1.4 Add unit test for FINISH/PSK_FINISH responder

Signed-off-by: Jiewen Yao <[email protected]>

Author: jyao1

unit_test/test_spdm_responder/finish.c

@@ -16,6 +16,14 @@ typedef struct {
     uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
 } libspdm_finish_request_mine_t;
 
+typedef struct {
+    spdm_message_header_t header;
+    uint16_t opaque_data_size;
+    uint8_t opaque_data[8];
+    uint8_t signature[LIBSPDM_MAX_ASYM_KEY_SIZE];
+    uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
+} libspdm_finish_request_mine_14_t;
+
 #pragma pack()
 
 libspdm_finish_request_mine_t m_libspdm_finish_request1 = {
@@ -48,6 +56,11 @@ libspdm_finish_request_mine_t m_libspdm_finish_request7 = {
 };
 size_t m_libspdm_finish_request7_size = sizeof(m_libspdm_finish_request7);
 
+libspdm_finish_request_mine_14_t m_libspdm_finish_request8 = {
+    { SPDM_MESSAGE_VERSION_14, SPDM_FINISH, 0, 0 },
+};
+size_t m_libspdm_finish_request8_size = sizeof(m_libspdm_finish_request8);
+
 uint8_t m_dummy_buffer[LIBSPDM_MAX_HASH_SIZE];
 
 #if LIBSPDM_ENABLE_CAPABILITY_KEY_EX_CAP
@@ -3834,6 +3847,132 @@ void libspdm_test_responder_finish_case29(void **state)
     free(data1);
 }
 
+/**
+ * Test 30: SPDM version 1.4, with OpaqueData.
+ * Expected behavior: the responder accepts the request and produces a valid
+ * FINISH_RSP response message.
+ **/
+void libspdm_test_responder_finish_case30(void **state)
+{
+    libspdm_return_t status;
+    libspdm_test_context_t *spdm_test_context;
+    libspdm_context_t *spdm_context;
+    size_t response_size;
+    uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
+    spdm_finish_response_t *spdm_response;
+    void *data1;
+    size_t data_size1;
+    uint8_t *ptr;
+    uint8_t *cert_buffer;
+    size_t cert_buffer_size;
+    uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE];
+    uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
+    uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
+    libspdm_session_info_t *session_info;
+    uint32_t session_id;
+    uint32_t hash_size;
+    uint32_t hmac_size;
+
+    spdm_test_context = *state;
+    spdm_context = spdm_test_context->spdm_context;
+    spdm_test_context->case_id = 30;
+    spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
+                                            SPDM_VERSION_NUMBER_SHIFT_BIT;
+    spdm_context->connection_info.connection_state =
+        LIBSPDM_CONNECTION_STATE_NEGOTIATED;
+    spdm_context->connection_info.capability.flags |=
+        SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP;
+    spdm_context->local_context.capability.flags |=
+        SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP;
+
+    spdm_context->connection_info.algorithm.base_hash_algo =
+        m_libspdm_use_hash_algo;
+    spdm_context->connection_info.algorithm.base_asym_algo =
+        m_libspdm_use_asym_algo;
+    spdm_context->connection_info.algorithm.measurement_spec =
+        m_libspdm_use_measurement_spec;
+    spdm_context->connection_info.algorithm.measurement_hash_algo =
+        m_libspdm_use_measurement_hash_algo;
+    spdm_context->connection_info.algorithm.dhe_named_group =
+        m_libspdm_use_dhe_algo;
+    spdm_context->connection_info.algorithm.aead_cipher_suite =
+        m_libspdm_use_aead_algo;
+    libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
+                                                    m_libspdm_use_asym_algo, &data1,
+                                                    &data_size1, NULL, NULL);
+    spdm_context->local_context.local_cert_chain_provision[0] = data1;
+    spdm_context->local_context.local_cert_chain_provision_size[0] =
+        data_size1;
+    spdm_context->connection_info.local_used_cert_chain_buffer = data1;
+    spdm_context->connection_info.local_used_cert_chain_buffer_size =
+        data_size1;
+
+    libspdm_reset_message_a(spdm_context);
+    spdm_context->local_context.mut_auth_requested = 0;
+
+    /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
+    spdm_context->connection_info.capability.flags &=
+        ~SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
+    spdm_context->local_context.capability.flags &=
+        ~SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP;
+
+    session_id = 0xFFFFFFFF;
+    spdm_context->latest_session_id = session_id;
+    spdm_context->last_spdm_request_session_id_valid = true;
+    spdm_context->last_spdm_request_session_id = session_id;
+    session_info = &spdm_context->session_info[0];
+    libspdm_session_info_init(spdm_context, session_info, session_id, false);
+
+    hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
+    hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
+
+    libspdm_set_mem(m_dummy_buffer, hash_size, (uint8_t)(0xFF));
+    libspdm_secured_message_set_request_finished_key(
+        session_info->secured_message_context, m_dummy_buffer,
+        hash_size);
+    libspdm_secured_message_set_session_state(
+        session_info->secured_message_context,
+        LIBSPDM_SESSION_STATE_HANDSHAKING);
+
+    m_libspdm_finish_request8.opaque_data_size = sizeof(m_libspdm_finish_request8.opaque_data);
+
+    hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
+    ptr = m_libspdm_finish_request8.signature;
+    libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
+    cert_buffer = (uint8_t *)data1;
+    cert_buffer_size = data_size1;
+    libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size,
+                     cert_buffer_hash);
+    /* transcript.message_a size is 0*/
+    libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size);
+    /* session_transcript.message_k is 0*/
+    libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_finish_request8,
+                                  sizeof(spdm_finish_request_t) + sizeof(uint16_t) +
+                                  m_libspdm_finish_request8.opaque_data_size);
+    libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
+    libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
+                     libspdm_get_managed_buffer_size(&th_curr), hash_data);
+    libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
+                     request_finished_key, hash_size, ptr);
+    m_libspdm_finish_request8_size = sizeof(spdm_finish_request_t) + hmac_size +
+                                     sizeof(uint16_t) + m_libspdm_finish_request8.opaque_data_size;
+    response_size = sizeof(response);
+    status = libspdm_get_response_finish(spdm_context,
+                                         m_libspdm_finish_request8_size,
+                                         &m_libspdm_finish_request8,
+                                         &response_size, response);
+    assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
+    /* The ResponderVerifyData field shall be absent.*/
+    ptr = (uint8_t *)response + sizeof(spdm_finish_response_t);
+    assert_int_equal(response_size,
+                     sizeof(spdm_finish_response_t) + sizeof(uint16_t) +
+                     libspdm_read_uint16(ptr));
+    spdm_response = (void *)response;
+    assert_int_equal(spdm_response->header.request_response_code,
+                     SPDM_FINISH_RSP);
+    free(data1);
+}
+
 int libspdm_responder_finish_test_main(void)
 {
     const struct CMUnitTest spdm_responder_finish_tests[] = {
@@ -3893,6 +4032,8 @@ int libspdm_responder_finish_test_main(void)
         cmocka_unit_test_setup(libspdm_test_responder_finish_case28, libspdm_unit_test_group_setup),
         /* The requester and responder have not set HANDSHAKE_IN_THE_CLEAR*/
         cmocka_unit_test(libspdm_test_responder_finish_case29),
+        /* SPDM 1.4 with OpaqueData */
+        cmocka_unit_test(libspdm_test_responder_finish_case30),
     };
 
