Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2026 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 : #include "internal/libspdm_secured_message_lib.h"
10 :
11 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
12 : #pragma pack(1)
13 : typedef struct {
14 : spdm_message_header_t header;
15 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
16 : } libspdm_psk_finish_request_mine_t;
17 :
18 : typedef struct {
19 : spdm_message_header_t header;
20 : uint16_t opaque_data_size;
21 : uint8_t opaque_data[8];
22 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
23 : } libspdm_psk_finish_request_mine_14_t;
24 : #pragma pack()
25 :
26 : static libspdm_th_managed_buffer_t th_curr;
27 :
28 : libspdm_psk_finish_request_mine_t m_libspdm_psk_finish_request1 = {
29 : { SPDM_MESSAGE_VERSION_11, SPDM_PSK_FINISH, 0, 0 },
30 : };
31 : size_t m_libspdm_psk_finish_request1_size = sizeof(m_libspdm_psk_finish_request1);
32 :
33 : libspdm_psk_finish_request_mine_t m_libspdm_psk_finish_request2 = {
34 : { SPDM_MESSAGE_VERSION_11, SPDM_PSK_FINISH, 0, 0 },
35 : };
36 : size_t m_libspdm_psk_finish_request2_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
37 :
38 : libspdm_psk_finish_request_mine_14_t m_libspdm_psk_finish_request3 = {
39 : { SPDM_MESSAGE_VERSION_14, SPDM_PSK_FINISH, 0, 0 },
40 : };
41 : size_t m_libspdm_psk_finish_request3_size = sizeof(m_libspdm_psk_finish_request3);
42 :
43 : static uint8_t m_libspdm_dummy_buffer[LIBSPDM_MAX_HASH_SIZE];
44 :
45 : extern size_t libspdm_secret_lib_psk_finish_opaque_data_size;
46 : extern bool g_generate_psk_finish_opaque_data;
47 :
48 18 : static void libspdm_secured_message_set_request_finished_key(
49 : void *spdm_secured_message_context, const void *key, size_t key_size)
50 : {
51 : libspdm_secured_message_context_t *secured_message_context;
52 :
53 18 : secured_message_context = spdm_secured_message_context;
54 18 : LIBSPDM_ASSERT(key_size == secured_message_context->hash_size);
55 18 : libspdm_copy_mem(secured_message_context->handshake_secret.request_finished_key,
56 : sizeof(secured_message_context->handshake_secret.request_finished_key),
57 : key, secured_message_context->hash_size);
58 18 : }
59 :
60 : /**
61 : * Test 1: receiving a correct PSK_FINISH message from the requester with a
62 : * correct MAC.
63 : * Expected behavior: the responder accepts the request and produces a valid
64 : * PSK_FINISH_RSP response message.
65 : **/
66 1 : static void rsp_psk_finish_rsp_case1(void **state)
67 : {
68 : libspdm_return_t status;
69 : libspdm_test_context_t *spdm_test_context;
70 : libspdm_context_t *spdm_context;
71 : size_t response_size;
72 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
73 : spdm_psk_finish_response_t *spdm_response;
74 : void *data1;
75 : size_t data_size1;
76 : uint8_t *ptr;
77 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
78 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
79 : libspdm_session_info_t *session_info;
80 : uint32_t session_id;
81 : uint32_t hash_size;
82 : uint32_t hmac_size;
83 :
84 1 : spdm_test_context = *state;
85 1 : spdm_context = spdm_test_context->spdm_context;
86 1 : spdm_test_context->case_id = 0x1;
87 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
88 : SPDM_VERSION_NUMBER_SHIFT_BIT;
89 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
90 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
91 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
92 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
93 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
94 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
95 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
96 : m_libspdm_use_measurement_hash_algo;
97 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
98 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
99 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
100 : m_libspdm_use_asym_algo, &data1,
101 : &data_size1, NULL, NULL)) {
102 0 : return;
103 : }
104 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
105 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
106 :
107 1 : libspdm_reset_message_a(spdm_context);
108 :
109 1 : session_id = 0xFFFFFFFF;
110 1 : spdm_context->latest_session_id = session_id;
111 1 : spdm_context->last_spdm_request_session_id_valid = true;
112 1 : spdm_context->last_spdm_request_session_id = session_id;
113 1 : session_info = &spdm_context->session_info[0];
114 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
115 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
116 1 : libspdm_session_info_set_psk_hint(session_info,
117 : LIBSPDM_TEST_PSK_HINT_STRING,
118 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
119 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
120 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
121 1 : libspdm_secured_message_set_request_finished_key(
122 : session_info->secured_message_context, m_libspdm_dummy_buffer,
123 : hash_size);
124 1 : libspdm_secured_message_set_session_state(
125 : session_info->secured_message_context,
126 : LIBSPDM_SESSION_STATE_HANDSHAKING);
127 :
128 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
129 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
130 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
131 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
132 : /* transcript.message_a size is 0
133 : * session_transcript.message_k is 0*/
134 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
135 : sizeof(spdm_psk_finish_request_t));
136 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
137 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
138 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
139 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
140 : request_finished_key, hash_size, ptr);
141 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
142 1 : response_size = sizeof(response);
143 1 : status = libspdm_get_response_psk_finish(spdm_context,
144 : m_libspdm_psk_finish_request1_size,
145 : &m_libspdm_psk_finish_request1,
146 : &response_size, response);
147 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
148 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t));
149 1 : spdm_response = (void *)response;
150 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_PSK_FINISH_RSP);
151 1 : free(data1);
152 : }
153 :
154 : /**
155 : * Test 2: receiving a PSK_FINISH message larger than specified.
156 : * Expected behavior: the responder refuses the PSK_FINISH message and
157 : * produces an ERROR message indicating the InvalidRequest.
158 : **/
159 1 : static void rsp_psk_finish_rsp_case2(void **state)
160 : {
161 : libspdm_return_t status;
162 : libspdm_test_context_t *spdm_test_context;
163 : libspdm_context_t *spdm_context;
164 : size_t response_size;
165 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
166 : spdm_psk_finish_response_t *spdm_response;
167 : void *data1;
168 : size_t data_size1;
169 : uint8_t *ptr;
170 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
171 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
172 : libspdm_session_info_t *session_info;
173 : uint32_t session_id;
174 : uint32_t hash_size;
175 :
176 1 : spdm_test_context = *state;
177 1 : spdm_context = spdm_test_context->spdm_context;
178 1 : spdm_test_context->case_id = 0x2;
179 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
180 : SPDM_VERSION_NUMBER_SHIFT_BIT;
181 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
182 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
183 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
184 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
185 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
186 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
187 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
188 : m_libspdm_use_measurement_hash_algo;
189 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
190 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
191 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
192 : m_libspdm_use_asym_algo, &data1,
193 : &data_size1, NULL, NULL)) {
194 0 : return;
195 : }
196 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
197 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
198 :
199 1 : libspdm_reset_message_a(spdm_context);
200 :
201 1 : session_id = 0xFFFFFFFF;
202 1 : spdm_context->latest_session_id = session_id;
203 1 : spdm_context->last_spdm_request_session_id_valid = true;
204 1 : spdm_context->last_spdm_request_session_id = session_id;
205 1 : session_info = &spdm_context->session_info[0];
206 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
207 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
208 1 : libspdm_session_info_set_psk_hint(session_info,
209 : LIBSPDM_TEST_PSK_HINT_STRING,
210 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
211 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
212 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
213 1 : libspdm_secured_message_set_request_finished_key(
214 : session_info->secured_message_context, m_libspdm_dummy_buffer,
215 : hash_size);
216 1 : libspdm_secured_message_set_session_state(
217 : session_info->secured_message_context,
218 : LIBSPDM_SESSION_STATE_HANDSHAKING);
219 :
220 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
221 1 : ptr = m_libspdm_psk_finish_request2.verify_data;
222 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
223 : /* transcript.message_a size is 0
224 : * session_transcript.message_k is 0*/
225 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request2,
226 : sizeof(spdm_psk_finish_request_t));
227 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
228 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
229 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
230 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
231 : request_finished_key, hash_size, ptr);
232 1 : response_size = sizeof(response);
233 1 : status = libspdm_get_response_psk_finish(spdm_context,
234 : m_libspdm_psk_finish_request2_size,
235 : &m_libspdm_psk_finish_request2,
236 : &response_size, response);
237 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
238 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
239 1 : spdm_response = (void *)response;
240 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
241 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
242 1 : assert_int_equal(spdm_response->header.param2, 0);
243 1 : free(data1);
244 : }
245 :
246 : /**
247 : * Test 3: receiving a correct PSK_FINISH from the requester, but the
248 : * responder is in a Busy state.
