flags |=
181 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
182 1 : spdm_context->local_context.capability.flags |=
183 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
184 1 : spdm_context->connection_info.algorithm.base_hash_algo =
185 : m_libspdm_use_hash_algo;
186 1 : spdm_context->connection_info.algorithm.base_asym_algo =
187 : m_libspdm_use_asym_algo;
188 1 : spdm_context->connection_info.algorithm.measurement_spec =
189 : m_libspdm_use_measurement_spec;
190 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
191 : m_libspdm_use_measurement_hash_algo;
192 1 : spdm_context->connection_info.algorithm.dhe_named_group =
193 : m_libspdm_use_dhe_algo;
194 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
195 : m_libspdm_use_aead_algo;
196 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
197 : m_libspdm_use_asym_algo, &data1,
198 : &data_size1, NULL, NULL);
199 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
200 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
201 : data_size1;
202 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
203 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
204 : data_size1;
205 :
206 1 : libspdm_reset_message_a(spdm_context);
207 1 : spdm_context->local_context.mut_auth_requested = 0;
208 :
209 1 : session_id = 0xFFFFFFFF;
210 1 : spdm_context->latest_session_id = session_id;
211 1 : spdm_context->last_spdm_request_session_id_valid = true;
212 1 : spdm_context->last_spdm_request_session_id = session_id;
213 1 : session_info = &spdm_context->session_info[0];
214 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
215 1 : libspdm_session_info_set_psk_hint(session_info,
216 : LIBSPDM_TEST_PSK_HINT_STRING,
217 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
218 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
219 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
220 1 : libspdm_secured_message_set_request_finished_key(
221 : session_info->secured_message_context, m_libspdm_dummy_buffer,
222 : hash_size);
223 1 : libspdm_secured_message_set_session_state(
224 : session_info->secured_message_context,
225 : LIBSPDM_SESSION_STATE_HANDSHAKING);
226 :
227 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
228 1 : ptr = m_libspdm_psk_finish_request2.verify_data;
229 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
230 : /* transcript.message_a size is 0
231 : * session_transcript.message_k is 0*/
232 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request2,
233 : sizeof(spdm_psk_finish_request_t));
234 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
235 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
236 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
237 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
238 : request_finished_key, hash_size, ptr);
239 1 : response_size = sizeof(response);
240 1 : status = libspdm_get_response_psk_finish(spdm_context,
241 : m_libspdm_psk_finish_request2_size,
242 : &m_libspdm_psk_finish_request2,
243 : &response_size, response);
244 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
245 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
246 1 : spdm_response = (void *)response;
247 1 : assert_int_equal(spdm_response->header.request_response_code,
248 : SPDM_ERROR);
249 1 : assert_int_equal(spdm_response->header.param1,
250 : SPDM_ERROR_CODE_INVALID_REQUEST);
251 1 : assert_int_equal(spdm_response->header.param2, 0);
252 1 : free(data1);
253 1 : }
254 :
255 : /**
256 : * Test 3: receiving a correct PSK_FINISH from the requester, but the
257 : * responder is in a Busy state.
258 : * Expected behavior: the responder accepts the request, but produces an
259 : * ERROR message indicating the Busy state.
260 : **/
261 1 : void libspdm_test_responder_psk_finish_case3(void **state)
262 : {
263 : libspdm_return_t status;
264 : libspdm_test_context_t *spdm_test_context;
265 : libspdm_context_t *spdm_context;
266 : size_t response_size;
267 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
268 : spdm_psk_finish_response_t *spdm_response;
269 : void *data1;
270 : size_t data_size1;
271 : uint8_t *ptr;
272 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
273 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
274 : libspdm_session_info_t *session_info;
275 : uint32_t session_id;
276 : uint32_t hash_size;
277 : uint32_t hmac_size;
278 :
279 1 : spdm_test_context = *state;
280 1 : spdm_context = spdm_test_context->spdm_context;
281 1 : spdm_test_context->case_id = 0x3;
282 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
283 : SPDM_VERSION_NUMBER_SHIFT_BIT;
284 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
285 1 : spdm_context->connection_info.connection_state =
286 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
287 1 : spdm_context->connection_info.capability.flags |=
288 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
289 1 : spdm_context->local_context.capability.flags |=
290 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
291 1 : spdm_context->connection_info.algorithm.base_hash_algo =
292 : m_libspdm_use_hash_algo;
293 1 : spdm_context->connection_info.algorithm.base_asym_algo =
294 : m_libspdm_use_asym_algo;
295 1 : spdm_context->connection_info.algorithm.measurement_spec =
296 : m_libspdm_use_measurement_spec;
297 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
298 : m_libspdm_use_measurement_hash_algo;
299 1 : spdm_context->connection_info.algorithm.dhe_named_group =
300 : m_libspdm_use_dhe_algo;
301 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
302 : m_libspdm_use_aead_algo;
303 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
304 : m_libspdm_use_asym_algo, &data1,
305 : &data_size1, NULL, NULL);
306 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
307 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
308 : data_size1;
309 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
310 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
311 : data_size1;
312 :
313 1 : libspdm_reset_message_a(spdm_context);
314 1 : spdm_context->local_context.mut_auth_requested = 0;
315 :
316 1 : session_id = 0xFFFFFFFF;
317 1 : spdm_context->latest_session_id = session_id;
318 1 : spdm_context->last_spdm_request_session_id_valid = true;
319 1 : spdm_context->last_spdm_request_session_id = session_id;
320 1 : session_info = &spdm_context->session_info[0];
321 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
322 1 : libspdm_session_info_set_psk_hint(session_info,
323 : LIBSPDM_TEST_PSK_HINT_STRING,
324 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
325 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
326 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
327 1 : libspdm_secured_message_set_request_finished_key(
328 : session_info->secured_message_context, m_libspdm_dummy_buffer,
329 : hash_size);
330 1 : libspdm_secured_message_set_session_state(
331 : session_info->secured_message_context,
332 : LIBSPDM_SESSION_STATE_HANDSHAKING);
333 :
334 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
335 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
336 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
337 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
338 : /* transcript.message_a size is 0
339 : * session_transcript.message_k is 0*/
340 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
341 : sizeof(spdm_psk_finish_request_t));
342 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
343 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
344 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
345 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
346 : request_finished_key, hash_size, ptr);
347 1 : m_libspdm_psk_finish_request1_size =
348 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
349 1 : response_size = sizeof(response);
350 1 : status = libspdm_get_response_psk_finish(spdm_context,
351 : m_libspdm_psk_finish_request1_size,
352 : &m_libspdm_psk_finish_request1,
353 : &response_size, response);
354 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
355 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
356 1 : spdm_response = (void *)response;
357 1 : assert_int_equal(spdm_response->header.request_response_code,
358 : SPDM_ERROR);
359 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
360 1 : assert_int_equal(spdm_response->header.param2, 0);
361 1 : assert_int_equal(spdm_context->response_state,
362 : LIBSPDM_RESPONSE_STATE_BUSY);
363 1 : free(data1);
364 1 : }
365 :
366 : /**
367 : * Test 4: receiving a correct PSK_FINISH from the requester, but the
368 : * responder requires resynchronization with the requester.
