Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2026 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 : #include "internal/libspdm_secured_message_lib.h"
10 :
11 : #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP
12 : #pragma pack(1)
13 : typedef struct {
14 : spdm_message_header_t header;
15 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
16 : } libspdm_psk_finish_request_mine_t;
17 :
18 : typedef struct {
19 : spdm_message_header_t header;
20 : uint16_t opaque_data_size;
21 : uint8_t opaque_data[8];
22 : uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
23 : } libspdm_psk_finish_request_mine_14_t;
24 : #pragma pack()
25 :
26 : static libspdm_th_managed_buffer_t th_curr;
27 :
28 : libspdm_psk_finish_request_mine_t m_libspdm_psk_finish_request1 = {
29 : { SPDM_MESSAGE_VERSION_11, SPDM_PSK_FINISH, 0, 0 },
30 : };
31 : size_t m_libspdm_psk_finish_request1_size = sizeof(m_libspdm_psk_finish_request1);
32 :
33 : libspdm_psk_finish_request_mine_t m_libspdm_psk_finish_request2 = {
34 : { SPDM_MESSAGE_VERSION_11, SPDM_PSK_FINISH, 0, 0 },
35 : };
36 : size_t m_libspdm_psk_finish_request2_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
37 :
38 : libspdm_psk_finish_request_mine_14_t m_libspdm_psk_finish_request3 = {
39 : { SPDM_MESSAGE_VERSION_14, SPDM_PSK_FINISH, 0, 0 },
40 : };
41 : size_t m_libspdm_psk_finish_request3_size = sizeof(m_libspdm_psk_finish_request3);
42 :
43 : static uint8_t m_libspdm_dummy_buffer[LIBSPDM_MAX_HASH_SIZE];
44 :
45 : extern size_t libspdm_secret_lib_psk_finish_opaque_data_size;
46 : extern bool g_generate_psk_finish_opaque_data;
47 :
48 16 : static void libspdm_secured_message_set_request_finished_key(
49 : void *spdm_secured_message_context, const void *key, size_t key_size)
50 : {
51 : libspdm_secured_message_context_t *secured_message_context;
52 :
53 16 : secured_message_context = spdm_secured_message_context;
54 16 : LIBSPDM_ASSERT(key_size == secured_message_context->hash_size);
55 16 : libspdm_copy_mem(secured_message_context->handshake_secret.request_finished_key,
56 : sizeof(secured_message_context->handshake_secret.request_finished_key),
57 : key, secured_message_context->hash_size);
58 16 : }
59 :
60 : /**
61 : * Test 1: receiving a correct PSK_FINISH message from the requester with a
62 : * correct MAC.
63 : * Expected behavior: the responder accepts the request and produces a valid
64 : * PSK_FINISH_RSP response message.
65 : **/
66 1 : static void rsp_psk_finish_rsp_case1(void **state)
67 : {
68 : libspdm_return_t status;
69 : libspdm_test_context_t *spdm_test_context;
70 : libspdm_context_t *spdm_context;
71 : size_t response_size;
72 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
73 : spdm_psk_finish_response_t *spdm_response;
74 : void *data1;
75 : size_t data_size1;
76 : uint8_t *ptr;
77 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
78 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
79 : libspdm_session_info_t *session_info;
80 : uint32_t session_id;
81 : uint32_t hash_size;
82 : uint32_t hmac_size;
83 :
84 1 : spdm_test_context = *state;
85 1 : spdm_context = spdm_test_context->spdm_context;
86 1 : spdm_test_context->case_id = 0x1;
87 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
88 : SPDM_VERSION_NUMBER_SHIFT_BIT;
89 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
90 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
91 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
92 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
93 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
94 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
95 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
96 : m_libspdm_use_measurement_hash_algo;
97 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
98 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
99 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
100 : m_libspdm_use_asym_algo, &data1,
101 : &data_size1, NULL, NULL);
102 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
103 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
104 :
105 1 : libspdm_reset_message_a(spdm_context);
106 :
107 1 : session_id = 0xFFFFFFFF;
108 1 : spdm_context->latest_session_id = session_id;
109 1 : spdm_context->last_spdm_request_session_id_valid = true;
110 1 : spdm_context->last_spdm_request_session_id = session_id;
111 1 : session_info = &spdm_context->session_info[0];
112 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
113 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
114 1 : libspdm_session_info_set_psk_hint(session_info,
115 : LIBSPDM_TEST_PSK_HINT_STRING,
116 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
117 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
118 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
119 1 : libspdm_secured_message_set_request_finished_key(
120 : session_info->secured_message_context, m_libspdm_dummy_buffer,
121 : hash_size);
122 1 : libspdm_secured_message_set_session_state(
123 : session_info->secured_message_context,
124 : LIBSPDM_SESSION_STATE_HANDSHAKING);
125 :
126 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
127 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
128 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
129 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
130 : /* transcript.message_a size is 0
131 : * session_transcript.message_k is 0*/
132 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
133 : sizeof(spdm_psk_finish_request_t));
134 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
135 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
136 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
137 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
138 : request_finished_key, hash_size, ptr);
139 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
140 1 : response_size = sizeof(response);
141 1 : status = libspdm_get_response_psk_finish(spdm_context,
142 : m_libspdm_psk_finish_request1_size,
143 : &m_libspdm_psk_finish_request1,
144 : &response_size, response);
145 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
146 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t));
147 1 : spdm_response = (void *)response;
148 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_PSK_FINISH_RSP);
149 1 : free(data1);
150 1 : }
151 :
152 : /**
153 : * Test 2: receiving a PSK_FINISH message larger than specified.
154 : * Expected behavior: the responder refuses the PSK_FINISH message and
155 : * produces an ERROR message indicating the InvalidRequest.
156 : **/
157 1 : static void rsp_psk_finish_rsp_case2(void **state)
158 : {
159 : libspdm_return_t status;
160 : libspdm_test_context_t *spdm_test_context;
161 : libspdm_context_t *spdm_context;
162 : size_t response_size;
163 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
164 : spdm_psk_finish_response_t *spdm_response;
165 : void *data1;
166 : size_t data_size1;
167 : uint8_t *ptr;
168 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
169 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
170 : libspdm_session_info_t *session_info;
171 : uint32_t session_id;
172 : uint32_t hash_size;
173 :
174 1 : spdm_test_context = *state;
175 1 : spdm_context = spdm_test_context->spdm_context;
176 1 : spdm_test_context->case_id = 0x2;
177 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
178 : SPDM_VERSION_NUMBER_SHIFT_BIT;
179 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
180 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
181 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
182 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
183 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
184 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
185 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
186 : m_libspdm_use_measurement_hash_algo;
187 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
188 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
189 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
190 : m_libspdm_use_asym_algo, &data1,
191 : &data_size1, NULL, NULL);
192 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
193 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
194 :
195 1 : libspdm_reset_message_a(spdm_context);
196 :
197 1 : session_id = 0xFFFFFFFF;
198 1 : spdm_context->latest_session_id = session_id;
199 1 : spdm_context->last_spdm_request_session_id_valid = true;
200 1 : spdm_context->last_spdm_request_session_id = session_id;
201 1 : session_info = &spdm_context->session_info[0];
202 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
203 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
204 1 : libspdm_session_info_set_psk_hint(session_info,
205 : LIBSPDM_TEST_PSK_HINT_STRING,
206 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
207 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
208 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
209 1 : libspdm_secured_message_set_request_finished_key(
210 : session_info->secured_message_context, m_libspdm_dummy_buffer,
211 : hash_size);
212 1 : libspdm_secured_message_set_session_state(
213 : session_info->secured_message_context,
214 : LIBSPDM_SESSION_STATE_HANDSHAKING);
215 :
216 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
217 1 : ptr = m_libspdm_psk_finish_request2.verify_data;
218 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
219 : /* transcript.message_a size is 0
220 : * session_transcript.message_k is 0*/
221 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request2,
222 : sizeof(spdm_psk_finish_request_t));
223 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
224 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
225 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
226 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
227 : request_finished_key, hash_size, ptr);
228 1 : response_size = sizeof(response);
229 1 : status = libspdm_get_response_psk_finish(spdm_context,
230 : m_libspdm_psk_finish_request2_size,
231 : &m_libspdm_psk_finish_request2,
232 : &response_size, response);
233 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
234 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
235 1 : spdm_response = (void *)response;
236 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
237 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
238 1 : assert_int_equal(spdm_response->header.param2, 0);
239 1 : free(data1);
240 1 : }
241 :
242 : /**
243 : * Test 3: receiving a correct PSK_FINISH from the requester, but the
244 : * responder is in a Busy state.
