Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2025 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 : #include "internal/libspdm_secured_message_lib.h"
10 :
11 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
12 : #pragma pack(1)
13 : typedef struct {
14 : spdm_message_header_t header;
15 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
16 : } libspdm_psk_finish_request_mine_t;
17 :
18 : typedef struct {
19 : spdm_message_header_t header;
20 : uint16_t opaque_data_size;
21 : uint8_t opaque_data[8];
22 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
23 : } libspdm_psk_finish_request_mine_14_t;
24 : #pragma pack()
25 :
26 : static libspdm_th_managed_buffer_t th_curr;
27 :
28 : libspdm_psk_finish_request_mine_t m_libspdm_psk_finish_request1 = {
29 : { SPDM_MESSAGE_VERSION_11, SPDM_PSK_FINISH, 0, 0 },
30 : };
31 : size_t m_libspdm_psk_finish_request1_size = sizeof(m_libspdm_psk_finish_request1);
32 :
33 : libspdm_psk_finish_request_mine_t m_libspdm_psk_finish_request2 = {
34 : { SPDM_MESSAGE_VERSION_11, SPDM_PSK_FINISH, 0, 0 },
35 : };
36 : size_t m_libspdm_psk_finish_request2_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
37 :
38 : libspdm_psk_finish_request_mine_14_t m_libspdm_psk_finish_request3 = {
39 : { SPDM_MESSAGE_VERSION_14, SPDM_PSK_FINISH, 0, 0 },
40 : };
41 : size_t m_libspdm_psk_finish_request3_size = sizeof(m_libspdm_psk_finish_request3);
42 :
43 : static uint8_t m_libspdm_dummy_buffer[LIBSPDM_MAX_HASH_SIZE];
44 :
45 15 : static void libspdm_secured_message_set_request_finished_key(
46 : void *spdm_secured_message_context, const void *key, size_t key_size)
47 : {
48 : libspdm_secured_message_context_t *secured_message_context;
49 :
50 15 : secured_message_context = spdm_secured_message_context;
51 15 : LIBSPDM_ASSERT(key_size == secured_message_context->hash_size);
52 15 : libspdm_copy_mem(secured_message_context->handshake_secret.request_finished_key,
53 : sizeof(secured_message_context->handshake_secret.request_finished_key),
54 : key, secured_message_context->hash_size);
55 15 : }
56 :
57 : /**
58 : * Test 1: receiving a correct PSK_FINISH message from the requester with a
59 : * correct MAC.
60 : * Expected behavior: the responder accepts the request and produces a valid
61 : * PSK_FINISH_RSP response message.
62 : **/
63 1 : static void rsp_psk_finish_rsp_case1(void **state)
64 : {
65 : libspdm_return_t status;
66 : libspdm_test_context_t *spdm_test_context;
67 : libspdm_context_t *spdm_context;
68 : size_t response_size;
69 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
70 : spdm_psk_finish_response_t *spdm_response;
71 : void *data1;
72 : size_t data_size1;
73 : uint8_t *ptr;
74 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
75 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
76 : libspdm_session_info_t *session_info;
77 : uint32_t session_id;
78 : uint32_t hash_size;
79 : uint32_t hmac_size;
80 :
81 1 : spdm_test_context = *state;
82 1 : spdm_context = spdm_test_context->spdm_context;
83 1 : spdm_test_context->case_id = 0x1;
84 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
85 : SPDM_VERSION_NUMBER_SHIFT_BIT;
86 1 : spdm_context->connection_info.connection_state =
87 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
88 1 : spdm_context->connection_info.capability.flags |=
89 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
90 1 : spdm_context->local_context.capability.flags |=
91 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
92 1 : spdm_context->connection_info.algorithm.base_hash_algo =
93 : m_libspdm_use_hash_algo;
94 1 : spdm_context->connection_info.algorithm.base_asym_algo =
95 : m_libspdm_use_asym_algo;
96 1 : spdm_context->connection_info.algorithm.measurement_spec =
97 : m_libspdm_use_measurement_spec;
98 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
99 : m_libspdm_use_measurement_hash_algo;
100 1 : spdm_context->connection_info.algorithm.dhe_named_group =
101 : m_libspdm_use_dhe_algo;
102 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
103 : m_libspdm_use_aead_algo;
104 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
105 : m_libspdm_use_asym_algo, &data1,
106 : &data_size1, NULL, NULL);
107 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
108 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
109 : data_size1;
110 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
111 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
112 : data_size1;
113 :
114 1 : libspdm_reset_message_a(spdm_context);
115 1 : spdm_context->local_context.mut_auth_requested = 0;
116 :
117 1 : session_id = 0xFFFFFFFF;
118 1 : spdm_context->latest_session_id = session_id;
119 1 : spdm_context->last_spdm_request_session_id_valid = true;
120 1 : spdm_context->last_spdm_request_session_id = session_id;
121 1 : session_info = &spdm_context->session_info[0];
122 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
123 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
124 1 : libspdm_session_info_set_psk_hint(session_info,
125 : LIBSPDM_TEST_PSK_HINT_STRING,
126 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
127 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
128 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
129 1 : libspdm_secured_message_set_request_finished_key(
130 : session_info->secured_message_context, m_libspdm_dummy_buffer,
131 : hash_size);
132 1 : libspdm_secured_message_set_session_state(
133 : session_info->secured_message_context,
134 : LIBSPDM_SESSION_STATE_HANDSHAKING);
135 :
136 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
137 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
138 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
139 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
140 : /* transcript.message_a size is 0
141 : * session_transcript.message_k is 0*/
142 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
143 : sizeof(spdm_psk_finish_request_t));
144 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
145 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
146 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
147 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
148 : request_finished_key, hash_size, ptr);
149 1 : m_libspdm_psk_finish_request1_size =
150 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
151 1 : response_size = sizeof(response);
152 1 : status = libspdm_get_response_psk_finish(spdm_context,
153 : m_libspdm_psk_finish_request1_size,
154 : &m_libspdm_psk_finish_request1,
155 : &response_size, response);
156 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
157 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t));
158 1 : spdm_response = (void *)response;
159 1 : assert_int_equal(spdm_response->header.request_response_code,
160 : SPDM_PSK_FINISH_RSP);
161 1 : free(data1);
162 1 : }
163 :
164 : /**
165 : * Test 2: receiving a PSK_FINISH message larger than specified.
166 : * Expected behavior: the responder refuses the PSK_FINISH message and
167 : * produces an ERROR message indicating the InvalidRequest.