249 : * Expected behavior: the responder accepts the request, but produces an
250 : * ERROR message indicating the Busy state.
251 : **/
252 1 : static void rsp_psk_finish_rsp_case3(void **state)
253 : {
254 : libspdm_return_t status;
255 : libspdm_test_context_t *spdm_test_context;
256 : libspdm_context_t *spdm_context;
257 : size_t response_size;
258 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
259 : spdm_psk_finish_response_t *spdm_response;
260 : void *data1;
261 : size_t data_size1;
262 : uint8_t *ptr;
263 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
264 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
265 : libspdm_session_info_t *session_info;
266 : uint32_t session_id;
267 : uint32_t hash_size;
268 : uint32_t hmac_size;
269 :
270 1 : spdm_test_context = *state;
271 1 : spdm_context = spdm_test_context->spdm_context;
272 1 : spdm_test_context->case_id = 0x3;
273 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
274 : SPDM_VERSION_NUMBER_SHIFT_BIT;
275 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
276 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
277 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
278 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
279 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
280 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
281 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
282 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
283 : m_libspdm_use_measurement_hash_algo;
284 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
285 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
286 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
287 : m_libspdm_use_asym_algo, &data1,
288 : &data_size1, NULL, NULL)) {
289 0 : return;
290 : }
291 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
292 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
293 :
294 1 : libspdm_reset_message_a(spdm_context);
295 :
296 1 : session_id = 0xFFFFFFFF;
297 1 : spdm_context->latest_session_id = session_id;
298 1 : spdm_context->last_spdm_request_session_id_valid = true;
299 1 : spdm_context->last_spdm_request_session_id = session_id;
300 1 : session_info = &spdm_context->session_info[0];
301 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
302 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
303 1 : libspdm_session_info_set_psk_hint(session_info,
304 : LIBSPDM_TEST_PSK_HINT_STRING,
305 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
306 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
307 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
308 1 : libspdm_secured_message_set_request_finished_key(
309 : session_info->secured_message_context, m_libspdm_dummy_buffer,
310 : hash_size);
311 1 : libspdm_secured_message_set_session_state(
312 : session_info->secured_message_context,
313 : LIBSPDM_SESSION_STATE_HANDSHAKING);
314 :
315 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
316 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
317 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
318 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
319 : /* transcript.message_a size is 0
320 : * session_transcript.message_k is 0*/
321 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
322 : sizeof(spdm_psk_finish_request_t));
323 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
324 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
325 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
326 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
327 : request_finished_key, hash_size, ptr);
328 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
329 1 : response_size = sizeof(response);
330 1 : status = libspdm_get_response_psk_finish(spdm_context,
331 : m_libspdm_psk_finish_request1_size,
332 : &m_libspdm_psk_finish_request1,
333 : &response_size, response);
334 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
335 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
336 1 : spdm_response = (void *)response;
337 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
338 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
339 1 : assert_int_equal(spdm_response->header.param2, 0);
340 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_BUSY);
341 1 : free(data1);
342 : }
343 :
344 : /**
345 : * Test 4: receiving a correct PSK_FINISH from the requester, but the
346 : * responder requires resynchronization with the requester.
347 : * Expected behavior: the responder accepts the request, but produces an
348 : * ERROR message indicating the NeedResynch state.
349 : **/
350 1 : static void rsp_psk_finish_rsp_case4(void **state)
351 : {
352 : libspdm_return_t status;
353 : libspdm_test_context_t *spdm_test_context;
354 : libspdm_context_t *spdm_context;
355 : size_t response_size;
356 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
357 : spdm_psk_finish_response_t *spdm_response;
358 : void *data1;
359 : size_t data_size1;
360 : uint8_t *ptr;
361 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
362 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
363 : libspdm_session_info_t *session_info;
364 : uint32_t session_id;
365 : uint32_t hash_size;
366 : uint32_t hmac_size;
367 :
368 1 : spdm_test_context = *state;
369 1 : spdm_context = spdm_test_context->spdm_context;
370 1 : spdm_test_context->case_id = 0x4;
371 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
372 : SPDM_VERSION_NUMBER_SHIFT_BIT;
373 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
374 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
375 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
376 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
377 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
378 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
379 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
380 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
381 : m_libspdm_use_measurement_hash_algo;
382 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
383 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
384 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
385 : m_libspdm_use_asym_algo, &data1,
386 : &data_size1, NULL, NULL)) {
387 0 : return;
388 : }
389 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
390 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
391 :
392 1 : libspdm_reset_message_a(spdm_context);
393 :
394 1 : session_id = 0xFFFFFFFF;
395 1 : spdm_context->latest_session_id = session_id;
396 1 : spdm_context->last_spdm_request_session_id_valid = true;
397 1 : spdm_context->last_spdm_request_session_id = session_id;
398 1 : session_info = &spdm_context->session_info[0];
399 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
400 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
401 1 : libspdm_session_info_set_psk_hint(session_info,
402 : LIBSPDM_TEST_PSK_HINT_STRING,
403 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
404 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
405 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
406 1 : libspdm_secured_message_set_request_finished_key(
407 : session_info->secured_message_context, m_libspdm_dummy_buffer,
408 : hash_size);
409 1 : libspdm_secured_message_set_session_state(
410 : session_info->secured_message_context,
411 : LIBSPDM_SESSION_STATE_HANDSHAKING);
412 :
413 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
414 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
415 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
416 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
417 : /* transcript.message_a size is 0
418 : * session_transcript.message_k is 0*/
419 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
420 : sizeof(spdm_psk_finish_request_t));
421 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
422 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
423 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
424 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
425 : request_finished_key, hash_size, ptr);
426 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
427 1 : response_size = sizeof(response);
428 1 : status = libspdm_get_response_psk_finish(spdm_context,
429 : m_libspdm_psk_finish_request1_size,
430 : &m_libspdm_psk_finish_request1,
431 : &response_size, response);
432 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
433 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
434 1 : spdm_response = (void *)response;
435 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
436 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_REQUEST_RESYNCH);
437 1 : assert_int_equal(spdm_response->header.param2, 0);
438 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
439 1 : free(data1);
440 : }
441 :
442 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
443 : /**
444 : * Test 5: receiving a correct PSK_FINISH from the requester, but the
445 : * responder could not produce the response in time.
446 : * Expected behavior: the responder accepts the request, but produces an
447 : * ERROR message indicating the ResponseNotReady state.
