Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2026 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 :
10 : #if defined(_WIN32) || (defined(__clang__) && (defined (LIBSPDM_CPU_AARCH64) || \
11 : defined(LIBSPDM_CPU_ARM)))
12 : #else
13 : #include <fcntl.h>
14 : #include <unistd.h>
15 : #include <sys/stat.h>
16 : #endif
17 :
18 : #if LIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP
19 :
20 : extern bool g_in_trusted_environment;
21 : extern bool g_set_cert_is_busy;
22 :
23 : /**
24 : * Test 1: receives a valid SET_CERTIFICATE request message from Requester to set cert in slot_id:0 with device_cert model
25 : * Expected Behavior: produces a valid SET_CERTIFICATE_RSP response message
26 : **/
27 1 : static void rsp_set_certificate_rsp_case1(void **state)
28 : {
29 : libspdm_return_t status;
30 : libspdm_test_context_t *spdm_test_context;
31 : libspdm_context_t *spdm_context;
32 : size_t response_size;
33 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
34 : spdm_set_certificate_response_t *spdm_response;
35 : void *cert_chain;
36 : size_t cert_chain_size;
37 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
38 :
39 : void *cert_chain_slot_1;
40 : uint8_t *new_cert_chain;
41 : size_t new_cert_chain_size;
42 : size_t root_cert_hash_size;
43 :
44 1 : spdm_test_context = *state;
45 1 : spdm_context = spdm_test_context->spdm_context;
46 1 : spdm_test_context->case_id = 0x1;
47 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
48 : SPDM_VERSION_NUMBER_SHIFT_BIT;
49 :
50 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
51 1 : spdm_context->local_context.capability.flags |=
52 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
53 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
54 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
55 :
56 1 : spdm_context->local_context.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
57 1 : spdm_context->local_context.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
58 :
59 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
60 : m_libspdm_use_asym_algo, &cert_chain,
61 : &cert_chain_size, NULL, NULL);
62 :
63 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
64 : cert_chain_size);
65 :
66 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
67 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
68 1 : m_libspdm_set_certificate_request->header.param1 = 0;
69 1 : m_libspdm_set_certificate_request->header.param2 = 0;
70 :
71 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
72 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
73 : (uint8_t *)cert_chain, cert_chain_size);
74 :
75 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
76 : cert_chain_size;
77 :
78 1 : response_size = sizeof(response);
79 1 : status = libspdm_get_response_set_certificate(spdm_context,
80 : m_libspdm_set_certificate_request_size,
81 : m_libspdm_set_certificate_request,
82 : &response_size, response);
83 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
84 1 : assert_int_equal(response_size, sizeof(spdm_set_certificate_response_t));
85 1 : spdm_response = (void *)response;
86 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_SET_CERTIFICATE_RSP);
87 :
88 1 : free(cert_chain);
89 1 : free(m_libspdm_set_certificate_request);
90 :
91 : /*test overwrite same slot_id cert*/
92 :
93 : /*read a different cert_chain*/
94 1 : libspdm_read_responder_public_certificate_chain_per_slot(1, m_libspdm_use_hash_algo,
95 : m_libspdm_use_asym_algo,
96 : &cert_chain_slot_1,
97 : &cert_chain_size, NULL, NULL);
98 :
99 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
100 : cert_chain_size);
101 :
102 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
103 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
104 : /*write the same slot_id 0*/
105 1 : m_libspdm_set_certificate_request->header.param1 = 0;
106 1 : m_libspdm_set_certificate_request->header.param2 = 0;
107 :
108 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
109 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
110 : (uint8_t *)cert_chain_slot_1, cert_chain_size);
111 :
112 1 : m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
113 : cert_chain_size;
114 :
115 1 : response_size = sizeof(response);
116 1 : status = libspdm_get_response_set_certificate(spdm_context,
117 : m_libspdm_set_certificate_request_size,
118 : m_libspdm_set_certificate_request,
119 : &response_size, response);
120 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
121 1 : assert_int_equal(response_size, sizeof(spdm_set_certificate_response_t));
122 1 : spdm_response = (void *)response;
123 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_SET_CERTIFICATE_RSP);
124 :
125 : /*check that the cert_chain is overwritten*/
126 1 : libspdm_read_input_file("slot_id_0_cert_chain.der",
127 : (void **)&new_cert_chain, &new_cert_chain_size);
128 :
129 : /*get actual cert_chain size*/
130 1 : root_cert_hash_size = libspdm_get_hash_size(
131 : spdm_context->local_context.algorithm.base_hash_algo);
132 1 : cert_chain_size = cert_chain_size - sizeof(spdm_cert_chain_t) - root_cert_hash_size;
133 :
134 : /*point to actual cert_chain*/
135 1 : cert_chain_slot_1 = (void*)((uint8_t *)cert_chain_slot_1
136 1 : + sizeof(spdm_cert_chain_t) + root_cert_hash_size);
137 :
138 1 : assert_memory_equal(cert_chain_slot_1, new_cert_chain, cert_chain_size);
139 :
140 1 : free(new_cert_chain);
141 :
142 : /*point to total cert_chain_slot_1: it is important*/
143 1 : cert_chain_slot_1 = (void*)((uint8_t *)cert_chain_slot_1
144 1 : - sizeof(spdm_cert_chain_t) - root_cert_hash_size);
145 1 : free(cert_chain_slot_1);
146 1 : free(m_libspdm_set_certificate_request);
147 1 : }
148 :
149 : /**
150 : * Test 2: Wrong SET_CERTIFICATE message size (larger than expected)
151 : * Expected Behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST
152 : **/