168 : **/
169 1 : static void rsp_psk_finish_rsp_case2(void **state)
170 : {
171 : libspdm_return_t status;
172 : libspdm_test_context_t *spdm_test_context;
173 : libspdm_context_t *spdm_context;
174 : size_t response_size;
175 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
176 : spdm_psk_finish_response_t *spdm_response;
177 : void *data1;
178 : size_t data_size1;
179 : uint8_t *ptr;
180 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
181 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
182 : libspdm_session_info_t *session_info;
183 : uint32_t session_id;
184 : uint32_t hash_size;
185 :
186 1 : spdm_test_context = *state;
187 1 : spdm_context = spdm_test_context->spdm_context;
188 1 : spdm_test_context->case_id = 0x2;
189 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
190 : SPDM_VERSION_NUMBER_SHIFT_BIT;
191 1 : spdm_context->connection_info.connection_state =
192 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
193 1 : spdm_context->connection_info.capability.flags |=
194 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
195 1 : spdm_context->local_context.capability.flags |=
196 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
197 1 : spdm_context->connection_info.algorithm.base_hash_algo =
198 : m_libspdm_use_hash_algo;
199 1 : spdm_context->connection_info.algorithm.base_asym_algo =
200 : m_libspdm_use_asym_algo;
201 1 : spdm_context->connection_info.algorithm.measurement_spec =
202 : m_libspdm_use_measurement_spec;
203 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
204 : m_libspdm_use_measurement_hash_algo;
205 1 : spdm_context->connection_info.algorithm.dhe_named_group =
206 : m_libspdm_use_dhe_algo;
207 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
208 : m_libspdm_use_aead_algo;
209 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
210 : m_libspdm_use_asym_algo, &data1,
211 : &data_size1, NULL, NULL);
212 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
213 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
214 : data_size1;
215 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
216 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
217 : data_size1;
218 :
219 1 : libspdm_reset_message_a(spdm_context);
220 1 : spdm_context->local_context.mut_auth_requested = 0;
221 :
222 1 : session_id = 0xFFFFFFFF;
223 1 : spdm_context->latest_session_id = session_id;
224 1 : spdm_context->last_spdm_request_session_id_valid = true;
225 1 : spdm_context->last_spdm_request_session_id = session_id;
226 1 : session_info = &spdm_context->session_info[0];
227 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
228 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
229 1 : libspdm_session_info_set_psk_hint(session_info,
230 : LIBSPDM_TEST_PSK_HINT_STRING,
231 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
232 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
233 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
234 1 : libspdm_secured_message_set_request_finished_key(
235 : session_info->secured_message_context, m_libspdm_dummy_buffer,
236 : hash_size);
237 1 : libspdm_secured_message_set_session_state(
238 : session_info->secured_message_context,
239 : LIBSPDM_SESSION_STATE_HANDSHAKING);
240 :
241 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
242 1 : ptr = m_libspdm_psk_finish_request2.verify_data;
243 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
244 : /* transcript.message_a size is 0
245 : * session_transcript.message_k is 0*/
246 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request2,
247 : sizeof(spdm_psk_finish_request_t));
248 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
249 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
250 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
251 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
252 : request_finished_key, hash_size, ptr);
253 1 : response_size = sizeof(response);
254 1 : status = libspdm_get_response_psk_finish(spdm_context,
255 : m_libspdm_psk_finish_request2_size,
256 : &m_libspdm_psk_finish_request2,
257 : &response_size, response);
258 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
259 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
260 1 : spdm_response = (void *)response;
261 1 : assert_int_equal(spdm_response->header.request_response_code,
262 : SPDM_ERROR);
263 1 : assert_int_equal(spdm_response->header.param1,
264 : SPDM_ERROR_CODE_INVALID_REQUEST);
265 1 : assert_int_equal(spdm_response->header.param2, 0);
266 1 : free(data1);
267 1 : }
268 :
269 : /**
270 : * Test 3: receiving a correct PSK_FINISH from the requester, but the
271 : * responder is in a Busy state.
272 : * Expected behavior: the responder accepts the request, but produces an
273 : * ERROR message indicating the Busy state.
274 : **/
275 1 : static void rsp_psk_finish_rsp_case3(void **state)
276 : {
277 : libspdm_return_t status;
278 : libspdm_test_context_t *spdm_test_context;
279 : libspdm_context_t *spdm_context;
280 : size_t response_size;
281 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
282 : spdm_psk_finish_response_t *spdm_response;
283 : void *data1;
284 : size_t data_size1;
285 : uint8_t *ptr;
286 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
287 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
288 : libspdm_session_info_t *session_info;
289 : uint32_t session_id;
290 : uint32_t hash_size;
291 : uint32_t hmac_size;
292 :
293 1 : spdm_test_context = *state;
294 1 : spdm_context = spdm_test_context->spdm_context;
295 1 : spdm_test_context->case_id = 0x3;
296 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
297 : SPDM_VERSION_NUMBER_SHIFT_BIT;
298 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
299 1 : spdm_context->connection_info.connection_state =
300 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
301 1 : spdm_context->connection_info.capability.flags |=
302 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
303 1 : spdm_context->local_context.capability.flags |=
304 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
305 1 : spdm_context->connection_info.algorithm.base_hash_algo =
306 : m_libspdm_use_hash_algo;
307 1 : spdm_context->connection_info.algorithm.base_asym_algo =
308 : m_libspdm_use_asym_algo;
309 1 : spdm_context->connection_info.algorithm.measurement_spec =
310 : m_libspdm_use_measurement_spec;
311 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
312 : m_libspdm_use_measurement_hash_algo;
313 1 : spdm_context->connection_info.algorithm.dhe_named_group =
314 : m_libspdm_use_dhe_algo;
315 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
316 : m_libspdm_use_aead_algo;
317 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
318 : m_libspdm_use_asym_algo, &data1,
319 : &data_size1, NULL, NULL);
320 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
321 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
322 : data_size1;
323 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
324 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
325 : data_size1;
326 :
327 1 : libspdm_reset_message_a(spdm_context);
328 1 : spdm_context->local_context.mut_auth_requested = 0;
329 :
330 1 : session_id = 0xFFFFFFFF;
331 1 : spdm_context->latest_session_id = session_id;
332 1 : spdm_context->last_spdm_request_session_id_valid = true;
333 1 : spdm_context->last_spdm_request_session_id = session_id;
334 1 : session_info = &spdm_context->session_info[0];
335 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
336 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
337 1 : libspdm_session_info_set_psk_hint(session_info,
338 : LIBSPDM_TEST_PSK_HINT_STRING,
339 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
340 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
341 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
342 1 : libspdm_secured_message_set_request_finished_key(
343 : session_info->secured_message_context, m_libspdm_dummy_buffer,
344 : hash_size);
345 1 : libspdm_secured_message_set_session_state(
346 : session_info->secured_message_context,
347 : LIBSPDM_SESSION_STATE_HANDSHAKING);
348 :
349 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
350 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
351 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
352 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
353 : /* transcript.message_a size is 0
354 : * session_transcript.message_k is 0*/
355 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
356 : sizeof(spdm_psk_finish_request_t));
357 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
358 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
359 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
360 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
361 : request_finished_key, hash_size, ptr);
362 1 : m_libspdm_psk_finish_request1_size =
363 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
364 1 : response_size = sizeof(response);
365 1 : status = libspdm_get_response_psk_finish(spdm_context,
366 : m_libspdm_psk_finish_request1_size,
367 : &m_libspdm_psk_finish_request1,
368 : &response_size, response);
369 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
370 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
371 1 : spdm_response = (void *)response;
372 1 : assert_int_equal(spdm_response->header.request_response_code,
373 : SPDM_ERROR);
374 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
375 1 : assert_int_equal(spdm_response->header.param2, 0);
376 1 : assert_int_equal(spdm_context->response_state,
377 : LIBSPDM_RESPONSE_STATE_BUSY);
378 1 : free(data1);
379 1 : }
380 :
381 : /**
382 : * Test 4: receiving a correct PSK_FINISH from the requester, but the
383 : * responder requires resynchronization with the requester.
384 : * Expected behavior: the responder accepts the request, but produces an
385 : * ERROR message indicating the NeedResynch state.
386 : **/
387 1 : static void rsp_psk_finish_rsp_case4(void **state)
388 : {
389 : libspdm_return_t status;
390 : libspdm_test_context_t *spdm_test_context;
391 : libspdm_context_t *spdm_context;
392 : size_t response_size;
393 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
394 : spdm_psk_finish_response_t *spdm_response;
395 : void *data1;
396 : size_t data_size1;
397 : uint8_t *ptr;
398 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
399 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
400 : libspdm_session_info_t *session_info;
401 : uint32_t session_id;
402 : uint32_t hash_size;
403 : uint32_t hmac_size;
404 :
405 1 : spdm_test_context = *state;
406 1 : spdm_context = spdm_test_context->spdm_context;
407 1 : spdm_test_context->case_id = 0x4;
408 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
409 : SPDM_VERSION_NUMBER_SHIFT_BIT;
410 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
411 1 : spdm_context->connection_info.connection_state =
412 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
413 1 : spdm_context->connection_info.capability.flags |=
414 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
415 1 : spdm_context->local_context.capability.flags |=
416 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
417 1 : spdm_context->connection_info.algorithm.base_hash_algo =
418 : m_libspdm_use_hash_algo;
419 1 : spdm_context->connection_info.algorithm.base_asym_algo =
420 : m_libspdm_use_asym_algo;
421 1 : spdm_context->connection_info.algorithm.measurement_spec =
422 : m_libspdm_use_measurement_spec;
423 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
424 : m_libspdm_use_measurement_hash_algo;
425 1 : spdm_context->connection_info.algorithm.dhe_named_group =
426 : m_libspdm_use_dhe_algo;
427 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
428 : m_libspdm_use_aead_algo;
429 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
430 : m_libspdm_use_asym_algo, &data1,
431 : &data_size1, NULL, NULL);
432 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
433 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
434 : data_size1;
435 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
436 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
437 : data_size1;
438 :
439 1 : libspdm_reset_message_a(spdm_context);
440 1 : spdm_context->local_context.mut_auth_requested = 0;
441 :
442 1 : session_id = 0xFFFFFFFF;
443 1 : spdm_context->latest_session_id = session_id;
444 1 : spdm_context->last_spdm_request_session_id_valid = true;
445 1 : spdm_context->last_spdm_request_session_id = session_id;
446 1 : session_info = &spdm_context->session_info[0];
447 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
448 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
449 1 : libspdm_session_info_set_psk_hint(session_info,
450 : LIBSPDM_TEST_PSK_HINT_STRING,
451 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
452 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
453 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
454 1 : libspdm_secured_message_set_request_finished_key(
455 : session_info->secured_message_context, m_libspdm_dummy_buffer,
456 : hash_size);
457 1 : libspdm_secured_message_set_session_state(
458 : session_info->secured_message_context,
459 : LIBSPDM_SESSION_STATE_HANDSHAKING);
460 :
461 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
462 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
463 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
464 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
465 : /* transcript.message_a size is 0
466 : * session_transcript.message_k is 0*/
467 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
468 : sizeof(spdm_psk_finish_request_t));
469 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
470 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
471 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
472 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
473 : request_finished_key, hash_size, ptr);
474 1 : m_libspdm_psk_finish_request1_size =
475 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
476 1 : response_size = sizeof(response);
477 1 : status = libspdm_get_response_psk_finish(spdm_context,
478 : m_libspdm_psk_finish_request1_size,
479 : &m_libspdm_psk_finish_request1,
480 : &response_size, response);
481 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
482 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
483 1 : spdm_response = (void *)response;
484 1 : assert_int_equal(spdm_response->header.request_response_code,
485 : SPDM_ERROR);
486 1 : assert_int_equal(spdm_response->header.param1,
487 : SPDM_ERROR_CODE_REQUEST_RESYNCH);
488 1 : assert_int_equal(spdm_response->header.param2, 0);
489 1 : assert_int_equal(spdm_context->response_state,
490 : LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
491 1 : free(data1);
492 1 : }
493 :
494 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
495 : /**
496 : * Test 5: receiving a correct PSK_FINISH from the requester, but the
497 : * responder could not produce the response in time.
