Add unit test for SPDM 1.3 DIGEST to transcript in case of MULTI_KEY

Signed-off-by: Xiaohanjlll <[email protected]>
DMTF · Dec 18, 2023 · bb52c78 · bb52c78
1 parent 1eb447d
commit bb52c78
Show file tree

Hide file tree

Showing 4 changed files with 391 additions and 8 deletions.
diff --git a/unit_test/test_spdm_requester/encap_digests.c b/unit_test/test_spdm_requester/encap_digests.c
@@ -17,13 +17,22 @@ spdm_get_digest_request_t m_spdm_get_digests_request1 = {
 };
 size_t m_spdm_get_digests_request1_size = sizeof(m_spdm_get_digests_request1);
 
+
+spdm_get_digest_request_t m_spdm_get_digests_request2 = {
+    {
+        SPDM_MESSAGE_VERSION_13,
+        SPDM_GET_DIGESTS,
+    },
+};
+size_t m_spdm_get_digests_request2_size = sizeof(m_spdm_get_digests_request2);
+
 static uint8_t m_local_certificate_chain[LIBSPDM_MAX_CERT_CHAIN_SIZE];
 
 /**
  * Test 1: receives a valid GET_DIGESTS request message from Requester
  * Expected Behavior: produces a valid DIGESTS response message
  **/
-void test_spdm_requester_challenge_auth_case1(void **state)
+void test_spdm_requester_encap_get_digests_case1(void **state)
 {
     libspdm_return_t status;
     libspdm_test_context_t *spdm_test_context;
@@ -79,15 +88,15 @@ void test_spdm_requester_challenge_auth_case1(void **state)
  * Test 2:
  * Expected Behavior:
  **/
-void test_spdm_requester_challenge_auth_case2(void **state)
+void test_spdm_requester_encap_get_digests_case2(void **state)
 {
 }
 
 /**
  * Test 3: receives a valid GET_DIGESTS request message from Requester, but the request message cannot be appended to the internal cache since the internal cache is full
  * Expected Behavior: produces an ERROR response message with error code = Unspecified
  **/
-void test_spdm_requester_challenge_auth_case3(void **state)
+void test_spdm_requester_encap_get_digests_case3(void **state)
 {
     libspdm_return_t status;
     libspdm_test_context_t *spdm_test_context;
@@ -145,7 +154,7 @@ void test_spdm_requester_challenge_auth_case3(void **state)
  * Test 4: receives a valid GET_DIGESTS request message from Requester, but the response message cannot be appended to the internal cache since the internal cache is full
  * Expected Behavior: produces an ERROR response message with error code = Unspecified
  **/
-void test_spdm_requester_challenge_auth_case4(void **state)
+void test_spdm_requester_encap_get_digests_case4(void **state)
 {
     libspdm_test_context_t *spdm_test_context;
     libspdm_context_t *spdm_context;
@@ -198,6 +207,101 @@ void test_spdm_requester_challenge_auth_case4(void **state)
 #endif
 }
 