245 : * Expected behavior: the responder accepts the request, but produces an
246 : * ERROR message indicating the Busy state.
247 : **/
248 1 : static void rsp_psk_finish_rsp_case3(void **state)
249 : {
250 : libspdm_return_t status;
251 : libspdm_test_context_t *spdm_test_context;
252 : libspdm_context_t *spdm_context;
253 : size_t response_size;
254 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
255 : spdm_psk_finish_response_t *spdm_response;
256 : void *data1;
257 : size_t data_size1;
258 : uint8_t *ptr;
259 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
260 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
261 : libspdm_session_info_t *session_info;
262 : uint32_t session_id;
263 : uint32_t hash_size;
264 : uint32_t hmac_size;
265 :
266 1 : spdm_test_context = *state;
267 1 : spdm_context = spdm_test_context->spdm_context;
268 1 : spdm_test_context->case_id = 0x3;
269 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
270 : SPDM_VERSION_NUMBER_SHIFT_BIT;
271 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
272 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
273 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
274 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
275 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
276 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
277 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
278 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
279 : m_libspdm_use_measurement_hash_algo;
280 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
281 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
282 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
283 : m_libspdm_use_asym_algo, &data1,
284 : &data_size1, NULL, NULL);
285 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
286 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
287 :
288 1 : libspdm_reset_message_a(spdm_context);
289 :
290 1 : session_id = 0xFFFFFFFF;
291 1 : spdm_context->latest_session_id = session_id;
292 1 : spdm_context->last_spdm_request_session_id_valid = true;
293 1 : spdm_context->last_spdm_request_session_id = session_id;
294 1 : session_info = &spdm_context->session_info[0];
295 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
296 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
297 1 : libspdm_session_info_set_psk_hint(session_info,
298 : LIBSPDM_TEST_PSK_HINT_STRING,
299 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
300 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
301 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
302 1 : libspdm_secured_message_set_request_finished_key(
303 : session_info->secured_message_context, m_libspdm_dummy_buffer,
304 : hash_size);
305 1 : libspdm_secured_message_set_session_state(
306 : session_info->secured_message_context,
307 : LIBSPDM_SESSION_STATE_HANDSHAKING);
308 :
309 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
310 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
311 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
312 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
313 : /* transcript.message_a size is 0
314 : * session_transcript.message_k is 0*/
315 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
316 : sizeof(spdm_psk_finish_request_t));
317 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
318 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
319 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
320 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
321 : request_finished_key, hash_size, ptr);
322 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
323 1 : response_size = sizeof(response);
324 1 : status = libspdm_get_response_psk_finish(spdm_context,
325 : m_libspdm_psk_finish_request1_size,
326 : &m_libspdm_psk_finish_request1,
327 : &response_size, response);
328 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
329 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
330 1 : spdm_response = (void *)response;
331 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
332 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
333 1 : assert_int_equal(spdm_response->header.param2, 0);
334 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_BUSY);
335 1 : free(data1);
336 1 : }
337 :
338 : /**
339 : * Test 4: receiving a correct PSK_FINISH from the requester, but the
340 : * responder requires resynchronization with the requester.
341 : * Expected behavior: the responder accepts the request, but produces an
342 : * ERROR message indicating the NeedResynch state.
343 : **/
344 1 : static void rsp_psk_finish_rsp_case4(void **state)
345 : {
346 : libspdm_return_t status;
347 : libspdm_test_context_t *spdm_test_context;
348 : libspdm_context_t *spdm_context;
349 : size_t response_size;
350 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
351 : spdm_psk_finish_response_t *spdm_response;
352 : void *data1;
353 : size_t data_size1;
354 : uint8_t *ptr;
355 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
356 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
357 : libspdm_session_info_t *session_info;
358 : uint32_t session_id;
359 : uint32_t hash_size;
360 : uint32_t hmac_size;
361 :
362 1 : spdm_test_context = *state;
363 1 : spdm_context = spdm_test_context->spdm_context;
364 1 : spdm_test_context->case_id = 0x4;
365 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
366 : SPDM_VERSION_NUMBER_SHIFT_BIT;
367 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
368 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
369 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
370 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
371 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
372 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
373 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
374 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
375 : m_libspdm_use_measurement_hash_algo;
376 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
377 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
378 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
379 : m_libspdm_use_asym_algo, &data1,
380 : &data_size1, NULL, NULL);
381 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
382 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
383 :
384 1 : libspdm_reset_message_a(spdm_context);
385 :
386 1 : session_id = 0xFFFFFFFF;
387 1 : spdm_context->latest_session_id = session_id;
388 1 : spdm_context->last_spdm_request_session_id_valid = true;
389 1 : spdm_context->last_spdm_request_session_id = session_id;
390 1 : session_info = &spdm_context->session_info[0];
391 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
392 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
393 1 : libspdm_session_info_set_psk_hint(session_info,
394 : LIBSPDM_TEST_PSK_HINT_STRING,
395 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
396 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
397 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
398 1 : libspdm_secured_message_set_request_finished_key(
399 : session_info->secured_message_context, m_libspdm_dummy_buffer,
400 : hash_size);
401 1 : libspdm_secured_message_set_session_state(
402 : session_info->secured_message_context,
403 : LIBSPDM_SESSION_STATE_HANDSHAKING);
404 :
405 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
406 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
407 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
408 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
409 : /* transcript.message_a size is 0
410 : * session_transcript.message_k is 0*/
411 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
412 : sizeof(spdm_psk_finish_request_t));
413 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
414 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
415 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
416 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
417 : request_finished_key, hash_size, ptr);
418 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
419 1 : response_size = sizeof(response);
420 1 : status = libspdm_get_response_psk_finish(spdm_context,
421 : m_libspdm_psk_finish_request1_size,
422 : &m_libspdm_psk_finish_request1,
423 : &response_size, response);
424 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
425 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
426 1 : spdm_response = (void *)response;
427 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
428 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_REQUEST_RESYNCH);
429 1 : assert_int_equal(spdm_response->header.param2, 0);
430 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
431 1 : free(data1);
432 1 : }
433 :
434 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
435 : /**
436 : * Test 5: receiving a correct PSK_FINISH from the requester, but the
437 : * responder could not produce the response in time.