448 : **/
449 1 : static void rsp_psk_finish_rsp_case5(void **state)
450 : {
451 : libspdm_return_t status;
452 : libspdm_test_context_t *spdm_test_context;
453 : libspdm_context_t *spdm_context;
454 : size_t response_size;
455 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
456 : spdm_psk_finish_response_t *spdm_response;
457 : void *data1;
458 : size_t data_size1;
459 : uint8_t *ptr;
460 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
461 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
462 : libspdm_session_info_t *session_info;
463 : uint32_t session_id;
464 : uint32_t hash_size;
465 : uint32_t hmac_size;
466 : spdm_error_data_response_not_ready_t *error_data;
467 :
468 1 : spdm_test_context = *state;
469 1 : spdm_context = spdm_test_context->spdm_context;
470 1 : spdm_test_context->case_id = 0x5;
471 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
472 : SPDM_VERSION_NUMBER_SHIFT_BIT;
473 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
474 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
475 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
476 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
477 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
478 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
479 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
480 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
481 : m_libspdm_use_measurement_hash_algo;
482 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
483 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
484 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
485 : m_libspdm_use_asym_algo, &data1,
486 : &data_size1, NULL, NULL)) {
487 0 : return;
488 : }
489 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
490 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
491 :
492 1 : libspdm_reset_message_a(spdm_context);
493 :
494 1 : session_id = 0xFFFFFFFF;
495 1 : spdm_context->latest_session_id = session_id;
496 1 : spdm_context->last_spdm_request_session_id_valid = true;
497 1 : spdm_context->last_spdm_request_session_id = session_id;
498 1 : session_info = &spdm_context->session_info[0];
499 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
500 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
501 1 : libspdm_session_info_set_psk_hint(session_info,
502 : LIBSPDM_TEST_PSK_HINT_STRING,
503 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
504 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
505 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
506 1 : libspdm_secured_message_set_request_finished_key(
507 : session_info->secured_message_context, m_libspdm_dummy_buffer,
508 : hash_size);
509 1 : libspdm_secured_message_set_session_state(
510 : session_info->secured_message_context,
511 : LIBSPDM_SESSION_STATE_HANDSHAKING);
512 :
513 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
514 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
515 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
516 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
517 : /* transcript.message_a size is 0
518 : * session_transcript.message_k is 0*/
519 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
520 : sizeof(spdm_psk_finish_request_t));
521 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
522 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
523 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
524 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
525 : request_finished_key, hash_size, ptr);
526 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
527 1 : response_size = sizeof(response);
528 1 : status = libspdm_get_response_psk_finish(spdm_context,
529 : m_libspdm_psk_finish_request1_size,
530 : &m_libspdm_psk_finish_request1,
531 : &response_size, response);
532 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
533 1 : assert_int_equal(response_size,
534 : sizeof(spdm_error_response_t) +
535 : sizeof(spdm_error_data_response_not_ready_t));
536 1 : spdm_response = (void *)response;
537 1 : error_data = (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
538 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
539 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_RESPONSE_NOT_READY);
540 1 : assert_int_equal(spdm_response->header.param2, 0);
541 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_NOT_READY);
542 1 : assert_int_equal(error_data->request_code, SPDM_PSK_FINISH);
543 1 : free(data1);
544 : }
545 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
546 :
547 : /**
548 : * Test 6: receiving a correct PSK_FINISH from the requester, but the
549 : * responder is not set no receive a PSK-FINISH message because previous
550 : * messages (namely, GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or
551 : * GET_DIGESTS) have not been received.
552 : * Expected behavior: the responder rejects the request, and produces an
553 : * ERROR message indicating the UnexpectedRequest.
554 : **/
555 1 : static void rsp_psk_finish_rsp_case6(void **state)
556 : {
557 : libspdm_return_t status;
558 : libspdm_test_context_t *spdm_test_context;
559 : libspdm_context_t *spdm_context;
560 : size_t response_size;
561 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
562 : spdm_psk_finish_response_t *spdm_response;
563 : void *data1;
564 : size_t data_size1;
565 : uint8_t *ptr;
566 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
567 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
568 : libspdm_session_info_t *session_info;
569 : uint32_t session_id;
570 : uint32_t hash_size;
571 : uint32_t hmac_size;
572 :
573 1 : spdm_test_context = *state;
574 1 : spdm_context = spdm_test_context->spdm_context;
575 1 : spdm_test_context->case_id = 0x6;
576 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
577 : SPDM_VERSION_NUMBER_SHIFT_BIT;
578 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
579 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NOT_STARTED;
580 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
581 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
582 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
583 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
584 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
585 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
586 : m_libspdm_use_measurement_hash_algo;
587 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
588 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
589 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
590 : m_libspdm_use_asym_algo, &data1,
591 : &data_size1, NULL, NULL)) {
592 0 : return;
593 : }
594 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
595 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
596 :
597 1 : libspdm_reset_message_a(spdm_context);
598 :
599 1 : session_id = 0xFFFFFFFF;
600 1 : spdm_context->latest_session_id = session_id;
601 1 : spdm_context->last_spdm_request_session_id_valid = true;
602 1 : spdm_context->last_spdm_request_session_id = session_id;
603 1 : session_info = &spdm_context->session_info[0];
604 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
605 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
606 1 : libspdm_session_info_set_psk_hint(session_info,
607 : LIBSPDM_TEST_PSK_HINT_STRING,
608 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
609 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
610 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
611 1 : libspdm_secured_message_set_request_finished_key(
612 : session_info->secured_message_context, m_libspdm_dummy_buffer,
613 : hash_size);
614 1 : libspdm_secured_message_set_session_state(
615 : session_info->secured_message_context,
616 : LIBSPDM_SESSION_STATE_HANDSHAKING);
617 :
618 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
619 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
620 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
621 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
622 : /* transcript.message_a size is 0
623 : * session_transcript.message_k is 0*/
624 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
625 : sizeof(spdm_psk_finish_request_t));
626 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
627 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
628 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
629 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
630 : request_finished_key, hash_size, ptr);
631 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
632 1 : response_size = sizeof(response);
633 1 : status = libspdm_get_response_psk_finish(spdm_context,
634 : m_libspdm_psk_finish_request1_size,
635 : &m_libspdm_psk_finish_request1,
636 : &response_size, response);
637 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
638 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
639 1 : spdm_response = (void *)response;
640 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
641 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
642 1 : assert_int_equal(spdm_response->header.param2, 0);
643 1 : free(data1);
644 : }
645 :
646 1 : static void rsp_psk_finish_rsp_case7(void **state)
647 : {
648 : libspdm_return_t status;
649 : libspdm_test_context_t *spdm_test_context;
650 : libspdm_context_t *spdm_context;
651 : size_t response_size;
652 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
653 : spdm_psk_finish_response_t *spdm_response;
654 : void *data1;
655 : size_t data_size1;
656 : uint8_t *ptr;
657 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
658 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
659 : libspdm_session_info_t *session_info;
660 : uint32_t session_id;
661 : uint32_t hash_size;
662 : uint32_t hmac_size;
663 :
664 1 : spdm_test_context = *state;
665 1 : spdm_context = spdm_test_context->spdm_context;
666 1 : spdm_test_context->case_id = 0x7;
667 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
668 : SPDM_VERSION_NUMBER_SHIFT_BIT;
669 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
670 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
671 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
672 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
673 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
674 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
675 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
676 : m_libspdm_use_measurement_hash_algo;
677 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
678 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
679 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
680 : m_libspdm_use_asym_algo, &data1,
681 : &data_size1, NULL, NULL)) {
682 0 : return;
683 : }
684 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
685 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
686 :
687 1 : libspdm_reset_message_a(spdm_context);
688 :
689 1 : session_id = 0xFFFFFFFF;
690 1 : spdm_context->latest_session_id = session_id;
691 1 : spdm_context->last_spdm_request_session_id_valid = true;
692 1 : spdm_context->last_spdm_request_session_id = session_id;
693 1 : session_info = &spdm_context->session_info[0];
694 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
695 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
696 1 : libspdm_session_info_set_psk_hint(session_info,
697 : LIBSPDM_TEST_PSK_HINT_STRING,
698 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
699 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
700 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
701 1 : libspdm_secured_message_set_request_finished_key(
702 : session_info->secured_message_context, m_libspdm_dummy_buffer,
703 : hash_size);
704 1 : libspdm_secured_message_set_session_state(
705 : session_info->secured_message_context,
706 : LIBSPDM_SESSION_STATE_HANDSHAKING);
707 :
708 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
709 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
710 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
711 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
712 : /* transcript.message_a size is 0
713 : * session_transcript.message_k is 0*/
714 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
715 : sizeof(spdm_psk_finish_request_t));
716 :
717 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
718 : session_info->session_transcript.message_m.buffer_size =
719 : session_info->session_transcript.message_m.max_buffer_size;
720 : spdm_context->transcript.message_b.buffer_size =
721 : spdm_context->transcript.message_b.max_buffer_size;
722 : spdm_context->transcript.message_c.buffer_size =
723 : spdm_context->transcript.message_c.max_buffer_size;
724 : spdm_context->transcript.message_mut_b.buffer_size =
725 : spdm_context->transcript.message_mut_b.max_buffer_size;
726 : spdm_context->transcript.message_mut_c.buffer_size =
727 : spdm_context->transcript.message_mut_c.max_buffer_size;
728 : #endif
729 :
730 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
731 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
732 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
733 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
734 : request_finished_key, hash_size, ptr);
735 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
736 1 : response_size = sizeof(response);
737 1 : status = libspdm_get_response_psk_finish(spdm_context,
738 : m_libspdm_psk_finish_request1_size,
739 : &m_libspdm_psk_finish_request1,
740 : &response_size, response);
741 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
742 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t));
743 1 : spdm_response = (void *)response;
744 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_PSK_FINISH_RSP);
745 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
746 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
747 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
748 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
749 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
750 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
751 : #endif
752 :
753 1 : free(data1);
754 : }
755 :
756 : /**
757 : * Test 8: receiving a correct PSK_FINISH message from the requester, but
758 : * the responder has no capabilities for pre-shared keys.