153 1 : static void rsp_set_certificate_rsp_case2(void **state)
154 : {
155 : libspdm_return_t status;
156 : libspdm_test_context_t *spdm_test_context;
157 : libspdm_context_t *spdm_context;
158 : size_t response_size;
159 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
160 : spdm_set_certificate_response_t *spdm_response;
161 : void *cert_chain;
162 : size_t cert_chain_size;
163 :
164 1 : spdm_test_context = *state;
165 1 : spdm_context = spdm_test_context->spdm_context;
166 1 : spdm_test_context->case_id = 0x2;
167 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
168 : SPDM_VERSION_NUMBER_SHIFT_BIT;
169 :
170 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
171 1 : spdm_context->local_context.capability.flags |=
172 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
173 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
174 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
175 :
176 1 : spdm_context->local_context.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
177 1 : spdm_context->local_context.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
178 :
179 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
180 : m_libspdm_use_asym_algo, &cert_chain,
181 : &cert_chain_size, NULL, NULL);
182 :
183 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
184 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
185 : cert_chain_size);
186 :
187 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
188 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
189 1 : m_libspdm_set_certificate_request->header.param1 = 0;
190 1 : m_libspdm_set_certificate_request->header.param2 = 0;
191 :
192 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
193 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
194 : (uint8_t *)cert_chain, cert_chain_size);
195 :
196 : /* Bad request size: only have header size*/
197 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t);
198 :
199 1 : response_size = sizeof(response);
200 1 : status = libspdm_get_response_set_certificate(spdm_context,
201 : m_libspdm_set_certificate_request_size,
202 : m_libspdm_set_certificate_request,
203 : &response_size, response);
204 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
205 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
206 1 : spdm_response = (void *)response;
207 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
208 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
209 1 : assert_int_equal(spdm_response->header.param2, 0);
210 :
211 1 : free(cert_chain);
212 1 : free(m_libspdm_set_certificate_request);
213 1 : }
214 :
215 :
216 : /**
217 : * Test 3: Force response_state = LIBSPDM_RESPONSE_STATE_BUSY when asked SET_CERTIFICATE
218 : * Expected Behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_BUSY
219 : **/
220 1 : static void rsp_set_certificate_rsp_case3(void **state)
221 : {
222 : libspdm_return_t status;
223 : libspdm_test_context_t *spdm_test_context;
224 : libspdm_context_t *spdm_context;
225 : size_t response_size;
226 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
227 : spdm_set_certificate_response_t *spdm_response;
228 : void *cert_chain;
229 : size_t cert_chain_size;
230 :
231 1 : spdm_test_context = *state;
232 1 : spdm_context = spdm_test_context->spdm_context;
233 1 : spdm_test_context->case_id = 0x3;
234 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
235 : SPDM_VERSION_NUMBER_SHIFT_BIT;
236 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
237 :
238 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
239 1 : spdm_context->local_context.capability.flags |=
240 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
241 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
242 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
243 :
244 1 : spdm_context->local_context.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
245 1 : spdm_context->local_context.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
246 :
247 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
248 : m_libspdm_use_asym_algo, &cert_chain,
249 : &cert_chain_size, NULL, NULL);
250 :
251 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
252 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
253 : cert_chain_size);
254 :
255 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
256 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
257 1 : m_libspdm_set_certificate_request->header.param1 = 0;
258 1 : m_libspdm_set_certificate_request->header.param2 = 0;
259 :
260 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
261 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
262 : (uint8_t *)cert_chain, cert_chain_size);
263 :
264 : /* Bad request size: right request size + 1*/
265 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
266 1 : cert_chain_size + 1;
267 :
268 1 : response_size = sizeof(response);
269 1 : status = libspdm_get_response_set_certificate(spdm_context,
270 : m_libspdm_set_certificate_request_size,
271 : m_libspdm_set_certificate_request,
272 : &response_size, response);
273 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
274 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
275 1 : spdm_response = (void *)response;
276 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
277 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
278 1 : assert_int_equal(spdm_response->header.param2, 0);
279 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_BUSY);
280 :
281 1 : free(cert_chain);
282 1 : free(m_libspdm_set_certificate_request);
283 1 : }
284 :
285 :
286 : /**
287 : * Test 4: Force response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC when asked SET_CERTIFICATE
288 : * Expected Behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_REQUEST_RESYNCH
289 : **/
290 1 : static void rsp_set_certificate_rsp_case4(void **state)
291 : {
292 : libspdm_return_t status;