+/**
+ * Test 5: receives a valid GET_DIGESTS request message from Requester ,
+ * Set multi_key_conn_req to check if it responds correctly
+ * Expected Behavior: produces a valid DIGESTS response message
+ **/
+void test_spdm_requester_encap_get_digests_case5(void **state)
+{
+    libspdm_return_t status;
+    libspdm_test_context_t *spdm_test_context;
+    libspdm_context_t *spdm_context;
+    size_t response_size;
+    uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
+    spdm_digest_response_t *spdm_response;
+    libspdm_session_info_t *session_info;
+    uint32_t session_id;
+
+    spdm_test_context = *state;
+    spdm_context = spdm_test_context->spdm_context;
+    spdm_test_context->case_id = 0x5;
+    spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_13
+                                            << SPDM_VERSION_NUMBER_SHIFT_BIT;
+    spdm_context->connection_info.connection_state =
+        LIBSPDM_CONNECTION_STATE_NEGOTIATED;
+    spdm_context->local_context.capability.flags |=
+        SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP;
+    spdm_context->connection_info.algorithm.base_hash_algo =
+        m_libspdm_use_hash_algo;
+    spdm_context->local_context.local_cert_chain_provision[0] =
+        m_local_certificate_chain;
+    spdm_context->local_context.local_cert_chain_provision_size[0] =
+        sizeof(m_local_certificate_chain);
+    libspdm_set_mem(m_local_certificate_chain, sizeof(m_local_certificate_chain),
+                    (uint8_t)(0xFF));
+
+    session_id = 0xFFFFFFFF;
+    spdm_context->latest_session_id = session_id;
+    spdm_context->last_spdm_request_session_id_valid = true;
+    spdm_context->last_spdm_request_session_id = session_id;
+    session_info = &spdm_context->session_info[0];
+    libspdm_session_info_init(spdm_context, session_info, session_id, true);
+    libspdm_secured_message_set_session_state(
+        session_info->secured_message_context,
+        LIBSPDM_SESSION_STATE_ESTABLISHED);
+
+#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
+    spdm_context->transcript.message_m.buffer_size =
+        spdm_context->transcript.message_m.max_buffer_size;
+#endif
+    /* Sub Case 1: Set multi_key_conn_req to true*/
+    spdm_context->connection_info.multi_key_conn_req = true;
+    libspdm_reset_message_encap_d(spdm_context, session_info);
+
+    response_size = sizeof(response);
+    status = libspdm_get_encap_response_digest(spdm_context,
+                                               m_spdm_get_digests_request2_size,
+                                               &m_spdm_get_digests_request2,
+                                               &response_size, response);
+    assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
+    assert_int_equal(
+        response_size,
+        sizeof(spdm_digest_response_t) +  sizeof(spdm_key_pair_id_t) +
+        sizeof(spdm_certificate_info_t) +
+        sizeof(spdm_key_usage_bit_mask_t) +
+        libspdm_get_hash_size(spdm_context->connection_info
+                              .algorithm.base_hash_algo));
+    spdm_response = (void *)response;
+    assert_int_equal(spdm_response->header.request_response_code,
+                     SPDM_DIGESTS);
+    assert_int_equal(session_info->session_transcript.message_encap_d.buffer_size,
+                     sizeof(spdm_digest_response_t) +  sizeof(spdm_key_pair_id_t) +
+                     sizeof(spdm_certificate_info_t) +
+                     sizeof(spdm_key_usage_bit_mask_t) +
+                     libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo));
+
+    /* Sub Case 2: Set multi_key_conn_req to false*/
+    spdm_context->connection_info.multi_key_conn_req = false;
+    libspdm_reset_message_encap_d(spdm_context, session_info);
+
+    response_size = sizeof(response);
+    status = libspdm_get_encap_response_digest(spdm_context,
+                                               m_spdm_get_digests_request2_size,
+                                               &m_spdm_get_digests_request2,
+                                               &response_size, response);
+    assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
+    assert_int_equal(
+        response_size,
+        sizeof(spdm_digest_response_t) +
+        libspdm_get_hash_size(spdm_context->connection_info
+                              .algorithm.base_hash_algo));
+    spdm_response = (void *)response;
+    assert_int_equal(spdm_response->header.request_response_code,
+                     SPDM_DIGESTS);
+    assert_int_equal(session_info->session_transcript.message_encap_d.buffer_size, 0);
+}
+
 libspdm_test_context_t m_spdm_requester_digests_test_context = {
     LIBSPDM_TEST_CONTEXT_VERSION,
     false,
@@ -207,13 +311,15 @@ int libspdm_requester_encap_digests_test_main(void)
 {
     const struct CMUnitTest spdm_requester_digests_tests[] = {
         /* Success Case*/
-        cmocka_unit_test(test_spdm_requester_challenge_auth_case1),
+        cmocka_unit_test(test_spdm_requester_encap_get_digests_case1),
         /* Can be populated with new test.*/
-        cmocka_unit_test(test_spdm_requester_challenge_auth_case2),
+        cmocka_unit_test(test_spdm_requester_encap_get_digests_case2),
         /* Internal cache full (request message)*/
-        cmocka_unit_test(test_spdm_requester_challenge_auth_case3),
+        cmocka_unit_test(test_spdm_requester_encap_get_digests_case3),
         /* Internal cache full (response message)*/
-        cmocka_unit_test(test_spdm_requester_challenge_auth_case4),
+        cmocka_unit_test(test_spdm_requester_encap_get_digests_case4),
+        /* Set multi_key_conn_req to check if it responds correctly */
+        cmocka_unit_test(test_spdm_requester_encap_get_digests_case5),
     };
 
     libspdm_setup_test_context(&m_spdm_requester_digests_test_context);

diff --git a/unit_test/test_spdm_requester/get_digests.c b/unit_test/test_spdm_requester/get_digests.c
@@ -84,6 +84,7 @@ static libspdm_return_t libspdm_requester_get_digests_test_send_message(
     case 0x18:
         return LIBSPDM_STATUS_SUCCESS;
     case 0x19:
+    case 0x1A:
         return LIBSPDM_STATUS_SUCCESS;
     default:
         return LIBSPDM_STATUS_SEND_FAIL;
@@ -945,6 +946,43 @@ static libspdm_return_t libspdm_requester_get_digests_test_receive_message(
     }
         return LIBSPDM_STATUS_SUCCESS;
 