759 : * Expected behavior: the responder refuses the PSK_FINISH message and
760 : * produces an ERROR message indicating the UnsupportedRequest.
761 : **/
762 1 : static void rsp_psk_finish_rsp_case8(void **state)
763 : {
764 : libspdm_return_t status;
765 : libspdm_test_context_t *spdm_test_context;
766 : libspdm_context_t *spdm_context;
767 : size_t response_size;
768 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
769 : spdm_psk_finish_response_t *spdm_response;
770 : void *data1;
771 : size_t data_size1;
772 : uint8_t *ptr;
773 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
774 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
775 : libspdm_session_info_t *session_info;
776 : uint32_t session_id;
777 : uint32_t hash_size;
778 : uint32_t hmac_size;
779 :
780 1 : spdm_test_context = *state;
781 1 : spdm_context = spdm_test_context->spdm_context;
782 1 : spdm_test_context->case_id = 0x8;
783 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
784 : SPDM_VERSION_NUMBER_SHIFT_BIT;
785 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
786 1 : spdm_context->connection_info.capability.flags &=
787 : ~(SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP);
788 1 : spdm_context->local_context.capability.flags &= ~(SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP);
789 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
790 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
791 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
792 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
793 : m_libspdm_use_measurement_hash_algo;
794 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
795 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
796 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
797 : m_libspdm_use_asym_algo, &data1,
798 : &data_size1, NULL, NULL)) {
799 0 : return;
800 : }
801 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
802 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
803 :
804 1 : spdm_context->transcript.message_a.buffer_size = 0;
805 :
806 1 : session_id = 0xFFFFFFFF;
807 1 : spdm_context->latest_session_id = session_id;
808 1 : spdm_context->last_spdm_request_session_id_valid = true;
809 1 : spdm_context->last_spdm_request_session_id = session_id;
810 1 : session_info = &spdm_context->session_info[0];
811 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
812 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
813 1 : libspdm_session_info_set_psk_hint(session_info,
814 : LIBSPDM_TEST_PSK_HINT_STRING,
815 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
816 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
817 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
818 1 : libspdm_secured_message_set_request_finished_key(
819 : session_info->secured_message_context, m_libspdm_dummy_buffer,
820 : hash_size);
821 1 : libspdm_secured_message_set_session_state(
822 : session_info->secured_message_context,
823 : LIBSPDM_SESSION_STATE_HANDSHAKING);
824 :
825 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
826 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
827 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
828 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
829 : /* transcript.message_a size is 0
830 : * session_transcript.message_k is 0*/
831 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
832 : sizeof(spdm_psk_finish_request_t));
833 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
834 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
835 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
836 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
837 : request_finished_key, hash_size, ptr);
838 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
839 1 : response_size = sizeof(response);
840 1 : status = libspdm_get_response_psk_finish(spdm_context,
841 : m_libspdm_psk_finish_request1_size,
842 : &m_libspdm_psk_finish_request1,
843 : &response_size, response);
844 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
845 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
846 1 : spdm_response = (void *)response;
847 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
848 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
849 1 : assert_int_equal(spdm_response->header.param2, SPDM_PSK_FINISH);
850 1 : free(data1);
851 : }
852 :
853 : /**
854 : * Test 9: receiving a correct PSK_FINISH message from the requester, but
855 : * the responder is not correctly setup by not initializing a session during
856 : * PSK_EXCHANGE.
857 : * Expected behavior: the responder refuses the PSK_FINISH message and
858 : * produces an ERROR message indicating the InvalidRequest.
859 : **/
860 1 : static void rsp_psk_finish_rsp_case9(void **state)
861 : {
862 : libspdm_return_t status;
863 : libspdm_test_context_t *spdm_test_context;
864 : libspdm_context_t *spdm_context;
865 : size_t response_size;
866 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
867 : spdm_psk_finish_response_t *spdm_response;
868 : void *data1;
869 : size_t data_size1;
870 : uint8_t *ptr;
871 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
872 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
873 : libspdm_session_info_t *session_info;
874 : uint32_t session_id;
875 : uint32_t hash_size;
876 : uint32_t hmac_size;
877 :
878 1 : spdm_test_context = *state;
879 1 : spdm_context = spdm_test_context->spdm_context;
880 1 : spdm_test_context->case_id = 0x9;
881 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
882 : SPDM_VERSION_NUMBER_SHIFT_BIT;
883 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
884 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
885 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
886 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
887 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
888 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
889 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
890 : m_libspdm_use_measurement_hash_algo;
891 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
892 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
893 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
894 : m_libspdm_use_asym_algo, &data1,
895 : &data_size1, NULL, NULL)) {
896 0 : return;
897 : }
898 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
899 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
900 :
901 1 : spdm_context->transcript.message_a.buffer_size = 0;
902 :
903 1 : session_id = 0xFFFFFFFF;
904 1 : spdm_context->latest_session_id = session_id;
905 1 : spdm_context->last_spdm_request_session_id_valid = true;
906 1 : spdm_context->last_spdm_request_session_id = session_id;
907 1 : session_info = &spdm_context->session_info[0];
908 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
909 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
910 1 : libspdm_session_info_set_psk_hint(session_info,
911 : LIBSPDM_TEST_PSK_HINT_STRING,
912 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
913 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
914 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
915 1 : libspdm_secured_message_set_request_finished_key(
916 : session_info->secured_message_context, m_libspdm_dummy_buffer,
917 : hash_size);
918 1 : libspdm_secured_message_set_session_state(
919 : session_info->secured_message_context,
920 : LIBSPDM_SESSION_STATE_NOT_STARTED);
921 :
922 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
923 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
924 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
925 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
926 : /* transcript.message_a size is 0
927 : * session_transcript.message_k is 0*/
928 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
929 : sizeof(spdm_psk_finish_request_t));
930 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
931 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
932 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
933 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
934 : request_finished_key, hash_size, ptr);
935 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
936 1 : response_size = sizeof(response);
937 1 : status = libspdm_get_response_psk_finish(spdm_context,
938 : m_libspdm_psk_finish_request1_size,
939 : &m_libspdm_psk_finish_request1,
940 : &response_size, response);
941 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
942 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
943 1 : spdm_response = (void *)response;
944 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
945 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
946 1 : assert_int_equal(spdm_response->header.param2, 0);
947 1 : free(data1);
948 : }
949 :
950 : /**
951 : * Test 10: receiving a PSK_FINISH message from the requester with an
952 : * incorrect MAC (all-zero).
953 : * Expected behavior: the responder refuses the PSK_FINISH message and
954 : * produces an ERROR message indicating the DecryptError.