498 : * Expected behavior: the responder accepts the request, but produces an
499 : * ERROR message indicating the ResponseNotReady state.
500 : **/
501 1 : static void rsp_psk_finish_rsp_case5(void **state)
502 : {
503 : libspdm_return_t status;
504 : libspdm_test_context_t *spdm_test_context;
505 : libspdm_context_t *spdm_context;
506 : size_t response_size;
507 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
508 : spdm_psk_finish_response_t *spdm_response;
509 : void *data1;
510 : size_t data_size1;
511 : uint8_t *ptr;
512 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
513 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
514 : libspdm_session_info_t *session_info;
515 : uint32_t session_id;
516 : uint32_t hash_size;
517 : uint32_t hmac_size;
518 : spdm_error_data_response_not_ready_t *error_data;
519 :
520 1 : spdm_test_context = *state;
521 1 : spdm_context = spdm_test_context->spdm_context;
522 1 : spdm_test_context->case_id = 0x5;
523 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
524 : SPDM_VERSION_NUMBER_SHIFT_BIT;
525 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
526 1 : spdm_context->connection_info.connection_state =
527 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
528 1 : spdm_context->connection_info.capability.flags |=
529 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
530 1 : spdm_context->local_context.capability.flags |=
531 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
532 1 : spdm_context->connection_info.algorithm.base_hash_algo =
533 : m_libspdm_use_hash_algo;
534 1 : spdm_context->connection_info.algorithm.base_asym_algo =
535 : m_libspdm_use_asym_algo;
536 1 : spdm_context->connection_info.algorithm.measurement_spec =
537 : m_libspdm_use_measurement_spec;
538 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
539 : m_libspdm_use_measurement_hash_algo;
540 1 : spdm_context->connection_info.algorithm.dhe_named_group =
541 : m_libspdm_use_dhe_algo;
542 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
543 : m_libspdm_use_aead_algo;
544 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
545 : m_libspdm_use_asym_algo, &data1,
546 : &data_size1, NULL, NULL);
547 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
548 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
549 : data_size1;
550 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
551 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
552 : data_size1;
553 :
554 1 : libspdm_reset_message_a(spdm_context);
555 1 : spdm_context->local_context.mut_auth_requested = 0;
556 :
557 1 : session_id = 0xFFFFFFFF;
558 1 : spdm_context->latest_session_id = session_id;
559 1 : spdm_context->last_spdm_request_session_id_valid = true;
560 1 : spdm_context->last_spdm_request_session_id = session_id;
561 1 : session_info = &spdm_context->session_info[0];
562 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
563 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
564 1 : libspdm_session_info_set_psk_hint(session_info,
565 : LIBSPDM_TEST_PSK_HINT_STRING,
566 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
567 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
568 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
569 1 : libspdm_secured_message_set_request_finished_key(
570 : session_info->secured_message_context, m_libspdm_dummy_buffer,
571 : hash_size);
572 1 : libspdm_secured_message_set_session_state(
573 : session_info->secured_message_context,
574 : LIBSPDM_SESSION_STATE_HANDSHAKING);
575 :
576 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
577 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
578 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
579 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
580 : /* transcript.message_a size is 0
581 : * session_transcript.message_k is 0*/
582 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
583 : sizeof(spdm_psk_finish_request_t));
584 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
585 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
586 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
587 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
588 : request_finished_key, hash_size, ptr);
589 1 : m_libspdm_psk_finish_request1_size =
590 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
591 1 : response_size = sizeof(response);
592 1 : status = libspdm_get_response_psk_finish(spdm_context,
593 : m_libspdm_psk_finish_request1_size,
594 : &m_libspdm_psk_finish_request1,
595 : &response_size, response);
596 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
597 1 : assert_int_equal(response_size,
598 : sizeof(spdm_error_response_t) +
599 : sizeof(spdm_error_data_response_not_ready_t));
600 1 : spdm_response = (void *)response;
601 1 : error_data =
602 : (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
603 1 : assert_int_equal(spdm_response->header.request_response_code,
604 : SPDM_ERROR);
605 1 : assert_int_equal(spdm_response->header.param1,
606 : SPDM_ERROR_CODE_RESPONSE_NOT_READY);
607 1 : assert_int_equal(spdm_response->header.param2, 0);
608 1 : assert_int_equal(spdm_context->response_state,
609 : LIBSPDM_RESPONSE_STATE_NOT_READY);
610 1 : assert_int_equal(error_data->request_code, SPDM_PSK_FINISH);
611 1 : free(data1);
612 1 : }
613 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
614 :
615 : /**
616 : * Test 6: receiving a correct PSK_FINISH from the requester, but the
617 : * responder is not set no receive a PSK-FINISH message because previous
618 : * messages (namely, GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or
619 : * GET_DIGESTS) have not been received.
620 : * Expected behavior: the responder rejects the request, and produces an
621 : * ERROR message indicating the UnexpectedRequest.
