Line data Source code
1 : /**
2 : * Copyright Notice:
3 : * Copyright 2021-2024 DMTF. All rights reserved.
4 : * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
5 : **/
6 :
7 : #include "spdm_unit_test.h"
8 : #include "internal/libspdm_responder_lib.h"
9 :
10 : #if defined(_WIN32) || (defined(__clang__) && (defined (LIBSPDM_CPU_AARCH64) || \
11 : defined(LIBSPDM_CPU_ARM)))
12 : #else
13 : #include <fcntl.h>
14 : #include <unistd.h>
15 : #include <sys/stat.h>
16 : #endif
17 :
18 : #if LIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP
19 :
20 : extern bool g_in_trusted_environment;
21 : extern bool g_set_cert_is_busy;
22 :
23 : /**
24 : * Test 1: receives a valid SET_CERTIFICATE request message from Requester to set cert in slot_id:0 with device_cert model
25 : * Expected Behavior: produces a valid SET_CERTIFICATE_RSP response message
26 : **/
27 1 : void libspdm_test_responder_set_certificate_rsp_case1(void **state)
28 : {
29 : libspdm_return_t status;
30 : libspdm_test_context_t *spdm_test_context;
31 : libspdm_context_t *spdm_context;
32 : size_t response_size;
33 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
34 : spdm_set_certificate_response_t *spdm_response;
35 : void *cert_chain;
36 : size_t cert_chain_size;
37 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
38 :
39 : void *cert_chain_slot_1;
40 : uint8_t *new_cert_chain;
41 : size_t new_cert_chain_size;
42 : size_t root_cert_hash_size;
43 :
44 1 : spdm_test_context = *state;
45 1 : spdm_context = spdm_test_context->spdm_context;
46 1 : spdm_test_context->case_id = 0x1;
47 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
48 : SPDM_VERSION_NUMBER_SHIFT_BIT;
49 :
50 1 : spdm_context->connection_info.connection_state =
51 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
52 1 : spdm_context->local_context.capability.flags |=
53 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
54 1 : spdm_context->connection_info.algorithm.base_hash_algo =
55 : m_libspdm_use_hash_algo;
56 1 : spdm_context->connection_info.algorithm.base_asym_algo =
57 : m_libspdm_use_asym_algo;
58 :
59 1 : spdm_context->local_context.algorithm.base_hash_algo =
60 : m_libspdm_use_hash_algo;
61 1 : spdm_context->local_context.algorithm.base_asym_algo =
62 : m_libspdm_use_asym_algo;
63 :
64 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
65 : m_libspdm_use_asym_algo, &cert_chain,
66 : &cert_chain_size, NULL, NULL);
67 :
68 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
69 : cert_chain_size);
70 :
71 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
72 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
73 1 : m_libspdm_set_certificate_request->header.param1 = 0;
74 1 : m_libspdm_set_certificate_request->header.param2 = 0;
75 :
76 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
77 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
78 : (uint8_t *)cert_chain, cert_chain_size);
79 :
80 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
81 : cert_chain_size;
82 :
83 1 : response_size = sizeof(response);
84 1 : status = libspdm_get_response_set_certificate(spdm_context,
85 : m_libspdm_set_certificate_request_size,
86 : m_libspdm_set_certificate_request,
87 : &response_size, response);
88 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
89 1 : assert_int_equal(response_size, sizeof(spdm_set_certificate_response_t));
90 1 : spdm_response = (void *)response;
91 1 : assert_int_equal(spdm_response->header.request_response_code,
92 : SPDM_SET_CERTIFICATE_RSP);
93 :
94 1 : free(cert_chain);
95 1 : free(m_libspdm_set_certificate_request);
96 :
97 : /*test overwrite same slot_id cert*/
98 :
99 : /*read a different cert_chain*/
100 1 : libspdm_read_responder_public_certificate_chain_per_slot(1, m_libspdm_use_hash_algo,
101 : m_libspdm_use_asym_algo,
102 : &cert_chain_slot_1,
103 : &cert_chain_size, NULL, NULL);
104 :
105 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
106 : cert_chain_size);
107 :
108 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
109 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
110 : /*write the same slot_id 0*/
111 1 : m_libspdm_set_certificate_request->header.param1 = 0;
112 1 : m_libspdm_set_certificate_request->header.param2 = 0;
113 :
114 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
115 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
116 : (uint8_t *)cert_chain_slot_1, cert_chain_size);
117 :
118 1 : m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
119 : cert_chain_size;
120 :
121 1 : response_size = sizeof(response);
122 1 : status = libspdm_get_response_set_certificate(spdm_context,
123 : m_libspdm_set_certificate_request_size,
124 : m_libspdm_set_certificate_request,
125 : &response_size, response);
126 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
127 1 : assert_int_equal(response_size, sizeof(spdm_set_certificate_response_t));
128 1 : spdm_response = (void *)response;
129 1 : assert_int_equal(spdm_response->header.request_response_code,
130 : SPDM_SET_CERTIFICATE_RSP);
131 :
132 : /*check that the cert_chain is overwritten*/
133 1 : libspdm_read_input_file("slot_id_0_cert_chain.der",
134 : (void **)&new_cert_chain, &new_cert_chain_size);
135 :
136 : /*get actual cert_chain size*/
137 1 : root_cert_hash_size = libspdm_get_hash_size(
138 : spdm_context->local_context.algorithm.base_hash_algo);
139 1 : cert_chain_size = cert_chain_size - sizeof(spdm_cert_chain_t) - root_cert_hash_size;
140 :
141 : /*point to actual cert_chain*/
142 1 : cert_chain_slot_1 = (void*)((uint8_t *)cert_chain_slot_1
143 1 : + sizeof(spdm_cert_chain_t) + root_cert_hash_size);
144 :
145 1 : assert_memory_equal(cert_chain_slot_1, new_cert_chain, cert_chain_size);
146 :
147 1 : free(new_cert_chain);
148 :
149 : /*point to total cert_chain_slot_1: it is important*/
150 1 : cert_chain_slot_1 = (void*)((uint8_t *)cert_chain_slot_1
151 1 : - sizeof(spdm_cert_chain_t) - root_cert_hash_size);
152 1 : free(cert_chain_slot_1);
153 1 : free(m_libspdm_set_certificate_request);
154 1 : }
155 :
156 : /**
157 : * Test 2: Wrong SET_CERTIFICATE message size (larger than expected)
158 : * Expected Behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_INVALID_REQUEST