293 : libspdm_test_context_t *spdm_test_context;
294 : libspdm_context_t *spdm_context;
295 : size_t response_size;
296 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
297 : spdm_set_certificate_response_t *spdm_response;
298 : void *cert_chain;
299 : size_t cert_chain_size;
300 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
301 :
302 1 : spdm_test_context = *state;
303 1 : spdm_context = spdm_test_context->spdm_context;
304 1 : spdm_test_context->case_id = 0x4;
305 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
306 : SPDM_VERSION_NUMBER_SHIFT_BIT;
307 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
308 :
309 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
310 1 : spdm_context->local_context.capability.flags |=
311 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
312 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
313 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
314 :
315 1 : spdm_context->local_context.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
316 1 : spdm_context->local_context.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
317 :
318 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
319 : m_libspdm_use_asym_algo, &cert_chain,
320 : &cert_chain_size, NULL, NULL);
321 :
322 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
323 : cert_chain_size);
324 :
325 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
326 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
327 1 : m_libspdm_set_certificate_request->header.param1 = 0;
328 1 : m_libspdm_set_certificate_request->header.param2 = 0;
329 :
330 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
331 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
332 : (uint8_t *)cert_chain, cert_chain_size);
333 :
334 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
335 : cert_chain_size;
336 :
337 1 : response_size = sizeof(response);
338 1 : status = libspdm_get_response_set_certificate(spdm_context,
339 : m_libspdm_set_certificate_request_size,
340 : m_libspdm_set_certificate_request,
341 : &response_size, response);
342 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
343 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
344 1 : spdm_response = (void *)response;
345 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
346 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_REQUEST_RESYNCH);
347 1 : assert_int_equal(spdm_response->header.param2, 0);
348 1 : assert_int_equal(spdm_context->response_state, LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
349 :
350 1 : free(cert_chain);
351 1 : free(m_libspdm_set_certificate_request);
352 1 : }
353 :
354 : /**
355 : * Test 5: receives a valid SET_CERTIFICATE request message from Requester to set cert in slot_id:1 with session
356 : * Expected Behavior: produces a valid SET_CERTIFICATE_RSP response message
357 : **/
358 1 : static void rsp_set_certificate_rsp_case5(void **state)
359 : {
360 : libspdm_return_t status;
361 : libspdm_test_context_t *spdm_test_context;
362 : libspdm_context_t *spdm_context;
363 : size_t response_size;
364 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
365 : spdm_set_certificate_response_t *spdm_response;
366 : void *cert_chain;
367 : size_t cert_chain_size;
368 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
369 :
370 : libspdm_session_info_t *session_info;
371 : uint32_t session_id;
372 :
373 1 : spdm_test_context = *state;
374 1 : spdm_context = spdm_test_context->spdm_context;
375 1 : spdm_test_context->case_id = 0x5;
376 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
377 : SPDM_VERSION_NUMBER_SHIFT_BIT;
378 : /*responset_state need to set normal*/
379 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
380 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_AUTHENTICATED;
381 1 : spdm_context->local_context.capability.flags |=
382 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
383 1 : spdm_context->local_context.capability.flags |=
384 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG;
385 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
386 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
387 :
388 1 : spdm_context->local_context.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
389 1 : spdm_context->local_context.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
390 :
391 1 : session_id = 0xFFFFFFFF;
392 1 : spdm_context->latest_session_id = session_id;
393 1 : spdm_context->last_spdm_request_session_id_valid = true;
394 1 : spdm_context->last_spdm_request_session_id = session_id;
395 1 : session_info = &spdm_context->session_info[0];
396 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
397 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
398 1 : libspdm_secured_message_set_session_state(
399 : session_info->secured_message_context,
400 : LIBSPDM_SESSION_STATE_ESTABLISHED);
401 :
402 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
403 : m_libspdm_use_asym_algo, &cert_chain,
404 : &cert_chain_size, NULL, NULL);
405 :
406 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
407 : cert_chain_size);
408 :
409 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
410 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
411 1 : m_libspdm_set_certificate_request->header.param1 = 1;
412 1 : m_libspdm_set_certificate_request->header.param2 = 0;
413 :
414 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
415 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
416 : (uint8_t *)cert_chain, cert_chain_size);
417 :
418 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
419 : cert_chain_size;
420 :
421 1 : response_size = sizeof(response);
422 1 : status = libspdm_get_response_set_certificate(spdm_context,
423 : m_libspdm_set_certificate_request_size,
424 : m_libspdm_set_certificate_request,
425 : &response_size, response);
