diff --git a/include/industry_standard/spdm.h b/include/industry_standard/spdm.h index c2b4bc5b863..47dd8556cd2 100644 --- a/include/industry_standard/spdm.h +++ b/include/industry_standard/spdm.h @@ -378,8 +378,9 @@ typedef struct { #define SPDM_ALGORITHMS_MEASUREMENT_HASH_ALGO_TPM_ALG_SM3_256 0x00000080 /* SPDM Opaque Data Format (1.2) */ -#define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_0 0x00000001 -#define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1 0x00000002 +#define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_NONE 0x0 +#define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_0 0x1 +#define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1 0x2 #define SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK 0xF /* SPDM Opaque Data Format 1 (1.2) */ diff --git a/include/library/spdm_return_status.h b/include/library/spdm_return_status.h index dde0df17e10..5e5507b7f3a 100644 --- a/include/library/spdm_return_status.h +++ b/include/library/spdm_return_status.h @@ -145,6 +145,10 @@ typedef uint32_t libspdm_return_t; #define LIBSPDM_STATUS_PEER_BUFFER_TOO_SMALL \ LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0013) +/* A parameter passed by the Integrator was overridden. */ +#define LIBSPDM_STATUS_OVERRIDDEN_PARAMETER \ + LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_WARNING, LIBSPDM_SOURCE_CORE, 0x0014) + /* - Cryptography Errors - */ /* Generic failure originating from the cryptography module. */ diff --git a/library/spdm_requester_lib/libspdm_req_challenge.c b/library/spdm_requester_lib/libspdm_req_challenge.c index 0334fb975a6..91a132ad02c 100644 --- a/library/spdm_requester_lib/libspdm_req_challenge.c +++ b/library/spdm_requester_lib/libspdm_req_challenge.c @@ -256,6 +256,15 @@ static libspdm_return_t libspdm_try_challenge(libspdm_context_t *spdm_context, status = LIBSPDM_STATUS_INVALID_MSG_FIELD; goto receive_done; } + if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_12) { + if (((spdm_context->connection_info.algorithm.other_params_support & + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK) == + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_NONE) && + (opaque_length != 0)) { + status = LIBSPDM_STATUS_INVALID_MSG_FIELD; + goto receive_done; + } + } ptr += sizeof(uint16_t); if (opaque_length != 0) { result = libspdm_process_general_opaque_data_check(spdm_context, opaque_length, ptr); diff --git a/library/spdm_requester_lib/libspdm_req_get_csr.c b/library/spdm_requester_lib/libspdm_req_get_csr.c index 1d1475632dd..f0ae11a64fa 100644 --- a/library/spdm_requester_lib/libspdm_req_get_csr.c +++ b/library/spdm_requester_lib/libspdm_req_get_csr.c @@ -35,6 +35,7 @@ static libspdm_return_t libspdm_try_get_csr(libspdm_context_t *spdm_context, void *csr, size_t *csr_len) { libspdm_return_t status; + libspdm_return_t warning; spdm_get_csr_request_t *spdm_request; size_t spdm_request_size; spdm_csr_response_t *spdm_response; @@ -101,6 +102,17 @@ static libspdm_return_t libspdm_try_get_csr(libspdm_context_t *spdm_context, (uint8_t *)requester_info, requester_info_length); } + warning = LIBSPDM_STATUS_SUCCESS; + if (((spdm_context->connection_info.algorithm.other_params_support & + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK) == SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_NONE) && + (opaque_data_length != 0)) { + LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, + "Overriding opaque_data_length to 0 since there is \ + no negotiated opaque data format.")); + opaque_data_length = 0; + warning = LIBSPDM_STATUS_OVERRIDDEN_PARAMETER; + } + if (opaque_data_length != 0) { libspdm_copy_mem((uint8_t *)(spdm_request + 1) + requester_info_length, spdm_request_size - sizeof(spdm_get_csr_request_t) - requester_info_length, @@ -175,6 +187,10 @@ static libspdm_return_t libspdm_try_get_csr(libspdm_context_t *spdm_context, receive_done: libspdm_release_receiver_buffer (spdm_context); + + if ((status == LIBSPDM_STATUS_SUCCESS) && (LIBSPDM_STATUS_IS_WARNING(warning))) { + status = warning; + } return status; } diff --git a/library/spdm_requester_lib/libspdm_req_get_measurements.c b/library/spdm_requester_lib/libspdm_req_get_measurements.c index e37d3d9482b..0fc01119d65 100644 --- a/library/spdm_requester_lib/libspdm_req_get_measurements.c +++ b/library/spdm_requester_lib/libspdm_req_get_measurements.c @@ -383,6 +383,15 @@ static libspdm_return_t libspdm_try_get_measurement(libspdm_context_t *spdm_cont status = LIBSPDM_STATUS_INVALID_MSG_FIELD; goto receive_done; } + if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_12) { + if (((spdm_context->connection_info.algorithm.other_params_support & + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK) == + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_NONE) + && (opaque_length != 0)) { + status = LIBSPDM_STATUS_INVALID_MSG_FIELD; + goto receive_done; + } + } ptr += sizeof(uint16_t); if (opaque_length != 0) { result = libspdm_process_general_opaque_data_check(spdm_context, opaque_length, ptr); diff --git a/library/spdm_requester_lib/libspdm_req_key_exchange.c b/library/spdm_requester_lib/libspdm_req_key_exchange.c index 60f8c1c3fa8..0e1c0d49982 100644 --- a/library/spdm_requester_lib/libspdm_req_key_exchange.c +++ b/library/spdm_requester_lib/libspdm_req_key_exchange.c @@ -318,6 +318,12 @@ static libspdm_return_t libspdm_try_send_receive_key_exchange( if (spdm_context->connection_info.connection_state < LIBSPDM_CONNECTION_STATE_NEGOTIATED) { return LIBSPDM_STATUS_INVALID_STATE_LOCAL; } + if (libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_12) { + if ((spdm_context->connection_info.algorithm.other_params_support & + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK) != SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1) { + return LIBSPDM_STATUS_INVALID_STATE_PEER; + } + } req_session_id = libspdm_allocate_req_session_id(spdm_context, false); if (req_session_id == (INVALID_SESSION_ID & 0xFFFF)) diff --git a/library/spdm_requester_lib/libspdm_req_negotiate_algorithms.c b/library/spdm_requester_lib/libspdm_req_negotiate_algorithms.c index e3f76ad5f2c..a49ef74de8e 100644 --- a/library/spdm_requester_lib/libspdm_req_negotiate_algorithms.c +++ b/library/spdm_requester_lib/libspdm_req_negotiate_algorithms.c @@ -195,6 +195,13 @@ static libspdm_return_t libspdm_try_negotiate_algorithms(libspdm_context_t *spdm status = LIBSPDM_STATUS_INVALID_MSG_FIELD; goto receive_done; } + if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_12) { + if (!libspdm_onehot0(spdm_response->other_params_selection & + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK)) { + status = LIBSPDM_STATUS_INVALID_MSG_FIELD; + goto receive_done; + } + } if (!libspdm_onehot0(spdm_response->measurement_hash_algo)) { status = LIBSPDM_STATUS_INVALID_MSG_FIELD; goto receive_done; @@ -482,20 +489,13 @@ static libspdm_return_t libspdm_try_negotiate_algorithms(libspdm_context_t *spdm status = LIBSPDM_STATUS_NEGOTIATION_FAIL; goto receive_done; } - if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_12) { - if ((spdm_context->connection_info.algorithm.other_params_support & - SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK) != - SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1) { - status = LIBSPDM_STATUS_NEGOTIATION_FAIL; - goto receive_done; - } - } } } else { spdm_context->connection_info.algorithm.dhe_named_group = 0; spdm_context->connection_info.algorithm.aead_cipher_suite = 0; spdm_context->connection_info.algorithm.req_base_asym_alg = 0; spdm_context->connection_info.algorithm.key_schedule = 0; + spdm_context->connection_info.algorithm.other_params_support = 0; } /* -=[Update State Phase]=- */ diff --git a/library/spdm_requester_lib/libspdm_req_psk_exchange.c b/library/spdm_requester_lib/libspdm_req_psk_exchange.c index 3c7dd56e2a4..b4eca122d42 100644 --- a/library/spdm_requester_lib/libspdm_req_psk_exchange.c +++ b/library/spdm_requester_lib/libspdm_req_psk_exchange.c @@ -174,10 +174,15 @@ static libspdm_return_t