955 : **/
956 1 : static void rsp_psk_finish_rsp_case10(void **state)
957 : {
958 : libspdm_return_t status;
959 : libspdm_test_context_t *spdm_test_context;
960 : libspdm_context_t *spdm_context;
961 : size_t response_size;
962 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
963 : spdm_psk_finish_response_t *spdm_response;
964 : void *data1;
965 : size_t data_size1;
966 : uint8_t *ptr;
967 : libspdm_session_info_t *session_info;
968 : uint32_t session_id;
969 : uint32_t hash_size;
970 : uint32_t hmac_size;
971 :
972 1 : spdm_test_context = *state;
973 1 : spdm_context = spdm_test_context->spdm_context;
974 1 : spdm_test_context->case_id = 0xA;
975 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
976 : SPDM_VERSION_NUMBER_SHIFT_BIT;
977 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
978 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
979 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
980 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
981 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
982 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
983 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
984 : m_libspdm_use_measurement_hash_algo;
985 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
986 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
987 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
988 : m_libspdm_use_asym_algo, &data1,
989 : &data_size1, NULL, NULL)) {
990 0 : return;
991 : }
992 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
993 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
994 :
995 1 : spdm_context->transcript.message_a.buffer_size = 0;
996 :
997 1 : session_id = 0xFFFFFFFF;
998 1 : spdm_context->latest_session_id = session_id;
999 1 : spdm_context->last_spdm_request_session_id_valid = true;
1000 1 : spdm_context->last_spdm_request_session_id = session_id;
1001 1 : session_info = &spdm_context->session_info[0];
1002 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1003 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1004 1 : libspdm_session_info_set_psk_hint(session_info,
1005 : LIBSPDM_TEST_PSK_HINT_STRING,
1006 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1007 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1008 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1009 1 : libspdm_secured_message_set_request_finished_key(
1010 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1011 : hash_size);
1012 1 : libspdm_secured_message_set_session_state(
1013 : session_info->secured_message_context,
1014 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1015 :
1016 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1017 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1018 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1019 1 : libspdm_set_mem(ptr, hmac_size, (uint8_t)(0x00)); /*all-zero MAC*/
1020 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
1021 1 : response_size = sizeof(response);
1022 1 : status = libspdm_get_response_psk_finish(spdm_context,
1023 : m_libspdm_psk_finish_request1_size,
1024 : &m_libspdm_psk_finish_request1,
1025 : &response_size, response);
1026 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1027 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1028 1 : spdm_response = (void *)response;
1029 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1030 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_DECRYPT_ERROR);
1031 1 : assert_int_equal(spdm_response->header.param2, 0);
1032 1 : free(data1);
1033 : }
1034 :
1035 : /**
1036 : * Test 11: receiving a PSK_FINISH message from the requester with an
1037 : * incorrect MAC (arbitrary).
1038 : * Expected behavior: the responder refuses the PSK_FINISH message and
1039 : * produces an ERROR message indicating the DecryptError.
1040 : **/
1041 1 : static void rsp_psk_finish_rsp_case11(void **state)
1042 : {
1043 : libspdm_return_t status;
1044 : libspdm_test_context_t *spdm_test_context;
1045 : libspdm_context_t *spdm_context;
1046 : size_t response_size;
1047 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1048 : spdm_psk_finish_response_t *spdm_response;
1049 : void *data1;
1050 : size_t data_size1;
1051 : uint8_t *ptr;
1052 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1053 : uint8_t zero_data[LIBSPDM_MAX_HASH_SIZE];
1054 : libspdm_session_info_t *session_info;
1055 : uint32_t session_id;
1056 : uint32_t hash_size;
1057 : uint32_t hmac_size;
1058 :
1059 1 : spdm_test_context = *state;
1060 1 : spdm_context = spdm_test_context->spdm_context;
1061 1 : spdm_test_context->case_id = 0xB;
1062 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1063 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1064 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1065 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1066 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1067 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1068 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1069 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1070 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1071 : m_libspdm_use_measurement_hash_algo;
1072 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1073 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1074 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1075 : m_libspdm_use_asym_algo, &data1,
1076 : &data_size1, NULL, NULL)) {
1077 0 : return;
1078 : }
1079 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1080 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1081 :
1082 1 : spdm_context->transcript.message_a.buffer_size = 0;
1083 :
1084 1 : session_id = 0xFFFFFFFF;
1085 1 : spdm_context->latest_session_id = session_id;
1086 1 : spdm_context->last_spdm_request_session_id_valid = true;
1087 1 : spdm_context->last_spdm_request_session_id = session_id;
1088 1 : session_info = &spdm_context->session_info[0];
1089 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1090 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1091 1 : libspdm_session_info_set_psk_hint(session_info,
1092 : LIBSPDM_TEST_PSK_HINT_STRING,
1093 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1094 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1095 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1096 1 : libspdm_secured_message_set_request_finished_key(
1097 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1098 : hash_size);
1099 1 : libspdm_secured_message_set_session_state(
1100 : session_info->secured_message_context,
1101 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1102 :
1103 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1104 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1105 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1106 : /*arbitrary MAC*/
1107 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1108 1 : libspdm_set_mem(zero_data, hash_size, (uint8_t)(0x00));
1109 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, zero_data, hash_size,
1110 : request_finished_key, hash_size, ptr);
1111 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
1112 1 : response_size = sizeof(response);
1113 1 : status = libspdm_get_response_psk_finish(spdm_context,
1114 : m_libspdm_psk_finish_request1_size,
1115 : &m_libspdm_psk_finish_request1,
1116 : &response_size, response);
1117 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1118 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1119 1 : spdm_response = (void *)response;
1120 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1121 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_DECRYPT_ERROR);
1122 1 : assert_int_equal(spdm_response->header.param2, 0);
1123 1 : free(data1);
1124 : }
1125 :
1126 : /**
1127 : * Test 12: receiving a PSK_FINISH message from the requester with an
1128 : * incorrect MAC size (a correct MAC repeated twice).
1129 : * Expected behavior: the responder refuses the PSK_FINISH message and
1130 : * produces an ERROR message indicating the InvalidRequest.
1131 : **/
1132 1 : static void rsp_psk_finish_rsp_case12(void **state)
1133 : {
1134 : libspdm_return_t status;
1135 : libspdm_test_context_t *spdm_test_context;
1136 : libspdm_context_t *spdm_context;
1137 : size_t response_size;
1138 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1139 : spdm_psk_finish_response_t *spdm_response;
1140 : void *data1;
1141 : size_t data_size1;
1142 : uint8_t *ptr;
1143 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1144 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1145 : libspdm_session_info_t *session_info;
1146 : uint32_t session_id;
1147 : uint32_t hash_size;
1148 : uint32_t hmac_size;
1149 :
1150 1 : spdm_test_context = *state;
1151 1 : spdm_context = spdm_test_context->spdm_context;
1152 1 : spdm_test_context->case_id = 0xC;
1153 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1154 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1155 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1156 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1157 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1158 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1159 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1160 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1161 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1162 : m_libspdm_use_measurement_hash_algo;
1163 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1164 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1165 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1166 : m_libspdm_use_asym_algo, &data1,
1167 : &data_size1, NULL, NULL)) {
1168 0 : return;
1169 : }
1170 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1171 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1172 :
1173 1 : spdm_context->transcript.message_a.buffer_size = 0;
1174 :
1175 1 : session_id = 0xFFFFFFFF;
1176 1 : spdm_context->latest_session_id = session_id;
1177 1 : spdm_context->last_spdm_request_session_id_valid = true;
1178 1 : spdm_context->last_spdm_request_session_id = session_id;
1179 1 : session_info = &spdm_context->session_info[0];
1180 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1181 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1182 1 : libspdm_session_info_set_psk_hint(session_info,
1183 : LIBSPDM_TEST_PSK_HINT_STRING,
1184 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1185 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1186 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1187 1 : libspdm_secured_message_set_request_finished_key(
1188 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1189 : hash_size);
1190 1 : libspdm_secured_message_set_session_state(
1191 : session_info->secured_message_context,
1192 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1193 :
1194 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1195 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1196 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1197 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1198 : /* transcript.message_a size is 0
1199 : * session_transcript.message_k is 0*/
1200 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1201 : sizeof(spdm_psk_finish_request_t));
1202 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1203 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1204 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1205 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1206 : request_finished_key, hash_size, ptr);
1207 1 : libspdm_copy_mem(ptr, sizeof(m_libspdm_psk_finish_request1.verify_data),
1208 1 : ptr + hmac_size, hmac_size); /* 2x HMAC size*/
1209 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + 2*hmac_size;
1210 1 : response_size = sizeof(response);
1211 1 : status = libspdm_get_response_psk_finish(spdm_context,
1212 : m_libspdm_psk_finish_request1_size,
1213 : &m_libspdm_psk_finish_request1,
1214 : &response_size, response);
1215 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1216 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1217 1 : spdm_response = (void *)response;
1218 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1219 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1220 1 : assert_int_equal(spdm_response->header.param2, 0);
1221 1 : free(data1);
1222 : }
1223 :
1224 : /**
1225 : * Test 13: receiving a PSK_FINISH message from the requester with an
1226 : * incorrect MAC size (only the correct first half of the MAC).