426 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
427 1 : assert_int_equal(response_size, sizeof(spdm_set_certificate_response_t));
428 1 : spdm_response = (void *)response;
429 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_SET_CERTIFICATE_RSP);
430 :
431 1 : free(cert_chain);
432 1 : free(m_libspdm_set_certificate_request);
433 1 : }
434 :
435 : /**
436 : * Test 6: receives a valid SET_CERTIFICATE request message from Requester with need_reset
437 : * Expected Behavior: The Responder return need reset
438 : **/
439 1 : static void rsp_set_certificate_rsp_case6(void **state)
440 : {
441 : libspdm_return_t status;
442 : libspdm_test_context_t *spdm_test_context;
443 : libspdm_context_t *spdm_context;
444 : size_t response_size;
445 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
446 : spdm_set_certificate_response_t *spdm_response;
447 : void *cert_chain;
448 : size_t cert_chain_size;
449 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
450 :
451 1 : spdm_test_context = *state;
452 1 : spdm_context = spdm_test_context->spdm_context;
453 1 : spdm_test_context->case_id = 0x6;
454 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
455 : SPDM_VERSION_NUMBER_SHIFT_BIT;
456 :
457 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
458 1 : spdm_context->local_context.capability.flags |=
459 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
460 1 : spdm_context->local_context.capability.flags |=
461 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP;
462 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
463 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
464 :
465 1 : spdm_context->local_context.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
466 1 : spdm_context->local_context.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
467 :
468 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
469 : m_libspdm_use_asym_algo, &cert_chain,
470 : &cert_chain_size, NULL, NULL);
471 :
472 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
473 : cert_chain_size);
474 :
475 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
476 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
477 1 : m_libspdm_set_certificate_request->header.param1 = 0;
478 1 : m_libspdm_set_certificate_request->header.param2 = 0;
479 :
480 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
481 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
482 : (uint8_t *)cert_chain, cert_chain_size);
483 :
484 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
485 : cert_chain_size;
486 :
487 1 : response_size = sizeof(response);
488 1 : status = libspdm_get_response_set_certificate(spdm_context,
489 : m_libspdm_set_certificate_request_size,
490 : m_libspdm_set_certificate_request,
491 : &response_size, response);
492 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
493 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
494 1 : spdm_response = (void *)response;
495 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
496 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_RESET_REQUIRED);
497 1 : assert_int_equal(spdm_response->header.param2, 0);
498 :
499 1 : free(cert_chain);
500 1 : free(m_libspdm_set_certificate_request);
501 1 : }
502 :
503 : /**
504 : * Test 7: receives a valid SET_CERTIFICATE request message from Requester to set cert in slot_id:0 with alias_cert model
505 : * Expected Behavior: produces a valid SET_CERTIFICATE_RSP response message
506 : **/
507 1 : static void rsp_set_certificate_rsp_case7(void **state)
508 : {
509 : libspdm_return_t status;
510 : libspdm_test_context_t *spdm_test_context;
511 : libspdm_context_t *spdm_context;
512 : size_t response_size;
513 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
514 : spdm_set_certificate_response_t *spdm_response;
515 : void *cert_chain;
516 : size_t cert_chain_size;
517 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
518 :
519 1 : spdm_test_context = *state;
520 1 : spdm_context = spdm_test_context->spdm_context;
521 1 : spdm_test_context->case_id = 0x7;
522 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
523 : SPDM_VERSION_NUMBER_SHIFT_BIT;
524 :
525 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
526 1 : spdm_context->local_context.capability.flags |=
527 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
528 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
529 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
530 1 : spdm_context->local_context.capability.flags &=
531 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP;
532 :
533 1 : spdm_context->local_context.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
534 1 : spdm_context->local_context.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
535 :
536 : /*set alias cert mode*/
537 1 : spdm_context->local_context.capability.flags |=
538 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP;
539 : /*read alias cert(alias cert chain is partial)*/
540 1 : libspdm_read_responder_public_certificate_chain_alias_cert_till_dev_cert_ca(
541 : m_libspdm_use_hash_algo, m_libspdm_use_asym_algo,
542 : &cert_chain, &cert_chain_size, NULL, NULL);
543 :
544 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
545 : cert_chain_size);
546 :
547 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
548 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
549 1 : m_libspdm_set_certificate_request->header.param1 = 0;
550 1 : m_libspdm_set_certificate_request->header.param2 = 0;
551 :
552 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
553 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
554 : (uint8_t *)cert_chain, cert_chain_size);
555 :
556 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
557 : cert_chain_size;
558 :
559 1 : response_size = sizeof(response);
560 1 : status = libspdm_get_response_set_certificate(spdm_context,
561 : m_libspdm_set_certificate_request_size,
