Enhanced unit test for SPDM 1.3 CERTIFICATE: CertModel

Signed-off-by: Xiaohanjlll <[email protected]>
DMTF · Jan 10, 2024 · 33c2b99 · 33c2b99
1 parent 69e4f71
commit 33c2b99
Show file tree

Hide file tree

Showing 2 changed files with 135 additions and 15 deletions.
diff --git a/unit_test/test_spdm_requester/get_certificate.c b/unit_test/test_spdm_requester/get_certificate.c
@@ -22,6 +22,9 @@ static uint8_t m_cert_model;
 
 static uint8_t m_slot_id;
 
+static size_t m_calling_index;
+
+
 /* Loading the target expiration certificate chain and saving root certificate hash
  * "rsa3072_Expiration/bundle_responder.certchain.der"*/
 bool libspdm_libspdm_read_responder_public_certificate_chain_expiration(
@@ -2177,7 +2180,12 @@ libspdm_return_t libspdm_requester_get_certificate_test_receive_message(
         uint16_t portion_length;
         uint16_t remainder_length;
         size_t count;
-        static size_t calling_index = 0;
+
+        if (m_calling_index ==0) {
+            free(m_libspdm_local_certificate_chain);
+            m_libspdm_local_certificate_chain = NULL;
+            m_libspdm_local_certificate_chain_size = 0;
+        }
 
         if (m_libspdm_local_certificate_chain == NULL) {
             libspdm_read_responder_public_certificate_chain(
@@ -2191,12 +2199,12 @@ libspdm_return_t libspdm_requester_get_certificate_test_receive_message(
         count = (m_libspdm_local_certificate_chain_size +
                  LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN - 1) /
                 LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN;
-        if (calling_index != count - 1) {
+        if (m_calling_index != count - 1) {
             portion_length = LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN;
             remainder_length =
                 (uint16_t)(m_libspdm_local_certificate_chain_size -
                            LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN *
-                           (calling_index + 1));
+                           (m_calling_index + 1));
         } else {
             portion_length = (uint16_t)(
                 m_libspdm_local_certificate_chain_size -
@@ -2219,21 +2227,15 @@ libspdm_return_t libspdm_requester_get_certificate_test_receive_message(
         libspdm_copy_mem(spdm_response + 1,
                          (size_t)(*response) + *response_size - (size_t)(spdm_response + 1),
                          (uint8_t *)m_libspdm_local_certificate_chain +
-                         LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN * calling_index,
+                         LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN * m_calling_index,
                          portion_length);
 
         libspdm_transport_test_encode_message(spdm_context, NULL, false,
                                               false, spdm_response_size,
                                               spdm_response, response_size,
                                               response);
 
-        calling_index++;
-        if (calling_index == count) {
-            calling_index = 0;
-            free(m_libspdm_local_certificate_chain);
-            m_libspdm_local_certificate_chain = NULL;
-            m_libspdm_local_certificate_chain_size = 0;
-        }
+        m_calling_index++;
     }
         return LIBSPDM_STATUS_SUCCESS;
     default:
@@ -4152,6 +4154,7 @@ void libspdm_test_requester_get_certificate_case29(void **state)
  * Set CertModel to determine whether it meets expectations
  * Expected Behavior: requester returns the status LIBSPDM_STATUS_SUCCESS
  * Expected Behavior: CertModel is GenericCert model and slot 0 , returns a status of RETURN_DEVICE_ERROR.
+ * Expected Behavior: CertModel Value of 0 and certificate chain is valid, returns a status of RETURN_DEVICE_ERROR.
  **/
 void libspdm_test_requester_get_certificate_case30(void **state)
 {
@@ -4230,27 +4233,35 @@ void libspdm_test_requester_get_certificate_case30(void **state)
     m_cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT;
     libspdm_reset_message_b(spdm_context);
     m_slot_id = 0;
+    m_calling_index = 0;
 
     cert_chain_size = sizeof(cert_chain);
     libspdm_zero_mem(cert_chain, sizeof(cert_chain));
     status = libspdm_get_certificate(spdm_context, NULL, m_slot_id, &cert_chain_size,
                                      cert_chain);
     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     assert_int_equal(spdm_context->connection_info.peer_cert_info[0], m_cert_model);
+    assert_int_equal(cert_chain_size, m_libspdm_local_certificate_chain_size);
+    assert_memory_equal(cert_chain, m_libspdm_local_certificate_chain,
+                        m_libspdm_local_certificate_chain_size);
 