159 : **/
160 1 : void libspdm_test_responder_set_certificate_rsp_case2(void **state)
161 : {
162 : libspdm_return_t status;
163 : libspdm_test_context_t *spdm_test_context;
164 : libspdm_context_t *spdm_context;
165 : size_t response_size;
166 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
167 : spdm_set_certificate_response_t *spdm_response;
168 : void *cert_chain;
169 : size_t cert_chain_size;
170 :
171 1 : spdm_test_context = *state;
172 1 : spdm_context = spdm_test_context->spdm_context;
173 1 : spdm_test_context->case_id = 0x2;
174 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
175 : SPDM_VERSION_NUMBER_SHIFT_BIT;
176 :
177 1 : spdm_context->connection_info.connection_state =
178 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
179 1 : spdm_context->local_context.capability.flags |=
180 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
181 1 : spdm_context->connection_info.algorithm.base_hash_algo =
182 : m_libspdm_use_hash_algo;
183 1 : spdm_context->connection_info.algorithm.base_asym_algo =
184 : m_libspdm_use_asym_algo;
185 :
186 1 : spdm_context->local_context.algorithm.base_hash_algo =
187 : m_libspdm_use_hash_algo;
188 1 : spdm_context->local_context.algorithm.base_asym_algo =
189 : m_libspdm_use_asym_algo;
190 :
191 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
192 : m_libspdm_use_asym_algo, &cert_chain,
193 : &cert_chain_size, NULL, NULL);
194 :
195 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
196 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
197 : cert_chain_size);
198 :
199 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
200 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
201 1 : m_libspdm_set_certificate_request->header.param1 = 0;
202 1 : m_libspdm_set_certificate_request->header.param2 = 0;
203 :
204 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
205 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
206 : (uint8_t *)cert_chain, cert_chain_size);
207 :
208 : /* Bad request size: only have header size*/
209 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t);
210 :
211 1 : response_size = sizeof(response);
212 1 : status = libspdm_get_response_set_certificate(spdm_context,
213 : m_libspdm_set_certificate_request_size,
214 : m_libspdm_set_certificate_request,
215 : &response_size, response);
216 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
217 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
218 1 : spdm_response = (void *)response;
219 1 : assert_int_equal(spdm_response->header.request_response_code,
220 : SPDM_ERROR);
221 1 : assert_int_equal(spdm_response->header.param1,
222 : SPDM_ERROR_CODE_INVALID_REQUEST);
223 1 : assert_int_equal(spdm_response->header.param2, 0);
224 :
225 1 : free(cert_chain);
226 1 : free(m_libspdm_set_certificate_request);
227 1 : }
228 :
229 :
230 : /**
231 : * Test 3: Force response_state = LIBSPDM_RESPONSE_STATE_BUSY when asked SET_CERTIFICATE
232 : * Expected Behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_BUSY
233 : **/
234 1 : void libspdm_test_responder_set_certificate_rsp_case3(void **state)
235 : {
236 : libspdm_return_t status;
237 : libspdm_test_context_t *spdm_test_context;
238 : libspdm_context_t *spdm_context;
239 : size_t response_size;
240 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
241 : spdm_set_certificate_response_t *spdm_response;
242 : void *cert_chain;
243 : size_t cert_chain_size;
244 :
245 1 : spdm_test_context = *state;
246 1 : spdm_context = spdm_test_context->spdm_context;
247 1 : spdm_test_context->case_id = 0x3;
248 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
249 : SPDM_VERSION_NUMBER_SHIFT_BIT;
250 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY;
251 :
252 1 : spdm_context->connection_info.connection_state =
253 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
254 1 : spdm_context->local_context.capability.flags |=
255 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
256 1 : spdm_context->connection_info.algorithm.base_hash_algo =
257 : m_libspdm_use_hash_algo;
258 1 : spdm_context->connection_info.algorithm.base_asym_algo =
259 : m_libspdm_use_asym_algo;
260 :
261 1 : spdm_context->local_context.algorithm.base_hash_algo =
262 : m_libspdm_use_hash_algo;
263 1 : spdm_context->local_context.algorithm.base_asym_algo =
264 : m_libspdm_use_asym_algo;
265 :
266 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
267 : m_libspdm_use_asym_algo, &cert_chain,
268 : &cert_chain_size, NULL, NULL);
269 :
270 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
271 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
272 : cert_chain_size);
273 :
274 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
275 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
276 1 : m_libspdm_set_certificate_request->header.param1 = 0;
277 1 : m_libspdm_set_certificate_request->header.param2 = 0;
278 :
279 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
280 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
281 : (uint8_t *)cert_chain, cert_chain_size);
282 :
283 : /* Bad request size: right request size + 1*/
284 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
285 1 : cert_chain_size + 1;
286 :
287 1 : response_size = sizeof(response);
288 1 : status = libspdm_get_response_set_certificate(spdm_context,
289 : m_libspdm_set_certificate_request_size,
290 : m_libspdm_set_certificate_request,
291 : &response_size, response);
292 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
293 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
294 1 : spdm_response = (void *)response;
295 1 : assert_int_equal(spdm_response->header.request_response_code,
296 : SPDM_ERROR);
297 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
298 1 : assert_int_equal(spdm_response->header.param2, 0);
299 1 : assert_int_equal(spdm_context->response_state,
300 : LIBSPDM_RESPONSE_STATE_BUSY);
301 :
302 1 : free(cert_chain);
303 1 : free(m_libspdm_set_certificate_request);
304 1 : }
305 :
306 :
307 : /**
308 : * Test 4: Force response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC when asked SET_CERTIFICATE
309 : * Expected Behavior: generate an ERROR_RESPONSE with code SPDM_ERROR_CODE_REQUEST_RESYNCH