438 : * Expected behavior: the responder accepts the request, but produces an
439 : * ERROR message indicating the ResponseNotReady state.
440 : **/
441 1 : static void rsp_psk_finish_rsp_case5(void **state)
442 : {
443 : libspdm_return_t status;
444 : libspdm_test_context_t *spdm_test_context;
445 : libspdm_context_t *spdm_context;
446 : size_t response_size;
447 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
448 : spdm_psk_finish_response_t *spdm_response;
449 : void *data1;
450 : size_t data_size1;
451 : uint8_t *ptr;
452 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
453 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
454 : libspdm_session_info_t *session_info;
455 : uint32_t session_id;
456 : uint32_t hash_size;
457 : uint32_t hmac_size;
458 : spdm_error_data_response_not_ready_t *error_data;
459 :
460 1 : spdm_test_context = *state;
461 1 : spdm_context = spdm_test_context->spdm_context;
462 1 : spdm_test_context->case_id = 0x5;
463 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
464 : SPDM_VERSION_NUMBER_SHIFT_BIT;
465 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NOT_READY;
466 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
467 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
468 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
469 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
470 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
471 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
472 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
473 : m_libspdm_use_measurement_hash_algo;
474 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
475 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
476 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
477 : m_libspdm_use_asym_algo, &data1,
478 : &data_size1, NULL, NULL);
479 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
480 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
481 :
482 1 : libspdm_reset_message_a(spdm_context);
483 :
484 1 : session_id = 0xFFFFFFFF;
485 1 : spdm_context->latest_session_id = session_id;
486 1 : spdm_context->last_spdm_request_session_id_valid = true;
487 1 : spdm_context->last_spdm_request_session_id = session_id;
488 1 : session_info = &spdm_context->session_info[0];
489 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
490 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
491 1 : libspdm_session_info_set_psk_hint(session_info,
492 : LIBSPDM_TEST_PSK_HINT_STRING,
493 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
494 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
495 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
496 1 : libspdm_secured_message_set_request_finished_key(
497 : session_info->secured_message_context, m_libspdm_dummy_buffer,
498 : hash_size);
499 1 : libspdm_secured_message_set_session_state(
500 : session_info->secured_message_context,
501 : LIBSPDM_SESSION_STATE_HANDSHAKING);
502 :
503 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
504 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
505 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
506 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
507 : /* transcript.message_a size is 0
508 : * session_transcript.message_k is 0*/
509 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
510 : sizeof(spdm_psk_finish_request_t));
511 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
512 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
513 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
514 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
515 : request_finished_key, hash_size, ptr);
516 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
517 1 : response_size = sizeof(response);
518 1 : status = libspdm_get_response_psk_finish(spdm_context,
519 : m_libspdm_psk_finish_request1_size,
520 : &m_libspdm_psk_finish_request1,
521 : &response_size, response);
522 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
523 1 : assert_int_equal(response_size,
524 : sizeof(spdm_error_response_t) +
525 : sizeof(spdm_error_data_response_not_ready_t));
526 1 : spdm_response = (void *)response;
527 1 : error_data = (spdm_error_data_response_not_ready_t *)(spdm_response + 1);
528 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
529 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_RESPONSE_NOT_READY);
530 1 : assert_int_equal(spdm_response->header.param2, 0);
531 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_NOT_READY);
532 1 : assert_int_equal(error_data->request_code, SPDM_PSK_FINISH);
533 1 : free(data1);
534 1 : }
535 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
536 :
537 : /**
538 : * Test 6: receiving a correct PSK_FINISH from the requester, but the
539 : * responder is not set no receive a PSK-FINISH message because previous
540 : * messages (namely, GET_CAPABILITIES, NEGOTIATE_ALGORITHMS or
541 : * GET_DIGESTS) have not been received.
542 : * Expected behavior: the responder rejects the request, and produces an
543 : * ERROR message indicating the UnexpectedRequest.
544 : **/
545 1 : static void rsp_psk_finish_rsp_case6(void **state)
546 : {
547 : libspdm_return_t status;
548 : libspdm_test_context_t *spdm_test_context;
549 : libspdm_context_t *spdm_context;
550 : size_t response_size;
551 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
552 : spdm_psk_finish_response_t *spdm_response;
553 : void *data1;
554 : size_t data_size1;
555 : uint8_t *ptr;
556 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
557 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
558 : libspdm_session_info_t *session_info;
559 : uint32_t session_id;
560 : uint32_t hash_size;
561 : uint32_t hmac_size;
562 :
563 1 : spdm_test_context = *state;
564 1 : spdm_context = spdm_test_context->spdm_context;
565 1 : spdm_test_context->case_id = 0x6;
566 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
567 : SPDM_VERSION_NUMBER_SHIFT_BIT;
568 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
569 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NOT_STARTED;
570 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
571 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
572 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
573 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
574 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
575 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
576 : m_libspdm_use_measurement_hash_algo;
577 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
578 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
579 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
580 : m_libspdm_use_asym_algo, &data1,
581 : &data_size1, NULL, NULL);
582 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
583 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
584 :
585 1 : libspdm_reset_message_a(spdm_context);
586 :
587 1 : session_id = 0xFFFFFFFF;
588 1 : spdm_context->latest_session_id = session_id;
589 1 : spdm_context->last_spdm_request_session_id_valid = true;
590 1 : spdm_context->last_spdm_request_session_id = session_id;
591 1 : session_info = &spdm_context->session_info[0];
592 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
593 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
594 1 : libspdm_session_info_set_psk_hint(session_info,
595 : LIBSPDM_TEST_PSK_HINT_STRING,
596 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
597 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
598 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
599 1 : libspdm_secured_message_set_request_finished_key(
600 : session_info->secured_message_context, m_libspdm_dummy_buffer,
601 : hash_size);
602 1 : libspdm_secured_message_set_session_state(
603 : session_info->secured_message_context,
604 : LIBSPDM_SESSION_STATE_HANDSHAKING);
605 :
606 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
607 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
608 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
609 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
610 : /* transcript.message_a size is 0
611 : * session_transcript.message_k is 0*/
612 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
613 : sizeof(spdm_psk_finish_request_t));
614 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
615 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
616 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
617 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
618 : request_finished_key, hash_size, ptr);
619 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
620 1 : response_size = sizeof(response);
621 1 : status = libspdm_get_response_psk_finish(spdm_context,
622 : m_libspdm_psk_finish_request1_size,
623 : &m_libspdm_psk_finish_request1,
624 : &response_size, response);
625 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
626 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
627 1 : spdm_response = (void *)response;
628 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
629 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
630 1 : assert_int_equal(spdm_response->header.param2, 0);
631 1 : free(data1);
632 1 : }
633 :
634 1 : static void rsp_psk_finish_rsp_case7(void **state)
635 : {
636 : libspdm_return_t status;
637 : libspdm_test_context_t *spdm_test_context;
638 : libspdm_context_t *spdm_context;
639 : size_t response_size;
640 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
641 : spdm_psk_finish_response_t *spdm_response;
642 : void *data1;
643 : size_t data_size1;