562 : m_libspdm_set_certificate_request,
563 : &response_size, response);
564 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
565 1 : assert_int_equal(response_size, sizeof(spdm_set_certificate_response_t));
566 1 : spdm_response = (void *)response;
567 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_SET_CERTIFICATE_RSP);
568 :
569 1 : free(cert_chain);
570 1 : free(m_libspdm_set_certificate_request);
571 1 : }
572 :
573 : /**
574 : * Test 8: receives a SET_CERTIFICATE request message to set cert in slot_id:1 without session and with trusted environment
575 : * Expected Behavior: produces a valid SET_CERTIFICATE_RSP response message
576 : **/
577 1 : static void rsp_set_certificate_rsp_case8(void **state)
578 : {
579 : libspdm_return_t status;
580 : libspdm_test_context_t *spdm_test_context;
581 : libspdm_context_t *spdm_context;
582 : size_t response_size;
583 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
584 : spdm_set_certificate_response_t *spdm_response;
585 : void *cert_chain;
586 : size_t cert_chain_size;
587 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
588 :
589 1 : spdm_test_context = *state;
590 1 : spdm_context = spdm_test_context->spdm_context;
591 1 : spdm_test_context->case_id = 0x8;
592 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
593 : SPDM_VERSION_NUMBER_SHIFT_BIT;
594 : /*responset_state need to set normal*/
595 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
596 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_AUTHENTICATED;
597 1 : spdm_context->local_context.capability.flags |=
598 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
599 1 : spdm_context->local_context.capability.flags &=
600 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP;
601 1 : spdm_context->local_context.capability.flags &=
602 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP;
603 1 : spdm_context->local_context.capability.flags |=
604 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG;
605 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
606 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
607 :
608 1 : spdm_context->last_spdm_request_session_id_valid = false;
609 1 : g_in_trusted_environment = true;
610 :
611 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
612 : m_libspdm_use_asym_algo, &cert_chain,
613 : &cert_chain_size, NULL, NULL);
614 :
615 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
616 : cert_chain_size);
617 :
618 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
619 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
620 1 : m_libspdm_set_certificate_request->header.param1 = 1;
621 1 : m_libspdm_set_certificate_request->header.param2 = 0;
622 :
623 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
624 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
625 : (uint8_t *)cert_chain, cert_chain_size);
626 :
627 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
628 : cert_chain_size;
629 :
630 1 : response_size = sizeof(response);
631 1 : status = libspdm_get_response_set_certificate(spdm_context,
632 : m_libspdm_set_certificate_request_size,
633 : m_libspdm_set_certificate_request,
634 : &response_size, response);
635 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
636 1 : assert_int_equal(response_size, sizeof(spdm_set_certificate_response_t));
637 1 : spdm_response = (void *)response;
638 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_SET_CERTIFICATE_RSP);
639 :
640 1 : free(cert_chain);
641 1 : free(m_libspdm_set_certificate_request);
642 1 : }
643 :
644 : /**
645 : * Test 9: receives a SET_CERTIFICATE request message to set cert in slot_id:1 without session and without trusted environment
646 : * Expected Behavior: produces a valid ERROR response message
647 : **/
648 1 : static void rsp_set_certificate_rsp_case9(void **state)
649 : {
650 : libspdm_return_t status;
651 : libspdm_test_context_t *spdm_test_context;
652 : libspdm_context_t *spdm_context;
653 : size_t response_size;
654 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
655 : spdm_set_certificate_response_t *spdm_response;
656 : void *cert_chain;
657 : size_t cert_chain_size;
658 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
659 :
660 1 : spdm_test_context = *state;
661 1 : spdm_context = spdm_test_context->spdm_context;
662 1 : spdm_test_context->case_id = 0x9;
663 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
664 : SPDM_VERSION_NUMBER_SHIFT_BIT;
665 : /*responset_state need to set normal*/
666 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
667 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_AUTHENTICATED;
668 1 : spdm_context->local_context.capability.flags |=
669 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
670 1 : spdm_context->local_context.capability.flags &=
671 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP;
672 1 : spdm_context->local_context.capability.flags &=
673 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP;
674 1 : spdm_context->local_context.capability.flags |=
675 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG;
676 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
677 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
678 :
679 1 : spdm_context->last_spdm_request_session_id_valid = false;
680 1 : g_in_trusted_environment = false;
681 :
682 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
683 : m_libspdm_use_asym_algo, &cert_chain,
684 : &cert_chain_size, NULL, NULL);
685 :
686 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
687 : cert_chain_size);
688 :
689 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
690 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
691 1 : m_libspdm_set_certificate_request->header.param1 = 1;
692 1 : m_libspdm_set_certificate_request->header.param2 = 0;
693 :
694 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