310 : **/
311 1 : void libspdm_test_responder_set_certificate_rsp_case4(void **state)
312 : {
313 : libspdm_return_t status;
314 : libspdm_test_context_t *spdm_test_context;
315 : libspdm_context_t *spdm_context;
316 : size_t response_size;
317 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
318 : spdm_set_certificate_response_t *spdm_response;
319 : void *cert_chain;
320 : size_t cert_chain_size;
321 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
322 :
323 1 : spdm_test_context = *state;
324 1 : spdm_context = spdm_test_context->spdm_context;
325 1 : spdm_test_context->case_id = 0x4;
326 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
327 : SPDM_VERSION_NUMBER_SHIFT_BIT;
328 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NEED_RESYNC;
329 :
330 1 : spdm_context->connection_info.connection_state =
331 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
332 1 : spdm_context->local_context.capability.flags |=
333 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
334 1 : spdm_context->connection_info.algorithm.base_hash_algo =
335 : m_libspdm_use_hash_algo;
336 1 : spdm_context->connection_info.algorithm.base_asym_algo =
337 : m_libspdm_use_asym_algo;
338 :
339 1 : spdm_context->local_context.algorithm.base_hash_algo =
340 : m_libspdm_use_hash_algo;
341 1 : spdm_context->local_context.algorithm.base_asym_algo =
342 : m_libspdm_use_asym_algo;
343 :
344 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
345 : m_libspdm_use_asym_algo, &cert_chain,
346 : &cert_chain_size, NULL, NULL);
347 :
348 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
349 : cert_chain_size);
350 :
351 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
352 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
353 1 : m_libspdm_set_certificate_request->header.param1 = 0;
354 1 : m_libspdm_set_certificate_request->header.param2 = 0;
355 :
356 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
357 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
358 : (uint8_t *)cert_chain, cert_chain_size);
359 :
360 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
361 : cert_chain_size;
362 :
363 1 : response_size = sizeof(response);
364 1 : status = libspdm_get_response_set_certificate(spdm_context,
365 : m_libspdm_set_certificate_request_size,
366 : m_libspdm_set_certificate_request,
367 : &response_size, response);
368 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
369 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
370 1 : spdm_response = (void *)response;
371 1 : assert_int_equal(spdm_response->header.request_response_code,
372 : SPDM_ERROR);
373 1 : assert_int_equal(spdm_response->header.param1,
374 : SPDM_ERROR_CODE_REQUEST_RESYNCH);
375 1 : assert_int_equal(spdm_response->header.param2, 0);
376 1 : assert_int_equal(spdm_context->response_state,
377 : LIBSPDM_RESPONSE_STATE_NEED_RESYNC);
378 :
379 1 : free(cert_chain);
380 1 : free(m_libspdm_set_certificate_request);
381 1 : }
382 :
383 : /**
384 : * Test 5: receives a valid SET_CERTIFICATE request message from Requester to set cert in slot_id:1 with session
385 : * Expected Behavior: produces a valid SET_CERTIFICATE_RSP response message
386 : **/
387 1 : void libspdm_test_responder_set_certificate_rsp_case5(void **state)
388 : {
389 : libspdm_return_t status;
390 : libspdm_test_context_t *spdm_test_context;
391 : libspdm_context_t *spdm_context;
392 : size_t response_size;
393 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
394 : spdm_set_certificate_response_t *spdm_response;
395 : void *cert_chain;
396 : size_t cert_chain_size;
397 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
398 :
399 : libspdm_session_info_t *session_info;
400 : uint32_t session_id;
401 :
402 1 : spdm_test_context = *state;
403 1 : spdm_context = spdm_test_context->spdm_context;
404 1 : spdm_test_context->case_id = 0x5;
405 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
406 : SPDM_VERSION_NUMBER_SHIFT_BIT;
407 : /*responset_state need to set normal*/
408 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
409 1 : spdm_context->connection_info.connection_state =
410 : LIBSPDM_CONNECTION_STATE_AUTHENTICATED;
411 1 : spdm_context->local_context.capability.flags |=
412 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
413 1 : spdm_context->local_context.capability.flags |=
414 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG;
415 1 : spdm_context->connection_info.algorithm.base_hash_algo =
416 : m_libspdm_use_hash_algo;
417 1 : spdm_context->connection_info.algorithm.base_asym_algo =
418 : m_libspdm_use_asym_algo;
419 :
420 1 : spdm_context->local_context.algorithm.base_hash_algo =
421 : m_libspdm_use_hash_algo;
422 1 : spdm_context->local_context.algorithm.base_asym_algo =
423 : m_libspdm_use_asym_algo;
424 :
425 1 : session_id = 0xFFFFFFFF;
426 1 : spdm_context->latest_session_id = session_id;
427 1 : spdm_context->last_spdm_request_session_id_valid = true;
428 1 : spdm_context->last_spdm_request_session_id = session_id;
429 1 : session_info = &spdm_context->session_info[0];
430 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
431 1 : libspdm_secured_message_set_session_state(
432 : session_info->secured_message_context,
433 : LIBSPDM_SESSION_STATE_ESTABLISHED);
434 :
435 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
436 : m_libspdm_use_asym_algo, &cert_chain,
437 : &cert_chain_size, NULL, NULL);
438 :
439 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
440 : cert_chain_size);
441 :
442 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
443 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
444 1 : m_libspdm_set_certificate_request->header.param1 = 1;
445 1 : m_libspdm_set_certificate_request->header.param2 = 0;
446 :
447 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
448 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
449 : (uint8_t *)cert_chain, cert_chain_size);
450 :
451 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
452 : cert_chain_size;
453 :
454 1 : response_size = sizeof(response);
455 1 : status = libspdm_get_response_set_certificate(spdm_context,
456 : m_libspdm_set_certificate_request_size,