644 : uint8_t *ptr;
645 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
646 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
647 : libspdm_session_info_t *session_info;
648 : uint32_t session_id;
649 : uint32_t hash_size;
650 : uint32_t hmac_size;
651 :
652 1 : spdm_test_context = *state;
653 1 : spdm_context = spdm_test_context->spdm_context;
654 1 : spdm_test_context->case_id = 0x7;
655 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
656 : SPDM_VERSION_NUMBER_SHIFT_BIT;
657 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
658 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
659 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
660 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
661 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
662 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
663 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
664 : m_libspdm_use_measurement_hash_algo;
665 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
666 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
667 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
668 : m_libspdm_use_asym_algo, &data1,
669 : &data_size1, NULL, NULL);
670 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
671 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
672 :
673 1 : libspdm_reset_message_a(spdm_context);
674 :
675 1 : session_id = 0xFFFFFFFF;
676 1 : spdm_context->latest_session_id = session_id;
677 1 : spdm_context->last_spdm_request_session_id_valid = true;
678 1 : spdm_context->last_spdm_request_session_id = session_id;
679 1 : session_info = &spdm_context->session_info[0];
680 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
681 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
682 1 : libspdm_session_info_set_psk_hint(session_info,
683 : LIBSPDM_TEST_PSK_HINT_STRING,
684 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
685 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
686 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
687 1 : libspdm_secured_message_set_request_finished_key(
688 : session_info->secured_message_context, m_libspdm_dummy_buffer,
689 : hash_size);
690 1 : libspdm_secured_message_set_session_state(
691 : session_info->secured_message_context,
692 : LIBSPDM_SESSION_STATE_HANDSHAKING);
693 :
694 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
695 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
696 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
697 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
698 : /* transcript.message_a size is 0
699 : * session_transcript.message_k is 0*/
700 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
701 : sizeof(spdm_psk_finish_request_t));
702 :
703 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
704 : session_info->session_transcript.message_m.buffer_size =
705 : session_info->session_transcript.message_m.max_buffer_size;
706 : spdm_context->transcript.message_b.buffer_size =
707 : spdm_context->transcript.message_b.max_buffer_size;
708 : spdm_context->transcript.message_c.buffer_size =
709 : spdm_context->transcript.message_c.max_buffer_size;
710 : spdm_context->transcript.message_mut_b.buffer_size =
711 : spdm_context->transcript.message_mut_b.max_buffer_size;
712 : spdm_context->transcript.message_mut_c.buffer_size =
713 : spdm_context->transcript.message_mut_c.max_buffer_size;
714 : #endif
715 :
716 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
717 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
718 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
719 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
720 : request_finished_key, hash_size, ptr);
721 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
722 1 : response_size = sizeof(response);
723 1 : status = libspdm_get_response_psk_finish(spdm_context,
724 : m_libspdm_psk_finish_request1_size,
725 : &m_libspdm_psk_finish_request1,
726 : &response_size, response);
727 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
728 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t));
729 1 : spdm_response = (void *)response;
730 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_PSK_FINISH_RSP);
731 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
732 : assert_int_equal(session_info->session_transcript.message_m.buffer_size, 0);
733 : assert_int_equal(spdm_context->transcript.message_b.buffer_size, 0);
734 : assert_int_equal(spdm_context->transcript.message_c.buffer_size, 0);
735 : assert_int_equal(spdm_context->transcript.message_mut_b.buffer_size, 0);
736 : assert_int_equal(spdm_context->transcript.message_mut_c.buffer_size, 0);
737 : #endif
738 :
739 1 : free(data1);
740 1 : }
741 :
742 : /**
743 : * Test 8: receiving a correct PSK_FINISH message from the requester, but
744 : * the responder has no capabilities for pre-shared keys.
745 : * Expected behavior: the responder refuses the PSK_FINISH message and
746 : * produces an ERROR message indicating the UnsupportedRequest.
747 : **/
748 1 : static void rsp_psk_finish_rsp_case8(void **state)
749 : {
750 : libspdm_return_t status;
751 : libspdm_test_context_t *spdm_test_context;
752 : libspdm_context_t *spdm_context;
753 : size_t response_size;
754 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
755 : spdm_psk_finish_response_t *spdm_response;
756 : void *data1;
757 : size_t data_size1;
758 : uint8_t *ptr;
759 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
760 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
761 : libspdm_session_info_t *session_info;
762 : uint32_t session_id;
763 : uint32_t hash_size;
764 : uint32_t hmac_size;
765 :
766 1 : spdm_test_context = *state;
767 1 : spdm_context = spdm_test_context->spdm_context;
768 1 : spdm_test_context->case_id = 0x8;
769 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
770 : SPDM_VERSION_NUMBER_SHIFT_BIT;
771 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
772 1 : spdm_context->connection_info.capability.flags &=
773 : ~(SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP);
774 1 : spdm_context->local_context.capability.flags &= ~(SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP);
775 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
776 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
777 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
778 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
779 : m_libspdm_use_measurement_hash_algo;
780 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
781 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
782 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
783 : m_libspdm_use_asym_algo, &data1,
784 : &data_size1, NULL, NULL);
785 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
786 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
787 :
788 1 : spdm_context->transcript.message_a.buffer_size = 0;
789 :
790 1 : session_id = 0xFFFFFFFF;
791 1 : spdm_context->latest_session_id = session_id;
792 1 : spdm_context->last_spdm_request_session_id_valid = true;
793 1 : spdm_context->last_spdm_request_session_id = session_id;
794 1 : session_info = &spdm_context->session_info[0];
795 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
796 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
797 1 : libspdm_session_info_set_psk_hint(session_info,
798 : LIBSPDM_TEST_PSK_HINT_STRING,
799 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
800 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
801 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
802 1 : libspdm_secured_message_set_request_finished_key(
803 : session_info->secured_message_context, m_libspdm_dummy_buffer,
804 : hash_size);
805 1 : libspdm_secured_message_set_session_state(
806 : session_info->secured_message_context,
807 : LIBSPDM_SESSION_STATE_HANDSHAKING);
808 :
809 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
810 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
811 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
812 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
813 : /* transcript.message_a size is 0
814 : * session_transcript.message_k is 0*/
815 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
816 : sizeof(spdm_psk_finish_request_t));
817 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
818 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
819 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
820 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
821 : request_finished_key, hash_size, ptr);
822 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
823 1 : response_size = sizeof(response);
824 1 : status = libspdm_get_response_psk_finish(spdm_context,
825 : m_libspdm_psk_finish_request1_size,
826 : &m_libspdm_psk_finish_request1,
827 : &response_size, response);
828 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
829 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
830 1 : spdm_response = (void *)response;
831 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
832 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST);
833 1 : assert_int_equal(spdm_response->header.param2, SPDM_PSK_FINISH);
834 1 : free(data1);
835 1 : }
836 :
837 : /**
838 : * Test 9: receiving a correct PSK_FINISH message from the requester, but
839 : * the responder is not correctly setup by not initializing a session during
840 : * PSK_EXCHANGE.
841 : * Expected behavior: the responder refuses the PSK_FINISH message and
842 : * produces an ERROR message indicating the InvalidRequest.