1227 : * Expected behavior: the responder refuses the PSK_FINISH message and
1228 : * produces an ERROR message indicating the InvalidRequest.
1229 : **/
1230 1 : static void rsp_psk_finish_rsp_case13(void **state)
1231 : {
1232 : libspdm_return_t status;
1233 : libspdm_test_context_t *spdm_test_context;
1234 : libspdm_context_t *spdm_context;
1235 : size_t response_size;
1236 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1237 : spdm_psk_finish_response_t *spdm_response;
1238 : void *data1;
1239 : size_t data_size1;
1240 : uint8_t *ptr;
1241 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1242 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1243 : libspdm_session_info_t *session_info;
1244 : uint32_t session_id;
1245 : uint32_t hash_size;
1246 : uint32_t hmac_size;
1247 :
1248 1 : spdm_test_context = *state;
1249 1 : spdm_context = spdm_test_context->spdm_context;
1250 1 : spdm_test_context->case_id = 0xD;
1251 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1252 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1253 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1254 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1255 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1256 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1257 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1258 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1259 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1260 : m_libspdm_use_measurement_hash_algo;
1261 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1262 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1263 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1264 : m_libspdm_use_asym_algo, &data1,
1265 : &data_size1, NULL, NULL)) {
1266 0 : return;
1267 : }
1268 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1269 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1270 :
1271 1 : spdm_context->transcript.message_a.buffer_size = 0;
1272 :
1273 1 : session_id = 0xFFFFFFFF;
1274 1 : spdm_context->latest_session_id = session_id;
1275 1 : spdm_context->last_spdm_request_session_id_valid = true;
1276 1 : spdm_context->last_spdm_request_session_id = session_id;
1277 1 : session_info = &spdm_context->session_info[0];
1278 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1279 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1280 1 : libspdm_session_info_set_psk_hint(session_info,
1281 : LIBSPDM_TEST_PSK_HINT_STRING,
1282 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1283 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1284 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1285 1 : libspdm_secured_message_set_request_finished_key(
1286 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1287 : hash_size);
1288 1 : libspdm_secured_message_set_session_state(
1289 : session_info->secured_message_context,
1290 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1291 :
1292 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1293 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1294 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1295 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1296 : /* transcript.message_a size is 0
1297 : * session_transcript.message_k is 0*/
1298 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1299 : sizeof(spdm_psk_finish_request_t));
1300 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1301 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1302 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1303 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1304 : request_finished_key, hash_size, ptr);
1305 1 : libspdm_set_mem(ptr + hmac_size/2, hmac_size/2, (uint8_t) 0x00); /* half HMAC size*/
1306 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size/2;
1307 1 : response_size = sizeof(response);
1308 1 : status = libspdm_get_response_psk_finish(spdm_context,
1309 : m_libspdm_psk_finish_request1_size,
1310 : &m_libspdm_psk_finish_request1,
1311 : &response_size, response);
1312 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1313 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1314 1 : spdm_response = (void *)response;
1315 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1316 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1317 1 : assert_int_equal(spdm_response->header.param2, 0);
1318 1 : free(data1);
1319 : }
1320 :
1321 : /**
1322 : * Test 14: receiving a correct PSK_FINISH from the requester.
1323 : * Expected behavior: the responder accepts the request and produces a valid PSK_FINISH
1324 : * response message, and buffer F receives the exchanged PSK_FINISH and PSK_FINISH_RSP messages.
1325 : **/
1326 1 : static void rsp_psk_finish_rsp_case14(void **state)
1327 : {
1328 : libspdm_return_t status;
1329 : libspdm_test_context_t *spdm_test_context;
1330 : libspdm_context_t *spdm_context;
1331 : size_t response_size;
1332 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1333 : spdm_psk_finish_response_t *spdm_response;
1334 : void *data1;
1335 : size_t data_size1;
1336 : uint8_t *ptr;
1337 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1338 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1339 : libspdm_session_info_t *session_info;
1340 : uint32_t session_id;
1341 : uint32_t hash_size;
1342 : uint32_t hmac_size;
1343 :
1344 1 : spdm_test_context = *state;
1345 1 : spdm_context = spdm_test_context->spdm_context;
1346 1 : spdm_test_context->case_id = 0xE;
1347 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1348 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1349 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1350 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1351 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1352 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1353 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1354 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1355 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1356 : m_libspdm_use_measurement_hash_algo;
1357 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1358 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1359 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1360 : m_libspdm_use_asym_algo, &data1,
1361 : &data_size1, NULL, NULL)) {
1362 0 : return;
1363 : }
1364 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1365 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1366 :
1367 1 : libspdm_reset_message_a(spdm_context);
1368 :
1369 1 : session_id = 0xFFFFFFFF;
1370 1 : spdm_context->latest_session_id = session_id;
1371 1 : spdm_context->last_spdm_request_session_id_valid = true;
1372 1 : spdm_context->last_spdm_request_session_id = session_id;
1373 1 : session_info = &spdm_context->session_info[0];
1374 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1375 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1376 1 : libspdm_session_info_set_psk_hint(session_info,
1377 : LIBSPDM_TEST_PSK_HINT_STRING,
1378 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1379 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1380 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1381 1 : libspdm_secured_message_set_request_finished_key(
1382 : session_info->secured_message_context, m_libspdm_dummy_buffer, hash_size);
1383 1 : libspdm_secured_message_set_session_state(
1384 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1385 :
1386 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1387 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1388 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1389 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1390 : /* transcript.message_a size is 0
1391 : * session_transcript.message_k is 0*/
1392 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1393 : sizeof(spdm_psk_finish_request_t));
1394 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1395 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1396 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1397 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1398 : request_finished_key, hash_size, ptr);
1399 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
1400 1 : response_size = sizeof(response);
1401 1 : status = libspdm_get_response_psk_finish(
1402 : spdm_context, m_libspdm_psk_finish_request1_size, &m_libspdm_psk_finish_request1,
1403 : &response_size, response);
1404 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1405 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t));
1406 1 : spdm_response = (void *)response;
1407 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_PSK_FINISH_RSP);
1408 :
1409 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1410 : assert_int_equal(spdm_context->session_info[0].session_transcript.message_f.buffer_size,
1411 : m_libspdm_psk_finish_request1_size + response_size);
1412 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer,
1413 : &m_libspdm_psk_finish_request1, m_libspdm_psk_finish_request1_size);
1414 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer +
1415 : m_libspdm_psk_finish_request1_size, response, response_size);
1416 : #endif
1417 :
1418 1 : free(data1);
1419 : }
1420 :
1421 : /**
1422 : * Test 15: SPDM version 1.4, with OpaqueData.
1423 : * Expected behavior: the responder accepts the request and produces a valid PSK_FINISH
1424 : * response message.