     libspdm_test_context_t test_context = {

unit_test/test_spdm_responder/psk_finish.c

@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2021-2022 DMTF. All rights reserved.
+ *  Copyright 2021-2025 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -14,6 +14,13 @@ typedef struct {
     spdm_message_header_t header;
     uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
 } libspdm_psk_finish_request_mine_t;
+
+typedef struct {
+    spdm_message_header_t header;
+    uint16_t opaque_data_size;
+    uint8_t opaque_data[8];
+    uint8_t verify_data[LIBSPDM_MAX_HASH_SIZE];
+} libspdm_psk_finish_request_mine_14_t;
 #pragma pack()
 
 static libspdm_th_managed_buffer_t th_curr;
@@ -28,6 +35,11 @@ libspdm_psk_finish_request_mine_t m_libspdm_psk_finish_request2 = {
 };
 size_t m_libspdm_psk_finish_request2_size = LIBSPDM_MAX_SPDM_MSG_SIZE;
 
+libspdm_psk_finish_request_mine_14_t m_libspdm_psk_finish_request3 = {
+    { SPDM_MESSAGE_VERSION_14, SPDM_PSK_FINISH, 0, 0 },
+};
+size_t m_libspdm_psk_finish_request3_size = sizeof(m_libspdm_psk_finish_request3);
+
 static uint8_t m_libspdm_dummy_buffer[LIBSPDM_MAX_HASH_SIZE];
 
 static void libspdm_secured_message_set_request_finished_key(
@@ -1497,6 +1509,8 @@ void libspdm_test_responder_psk_finish_case14(void **state)
     spdm_test_context = *state;
     spdm_context = spdm_test_context->spdm_context;
     spdm_test_context->case_id = 0xE;
+    spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 <<
+                                            SPDM_VERSION_NUMBER_SHIFT_BIT;
     spdm_context->connection_info.connection_state =
         LIBSPDM_CONNECTION_STATE_NEGOTIATED;
     spdm_context->connection_info.capability.flags |=
@@ -1572,6 +1586,107 @@ void libspdm_test_responder_psk_finish_case14(void **state)
     free(data1);
 }
 