843 : **/
844 1 : static void rsp_psk_finish_rsp_case9(void **state)
845 : {
846 : libspdm_return_t status;
847 : libspdm_test_context_t *spdm_test_context;
848 : libspdm_context_t *spdm_context;
849 : size_t response_size;
850 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
851 : spdm_psk_finish_response_t *spdm_response;
852 : void *data1;
853 : size_t data_size1;
854 : uint8_t *ptr;
855 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
856 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
857 : libspdm_session_info_t *session_info;
858 : uint32_t session_id;
859 : uint32_t hash_size;
860 : uint32_t hmac_size;
861 :
862 1 : spdm_test_context = *state;
863 1 : spdm_context = spdm_test_context->spdm_context;
864 1 : spdm_test_context->case_id = 0x9;
865 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
866 : SPDM_VERSION_NUMBER_SHIFT_BIT;
867 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
868 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
869 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
870 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
871 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
872 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
873 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
874 : m_libspdm_use_measurement_hash_algo;
875 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
876 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
877 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
878 : m_libspdm_use_asym_algo, &data1,
879 : &data_size1, NULL, NULL);
880 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
881 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
882 :
883 1 : spdm_context->transcript.message_a.buffer_size = 0;
884 :
885 1 : session_id = 0xFFFFFFFF;
886 1 : spdm_context->latest_session_id = session_id;
887 1 : spdm_context->last_spdm_request_session_id_valid = true;
888 1 : spdm_context->last_spdm_request_session_id = session_id;
889 1 : session_info = &spdm_context->session_info[0];
890 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
891 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
892 1 : libspdm_session_info_set_psk_hint(session_info,
893 : LIBSPDM_TEST_PSK_HINT_STRING,
894 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
895 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
896 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
897 1 : libspdm_secured_message_set_request_finished_key(
898 : session_info->secured_message_context, m_libspdm_dummy_buffer,
899 : hash_size);
900 1 : libspdm_secured_message_set_session_state(
901 : session_info->secured_message_context,
902 : LIBSPDM_SESSION_STATE_NOT_STARTED);
903 :
904 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
905 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
906 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
907 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
908 : /* transcript.message_a size is 0
909 : * session_transcript.message_k is 0*/
910 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
911 : sizeof(spdm_psk_finish_request_t));
912 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
913 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
914 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
915 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
916 : request_finished_key, hash_size, ptr);
917 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
918 1 : response_size = sizeof(response);
919 1 : status = libspdm_get_response_psk_finish(spdm_context,
920 : m_libspdm_psk_finish_request1_size,
921 : &m_libspdm_psk_finish_request1,
922 : &response_size, response);
923 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
924 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
925 1 : spdm_response = (void *)response;
926 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
927 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
928 1 : assert_int_equal(spdm_response->header.param2, 0);
929 1 : free(data1);
930 1 : }
931 :
932 : /**
933 : * Test 10: receiving a PSK_FINISH message from the requester with an
934 : * incorrect MAC (all-zero).
935 : * Expected behavior: the responder refuses the PSK_FINISH message and
936 : * produces an ERROR message indicating the DecryptError.
937 : **/
938 1 : static void rsp_psk_finish_rsp_case10(void **state)
939 : {
940 : libspdm_return_t status;
941 : libspdm_test_context_t *spdm_test_context;
942 : libspdm_context_t *spdm_context;
943 : size_t response_size;
944 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
945 : spdm_psk_finish_response_t *spdm_response;
946 : void *data1;
947 : size_t data_size1;
948 : uint8_t *ptr;
949 : libspdm_session_info_t *session_info;
950 : uint32_t session_id;
951 : uint32_t hash_size;
952 : uint32_t hmac_size;
953 :
954 1 : spdm_test_context = *state;
955 1 : spdm_context = spdm_test_context->spdm_context;
956 1 : spdm_test_context->case_id = 0xA;
957 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
958 : SPDM_VERSION_NUMBER_SHIFT_BIT;
959 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
960 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
961 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
962 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
963 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
964 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
965 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
966 : m_libspdm_use_measurement_hash_algo;
967 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
968 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
969 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
970 : m_libspdm_use_asym_algo, &data1,
971 : &data_size1, NULL, NULL);
972 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
973 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
974 :
975 1 : spdm_context->transcript.message_a.buffer_size = 0;
976 :
977 1 : session_id = 0xFFFFFFFF;
978 1 : spdm_context->latest_session_id = session_id;
979 1 : spdm_context->last_spdm_request_session_id_valid = true;
980 1 : spdm_context->last_spdm_request_session_id = session_id;
981 1 : session_info = &spdm_context->session_info[0];
982 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
983 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
984 1 : libspdm_session_info_set_psk_hint(session_info,
985 : LIBSPDM_TEST_PSK_HINT_STRING,
986 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
987 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
988 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
989 1 : libspdm_secured_message_set_request_finished_key(
990 : session_info->secured_message_context, m_libspdm_dummy_buffer,
991 : hash_size);
992 1 : libspdm_secured_message_set_session_state(
993 : session_info->secured_message_context,
994 : LIBSPDM_SESSION_STATE_HANDSHAKING);
995 :
996 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
997 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
998 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
999 1 : libspdm_set_mem(ptr, hmac_size, (uint8_t)(0x00)); /*all-zero MAC*/
1000 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
1001 1 : response_size = sizeof(response);
1002 1 : status = libspdm_get_response_psk_finish(spdm_context,
1003 : m_libspdm_psk_finish_request1_size,
1004 : &m_libspdm_psk_finish_request1,
1005 : &response_size, response);
1006 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1007 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1008 1 : spdm_response = (void *)response;
1009 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1010 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_DECRYPT_ERROR);
1011 1 : assert_int_equal(spdm_response->header.param2, 0);
1012 1 : free(data1);
1013 1 : }
1014 :
1015 : /**
1016 : * Test 11: receiving a PSK_FINISH message from the requester with an
1017 : * incorrect MAC (arbitrary).
1018 : * Expected behavior: the responder refuses the PSK_FINISH message and
1019 : * produces an ERROR message indicating the DecryptError.
1020 : **/
1021 1 : static void rsp_psk_finish_rsp_case11(void **state)
1022 : {
1023 : libspdm_return_t status;
1024 : libspdm_test_context_t *spdm_test_context;
1025 : libspdm_context_t *spdm_context;
1026 : size_t response_size;
1027 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1028 : spdm_psk_finish_response_t *spdm_response;
1029 : void *data1;
1030 : size_t data_size1;
1031 : uint8_t *ptr;
1032 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1033 : uint8_t zero_data[LIBSPDM_MAX_HASH_SIZE];
1034 : libspdm_session_info_t *session_info;
1035 : uint32_t session_id;
1036 : uint32_t hash_size;
1037 : uint32_t hmac_size;
1038 :
1039 1 : spdm_test_context = *state;
1040 1 : spdm_context = spdm_test_context->spdm_context;
1041 1 : spdm_test_context->case_id = 0xB;
1042 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1043 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1044 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1045 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1046 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1047 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1048 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1049 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1050 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1051 : m_libspdm_use_measurement_hash_algo;
1052 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1053 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1054 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1055 : m_libspdm_use_asym_algo, &data1,
1056 : &data_size1, NULL, NULL);
1057 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1058 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1059 :
1060 1 : spdm_context->transcript.message_a.buffer_size = 0;
1061 :
1062 1 : session_id = 0xFFFFFFFF;
1063 1 : spdm_context->latest_session_id = session_id;
1064 1 : spdm_context->last_spdm_request_session_id_valid = true;
1065 1 : spdm_context->last_spdm_request_session_id = session_id;
1066 1 : session_info = &spdm_context->session_info[0];
1067 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1068 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1069 1 : libspdm_session_info_set_psk_hint(session_info,
1070 : LIBSPDM_TEST_PSK_HINT_STRING,
1071 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1072 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1073 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1074 1 : libspdm_secured_message_set_request_finished_key(
1075 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1076 : hash_size);
1077 1 : libspdm_secured_message_set_session_state(
1078 : session_info->secured_message_context,
1079 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1080 :
1081 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1082 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1083 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1084 : /*arbitrary MAC*/
1085 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1086 1 : libspdm_set_mem(zero_data, hash_size, (uint8_t)(0x00));
1087 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, zero_data, hash_size,
1088 : request_finished_key, hash_size, ptr);
1089 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
1090 1 : response_size = sizeof(response);
1091 1 : status = libspdm_get_response_psk_finish(spdm_context,
1092 : m_libspdm_psk_finish_request1_size,
1093 : &m_libspdm_psk_finish_request1,
1094 : &response_size, response);
1095 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1096 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1097 1 : spdm_response = (void *)response;
1098 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1099 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_DECRYPT_ERROR);
1100 1 : assert_int_equal(spdm_response->header.param2, 0);
1101 1 : free(data1);
1102 1 : }
1103 :
1104 : /**
1105 : * Test 12: receiving a PSK_FINISH message from the requester with an
1106 : * incorrect MAC size (a correct MAC repeated twice).
