Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 : #include "internal/libspdm_secured_message_lib.h"
10 :
11 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
12 : #pragma pack(1)
13 : typedef struct {
14 : spdm_message_header_t header;
15 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
16 : } libspdm_psk_finish_request_mine_t;
17 :
18 : typedef struct {
19 : spdm_message_header_t header;
20 : uint16_t opaque_data_size;
21 : uint8_t opaque_data[8];
22 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
23 : } libspdm_psk_finish_request_mine_14_t;
24 : #pragma pack()
25 :
26 : static libspdm_th_managed_buffer_t th_curr;
27 :
28 : libspdm_psk_finish_request_mine_t m_libspdm_psk_finish_request1 = {
29 : { SPDM_MESSAGE_VERSION_11, SPDM_PSK_FINISH, 0, 0 },
30 : };
31 : size_t m_libspdm_psk_finish_request1_size = sizeof(m_libspdm_psk_finish_request1);
32 :
33 : libspdm_psk_finish_request_mine_t m_libspdm_psk_finish_request2 = {
34 : { SPDM_MESSAGE_VERSION_11, SPDM_PSK_FINISH, 0, 0 },
35 : };
36 : size_t m_libspdm_psk_finish_request2_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
37 :
38 : libspdm_psk_finish_request_mine_14_t m_libspdm_psk_finish_request3 = {
39 : { SPDM_MESSAGE_VERSION_14, SPDM_PSK_FINISH, 0, 0 },
40 : };
41 : size_t m_libspdm_psk_finish_request3_size = sizeof(m_libspdm_psk_finish_request3);
42 :
43 : static uint8_t m_libspdm_dummy_buffer[LIBSPDM_MAX_HASH_SIZE];
44 :
45 15 : static void libspdm_secured_message_set_request_finished_key(
46 : void *spdm_secured_message_context, const void *key, size_t key_size)
47 : {
48 : libspdm_secured_message_context_t *secured_message_context;
49 :
50 15 : secured_message_context = spdm_secured_message_context;
51 15 : LIBSPDM_ASSERT(key_size == secured_message_context->hash_size);
52 15 : libspdm_copy_mem(secured_message_context->handshake_secret.request_finished_key,
53 : sizeof(secured_message_context->handshake_secret.request_finished_key),
54 : key, secured_message_context->hash_size);
55 15 : }
56 :
57 : /**
58 : * Test 1: receiving a correct PSK_FINISH message from the requester with a
59 : * correct MAC.
60 : * Expected behavior: the responder accepts the request and produces a valid
61 : * PSK_FINISH_RSP response message.
62 : **/
63 1 : void libspdm_test_responder_psk_finish_case1(void **state)
64 : {
65 : libspdm_return_t status;
66 : libspdm_test_context_t *spdm_test_context;
67 : libspdm_context_t *spdm_context;
68 : size_t response_size;
69 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
70 : spdm_psk_finish_response_t *spdm_response;
71 : void *data1;
72 : size_t data_size1;
73 : uint8_t *ptr;
74 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
75 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
76 : libspdm_session_info_t *session_info;
77 : uint32_t session_id;
78 : uint32_t hash_size;
79 : uint32_t hmac_size;
80 :
81 1 : spdm_test_context = *state;
82 1 : spdm_context = spdm_test_context->spdm_context;
83 1 : spdm_test_context->case_id = 0x1;
84 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
85 : SPDM_VERSION_NUMBER_SHIFT_BIT;
86 1 : spdm_context->connection_info.connection_state =
87 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
88 1 : spdm_context->connection_info.capability.flags |=
89 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
90 1 : spdm_context->local_context.capability.flags |=
91 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
92 1 : spdm_context->connection_info.algorithm.base_hash_algo =
93 : m_libspdm_use_hash_algo;
94 1 : spdm_context->connection_info.algorithm.base_asym_algo =
95 : m_libspdm_use_asym_algo;
96 1 : spdm_context->connection_info.algorithm.measurement_spec =
97 : m_libspdm_use_measurement_spec;
98 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
99 : m_libspdm_use_measurement_hash_algo;
100 1 : spdm_context->connection_info.algorithm.dhe_named_group =
101 : m_libspdm_use_dhe_algo;
102 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
103 : m_libspdm_use_aead_algo;
104 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
105 : m_libspdm_use_asym_algo, &data1,
106 : &data_size1, NULL, NULL);
107 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
108 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
109 : data_size1;
110 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
111 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
112 : data_size1;
113 :
114 1 : libspdm_reset_message_a(spdm_context);
115 1 : spdm_context->local_context.mut_auth_requested = 0;
116 :
117 1 : session_id = 0xFFFFFFFF;
118 1 : spdm_context->latest_session_id = session_id;
119 1 : spdm_context->last_spdm_request_session_id_valid = true;
120 1 : spdm_context->last_spdm_request_session_id = session_id;
121 1 : session_info = &spdm_context->session_info[0];
122 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
123 1 : libspdm_session_info_set_psk_hint(session_info,
124 : LIBSPDM_TEST_PSK_HINT_STRING,
125 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
126 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
127 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
128 1 : libspdm_secured_message_set_request_finished_key(
129 : session_info->secured_message_context, m_libspdm_dummy_buffer,
130 : hash_size);
131 1 : libspdm_secured_message_set_session_state(
132 : session_info->secured_message_context,
133 : LIBSPDM_SESSION_STATE_HANDSHAKING);
134 :
135 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
136 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
137 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
138 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
139 : /* transcript.message_a size is 0
140 : * session_transcript.message_k is 0*/
141 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
142 : sizeof(spdm_psk_finish_request_t));
143 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
144 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
145 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
146 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
147 : request_finished_key, hash_size, ptr);
148 1 : m_libspdm_psk_finish_request1_size =
149 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
150 1 : response_size = sizeof(response);
151 1 : status = libspdm_get_response_psk_finish(spdm_context,
152 : m_libspdm_psk_finish_request1_size,
153 : &m_libspdm_psk_finish_request1,
154 : &response_size, response);
155 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
156 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t));
157 1 : spdm_response = (void *)response;
158 1 : assert_int_equal(spdm_response->header.request_response_code,
159 : SPDM_PSK_FINISH_RSP);
160 1 : free(data1);
161 1 : }
162 :
163 : /**
164 : * Test 2: receiving a PSK_FINISH message larger than specified.
165 : * Expected behavior: the responder refuses the PSK_FINISH message and
166 : * produces an ERROR message indicating the InvalidRequest.