457 : m_libspdm_set_certificate_request,
458 : &response_size, response);
459 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
460 1 : assert_int_equal(response_size, sizeof(spdm_set_certificate_response_t));
461 1 : spdm_response = (void *)response;
462 1 : assert_int_equal(spdm_response->header.request_response_code,
463 : SPDM_SET_CERTIFICATE_RSP);
464 :
465 1 : free(cert_chain);
466 1 : free(m_libspdm_set_certificate_request);
467 1 : }
468 :
469 : /**
470 : * Test 6: receives a valid SET_CERTIFICATE request message from Requester with need_reset
471 : * Expected Behavior: The Responder return need reset
472 : **/
473 1 : void libspdm_test_responder_set_certificate_rsp_case6(void **state)
474 : {
475 : libspdm_return_t status;
476 : libspdm_test_context_t *spdm_test_context;
477 : libspdm_context_t *spdm_context;
478 : size_t response_size;
479 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
480 : spdm_set_certificate_response_t *spdm_response;
481 : void *cert_chain;
482 : size_t cert_chain_size;
483 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
484 :
485 1 : spdm_test_context = *state;
486 1 : spdm_context = spdm_test_context->spdm_context;
487 1 : spdm_test_context->case_id = 0x6;
488 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
489 : SPDM_VERSION_NUMBER_SHIFT_BIT;
490 :
491 1 : spdm_context->connection_info.connection_state =
492 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
493 1 : spdm_context->local_context.capability.flags |=
494 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
495 1 : spdm_context->local_context.capability.flags |=
496 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP;
497 1 : spdm_context->connection_info.algorithm.base_hash_algo =
498 : m_libspdm_use_hash_algo;
499 1 : spdm_context->connection_info.algorithm.base_asym_algo =
500 : m_libspdm_use_asym_algo;
501 :
502 1 : spdm_context->local_context.algorithm.base_hash_algo =
503 : m_libspdm_use_hash_algo;
504 1 : spdm_context->local_context.algorithm.base_asym_algo =
505 : m_libspdm_use_asym_algo;
506 :
507 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
508 : m_libspdm_use_asym_algo, &cert_chain,
509 : &cert_chain_size, NULL, NULL);
510 :
511 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
512 : cert_chain_size);
513 :
514 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
515 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
516 1 : m_libspdm_set_certificate_request->header.param1 = 0;
517 1 : m_libspdm_set_certificate_request->header.param2 = 0;
518 :
519 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
520 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
521 : (uint8_t *)cert_chain, cert_chain_size);
522 :
523 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
524 : cert_chain_size;
525 :
526 1 : response_size = sizeof(response);
527 1 : status = libspdm_get_response_set_certificate(spdm_context,
528 : m_libspdm_set_certificate_request_size,
529 : m_libspdm_set_certificate_request,
530 : &response_size, response);
531 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
532 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
533 1 : spdm_response = (void *)response;
534 1 : assert_int_equal(spdm_response->header.request_response_code,
535 : SPDM_ERROR);
536 1 : assert_int_equal(spdm_response->header.param1,
537 : SPDM_ERROR_CODE_RESET_REQUIRED);
538 1 : assert_int_equal(spdm_response->header.param2, 0);
539 :
540 1 : free(cert_chain);
541 1 : free(m_libspdm_set_certificate_request);
542 1 : }
543 :
544 : /**
545 : * Test 7: receives a valid SET_CERTIFICATE request message from Requester to set cert in slot_id:0 with alias_cert model
546 : * Expected Behavior: produces a valid SET_CERTIFICATE_RSP response message
547 : **/
548 1 : void libspdm_test_responder_set_certificate_rsp_case7(void **state)
549 : {
550 : libspdm_return_t status;
551 : libspdm_test_context_t *spdm_test_context;
552 : libspdm_context_t *spdm_context;
553 : size_t response_size;
554 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
555 : spdm_set_certificate_response_t *spdm_response;
556 : void *cert_chain;
557 : size_t cert_chain_size;
558 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
559 :
560 1 : spdm_test_context = *state;
561 1 : spdm_context = spdm_test_context->spdm_context;
562 1 : spdm_test_context->case_id = 0x7;
563 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
564 : SPDM_VERSION_NUMBER_SHIFT_BIT;
565 :
566 1 : spdm_context->connection_info.connection_state =
567 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
568 1 : spdm_context->local_context.capability.flags |=
569 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
570 1 : spdm_context->connection_info.algorithm.base_hash_algo =
571 : m_libspdm_use_hash_algo;
572 1 : spdm_context->connection_info.algorithm.base_asym_algo =
573 : m_libspdm_use_asym_algo;
574 1 : spdm_context->local_context.capability.flags &=
575 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP;
576 :
577 1 : spdm_context->local_context.algorithm.base_hash_algo =
578 : m_libspdm_use_hash_algo;
579 1 : spdm_context->local_context.algorithm.base_asym_algo =
580 : m_libspdm_use_asym_algo;
581 :
582 : /*set alias cert mode*/
583 1 : spdm_context->local_context.capability.flags |=
584 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP;
585 : /*read alias cert(alias cert chain is partial)*/
586 1 : libspdm_read_responder_public_certificate_chain_alias_cert_till_dev_cert_ca(
587 : m_libspdm_use_hash_algo, m_libspdm_use_asym_algo,
588 : &cert_chain, &cert_chain_size, NULL, NULL);
589 :
590 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
591 : cert_chain_size);
592 :
593 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
594 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
595 1 : m_libspdm_set_certificate_request->header.param1 = 0;
596 1 : m_libspdm_set_certificate_request->header.param2 = 0;
597 :
598 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
599 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
600 : (uint8_t *)cert_chain, cert_chain_size);
601 :
602 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