1107 : * Expected behavior: the responder refuses the PSK_FINISH message and
1108 : * produces an ERROR message indicating the InvalidRequest.
1109 : **/
1110 1 : static void rsp_psk_finish_rsp_case12(void **state)
1111 : {
1112 : libspdm_return_t status;
1113 : libspdm_test_context_t *spdm_test_context;
1114 : libspdm_context_t *spdm_context;
1115 : size_t response_size;
1116 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1117 : spdm_psk_finish_response_t *spdm_response;
1118 : void *data1;
1119 : size_t data_size1;
1120 : uint8_t *ptr;
1121 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1122 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1123 : libspdm_session_info_t *session_info;
1124 : uint32_t session_id;
1125 : uint32_t hash_size;
1126 : uint32_t hmac_size;
1127 :
1128 1 : spdm_test_context = *state;
1129 1 : spdm_context = spdm_test_context->spdm_context;
1130 1 : spdm_test_context->case_id = 0xC;
1131 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1132 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1133 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1134 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1135 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1136 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1137 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1138 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1139 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1140 : m_libspdm_use_measurement_hash_algo;
1141 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1142 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1143 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1144 : m_libspdm_use_asym_algo, &data1,
1145 : &data_size1, NULL, NULL);
1146 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1147 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1148 :
1149 1 : spdm_context->transcript.message_a.buffer_size = 0;
1150 :
1151 1 : session_id = 0xFFFFFFFF;
1152 1 : spdm_context->latest_session_id = session_id;
1153 1 : spdm_context->last_spdm_request_session_id_valid = true;
1154 1 : spdm_context->last_spdm_request_session_id = session_id;
1155 1 : session_info = &spdm_context->session_info[0];
1156 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1157 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1158 1 : libspdm_session_info_set_psk_hint(session_info,
1159 : LIBSPDM_TEST_PSK_HINT_STRING,
1160 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1161 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1162 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1163 1 : libspdm_secured_message_set_request_finished_key(
1164 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1165 : hash_size);
1166 1 : libspdm_secured_message_set_session_state(
1167 : session_info->secured_message_context,
1168 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1169 :
1170 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1171 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1172 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1173 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1174 : /* transcript.message_a size is 0
1175 : * session_transcript.message_k is 0*/
1176 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1177 : sizeof(spdm_psk_finish_request_t));
1178 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1179 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1180 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1181 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1182 : request_finished_key, hash_size, ptr);
1183 1 : libspdm_copy_mem(ptr, sizeof(m_libspdm_psk_finish_request1.verify_data),
1184 1 : ptr + hmac_size, hmac_size); /* 2x HMAC size*/
1185 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + 2*hmac_size;
1186 1 : response_size = sizeof(response);
1187 1 : status = libspdm_get_response_psk_finish(spdm_context,
1188 : m_libspdm_psk_finish_request1_size,
1189 : &m_libspdm_psk_finish_request1,
1190 : &response_size, response);
1191 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1192 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1193 1 : spdm_response = (void *)response;
1194 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1195 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1196 1 : assert_int_equal(spdm_response->header.param2, 0);
1197 1 : free(data1);
1198 1 : }
1199 :
1200 : /**
1201 : * Test 13: receiving a PSK_FINISH message from the requester with an
1202 : * incorrect MAC size (only the correct first half of the MAC).
1203 : * Expected behavior: the responder refuses the PSK_FINISH message and
1204 : * produces an ERROR message indicating the InvalidRequest.
1205 : **/
1206 1 : static void rsp_psk_finish_rsp_case13(void **state)
1207 : {
1208 : libspdm_return_t status;
1209 : libspdm_test_context_t *spdm_test_context;
1210 : libspdm_context_t *spdm_context;
1211 : size_t response_size;
1212 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1213 : spdm_psk_finish_response_t *spdm_response;
1214 : void *data1;
1215 : size_t data_size1;
1216 : uint8_t *ptr;
1217 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1218 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1219 : libspdm_session_info_t *session_info;
1220 : uint32_t session_id;
1221 : uint32_t hash_size;
1222 : uint32_t hmac_size;
1223 :
1224 1 : spdm_test_context = *state;
1225 1 : spdm_context = spdm_test_context->spdm_context;
1226 1 : spdm_test_context->case_id = 0xD;
1227 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1228 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1229 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1230 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1231 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1232 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1233 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1234 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1235 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1236 : m_libspdm_use_measurement_hash_algo;
1237 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1238 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1239 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1240 : m_libspdm_use_asym_algo, &data1,
1241 : &data_size1, NULL, NULL);
1242 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1243 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1244 :
1245 1 : spdm_context->transcript.message_a.buffer_size = 0;
1246 :
1247 1 : session_id = 0xFFFFFFFF;
1248 1 : spdm_context->latest_session_id = session_id;
1249 1 : spdm_context->last_spdm_request_session_id_valid = true;
1250 1 : spdm_context->last_spdm_request_session_id = session_id;
1251 1 : session_info = &spdm_context->session_info[0];
1252 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1253 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1254 1 : libspdm_session_info_set_psk_hint(session_info,
1255 : LIBSPDM_TEST_PSK_HINT_STRING,
1256 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1257 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1258 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1259 1 : libspdm_secured_message_set_request_finished_key(
1260 : session_info->secured_message_context, m_libspdm_dummy_buffer,
1261 : hash_size);
1262 1 : libspdm_secured_message_set_session_state(
1263 : session_info->secured_message_context,
1264 : LIBSPDM_SESSION_STATE_HANDSHAKING);
1265 :
1266 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1267 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1268 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1269 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1270 : /* transcript.message_a size is 0
1271 : * session_transcript.message_k is 0*/
1272 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1273 : sizeof(spdm_psk_finish_request_t));
1274 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1275 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1276 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1277 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1278 : request_finished_key, hash_size, ptr);
1279 1 : libspdm_set_mem(ptr + hmac_size/2, hmac_size/2, (uint8_t) 0x00); /* half HMAC size*/
1280 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size/2;
1281 1 : response_size = sizeof(response);
1282 1 : status = libspdm_get_response_psk_finish(spdm_context,
1283 : m_libspdm_psk_finish_request1_size,
1284 : &m_libspdm_psk_finish_request1,
1285 : &response_size, response);
1286 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1287 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1288 1 : spdm_response = (void *)response;
1289 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1290 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1291 1 : assert_int_equal(spdm_response->header.param2, 0);
1292 1 : free(data1);
1293 1 : }
1294 :
1295 : /**
1296 : * Test 14: receiving a correct PSK_FINISH from the requester.