     /* Sub Case 2: CertModel Value of 2 , AliasCert model*/
     spdm_context->connection_info.multi_key_conn_rsp = true;
     spdm_context->connection_info.peer_cert_info[0] = 0;
     m_cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT;
     libspdm_reset_message_b(spdm_context);
     m_slot_id = 0;
+    m_calling_index = 0;
 
     cert_chain_size = sizeof(cert_chain);
     libspdm_zero_mem(cert_chain, sizeof(cert_chain));
     status = libspdm_get_certificate(spdm_context, NULL, m_slot_id, &cert_chain_size,
                                      cert_chain);
     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     assert_int_equal(spdm_context->connection_info.peer_cert_info[0], m_cert_model);
+    assert_int_equal(cert_chain_size, m_libspdm_local_certificate_chain_size);
+    assert_memory_equal(cert_chain, m_libspdm_local_certificate_chain,
+                        m_libspdm_local_certificate_chain_size);
 
     /* Sub Case 3: CertModel Value of 3 GenericCert model , slot_id set 1
      * In all cases, the certificate model for slot 0 shall be either the device certificate model or the alias certificate model*/
@@ -4259,13 +4270,17 @@ void libspdm_test_requester_get_certificate_case30(void **state)
     m_cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT;
     libspdm_reset_message_b(spdm_context);
     m_slot_id = 1;
+    m_calling_index = 0;
 
     cert_chain_size = sizeof(cert_chain);
     libspdm_zero_mem(cert_chain, sizeof(cert_chain));
     status = libspdm_get_certificate(spdm_context, NULL, m_slot_id, &cert_chain_size,
                                      cert_chain);
     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     assert_int_equal(spdm_context->connection_info.peer_cert_info[1], m_cert_model);
+    assert_int_equal(cert_chain_size, m_libspdm_local_certificate_chain_size);
+    assert_memory_equal(cert_chain, m_libspdm_local_certificate_chain,
+                        m_libspdm_local_certificate_chain_size);
 
     /* Sub Case 4: CertModel Value of 3 , GenericCert model , slot_id set 0
      * In all cases, the certificate model for slot 0 shall be either the device certificate model or the alias certificate model*/
@@ -4274,6 +4289,7 @@ void libspdm_test_requester_get_certificate_case30(void **state)
     m_cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT;
     libspdm_reset_message_b(spdm_context);
     m_slot_id = 0;
+    m_calling_index = 0;
 
     cert_chain_size = sizeof(cert_chain);
     libspdm_zero_mem(cert_chain, sizeof(cert_chain));
@@ -4282,7 +4298,45 @@ void libspdm_test_requester_get_certificate_case30(void **state)
     assert_int_equal(status, LIBSPDM_STATUS_INVALID_MSG_FIELD);
     assert_int_equal(spdm_context->connection_info.peer_cert_info[0], 0);
 
+    /* Sub Case 5: CertModel Value of 0 , MULTI_KEY_CONN_RSP is true*/
+    /* Value of 0 indicates either that the certificate slot does not contain any certificates or that the corresponding
+     * MULTI_KEY_CONN_REQ or MULTI_KEY_CONN_RSP is false. */
+    spdm_context->connection_info.multi_key_conn_rsp = true;
+    spdm_context->connection_info.peer_cert_info[0] = 0;
+    m_cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_NONE;
+    libspdm_reset_message_b(spdm_context);
+    m_slot_id = 0;
+    m_calling_index = 0;
+
+    cert_chain_size = sizeof(cert_chain);
+    libspdm_zero_mem(cert_chain, sizeof(cert_chain));
+    status = libspdm_get_certificate(spdm_context, NULL, m_slot_id, &cert_chain_size,
+                                     cert_chain);
+    assert_int_equal(status, LIBSPDM_STATUS_INVALID_MSG_FIELD);
+    assert_int_equal(spdm_context->connection_info.peer_cert_info[0], m_cert_model);
+
+    /* Sub Case 6: CertModel Value of 0 , MULTI_KEY_CONN_RSP is false*/
+    /* Value of 0 indicates either that the certificate slot does not contain any certificates or that the corresponding
+     * MULTI_KEY_CONN_REQ or MULTI_KEY_CONN_RSP is false. */
+    spdm_context->connection_info.multi_key_conn_rsp = false;
+    spdm_context->connection_info.peer_cert_info[0] = 0;
+    m_cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_NONE;
+    libspdm_reset_message_b(spdm_context);
+    m_slot_id = 0;
+    m_calling_index = 0;
+
+    cert_chain_size = sizeof(cert_chain);
+    libspdm_zero_mem(cert_chain, sizeof(cert_chain));
+    status = libspdm_get_certificate(spdm_context, NULL, m_slot_id, &cert_chain_size,
+                                     cert_chain);
+    assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
+    assert_int_equal(spdm_context->connection_info.peer_cert_info[0], m_cert_model);
+    assert_int_equal(cert_chain_size, m_libspdm_local_certificate_chain_size);
+    assert_memory_equal(cert_chain, m_libspdm_local_certificate_chain,
+                        m_libspdm_local_certificate_chain_size);
+
     free(data);
+    free(m_libspdm_local_certificate_chain);
 }
 