603 : cert_chain_size;
604 :
605 1 : response_size = sizeof(response);
606 1 : status = libspdm_get_response_set_certificate(spdm_context,
607 : m_libspdm_set_certificate_request_size,
608 : m_libspdm_set_certificate_request,
609 : &response_size, response);
610 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
611 1 : assert_int_equal(response_size, sizeof(spdm_set_certificate_response_t));
612 1 : spdm_response = (void *)response;
613 1 : assert_int_equal(spdm_response->header.request_response_code,
614 : SPDM_SET_CERTIFICATE_RSP);
615 :
616 1 : free(cert_chain);
617 1 : free(m_libspdm_set_certificate_request);
618 1 : }
619 :
620 : /**
621 : * Test 8: receives a SET_CERTIFICATE request message to set cert in slot_id:1 without session and with trusted environment
622 : * Expected Behavior: produces a valid SET_CERTIFICATE_RSP response message
623 : **/
624 1 : void libspdm_test_responder_set_certificate_rsp_case8(void **state)
625 : {
626 : libspdm_return_t status;
627 : libspdm_test_context_t *spdm_test_context;
628 : libspdm_context_t *spdm_context;
629 : size_t response_size;
630 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
631 : spdm_set_certificate_response_t *spdm_response;
632 : void *cert_chain;
633 : size_t cert_chain_size;
634 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
635 :
636 1 : spdm_test_context = *state;
637 1 : spdm_context = spdm_test_context->spdm_context;
638 1 : spdm_test_context->case_id = 0x8;
639 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
640 : SPDM_VERSION_NUMBER_SHIFT_BIT;
641 : /*responset_state need to set normal*/
642 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
643 1 : spdm_context->connection_info.connection_state =
644 : LIBSPDM_CONNECTION_STATE_AUTHENTICATED;
645 1 : spdm_context->local_context.capability.flags |=
646 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
647 1 : spdm_context->local_context.capability.flags &=
648 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP;
649 1 : spdm_context->local_context.capability.flags &=
650 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP;
651 1 : spdm_context->local_context.capability.flags |=
652 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG;
653 1 : spdm_context->connection_info.algorithm.base_hash_algo =
654 : m_libspdm_use_hash_algo;
655 1 : spdm_context->connection_info.algorithm.base_asym_algo =
656 : m_libspdm_use_asym_algo;
657 :
658 1 : spdm_context->last_spdm_request_session_id_valid = false;
659 1 : g_in_trusted_environment = true;
660 :
661 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
662 : m_libspdm_use_asym_algo, &cert_chain,
663 : &cert_chain_size, NULL, NULL);
664 :
665 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
666 : cert_chain_size);
667 :
668 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
669 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
670 1 : m_libspdm_set_certificate_request->header.param1 = 1;
671 1 : m_libspdm_set_certificate_request->header.param2 = 0;
672 :
673 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
674 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
675 : (uint8_t *)cert_chain, cert_chain_size);
676 :
677 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
678 : cert_chain_size;
679 :
680 1 : response_size = sizeof(response);
681 1 : status = libspdm_get_response_set_certificate(spdm_context,
682 : m_libspdm_set_certificate_request_size,
683 : m_libspdm_set_certificate_request,
684 : &response_size, response);
685 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
686 1 : assert_int_equal(response_size, sizeof(spdm_set_certificate_response_t));
687 1 : spdm_response = (void *)response;
688 1 : assert_int_equal(spdm_response->header.request_response_code,
689 : SPDM_SET_CERTIFICATE_RSP);
690 :
691 1 : free(cert_chain);
692 1 : free(m_libspdm_set_certificate_request);
693 1 : }
694 :
695 : /**
696 : * Test 9: receives a SET_CERTIFICATE request message to set cert in slot_id:1 without session and without trusted environment
697 : * Expected Behavior: produces a valid ERROR response message
698 : **/
699 1 : void libspdm_test_responder_set_certificate_rsp_case9(void **state)
700 : {
701 : libspdm_return_t status;
702 : libspdm_test_context_t *spdm_test_context;
703 : libspdm_context_t *spdm_context;
704 : size_t response_size;
705 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
706 : spdm_set_certificate_response_t *spdm_response;
707 : void *cert_chain;
708 : size_t cert_chain_size;
709 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
710 :
711 1 : spdm_test_context = *state;
712 1 : spdm_context = spdm_test_context->spdm_context;
713 1 : spdm_test_context->case_id = 0x9;
714 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
715 : SPDM_VERSION_NUMBER_SHIFT_BIT;
716 : /*responset_state need to set normal*/
717 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
718 1 : spdm_context->connection_info.connection_state =
719 : LIBSPDM_CONNECTION_STATE_AUTHENTICATED;
720 1 : spdm_context->local_context.capability.flags |=
721 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
722 1 : spdm_context->local_context.capability.flags &=
723 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP;
724 1 : spdm_context->local_context.capability.flags &=
725 : ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ALIAS_CERT_CAP;
726 1 : spdm_context->local_context.capability.flags |=
727 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG;
728 1 : spdm_context->connection_info.algorithm.base_hash_algo =
729 : m_libspdm_use_hash_algo;
730 1 : spdm_context->connection_info.algorithm.base_asym_algo =
731 : m_libspdm_use_asym_algo;
732 :
733 1 : spdm_context->last_spdm_request_session_id_valid = false;
734 1 : g_in_trusted_environment = false;
735 :
736 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
737 : m_libspdm_use_asym_algo, &cert_chain,
738 : &cert_chain_size, NULL, NULL);
739 :
740 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
741 : cert_chain_size);
742 :
743 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
744 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
745 1 : m_libspdm_set_certificate_request->header.param1 = 1;