1297 : * Expected behavior: the responder accepts the request and produces a valid PSK_FINISH
1298 : * response message, and buffer F receives the exchanged PSK_FINISH and PSK_FINISH_RSP messages.
1299 : **/
1300 1 : static void rsp_psk_finish_rsp_case14(void **state)
1301 : {
1302 : libspdm_return_t status;
1303 : libspdm_test_context_t *spdm_test_context;
1304 : libspdm_context_t *spdm_context;
1305 : size_t response_size;
1306 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1307 : spdm_psk_finish_response_t *spdm_response;
1308 : void *data1;
1309 : size_t data_size1;
1310 : uint8_t *ptr;
1311 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1312 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1313 : libspdm_session_info_t *session_info;
1314 : uint32_t session_id;
1315 : uint32_t hash_size;
1316 : uint32_t hmac_size;
1317 :
1318 1 : spdm_test_context = *state;
1319 1 : spdm_context = spdm_test_context->spdm_context;
1320 1 : spdm_test_context->case_id = 0xE;
1321 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
1322 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1323 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1324 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1325 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1326 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1327 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1328 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1329 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1330 : m_libspdm_use_measurement_hash_algo;
1331 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1332 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1333 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1334 : m_libspdm_use_asym_algo, &data1,
1335 : &data_size1, NULL, NULL);
1336 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1337 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1338 :
1339 1 : libspdm_reset_message_a(spdm_context);
1340 :
1341 1 : session_id = 0xFFFFFFFF;
1342 1 : spdm_context->latest_session_id = session_id;
1343 1 : spdm_context->last_spdm_request_session_id_valid = true;
1344 1 : spdm_context->last_spdm_request_session_id = session_id;
1345 1 : session_info = &spdm_context->session_info[0];
1346 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1347 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1348 1 : libspdm_session_info_set_psk_hint(session_info,
1349 : LIBSPDM_TEST_PSK_HINT_STRING,
1350 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1351 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1352 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1353 1 : libspdm_secured_message_set_request_finished_key(
1354 : session_info->secured_message_context, m_libspdm_dummy_buffer, hash_size);
1355 1 : libspdm_secured_message_set_session_state(
1356 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1357 :
1358 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1359 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1360 1 : ptr = m_libspdm_psk_finish_request1.verify_data;
1361 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1362 : /* transcript.message_a size is 0
1363 : * session_transcript.message_k is 0*/
1364 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request1,
1365 : sizeof(spdm_psk_finish_request_t));
1366 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1367 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1368 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1369 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1370 : request_finished_key, hash_size, ptr);
1371 1 : m_libspdm_psk_finish_request1_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
1372 1 : response_size = sizeof(response);
1373 1 : status = libspdm_get_response_psk_finish(
1374 : spdm_context, m_libspdm_psk_finish_request1_size, &m_libspdm_psk_finish_request1,
1375 : &response_size, response);
1376 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1377 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t));
1378 1 : spdm_response = (void *)response;
1379 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_PSK_FINISH_RSP);
1380 :
1381 : #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
1382 : assert_int_equal(spdm_context->session_info[0].session_transcript.message_f.buffer_size,
1383 : m_libspdm_psk_finish_request1_size + response_size);
1384 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer,
1385 : &m_libspdm_psk_finish_request1, m_libspdm_psk_finish_request1_size);
1386 : assert_memory_equal(spdm_context->session_info[0].session_transcript.message_f.buffer +
1387 : m_libspdm_psk_finish_request1_size, response, response_size);
1388 : #endif
1389 :
1390 1 : free(data1);
1391 1 : }
1392 :
1393 : /**
1394 : * Test 15: SPDM version 1.4, with OpaqueData.
1395 : * Expected behavior: the responder accepts the request and produces a valid PSK_FINISH
1396 : * response message.
1397 : **/
1398 1 : static void rsp_psk_finish_rsp_case15(void **state)
1399 : {
1400 : libspdm_return_t status;
1401 : libspdm_test_context_t *spdm_test_context;
1402 : libspdm_context_t *spdm_context;
1403 : size_t response_size;
1404 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1405 : spdm_psk_finish_response_t *spdm_response;
1406 : void *data1;
1407 : size_t data_size1;
1408 : uint8_t *ptr;
1409 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1410 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1411 : libspdm_session_info_t *session_info;
1412 : uint32_t session_id;
1413 : uint32_t hash_size;
1414 : uint32_t hmac_size;
1415 :
1416 1 : spdm_test_context = *state;
1417 1 : spdm_context = spdm_test_context->spdm_context;
1418 1 : spdm_test_context->case_id = 0xF;
1419 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
1420 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1421 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1422 1 : spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1423 1 : spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1424 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1425 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1426 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1427 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1428 : m_libspdm_use_measurement_hash_algo;
1429 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1430 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1431 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1432 : m_libspdm_use_asym_algo, &data1,
1433 : &data_size1, NULL, NULL);
1434 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1435 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1436 :
1437 1 : libspdm_reset_message_a(spdm_context);
1438 :
1439 1 : session_id = 0xFFFFFFFF;
1440 1 : spdm_context->latest_session_id = session_id;
1441 1 : spdm_context->last_spdm_request_session_id_valid = true;
1442 1 : spdm_context->last_spdm_request_session_id = session_id;
1443 1 : session_info = &spdm_context->session_info[0];
1444 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1445 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1446 1 : libspdm_session_info_set_psk_hint(session_info,
1447 : LIBSPDM_TEST_PSK_HINT_STRING,
1448 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1449 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1450 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1451 1 : libspdm_secured_message_set_request_finished_key(
1452 : session_info->secured_message_context, m_libspdm_dummy_buffer, hash_size);
1453 1 : libspdm_secured_message_set_session_state(
1454 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1455 :
1456 1 : m_libspdm_psk_finish_request3.opaque_data_size =
1457 : sizeof(m_libspdm_psk_finish_request3.opaque_data);
1458 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1459 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1460 1 : ptr = m_libspdm_psk_finish_request3.verify_data;
1461 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1462 : /* transcript.message_a size is 0
1463 : * session_transcript.message_k is 0*/
1464 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request3,
1465 : sizeof(spdm_psk_finish_request_t) + sizeof(uint16_t) +
1466 1 : m_libspdm_psk_finish_request3.opaque_data_size);
1467 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1468 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1469 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1470 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1471 : request_finished_key, hash_size, ptr);
1472 1 : m_libspdm_psk_finish_request3_size = sizeof(spdm_psk_finish_request_t) + hmac_size +
1473 1 : sizeof(uint16_t) +
1474 1 : m_libspdm_psk_finish_request3.opaque_data_size;
1475 1 : response_size = sizeof(response);
1476 1 : status = libspdm_get_response_psk_finish(
1477 : spdm_context, m_libspdm_psk_finish_request3_size, &m_libspdm_psk_finish_request3,
1478 : &response_size, response);
1479 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1480 1 : ptr = (uint8_t *)response + sizeof(spdm_psk_finish_response_t);
1481 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t) +
1482 : sizeof(uint16_t) + libspdm_read_uint16(ptr));
1483 1 : spdm_response = (void *)response;
1484 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_PSK_FINISH_RSP);
1485 :
1486 1 : free(data1);
1487 1 : }
1488 :
1489 : /**
1490 : * Test 16: SPDM version 1.4, with OpaqueData.