+/**
+ * Test 15: SPDM version 1.4, with OpaqueData.
+ * Expected behavior: the responder accepts the request and produces a valid PSK_FINISH
+ * response message.
+ **/
+void libspdm_test_responder_psk_finish_case15(void **state)
+{
+    libspdm_return_t status;
+    libspdm_test_context_t *spdm_test_context;
+    libspdm_context_t *spdm_context;
+    size_t response_size;
+    uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE];
+    spdm_psk_finish_response_t *spdm_response;
+    void *data1;
+    size_t data_size1;
+    uint8_t *ptr;
+    uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE];
+    uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE];
+    libspdm_session_info_t *session_info;
+    uint32_t session_id;
+    uint32_t hash_size;
+    uint32_t hmac_size;
+
+    spdm_test_context = *state;
+    spdm_context = spdm_test_context->spdm_context;
+    spdm_test_context->case_id = 0xF;
+    spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_14 <<
+                                            SPDM_VERSION_NUMBER_SHIFT_BIT;
+    spdm_context->connection_info.connection_state =
+        LIBSPDM_CONNECTION_STATE_NEGOTIATED;
+    spdm_context->connection_info.capability.flags |=
+        SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP;
+    spdm_context->local_context.capability.flags |=
+        SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP;
+    spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo;
+    spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo;
+    spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec;
+    spdm_context->connection_info.algorithm.measurement_hash_algo =
+        m_libspdm_use_measurement_hash_algo;
+    spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo;
+    spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo;
+    libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo,
+                                                    m_libspdm_use_asym_algo, &data1,
+                                                    &data_size1, NULL, NULL);
+    spdm_context->local_context.local_cert_chain_provision[0] = data1;
+    spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1;
+    spdm_context->connection_info.local_used_cert_chain_buffer = data1;
+    spdm_context->connection_info.local_used_cert_chain_buffer_size = data_size1;
+
+    libspdm_reset_message_a(spdm_context);
+    spdm_context->local_context.mut_auth_requested = 0;
+
+    session_id = 0xFFFFFFFF;
+    spdm_context->latest_session_id = session_id;
+    spdm_context->last_spdm_request_session_id_valid = true;
+    spdm_context->last_spdm_request_session_id = session_id;
+    session_info = &spdm_context->session_info[0];
+    libspdm_session_info_init(spdm_context, session_info, session_id, true);
+    libspdm_session_info_set_psk_hint(session_info,
+                                      LIBSPDM_TEST_PSK_HINT_STRING,
+                                      sizeof(LIBSPDM_TEST_PSK_HINT_STRING));
+    hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
+    libspdm_set_mem(m_libspdm_dummy_buffer, hash_size, (uint8_t)(0xFF));
+    libspdm_secured_message_set_request_finished_key(
+        session_info->secured_message_context, m_libspdm_dummy_buffer, hash_size);
+    libspdm_secured_message_set_session_state(
+        session_info->secured_message_context, LIBSPDM_SESSION_STATE_HANDSHAKING);
+
+    m_libspdm_psk_finish_request3.opaque_data_size =
+        sizeof(m_libspdm_psk_finish_request3.opaque_data);
+    hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
+    hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo);
+    ptr = m_libspdm_psk_finish_request3.verify_data;
+    libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer));
+    /* transcript.message_a size is 0
+     * session_transcript.message_k is 0*/
+    libspdm_append_managed_buffer(&th_curr, (uint8_t *)&m_libspdm_psk_finish_request3,
+                                  sizeof(spdm_psk_finish_request_t) + sizeof(uint16_t) +
+                                  m_libspdm_psk_finish_request3.opaque_data_size);
+    libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF));
+    libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr),
+                     libspdm_get_managed_buffer_size(&th_curr), hash_data);
+    libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size,
+                     request_finished_key, hash_size, ptr);
+    m_libspdm_psk_finish_request3_size = sizeof(spdm_psk_finish_request_t) + hmac_size +
+                                         sizeof(uint16_t) +
+                                         m_libspdm_psk_finish_request3.opaque_data_size;
+    response_size = sizeof(response);
+    status = libspdm_get_response_psk_finish(
+        spdm_context, m_libspdm_psk_finish_request3_size, &m_libspdm_psk_finish_request3,
+        &response_size, response);
+    assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
+    ptr = (uint8_t *)response + sizeof(spdm_psk_finish_response_t);
+    assert_int_equal(response_size, sizeof(spdm_psk_finish_response_t) +
+                     sizeof(uint16_t) + libspdm_read_uint16(ptr));
+    spdm_response = (void *)response;
+    assert_int_equal(spdm_response->header.request_response_code, SPDM_PSK_FINISH_RSP);
+
+    free(data1);
+}
+
 int libspdm_responder_psk_finish_test_main(void)
 {
     const struct CMUnitTest spdm_responder_psk_finish_tests[] = {
@@ -1603,6 +1718,8 @@ int libspdm_responder_psk_finish_test_main(void)
         cmocka_unit_test(libspdm_test_responder_psk_finish_case13),
         /* Buffer verification*/
         cmocka_unit_test(libspdm_test_responder_psk_finish_case14),
+        /* SPDM 1.4 with OpaqueData */
+        cmocka_unit_test(libspdm_test_responder_psk_finish_case15),
     };
 
     libspdm_test_context_t test_context = {