369 : * Expected behavior: the responder accepts the request, but produces an
370 : * ERROR message indicating the NeedResynch state.
371 : **/
372 1 : void libspdm_test_responder_psk_finish_case4(void **state)
373 : {
374 : libspdm_return_t status;
375 : libspdm_test_context_t *spdm_test_context;
376 : libspdm_context_t *spdm_context;
377 : size_t response_size;
378 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
379 : spdm_psk_finish_response_t *spdm_response;
380 : void *data1;
381 : size_t data_size1;
382 : uint8_t *ptr;
383 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
384 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
385 : libspdm_session_info_t *session_info;
386 : uint32_t session_id;
387 : uint32_t hash_size;
388 : uint32_t hmac_size;
389 :
390 1 : spdm_test_context = *state;
391 1 : spdm_context = spdm_test_context->spdm_context;
392 1 : spdm_test_context->case_id = 0x4;
393 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
394 : SPDM_VERSION_NUMBER_SHIFT_BIT;
395 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
396 1 : spdm_context->connection_info.connection_state =
397 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
398 1 : spdm_context->connection_info.capability.flags |=
399 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
400 1 : spdm_context->local_context.capability.flags |=
401 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
402 1 : spdm_context->connection_info.algorithm.base_hash_algo =
403 : m_libspdm_use_hash_algo;
404 1 : spdm_context->connection_info.algorithm.base_asym_algo =
405 : m_libspdm_use_asym_algo;
406 1 : spdm_context->connection_info.algorithm.measurement_spec =
407 : m_libspdm_use_measurement_spec;
408 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
409 : m_libspdm_use_measurement_hash_algo;
410 1 : spdm_context->connection_info.algorithm.dhe_named_group =
411 : m_libspdm_use_dhe_algo;
412 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
413 : m_libspdm_use_aead_algo;
414 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
415 : m_libspdm_use_asym_algo, &data1,
416 : &data_size1, NULL, NULL);
417 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
418 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
419 : data_size1;
420 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
421 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
422 : data_size1;
423 :
424 1 : libspdm_reset_message_a(spdm_context);
425 1 : spdm_context->local_context.mut_auth_requested = 0;
426 :
427 1 : session_id = 0xFFFFFFFF;
428 1 : spdm_context->latest_session_id = session_id;
429 1 : spdm_context->last_spdm_request_session_id_valid = true;
430 1 : spdm_context->last_spdm_request_session_id = session_id;
431 1 : session_info = &spdm_context->session_info[0];
432 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
433 1 : libspdm_session_info_set_psk_hint(session_info,
434 : LIBSPDM_TEST_PSK_HINT_STRING,
435 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
436 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
437 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
438 1 : libspdm_secured_message_set_request_finished_key(
439 : session_info->secured_message_context, m_libspdm_dummy_buffer,
440 : hash_size);
441 1 : libspdm_secured_message_set_session_state(
442 : session_info->secured_message_context,
443 : LIBSPDM_SESSION_STATE_HANDSHAKING);
444 :
445 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
446 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
447 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
448 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
449 : /* transcript.message_a size is 0
450 : * session_transcript.message_k is 0*/
451 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
452 : sizeof(spdm_psk_finish_request_t));
453 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
454 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
455 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
456 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
457 : request_finished_key, hash_size, ptr);
458 1 : m_libspdm_psk_finish_request1_size =
459 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
460 1 : response_size = sizeof(response);
461 1 : status = libspdm_get_response_psk_finish(spdm_context,
462 : m_libspdm_psk_finish_request1_size,
463 : &m_libspdm_psk_finish_request1,
464 : &response_size, response);
465 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
466 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
467 1 : spdm_response = (void *)response;
468 1 : assert_int_equal(spdm_response->header.request_response_code,
469 : SPDM_ERROR);
470 1 : assert_int_equal(spdm_response->header.param1,
471 : SPDM_ERROR_CODE_REQUEST_RESYNCH);
472 1 : assert_int_equal(spdm_response->header.param2, 0);
473 1 : assert_int_equal(spdm_context->response_state,
474 : LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
475 1 : free(data1);
476 1 : }
477 :
478 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
479 : /**
480 : * Test 5: receiving a correct PSK_FINISH from the requester, but the
481 : * responder could not produce the response in time.
482 : * Expected behavior: the responder accepts the request, but produces an
483 : * ERROR message indicating the ResponseNotReady state.
484 : **/
485 1 : void libspdm_test_responder_psk_finish_case5(void **state)
486 : {
487 : libspdm_return_t status;
488 : libspdm_test_context_t *spdm_test_context;
489 : libspdm_context_t *spdm_context;
490 : size_t response_size;
491 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
492 : spdm_psk_finish_response_t *spdm_response;
493 : void *data1;
494 : size_t data_size1;
495 : uint8_t *ptr;
496 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
497 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
498 : libspdm_session_info_t *session_info;
499 : uint32_t session_id;
500 : uint32_t hash_size;
501 : uint32_t hmac_size;
502 : spdm_error_data_response_not_ready_t *error_data;
503 :
504 1 : spdm_test_context = *state;
505 1 : spdm_context = spdm_test_context->spdm_context;
506 1 : spdm_test_context->case_id = 0x5;
507 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
508 : SPDM_VERSION_NUMBER_SHIFT_BIT;
509 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
510 1 : spdm_context->connection_info.connection_state =
511 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
512 1 : spdm_context->connection_info.capability.flags |=
513 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
514 1 : spdm_context->local_context.capability.flags |=
515 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
516 1 : spdm_context->connection_info.algorithm.base_hash_algo =
517 : m_libspdm_use_hash_algo;
518 1 : spdm_context->connection_info.algorithm.base_asym_algo =
519 : m_libspdm_use_asym_algo;
520 1 : spdm_context->connection_info.algorithm.measurement_spec =
521 : m_libspdm_use_measurement_spec;
522 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
523 : m_libspdm_use_measurement_hash_algo;
524 1 : spdm_context->connection_info.algorithm.dhe_named_group =
525 : m_libspdm_use_dhe_algo;
526 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
527 : m_libspdm_use_aead_algo;
528 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
529 : m_libspdm_use_asym_algo, &data1,
530 : &data_size1, NULL, NULL);
531 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
532 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
533 : data_size1;
534 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
535 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
536 : data_size1;
537 :
538 1 : libspdm_reset_message_a(spdm_context);
539 1 : spdm_context->local_context.mut_auth_requested = 0;
540 :
541 1 : session_id = 0xFFFFFFFF;
542 1 : spdm_context->latest_session_id = session_id;
543 1 : spdm_context->last_spdm_request_session_id_valid = true;
544 1 : spdm_context->last_spdm_request_session_id = session_id;
545 1 : session_info = &spdm_context->session_info[0];
546 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
547 1 : libspdm_session_info_set_psk_hint(session_info,
548 : LIBSPDM_TEST_PSK_HINT_STRING,
549 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
550 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
551 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
552 1 : libspdm_secured_message_set_request_finished_key(
553 : session_info->secured_message_context, m_libspdm_dummy_buffer,
554 : hash_size);
555 1 : libspdm_secured_message_set_session_state(
556 : session_info->secured_message_context,
557 : LIBSPDM_SESSION_STATE_HANDSHAKING);
558 :
559 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
560 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
561 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