1491 : * Expected behavior: the responder accepts the request and produces a valid
1492 : * PSK_FINISH_RSP response message with integrator defined opaque data in the response.
1493 : **/
1494 1 : static void rsp_psk_finish_rsp_case16(void **state)
1495 : {
1496 : libspdm_return_t status;
1497 : libspdm_test_context_t *spdm_test_context;
1498 : libspdm_context_t *spdm_context;
1499 : size_t response_size;
1500 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1501 : spdm_psk_finish_response_t *spdm_response;
1502 : void *data1;
1503 : size_t data_size1;
1504 : uint8_t *ptr;
1505 : uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
1506 : uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
1507 : libspdm_session_info_t *session_info;
1508 : uint32_t session_id;
1509 : uint32_t hash_size;
1510 : uint32_t hmac_size;
1511 :
1512 1 : spdm_test_context = *state;
1513 1 : spdm_context = spdm_test_context->spdm_context;
1514 1 : spdm_test_context->case_id = 0x10;
1515 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
1516 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1517 1 : spdm_context->connection_info.connection_state =
1518 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1519 1 : spdm_context->connection_info.capability.flags |=
1520 : SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
1521 1 : spdm_context->local_context.capability.flags |=
1522 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
1523 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1524 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1525 1 : spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
1526 1 : spdm_context->connection_info.algorithm.measurement_hash_algo =
1527 : m_libspdm_use_measurement_hash_algo;
1528 1 : spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
1529 1 : spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
1530 1 : spdm_context->connection_info.algorithm.other_params_support =
1531 : SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1;
1532 1 : g_generate_psk_finish_opaque_data = true;
1533 1 : libspdm_secret_lib_psk_finish_opaque_data_size = 8;
1534 :
1535 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1536 : m_libspdm_use_asym_algo, &data1,
1537 : &data_size1, NULL, NULL);
1538 1 : spdm_context->local_context.local_cert_chain_provision[0] = data1;
1539 1 : spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
1540 :
1541 1 : libspdm_reset_message_a(spdm_context);
1542 :
1543 1 : session_id = 0xFFFFFFFF;
1544 1 : spdm_context->latest_session_id = session_id;
1545 1 : spdm_context->last_spdm_request_session_id_valid = true;
1546 1 : spdm_context->last_spdm_request_session_id = session_id;
1547 1 : session_info = &spdm_context->session_info[0];
1548 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
1549 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
1550 1 : libspdm_session_info_set_psk_hint(session_info,
1551 : LIBSPDM_TEST_PSK_HINT_STRING,
1552 : sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
1553 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1554 1 : libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
1555 1 : libspdm_secured_message_set_request_finished_key(
1556 : session_info->secured_message_context, m_libspdm_dummy_buffer, hash_size);
1557 1 : libspdm_secured_message_set_session_state(
1558 : session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
1559 :
1560 1 : m_libspdm_psk_finish_request3.opaque_data_size =
1561 : sizeof(m_libspdm_psk_finish_request3.opaque_data);
1562 1 : hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1563 1 : hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
1564 1 : ptr = m_libspdm_psk_finish_request3.verify_data;
1565 1 : libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
1566 : /* transcript.message_a size is 0
1567 : * session_transcript.message_k is 0*/
1568 1 : libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request3,
1569 : sizeof(spdm_psk_finish_request_t) + sizeof(uint16_t) +
1570 1 : m_libspdm_psk_finish_request3.opaque_data_size);
1571 1 : libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
1572 1 : libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
1573 : libspdm_get_managed_buffer_size(&th_curr), hash_data);
1574 1 : libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
1575 : request_finished_key, hash_size, ptr);
1576 1 : m_libspdm_psk_finish_request3_size = sizeof(spdm_psk_finish_request_t) + hmac_size +
1577 1 : sizeof(uint16_t) +
1578 1 : m_libspdm_psk_finish_request3.opaque_data_size;
1579 1 : response_size = sizeof(response);
1580 1 : status = libspdm_get_response_psk_finish(
1581 : spdm_context, m_libspdm_psk_finish_request3_size, &m_libspdm_psk_finish_request3,
1582 : &response_size, response);
1583 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1584 1 : ptr = (uint8_t *)response + sizeof(spdm_psk_finish_response_t);
1585 1 : assert_int_equal(libspdm_read_uint16(ptr),
1586 : libspdm_secret_lib_psk_finish_opaque_data_size);
1587 1 : assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t) +
1588 : sizeof(uint16_t) + libspdm_read_uint16(ptr));
1589 1 : spdm_response = (void *)response;
1590 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_PSK_FINISH_RSP);
1591 :
1592 1 : g_generate_psk_finish_opaque_data = false;
1593 1 : free(data1);
1594 1 : }
1595 :
1596 1 : int libspdm_rsp_psk_finish_rsp_test(void)
1597 : {
1598 1 : const struct CMUnitTest test_cases[] = {
1599 : /* Success Case*/
1600 : cmocka_unit_test(rsp_psk_finish_rsp_case1),
1601 : /* Bad request size*/
1602 : cmocka_unit_test(rsp_psk_finish_rsp_case2),
1603 : /* response_state: SPDM_RESPONSE_STATE_BUSY*/
1604 : cmocka_unit_test(rsp_psk_finish_rsp_case3),
1605 : /* response_state: SPDM_RESPONSE_STATE_NEED_RESYNC*/
1606 : cmocka_unit_test(rsp_psk_finish_rsp_case4),
1607 : #if LIBSPDM_RESPOND_IF_READY_SUPPORT
1608 : /* response_state: SPDM_RESPONSE_STATE_NOT_READY*/
1609 : cmocka_unit_test(rsp_psk_finish_rsp_case5),
1610 : #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */
1611 : /* connection_state Check*/
1612 : cmocka_unit_test(rsp_psk_finish_rsp_case6),
1613 : /* Buffer reset*/
1614 : cmocka_unit_test(rsp_psk_finish_rsp_case7),
1615 : /* Unsupported PSK capabilities*/
1616 : cmocka_unit_test(rsp_psk_finish_rsp_case8),
1617 : /* Uninitialized session*/
1618 : cmocka_unit_test(rsp_psk_finish_rsp_case9),
1619 : /* Incorrect MAC*/
1620 : cmocka_unit_test(rsp_psk_finish_rsp_case10),
1621 : cmocka_unit_test(rsp_psk_finish_rsp_case11),
1622 : /* Incorrect MAC size*/
1623 : cmocka_unit_test(rsp_psk_finish_rsp_case12),
1624 : cmocka_unit_test(rsp_psk_finish_rsp_case13),
1625 : /* Buffer verification*/
1626 : cmocka_unit_test(rsp_psk_finish_rsp_case14),
1627 : /* SPDM 1.4 with OpaqueData */
1628 : cmocka_unit_test(rsp_psk_finish_rsp_case15),
1629 : /* SPDM 1.4, the Responder using integrator defined opaque data */
1630 : cmocka_unit_test(rsp_psk_finish_rsp_case16),
1631 : };
1632 :
1633 1 : libspdm_test_context_t test_context = {
1634 : LIBSPDM_TEST_CONTEXT_VERSION,
1635 : false,
1636 : };
1637 :
1638 1 : libspdm_setup_test_context(&test_context);
1639 :
1640 1 : return cmocka_run_group_tests(test_cases,
1641 : libspdm_unit_test_group_setup,
1642 : libspdm_unit_test_group_teardown);
1643 : }
1644 :
1645 : #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */
|