746 1 : m_libspdm_set_certificate_request->header.param2 = 0;
747 :
748 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
749 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
750 : (uint8_t *)cert_chain, cert_chain_size);
751 :
752 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
753 : cert_chain_size;
754 :
755 1 : response_size = sizeof(response);
756 1 : status = libspdm_get_response_set_certificate(spdm_context,
757 : m_libspdm_set_certificate_request_size,
758 : m_libspdm_set_certificate_request,
759 : &response_size, response);
760 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
761 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
762 1 : spdm_response = (void *)response;
763 1 : assert_int_equal(spdm_response->header.request_response_code,
764 : SPDM_ERROR);
765 1 : assert_int_equal(spdm_response->header.param1,
766 : SPDM_ERROR_CODE_UNEXPECTED_REQUEST);
767 1 : assert_int_equal(spdm_response->header.param2, 0);
768 :
769 1 : free(cert_chain);
770 1 : free(m_libspdm_set_certificate_request);
771 1 : }
772 :
773 : /**
774 : * Test 10: receives a valid SET_CERTIFICATE request message from Requester to erase cert in slot_id:1 with session
775 : * Expected Behavior: produces a valid SET_CERTIFICATE_RSP response message
776 : **/
777 1 : void libspdm_test_responder_set_certificate_rsp_case10(void **state)
778 : {
779 : libspdm_return_t status;
780 : libspdm_test_context_t *spdm_test_context;
781 : libspdm_context_t *spdm_context;
782 : size_t response_size;
783 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
784 : spdm_set_certificate_response_t *spdm_response;
785 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
786 :
787 : libspdm_session_info_t *session_info;
788 : uint32_t session_id;
789 : uint8_t slot_id;
790 : #if defined(_WIN32) || (defined(__clang__) && (defined (LIBSPDM_CPU_AARCH64) || \
791 : defined(LIBSPDM_CPU_ARM)))
792 : FILE *fp_out;
793 : #else
794 : int64_t fp_out;
795 : struct stat file_stat;
796 : #endif
797 : size_t cert_file_size;
798 :
799 1 : char file_name[] = "slot_id_0_cert_chain.der";
800 1 : slot_id = 1;
801 :
802 1 : spdm_test_context = *state;
803 1 : spdm_context = spdm_test_context->spdm_context;
804 1 : spdm_test_context->case_id = 0xA;
805 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_13 <<
806 : SPDM_VERSION_NUMBER_SHIFT_BIT;
807 : /*responset_state need to set normal*/
808 1 : spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL;
809 1 : spdm_context->connection_info.connection_state =
810 : LIBSPDM_CONNECTION_STATE_AUTHENTICATED;
811 1 : spdm_context->local_context.capability.flags |=
812 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
813 1 : spdm_context->local_context.capability.flags |=
814 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MEAS_CAP_SIG;
815 1 : spdm_context->connection_info.algorithm.base_hash_algo =
816 : m_libspdm_use_hash_algo;
817 1 : spdm_context->connection_info.algorithm.base_asym_algo =
818 : m_libspdm_use_asym_algo;
819 :
820 1 : spdm_context->local_context.algorithm.base_hash_algo =
821 : m_libspdm_use_hash_algo;
822 1 : spdm_context->local_context.algorithm.base_asym_algo =
823 : m_libspdm_use_asym_algo;
824 :
825 1 : session_id = 0xFFFFFFFF;
826 1 : spdm_context->latest_session_id = session_id;
827 1 : spdm_context->last_spdm_request_session_id_valid = true;
828 1 : spdm_context->last_spdm_request_session_id = session_id;
829 1 : session_info = &spdm_context->session_info[0];
830 1 : libspdm_session_info_init(spdm_context, session_info, session_id, true);
831 1 : libspdm_secured_message_set_session_state(
832 : session_info->secured_message_context,
833 : LIBSPDM_SESSION_STATE_ESTABLISHED);
834 :
835 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t));
836 :
837 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_13;
838 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
839 1 : m_libspdm_set_certificate_request->header.param1 = slot_id |
840 : SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_ERASE;
841 1 : m_libspdm_set_certificate_request->header.param2 = 0;
842 :
843 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t);
844 :
845 1 : response_size = sizeof(response);
846 1 : status = libspdm_get_response_set_certificate(spdm_context,
847 : m_libspdm_set_certificate_request_size,
848 : m_libspdm_set_certificate_request,
849 : &response_size, response);
850 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
851 1 : assert_int_equal(response_size, sizeof(spdm_set_certificate_response_t));
852 1 : spdm_response = (void *)response;
853 1 : assert_int_equal(spdm_response->header.request_response_code,
854 : SPDM_SET_CERTIFICATE_RSP);
855 1 : assert_int_equal(spdm_response->header.param1, slot_id);
856 :
857 : /*change the file name, for example: slot_id_1_cert_chain.der*/
858 1 : file_name[8] = (char)(slot_id + '0');
859 :
860 : #if defined(_WIN32) || (defined(__clang__) && (defined (LIBSPDM_CPU_AARCH64) || \
861 : defined(LIBSPDM_CPU_ARM)))
862 : if ((fp_out = fopen(file_name, "r")) == NULL) {
863 : printf("Unable to open file %s\n", file_name);
864 : assert_false(true);
865 : }
866 :
867 : /*check the cert is erased*/
868 : fseek(fp_out, 0, SEEK_END);
869 : cert_file_size = ftell(fp_out);
870 : assert_int_equal(cert_file_size, 0);
871 :
872 : fclose(fp_out);
873 : #else
874 1 : if ((fp_out = open(file_name, O_RDONLY)) == -1) {
875 0 : printf("Unable to open file %s\n", file_name);
876 0 : assert_false(true);
877 : }
878 :
879 1 : if (fstat(fp_out, &file_stat) != 0) {
880 0 : assert_false(true);
881 : }
882 :
883 1 : cert_file_size = file_stat.st_size;
884 1 : assert_int_equal(cert_file_size, 0);
885 :
886 1 : close(fp_out);
887 : #endif
888 :
889 1 : free(m_libspdm_set_certificate_request);
890 1 : }
891 :
892 : /**
893 : * Test 11: receives a valid SET_CERTIFICATE request message from Requester to set cert in slot_id:1 with key_pair_id
894 : * Expected Behavior: produces a valid SET_CERTIFICATE_RSP response message
895 : **/
896 1 : void libspdm_test_responder_set_certificate_rsp_case11(void **state)
897 : {
898 : libspdm_return_t status;
899 : libspdm_test_context_t *spdm_test_context;