695 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
696 : (uint8_t *)cert_chain, cert_chain_size);
697 :
698 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
699 : cert_chain_size;
700 :
701 1 : response_size = sizeof(response);
702 1 : status = libspdm_get_response_set_certificate(spdm_context,
703 : m_libspdm_set_certificate_request_size,
704 : m_libspdm_set_certificate_request,
705 : &response_size, response);
706 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
707 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
708 1 : spdm_response = (void *)response;
709 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
710 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
711 1 : assert_int_equal(spdm_response->header.param2, 0);
712 :
713 1 : free(cert_chain);
714 1 : free(m_libspdm_set_certificate_request);
715 1 : }
716 :
717 : /**
718 : * Test 10: receives a valid SET_CERTIFICATE request message from Requester to erase cert in slot_id:1 with session
719 : * Expected Behavior: produces a valid SET_CERTIFICATE_RSP response message
720 : **/
721 1 : static void rsp_set_certificate_rsp_case10(void **state)
722 : {
723 : libspdm_return_t status;
724 : libspdm_test_context_t *spdm_test_context;
725 : libspdm_context_t *spdm_context;
726 : size_t response_size;
727 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
728 : spdm_set_certificate_response_t *spdm_response;
729 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
730 :
731 : libspdm_session_info_t *session_info;
732 : uint32_t session_id;
733 : uint8_t slot_id;
734 : #if defined(_WIN32) || (defined(__clang__) && (defined (LIBSPDM_CPU_AARCH64) || \
735 : defined(LIBSPDM_CPU_ARM)))
736 : FILE *fp_out;
737 : #else
738 : int64_t fp_out;
739 : struct stat file_stat;
740 : #endif
741 : size_t cert_file_size;
742 :
743 1 : char file_name[] = "slot_id_0_cert_chain.der";
744 1 : slot_id = 1;
745 :
746 1 : spdm_test_context = *state;
747 1 : spdm_context = spdm_test_context->spdm_context;
748 1 : spdm_test_context->case_id = 0xA;
749 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_13 <<
750 : SPDM_VERSION_NUMBER_SHIFT_BIT;
751 : /*responset_state need to set normal*/
752 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
753 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_AUTHENTICATED;
754 1 : spdm_context->local_context.capability.flags |=
755 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
756 1 : spdm_context->local_context.capability.flags |=
757 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG;
758 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
759 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
760 :
761 1 : spdm_context->local_context.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
762 1 : spdm_context->local_context.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
763 :
764 1 : session_id = 0xFFFFFFFF;
765 1 : spdm_context->latest_session_id = session_id;
766 1 : spdm_context->last_spdm_request_session_id_valid = true;
767 1 : spdm_context->last_spdm_request_session_id = session_id;
768 1 : session_info = &spdm_context->session_info[0];
769 1 : libspdm_session_info_init(spdm_context, session_info, session_id,
770 : SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT, true);
771 1 : libspdm_secured_message_set_session_state(
772 : session_info->secured_message_context,
773 : LIBSPDM_SESSION_STATE_ESTABLISHED);
774 :
775 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t));
776 :
777 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_13;
778 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
779 1 : m_libspdm_set_certificate_request->header.param1 = slot_id |
780 : SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_ERASE;
781 1 : m_libspdm_set_certificate_request->header.param2 = 0;
782 :
783 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t);
784 :
785 1 : response_size = sizeof(response);
786 1 : status = libspdm_get_response_set_certificate(spdm_context,
787 : m_libspdm_set_certificate_request_size,
788 : m_libspdm_set_certificate_request,
789 : &response_size, response);
790 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
791 1 : assert_int_equal(response_size, sizeof(spdm_set_certificate_response_t));
792 1 : spdm_response = (void *)response;
793 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_SET_CERTIFICATE_RSP);
794 1 : assert_int_equal(spdm_response->header.param1, slot_id);
795 :
796 : /*change the file name, for example: slot_id_1_cert_chain.der*/
797 1 : file_name[8] = (char)(slot_id + '0');
798 :
799 : #if defined(_WIN32) || (defined(__clang__) && (defined (LIBSPDM_CPU_AARCH64) || \
800 : defined(LIBSPDM_CPU_ARM)))
801 : if ((fp_out = fopen(file_name, "r")) == NULL) {
802 : printf("Unable to open file %s\n", file_name);
803 : assert_false(true);
804 : }
805 :
806 : /*check the cert is erased*/
807 : fseek(fp_out, 0, SEEK_END);
808 : cert_file_size = ftell(fp_out);
809 : assert_int_equal(cert_file_size, 0);
810 :
811 : fclose(fp_out);
812 : #else
813 1 : if ((fp_out = open(file_name, O_RDONLY)) == -1) {
814 0 : printf("Unable to open file %s\n", file_name);
815 0 : assert_false(true);
816 : }
817 :
818 1 : if (fstat(fp_out, &file_stat) != 0) {
819 0 : assert_false(true);
820 : }
821 :
822 1 : cert_file_size = file_stat.st_size;
823 1 : assert_int_equal(cert_file_size, 0);
824 :
825 1 : close(fp_out);
826 : #endif
827 :
828 1 : free(m_libspdm_set_certificate_request);
829 1 : }
830 :
831 : /**
832 : * Test 11: receives a valid SET_CERTIFICATE request message from Requester to set cert in slot_id:1 with key_pair_id
833 : * Expected Behavior: produces a valid SET_CERTIFICATE_RSP response message
834 : **/
835 1 : static void rsp_set_certificate_rsp_case11(void **state)
836 : {
837 : libspdm_return_t status;
838 : libspdm_test_context_t *spdm_test_context;