167 : **/
168 1 : void libspdm_test_responder_psk_finish_case2(void **state)
169 : {
170 : libspdm_return_t status;
171 : libspdm_test_context_t *spdm_test_context;
172 : libspdm_context_t *spdm_context;
173 : size_t response_size;
174 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
175 : spdm_psk_finish_response_t *spdm_response;
176 : void *data1;
177 : size_t data_size1;
178 : uint8_t *ptr;
179 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
180 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
181 : libspdm_session_info_t *session_info;
182 : uint32_t session_id;
183 : uint32_t hash_size;
184 :
185 1 : spdm_test_context = *state;
186 1 : spdm_context = spdm_test_context->spdm_context;
187 1 : spdm_test_context->case_id = 0x2;
188 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
189 : SPDM_VERSION_NUMBER_SHIFT_BIT;
190 1 : spdm_context->connection_info.connection_state =
191 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
192 1 : spdm_context->connection_info.capability.flags |=
193 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
194 1 : spdm_context->local_context.capability.flags |=
195 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
196 1 : spdm_context->connection_info.algorithm.base_hash_algo =
197 : m_libspdm_use_hash_algo;
198 1 : spdm_context->connection_info.algorithm.base_asym_algo =
199 : m_libspdm_use_asym_algo;
200 1 : spdm_context->connection_info.algorithm.measurement_spec =
201 : m_libspdm_use_measurement_spec;
202 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
203 : m_libspdm_use_measurement_hash_algo;
204 1 : spdm_context->connection_info.algorithm.dhe_named_group =
205 : m_libspdm_use_dhe_algo;
206 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
207 : m_libspdm_use_aead_algo;
208 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
209 : m_libspdm_use_asym_algo, &data1,
210 : &data_size1, NULL, NULL);
211 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
212 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
213 : data_size1;
214 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
215 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
216 : data_size1;
217 :
218 1 : libspdm_reset_message_a(spdm_context);
219 1 : spdm_context->local_context.mut_auth_requested = 0;
220 :
221 1 : session_id = 0xFFFFFFFF;
222 1 : spdm_context->latest_session_id = session_id;
223 1 : spdm_context->last_spdm_request_session_id_valid = true;
224 1 : spdm_context->last_spdm_request_session_id = session_id;
225 1 : session_info = &spdm_context->session_info[0];
226 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
227 1 : libspdm_session_info_set_psk_hint(session_info,
228 : LIBSPDM_TEST_PSK_HINT_STRING,
229 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
230 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
231 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
232 1 : libspdm_secured_message_set_request_finished_key(
233 : session_info->secured_message_context, m_libspdm_dummy_buffer,
234 : hash_size);
235 1 : libspdm_secured_message_set_session_state(
236 : session_info->secured_message_context,
237 : LIBSPDM_SESSION_STATE_HANDSHAKING);
238 :
239 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
240 1 : ptr = m_libspdm_psk_finish_request2.verify_data;
241 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
242 : /* transcript.message_a size is 0
243 : * session_transcript.message_k is 0*/
244 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request2,
245 : sizeof(spdm_psk_finish_request_t));
246 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
247 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
248 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
249 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
250 : request_finished_key, hash_size, ptr);
251 1 : response_size = sizeof(response);
252 1 : status = libspdm_get_response_psk_finish(spdm_context,
253 : m_libspdm_psk_finish_request2_size,
254 : &m_libspdm_psk_finish_request2,
255 : &response_size, response);
256 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
257 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
258 1 : spdm_response = (void *)response;
259 1 : assert_int_equal(spdm_response->header.request_response_code,
260 : SPDM_ERROR);
261 1 : assert_int_equal(spdm_response->header.param1,
262 : SPDM_ERROR_CODE_INVALID_REQUEST);
263 1 : assert_int_equal(spdm_response->header.param2, 0);
264 1 : free(data1);
265 1 : }
266 :
267 : /**
268 : * Test 3: receiving a correct PSK_FINISH from the requester, but the
269 : * responder is in a Busy state.
270 : * Expected behavior: the responder accepts the request, but produces an
271 : * ERROR message indicating the Busy state.
272 : **/
273 1 : void libspdm_test_responder_psk_finish_case3(void **state)
274 : {
275 : libspdm_return_t status;
276 : libspdm_test_context_t *spdm_test_context;
277 : libspdm_context_t *spdm_context;
278 : size_t response_size;
279 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
280 : spdm_psk_finish_response_t *spdm_response;
281 : void *data1;
282 : size_t data_size1;
283 : uint8_t *ptr;
284 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
285 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
286 : libspdm_session_info_t *session_info;
287 : uint32_t session_id;
288 : uint32_t hash_size;
289 : uint32_t hmac_size;
290 :
291 1 : spdm_test_context = *state;
292 1 : spdm_context = spdm_test_context->spdm_context;
293 1 : spdm_test_context->case_id = 0x3;
294 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
295 : SPDM_VERSION_NUMBER_SHIFT_BIT;
296 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
297 1 : spdm_context->connection_info.connection_state =
298 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
299 1 : spdm_context->connection_info.capability.flags |=
300 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
301 1 : spdm_context->local_context.capability.flags |=
302 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
303 1 : spdm_context->connection_info.algorithm.base_hash_algo =
304 : m_libspdm_use_hash_algo;
305 1 : spdm_context->connection_info.algorithm.base_asym_algo =
306 : m_libspdm_use_asym_algo;
307 1 : spdm_context->connection_info.algorithm.measurement_spec =
308 : m_libspdm_use_measurement_spec;
309 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
310 : m_libspdm_use_measurement_hash_algo;
311 1 : spdm_context->connection_info.algorithm.dhe_named_group =
312 : m_libspdm_use_dhe_algo;
313 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
314 : m_libspdm_use_aead_algo;
315 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
316 : m_libspdm_use_asym_algo, &data1,
317 : &data_size1, NULL, NULL);
318 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
319 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
320 : data_size1;
321 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
322 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
323 : data_size1;
324 :
325 1 : libspdm_reset_message_a(spdm_context);
326 1 : spdm_context->local_context.mut_auth_requested = 0;
327 :
328 1 : session_id = 0xFFFFFFFF;
329 1 : spdm_context->latest_session_id = session_id;
330 1 : spdm_context->last_spdm_request_session_id_valid = true;
331 1 : spdm_context->last_spdm_request_session_id = session_id;
332 1 : session_info = &spdm_context->session_info[0];
333 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
334 1 : libspdm_session_info_set_psk_hint(session_info,
335 : LIBSPDM_TEST_PSK_HINT_STRING,
336 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
337 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
338 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
339 1 : libspdm_secured_message_set_request_finished_key(
340 : session_info->secured_message_context, m_libspdm_dummy_buffer,
341 : hash_size);
342 1 : libspdm_secured_message_set_session_state(
343 : session_info->secured_message_context,
344 : LIBSPDM_SESSION_STATE_HANDSHAKING);
345 :
346 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
347 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
348 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
349 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
350 : /* transcript.message_a size is 0
351 : * session_transcript.message_k is 0*/
352 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
353 : sizeof(spdm_psk_finish_request_t));
354 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
355 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
356 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
357 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
358 : request_finished_key, hash_size, ptr);
359 1 : m_libspdm_psk_finish_request1_size =
360 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
361 1 : response_size = sizeof(response);
362 1 : status = libspdm_get_response_psk_finish(spdm_context,
363 : m_libspdm_psk_finish_request1_size,
364 : &m_libspdm_psk_finish_request1,
365 : &response_size, response);
366 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
367 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
368 1 : spdm_response = (void *)response;
369 1 : assert_int_equal(spdm_response->header.request_response_code,
370 : SPDM_ERROR);
371 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
372 1 : assert_int_equal(spdm_response->header.param2, 0);
373 1 : assert_int_equal(spdm_context->response_state,
374 : LIBSPDM_RESPONSE_STATE_BUSY);
375 1 : free(data1);
376 1 : }
377 :
378 : /**
379 : * Test 4: receiving a correct PSK_FINISH from the requester, but the
380 : * responder requires resynchronization with the requester.
381 : * Expected behavior: the responder accepts the request, but produces an
382 : * ERROR message indicating the NeedResynch state.