 libspdm_test_context_t m_libspdm_requester_get_certificate_test_context = {

diff --git a/unit_test/test_spdm_responder/encap_get_certificate.c b/unit_test/test_spdm_responder/encap_get_certificate.c
@@ -366,6 +366,7 @@ void test_spdm_responder_encap_get_certificate_case4(void **state)
  * Set CertModel to determine whether it meets expectations
  * Expected Behavior: requester returns the status LIBSPDM_STATUS_SUCCESS
  * Expected Behavior: CertModel is GenericCert model and slot 0 , returns a status of RETURN_DEVICE_ERROR.
+ * Expected Behavior: CertModel Value of 0 and certificate chain is valid, returns a status of RETURN_DEVICE_ERROR.
  **/
 void test_spdm_responder_encap_get_certificate_case5(void **state)
 {
@@ -382,6 +383,7 @@ void test_spdm_responder_encap_get_certificate_case5(void **state)
     spdm_certificate_response_t *spdm_response;
     uint8_t temp_buf[LIBSPDM_MAX_SPDM_MSG_SIZE];
     size_t temp_buf_size;
+    uint8_t cert_chain[LIBSPDM_MAX_CERT_CHAIN_SIZE];
     uint16_t portion_length;
     uint16_t remainder_length;
     size_t spdm_response_size;
@@ -450,55 +452,119 @@ void test_spdm_responder_encap_get_certificate_case5(void **state)
     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     assert_int_equal(spdm_context->connection_info.peer_cert_info[0],
                      SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT);
+    assert_int_equal(spdm_context->mut_auth_cert_chain_buffer_size,
+                     LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN);
+    assert_memory_equal(spdm_context->mut_auth_cert_chain_buffer, m_libspdm_local_certificate_chain,
+                        LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN);
 
     /* Sub Case 2: CertModel Value of 2 , AliasCert model*/
-    spdm_context->connection_info.multi_key_conn_rsp = true;
+    spdm_context->connection_info.multi_key_conn_req = true;
     spdm_context->encap_context.req_slot_id = 0;
     spdm_context->connection_info.peer_cert_info[0] = 0;
-    spdm_context->mut_auth_cert_chain_buffer_size = 0;
     spdm_response->header.param2 = SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT;
     libspdm_reset_message_mut_b(spdm_context);
+    libspdm_zero_mem(cert_chain, sizeof(cert_chain));
+    spdm_context->mut_auth_cert_chain_buffer_size = 0;
+    spdm_context->mut_auth_cert_chain_buffer = cert_chain;
 
     status = libspdm_process_encap_response_certificate(spdm_context, spdm_response_size,
                                                         spdm_response,
                                                         &need_continue);
     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     assert_int_equal(spdm_context->connection_info.peer_cert_info[0],
                      SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT);
+    assert_int_equal(spdm_context->mut_auth_cert_chain_buffer_size,
+                     LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN);
+    assert_memory_equal(spdm_context->mut_auth_cert_chain_buffer, m_libspdm_local_certificate_chain,
+                        LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN);
 
     /* Sub Case 3: CertModel Value of 3 GenericCert model , slot_id set 1
      * In all cases, the certificate model for slot 0 shall be either the device certificate model or the alias certificate model*/
-    spdm_context->connection_info.multi_key_conn_rsp = true;
+    spdm_context->connection_info.multi_key_conn_req = true;
     spdm_context->encap_context.req_slot_id = 1;
     spdm_context->connection_info.peer_cert_info[1] = 0;
     spdm_context->mut_auth_cert_chain_buffer_size = 0;
     spdm_response->header.param1 = 1;
     spdm_response->header.param2 = SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT;
     libspdm_reset_message_mut_b(spdm_context);
+    libspdm_zero_mem(cert_chain, sizeof(cert_chain));
+    spdm_context->mut_auth_cert_chain_buffer_size = 0;
+    spdm_context->mut_auth_cert_chain_buffer = cert_chain;
 
     status = libspdm_process_encap_response_certificate(spdm_context, spdm_response_size,
                                                         spdm_response,
                                                         &need_continue);
     assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
     assert_int_equal(spdm_context->connection_info.peer_cert_info[1],
                      SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT);
+    assert_int_equal(spdm_context->mut_auth_cert_chain_buffer_size,
+                     LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN);
+    assert_memory_equal(spdm_context->mut_auth_cert_chain_buffer, m_libspdm_local_certificate_chain,
+                        LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN);
 