562 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
563 : /* transcript.message_a size is 0
564 : * session_transcript.message_k is 0*/
565 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
566 : sizeof(spdm_psk_finish_request_t));
567 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
568 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
569 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
570 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
571 : request_finished_key, hash_size, ptr);
572 1 : m_libspdm_psk_finish_request1_size =
573 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
574 1 : response_size = sizeof(response);
575 1 : status = libspdm_get_response_psk_finish(spdm_context,
576 : m_libspdm_psk_finish_request1_size,
577 : &m_libspdm_psk_finish_request1,
578 : &response_size, response);
579 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
580 1 : assert_int_equal(response_size,
581 : sizeof(spdm_error_response_t) +
582 : sizeof(spdm_error_data_response_not_ready_t));
583 1 : spdm_response = (void *)response;
584 1 : error_data =
585 : (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
586 1 : assert_int_equal(spdm_response->header.request_response_code,
587 : SPDM_ERROR);
588 1 : assert_int_equal(spdm_response->header.param1,
589 : SPDM_ERROR_CODE_RESPONSE_NOT_READY);
590 1 : assert_int_equal(spdm_response->header.param2, 0);
591 1 : assert_int_equal(spdm_context->response_state,
592 : LIBSPDM_RESPONSE_STATE_NOT_READY);
593 1 : assert_int_equal(error_data->request_code, SPDM_PSK_FINISH);
594 1 : free(data1);
595 1 : }
596 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
597 :
598 : /**
599 : * Test 6: receiving a correct PSK_FINISH from the requester, but the
600 : * responder is not set no receive a PSK-FINISH message because previous
601 : * messages (namely, GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or
602 : * GET_DIGESTS) have not been received.
603 : * Expected behavior: the responder rejects the request, and produces an
604 : * ERROR message indicating the UnexpectedRequest.
605 : **/
606 1 : void libspdm_test_responder_psk_finish_case6(void **state)
607 : {
608 : libspdm_return_t status;
609 : libspdm_test_context_t *spdm_test_context;
610 : libspdm_context_t *spdm_context;
611 : size_t response_size;
612 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
613 : spdm_psk_finish_response_t *spdm_response;
614 : void *data1;
615 : size_t data_size1;
616 : uint8_t *ptr;
617 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
618 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
619 : libspdm_session_info_t *session_info;
620 : uint32_t session_id;
621 : uint32_t hash_size;
622 : uint32_t hmac_size;
623 :
624 1 : spdm_test_context = *state;
625 1 : spdm_context = spdm_test_context->spdm_context;
626 1 : spdm_test_context->case_id = 0x6;
627 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
628 : SPDM_VERSION_NUMBER_SHIFT_BIT;
629 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
630 1 : spdm_context->connection_info.connection_state =
631 : LIBSPDM_CONNECTION_STATE_NOT_STARTED;
632 1 : spdm_context->connection_info.capability.flags |=
633 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
634 1 : spdm_context->local_context.capability.flags |=
635 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
636 1 : spdm_context->connection_info.algorithm.base_hash_algo =
637 : m_libspdm_use_hash_algo;
638 1 : spdm_context->connection_info.algorithm.base_asym_algo =
639 : m_libspdm_use_asym_algo;
640 1 : spdm_context->connection_info.algorithm.measurement_spec =
641 : m_libspdm_use_measurement_spec;
642 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
643 : m_libspdm_use_measurement_hash_algo;
644 1 : spdm_context->connection_info.algorithm.dhe_named_group =
645 : m_libspdm_use_dhe_algo;
646 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
647 : m_libspdm_use_aead_algo;
648 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
649 : m_libspdm_use_asym_algo, &data1,
650 : &data_size1, NULL, NULL);
651 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
652 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
653 : data_size1;
654 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
655 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
656 : data_size1;
657 :
658 1 : libspdm_reset_message_a(spdm_context);
659 1 : spdm_context->local_context.mut_auth_requested = 0;
660 :
661 1 : session_id = 0xFFFFFFFF;
662 1 : spdm_context->latest_session_id = session_id;
663 1 : spdm_context->last_spdm_request_session_id_valid = true;
664 1 : spdm_context->last_spdm_request_session_id = session_id;
665 1 : session_info = &spdm_context->session_info[0];
666 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
667 1 : libspdm_session_info_set_psk_hint(session_info,
668 : LIBSPDM_TEST_PSK_HINT_STRING,
669 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
670 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
671 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
672 1 : libspdm_secured_message_set_request_finished_key(
673 : session_info->secured_message_context, m_libspdm_dummy_buffer,
674 : hash_size);
675 1 : libspdm_secured_message_set_session_state(
676 : session_info->secured_message_context,
677 : LIBSPDM_SESSION_STATE_HANDSHAKING);
678 :
679 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
680 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
681 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
682 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
683 : /* transcript.message_a size is 0
684 : * session_transcript.message_k is 0*/
685 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
686 : sizeof(spdm_psk_finish_request_t));
687 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
688 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
689 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
690 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
691 : request_finished_key, hash_size, ptr);
692 1 : m_libspdm_psk_finish_request1_size =
693 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
694 1 : response_size = sizeof(response);
695 1 : status = libspdm_get_response_psk_finish(spdm_context,
696 : m_libspdm_psk_finish_request1_size,
697 : &m_libspdm_psk_finish_request1,
698 : &response_size, response);
699 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
700 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
701 1 : spdm_response = (void *)response;
702 1 : assert_int_equal(spdm_response->header.request_response_code,
703 : SPDM_ERROR);
704 1 : assert_int_equal(spdm_response->header.param1,
705 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
706 1 : assert_int_equal(spdm_response->header.param2, 0);
707 1 : free(data1);
708 1 : }
709 :
710 1 : void libspdm_test_responder_psk_finish_case7(void **state)
711 : {
712 : libspdm_return_t status;
713 : libspdm_test_context_t *spdm_test_context;
714 : libspdm_context_t *spdm_context;
715 : size_t response_size;
716 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
717 : spdm_psk_finish_response_t *spdm_response;
718 : void *data1;
719 : size_t data_size1;
720 : uint8_t *ptr;
721 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
722 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
723 : libspdm_session_info_t *session_info;
724 : uint32_t session_id;
725 : uint32_t hash_size;
726 : uint32_t hmac_size;
727 :
728 1 : spdm_test_context = *state;
729 1 : spdm_context = spdm_test_context->spdm_context;
730 1 : spdm_test_context->case_id = 0x7;
731 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
732 : SPDM_VERSION_NUMBER_SHIFT_BIT;
733 1 : spdm_context->connection_info.connection_state =
734 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
735 1 : spdm_context->connection_info.capability.flags |=
736 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
737 1 : spdm_context->local_context.capability.flags |=
738 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
739 1 : spdm_context->connection_info.algorithm.base_hash_algo =
740 : m_libspdm_use_hash_algo;
741 1 : spdm_context->connection_info.algorithm.base_asym_algo =
742 : m_libspdm_use_asym_algo;
743 1 : spdm_context->connection_info.algorithm.measurement_spec =
744 : m_libspdm_use_measurement_spec;
745 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
746 : m_libspdm_use_measurement_hash_algo;
747 1 : spdm_context->connection_info.algorithm.dhe_named_group =
748 : m_libspdm_use_dhe_algo;
749 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
750 : m_libspdm_use_aead_algo;
751 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
752 : m_libspdm_use_asym_algo, &data1,
753 : &data_size1, NULL, NULL);
754 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