383 : **/
384 1 : void libspdm_test_responder_psk_finish_case4(void **state)
385 : {
386 : libspdm_return_t status;
387 : libspdm_test_context_t *spdm_test_context;
388 : libspdm_context_t *spdm_context;
389 : size_t response_size;
390 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
391 : spdm_psk_finish_response_t *spdm_response;
392 : void *data1;
393 : size_t data_size1;
394 : uint8_t *ptr;
395 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
396 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
397 : libspdm_session_info_t *session_info;
398 : uint32_t session_id;
399 : uint32_t hash_size;
400 : uint32_t hmac_size;
401 :
402 1 : spdm_test_context = *state;
403 1 : spdm_context = spdm_test_context->spdm_context;
404 1 : spdm_test_context->case_id = 0x4;
405 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
406 : SPDM_VERSION_NUMBER_SHIFT_BIT;
407 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
408 1 : spdm_context->connection_info.connection_state =
409 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
410 1 : spdm_context->connection_info.capability.flags |=
411 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
412 1 : spdm_context->local_context.capability.flags |=
413 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
414 1 : spdm_context->connection_info.algorithm.base_hash_algo =
415 : m_libspdm_use_hash_algo;
416 1 : spdm_context->connection_info.algorithm.base_asym_algo =
417 : m_libspdm_use_asym_algo;
418 1 : spdm_context->connection_info.algorithm.measurement_spec =
419 : m_libspdm_use_measurement_spec;
420 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
421 : m_libspdm_use_measurement_hash_algo;
422 1 : spdm_context->connection_info.algorithm.dhe_named_group =
423 : m_libspdm_use_dhe_algo;
424 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
425 : m_libspdm_use_aead_algo;
426 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
427 : m_libspdm_use_asym_algo, &data1,
428 : &data_size1, NULL, NULL);
429 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
430 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
431 : data_size1;
432 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
433 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
434 : data_size1;
435 :
436 1 : libspdm_reset_message_a(spdm_context);
437 1 : spdm_context->local_context.mut_auth_requested = 0;
438 :
439 1 : session_id = 0xFFFFFFFF;
440 1 : spdm_context->latest_session_id = session_id;
441 1 : spdm_context->last_spdm_request_session_id_valid = true;
442 1 : spdm_context->last_spdm_request_session_id = session_id;
443 1 : session_info = &spdm_context->session_info[0];
444 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
445 1 : libspdm_session_info_set_psk_hint(session_info,
446 : LIBSPDM_TEST_PSK_HINT_STRING,
447 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
448 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
449 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
450 1 : libspdm_secured_message_set_request_finished_key(
451 : session_info->secured_message_context, m_libspdm_dummy_buffer,
452 : hash_size);
453 1 : libspdm_secured_message_set_session_state(
454 : session_info->secured_message_context,
455 : LIBSPDM_SESSION_STATE_HANDSHAKING);
456 :
457 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
458 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
459 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
460 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
461 : /* transcript.message_a size is 0
462 : * session_transcript.message_k is 0*/
463 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
464 : sizeof(spdm_psk_finish_request_t));
465 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
466 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
467 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
468 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
469 : request_finished_key, hash_size, ptr);
470 1 : m_libspdm_psk_finish_request1_size =
471 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
472 1 : response_size = sizeof(response);
473 1 : status = libspdm_get_response_psk_finish(spdm_context,
474 : m_libspdm_psk_finish_request1_size,
475 : &m_libspdm_psk_finish_request1,
476 : &response_size, response);
477 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
478 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
479 1 : spdm_response = (void *)response;
480 1 : assert_int_equal(spdm_response->header.request_response_code,
481 : SPDM_ERROR);
482 1 : assert_int_equal(spdm_response->header.param1,
483 : SPDM_ERROR_CODE_REQUEST_RESYNCH);
484 1 : assert_int_equal(spdm_response->header.param2, 0);
485 1 : assert_int_equal(spdm_context->response_state,
486 : LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
487 1 : free(data1);
488 1 : }
489 :
490 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
491 : /**
492 : * Test 5: receiving a correct PSK_FINISH from the requester, but the
493 : * responder could not produce the response in time.
494 : * Expected behavior: the responder accepts the request, but produces an
495 : * ERROR message indicating the ResponseNotReady state.
496 : **/
497 1 : void libspdm_test_responder_psk_finish_case5(void **state)
498 : {
499 : libspdm_return_t status;
500 : libspdm_test_context_t *spdm_test_context;
501 : libspdm_context_t *spdm_context;
502 : size_t response_size;
503 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
504 : spdm_psk_finish_response_t *spdm_response;
505 : void *data1;
506 : size_t data_size1;
507 : uint8_t *ptr;
508 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
509 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
510 : libspdm_session_info_t *session_info;
511 : uint32_t session_id;
512 : uint32_t hash_size;
513 : uint32_t hmac_size;
514 : spdm_error_data_response_not_ready_t *error_data;
515 :
516 1 : spdm_test_context = *state;
517 1 : spdm_context = spdm_test_context->spdm_context;
518 1 : spdm_test_context->case_id = 0x5;
519 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
520 : SPDM_VERSION_NUMBER_SHIFT_BIT;
521 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
522 1 : spdm_context->connection_info.connection_state =
523 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
524 1 : spdm_context->connection_info.capability.flags |=
525 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
526 1 : spdm_context->local_context.capability.flags |=
527 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
528 1 : spdm_context->connection_info.algorithm.base_hash_algo =
529 : m_libspdm_use_hash_algo;
530 1 : spdm_context->connection_info.algorithm.base_asym_algo =
531 : m_libspdm_use_asym_algo;
532 1 : spdm_context->connection_info.algorithm.measurement_spec =
533 : m_libspdm_use_measurement_spec;
534 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
535 : m_libspdm_use_measurement_hash_algo;
536 1 : spdm_context->connection_info.algorithm.dhe_named_group =
537 : m_libspdm_use_dhe_algo;
538 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
539 : m_libspdm_use_aead_algo;
540 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
541 : m_libspdm_use_asym_algo, &data1,
542 : &data_size1, NULL, NULL);
543 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
544 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
545 : data_size1;
546 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
547 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
548 : data_size1;
549 :
550 1 : libspdm_reset_message_a(spdm_context);
551 1 : spdm_context->local_context.mut_auth_requested = 0;
552 :
553 1 : session_id = 0xFFFFFFFF;
554 1 : spdm_context->latest_session_id = session_id;
555 1 : spdm_context->last_spdm_request_session_id_valid = true;
556 1 : spdm_context->last_spdm_request_session_id = session_id;
557 1 : session_info = &spdm_context->session_info[0];
558 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
559 1 : libspdm_session_info_set_psk_hint(session_info,
560 : LIBSPDM_TEST_PSK_HINT_STRING,
561 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
562 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
563 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
564 1 : libspdm_secured_message_set_request_finished_key(
565 : session_info->secured_message_context, m_libspdm_dummy_buffer,
566 : hash_size);
567 1 : libspdm_secured_message_set_session_state(
568 : session_info->secured_message_context,
569 : LIBSPDM_SESSION_STATE_HANDSHAKING);
570 :
571 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
572 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
573 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
574 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
575 : /* transcript.message_a size is 0
576 : * session_transcript.message_k is 0*/
577 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
578 : sizeof(spdm_psk_finish_request_t));
579 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
580 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
581 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
582 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
583 : request_finished_key, hash_size, ptr);
584 1 : m_libspdm_psk_finish_request1_size =
585 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
586 1 : response_size = sizeof(response);
587 1 : status = libspdm_get_response_psk_finish(spdm_context,
588 : m_libspdm_psk_finish_request1_size,
589 : &m_libspdm_psk_finish_request1,
590 : &response_size, response);
591 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
592 1 : assert_int_equal(response_size,
593 : sizeof(spdm_error_response_t) +
594 : sizeof(spdm_error_data_response_not_ready_t));
595 1 : spdm_response = (void *)response;
596 1 : error_data =
597 : (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
598 1 : assert_int_equal(spdm_response->header.request_response_code,
599 : SPDM_ERROR);
600 1 : assert_int_equal(spdm_response->header.param1,
601 : SPDM_ERROR_CODE_RESPONSE_NOT_READY);
602 1 : assert_int_equal(spdm_response->header.param2, 0);
603 1 : assert_int_equal(spdm_context->response_state,
604 : LIBSPDM_RESPONSE_STATE_NOT_READY);
605 1 : assert_int_equal(error_data->request_code, SPDM_PSK_FINISH);
606 1 : free(data1);
607 1 : }
608 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
609 :
610 : /**
611 : * Test 6: receiving a correct PSK_FINISH from the requester, but the
612 : * responder is not set no receive a PSK-FINISH message because previous
613 : * messages (namely, GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or
614 : * GET_DIGESTS) have not been received.
615 : * Expected behavior: the responder rejects the request, and produces an
616 : * ERROR message indicating the UnexpectedRequest.