     /* Sub Case 4: CertModel Value of 3 , GenericCert model ,slot_id set 0
      * In all cases, the certificate model for slot 0 shall be either the device certificate model or the alias certificate model*/
-    spdm_context->connection_info.multi_key_conn_rsp = true;
+    spdm_context->connection_info.multi_key_conn_req = true;
     spdm_context->encap_context.req_slot_id = 0;
     spdm_context->connection_info.peer_cert_info[0] = 0;
     spdm_context->mut_auth_cert_chain_buffer_size = 0;
     spdm_response->header.param1 = 0;
     spdm_response->header.param2 = SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT;
     libspdm_reset_message_mut_b(spdm_context);
+    libspdm_zero_mem(cert_chain, sizeof(cert_chain));
+    spdm_context->mut_auth_cert_chain_buffer_size = 0;
+    spdm_context->mut_auth_cert_chain_buffer = cert_chain;
 
     status = libspdm_process_encap_response_certificate(spdm_context, spdm_response_size,
                                                         spdm_response,
                                                         &need_continue);
     assert_int_equal(status, LIBSPDM_STATUS_INVALID_MSG_FIELD);
     assert_int_equal(spdm_context->connection_info.peer_cert_info[0], 0);
 
+    /* Sub Case 5: CertModel Value of 0 , MULTI_KEY_CONN_REQ is true*/
+    /* Value of 0 indicates either that the certificate slot does not contain any certificates or that the corresponding
+     * MULTI_KEY_CONN_REQ or MULTI_KEY_CONN_RSP is false. */
+    spdm_context->connection_info.multi_key_conn_req = true;
+    spdm_context->encap_context.req_slot_id = 0;
+    spdm_context->connection_info.peer_cert_info[0] = 0;
+    spdm_context->mut_auth_cert_chain_buffer_size = 0;
+    spdm_response->header.param2 = SPDM_CERTIFICATE_INFO_CERT_MODEL_NONE;
+    libspdm_reset_message_mut_b(spdm_context);
+    libspdm_zero_mem(cert_chain, sizeof(cert_chain));
+    spdm_context->mut_auth_cert_chain_buffer_size = 0;
+    spdm_context->mut_auth_cert_chain_buffer = cert_chain;
+
+    status = libspdm_process_encap_response_certificate(spdm_context, spdm_response_size,
+                                                        spdm_response,
+                                                        &need_continue);
+    assert_int_equal(status, LIBSPDM_STATUS_INVALID_MSG_FIELD);
+    assert_int_equal(spdm_context->connection_info.peer_cert_info[0],
+                     SPDM_CERTIFICATE_INFO_CERT_MODEL_NONE);
+
+    /* Sub Case 6: CertModel Value of 0 , MULTI_KEY_CONN_REQ is false*/
+    /* Value of 0 indicates either that the certificate slot does not contain any certificates or that the corresponding
+     * MULTI_KEY_CONN_REQ or MULTI_KEY_CONN_RSP is false. */
+    spdm_context->connection_info.multi_key_conn_req = false;
+    spdm_context->encap_context.req_slot_id = 0;
+    spdm_context->connection_info.peer_cert_info[0] = 0;
+    spdm_context->mut_auth_cert_chain_buffer_size = 0;
+    spdm_response->header.param2 = SPDM_CERTIFICATE_INFO_CERT_MODEL_NONE;
+    libspdm_reset_message_mut_b(spdm_context);
+    libspdm_zero_mem(cert_chain, sizeof(cert_chain));
+    spdm_context->mut_auth_cert_chain_buffer_size = 0;
+    spdm_context->mut_auth_cert_chain_buffer = cert_chain;
+
+    status = libspdm_process_encap_response_certificate(spdm_context, spdm_response_size,
+                                                        spdm_response,
+                                                        &need_continue);
+    assert_int_equal(status, LIBSPDM_STATUS_SUCCESS);
+    assert_int_equal(spdm_context->connection_info.peer_cert_info[0],
+                     SPDM_CERTIFICATE_INFO_CERT_MODEL_NONE);
+    assert_int_equal(spdm_context->mut_auth_cert_chain_buffer_size,
+                     LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN);
+    assert_memory_equal(spdm_context->mut_auth_cert_chain_buffer, m_libspdm_local_certificate_chain,
+                        LIBSPDM_MAX_CERT_CHAIN_BLOCK_LEN);
+
     free(data);
     free(m_libspdm_local_certificate_chain);
     m_libspdm_local_certificate_chain = NULL;