1425 : **/
1426 1 : static void rsp_psk_finish_rsp_case15(void **state)
1427 : {
1428 : libspdm_return_t status;
1429 : libspdm_test_context_t *spdm_test_context;
1430 : libspdm_context_t *spdm_context;
1431 : size_t response_size;
1432 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1433 : spdm_psk_finish_response_t *spdm_response;
1434 : void *data1;
1435 : size_t data_size1;
1436 : uint8_t *ptr;
1437 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1438 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1439 : libspdm_session_info_t *session_info;
1440 : uint32_t session_id;
1441 : uint32_t hash_size;
1442 : uint32_t hmac_size;
1443 :
1444 1 : spdm_test_context = *state;
1445 1 : spdm_context = spdm_test_context->spdm_context;
1446 1 : spdm_test_context->case_id = 0xF;
1447 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
1448 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1449 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1450 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1451 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1452 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1453 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1454 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1455 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1456 : m_libspdm_use_measurement_hash_algo;
1457 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1458 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1459 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1460 : m_libspdm_use_asym_algo, &data1,
1461 : &data_size1, NULL, NULL)) {
1462 0 : return;
1463 : }
1464 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1465 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1466 :
1467 1 : libspdm_reset_message_a(spdm_context);
1468 :
1469 1 : session_id = 0xFFFFFFFF;
1470 1 : spdm_context->latest_session_id = session_id;
1471 1 : spdm_context->last_spdm_request_session_id_valid = true;
1472 1 : spdm_context->last_spdm_request_session_id = session_id;
1473 1 : session_info = &spdm_context->session_info[0];
1474 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1475 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1476 1 : libspdm_session_info_set_psk_hint(session_info,
1477 : LIBSPDM_TEST_PSK_HINT_STRING,
1478 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1479 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1480 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1481 1 : libspdm_secured_message_set_request_finished_key(
1482 : session_info->secured_message_context, m_libspdm_dummy_buffer, hash_size);
1483 1 : libspdm_secured_message_set_session_state(
1484 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1485 :
1486 1 : m_libspdm_psk_finish_request3.opaque_data_size =
1487 : sizeof(m_libspdm_psk_finish_request3.opaque_data);
1488 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1489 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1490 1 : ptr = m_libspdm_psk_finish_request3.verify_data;
1491 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1492 : /* transcript.message_a size is 0
1493 : * session_transcript.message_k is 0*/
1494 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request3,
1495 : sizeof(spdm_psk_finish_request_t) + sizeof(uint16_t) +
1496 1 : m_libspdm_psk_finish_request3.opaque_data_size);
1497 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1498 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1499 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1500 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1501 : request_finished_key, hash_size, ptr);
1502 1 : m_libspdm_psk_finish_request3_size = sizeof(spdm_psk_finish_request_t) + hmac_size +
1503 1 : sizeof(uint16_t) +
1504 1 : m_libspdm_psk_finish_request3.opaque_data_size;
1505 1 : response_size = sizeof(response);
1506 1 : status = libspdm_get_response_psk_finish(
1507 : spdm_context, m_libspdm_psk_finish_request3_size, &m_libspdm_psk_finish_request3,
1508 : &response_size, response);
1509 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1510 1 : ptr = (uint8_t *)response + sizeof(spdm_psk_finish_response_t);
1511 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t) +
1512 : sizeof(uint16_t) + libspdm_read_uint16(ptr));
1513 1 : spdm_response = (void *)response;
1514 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_PSK_FINISH_RSP);
1515 :
1516 1 : free(data1);
1517 : }
1518 :
1519 : /**
1520 : * Test 16: SPDM version 1.4, with OpaqueData.
1521 : * Expected behavior: the responder accepts the request and produces a valid
1522 : * PSK_FINISH_RSP response message with integrator defined opaque data in the response.
1523 : **/
1524 1 : static void rsp_psk_finish_rsp_case16(void **state)
1525 : {
1526 : libspdm_return_t status;
1527 : libspdm_test_context_t *spdm_test_context;
1528 : libspdm_context_t *spdm_context;
1529 : size_t response_size;
1530 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1531 : spdm_psk_finish_response_t *spdm_response;
1532 : void *data1;
1533 : size_t data_size1;
1534 : uint8_t *ptr;
1535 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1536 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1537 : libspdm_session_info_t *session_info;
1538 : uint32_t session_id;
1539 : uint32_t hash_size;
1540 : uint32_t hmac_size;
1541 :
1542 1 : spdm_test_context = *state;
1543 1 : spdm_context = spdm_test_context->spdm_context;
1544 1 : spdm_test_context->case_id = 0x10;
1545 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
1546 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1547 1 : spdm_context->connection_info.connection_state =
1548 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1549 1 : spdm_context->connection_info.capability.flags |=
1550 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1551 1 : spdm_context->local_context.capability.flags |=
1552 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1553 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1554 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1555 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1556 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1557 : m_libspdm_use_measurement_hash_algo;
1558 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1559 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1560 1 : spdm_context->connection_info.algorithm.other_params_support =
1561 : SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1;
1562 1 : g_generate_psk_finish_opaque_data = true;
1563 1 : libspdm_secret_lib_psk_finish_opaque_data_size = 8;
1564 :
1565 1 : if (!libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1566 : m_libspdm_use_asym_algo, &data1,
1567 : &data_size1, NULL, NULL)) {
1568 0 : return;
1569 : }
1570 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1571 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1572 :
1573 1 : libspdm_reset_message_a(spdm_context);
1574 :
1575 1 : session_id = 0xFFFFFFFF;
1576 1 : spdm_context->latest_session_id = session_id;
1577 1 : spdm_context->last_spdm_request_session_id_valid = true;
1578 1 : spdm_context->last_spdm_request_session_id = session_id;
1579 1 : session_info = &spdm_context->session_info[0];
1580 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1581 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1582 1 : libspdm_session_info_set_psk_hint(session_info,
1583 : LIBSPDM_TEST_PSK_HINT_STRING,
1584 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1585 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1586 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1587 1 : libspdm_secured_message_set_request_finished_key(
1588 : session_info->secured_message_context, m_libspdm_dummy_buffer, hash_size);
1589 1 : libspdm_secured_message_set_session_state(
1590 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1591 :
1592 1 : m_libspdm_psk_finish_request3.opaque_data_size =
1593 : sizeof(m_libspdm_psk_finish_request3.opaque_data);
1594 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1595 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1596 1 : ptr = m_libspdm_psk_finish_request3.verify_data;
1597 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1598 : /* transcript.message_a size is 0
1599 : * session_transcript.message_k is 0*/
1600 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request3,
1601 : sizeof(spdm_psk_finish_request_t) + sizeof(uint16_t) +
1602 1 : m_libspdm_psk_finish_request3.opaque_data_size);
1603 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1604 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1605 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1606 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1607 : request_finished_key, hash_size, ptr);
1608 1 : m_libspdm_psk_finish_request3_size = sizeof(spdm_psk_finish_request_t) + hmac_size +
1609 1 : sizeof(uint16_t) +
1610 1 : m_libspdm_psk_finish_request3.opaque_data_size;
1611 1 : response_size = sizeof(response);
1612 1 : status = libspdm_get_response_psk_finish(
1613 : spdm_context, m_libspdm_psk_finish_request3_size, &m_libspdm_psk_finish_request3,
1614 : &response_size, response);
1615 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1616 1 : ptr = (uint8_t *)response + sizeof(spdm_psk_finish_response_t);
1617 1 : assert_int_equal(libspdm_read_uint16(ptr),
1618 : libspdm_secret_lib_psk_finish_opaque_data_size);
1619 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t) +
1620 : sizeof(uint16_t) + libspdm_read_uint16(ptr));
1621 1 : spdm_response = (void *)response;
1622 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_PSK_FINISH_RSP);
1623 :
1624 1 : g_generate_psk_finish_opaque_data = false;
1625 1 : free(data1);
1626 : }
1627 :
1628 : /**
1629 : * Test 17: SPDM version 1.4 request declares opaque data larger than payload.
1630 : * Expected behavior: the responder rejects with INVALID_REQUEST.