617 : **/
618 1 : void libspdm_test_responder_psk_finish_case6(void **state)
619 : {
620 : libspdm_return_t status;
621 : libspdm_test_context_t *spdm_test_context;
622 : libspdm_context_t *spdm_context;
623 : size_t response_size;
624 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
625 : spdm_psk_finish_response_t *spdm_response;
626 : void *data1;
627 : size_t data_size1;
628 : uint8_t *ptr;
629 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
630 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
631 : libspdm_session_info_t *session_info;
632 : uint32_t session_id;
633 : uint32_t hash_size;
634 : uint32_t hmac_size;
635 :
636 1 : spdm_test_context = *state;
637 1 : spdm_context = spdm_test_context->spdm_context;
638 1 : spdm_test_context->case_id = 0x6;
639 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
640 : SPDM_VERSION_NUMBER_SHIFT_BIT;
641 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
642 1 : spdm_context->connection_info.connection_state =
643 : LIBSPDM_CONNECTION_STATE_NOT_STARTED;
644 1 : spdm_context->connection_info.capability.flags |=
645 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
646 1 : spdm_context->local_context.capability.flags |=
647 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
648 1 : spdm_context->connection_info.algorithm.base_hash_algo =
649 : m_libspdm_use_hash_algo;
650 1 : spdm_context->connection_info.algorithm.base_asym_algo =
651 : m_libspdm_use_asym_algo;
652 1 : spdm_context->connection_info.algorithm.measurement_spec =
653 : m_libspdm_use_measurement_spec;
654 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
655 : m_libspdm_use_measurement_hash_algo;
656 1 : spdm_context->connection_info.algorithm.dhe_named_group =
657 : m_libspdm_use_dhe_algo;
658 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
659 : m_libspdm_use_aead_algo;
660 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
661 : m_libspdm_use_asym_algo, &data1,
662 : &data_size1, NULL, NULL);
663 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
664 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
665 : data_size1;
666 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
667 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
668 : data_size1;
669 :
670 1 : libspdm_reset_message_a(spdm_context);
671 1 : spdm_context->local_context.mut_auth_requested = 0;
672 :
673 1 : session_id = 0xFFFFFFFF;
674 1 : spdm_context->latest_session_id = session_id;
675 1 : spdm_context->last_spdm_request_session_id_valid = true;
676 1 : spdm_context->last_spdm_request_session_id = session_id;
677 1 : session_info = &spdm_context->session_info[0];
678 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
679 1 : libspdm_session_info_set_psk_hint(session_info,
680 : LIBSPDM_TEST_PSK_HINT_STRING,
681 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
682 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
683 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
684 1 : libspdm_secured_message_set_request_finished_key(
685 : session_info->secured_message_context, m_libspdm_dummy_buffer,
686 : hash_size);
687 1 : libspdm_secured_message_set_session_state(
688 : session_info->secured_message_context,
689 : LIBSPDM_SESSION_STATE_HANDSHAKING);
690 :
691 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
692 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
693 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
694 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
695 : /* transcript.message_a size is 0
696 : * session_transcript.message_k is 0*/
697 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
698 : sizeof(spdm_psk_finish_request_t));
699 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
700 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
701 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
702 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
703 : request_finished_key, hash_size, ptr);
704 1 : m_libspdm_psk_finish_request1_size =
705 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
706 1 : response_size = sizeof(response);
707 1 : status = libspdm_get_response_psk_finish(spdm_context,
708 : m_libspdm_psk_finish_request1_size,
709 : &m_libspdm_psk_finish_request1,
710 : &response_size, response);
711 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
712 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
713 1 : spdm_response = (void *)response;
714 1 : assert_int_equal(spdm_response->header.request_response_code,
715 : SPDM_ERROR);
716 1 : assert_int_equal(spdm_response->header.param1,
717 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
718 1 : assert_int_equal(spdm_response->header.param2, 0);
719 1 : free(data1);
720 1 : }
721 :
722 1 : void libspdm_test_responder_psk_finish_case7(void **state)
723 : {
724 : libspdm_return_t status;
725 : libspdm_test_context_t *spdm_test_context;
726 : libspdm_context_t *spdm_context;
727 : size_t response_size;
728 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
729 : spdm_psk_finish_response_t *spdm_response;
730 : void *data1;
731 : size_t data_size1;
732 : uint8_t *ptr;
733 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
734 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
735 : libspdm_session_info_t *session_info;
736 : uint32_t session_id;
737 : uint32_t hash_size;
738 : uint32_t hmac_size;
739 :
740 1 : spdm_test_context = *state;
741 1 : spdm_context = spdm_test_context->spdm_context;
742 1 : spdm_test_context->case_id = 0x7;
743 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
744 : SPDM_VERSION_NUMBER_SHIFT_BIT;
745 1 : spdm_context->connection_info.connection_state =
746 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
747 1 : spdm_context->connection_info.capability.flags |=
748 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
749 1 : spdm_context->local_context.capability.flags |=
750 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
751 1 : spdm_context->connection_info.algorithm.base_hash_algo =
752 : m_libspdm_use_hash_algo;
753 1 : spdm_context->connection_info.algorithm.base_asym_algo =
754 : m_libspdm_use_asym_algo;
755 1 : spdm_context->connection_info.algorithm.measurement_spec =
756 : m_libspdm_use_measurement_spec;
757 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
758 : m_libspdm_use_measurement_hash_algo;
759 1 : spdm_context->connection_info.algorithm.dhe_named_group =
760 : m_libspdm_use_dhe_algo;
761 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
762 : m_libspdm_use_aead_algo;
763 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
764 : m_libspdm_use_asym_algo, &data1,
765 : &data_size1, NULL, NULL);
766 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
767 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
768 : data_size1;
769 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
770 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
771 : data_size1;
772 :
773 1 : libspdm_reset_message_a(spdm_context);
774 1 : spdm_context->local_context.mut_auth_requested = 0;
775 :
776 1 : session_id = 0xFFFFFFFF;
777 1 : spdm_context->latest_session_id = session_id;
778 1 : spdm_context->last_spdm_request_session_id_valid = true;
779 1 : spdm_context->last_spdm_request_session_id = session_id;
780 1 : session_info = &spdm_context->session_info[0];
781 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
782 1 : libspdm_session_info_set_psk_hint(session_info,
783 : LIBSPDM_TEST_PSK_HINT_STRING,
784 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
785 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
786 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
787 1 : libspdm_secured_message_set_request_finished_key(
788 : session_info->secured_message_context, m_libspdm_dummy_buffer,
789 : hash_size);
790 1 : libspdm_secured_message_set_session_state(
791 : session_info->secured_message_context,
792 : LIBSPDM_SESSION_STATE_HANDSHAKING);
793 :
794 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
795 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
796 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
797 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
798 : /* transcript.message_a size is 0
799 : * session_transcript.message_k is 0*/
800 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
801 : sizeof(spdm_psk_finish_request_t));
802 :
803 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
804 : session_info->session_transcript.message_m.buffer_size =
805 : session_info->session_transcript.message_m.max_buffer_size;
806 : spdm_context->transcript.message_b.buffer_size =
807 : spdm_context->transcript.message_b.max_buffer_size;
808 : spdm_context->transcript.message_c.buffer_size =
809 : spdm_context->transcript.message_c.max_buffer_size;
810 : spdm_context->transcript.message_mut_b.buffer_size =
811 : spdm_context->transcript.message_mut_b.max_buffer_size;
812 : spdm_context->transcript.message_mut_c.buffer_size =
813 : spdm_context->transcript.message_mut_c.max_buffer_size;
814 : #endif
815 :
816 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
817 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
818 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
819 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
820 : request_finished_key, hash_size, ptr);
821 1 : m_libspdm_psk_finish_request1_size =
822 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
823 1 : response_size = sizeof(response);
824 1 : status = libspdm_get_response_psk_finish(spdm_context,
825 : m_libspdm_psk_finish_request1_size,
826 : &m_libspdm_psk_finish_request1,
827 : &response_size, response);
828 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
829 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t));
830 1 : spdm_response = (void *)response;
831 1 : assert_int_equal(spdm_response->header.request_response_code,
832 : SPDM_PSK_FINISH_RSP);
833 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
834 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
835 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
836 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
837 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
838 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
839 : #endif
840 :
841 1 : free(data1);
842 1 : }
843 :
844 : /**
845 : * Test 8: receiving a correct PSK_FINISH message from the requester, but
846 : * the responder has no capabilities for pre-shared keys.
847 : * Expected behavior: the responder refuses the PSK_FINISH message and
848 : * produces an ERROR message indicating the UnsupportedRequest.