622 : **/
623 1 : static void rsp_psk_finish_rsp_case6(void **state)
624 : {
625 : libspdm_return_t status;
626 : libspdm_test_context_t *spdm_test_context;
627 : libspdm_context_t *spdm_context;
628 : size_t response_size;
629 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
630 : spdm_psk_finish_response_t *spdm_response;
631 : void *data1;
632 : size_t data_size1;
633 : uint8_t *ptr;
634 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
635 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
636 : libspdm_session_info_t *session_info;
637 : uint32_t session_id;
638 : uint32_t hash_size;
639 : uint32_t hmac_size;
640 :
641 1 : spdm_test_context = *state;
642 1 : spdm_context = spdm_test_context->spdm_context;
643 1 : spdm_test_context->case_id = 0x6;
644 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
645 : SPDM_VERSION_NUMBER_SHIFT_BIT;
646 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
647 1 : spdm_context->connection_info.connection_state =
648 : LIBSPDM_CONNECTION_STATE_NOT_STARTED;
649 1 : spdm_context->connection_info.capability.flags |=
650 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
651 1 : spdm_context->local_context.capability.flags |=
652 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
653 1 : spdm_context->connection_info.algorithm.base_hash_algo =
654 : m_libspdm_use_hash_algo;
655 1 : spdm_context->connection_info.algorithm.base_asym_algo =
656 : m_libspdm_use_asym_algo;
657 1 : spdm_context->connection_info.algorithm.measurement_spec =
658 : m_libspdm_use_measurement_spec;
659 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
660 : m_libspdm_use_measurement_hash_algo;
661 1 : spdm_context->connection_info.algorithm.dhe_named_group =
662 : m_libspdm_use_dhe_algo;
663 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
664 : m_libspdm_use_aead_algo;
665 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
666 : m_libspdm_use_asym_algo, &data1,
667 : &data_size1, NULL, NULL);
668 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
669 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
670 : data_size1;
671 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
672 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
673 : data_size1;
674 :
675 1 : libspdm_reset_message_a(spdm_context);
676 1 : spdm_context->local_context.mut_auth_requested = 0;
677 :
678 1 : session_id = 0xFFFFFFFF;
679 1 : spdm_context->latest_session_id = session_id;
680 1 : spdm_context->last_spdm_request_session_id_valid = true;
681 1 : spdm_context->last_spdm_request_session_id = session_id;
682 1 : session_info = &spdm_context->session_info[0];
683 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
684 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
685 1 : libspdm_session_info_set_psk_hint(session_info,
686 : LIBSPDM_TEST_PSK_HINT_STRING,
687 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
688 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
689 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
690 1 : libspdm_secured_message_set_request_finished_key(
691 : session_info->secured_message_context, m_libspdm_dummy_buffer,
692 : hash_size);
693 1 : libspdm_secured_message_set_session_state(
694 : session_info->secured_message_context,
695 : LIBSPDM_SESSION_STATE_HANDSHAKING);
696 :
697 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
698 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
699 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
700 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
701 : /* transcript.message_a size is 0
702 : * session_transcript.message_k is 0*/
703 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
704 : sizeof(spdm_psk_finish_request_t));
705 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
706 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
707 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
708 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
709 : request_finished_key, hash_size, ptr);
710 1 : m_libspdm_psk_finish_request1_size =
711 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
712 1 : response_size = sizeof(response);
713 1 : status = libspdm_get_response_psk_finish(spdm_context,
714 : m_libspdm_psk_finish_request1_size,
715 : &m_libspdm_psk_finish_request1,
716 : &response_size, response);
717 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
718 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
719 1 : spdm_response = (void *)response;
720 1 : assert_int_equal(spdm_response->header.request_response_code,
721 : SPDM_ERROR);
722 1 : assert_int_equal(spdm_response->header.param1,
723 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
724 1 : assert_int_equal(spdm_response->header.param2, 0);
725 1 : free(data1);
726 1 : }
727 :
728 1 : static void rsp_psk_finish_rsp_case7(void **state)
729 : {
730 : libspdm_return_t status;
731 : libspdm_test_context_t *spdm_test_context;
732 : libspdm_context_t *spdm_context;
733 : size_t response_size;
734 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
735 : spdm_psk_finish_response_t *spdm_response;
736 : void *data1;
737 : size_t data_size1;
738 : uint8_t *ptr;
739 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
740 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
741 : libspdm_session_info_t *session_info;
742 : uint32_t session_id;
743 : uint32_t hash_size;
744 : uint32_t hmac_size;
745 :
746 1 : spdm_test_context = *state;
747 1 : spdm_context = spdm_test_context->spdm_context;
748 1 : spdm_test_context->case_id = 0x7;
749 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
750 : SPDM_VERSION_NUMBER_SHIFT_BIT;
751 1 : spdm_context->connection_info.connection_state =
752 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
753 1 : spdm_context->connection_info.capability.flags |=
754 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
755 1 : spdm_context->local_context.capability.flags |=
756 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
757 1 : spdm_context->connection_info.algorithm.base_hash_algo =
758 : m_libspdm_use_hash_algo;
759 1 : spdm_context->connection_info.algorithm.base_asym_algo =
760 : m_libspdm_use_asym_algo;
761 1 : spdm_context->connection_info.algorithm.measurement_spec =
762 : m_libspdm_use_measurement_spec;
763 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
764 : m_libspdm_use_measurement_hash_algo;
765 1 : spdm_context->connection_info.algorithm.dhe_named_group =
766 : m_libspdm_use_dhe_algo;
767 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
768 : m_libspdm_use_aead_algo;
769 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
770 : m_libspdm_use_asym_algo, &data1,
771 : &data_size1, NULL, NULL);
772 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
773 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
774 : data_size1;
775 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
776 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
777 : data_size1;
778 :
779 1 : libspdm_reset_message_a(spdm_context);
780 1 : spdm_context->local_context.mut_auth_requested = 0;
781 :
782 1 : session_id = 0xFFFFFFFF;
783 1 : spdm_context->latest_session_id = session_id;
784 1 : spdm_context->last_spdm_request_session_id_valid = true;
785 1 : spdm_context->last_spdm_request_session_id = session_id;
786 1 : session_info = &spdm_context->session_info[0];
787 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
788 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
789 1 : libspdm_session_info_set_psk_hint(session_info,
790 : LIBSPDM_TEST_PSK_HINT_STRING,
791 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
792 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
793 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
794 1 : libspdm_secured_message_set_request_finished_key(
795 : session_info->secured_message_context, m_libspdm_dummy_buffer,
796 : hash_size);
797 1 : libspdm_secured_message_set_session_state(
798 : session_info->secured_message_context,
799 : LIBSPDM_SESSION_STATE_HANDSHAKING);
800 :
801 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
802 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
803 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
804 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
805 : /* transcript.message_a size is 0
806 : * session_transcript.message_k is 0*/
807 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
808 : sizeof(spdm_psk_finish_request_t));
809 :
810 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
811 : session_info->session_transcript.message_m.buffer_size =
812 : session_info->session_transcript.message_m.max_buffer_size;
813 : spdm_context->transcript.message_b.buffer_size =
814 : spdm_context->transcript.message_b.max_buffer_size;
815 : spdm_context->transcript.message_c.buffer_size =
816 : spdm_context->transcript.message_c.max_buffer_size;
817 : spdm_context->transcript.message_mut_b.buffer_size =
818 : spdm_context->transcript.message_mut_b.max_buffer_size;
819 : spdm_context->transcript.message_mut_c.buffer_size =
820 : spdm_context->transcript.message_mut_c.max_buffer_size;
821 : #endif
822 :
823 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
824 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
825 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
826 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
827 : request_finished_key, hash_size, ptr);
828 1 : m_libspdm_psk_finish_request1_size =
829 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
830 1 : response_size = sizeof(response);
831 1 : status = libspdm_get_response_psk_finish(spdm_context,
832 : m_libspdm_psk_finish_request1_size,
833 : &m_libspdm_psk_finish_request1,
834 : &response_size, response);
835 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
836 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t));
837 1 : spdm_response = (void *)response;
838 1 : assert_int_equal(spdm_response->header.request_response_code,
839 : SPDM_PSK_FINISH_RSP);
840 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
841 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
842 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
843 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
844 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
845 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
846 : #endif
847 :
848 1 : free(data1);
849 1 : }
850 :
851 : /**
852 : * Test 8: receiving a correct PSK_FINISH message from the requester, but
853 : * the responder has no capabilities for pre-shared keys.
854 : * Expected behavior: the responder refuses the PSK_FINISH message and
855 : * produces an ERROR message indicating the UnsupportedRequest.