755 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
756 : data_size1;
757 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
758 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
759 : data_size1;
760 :
761 1 : libspdm_reset_message_a(spdm_context);
762 1 : spdm_context->local_context.mut_auth_requested = 0;
763 :
764 1 : session_id = 0xFFFFFFFF;
765 1 : spdm_context->latest_session_id = session_id;
766 1 : spdm_context->last_spdm_request_session_id_valid = true;
767 1 : spdm_context->last_spdm_request_session_id = session_id;
768 1 : session_info = &spdm_context->session_info[0];
769 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
770 1 : libspdm_session_info_set_psk_hint(session_info,
771 : LIBSPDM_TEST_PSK_HINT_STRING,
772 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
773 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
774 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
775 1 : libspdm_secured_message_set_request_finished_key(
776 : session_info->secured_message_context, m_libspdm_dummy_buffer,
777 : hash_size);
778 1 : libspdm_secured_message_set_session_state(
779 : session_info->secured_message_context,
780 : LIBSPDM_SESSION_STATE_HANDSHAKING);
781 :
782 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
783 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
784 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
785 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
786 : /* transcript.message_a size is 0
787 : * session_transcript.message_k is 0*/
788 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
789 : sizeof(spdm_psk_finish_request_t));
790 :
791 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
792 : session_info->session_transcript.message_m.buffer_size =
793 : session_info->session_transcript.message_m.max_buffer_size;
794 : spdm_context->transcript.message_b.buffer_size =
795 : spdm_context->transcript.message_b.max_buffer_size;
796 : spdm_context->transcript.message_c.buffer_size =
797 : spdm_context->transcript.message_c.max_buffer_size;
798 : spdm_context->transcript.message_mut_b.buffer_size =
799 : spdm_context->transcript.message_mut_b.max_buffer_size;
800 : spdm_context->transcript.message_mut_c.buffer_size =
801 : spdm_context->transcript.message_mut_c.max_buffer_size;
802 : #endif
803 :
804 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
805 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
806 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
807 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
808 : request_finished_key, hash_size, ptr);
809 1 : m_libspdm_psk_finish_request1_size =
810 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
811 1 : response_size = sizeof(response);
812 1 : status = libspdm_get_response_psk_finish(spdm_context,
813 : m_libspdm_psk_finish_request1_size,
814 : &m_libspdm_psk_finish_request1,
815 : &response_size, response);
816 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
817 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t));
818 1 : spdm_response = (void *)response;
819 1 : assert_int_equal(spdm_response->header.request_response_code,
820 : SPDM_PSK_FINISH_RSP);
821 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
822 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
823 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
824 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
825 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
826 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
827 : #endif
828 :
829 1 : free(data1);
830 1 : }
831 :
832 : /**
833 : * Test 8: receiving a correct PSK_FINISH message from the requester, but
834 : * the responder has no capabilities for pre-shared keys.
835 : * Expected behavior: the responder refuses the PSK_FINISH message and
836 : * produces an ERROR message indicating the UnsupportedRequest.
837 : **/
838 1 : void libspdm_test_responder_psk_finish_case8(void **state)
839 : {
840 : libspdm_return_t status;
841 : libspdm_test_context_t *spdm_test_context;
842 : libspdm_context_t *spdm_context;
843 : size_t response_size;
844 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
845 : spdm_psk_finish_response_t *spdm_response;
846 : void *data1;
847 : size_t data_size1;
848 : uint8_t *ptr;
849 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
850 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
851 : libspdm_session_info_t *session_info;
852 : uint32_t session_id;
853 : uint32_t hash_size;
854 : uint32_t hmac_size;
855 :
856 1 : spdm_test_context = *state;
857 1 : spdm_context = spdm_test_context->spdm_context;
858 1 : spdm_test_context->case_id = 0x8;
859 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
860 : SPDM_VERSION_NUMBER_SHIFT_BIT;
861 1 : spdm_context->connection_info.connection_state =
862 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
863 1 : spdm_context->connection_info.capability.flags &=
864 : ~(SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP);
865 1 : spdm_context->local_context.capability.flags &=
866 : ~(SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP);
867 1 : spdm_context->connection_info.algorithm.base_hash_algo =
868 : m_libspdm_use_hash_algo;
869 1 : spdm_context->connection_info.algorithm.base_asym_algo =
870 : m_libspdm_use_asym_algo;
871 1 : spdm_context->connection_info.algorithm.measurement_spec =
872 : m_libspdm_use_measurement_spec;
873 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
874 : m_libspdm_use_measurement_hash_algo;
875 1 : spdm_context->connection_info.algorithm.dhe_named_group =
876 : m_libspdm_use_dhe_algo;
877 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
878 : m_libspdm_use_aead_algo;
879 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
880 : m_libspdm_use_asym_algo, &data1,
881 : &data_size1, NULL, NULL);
882 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
883 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
884 : data_size1;
885 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
886 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
887 : data_size1;
888 :
889 1 : spdm_context->transcript.message_a.buffer_size = 0;
890 1 : spdm_context->local_context.mut_auth_requested = 0;
891 :
892 1 : session_id = 0xFFFFFFFF;
893 1 : spdm_context->latest_session_id = session_id;
894 1 : spdm_context->last_spdm_request_session_id_valid = true;
895 1 : spdm_context->last_spdm_request_session_id = session_id;
896 1 : session_info = &spdm_context->session_info[0];
897 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
898 1 : libspdm_session_info_set_psk_hint(session_info,
899 : LIBSPDM_TEST_PSK_HINT_STRING,
900 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
901 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
902 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
903 1 : libspdm_secured_message_set_request_finished_key(
904 : session_info->secured_message_context, m_libspdm_dummy_buffer,
905 : hash_size);
906 1 : libspdm_secured_message_set_session_state(
907 : session_info->secured_message_context,
908 : LIBSPDM_SESSION_STATE_HANDSHAKING);
909 :
910 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
911 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
912 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
913 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
914 : /* transcript.message_a size is 0
915 : * session_transcript.message_k is 0*/
916 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
917 : sizeof(spdm_psk_finish_request_t));
918 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
919 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
920 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
921 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
922 : request_finished_key, hash_size, ptr);
923 1 : m_libspdm_psk_finish_request1_size =
924 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
925 1 : response_size = sizeof(response);
926 1 : status = libspdm_get_response_psk_finish(spdm_context,
927 : m_libspdm_psk_finish_request1_size,
928 : &m_libspdm_psk_finish_request1,
929 : &response_size, response);
930 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
931 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
932 1 : spdm_response = (void *)response;
933 1 : assert_int_equal(spdm_response->header.request_response_code,
934 : SPDM_ERROR);
935 1 : assert_int_equal(spdm_response->header.param1,
936 : SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
937 1 : assert_int_equal(spdm_response->header.param2, SPDM_PSK_FINISH);
938 1 : free(data1);
939 1 : }
940 :
941 : /**
942 : * Test 9: receiving a correct PSK_FINISH message from the requester, but
943 : * the responder is not correctly setup by not initializing a session during
944 : * PSK_EXCHANGE.