849 : **/
850 1 : void libspdm_test_responder_psk_finish_case8(void **state)
851 : {
852 : libspdm_return_t status;
853 : libspdm_test_context_t *spdm_test_context;
854 : libspdm_context_t *spdm_context;
855 : size_t response_size;
856 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
857 : spdm_psk_finish_response_t *spdm_response;
858 : void *data1;
859 : size_t data_size1;
860 : uint8_t *ptr;
861 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
862 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
863 : libspdm_session_info_t *session_info;
864 : uint32_t session_id;
865 : uint32_t hash_size;
866 : uint32_t hmac_size;
867 :
868 1 : spdm_test_context = *state;
869 1 : spdm_context = spdm_test_context->spdm_context;
870 1 : spdm_test_context->case_id = 0x8;
871 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
872 : SPDM_VERSION_NUMBER_SHIFT_BIT;
873 1 : spdm_context->connection_info.connection_state =
874 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
875 1 : spdm_context->connection_info.capability.flags &=
876 : ~(SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP);
877 1 : spdm_context->local_context.capability.flags &=
878 : ~(SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP);
879 1 : spdm_context->connection_info.algorithm.base_hash_algo =
880 : m_libspdm_use_hash_algo;
881 1 : spdm_context->connection_info.algorithm.base_asym_algo =
882 : m_libspdm_use_asym_algo;
883 1 : spdm_context->connection_info.algorithm.measurement_spec =
884 : m_libspdm_use_measurement_spec;
885 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
886 : m_libspdm_use_measurement_hash_algo;
887 1 : spdm_context->connection_info.algorithm.dhe_named_group =
888 : m_libspdm_use_dhe_algo;
889 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
890 : m_libspdm_use_aead_algo;
891 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
892 : m_libspdm_use_asym_algo, &data1,
893 : &data_size1, NULL, NULL);
894 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
895 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
896 : data_size1;
897 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
898 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
899 : data_size1;
900 :
901 1 : spdm_context->transcript.message_a.buffer_size = 0;
902 1 : spdm_context->local_context.mut_auth_requested = 0;
903 :
904 1 : session_id = 0xFFFFFFFF;
905 1 : spdm_context->latest_session_id = session_id;
906 1 : spdm_context->last_spdm_request_session_id_valid = true;
907 1 : spdm_context->last_spdm_request_session_id = session_id;
908 1 : session_info = &spdm_context->session_info[0];
909 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
910 1 : libspdm_session_info_set_psk_hint(session_info,
911 : LIBSPDM_TEST_PSK_HINT_STRING,
912 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
913 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
914 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
915 1 : libspdm_secured_message_set_request_finished_key(
916 : session_info->secured_message_context, m_libspdm_dummy_buffer,
917 : hash_size);
918 1 : libspdm_secured_message_set_session_state(
919 : session_info->secured_message_context,
920 : LIBSPDM_SESSION_STATE_HANDSHAKING);
921 :
922 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
923 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
924 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
925 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
926 : /* transcript.message_a size is 0
927 : * session_transcript.message_k is 0*/
928 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
929 : sizeof(spdm_psk_finish_request_t));
930 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
931 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
932 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
933 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
934 : request_finished_key, hash_size, ptr);
935 1 : m_libspdm_psk_finish_request1_size =
936 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
937 1 : response_size = sizeof(response);
938 1 : status = libspdm_get_response_psk_finish(spdm_context,
939 : m_libspdm_psk_finish_request1_size,
940 : &m_libspdm_psk_finish_request1,
941 : &response_size, response);
942 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
943 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
944 1 : spdm_response = (void *)response;
945 1 : assert_int_equal(spdm_response->header.request_response_code,
946 : SPDM_ERROR);
947 1 : assert_int_equal(spdm_response->header.param1,
948 : SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
949 1 : assert_int_equal(spdm_response->header.param2, SPDM_PSK_FINISH);
950 1 : free(data1);
951 1 : }
952 :
953 : /**
954 : * Test 9: receiving a correct PSK_FINISH message from the requester, but
955 : * the responder is not correctly setup by not initializing a session during
956 : * PSK_EXCHANGE.
957 : * Expected behavior: the responder refuses the PSK_FINISH message and
958 : * produces an ERROR message indicating the InvalidRequest.
959 : **/
960 1 : void libspdm_test_responder_psk_finish_case9(void **state)
961 : {
962 : libspdm_return_t status;
963 : libspdm_test_context_t *spdm_test_context;
964 : libspdm_context_t *spdm_context;
965 : size_t response_size;
966 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
967 : spdm_psk_finish_response_t *spdm_response;
968 : void *data1;
969 : size_t data_size1;
970 : uint8_t *ptr;
971 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
972 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
973 : libspdm_session_info_t *session_info;
974 : uint32_t session_id;
975 : uint32_t hash_size;
976 : uint32_t hmac_size;
977 :
978 1 : spdm_test_context = *state;
979 1 : spdm_context = spdm_test_context->spdm_context;
980 1 : spdm_test_context->case_id = 0x9;
981 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
982 : SPDM_VERSION_NUMBER_SHIFT_BIT;
983 1 : spdm_context->connection_info.connection_state =
984 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
985 1 : spdm_context->connection_info.capability.flags |=
986 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
987 1 : spdm_context->local_context.capability.flags |=
988 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
989 1 : spdm_context->connection_info.algorithm.base_hash_algo =
990 : m_libspdm_use_hash_algo;
991 1 : spdm_context->connection_info.algorithm.base_asym_algo =
992 : m_libspdm_use_asym_algo;
993 1 : spdm_context->connection_info.algorithm.measurement_spec =
994 : m_libspdm_use_measurement_spec;
995 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
996 : m_libspdm_use_measurement_hash_algo;
997 1 : spdm_context->connection_info.algorithm.dhe_named_group =
998 : m_libspdm_use_dhe_algo;
999 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1000 : m_libspdm_use_aead_algo;
1001 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1002 : m_libspdm_use_asym_algo, &data1,
1003 : &data_size1, NULL, NULL);
1004 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1005 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1006 : data_size1;
1007 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1008 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1009 : data_size1;
1010 :
1011 1 : spdm_context->transcript.message_a.buffer_size = 0;
1012 1 : spdm_context->local_context.mut_auth_requested = 0;
1013 :
1014 1 : session_id = 0xFFFFFFFF;
1015 1 : spdm_context->latest_session_id = session_id;
1016 1 : spdm_context->last_spdm_request_session_id_valid = true;
1017 1 : spdm_context->last_spdm_request_session_id = session_id;
1018 1 : session_info = &spdm_context->session_info[0];
1019 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
1020 1 : libspdm_session_info_set_psk_hint(session_info,
1021 : LIBSPDM_TEST_PSK_HINT_STRING,
1022 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1023 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1024 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1025 1 : libspdm_secured_message_set_request_finished_key(
1026 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1027 : hash_size);
1028 1 : libspdm_secured_message_set_session_state(
1029 : session_info->secured_message_context,
1030 : LIBSPDM_SESSION_STATE_NOT_STARTED);
1031 :
1032 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1033 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1034 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1035 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1036 : /* transcript.message_a size is 0
1037 : * session_transcript.message_k is 0*/
1038 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1039 : sizeof(spdm_psk_finish_request_t));
1040 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1041 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1042 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1043 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1044 : request_finished_key, hash_size, ptr);
1045 1 : m_libspdm_psk_finish_request1_size =
1046 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
1047 1 : response_size = sizeof(response);
1048 1 : status = libspdm_get_response_psk_finish(spdm_context,
1049 : m_libspdm_psk_finish_request1_size,
1050 : &m_libspdm_psk_finish_request1,
1051 : &response_size, response);
1052 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1053 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1054 1 : spdm_response = (void *)response;
1055 1 : assert_int_equal(spdm_response->header.request_response_code,
1056 : SPDM_ERROR);
1057 1 : assert_int_equal(spdm_response->header.param1,
1058 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
1059 1 : assert_int_equal(spdm_response->header.param2, 0);
1060 1 : free(data1);
1061 1 : }
1062 :
1063 : /**
1064 : * Test 10: receiving a PSK_FINISH message from the requester with an
1065 : * incorrect MAC (all-zero).
1066 : * Expected behavior: the responder refuses the PSK_FINISH message and
1067 : * produces an ERROR message indicating the DecryptError.