856 : **/
857 1 : static void rsp_psk_finish_rsp_case8(void **state)
858 : {
859 : libspdm_return_t status;
860 : libspdm_test_context_t *spdm_test_context;
861 : libspdm_context_t *spdm_context;
862 : size_t response_size;
863 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
864 : spdm_psk_finish_response_t *spdm_response;
865 : void *data1;
866 : size_t data_size1;
867 : uint8_t *ptr;
868 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
869 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
870 : libspdm_session_info_t *session_info;
871 : uint32_t session_id;
872 : uint32_t hash_size;
873 : uint32_t hmac_size;
874 :
875 1 : spdm_test_context = *state;
876 1 : spdm_context = spdm_test_context->spdm_context;
877 1 : spdm_test_context->case_id = 0x8;
878 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
879 : SPDM_VERSION_NUMBER_SHIFT_BIT;
880 1 : spdm_context->connection_info.connection_state =
881 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
882 1 : spdm_context->connection_info.capability.flags &=
883 : ~(SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP);
884 1 : spdm_context->local_context.capability.flags &=
885 : ~(SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP);
886 1 : spdm_context->connection_info.algorithm.base_hash_algo =
887 : m_libspdm_use_hash_algo;
888 1 : spdm_context->connection_info.algorithm.base_asym_algo =
889 : m_libspdm_use_asym_algo;
890 1 : spdm_context->connection_info.algorithm.measurement_spec =
891 : m_libspdm_use_measurement_spec;
892 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
893 : m_libspdm_use_measurement_hash_algo;
894 1 : spdm_context->connection_info.algorithm.dhe_named_group =
895 : m_libspdm_use_dhe_algo;
896 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
897 : m_libspdm_use_aead_algo;
898 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
899 : m_libspdm_use_asym_algo, &data1,
900 : &data_size1, NULL, NULL);
901 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
902 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
903 : data_size1;
904 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
905 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
906 : data_size1;
907 :
908 1 : spdm_context->transcript.message_a.buffer_size = 0;
909 1 : spdm_context->local_context.mut_auth_requested = 0;
910 :
911 1 : session_id = 0xFFFFFFFF;
912 1 : spdm_context->latest_session_id = session_id;
913 1 : spdm_context->last_spdm_request_session_id_valid = true;
914 1 : spdm_context->last_spdm_request_session_id = session_id;
915 1 : session_info = &spdm_context->session_info[0];
916 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
917 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
918 1 : libspdm_session_info_set_psk_hint(session_info,
919 : LIBSPDM_TEST_PSK_HINT_STRING,
920 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
921 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
922 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
923 1 : libspdm_secured_message_set_request_finished_key(
924 : session_info->secured_message_context, m_libspdm_dummy_buffer,
925 : hash_size);
926 1 : libspdm_secured_message_set_session_state(
927 : session_info->secured_message_context,
928 : LIBSPDM_SESSION_STATE_HANDSHAKING);
929 :
930 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
931 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
932 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
933 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
934 : /* transcript.message_a size is 0
935 : * session_transcript.message_k is 0*/
936 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
937 : sizeof(spdm_psk_finish_request_t));
938 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
939 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
940 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
941 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
942 : request_finished_key, hash_size, ptr);
943 1 : m_libspdm_psk_finish_request1_size =
944 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
945 1 : response_size = sizeof(response);
946 1 : status = libspdm_get_response_psk_finish(spdm_context,
947 : m_libspdm_psk_finish_request1_size,
948 : &m_libspdm_psk_finish_request1,
949 : &response_size, response);
950 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
951 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
952 1 : spdm_response = (void *)response;
953 1 : assert_int_equal(spdm_response->header.request_response_code,
954 : SPDM_ERROR);
955 1 : assert_int_equal(spdm_response->header.param1,
956 : SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
957 1 : assert_int_equal(spdm_response->header.param2, SPDM_PSK_FINISH);
958 1 : free(data1);
959 1 : }
960 :
961 : /**
962 : * Test 9: receiving a correct PSK_FINISH message from the requester, but
963 : * the responder is not correctly setup by not initializing a session during
964 : * PSK_EXCHANGE.
965 : * Expected behavior: the responder refuses the PSK_FINISH message and
966 : * produces an ERROR message indicating the InvalidRequest.
967 : **/
968 1 : static void rsp_psk_finish_rsp_case9(void **state)
969 : {
970 : libspdm_return_t status;
971 : libspdm_test_context_t *spdm_test_context;
972 : libspdm_context_t *spdm_context;
973 : size_t response_size;
974 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
975 : spdm_psk_finish_response_t *spdm_response;
976 : void *data1;
977 : size_t data_size1;
978 : uint8_t *ptr;
979 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
980 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
981 : libspdm_session_info_t *session_info;
982 : uint32_t session_id;
983 : uint32_t hash_size;
984 : uint32_t hmac_size;
985 :
986 1 : spdm_test_context = *state;
987 1 : spdm_context = spdm_test_context->spdm_context;
988 1 : spdm_test_context->case_id = 0x9;
989 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
990 : SPDM_VERSION_NUMBER_SHIFT_BIT;
991 1 : spdm_context->connection_info.connection_state =
992 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
993 1 : spdm_context->connection_info.capability.flags |=
994 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
995 1 : spdm_context->local_context.capability.flags |=
996 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
997 1 : spdm_context->connection_info.algorithm.base_hash_algo =
998 : m_libspdm_use_hash_algo;
999 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1000 : m_libspdm_use_asym_algo;
1001 1 : spdm_context->connection_info.algorithm.measurement_spec =
1002 : m_libspdm_use_measurement_spec;
1003 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1004 : m_libspdm_use_measurement_hash_algo;
1005 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1006 : m_libspdm_use_dhe_algo;
1007 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1008 : m_libspdm_use_aead_algo;
1009 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1010 : m_libspdm_use_asym_algo, &data1,
1011 : &data_size1, NULL, NULL);
1012 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1013 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1014 : data_size1;
1015 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1016 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1017 : data_size1;
1018 :
1019 1 : spdm_context->transcript.message_a.buffer_size = 0;
1020 1 : spdm_context->local_context.mut_auth_requested = 0;
1021 :
1022 1 : session_id = 0xFFFFFFFF;
1023 1 : spdm_context->latest_session_id = session_id;
1024 1 : spdm_context->last_spdm_request_session_id_valid = true;
1025 1 : spdm_context->last_spdm_request_session_id = session_id;
1026 1 : session_info = &spdm_context->session_info[0];
1027 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1028 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1029 1 : libspdm_session_info_set_psk_hint(session_info,
1030 : LIBSPDM_TEST_PSK_HINT_STRING,
1031 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1032 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1033 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1034 1 : libspdm_secured_message_set_request_finished_key(
1035 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1036 : hash_size);
1037 1 : libspdm_secured_message_set_session_state(
1038 : session_info->secured_message_context,
1039 : LIBSPDM_SESSION_STATE_NOT_STARTED);
1040 :
1041 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1042 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1043 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1044 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1045 : /* transcript.message_a size is 0
1046 : * session_transcript.message_k is 0*/
1047 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1048 : sizeof(spdm_psk_finish_request_t));
1049 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1050 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1051 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1052 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1053 : request_finished_key, hash_size, ptr);
1054 1 : m_libspdm_psk_finish_request1_size =
1055 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
1056 1 : response_size = sizeof(response);
1057 1 : status = libspdm_get_response_psk_finish(spdm_context,
1058 : m_libspdm_psk_finish_request1_size,
1059 : &m_libspdm_psk_finish_request1,
1060 : &response_size, response);
1061 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1062 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1063 1 : spdm_response = (void *)response;
1064 1 : assert_int_equal(spdm_response->header.request_response_code,
1065 : SPDM_ERROR);
1066 1 : assert_int_equal(spdm_response->header.param1,
1067 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
1068 1 : assert_int_equal(spdm_response->header.param2, 0);
1069 1 : free(data1);
1070 1 : }
1071 :
1072 : /**
1073 : * Test 10: receiving a PSK_FINISH message from the requester with an
1074 : * incorrect MAC (all-zero).
1075 : * Expected behavior: the responder refuses the PSK_FINISH message and
1076 : * produces an ERROR message indicating the DecryptError.