839 : libspdm_context_t *spdm_context;
840 : size_t response_size;
841 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
842 : spdm_set_certificate_response_t *spdm_response;
843 : void *cert_chain;
844 : size_t cert_chain_size;
845 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
846 : uint8_t slot_id;
847 : uint8_t key_pair_id;
848 :
849 1 : spdm_test_context = *state;
850 1 : spdm_context = spdm_test_context->spdm_context;
851 1 : spdm_test_context->case_id = 0xB;
852 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_13 <<
853 : SPDM_VERSION_NUMBER_SHIFT_BIT;
854 1 : slot_id = 1;
855 1 : key_pair_id = 1;
856 :
857 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
858 1 : spdm_context->local_context.capability.flags |=
859 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
860 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
861 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
862 1 : spdm_context->connection_info.multi_key_conn_rsp = true;
863 :
864 1 : spdm_context->local_context.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
865 1 : spdm_context->local_context.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
866 :
867 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
868 : m_libspdm_use_asym_algo, &cert_chain,
869 : &cert_chain_size, NULL, NULL);
870 :
871 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
872 : cert_chain_size);
873 :
874 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_13;
875 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
876 1 : m_libspdm_set_certificate_request->header.param1 =
877 : slot_id | (SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT <<
878 : SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_CERT_MODEL_OFFSET);
879 1 : m_libspdm_set_certificate_request->header.param2 = key_pair_id;
880 :
881 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
882 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
883 : (uint8_t *)cert_chain, cert_chain_size);
884 :
885 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
886 : cert_chain_size;
887 :
888 1 : response_size = sizeof(response);
889 1 : status = libspdm_get_response_set_certificate(spdm_context,
890 : m_libspdm_set_certificate_request_size,
891 : m_libspdm_set_certificate_request,
892 : &response_size, response);
893 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
894 1 : assert_int_equal(response_size, sizeof(spdm_set_certificate_response_t));
895 1 : spdm_response = (void *)response;
896 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_SET_CERTIFICATE_RSP);
897 :
898 1 : free(cert_chain);
899 1 : free(m_libspdm_set_certificate_request);
900 1 : }
901 :
902 : /**
903 : * Test 12: Illegal combination of MULTI_KEY_CONN_RSP = true, Erase = false, and SetCertModel = 0.
904 : * Expected Behavior: produces SPDM_ERROR_CODE_INVALID_REQUEST message.
905 : **/
906 1 : static void rsp_set_certificate_rsp_case12(void **state)
907 : {
908 : libspdm_return_t status;
909 : libspdm_test_context_t *spdm_test_context;
910 : libspdm_context_t *spdm_context;
911 : size_t response_size;
912 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
913 : spdm_set_certificate_response_t *spdm_response;
914 : void *cert_chain;
915 : size_t cert_chain_size;
916 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
917 : uint8_t slot_id;
918 : uint8_t key_pair_id;
919 :
920 1 : spdm_test_context = *state;
921 1 : spdm_context = spdm_test_context->spdm_context;
922 1 : spdm_test_context->case_id = 0xc;
923 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_13 <<
924 : SPDM_VERSION_NUMBER_SHIFT_BIT;
925 1 : slot_id = 1;
926 1 : key_pair_id = 1;
927 :
928 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
929 1 : spdm_context->local_context.capability.flags |=
930 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
931 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
932 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
933 1 : spdm_context->connection_info.multi_key_conn_rsp = true;
934 :
935 1 : spdm_context->local_context.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
936 1 : spdm_context->local_context.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
937 :
938 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
939 : m_libspdm_use_asym_algo, &cert_chain,
940 : &cert_chain_size, NULL, NULL);
941 :
942 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
943 : cert_chain_size);
944 :
945 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_13;
946 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
947 1 : m_libspdm_set_certificate_request->header.param1 =
948 : slot_id | (SPDM_CERTIFICATE_INFO_CERT_MODEL_NONE <<
949 : SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_CERT_MODEL_OFFSET);
950 1 : m_libspdm_set_certificate_request->header.param2 = key_pair_id;
951 :
952 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
953 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
954 : (uint8_t *)cert_chain, cert_chain_size);
955 :
956 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
957 : cert_chain_size;
958 :
959 1 : response_size = sizeof(response);
960 1 : status = libspdm_get_response_set_certificate(spdm_context,
961 : m_libspdm_set_certificate_request_size,
962 : m_libspdm_set_certificate_request,
963 : &response_size, response);
964 :
965 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
966 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
967 1 : spdm_response = (void *)response;
968 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
969 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
970 1 : assert_int_equal(spdm_response->header.param2, 0);
971 :
972 1 : free(cert_chain);
973 1 : free(m_libspdm_set_certificate_request);
974 1 : }
975 :
976 : /**
977 : * Test 13: The Responder cannot complete request due to busy response when writing to NVM.