1068 : **/
1069 1 : void libspdm_test_responder_psk_finish_case10(void **state)
1070 : {
1071 : libspdm_return_t status;
1072 : libspdm_test_context_t *spdm_test_context;
1073 : libspdm_context_t *spdm_context;
1074 : size_t response_size;
1075 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1076 : spdm_psk_finish_response_t *spdm_response;
1077 : void *data1;
1078 : size_t data_size1;
1079 : uint8_t *ptr;
1080 : libspdm_session_info_t *session_info;
1081 : uint32_t session_id;
1082 : uint32_t hash_size;
1083 : uint32_t hmac_size;
1084 :
1085 1 : spdm_test_context = *state;
1086 1 : spdm_context = spdm_test_context->spdm_context;
1087 1 : spdm_test_context->case_id = 0xA;
1088 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1089 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1090 1 : spdm_context->connection_info.connection_state =
1091 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1092 1 : spdm_context->connection_info.capability.flags |=
1093 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1094 1 : spdm_context->local_context.capability.flags |=
1095 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1096 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1097 : m_libspdm_use_hash_algo;
1098 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1099 : m_libspdm_use_asym_algo;
1100 1 : spdm_context->connection_info.algorithm.measurement_spec =
1101 : m_libspdm_use_measurement_spec;
1102 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1103 : m_libspdm_use_measurement_hash_algo;
1104 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1105 : m_libspdm_use_dhe_algo;
1106 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1107 : m_libspdm_use_aead_algo;
1108 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1109 : m_libspdm_use_asym_algo, &data1,
1110 : &data_size1, NULL, NULL);
1111 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1112 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1113 : data_size1;
1114 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1115 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1116 : data_size1;
1117 :
1118 1 : spdm_context->transcript.message_a.buffer_size = 0;
1119 1 : spdm_context->local_context.mut_auth_requested = 0;
1120 :
1121 1 : session_id = 0xFFFFFFFF;
1122 1 : spdm_context->latest_session_id = session_id;
1123 1 : spdm_context->last_spdm_request_session_id_valid = true;
1124 1 : spdm_context->last_spdm_request_session_id = session_id;
1125 1 : session_info = &spdm_context->session_info[0];
1126 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
1127 1 : libspdm_session_info_set_psk_hint(session_info,
1128 : LIBSPDM_TEST_PSK_HINT_STRING,
1129 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1130 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1131 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1132 1 : libspdm_secured_message_set_request_finished_key(
1133 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1134 : hash_size);
1135 1 : libspdm_secured_message_set_session_state(
1136 : session_info->secured_message_context,
1137 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1138 :
1139 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1140 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1141 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1142 1 : libspdm_set_mem(ptr, hmac_size, (uint8_t)(0x00)); /*all-zero MAC*/
1143 1 : m_libspdm_psk_finish_request1_size =
1144 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
1145 1 : response_size = sizeof(response);
1146 1 : status = libspdm_get_response_psk_finish(spdm_context,
1147 : m_libspdm_psk_finish_request1_size,
1148 : &m_libspdm_psk_finish_request1,
1149 : &response_size, response);
1150 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1151 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1152 1 : spdm_response = (void *)response;
1153 1 : assert_int_equal(spdm_response->header.request_response_code,
1154 : SPDM_ERROR);
1155 1 : assert_int_equal(spdm_response->header.param1,
1156 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1157 1 : assert_int_equal(spdm_response->header.param2, 0);
1158 1 : free(data1);
1159 1 : }
1160 :
1161 : /**
1162 : * Test 11: receiving a PSK_FINISH message from the requester with an
1163 : * incorrect MAC (arbitrary).
1164 : * Expected behavior: the responder refuses the PSK_FINISH message and
1165 : * produces an ERROR message indicating the DecryptError.
1166 : **/
1167 1 : void libspdm_test_responder_psk_finish_case11(void **state)
1168 : {
1169 : libspdm_return_t status;
1170 : libspdm_test_context_t *spdm_test_context;
1171 : libspdm_context_t *spdm_context;
1172 : size_t response_size;
1173 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1174 : spdm_psk_finish_response_t *spdm_response;
1175 : void *data1;
1176 : size_t data_size1;
1177 : uint8_t *ptr;
1178 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1179 : uint8_t zero_data[LIBSPDM_MAX_HASH_SIZE];
1180 : libspdm_session_info_t *session_info;
1181 : uint32_t session_id;
1182 : uint32_t hash_size;
1183 : uint32_t hmac_size;
1184 :
1185 1 : spdm_test_context = *state;
1186 1 : spdm_context = spdm_test_context->spdm_context;
1187 1 : spdm_test_context->case_id = 0xB;
1188 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1189 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1190 1 : spdm_context->connection_info.connection_state =
1191 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1192 1 : spdm_context->connection_info.capability.flags |=
1193 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1194 1 : spdm_context->local_context.capability.flags |=
1195 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1196 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1197 : m_libspdm_use_hash_algo;
1198 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1199 : m_libspdm_use_asym_algo;
1200 1 : spdm_context->connection_info.algorithm.measurement_spec =
1201 : m_libspdm_use_measurement_spec;
1202 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1203 : m_libspdm_use_measurement_hash_algo;
1204 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1205 : m_libspdm_use_dhe_algo;
1206 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1207 : m_libspdm_use_aead_algo;
1208 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1209 : m_libspdm_use_asym_algo, &data1,
1210 : &data_size1, NULL, NULL);
1211 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1212 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1213 : data_size1;
1214 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1215 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1216 : data_size1;
1217 :
1218 1 : spdm_context->transcript.message_a.buffer_size = 0;
1219 1 : spdm_context->local_context.mut_auth_requested = 0;
1220 :
1221 1 : session_id = 0xFFFFFFFF;
1222 1 : spdm_context->latest_session_id = session_id;
1223 1 : spdm_context->last_spdm_request_session_id_valid = true;
1224 1 : spdm_context->last_spdm_request_session_id = session_id;
1225 1 : session_info = &spdm_context->session_info[0];
1226 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
1227 1 : libspdm_session_info_set_psk_hint(session_info,
1228 : LIBSPDM_TEST_PSK_HINT_STRING,
1229 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1230 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1231 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1232 1 : libspdm_secured_message_set_request_finished_key(
1233 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1234 : hash_size);
1235 1 : libspdm_secured_message_set_session_state(
1236 : session_info->secured_message_context,
1237 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1238 :
1239 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1240 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1241 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1242 : /*arbitrary MAC*/
1243 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1244 1 : libspdm_set_mem(zero_data, hash_size, (uint8_t)(0x00));
1245 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, zero_data, hash_size,
1246 : request_finished_key, hash_size, ptr);
1247 1 : m_libspdm_psk_finish_request1_size =
1248 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
1249 1 : response_size = sizeof(response);
1250 1 : status = libspdm_get_response_psk_finish(spdm_context,
1251 : m_libspdm_psk_finish_request1_size,
1252 : &m_libspdm_psk_finish_request1,
1253 : &response_size, response);
1254 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1255 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1256 1 : spdm_response = (void *)response;
1257 1 : assert_int_equal(spdm_response->header.request_response_code,
1258 : SPDM_ERROR);
1259 1 : assert_int_equal(spdm_response->header.param1,
1260 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1261 1 : assert_int_equal(spdm_response->header.param2, 0);
1262 1 : free(data1);
1263 1 : }
1264 :
1265 : /**
1266 : * Test 12: receiving a PSK_FINISH message from the requester with an
1267 : * incorrect MAC size (a correct MAC repeated twice).
1268 : * Expected behavior: the responder refuses the PSK_FINISH message and
1269 : * produces an ERROR message indicating the InvalidRequest.