1077 : **/
1078 1 : static void rsp_psk_finish_rsp_case10(void **state)
1079 : {
1080 : libspdm_return_t status;
1081 : libspdm_test_context_t *spdm_test_context;
1082 : libspdm_context_t *spdm_context;
1083 : size_t response_size;
1084 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1085 : spdm_psk_finish_response_t *spdm_response;
1086 : void *data1;
1087 : size_t data_size1;
1088 : uint8_t *ptr;
1089 : libspdm_session_info_t *session_info;
1090 : uint32_t session_id;
1091 : uint32_t hash_size;
1092 : uint32_t hmac_size;
1093 :
1094 1 : spdm_test_context = *state;
1095 1 : spdm_context = spdm_test_context->spdm_context;
1096 1 : spdm_test_context->case_id = 0xA;
1097 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1098 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1099 1 : spdm_context->connection_info.connection_state =
1100 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1101 1 : spdm_context->connection_info.capability.flags |=
1102 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1103 1 : spdm_context->local_context.capability.flags |=
1104 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1105 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1106 : m_libspdm_use_hash_algo;
1107 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1108 : m_libspdm_use_asym_algo;
1109 1 : spdm_context->connection_info.algorithm.measurement_spec =
1110 : m_libspdm_use_measurement_spec;
1111 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1112 : m_libspdm_use_measurement_hash_algo;
1113 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1114 : m_libspdm_use_dhe_algo;
1115 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1116 : m_libspdm_use_aead_algo;
1117 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1118 : m_libspdm_use_asym_algo, &data1,
1119 : &data_size1, NULL, NULL);
1120 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1121 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1122 : data_size1;
1123 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1124 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1125 : data_size1;
1126 :
1127 1 : spdm_context->transcript.message_a.buffer_size = 0;
1128 1 : spdm_context->local_context.mut_auth_requested = 0;
1129 :
1130 1 : session_id = 0xFFFFFFFF;
1131 1 : spdm_context->latest_session_id = session_id;
1132 1 : spdm_context->last_spdm_request_session_id_valid = true;
1133 1 : spdm_context->last_spdm_request_session_id = session_id;
1134 1 : session_info = &spdm_context->session_info[0];
1135 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1136 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1137 1 : libspdm_session_info_set_psk_hint(session_info,
1138 : LIBSPDM_TEST_PSK_HINT_STRING,
1139 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1140 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1141 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1142 1 : libspdm_secured_message_set_request_finished_key(
1143 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1144 : hash_size);
1145 1 : libspdm_secured_message_set_session_state(
1146 : session_info->secured_message_context,
1147 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1148 :
1149 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1150 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1151 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1152 1 : libspdm_set_mem(ptr, hmac_size, (uint8_t)(0x00)); /*all-zero MAC*/
1153 1 : m_libspdm_psk_finish_request1_size =
1154 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
1155 1 : response_size = sizeof(response);
1156 1 : status = libspdm_get_response_psk_finish(spdm_context,
1157 : m_libspdm_psk_finish_request1_size,
1158 : &m_libspdm_psk_finish_request1,
1159 : &response_size, response);
1160 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1161 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1162 1 : spdm_response = (void *)response;
1163 1 : assert_int_equal(spdm_response->header.request_response_code,
1164 : SPDM_ERROR);
1165 1 : assert_int_equal(spdm_response->header.param1,
1166 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1167 1 : assert_int_equal(spdm_response->header.param2, 0);
1168 1 : free(data1);
1169 1 : }
1170 :
1171 : /**
1172 : * Test 11: receiving a PSK_FINISH message from the requester with an
1173 : * incorrect MAC (arbitrary).
1174 : * Expected behavior: the responder refuses the PSK_FINISH message and
1175 : * produces an ERROR message indicating the DecryptError.
1176 : **/
1177 1 : static void rsp_psk_finish_rsp_case11(void **state)
1178 : {
1179 : libspdm_return_t status;
1180 : libspdm_test_context_t *spdm_test_context;
1181 : libspdm_context_t *spdm_context;
1182 : size_t response_size;
1183 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1184 : spdm_psk_finish_response_t *spdm_response;
1185 : void *data1;
1186 : size_t data_size1;
1187 : uint8_t *ptr;
1188 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1189 : uint8_t zero_data[LIBSPDM_MAX_HASH_SIZE];
1190 : libspdm_session_info_t *session_info;
1191 : uint32_t session_id;
1192 : uint32_t hash_size;
1193 : uint32_t hmac_size;
1194 :
1195 1 : spdm_test_context = *state;
1196 1 : spdm_context = spdm_test_context->spdm_context;
1197 1 : spdm_test_context->case_id = 0xB;
1198 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1199 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1200 1 : spdm_context->connection_info.connection_state =
1201 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1202 1 : spdm_context->connection_info.capability.flags |=
1203 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1204 1 : spdm_context->local_context.capability.flags |=
1205 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1206 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1207 : m_libspdm_use_hash_algo;
1208 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1209 : m_libspdm_use_asym_algo;
1210 1 : spdm_context->connection_info.algorithm.measurement_spec =
1211 : m_libspdm_use_measurement_spec;
1212 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1213 : m_libspdm_use_measurement_hash_algo;
1214 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1215 : m_libspdm_use_dhe_algo;
1216 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1217 : m_libspdm_use_aead_algo;
1218 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1219 : m_libspdm_use_asym_algo, &data1,
1220 : &data_size1, NULL, NULL);
1221 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1222 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1223 : data_size1;
1224 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1225 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1226 : data_size1;
1227 :
1228 1 : spdm_context->transcript.message_a.buffer_size = 0;
1229 1 : spdm_context->local_context.mut_auth_requested = 0;
1230 :
1231 1 : session_id = 0xFFFFFFFF;
1232 1 : spdm_context->latest_session_id = session_id;
1233 1 : spdm_context->last_spdm_request_session_id_valid = true;
1234 1 : spdm_context->last_spdm_request_session_id = session_id;
1235 1 : session_info = &spdm_context->session_info[0];
1236 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1237 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1238 1 : libspdm_session_info_set_psk_hint(session_info,
1239 : LIBSPDM_TEST_PSK_HINT_STRING,
1240 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1241 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1242 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1243 1 : libspdm_secured_message_set_request_finished_key(
1244 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1245 : hash_size);
1246 1 : libspdm_secured_message_set_session_state(
1247 : session_info->secured_message_context,
1248 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1249 :
1250 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1251 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1252 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1253 : /*arbitrary MAC*/
1254 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1255 1 : libspdm_set_mem(zero_data, hash_size, (uint8_t)(0x00));
1256 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, zero_data, hash_size,
1257 : request_finished_key, hash_size, ptr);
1258 1 : m_libspdm_psk_finish_request1_size =
1259 1 : sizeof(spdm_psk_finish_request_t) + hmac_size;
1260 1 : response_size = sizeof(response);
1261 1 : status = libspdm_get_response_psk_finish(spdm_context,
1262 : m_libspdm_psk_finish_request1_size,
1263 : &m_libspdm_psk_finish_request1,
1264 : &response_size, response);
1265 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1266 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1267 1 : spdm_response = (void *)response;
1268 1 : assert_int_equal(spdm_response->header.request_response_code,
1269 : SPDM_ERROR);
1270 1 : assert_int_equal(spdm_response->header.param1,
1271 : SPDM_ERROR_CODE_DECRYPT_ERROR);
1272 1 : assert_int_equal(spdm_response->header.param2, 0);
1273 1 : free(data1);
1274 1 : }
1275 :
1276 : /**
1277 : * Test 12: receiving a PSK_FINISH message from the requester with an
1278 : * incorrect MAC size (a correct MAC repeated twice).
1279 : * Expected behavior: the responder refuses the PSK_FINISH message and
1280 : * produces an ERROR message indicating the InvalidRequest.