900 : libspdm_context_t *spdm_context;
901 : size_t response_size;
902 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
903 : spdm_set_certificate_response_t *spdm_response;
904 : void *cert_chain;
905 : size_t cert_chain_size;
906 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
907 : uint8_t slot_id;
908 : uint8_t key_pair_id;
909 :
910 1 : spdm_test_context = *state;
911 1 : spdm_context = spdm_test_context->spdm_context;
912 1 : spdm_test_context->case_id = 0xB;
913 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_13 <<
914 : SPDM_VERSION_NUMBER_SHIFT_BIT;
915 1 : slot_id = 1;
916 1 : key_pair_id = 1;
917 :
918 1 : spdm_context->connection_info.connection_state =
919 : LIBSPDM_CONNECTION_STATE_NEGOTIATED;
920 1 : spdm_context->local_context.capability.flags |=
921 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
922 1 : spdm_context->connection_info.algorithm.base_hash_algo =
923 : m_libspdm_use_hash_algo;
924 1 : spdm_context->connection_info.algorithm.base_asym_algo =
925 : m_libspdm_use_asym_algo;
926 1 : spdm_context->connection_info.multi_key_conn_rsp = true;
927 :
928 1 : spdm_context->local_context.algorithm.base_hash_algo =
929 : m_libspdm_use_hash_algo;
930 1 : spdm_context->local_context.algorithm.base_asym_algo =
931 : m_libspdm_use_asym_algo;
932 :
933 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
934 : m_libspdm_use_asym_algo, &cert_chain,
935 : &cert_chain_size, NULL, NULL);
936 :
937 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
938 : cert_chain_size);
939 :
940 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_13;
941 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
942 1 : m_libspdm_set_certificate_request->header.param1 =
943 : slot_id | (SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT <<
944 : SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_CERT_MODEL_OFFSET);
945 1 : m_libspdm_set_certificate_request->header.param2 = key_pair_id;
946 :
947 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
948 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
949 : (uint8_t *)cert_chain, cert_chain_size);
950 :
951 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
952 : cert_chain_size;
953 :
954 1 : response_size = sizeof(response);
955 1 : status = libspdm_get_response_set_certificate(spdm_context,
956 : m_libspdm_set_certificate_request_size,
957 : m_libspdm_set_certificate_request,
958 : &response_size, response);
959 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
960 1 : assert_int_equal(response_size, sizeof(spdm_set_certificate_response_t));
961 1 : spdm_response = (void *)response;
962 1 : assert_int_equal(spdm_response->header.request_response_code,
963 : SPDM_SET_CERTIFICATE_RSP);
964 :
965 1 : free(cert_chain);
966 1 : free(m_libspdm_set_certificate_request);
967 1 : }
968 :
969 : /**
970 : * Test 12: Illegal combination of MULTI_KEY_CONN_RSP = true, Erase = false, and SetCertModel = 0.
971 : * Expected Behavior: produces SPDM_ERROR_CODE_INVALID_REQUEST message.
972 : **/
973 1 : void libspdm_test_responder_set_certificate_rsp_case12(void **state)
974 : {
975 : libspdm_return_t status;
976 : libspdm_test_context_t *spdm_test_context;
977 : libspdm_context_t *spdm_context;
978 : size_t response_size;
979 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
980 : spdm_set_certificate_response_t *spdm_response;
981 : void *cert_chain;
982 : size_t cert_chain_size;
983 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
984 : uint8_t slot_id;
985 : uint8_t key_pair_id;
986 :
987 1 : spdm_test_context = *state;
988 1 : spdm_context = spdm_test_context->spdm_context;
989 1 : spdm_test_context->case_id = 0xc;
990 1 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_13 <<
991 : SPDM_VERSION_NUMBER_SHIFT_BIT;
992 1 : slot_id = 1;
993 1 : key_pair_id = 1;
994 :
995 1 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
996 1 : spdm_context->local_context.capability.flags |=
997 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
998 1 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
999 1 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1000 1 : spdm_context->connection_info.multi_key_conn_rsp = true;
1001 :
1002 1 : spdm_context->local_context.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1003 1 : spdm_context->local_context.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1004 :
1005 1 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1006 : m_libspdm_use_asym_algo, &cert_chain,
1007 : &cert_chain_size, NULL, NULL);
1008 :
1009 1 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
1010 : cert_chain_size);
1011 :
1012 1 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_13;
1013 1 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
1014 1 : m_libspdm_set_certificate_request->header.param1 =
1015 : slot_id | (SPDM_CERTIFICATE_INFO_CERT_MODEL_NONE <<
1016 : SPDM_SET_CERTIFICATE_REQUEST_ATTRIBUTES_CERT_MODEL_OFFSET);
1017 1 : m_libspdm_set_certificate_request->header.param2 = key_pair_id;
1018 :
1019 1 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
1020 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
1021 : (uint8_t *)cert_chain, cert_chain_size);
1022 :
1023 1 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
1024 : cert_chain_size;
1025 :
1026 1 : response_size = sizeof(response);
1027 1 : status = libspdm_get_response_set_certificate(spdm_context,
1028 : m_libspdm_set_certificate_request_size,
1029 : m_libspdm_set_certificate_request,
1030 : &response_size, response);
1031 :
1032 1 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1033 1 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1034 1 : spdm_response = (void *)response;
1035 1 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1036 1 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_INVALID_REQUEST);
1037 1 : assert_int_equal(spdm_response->header.param2, 0);
1038 :
1039 1 : free(cert_chain);
1040 1 : free(m_libspdm_set_certificate_request);
1041 1 : }
1042 :
1043 : /**
1044 : * Test 13: The Responder cannot complete request due to busy response when writing to NVM.
1045 : * Expected Behavior: The Responder returns a Busy error response.