978 : * Expected Behavior: The Responder returns a Busy error response.
979 : **/
980 1 : static void rsp_set_certificate_rsp_case13(void **state)
981 : {
982 : libspdm_return_t status;
983 : libspdm_test_context_t *spdm_test_context;
984 : libspdm_context_t *spdm_context;
985 : size_t response_size;
986 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
987 : spdm_set_certificate_response_t *spdm_response;
988 : void *cert_chain;
989 : size_t cert_chain_size;
990 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
991 :
992 1 : spdm_test_context = *state;
993 1 : spdm_context = spdm_test_context->spdm_context;
994 1 : spdm_test_context->case_id = 0xd;
995 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
996 : SPDM_VERSION_NUMBER_SHIFT_BIT;
997 :
998 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
999 1 : spdm_context->local_context.capability.flags |=
1000 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
1001 1 : spdm_context->local_context.capability.flags |=
1002 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP;
1003 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1004 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1005 :
1006 1 : spdm_context->local_context.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1007 1 : spdm_context->local_context.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1008 :
1009 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1010 : m_libspdm_use_asym_algo, &cert_chain,
1011 : &cert_chain_size, NULL, NULL);
1012 :
1013 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
1014 : cert_chain_size);
1015 :
1016 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
1017 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
1018 1 : m_libspdm_set_certificate_request->header.param1 = 0;
1019 1 : m_libspdm_set_certificate_request->header.param2 = 0;
1020 :
1021 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
1022 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
1023 : (uint8_t *)cert_chain, cert_chain_size);
1024 :
1025 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
1026 : cert_chain_size;
1027 :
1028 : /* Unable to write to NVM due to busy condition. */
1029 1 : g_set_cert_is_busy = true;
1030 :
1031 1 : response_size = sizeof(response);
1032 1 : status = libspdm_get_response_set_certificate(spdm_context,
1033 : m_libspdm_set_certificate_request_size,
1034 : m_libspdm_set_certificate_request,
1035 : &response_size, response);
1036 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1037 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1038 1 : spdm_response = (void *)response;
1039 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1040 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
1041 1 : assert_int_equal(spdm_response->header.param2, 0);
1042 :
1043 1 : g_set_cert_is_busy = false;
1044 :
1045 1 : free(cert_chain);
1046 1 : free(m_libspdm_set_certificate_request);
1047 1 : }
1048 :
1049 1 : int libspdm_rsp_set_certificate_rsp_test(void)
1050 : {
1051 1 : const struct CMUnitTest test_cases[] = {
1052 : /* Success Case for set_certificate to slot_id:0 with device_cert mode*/
1053 : cmocka_unit_test(rsp_set_certificate_rsp_case1),
1054 : /* Bad request size*/
1055 : cmocka_unit_test(rsp_set_certificate_rsp_case2),
1056 : /* response_state: LIBSPDM_RESPONSE_STATE_BUSY*/
1057 : cmocka_unit_test(rsp_set_certificate_rsp_case3),
1058 : /* response_state: LIBSPDM_RESPONSE_STATE_NEED_RESYNC*/
1059 : cmocka_unit_test(rsp_set_certificate_rsp_case4),
1060 : /* Success Case for set_certificate to slot_id:1 with session*/
1061 : cmocka_unit_test(rsp_set_certificate_rsp_case5),
1062 : /* Responder requires a reset to complete the SET_CERTIFICATE request */
1063 : cmocka_unit_test(rsp_set_certificate_rsp_case6),
1064 : /* Success Case for set_certificate to slot_id:0 with alias_cert mode*/
1065 : cmocka_unit_test(rsp_set_certificate_rsp_case7),
1066 : /* Success Case for set_certificate to slot_id:1 without session and with trusted environment */
1067 : cmocka_unit_test(rsp_set_certificate_rsp_case8),
1068 : /* Error Case for set_certificate to slot_id:1 without session and without trusted environment */
1069 : cmocka_unit_test(rsp_set_certificate_rsp_case9),
1070 : /* Success Case for erase certificate to slot_id:1 with session*/
1071 : cmocka_unit_test(rsp_set_certificate_rsp_case10),
1072 : /* Success Case for set_certificate to slot_id:1 with key_pair_id*/
1073 : cmocka_unit_test(rsp_set_certificate_rsp_case11),
1074 : cmocka_unit_test(rsp_set_certificate_rsp_case12),
1075 : cmocka_unit_test(rsp_set_certificate_rsp_case13),
1076 : };
1077 :
1078 1 : libspdm_test_context_t test_context = {
1079 : LIBSPDM_TEST_CONTEXT_VERSION,
1080 : false,
1081 : };
1082 :
1083 1 : libspdm_setup_test_context(&test_context);
1084 :
1085 1 : return cmocka_run_group_tests(test_cases,
1086 : libspdm_unit_test_group_setup,
1087 : libspdm_unit_test_group_teardown);
1088 : }
1089 :
1090 : #endif /* LIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP*/
|