1281 : **/
1282 1 : static void rsp_psk_finish_rsp_case12(void **state)
1283 : {
1284 : libspdm_return_t status;
1285 : libspdm_test_context_t *spdm_test_context;
1286 : libspdm_context_t *spdm_context;
1287 : size_t response_size;
1288 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1289 : spdm_psk_finish_response_t *spdm_response;
1290 : void *data1;
1291 : size_t data_size1;
1292 : uint8_t *ptr;
1293 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1294 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1295 : libspdm_session_info_t *session_info;
1296 : uint32_t session_id;
1297 : uint32_t hash_size;
1298 : uint32_t hmac_size;
1299 :
1300 1 : spdm_test_context = *state;
1301 1 : spdm_context = spdm_test_context->spdm_context;
1302 1 : spdm_test_context->case_id = 0xC;
1303 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1304 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1305 1 : spdm_context->connection_info.connection_state =
1306 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1307 1 : spdm_context->connection_info.capability.flags |=
1308 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1309 1 : spdm_context->local_context.capability.flags |=
1310 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1311 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1312 : m_libspdm_use_hash_algo;
1313 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1314 : m_libspdm_use_asym_algo;
1315 1 : spdm_context->connection_info.algorithm.measurement_spec =
1316 : m_libspdm_use_measurement_spec;
1317 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1318 : m_libspdm_use_measurement_hash_algo;
1319 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1320 : m_libspdm_use_dhe_algo;
1321 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1322 : m_libspdm_use_aead_algo;
1323 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1324 : m_libspdm_use_asym_algo, &data1,
1325 : &data_size1, NULL, NULL);
1326 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1327 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1328 : data_size1;
1329 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1330 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1331 : data_size1;
1332 :
1333 1 : spdm_context->transcript.message_a.buffer_size = 0;
1334 1 : spdm_context->local_context.mut_auth_requested = 0;
1335 :
1336 1 : session_id = 0xFFFFFFFF;
1337 1 : spdm_context->latest_session_id = session_id;
1338 1 : spdm_context->last_spdm_request_session_id_valid = true;
1339 1 : spdm_context->last_spdm_request_session_id = session_id;
1340 1 : session_info = &spdm_context->session_info[0];
1341 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1342 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1343 1 : libspdm_session_info_set_psk_hint(session_info,
1344 : LIBSPDM_TEST_PSK_HINT_STRING,
1345 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1346 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1347 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1348 1 : libspdm_secured_message_set_request_finished_key(
1349 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1350 : hash_size);
1351 1 : libspdm_secured_message_set_session_state(
1352 : session_info->secured_message_context,
1353 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1354 :
1355 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1356 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1357 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1358 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1359 : /* transcript.message_a size is 0
1360 : * session_transcript.message_k is 0*/
1361 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1362 : sizeof(spdm_psk_finish_request_t));
1363 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1364 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1365 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1366 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1367 : request_finished_key, hash_size, ptr);
1368 1 : libspdm_copy_mem(ptr, sizeof(m_libspdm_psk_finish_request1.verify_data),
1369 1 : ptr + hmac_size, hmac_size); /* 2x HMAC size*/
1370 1 : m_libspdm_psk_finish_request1_size =
1371 1 : sizeof(spdm_psk_finish_request_t) + 2*hmac_size;
1372 1 : response_size = sizeof(response);
1373 1 : status = libspdm_get_response_psk_finish(spdm_context,
1374 : m_libspdm_psk_finish_request1_size,
1375 : &m_libspdm_psk_finish_request1,
1376 : &response_size, response);
1377 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1378 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1379 1 : spdm_response = (void *)response;
1380 1 : assert_int_equal(spdm_response->header.request_response_code,
1381 : SPDM_ERROR);
1382 1 : assert_int_equal(spdm_response->header.param1,
1383 : SPDM_ERROR_CODE_INVALID_REQUEST);
1384 1 : assert_int_equal(spdm_response->header.param2, 0);
1385 1 : free(data1);
1386 1 : }
1387 :
1388 : /**
1389 : * Test 13: receiving a PSK_FINISH message from the requester with an
1390 : * incorrect MAC size (only the correct first half of the MAC).
1391 : * Expected behavior: the responder refuses the PSK_FINISH message and
1392 : * produces an ERROR message indicating the InvalidRequest.
1393 : **/
1394 1 : static void rsp_psk_finish_rsp_case13(void **state)
1395 : {
1396 : libspdm_return_t status;
1397 : libspdm_test_context_t *spdm_test_context;
1398 : libspdm_context_t *spdm_context;
1399 : size_t response_size;
1400 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1401 : spdm_psk_finish_response_t *spdm_response;
1402 : void *data1;
1403 : size_t data_size1;
1404 : uint8_t *ptr;
1405 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1406 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1407 : libspdm_session_info_t *session_info;
1408 : uint32_t session_id;
1409 : uint32_t hash_size;
1410 : uint32_t hmac_size;
1411 :
1412 1 : spdm_test_context = *state;
1413 1 : spdm_context = spdm_test_context->spdm_context;
1414 1 : spdm_test_context->case_id = 0xD;
1415 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1416 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1417 1 : spdm_context->connection_info.connection_state =
1418 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1419 1 : spdm_context->connection_info.capability.flags |=
1420 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1421 1 : spdm_context->local_context.capability.flags |=
1422 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1423 1 : spdm_context->connection_info.algorithm.base_hash_algo =
1424 : m_libspdm_use_hash_algo;
1425 1 : spdm_context->connection_info.algorithm.base_asym_algo =
1426 : m_libspdm_use_asym_algo;
1427 1 : spdm_context->connection_info.algorithm.measurement_spec =
1428 : m_libspdm_use_measurement_spec;
1429 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1430 : m_libspdm_use_measurement_hash_algo;
1431 1 : spdm_context->connection_info.algorithm.dhe_named_group =
1432 : m_libspdm_use_dhe_algo;
1433 1 : spdm_context->connection_info.algorithm.aead_cipher_suite =
1434 : m_libspdm_use_aead_algo;
1435 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1436 : m_libspdm_use_asym_algo, &data1,
1437 : &data_size1, NULL, NULL);
1438 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1439 1 : spdm_context->local_context.local_cert_chain_provision_size[0] =
1440 : data_size1;
1441 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1442 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size =
1443 : data_size1;
1444 :
1445 1 : spdm_context->transcript.message_a.buffer_size = 0;
1446 1 : spdm_context->local_context.mut_auth_requested = 0;
1447 :
1448 1 : session_id = 0xFFFFFFFF;
1449 1 : spdm_context->latest_session_id = session_id;
1450 1 : spdm_context->last_spdm_request_session_id_valid = true;
1451 1 : spdm_context->last_spdm_request_session_id = session_id;
1452 1 : session_info = &spdm_context->session_info[0];
1453 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1454 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1455 1 : libspdm_session_info_set_psk_hint(session_info,
1456 : LIBSPDM_TEST_PSK_HINT_STRING,
1457 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1458 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1459 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1460 1 : libspdm_secured_message_set_request_finished_key(
1461 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1462 : hash_size);
1463 1 : libspdm_secured_message_set_session_state(
1464 : session_info->secured_message_context,
1465 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1466 :
1467 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1468 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1469 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1470 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1471 : /* transcript.message_a size is 0
1472 : * session_transcript.message_k is 0*/
1473 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1474 : sizeof(spdm_psk_finish_request_t));
1475 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1476 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1477 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1478 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1479 : request_finished_key, hash_size, ptr);
1480 1 : libspdm_set_mem(ptr + hmac_size/2, hmac_size/2, (uint8_t) 0x00); /* half HMAC size*/
1481 1 : m_libspdm_psk_finish_request1_size =
1482 1 : sizeof(spdm_psk_finish_request_t) + hmac_size/2;
1483 1 : response_size = sizeof(response);
1484 1 : status = libspdm_get_response_psk_finish(spdm_context,
1485 : m_libspdm_psk_finish_request1_size,
1486 : &m_libspdm_psk_finish_request1,
1487 : &response_size, response);
1488 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1489 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1490 1 : spdm_response = (void *)response;
1491 1 : assert_int_equal(spdm_response->header.request_response_code,
1492 : SPDM_ERROR);
1493 1 : assert_int_equal(spdm_response->header.param1,
1494 : SPDM_ERROR_CODE_INVALID_REQUEST);
1495 1 : assert_int_equal(spdm_response->header.param2, 0);
1496 1 : free(data1);
1497 1 : }
1498 :
1499 : /**
1500 : * Test 14: receiving a correct PSK_FINISH from the requester.
1501 : * Expected behavior: the responder accepts the request and produces a valid PSK_FINISH
1502 : * response message, and buffer F receives the exchanged PSK_FINISH and PSK_FINISH_RSP messages.