1270 : **/
1271 1 : void libspdm_test_responder_psk_finish_case12(void **state)
1272 : {
1273 : libspdm_return_t status;
1274 : libspdm_test_context_t *spdm_test_context;
1275 : libspdm_context_t *spdm_context;
1276 : size_t response_size;
1277 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1278 : spdm_psk_finish_response_t *spdm_response;
1279 : void *data1;
1280 : size_t data_size1;
1281 : uint8_t *ptr;
1282 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1283 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1284 : libspdm_session_info_t *session_info;
1285 : uint32_t session_id;
1286 : uint32_t hash_size;
1287 : uint32_t hmac_size;
1288 :
1289 1 : spdm_test_context = *state;
1290 1 : spdm_context = spdm_test_context->spdm_context;
1291 1 : spdm_test_context->case_id = 0xC;
1292 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1293 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1294 1 : spdm_context->connection_info.connection_state =
1295 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1296 1 : spdm_context->connection_info.capability.flags |=
1297 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1298 1 : spdm_context->local_context.capability.flags |=
1299 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1300 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1301 : m_libspdm_use_hash_algo;
1302 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1303 : m_libspdm_use_asym_algo;
1304 1 : spdm_context->connection_info.algorithm.measurement_spec =
1305 : m_libspdm_use_measurement_spec;
1306 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1307 : m_libspdm_use_measurement_hash_algo;
1308 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1309 : m_libspdm_use_dhe_algo;
1310 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1311 : m_libspdm_use_aead_algo;
1312 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1313 : m_libspdm_use_asym_algo, &data1,
1314 : &data_size1, NULL, NULL);
1315 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1316 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1317 : data_size1;
1318 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1319 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1320 : data_size1;
1321 :
1322 1 : spdm_context->transcript.message_a.buffer_size = 0;
1323 1 : spdm_context->local_context.mut_auth_requested = 0;
1324 :
1325 1 : session_id = 0xFFFFFFFF;
1326 1 : spdm_context->latest_session_id = session_id;
1327 1 : spdm_context->last_spdm_request_session_id_valid = true;
1328 1 : spdm_context->last_spdm_request_session_id = session_id;
1329 1 : session_info = &spdm_context->session_info[0];
1330 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
1331 1 : libspdm_session_info_set_psk_hint(session_info,
1332 : LIBSPDM_TEST_PSK_HINT_STRING,
1333 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1334 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1335 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1336 1 : libspdm_secured_message_set_request_finished_key(
1337 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1338 : hash_size);
1339 1 : libspdm_secured_message_set_session_state(
1340 : session_info->secured_message_context,
1341 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1342 :
1343 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1344 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1345 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1346 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1347 : /* transcript.message_a size is 0
1348 : * session_transcript.message_k is 0*/
1349 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1350 : sizeof(spdm_psk_finish_request_t));
1351 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1352 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1353 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1354 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1355 : request_finished_key, hash_size, ptr);
1356 1 : libspdm_copy_mem(ptr, sizeof(m_libspdm_psk_finish_request1.verify_data),
1357 1 : ptr + hmac_size, hmac_size); /* 2x HMAC size*/
1358 1 : m_libspdm_psk_finish_request1_size =
1359 1 : sizeof(spdm_psk_finish_request_t) + 2*hmac_size;
1360 1 : response_size = sizeof(response);
1361 1 : status = libspdm_get_response_psk_finish(spdm_context,
1362 : m_libspdm_psk_finish_request1_size,
1363 : &m_libspdm_psk_finish_request1,
1364 : &response_size, response);
1365 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1366 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1367 1 : spdm_response = (void *)response;
1368 1 : assert_int_equal(spdm_response->header.request_response_code,
1369 : SPDM_ERROR);
1370 1 : assert_int_equal(spdm_response->header.param1,
1371 : SPDM_ERROR_CODE_INVALID_REQUEST);
1372 1 : assert_int_equal(spdm_response->header.param2, 0);
1373 1 : free(data1);
1374 1 : }
1375 :
1376 : /**
1377 : * Test 13: receiving a PSK_FINISH message from the requester with an
1378 : * incorrect MAC size (only the correct first half of the MAC).
1379 : * Expected behavior: the responder refuses the PSK_FINISH message and
1380 : * produces an ERROR message indicating the InvalidRequest.
1381 : **/
1382 1 : void libspdm_test_responder_psk_finish_case13(void **state)
1383 : {
1384 : libspdm_return_t status;
1385 : libspdm_test_context_t *spdm_test_context;
1386 : libspdm_context_t *spdm_context;
1387 : size_t response_size;
1388 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1389 : spdm_psk_finish_response_t *spdm_response;
1390 : void *data1;
1391 : size_t data_size1;
1392 : uint8_t *ptr;
1393 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1394 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1395 : libspdm_session_info_t *session_info;
1396 : uint32_t session_id;
1397 : uint32_t hash_size;
1398 : uint32_t hmac_size;
1399 :
1400 1 : spdm_test_context = *state;
1401 1 : spdm_context = spdm_test_context->spdm_context;
1402 1 : spdm_test_context->case_id = 0xD;
1403 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1404 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1405 1 : spdm_context->connection_info.connection_state =
1406 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1407 1 : spdm_context->connection_info.capability.flags |=
1408 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1409 1 : spdm_context->local_context.capability.flags |=
1410 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1411 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1412 : m_libspdm_use_hash_algo;
1413 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1414 : m_libspdm_use_asym_algo;
1415 1 : spdm_context->connection_info.algorithm.measurement_spec =
1416 : m_libspdm_use_measurement_spec;
1417 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1418 : m_libspdm_use_measurement_hash_algo;
1419 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1420 : m_libspdm_use_dhe_algo;
1421 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1422 : m_libspdm_use_aead_algo;
1423 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1424 : m_libspdm_use_asym_algo, &data1,
1425 : &data_size1, NULL, NULL);
1426 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1427 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1428 : data_size1;
1429 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1430 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1431 : data_size1;
1432 :
1433 1 : spdm_context->transcript.message_a.buffer_size = 0;
1434 1 : spdm_context->local_context.mut_auth_requested = 0;
1435 :
1436 1 : session_id = 0xFFFFFFFF;
1437 1 : spdm_context->latest_session_id = session_id;
1438 1 : spdm_context->last_spdm_request_session_id_valid = true;
1439 1 : spdm_context->last_spdm_request_session_id = session_id;
1440 1 : session_info = &spdm_context->session_info[0];
1441 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
1442 1 : libspdm_session_info_set_psk_hint(session_info,
1443 : LIBSPDM_TEST_PSK_HINT_STRING,
1444 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1445 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1446 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1447 1 : libspdm_secured_message_set_request_finished_key(
1448 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1449 : hash_size);
1450 1 : libspdm_secured_message_set_session_state(
1451 : session_info->secured_message_context,
1452 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1453 :
1454 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1455 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1456 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1457 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1458 : /* transcript.message_a size is 0
1459 : * session_transcript.message_k is 0*/
1460 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1461 : sizeof(spdm_psk_finish_request_t));
1462 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1463 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1464 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1465 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1466 : request_finished_key, hash_size, ptr);
1467 1 : libspdm_set_mem(ptr + hmac_size/2, hmac_size/2, (uint8_t) 0x00); /* half HMAC size*/
1468 1 : m_libspdm_psk_finish_request1_size =
1469 1 : sizeof(spdm_psk_finish_request_t) + hmac_size/2;
1470 1 : response_size = sizeof(response);
1471 1 : status = libspdm_get_response_psk_finish(spdm_context,
1472 : m_libspdm_psk_finish_request1_size,
1473 : &m_libspdm_psk_finish_request1,
1474 : &response_size, response);
1475 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1476 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1477 1 : spdm_response = (void *)response;
1478 1 : assert_int_equal(spdm_response->header.request_response_code,
1479 : SPDM_ERROR);
1480 1 : assert_int_equal(spdm_response->header.param1,
1481 : SPDM_ERROR_CODE_INVALID_REQUEST);
1482 1 : assert_int_equal(spdm_response->header.param2, 0);
1483 1 : free(data1);
1484 1 : }
1485 :
1486 : /**
1487 : * Test 14: receiving a correct PSK_FINISH from the requester.
1488 : * Expected behavior: the responder accepts the request and produces a valid PSK_FINISH
1489 : * response message, and buffer F receives the exchanged PSK_FINISH and PSK_FINISH_RSP messages.