945 : * Expected behavior: the responder refuses the PSK_FINISH message and
946 : * produces an ERROR message indicating the InvalidRequest.
947 : **/
948 1 : void libspdm_test_responder_psk_finish_case9(void **state)
949 : {
950 : libspdm_return_t status;
951 : libspdm_test_context_t *spdm_test_context;
952 : libspdm_context_t *spdm_context;
953 : size_t response_size;
954 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
955 : spdm_psk_finish_response_t *spdm_response;
956 : void *data1;
957 : size_t data_size1;
958 : uint8_t *ptr;
959 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
960 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
961 : libspdm_session_info_t *session_info;
962 : uint32_t session_id;
963 : uint32_t hash_size;
964 : uint32_t hmac_size;
965 :
966 1 : spdm_test_context = *state;
967 1 : spdm_context = spdm_test_context->spdm_context;
968 1 : spdm_test_context->case_id = 0x9;
969 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
970 : SPDM_VERSION_NUMBER_SHIFT_BIT;
971 1 : spdm_context->connection_info.connection_state =
972 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
973 1 : spdm_context->connection_info.capability.flags |=
974 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
975 1 : spdm_context->local_context.capability.flags |=
976 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
977 1 : spdm_context->connection_info.algorithm.base_hash_algo =
978 : m_libspdm_use_hash_algo;
979 1 : spdm_context->connection_info.algorithm.base_asym_algo =
980 : m_libspdm_use_asym_algo;
981 1 : spdm_context->connection_info.algorithm.measurement_spec =
982 : m_libspdm_use_measurement_spec;
983 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
984 : m_libspdm_use_measurement_hash_algo;
985 1 : spdm_context->connection_info.algorithm.dhe_named_group =
986 : m_libspdm_use_dhe_algo;
987 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
988 : m_libspdm_use_aead_algo;
989 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
990 : m_libspdm_use_asym_algo, &data1,
991 : &data_size1, NULL, NULL);
992 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
993 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
994 : data_size1;
995 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
996 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
997 : data_size1;
998 :
999 1 : spdm_context->transcript.message_a.buffer_size = 0;
1000 1 : spdm_context->local_context.mut_auth_requested = 0;
1001 :
1002 1 : session_id = 0xFFFFFFFF;
1003 1 : spdm_context->latest_session_id = session_id;
1004 1 : spdm_context->last_spdm_request_session_id_valid = true;
1005 1 : spdm_context->last_spdm_request_session_id = session_id;
1006 1 : session_info = &spdm_context->session_info[0];
1007 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
1008 1 : libspdm_session_info_set_psk_hint(session_info,
1009 : LIBSPDM_TEST_PSK_HINT_STRING,
1010 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1011 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1012 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1013 1 : libspdm_secured_message_set_request_finished_key(
1014 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1015 : hash_size);
1016 1 : libspdm_secured_message_set_session_state(
1017 : session_info->secured_message_context,
1018 : LIBSPDM_SESSION_STATE_NOT_STARTED);
1019 :
1020 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1021 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1022 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1023 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1024 : /* transcript.message_a size is 0
1025 : * session_transcript.message_k is 0*/
1026 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1027 : sizeof(spdm_psk_finish_request_t));
1028 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1029 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1030 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1031 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1032 : request_finished_key, hash_size, ptr);
1033 1 : m_libspdm_psk_finish_request1_size =
1034 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
1035 1 : response_size = sizeof(response);
1036 1 : status = libspdm_get_response_psk_finish(spdm_context,
1037 : m_libspdm_psk_finish_request1_size,
1038 : &m_libspdm_psk_finish_request1,
1039 : &response_size, response);
1040 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1041 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1042 1 : spdm_response = (void *)response;
1043 1 : assert_int_equal(spdm_response->header.request_response_code,
1044 : SPDM_ERROR);
1045 1 : assert_int_equal(spdm_response->header.param1,
1046 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
1047 1 : assert_int_equal(spdm_response->header.param2, 0);
1048 1 : free(data1);
1049 1 : }
1050 :
1051 : /**
1052 : * Test 10: receiving a PSK_FINISH message from the requester with an
1053 : * incorrect MAC (all-zero).
1054 : * Expected behavior: the responder refuses the PSK_FINISH message and
1055 : * produces an ERROR message indicating the DecryptError.