1503 : **/
1504 1 : static void rsp_psk_finish_rsp_case14(void **state)
1505 : {
1506 : libspdm_return_t status;
1507 : libspdm_test_context_t *spdm_test_context;
1508 : libspdm_context_t *spdm_context;
1509 : size_t response_size;
1510 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1511 : spdm_psk_finish_response_t *spdm_response;
1512 : void *data1;
1513 : size_t data_size1;
1514 : uint8_t *ptr;
1515 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1516 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1517 : libspdm_session_info_t *session_info;
1518 : uint32_t session_id;
1519 : uint32_t hash_size;
1520 : uint32_t hmac_size;
1521 :
1522 1 : spdm_test_context = *state;
1523 1 : spdm_context = spdm_test_context->spdm_context;
1524 1 : spdm_test_context->case_id = 0xE;
1525 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1526 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1527 1 : spdm_context->connection_info.connection_state =
1528 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1529 1 : spdm_context->connection_info.capability.flags |=
1530 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1531 1 : spdm_context->local_context.capability.flags |=
1532 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1533 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1534 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1535 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1536 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1537 : m_libspdm_use_measurement_hash_algo;
1538 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1539 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1540 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1541 : m_libspdm_use_asym_algo, &data1,
1542 : &data_size1, NULL, NULL);
1543 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1544 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1545 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1546 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size = data_size1;
1547 :
1548 1 : libspdm_reset_message_a(spdm_context);
1549 1 : spdm_context->local_context.mut_auth_requested = 0;
1550 :
1551 1 : session_id = 0xFFFFFFFF;
1552 1 : spdm_context->latest_session_id = session_id;
1553 1 : spdm_context->last_spdm_request_session_id_valid = true;
1554 1 : spdm_context->last_spdm_request_session_id = session_id;
1555 1 : session_info = &spdm_context->session_info[0];
1556 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1557 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1558 1 : libspdm_session_info_set_psk_hint(session_info,
1559 : LIBSPDM_TEST_PSK_HINT_STRING,
1560 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1561 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1562 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1563 1 : libspdm_secured_message_set_request_finished_key(
1564 : session_info->secured_message_context, m_libspdm_dummy_buffer, hash_size);
1565 1 : libspdm_secured_message_set_session_state(
1566 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1567 :
1568 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1569 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1570 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1571 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1572 : /* transcript.message_a size is 0
1573 : * session_transcript.message_k is 0*/
1574 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1575 : sizeof(spdm_psk_finish_request_t));
1576 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1577 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1578 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1579 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1580 : request_finished_key, hash_size, ptr);
1581 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
1582 1 : response_size = sizeof(response);
1583 1 : status = libspdm_get_response_psk_finish(
1584 : spdm_context, m_libspdm_psk_finish_request1_size, &m_libspdm_psk_finish_request1,
1585 : &response_size, response);
1586 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1587 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t));
1588 1 : spdm_response = (void *)response;
1589 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_PSK_FINISH_RSP);
1590 :
1591 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1592 : assert_int_equal(spdm_context->session_info[0].session_transcript.message_f.buffer_size,
1593 : m_libspdm_psk_finish_request1_size + response_size);
1594 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer,
1595 : &m_libspdm_psk_finish_request1, m_libspdm_psk_finish_request1_size);
1596 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer +
1597 : m_libspdm_psk_finish_request1_size, response, response_size);
1598 : #endif
1599 :
1600 1 : free(data1);
1601 1 : }
1602 :
1603 : /**
1604 : * Test 15: SPDM version 1.4, with OpaqueData.
1605 : * Expected behavior: the responder accepts the request and produces a valid PSK_FINISH
1606 : * response message.
1607 : **/
1608 1 : static void rsp_psk_finish_rsp_case15(void **state)
1609 : {
1610 : libspdm_return_t status;
1611 : libspdm_test_context_t *spdm_test_context;
1612 : libspdm_context_t *spdm_context;
1613 : size_t response_size;
1614 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1615 : spdm_psk_finish_response_t *spdm_response;
1616 : void *data1;
1617 : size_t data_size1;
1618 : uint8_t *ptr;
1619 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1620 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1621 : libspdm_session_info_t *session_info;
1622 : uint32_t session_id;
1623 : uint32_t hash_size;
1624 : uint32_t hmac_size;
1625 :
1626 1 : spdm_test_context = *state;
1627 1 : spdm_context = spdm_test_context->spdm_context;
1628 1 : spdm_test_context->case_id = 0xF;
1629 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
1630 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1631 1 : spdm_context->connection_info.connection_state =
1632 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1633 1 : spdm_context->connection_info.capability.flags |=
1634 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1635 1 : spdm_context->local_context.capability.flags |=
1636 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1637 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1638 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1639 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1640 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1641 : m_libspdm_use_measurement_hash_algo;
1642 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1643 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1644 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1645 : m_libspdm_use_asym_algo, &data1,
1646 : &data_size1, NULL, NULL);
1647 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1648 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1649 1 : spdm_context->connection_info.local_used_cert_chain_buffer = data1;
1650 1 : spdm_context->connection_info.local_used_cert_chain_buffer_size = data_size1;
1651 :
1652 1 : libspdm_reset_message_a(spdm_context);
1653 1 : spdm_context->local_context.mut_auth_requested = 0;
1654 :
1655 1 : session_id = 0xFFFFFFFF;
1656 1 : spdm_context->latest_session_id = session_id;
1657 1 : spdm_context->last_spdm_request_session_id_valid = true;
1658 1 : spdm_context->last_spdm_request_session_id = session_id;
1659 1 : session_info = &spdm_context->session_info[0];
1660 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1661 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1662 1 : libspdm_session_info_set_psk_hint(session_info,
1663 : LIBSPDM_TEST_PSK_HINT_STRING,
1664 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1665 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1666 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1667 1 : libspdm_secured_message_set_request_finished_key(
1668 : session_info->secured_message_context, m_libspdm_dummy_buffer, hash_size);
1669 1 : libspdm_secured_message_set_session_state(
1670 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1671 :
1672 1 : m_libspdm_psk_finish_request3.opaque_data_size =
1673 : sizeof(m_libspdm_psk_finish_request3.opaque_data);
1674 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1675 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1676 1 : ptr = m_libspdm_psk_finish_request3.verify_data;
1677 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1678 : /* transcript.message_a size is 0
1679 : * session_transcript.message_k is 0*/
1680 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request3,
1681 : sizeof(spdm_psk_finish_request_t) + sizeof(uint16_t) +
1682 1 : m_libspdm_psk_finish_request3.opaque_data_size);
1683 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1684 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1685 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1686 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1687 : request_finished_key, hash_size, ptr);
1688 1 : m_libspdm_psk_finish_request3_size = sizeof(spdm_psk_finish_request_t) + hmac_size +
1689 1 : sizeof(uint16_t) +
1690 1 : m_libspdm_psk_finish_request3.opaque_data_size;
1691 1 : response_size = sizeof(response);
1692 1 : status = libspdm_get_response_psk_finish(
1693 : spdm_context, m_libspdm_psk_finish_request3_size, &m_libspdm_psk_finish_request3,
1694 : &response_size, response);
1695 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1696 1 : ptr = (uint8_t *)response + sizeof(spdm_psk_finish_response_t);
1697 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t) +
1698 : sizeof(uint16_t) + libspdm_read_uint16(ptr));
1699 1 : spdm_response = (void *)response;
1700 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_PSK_FINISH_RSP);
1701 :
1702 1 : free(data1);
1703 1 : }
1704 :
1705 1 : int libspdm_rsp_psk_finish_rsp_test(void)
1706 : {
1707 1 : const struct CMUnitTest test_cases[] = {
1708 : /* Success Case*/
1709 : cmocka_unit_test(rsp_psk_finish_rsp_case1),
1710 : /* Bad request size*/
1711 : cmocka_unit_test(rsp_psk_finish_rsp_case2),
1712 : /* response_state: SPDM_RESPONSE_STATE_BUSY*/
1713 : cmocka_unit_test(rsp_psk_finish_rsp_case3),
1714 : /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
1715 : cmocka_unit_test(rsp_psk_finish_rsp_case4),
1716 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
1717 : /* response_state: SPDM_RESPONSE_STATE_NOT_READY*/
1718 : cmocka_unit_test(rsp_psk_finish_rsp_case5),
1719 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
1720 : /* connection_state Check*/
1721 : cmocka_unit_test(rsp_psk_finish_rsp_case6),
1722 : /* Buffer reset*/
1723 : cmocka_unit_test(rsp_psk_finish_rsp_case7),
1724 : /* Unsupported PSK capabilities*/
1725 : cmocka_unit_test(rsp_psk_finish_rsp_case8),
1726 : /* Uninitialized session*/
1727 : cmocka_unit_test(rsp_psk_finish_rsp_case9),
1728 : /* Incorrect MAC*/
1729 : cmocka_unit_test(rsp_psk_finish_rsp_case10),
1730 : cmocka_unit_test(rsp_psk_finish_rsp_case11),
1731 : /* Incorrect MAC size*/
1732 : cmocka_unit_test(rsp_psk_finish_rsp_case12),
1733 : cmocka_unit_test(rsp_psk_finish_rsp_case13),
1734 : /* Buffer verification*/
1735 : cmocka_unit_test(rsp_psk_finish_rsp_case14),
1736 : /* SPDM 1.4 with OpaqueData */
1737 : cmocka_unit_test(rsp_psk_finish_rsp_case15),
1738 : };
1739 :
1740 1 : libspdm_test_context_t test_context = {
1741 : LIBSPDM_TEST_CONTEXT_VERSION,
1742 : false,
1743 : };
1744 :
1745 1 : libspdm_setup_test_context(&test_context);
1746 :
1747 1 : return cmocka_run_group_tests(test_cases,
1748 : libspdm_unit_test_group_setup,
1749 : libspdm_unit_test_group_teardown);
1750 : }
1751 :
1752 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
|