1046 : **/
1047 1 : void libspdm_test_responder_set_certificate_rsp_case13(void **state)
1048 : {
1049 : #if LIBSPDM_SET_CERT_CSR_PARAMS
1050 : libspdm_return_t status;
1051 : libspdm_test_context_t *spdm_test_context;
1052 : libspdm_context_t *spdm_context;
1053 : size_t response_size;
1054 : uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
1055 : spdm_set_certificate_response_t *spdm_response;
1056 : void *cert_chain;
1057 : size_t cert_chain_size;
1058 : spdm_set_certificate_request_t *m_libspdm_set_certificate_request;
1059 :
1060 : spdm_test_context = *state;
1061 : spdm_context = spdm_test_context->spdm_context;
1062 : spdm_test_context->case_id = 0xd;
1063 : spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 <<
1064 : SPDM_VERSION_NUMBER_SHIFT_BIT;
1065 :
1066 : spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
1067 : spdm_context->local_context.capability.flags |=
1068 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_SET_CERT_CAP;
1069 : spdm_context->local_context.capability.flags |=
1070 : SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_INSTALL_RESET_CAP;
1071 : spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1072 : spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1073 :
1074 : spdm_context->local_context.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
1075 : spdm_context->local_context.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
1076 :
1077 : libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
1078 : m_libspdm_use_asym_algo, &cert_chain,
1079 : &cert_chain_size, NULL, NULL);
1080 :
1081 : m_libspdm_set_certificate_request = malloc(sizeof(spdm_set_certificate_request_t) +
1082 : cert_chain_size);
1083 :
1084 : m_libspdm_set_certificate_request->header.spdm_version = SPDM_MESSAGE_VERSION_12;
1085 : m_libspdm_set_certificate_request->header.request_response_code = SPDM_SET_CERTIFICATE;
1086 : m_libspdm_set_certificate_request->header.param1 = 0;
1087 : m_libspdm_set_certificate_request->header.param2 = 0;
1088 :
1089 : libspdm_copy_mem(m_libspdm_set_certificate_request + 1,
1090 : LIBSPDM_MAX_CERT_CHAIN_SIZE,
1091 : (uint8_t *)cert_chain, cert_chain_size);
1092 :
1093 : size_t m_libspdm_set_certificate_request_size = sizeof(spdm_set_certificate_request_t) +
1094 : cert_chain_size;
1095 :
1096 : /* Unable to write to NVM due to busy condition. */
1097 : g_set_cert_is_busy = true;
1098 :
1099 : response_size = sizeof(response);
1100 : status = libspdm_get_response_set_certificate(spdm_context,
1101 : m_libspdm_set_certificate_request_size,
1102 : m_libspdm_set_certificate_request,
1103 : &response_size, response);
1104 : assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
1105 : assert_int_equal(response_size, sizeof(spdm_error_response_t));
1106 : spdm_response = (void *)response;
1107 : assert_int_equal(spdm_response->header.request_response_code, SPDM_ERROR);
1108 : assert_int_equal(spdm_response->header.param1, SPDM_ERROR_CODE_BUSY);
1109 : assert_int_equal(spdm_response->header.param2, 0);
1110 :
1111 : g_set_cert_is_busy = false;
1112 :
1113 : free(cert_chain);
1114 : free(m_libspdm_set_certificate_request);
1115 : #endif /* LIBSPDM_SET_CERT_CSR_PARAMS */
1116 1 : }
1117 :
1118 1 : int libspdm_responder_set_certificate_rsp_test_main(void)
1119 : {
1120 1 : const struct CMUnitTest spdm_responder_set_certificate_tests[] = {
1121 : /* Success Case for set_certificate to slot_id:0 with device_cert mode*/
1122 : cmocka_unit_test(libspdm_test_responder_set_certificate_rsp_case1),
1123 : /* Bad request size*/
1124 : cmocka_unit_test(libspdm_test_responder_set_certificate_rsp_case2),
1125 : /* response_state: LIBSPDM_RESPONSE_STATE_BUSY*/
1126 : cmocka_unit_test(libspdm_test_responder_set_certificate_rsp_case3),
1127 : /* response_state: LIBSPDM_RESPONSE_STATE_NEED_RESYNC*/
1128 : cmocka_unit_test(libspdm_test_responder_set_certificate_rsp_case4),
1129 : /* Success Case for set_certificate to slot_id:1 with session*/
1130 : cmocka_unit_test(libspdm_test_responder_set_certificate_rsp_case5),
1131 : /* Responder requires a reset to complete the SET_CERTIFICATE request */
1132 : cmocka_unit_test(libspdm_test_responder_set_certificate_rsp_case6),
1133 : /* Success Case for set_certificate to slot_id:0 with alias_cert mode*/
1134 : cmocka_unit_test(libspdm_test_responder_set_certificate_rsp_case7),
1135 : /* Success Case for set_certificate to slot_id:1 without session and with trusted environment */
1136 : cmocka_unit_test(libspdm_test_responder_set_certificate_rsp_case8),
1137 : /* Error Case for set_certificate to slot_id:1 without session and without trusted environment */
1138 : cmocka_unit_test(libspdm_test_responder_set_certificate_rsp_case9),
1139 : /* Success Case for erase certificate to slot_id:1 with session*/
1140 : cmocka_unit_test(libspdm_test_responder_set_certificate_rsp_case10),
1141 : /* Success Case for set_certificate to slot_id:1 with key_pair_id*/
1142 : cmocka_unit_test(libspdm_test_responder_set_certificate_rsp_case11),
1143 : cmocka_unit_test(libspdm_test_responder_set_certificate_rsp_case12),
1144 : cmocka_unit_test(libspdm_test_responder_set_certificate_rsp_case13),
1145 : };
1146 :
1147 1 : libspdm_test_context_t test_context = {
1148 : LIBSPDM_TEST_CONTEXT_VERSION,
1149 : false,
1150 : };
1151 :
1152 1 : libspdm_setup_test_context(&test_context);
1153 :
1154 1 : return cmocka_run_group_tests(spdm_responder_set_certificate_tests,
1155 : libspdm_unit_test_group_setup,
1156 : libspdm_unit_test_group_teardown);
1157 : }
1158 :
1159 : #endif /* LIBSPDM_ENABLE_CAPABILITY_SET_CERT_CAP*/
|