1490 : **/
1491 1 : void libspdm_test_responder_psk_finish_case14(void **state)
1492 : {
1493 : libspdm_return_t status;
1494 : libspdm_test_context_t *spdm_test_context;
1495 : libspdm_context_t *spdm_context;
1496 : size_t response_size;
1497 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1498 : spdm_psk_finish_response_t *spdm_response;
1499 : void *data1;
1500 : size_t data_size1;
1501 : uint8_t *ptr;
1502 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1503 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1504 : libspdm_session_info_t *session_info;
1505 : uint32_t session_id;
1506 : uint32_t hash_size;
1507 : uint32_t hmac_size;
1508 :
1509 1 : spdm_test_context = *state;
1510 1 : spdm_context = spdm_test_context->spdm_context;
1511 1 : spdm_test_context->case_id = 0xE;
1512 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1513 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1514 1 : spdm_context->connection_info.connection_state =
1515 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1516 1 : spdm_context->connection_info.capability.flags |=
1517 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1518 1 : spdm_context->local_context.capability.flags |=
1519 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1520 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1521 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1522 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1523 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1524 : m_libspdm_use_measurement_hash_algo;
1525 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1526 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1527 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1528 : m_libspdm_use_asym_algo, &data1,
1529 : &data_size1, NULL, NULL);
1530 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1531 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1532 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1533 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size = data_size1;
1534 :
1535 1 : libspdm_reset_message_a(spdm_context);
1536 1 : spdm_context->local_context.mut_auth_requested = 0;
1537 :
1538 1 : session_id = 0xFFFFFFFF;
1539 1 : spdm_context->latest_session_id = session_id;
1540 1 : spdm_context->last_spdm_request_session_id_valid = true;
1541 1 : spdm_context->last_spdm_request_session_id = session_id;
1542 1 : session_info = &spdm_context->session_info[0];
1543 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
1544 1 : libspdm_session_info_set_psk_hint(session_info,
1545 : LIBSPDM_TEST_PSK_HINT_STRING,
1546 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1547 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1548 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1549 1 : libspdm_secured_message_set_request_finished_key(
1550 : session_info->secured_message_context, m_libspdm_dummy_buffer, hash_size);
1551 1 : libspdm_secured_message_set_session_state(
1552 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1553 :
1554 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1555 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1556 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1557 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1558 : /* transcript.message_a size is 0
1559 : * session_transcript.message_k is 0*/
1560 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1561 : sizeof(spdm_psk_finish_request_t));
1562 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1563 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1564 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1565 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1566 : request_finished_key, hash_size, ptr);
1567 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
1568 1 : response_size = sizeof(response);
1569 1 : status = libspdm_get_response_psk_finish(
1570 : spdm_context, m_libspdm_psk_finish_request1_size, &m_libspdm_psk_finish_request1,
1571 : &response_size, response);
1572 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1573 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t));
1574 1 : spdm_response = (void *)response;
1575 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_PSK_FINISH_RSP);
1576 :
1577 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1578 : assert_int_equal(spdm_context->session_info[0].session_transcript.message_f.buffer_size,
1579 : m_libspdm_psk_finish_request1_size + response_size);
1580 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer,
1581 : &m_libspdm_psk_finish_request1, m_libspdm_psk_finish_request1_size);
1582 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer +
1583 : m_libspdm_psk_finish_request1_size, response, response_size);
1584 : #endif
1585 :
1586 1 : free(data1);
1587 1 : }
1588 :
1589 : /**
1590 : * Test 15: SPDM version 1.4, with OpaqueData.
1591 : * Expected behavior: the responder accepts the request and produces a valid PSK_FINISH
1592 : * response message.
1593 : **/
1594 1 : void libspdm_test_responder_psk_finish_case15(void **state)
1595 : {
1596 : libspdm_return_t status;
1597 : libspdm_test_context_t *spdm_test_context;
1598 : libspdm_context_t *spdm_context;
1599 : size_t response_size;
1600 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1601 : spdm_psk_finish_response_t *spdm_response;
1602 : void *data1;
1603 : size_t data_size1;
1604 : uint8_t *ptr;
1605 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1606 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1607 : libspdm_session_info_t *session_info;
1608 : uint32_t session_id;
1609 : uint32_t hash_size;
1610 : uint32_t hmac_size;
1611 :
1612 1 : spdm_test_context = *state;
1613 1 : spdm_context = spdm_test_context->spdm_context;
1614 1 : spdm_test_context->case_id = 0xF;
1615 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
1616 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1617 1 : spdm_context->connection_info.connection_state =
1618 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1619 1 : spdm_context->connection_info.capability.flags |=
1620 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1621 1 : spdm_context->local_context.capability.flags |=
1622 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1623 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1624 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1625 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1626 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1627 : m_libspdm_use_measurement_hash_algo;
1628 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1629 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1630 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1631 : m_libspdm_use_asym_algo, &data1,
1632 : &data_size1, NULL, NULL);
1633 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1634 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1635 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1636 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size = data_size1;
1637 :
1638 1 : libspdm_reset_message_a(spdm_context);
1639 1 : spdm_context->local_context.mut_auth_requested = 0;
1640 :
1641 1 : session_id = 0xFFFFFFFF;
1642 1 : spdm_context->latest_session_id = session_id;
1643 1 : spdm_context->last_spdm_request_session_id_valid = true;
1644 1 : spdm_context->last_spdm_request_session_id = session_id;
1645 1 : session_info = &spdm_context->session_info[0];
1646 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
1647 1 : libspdm_session_info_set_psk_hint(session_info,
1648 : LIBSPDM_TEST_PSK_HINT_STRING,
1649 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1650 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1651 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1652 1 : libspdm_secured_message_set_request_finished_key(
1653 : session_info->secured_message_context, m_libspdm_dummy_buffer, hash_size);
1654 1 : libspdm_secured_message_set_session_state(
1655 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1656 :
1657 1 : m_libspdm_psk_finish_request3.opaque_data_size =
1658 : sizeof(m_libspdm_psk_finish_request3.opaque_data);
1659 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1660 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1661 1 : ptr = m_libspdm_psk_finish_request3.verify_data;
1662 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1663 : /* transcript.message_a size is 0
1664 : * session_transcript.message_k is 0*/
1665 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request3,
1666 : sizeof(spdm_psk_finish_request_t) + sizeof(uint16_t) +
1667 1 : m_libspdm_psk_finish_request3.opaque_data_size);
1668 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1669 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1670 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1671 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1672 : request_finished_key, hash_size, ptr);
1673 1 : m_libspdm_psk_finish_request3_size = sizeof(spdm_psk_finish_request_t) + hmac_size +
1674 1 : sizeof(uint16_t) +
1675 1 : m_libspdm_psk_finish_request3.opaque_data_size;
1676 1 : response_size = sizeof(response);
1677 1 : status = libspdm_get_response_psk_finish(
1678 : spdm_context, m_libspdm_psk_finish_request3_size, &m_libspdm_psk_finish_request3,
1679 : &response_size, response);
1680 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1681 1 : ptr = (uint8_t *)response + sizeof(spdm_psk_finish_response_t);
1682 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t) +
1683 : sizeof(uint16_t) + libspdm_read_uint16(ptr));
1684 1 : spdm_response = (void *)response;
1685 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_PSK_FINISH_RSP);
1686 :
1687 1 : free(data1);
1688 1 : }
1689 :
1690 1 : int libspdm_responder_psk_finish_test_main(void)
1691 : {
1692 1 : const struct CMUnitTest spdm_responder_psk_finish_tests[] = {
1693 : /* Success Case*/
1694 : cmocka_unit_test(libspdm_test_responder_psk_finish_case1),
1695 : /* Bad request size*/
1696 : cmocka_unit_test(libspdm_test_responder_psk_finish_case2),
1697 : /* response_state: SPDM_RESPONSE_STATE_BUSY*/
1698 : cmocka_unit_test(libspdm_test_responder_psk_finish_case3),
1699 : /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
1700 : cmocka_unit_test(libspdm_test_responder_psk_finish_case4),
1701 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
1702 : /* response_state: SPDM_RESPONSE_STATE_NOT_READY*/
1703 : cmocka_unit_test(libspdm_test_responder_psk_finish_case5),
1704 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
1705 : /* connection_state Check*/
1706 : cmocka_unit_test(libspdm_test_responder_psk_finish_case6),
1707 : /* Buffer reset*/
1708 : cmocka_unit_test(libspdm_test_responder_psk_finish_case7),
1709 : /* Unsupported PSK capabilities*/
1710 : cmocka_unit_test(libspdm_test_responder_psk_finish_case8),
1711 : /* Uninitialized session*/
1712 : cmocka_unit_test(libspdm_test_responder_psk_finish_case9),
1713 : /* Incorrect MAC*/
1714 : cmocka_unit_test(libspdm_test_responder_psk_finish_case10),
1715 : cmocka_unit_test(libspdm_test_responder_psk_finish_case11),
1716 : /* Incorrect MAC size*/
1717 : cmocka_unit_test(libspdm_test_responder_psk_finish_case12),
1718 : cmocka_unit_test(libspdm_test_responder_psk_finish_case13),
1719 : /* Buffer verification*/
1720 : cmocka_unit_test(libspdm_test_responder_psk_finish_case14),
1721 : /* SPDM 1.4 with OpaqueData */
1722 : cmocka_unit_test(libspdm_test_responder_psk_finish_case15),
1723 : };
1724 :
1725 1 : libspdm_test_context_t test_context = {
1726 : LIBSPDM_TEST_CONTEXT_VERSION,
1727 : false,
1728 : };
1729 :
1730 1 : libspdm_setup_test_context(&test_context);
1731 :
1732 1 : return cmocka_run_group_tests(spdm_responder_psk_finish_tests,
1733 : libspdm_unit_test_group_setup,
1734 : libspdm_unit_test_group_teardown);
1735 : }
1736 :
1737 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
|