1056 : **/
1057 1 : void libspdm_test_responder_psk_finish_case10(void **state)
1058 : {
1059 : libspdm_return_t status;
1060 : libspdm_test_context_t *spdm_test_context;
1061 : libspdm_context_t *spdm_context;
1062 : size_t response_size;
1063 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1064 : spdm_psk_finish_response_t *spdm_response;
1065 : void *data1;
1066 : size_t data_size1;
1067 : uint8_t *ptr;
1068 : libspdm_session_info_t *session_info;
1069 : uint32_t session_id;
1070 : uint32_t hash_size;
1071 : uint32_t hmac_size;
1072 :
1073 1 : spdm_test_context = *state;
1074 1 : spdm_context = spdm_test_context->spdm_context;
1075 1 : spdm_test_context->case_id = 0xA;
1076 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1077 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1078 1 : spdm_context->connection_info.connection_state =
1079 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1080 1 : spdm_context->connection_info.capability.flags |=
1081 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1082 1 : spdm_context->local_context.capability.flags |=
1083 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1084 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1085 : m_libspdm_use_hash_algo;
1086 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1087 : m_libspdm_use_asym_algo;
1088 1 : spdm_context->connection_info.algorithm.measurement_spec =
1089 : m_libspdm_use_measurement_spec;
1090 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1091 : m_libspdm_use_measurement_hash_algo;
1092 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1093 : m_libspdm_use_dhe_algo;
1094 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1095 : m_libspdm_use_aead_algo;
1096 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1097 : m_libspdm_use_asym_algo, &data1,
1098 : &data_size1, NULL, NULL);
1099 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1100 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1101 : data_size1;
1102 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1103 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1104 : data_size1;
1105 :
1106 1 : spdm_context->transcript.message_a.buffer_size = 0;
1107 1 : spdm_context->local_context.mut_auth_requested = 0;
1108 :
1109 1 : session_id = 0xFFFFFFFF;
1110 1 : spdm_context->latest_session_id = session_id;
1111 1 : spdm_context->last_spdm_request_session_id_valid = true;
1112 1 : spdm_context->last_spdm_request_session_id = session_id;
1113 1 : session_info = &spdm_context->session_info[0];
1114 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
1115 1 : libspdm_session_info_set_psk_hint(session_info,
1116 : LIBSPDM_TEST_PSK_HINT_STRING,
1117 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1118 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1119 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1120 1 : libspdm_secured_message_set_request_finished_key(
1121 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1122 : hash_size);
1123 1 : libspdm_secured_message_set_session_state(
1124 : session_info->secured_message_context,
1125 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1126 :
1127 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1128 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1129 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1130 1 : libspdm_set_mem(ptr, hmac_size, (uint8_t)(0x00)); /*all-zero MAC*/
1131 1 : m_libspdm_psk_finish_request1_size =
1132 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
1133 1 : response_size = sizeof(response);
1134 1 : status = libspdm_get_response_psk_finish(spdm_context,
1135 : m_libspdm_psk_finish_request1_size,
1136 : &m_libspdm_psk_finish_request1,
1137 : &response_size, response);
1138 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1139 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1140 1 : spdm_response = (void *)response;
1141 1 : assert_int_equal(spdm_response->header.request_response_code,
1142 : SPDM_ERROR);
1143 1 : assert_int_equal(spdm_response->header.param1,
1144 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1145 1 : assert_int_equal(spdm_response->header.param2, 0);
1146 1 : free(data1);
1147 1 : }
1148 :
1149 : /**
1150 : * Test 11: receiving a PSK_FINISH message from the requester with an
1151 : * incorrect MAC (arbitrary).
1152 : * Expected behavior: the responder refuses the PSK_FINISH message and
1153 : * produces an ERROR message indicating the DecryptError.
1154 : **/
1155 1 : void libspdm_test_responder_psk_finish_case11(void **state)
1156 : {
1157 : libspdm_return_t status;
1158 : libspdm_test_context_t *spdm_test_context;
1159 : libspdm_context_t *spdm_context;
1160 : size_t response_size;
1161 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1162 : spdm_psk_finish_response_t *spdm_response;
1163 : void *data1;
1164 : size_t data_size1;
1165 : uint8_t *ptr;
1166 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1167 : uint8_t zero_data[LIBSPDM_MAX_HASH_SIZE];
1168 : libspdm_session_info_t *session_info;
1169 : uint32_t session_id;
1170 : uint32_t hash_size;
1171 : uint32_t hmac_size;
1172 :
1173 1 : spdm_test_context = *state;
1174 1 : spdm_context = spdm_test_context->spdm_context;
1175 1 : spdm_test_context->case_id = 0xB;
1176 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1177 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1178 1 : spdm_context->connection_info.connection_state =
1179 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1180 1 : spdm_context->connection_info.capability.flags |=
1181 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1182 1 : spdm_context->local_context.capability.flags |=
1183 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1184 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1185 : m_libspdm_use_hash_algo;
1186 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1187 : m_libspdm_use_asym_algo;
1188 1 : spdm_context->connection_info.algorithm.measurement_spec =
1189 : m_libspdm_use_measurement_spec;
1190 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1191 : m_libspdm_use_measurement_hash_algo;
1192 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1193 : m_libspdm_use_dhe_algo;
1194 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1195 : m_libspdm_use_aead_algo;
1196 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1197 : m_libspdm_use_asym_algo, &data1,
1198 : &data_size1, NULL, NULL);
1199 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1200 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1201 : data_size1;
1202 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1203 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1204 : data_size1;
1205 :
1206 1 : spdm_context->transcript.message_a.buffer_size = 0;
1207 1 : spdm_context->local_context.mut_auth_requested = 0;
1208 :
1209 1 : session_id = 0xFFFFFFFF;
1210 1 : spdm_context->latest_session_id = session_id;
1211 1 : spdm_context->last_spdm_request_session_id_valid = true;
1212 1 : spdm_context->last_spdm_request_session_id = session_id;
1213 1 : session_info = &spdm_context->session_info[0];
1214 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
1215 1 : libspdm_session_info_set_psk_hint(session_info,
1216 : LIBSPDM_TEST_PSK_HINT_STRING,
1217 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1218 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1219 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1220 1 : libspdm_secured_message_set_request_finished_key(
1221 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1222 : hash_size);
1223 1 : libspdm_secured_message_set_session_state(
1224 : session_info->secured_message_context,
1225 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1226 :
1227 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1228 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1229 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1230 : /*arbitrary MAC*/
1231 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1232 1 : libspdm_set_mem(zero_data, hash_size, (uint8_t)(0x00));
1233 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, zero_data, hash_size,
1234 : request_finished_key, hash_size, ptr);
1235 1 : m_libspdm_psk_finish_request1_size =
1236 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
1237 1 : response_size = sizeof(response);
1238 1 : status = libspdm_get_response_psk_finish(spdm_context,
1239 : m_libspdm_psk_finish_request1_size,
1240 : &m_libspdm_psk_finish_request1,
1241 : &response_size, response);
1242 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1243 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1244 1 : spdm_response = (void *)response;
1245 1 : assert_int_equal(spdm_response->header.request_response_code,
1246 : SPDM_ERROR);
1247 1 : assert_int_equal(spdm_response->header.param1,
1248 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1249 1 : assert_int_equal(spdm_response->header.param2, 0);
1250 1 : free(data1);
1251 1 : }
1252 :
1253 : /**
1254 : * Test 12: receiving a PSK_FINISH message from the requester with an
1255 : * incorrect MAC size (a correct MAC repeated twice).
1256 : * Expected behavior: the responder refuses the PSK_FINISH message and
1257 : * produces an ERROR message indicating the InvalidRequest.