+    case 0x1A: {
+        spdm_digest_response_t *spdm_response;
+        uint8_t *digest;
+        size_t spdm_response_size;
+        size_t transport_header_size;
+
+        ((libspdm_context_t *)spdm_context)
+        ->connection_info.algorithm.base_hash_algo =
+            m_libspdm_use_hash_algo;
+        spdm_response_size = sizeof(spdm_digest_response_t) +
+                             libspdm_get_hash_size(m_libspdm_use_hash_algo) * SPDM_MAX_SLOT_COUNT;
+        transport_header_size = LIBSPDM_TEST_TRANSPORT_HEADER_SIZE;
+        spdm_response = (void *)((uint8_t *)*response + transport_header_size);
+
+        spdm_response->header.request_response_code = SPDM_DIGESTS;
+        spdm_response->header.spdm_version = SPDM_MESSAGE_VERSION_13;
+        spdm_response->header.param1 = (0x01 << 0);
+        spdm_response->header.param2 = 0;
+        spdm_response->header.param2 |= (0x01 << 0);
+
+        libspdm_set_mem(m_libspdm_local_certificate_chain,
+                        sizeof(m_libspdm_local_certificate_chain),
+                        (uint8_t)(0xFF));
+
+        digest = (void *)(spdm_response + 1);
+        libspdm_zero_mem (digest,
+                          libspdm_get_hash_size(m_libspdm_use_hash_algo) * SPDM_MAX_SLOT_COUNT);
+        libspdm_hash_all(m_libspdm_use_hash_algo, m_libspdm_local_certificate_chain,
+                         sizeof(m_libspdm_local_certificate_chain), &digest[0]);
+
+        libspdm_transport_test_encode_message(spdm_context, NULL, false,
+                                              false, spdm_response_size,
+                                              spdm_response, response_size,
+                                              response);
+    }
+        return LIBSPDM_STATUS_SUCCESS;
+
     default:
         return LIBSPDM_STATUS_RECEIVE_FAIL;
     }
@@ -1484,6 +1522,61 @@ static void libspdm_test_requester_get_digests_case25(void **state)
 #endif
 }
 
+
+/**
+ * Test 26: a response message is successfully sent ,
+ * Set multi_key_conn_rsp to check if it responds correctly
+ * Expected Behavior: requester returns the status LIBSPDM_STATUS_SUCCESS
+ **/
+static void libspdm_test_requester_get_digests_case26(void **state)
+{
+    libspdm_return_t status;
+    libspdm_test_context_t *spdm_test_context;
+    libspdm_context_t *spdm_context;
+    uint8_t slot_mask;
+    uint8_t total_digest_buffer[LIBSPDM_MAX_HASH_SIZE * SPDM_MAX_SLOT_COUNT];
+
+    spdm_test_context = *state;
+    spdm_context = spdm_test_context->spdm_context;
+    spdm_test_context->case_id = 0x1A;
+    spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_13 <<
+                                            SPDM_VERSION_NUMBER_SHIFT_BIT;
+    spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED;
+    spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP;
+    spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
+    libspdm_set_mem(m_libspdm_local_certificate_chain,
+                    sizeof(m_libspdm_local_certificate_chain),
+                    (uint8_t)(0xFF));
+    libspdm_reset_message_b(spdm_context);
+
+#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT
+    spdm_context->transcript.message_m.buffer_size =
+        spdm_context->transcript.message_m.max_buffer_size;
+#endif
+    /* Sub Case 1: Set multi_key_conn_rsp to true*/
+    spdm_context->connection_info.multi_key_conn_rsp = true;
+    libspdm_reset_message_d(spdm_context);
+
+    libspdm_zero_mem(total_digest_buffer, sizeof(total_digest_buffer));
+    status = libspdm_get_digest(spdm_context, NULL, &slot_mask, &total_digest_buffer);
+    assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
+    assert_int_equal(
+        spdm_context->transcript.message_d.buffer_size,
+        sizeof(spdm_digest_response_t) + sizeof(spdm_key_pair_id_t) + sizeof(spdm_certificate_info_t) +
+        sizeof(spdm_key_usage_bit_mask_t) +
+        libspdm_get_hash_size(
+            spdm_context->connection_info.algorithm.base_hash_algo));
+
+    /* Sub Case 2: Set multi_key_conn_rsp to false*/
+    spdm_context->connection_info.multi_key_conn_rsp = false;
+    libspdm_reset_message_d(spdm_context);
+
+    libspdm_zero_mem(total_digest_buffer, sizeof(total_digest_buffer));
+    status = libspdm_get_digest(spdm_context, NULL, &slot_mask, &total_digest_buffer);
+    assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
+    assert_int_equal(spdm_context->transcript.message_d.buffer_size,0);
+}
+
 static libspdm_test_context_t m_libspdm_requester_get_digests_test_context = {
     LIBSPDM_TEST_CONTEXT_VERSION,
     true,
@@ -1519,6 +1612,7 @@ int libspdm_requester_get_digests_test_main(void)
         cmocka_unit_test(libspdm_test_requester_get_digests_case23),
         cmocka_unit_test(libspdm_test_requester_get_digests_case24),
         cmocka_unit_test(libspdm_test_requester_get_digests_case25),
+        cmocka_unit_test(libspdm_test_requester_get_digests_case26),
     };
 
     libspdm_setup_test_context(&m_libspdm_requester_get_digests_test_context);