1631 : **/
1632 1 : static void rsp_psk_finish_rsp_case17(void **state)
1633 : {
1634 : libspdm_return_t status;
1635 : libspdm_test_context_t *spdm_test_context;
1636 : libspdm_context_t *spdm_context;
1637 : size_t response_size;
1638 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1639 : spdm_error_response_t *spdm_response;
1640 : void *data1;
1641 : size_t data_size1;
1642 : libspdm_session_info_t *session_info;
1643 : uint32_t session_id;
1644 : uint32_t hash_size;
1645 :
1646 1 : spdm_test_context = *state;
1647 1 : spdm_context = spdm_test_context->spdm_context;
1648 1 : spdm_test_context->case_id = 0x11;
1649 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
1650 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1651 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1652 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1653 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1654 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1655 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1656 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1657 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1658 : m_libspdm_use_measurement_hash_algo;
1659 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1660 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1661 1 : spdm_context->connection_info.algorithm.other_params_support =
1662 : SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1;
1663 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1664 : m_libspdm_use_asym_algo, &data1,
1665 : &data_size1, NULL, NULL);
1666 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1667 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1668 :
1669 1 : libspdm_reset_message_a(spdm_context);
1670 :
1671 1 : session_id = 0xFFFFFFFF;
1672 1 : spdm_context->latest_session_id = session_id;
1673 1 : spdm_context->last_spdm_request_session_id_valid = true;
1674 1 : spdm_context->last_spdm_request_session_id = session_id;
1675 1 : session_info = &spdm_context->session_info[0];
1676 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1677 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1678 1 : libspdm_session_info_set_psk_hint(session_info,
1679 : LIBSPDM_TEST_PSK_HINT_STRING,
1680 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1681 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1682 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1683 1 : libspdm_secured_message_set_request_finished_key(
1684 : session_info->secured_message_context, m_libspdm_dummy_buffer, hash_size);
1685 1 : libspdm_secured_message_set_session_state(
1686 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1687 :
1688 1 : m_libspdm_psk_finish_request3.opaque_data_size =
1689 : sizeof(m_libspdm_psk_finish_request3.opaque_data);
1690 :
1691 1 : response_size = sizeof(response);
1692 1 : status = libspdm_get_response_psk_finish(
1693 : spdm_context, sizeof(spdm_psk_finish_request_t) + sizeof(uint16_t) + 4,
1694 : &m_libspdm_psk_finish_request3, &response_size, response);
1695 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1696 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1697 1 : spdm_response = (void *)response;
1698 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1699 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1700 1 : assert_int_equal(spdm_response->header.param2, 0);
1701 :
1702 1 : free(data1);
1703 1 : }
1704 :
1705 : /**
1706 : * Test 18: SPDM version 1.4 responder generates opaque response larger than protocol max.
1707 : * Expected behavior: the responder returns UNSPECIFIED error.
1708 : **/
1709 1 : static void rsp_psk_finish_rsp_case18(void **state)
1710 : {
1711 : libspdm_return_t status;
1712 : libspdm_test_context_t *spdm_test_context;
1713 : libspdm_context_t *spdm_context;
1714 : size_t response_size;
1715 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1716 : spdm_error_response_t *spdm_response;
1717 : void *data1;
1718 : size_t data_size1;
1719 : uint8_t *ptr;
1720 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1721 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1722 : libspdm_session_info_t *session_info;
1723 : uint32_t session_id;
1724 : uint32_t hash_size;
1725 : uint32_t hmac_size;
1726 :
1727 1 : spdm_test_context = *state;
1728 1 : spdm_context = spdm_test_context->spdm_context;
1729 1 : spdm_test_context->case_id = 0x12;
1730 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
1731 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1732 1 : spdm_context->connection_info.connection_state =
1733 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1734 1 : spdm_context->connection_info.capability.flags |=
1735 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1736 1 : spdm_context->local_context.capability.flags |=
1737 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1738 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1739 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1740 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1741 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1742 : m_libspdm_use_measurement_hash_algo;
1743 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1744 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1745 1 : spdm_context->connection_info.algorithm.other_params_support =
1746 : SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1;
1747 1 : g_generate_psk_finish_opaque_data = true;
1748 1 : libspdm_secret_lib_psk_finish_opaque_data_size = SPDM_MAX_OPAQUE_DATA_SIZE + 1;
1749 :
1750 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1751 : m_libspdm_use_asym_algo, &data1,
1752 : &data_size1, NULL, NULL);
1753 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1754 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1755 :
1756 1 : libspdm_reset_message_a(spdm_context);
1757 :
1758 1 : session_id = 0xFFFFFFFF;
1759 1 : spdm_context->latest_session_id = session_id;
1760 1 : spdm_context->last_spdm_request_session_id_valid = true;
1761 1 : spdm_context->last_spdm_request_session_id = session_id;
1762 1 : session_info = &spdm_context->session_info[0];
1763 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1764 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1765 1 : libspdm_session_info_set_psk_hint(session_info,
1766 : LIBSPDM_TEST_PSK_HINT_STRING,
1767 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1768 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1769 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1770 1 : libspdm_secured_message_set_request_finished_key(
1771 : session_info->secured_message_context, m_libspdm_dummy_buffer, hash_size);
1772 1 : libspdm_secured_message_set_session_state(
1773 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1774 :
1775 1 : m_libspdm_psk_finish_request3.opaque_data_size =
1776 : sizeof(m_libspdm_psk_finish_request3.opaque_data);
1777 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1778 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1779 1 : ptr = m_libspdm_psk_finish_request3.verify_data;
1780 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1781 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request3,
1782 : sizeof(spdm_psk_finish_request_t) + sizeof(uint16_t) +
1783 1 : m_libspdm_psk_finish_request3.opaque_data_size);
1784 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1785 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1786 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1787 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1788 : request_finished_key, hash_size, ptr);
1789 1 : m_libspdm_psk_finish_request3_size = sizeof(spdm_psk_finish_request_t) + hmac_size +
1790 1 : sizeof(uint16_t) +
1791 1 : m_libspdm_psk_finish_request3.opaque_data_size;
1792 1 : response_size = sizeof(response);
1793 1 : status = libspdm_get_response_psk_finish(
1794 : spdm_context, m_libspdm_psk_finish_request3_size, &m_libspdm_psk_finish_request3,
1795 : &response_size, response);
1796 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1797 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1798 1 : spdm_response = (void *)response;
1799 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1800 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNSPECIFIED);
1801 1 : assert_int_equal(spdm_response->header.param2, 0);
1802 :
1803 1 : g_generate_psk_finish_opaque_data = false;
1804 1 : free(data1);
1805 1 : }
1806 :
1807 1 : int libspdm_rsp_psk_finish_rsp_test(void)
1808 : {
1809 1 : const struct CMUnitTest test_cases[] = {
1810 : /* Success Case*/
1811 : cmocka_unit_test(rsp_psk_finish_rsp_case1),
1812 : /* Bad request size*/
1813 : cmocka_unit_test(rsp_psk_finish_rsp_case2),
1814 : /* response_state: SPDM_RESPONSE_STATE_BUSY*/
1815 : cmocka_unit_test(rsp_psk_finish_rsp_case3),
1816 : /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
1817 : cmocka_unit_test(rsp_psk_finish_rsp_case4),
1818 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
1819 : /* response_state: SPDM_RESPONSE_STATE_NOT_READY*/
1820 : cmocka_unit_test(rsp_psk_finish_rsp_case5),
1821 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
1822 : /* connection_state Check*/
1823 : cmocka_unit_test(rsp_psk_finish_rsp_case6),
1824 : /* Buffer reset*/
1825 : cmocka_unit_test(rsp_psk_finish_rsp_case7),
1826 : /* Unsupported PSK capabilities*/
1827 : cmocka_unit_test(rsp_psk_finish_rsp_case8),
1828 : /* Uninitialized session*/
1829 : cmocka_unit_test(rsp_psk_finish_rsp_case9),
1830 : /* Incorrect MAC*/
1831 : cmocka_unit_test(rsp_psk_finish_rsp_case10),
1832 : cmocka_unit_test(rsp_psk_finish_rsp_case11),
1833 : /* Incorrect MAC size*/
1834 : cmocka_unit_test(rsp_psk_finish_rsp_case12),
1835 : cmocka_unit_test(rsp_psk_finish_rsp_case13),
1836 : /* Buffer verification*/
1837 : cmocka_unit_test(rsp_psk_finish_rsp_case14),
1838 : /* SPDM 1.4 with OpaqueData */
1839 : cmocka_unit_test(rsp_psk_finish_rsp_case15),
1840 : /* SPDM 1.4, the Responder using integrator defined opaque data */
1841 : cmocka_unit_test(rsp_psk_finish_rsp_case16),
1842 : /* SPDM 1.4 request opaque size mismatch */
1843 : cmocka_unit_test(rsp_psk_finish_rsp_case17),
1844 : /* SPDM 1.4 responder opaque exceeds protocol max */
1845 : cmocka_unit_test(rsp_psk_finish_rsp_case18),
1846 : };
1847 :
1848 1 : libspdm_test_context_t test_context = {
1849 : LIBSPDM_TEST_CONTEXT_VERSION,
1850 : false,
1851 : };
1852 :
1853 1 : libspdm_setup_test_context(&test_context);
1854 :
1855 1 : return cmocka_run_group_tests(test_cases,
1856 : libspdm_unit_test_group_setup,
1857 : libspdm_unit_test_group_teardown);
1858 : }
1859 :
1860 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
|