1258 : **/
1259 1 : void libspdm_test_responder_psk_finish_case12(void **state)
1260 : {
1261 : libspdm_return_t status;
1262 : libspdm_test_context_t *spdm_test_context;
1263 : libspdm_context_t *spdm_context;
1264 : size_t response_size;
1265 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1266 : spdm_psk_finish_response_t *spdm_response;
1267 : void *data1;
1268 : size_t data_size1;
1269 : uint8_t *ptr;
1270 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1271 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1272 : libspdm_session_info_t *session_info;
1273 : uint32_t session_id;
1274 : uint32_t hash_size;
1275 : uint32_t hmac_size;
1276 :
1277 1 : spdm_test_context = *state;
1278 1 : spdm_context = spdm_test_context->spdm_context;
1279 1 : spdm_test_context->case_id = 0xC;
1280 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1281 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1282 1 : spdm_context->connection_info.connection_state =
1283 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1284 1 : spdm_context->connection_info.capability.flags |=
1285 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1286 1 : spdm_context->local_context.capability.flags |=
1287 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1288 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1289 : m_libspdm_use_hash_algo;
1290 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1291 : m_libspdm_use_asym_algo;
1292 1 : spdm_context->connection_info.algorithm.measurement_spec =
1293 : m_libspdm_use_measurement_spec;
1294 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1295 : m_libspdm_use_measurement_hash_algo;
1296 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1297 : m_libspdm_use_dhe_algo;
1298 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1299 : m_libspdm_use_aead_algo;
1300 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1301 : m_libspdm_use_asym_algo, &data1,
1302 : &data_size1, NULL, NULL);
1303 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1304 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1305 : data_size1;
1306 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1307 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1308 : data_size1;
1309 :
1310 1 : spdm_context->transcript.message_a.buffer_size = 0;
1311 1 : spdm_context->local_context.mut_auth_requested = 0;
1312 :
1313 1 : session_id = 0xFFFFFFFF;
1314 1 : spdm_context->latest_session_id = session_id;
1315 1 : spdm_context->last_spdm_request_session_id_valid = true;
1316 1 : spdm_context->last_spdm_request_session_id = session_id;
1317 1 : session_info = &spdm_context->session_info[0];
1318 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
1319 1 : libspdm_session_info_set_psk_hint(session_info,
1320 : LIBSPDM_TEST_PSK_HINT_STRING,
1321 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1322 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1323 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1324 1 : libspdm_secured_message_set_request_finished_key(
1325 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1326 : hash_size);
1327 1 : libspdm_secured_message_set_session_state(
1328 : session_info->secured_message_context,
1329 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1330 :
1331 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1332 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1333 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1334 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1335 : /* transcript.message_a size is 0
1336 : * session_transcript.message_k is 0*/
1337 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1338 : sizeof(spdm_psk_finish_request_t));
1339 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1340 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1341 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1342 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1343 : request_finished_key, hash_size, ptr);
1344 1 : libspdm_copy_mem(ptr, sizeof(m_libspdm_psk_finish_request1.verify_data),
1345 1 : ptr + hmac_size, hmac_size); /* 2x HMAC size*/
1346 1 : m_libspdm_psk_finish_request1_size =
1347 1 : sizeof(spdm_psk_finish_request_t) + 2*hmac_size;
1348 1 : response_size = sizeof(response);
1349 1 : status = libspdm_get_response_psk_finish(spdm_context,
1350 : m_libspdm_psk_finish_request1_size,
1351 : &m_libspdm_psk_finish_request1,
1352 : &response_size, response);
1353 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1354 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1355 1 : spdm_response = (void *)response;
1356 1 : assert_int_equal(spdm_response->header.request_response_code,
1357 : SPDM_ERROR);
1358 1 : assert_int_equal(spdm_response->header.param1,
1359 : SPDM_ERROR_CODE_INVALID_REQUEST);
1360 1 : assert_int_equal(spdm_response->header.param2, 0);
1361 1 : free(data1);
1362 1 : }
1363 :
1364 : /**
1365 : * Test 13: receiving a PSK_FINISH message from the requester with an
1366 : * incorrect MAC size (only the correct first half of the MAC).
1367 : * Expected behavior: the responder refuses the PSK_FINISH message and
1368 : * produces an ERROR message indicating the InvalidRequest.
1369 : **/
1370 1 : void libspdm_test_responder_psk_finish_case13(void **state)
1371 : {
1372 : libspdm_return_t status;
1373 : libspdm_test_context_t *spdm_test_context;
1374 : libspdm_context_t *spdm_context;
1375 : size_t response_size;
1376 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1377 : spdm_psk_finish_response_t *spdm_response;
1378 : void *data1;
1379 : size_t data_size1;
1380 : uint8_t *ptr;
1381 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1382 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1383 : libspdm_session_info_t *session_info;
1384 : uint32_t session_id;
1385 : uint32_t hash_size;
1386 : uint32_t hmac_size;
1387 :
1388 1 : spdm_test_context = *state;
1389 1 : spdm_context = spdm_test_context->spdm_context;
1390 1 : spdm_test_context->case_id = 0xD;
1391 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1392 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1393 1 : spdm_context->connection_info.connection_state =
1394 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1395 1 : spdm_context->connection_info.capability.flags |=
1396 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1397 1 : spdm_context->local_context.capability.flags |=
1398 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1399 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1400 : m_libspdm_use_hash_algo;
1401 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1402 : m_libspdm_use_asym_algo;
1403 1 : spdm_context->connection_info.algorithm.measurement_spec =
1404 : m_libspdm_use_measurement_spec;
1405 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1406 : m_libspdm_use_measurement_hash_algo;
1407 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1408 : m_libspdm_use_dhe_algo;
1409 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1410 : m_libspdm_use_aead_algo;
1411 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1412 : m_libspdm_use_asym_algo, &data1,
1413 : &data_size1, NULL, NULL);
1414 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1415 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1416 : data_size1;
1417 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1418 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1419 : data_size1;
1420 :
1421 1 : spdm_context->transcript.message_a.buffer_size = 0;
1422 1 : spdm_context->local_context.mut_auth_requested = 0;
1423 :
1424 1 : session_id = 0xFFFFFFFF;
1425 1 : spdm_context->latest_session_id = session_id;
1426 1 : spdm_context->last_spdm_request_session_id_valid = true;
1427 1 : spdm_context->last_spdm_request_session_id = session_id;
1428 1 : session_info = &spdm_context->session_info[0];
1429 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
1430 1 : libspdm_session_info_set_psk_hint(session_info,
1431 : LIBSPDM_TEST_PSK_HINT_STRING,
1432 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1433 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1434 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1435 1 : libspdm_secured_message_set_request_finished_key(
1436 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1437 : hash_size);
1438 1 : libspdm_secured_message_set_session_state(
1439 : session_info->secured_message_context,
1440 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1441 :
1442 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1443 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1444 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1445 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1446 : /* transcript.message_a size is 0
1447 : * session_transcript.message_k is 0*/
1448 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1449 : sizeof(spdm_psk_finish_request_t));
1450 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1451 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1452 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1453 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1454 : request_finished_key, hash_size, ptr);
1455 1 : libspdm_set_mem(ptr + hmac_size/2, hmac_size/2, (uint8_t) 0x00); /* half HMAC size*/
1456 1 : m_libspdm_psk_finish_request1_size =
1457 1 : sizeof(spdm_psk_finish_request_t) + hmac_size/2;
1458 1 : response_size = sizeof(response);
1459 1 : status = libspdm_get_response_psk_finish(spdm_context,
1460 : m_libspdm_psk_finish_request1_size,
1461 : &m_libspdm_psk_finish_request1,
1462 : &response_size, response);
1463 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1464 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1465 1 : spdm_response = (void *)response;
1466 1 : assert_int_equal(spdm_response->header.request_response_code,
1467 : SPDM_ERROR);
1468 1 : assert_int_equal(spdm_response->header.param1,
1469 : SPDM_ERROR_CODE_INVALID_REQUEST);
1470 1 : assert_int_equal(spdm_response->header.param2, 0);
1471 1 : free(data1);
1472 1 : }
1473 :
1474 : /**
1475 : * Test 14: receiving a correct PSK_FINISH from the requester.
1476 : * Expected behavior: the responder accepts the request and produces a valid PSK_FINISH
1477 : * response message, and buffer F receives the exchanged PSK_FINISH and PSK_FINISH_RSP messages.
1478 : **/
1479 1 : void libspdm_test_responder_psk_finish_case14(void **state)
1480 : {
1481 : libspdm_return_t status;
1482 : libspdm_test_context_t *spdm_test_context;
1483 : libspdm_context_t *spdm_context;
1484 : size_t response_size;
1485 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1486 : spdm_psk_finish_response_t *spdm_response;
1487 : void *data1;
1488 : size_t data_size1;
1489 : uint8_t *ptr;
1490 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1491 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1492 : libspdm_session_info_t *session_info;
1493 : uint32_t session_id;
1494 : uint32_t hash_size;
1495 : uint32_t hmac_size;
1496 :
1497 1 : spdm_test_context = *state;
1498 1 : spdm_context = spdm_test_context->spdm_context;
1499 1 : spdm_test_context->case_id = 0xE;
1500 1 : spdm_context->connection_info.connection_state =
1501 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1502 1 : spdm_context->connection_info.capability.flags |=
1503 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1504 1 : spdm_context->local_context.capability.flags |=
1505 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1506 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1507 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1508 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1509 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1510 : m_libspdm_use_measurement_hash_algo;
1511 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1512 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1513 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1514 : m_libspdm_use_asym_algo, &data1,
1515 : &data_size1, NULL, NULL);
1516 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1517 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1518 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1519 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size = data_size1;
1520 :
1521 1 : libspdm_reset_message_a(spdm_context);
1522 1 : spdm_context->local_context.mut_auth_requested = 0;
1523 :
1524 1 : session_id = 0xFFFFFFFF;
1525 1 : spdm_context->latest_session_id = session_id;
1526 1 : spdm_context->last_spdm_request_session_id_valid = true;
1527 1 : spdm_context->last_spdm_request_session_id = session_id;
1528 1 : session_info = &spdm_context->session_info[0];
1529 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
1530 1 : libspdm_session_info_set_psk_hint(session_info,
1531 : LIBSPDM_TEST_PSK_HINT_STRING,
1532 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1533 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1534 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1535 1 : libspdm_secured_message_set_request_finished_key(
1536 : session_info->secured_message_context, m_libspdm_dummy_buffer, hash_size);
1537 1 : libspdm_secured_message_set_session_state(
1538 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1539 :
1540 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1541 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1542 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1543 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1544 : /* transcript.message_a size is 0
1545 : * session_transcript.message_k is 0*/
1546 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1547 : sizeof(spdm_psk_finish_request_t));
1548 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1549 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1550 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1551 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1552 : request_finished_key, hash_size, ptr);
1553 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
1554 1 : response_size = sizeof(response);
1555 1 : status = libspdm_get_response_psk_finish(
1556 : spdm_context, m_libspdm_psk_finish_request1_size, &m_libspdm_psk_finish_request1,
1557 : &response_size, response);
1558 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1559 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t));
1560 1 : spdm_response = (void *)response;
1561 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_PSK_FINISH_RSP);
1562 :
1563 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1564 : assert_int_equal(spdm_context->session_info[0].session_transcript.message_f.buffer_size,
1565 : m_libspdm_psk_finish_request1_size + response_size);
1566 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer,
1567 : &m_libspdm_psk_finish_request1, m_libspdm_psk_finish_request1_size);
1568 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer +
1569 : m_libspdm_psk_finish_request1_size, response, response_size);
1570 : #endif
1571 :
1572 1 : free(data1);
1573 1 : }
1574 :
1575 1 : int libspdm_responder_psk_finish_test_main(void)
1576 : {
1577 1 : const struct CMUnitTest spdm_responder_psk_finish_tests[] = {
1578 : /* Success Case*/
1579 : cmocka_unit_test(libspdm_test_responder_psk_finish_case1),
1580 : /* Bad request size*/
1581 : cmocka_unit_test(libspdm_test_responder_psk_finish_case2),
1582 : /* response_state: SPDM_RESPONSE_STATE_BUSY*/
1583 : cmocka_unit_test(libspdm_test_responder_psk_finish_case3),
1584 : /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
1585 : cmocka_unit_test(libspdm_test_responder_psk_finish_case4),
1586 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
1587 : /* response_state: SPDM_RESPONSE_STATE_NOT_READY*/
1588 : cmocka_unit_test(libspdm_test_responder_psk_finish_case5),
1589 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
1590 : /* connection_state Check*/
1591 : cmocka_unit_test(libspdm_test_responder_psk_finish_case6),
1592 : /* Buffer reset*/
1593 : cmocka_unit_test(libspdm_test_responder_psk_finish_case7),
1594 : /* Unsupported PSK capabilities*/
1595 : cmocka_unit_test(libspdm_test_responder_psk_finish_case8),
1596 : /* Uninitialized session*/
1597 : cmocka_unit_test(libspdm_test_responder_psk_finish_case9),
1598 : /* Incorrect MAC*/
1599 : cmocka_unit_test(libspdm_test_responder_psk_finish_case10),
1600 : cmocka_unit_test(libspdm_test_responder_psk_finish_case11),
1601 : /* Incorrect MAC size*/
1602 : cmocka_unit_test(libspdm_test_responder_psk_finish_case12),
1603 : cmocka_unit_test(libspdm_test_responder_psk_finish_case13),
1604 : /* Buffer verification*/
1605 : cmocka_unit_test(libspdm_test_responder_psk_finish_case14),
1606 : };
1607 :
1608 1 : libspdm_test_context_t test_context = {
1609 : LIBSPDM_TEST_CONTEXT_VERSION,
1610 : false,
1611 : };
1612 :
1613 1 : libspdm_setup_test_context(&test_context);
1614 :
1615 1 : return cmocka_run_group_tests(spdm_responder_psk_finish_tests,
1616 : libspdm_unit_test_group_setup,
1617 : libspdm_unit_test_group_teardown);
1618 : }
1619 :
1620 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
|