libspdm_try_send_receive_psk_exchange( SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP)) { return LIBSPDM_STATUS_UNSUPPORTED_CAP; } - libspdm_reset_message_buffer_via_request_code(spdm_context, NULL, SPDM_PSK_EXCHANGE); if (spdm_context->connection_info.connection_state < LIBSPDM_CONNECTION_STATE_NEGOTIATED) { return LIBSPDM_STATUS_INVALID_STATE_LOCAL; } + if (libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_12) { + if ((spdm_context->connection_info.algorithm.other_params_support & + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK) != SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1) { + return LIBSPDM_STATUS_INVALID_STATE_PEER; + } + } req_session_id = libspdm_allocate_req_session_id(spdm_context, true); if (req_session_id == (INVALID_SESSION_ID & 0xFFFF)) @@ -185,6 +190,7 @@ static libspdm_return_t libspdm_try_send_receive_psk_exchange( return LIBSPDM_STATUS_SESSION_NUMBER_EXCEED; } + libspdm_reset_message_buffer_via_request_code(spdm_context, NULL, SPDM_PSK_EXCHANGE); { /* Double check if algorithm has been provisioned, because ALGORITHM might be skipped.*/ if (libspdm_is_capabilities_flag_supported( diff --git a/library/spdm_responder_lib/libspdm_rsp_algorithms.c b/library/spdm_responder_lib/libspdm_rsp_algorithms.c index a33ab23093c..904ec7eb454 100644 --- a/library/spdm_responder_lib/libspdm_rsp_algorithms.c +++ b/library/spdm_responder_lib/libspdm_rsp_algorithms.c @@ -252,6 +252,8 @@ libspdm_return_t libspdm_get_response_algorithms(libspdm_context_t *spdm_context uint32_t other_params_support_priority_table[] = { SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1, + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_0, + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_NONE }; spdm_request = request; @@ -389,6 +391,20 @@ libspdm_return_t libspdm_get_response_algorithms(libspdm_context_t *spdm_context response_size, response); } } + if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_12) { + switch (spdm_request->other_params_support & SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK) { + case SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_NONE: + case SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_0: + case SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1: + break; + default: + return libspdm_generate_error_response( + spdm_context, + SPDM_ERROR_CODE_INVALID_REQUEST, 0, + response_size, response); + } + } + request_size = (size_t)struct_table - (size_t)spdm_request; if (request_size != spdm_request->length) { return libspdm_generate_error_response( @@ -683,16 +699,6 @@ libspdm_return_t libspdm_get_response_algorithms(libspdm_context_t *spdm_context SPDM_ERROR_CODE_INVALID_REQUEST, 0, response_size, response); } - if (spdm_response->header.spdm_version >= SPDM_MESSAGE_VERSION_12) { - if ((spdm_context->connection_info.algorithm.other_params_support & - SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK) != - SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1) { - return libspdm_generate_error_response( - spdm_context, - SPDM_ERROR_CODE_INVALID_REQUEST, 0, - response_size, response); - } - } } } else { spdm_context->connection_info.algorithm.dhe_named_group = 0; diff --git a/library/spdm_responder_lib/libspdm_rsp_challenge_auth.c b/library/spdm_responder_lib/libspdm_rsp_challenge_auth.c index 3fa91f0d355..9c06a453dce 100644 --- a/library/spdm_responder_lib/libspdm_rsp_challenge_auth.c +++ b/library/spdm_responder_lib/libspdm_rsp_challenge_auth.c @@ -221,7 +221,6 @@ libspdm_return_t libspdm_get_response_challenge_auth(libspdm_context_t *spdm_con } ptr += measurement_summary_hash_size; - opaque_data_size = *response_size - (sizeof(spdm_challenge_auth_response_t) + hash_size + SPDM_NONCE_SIZE + measurement_summary_hash_size + sizeof(uint16_t) + signature_size); @@ -229,15 +228,21 @@ libspdm_return_t libspdm_get_response_challenge_auth(libspdm_context_t *spdm_con (uint8_t*)response + sizeof(spdm_challenge_auth_response_t) + hash_size + SPDM_NONCE_SIZE + measurement_summary_hash_size + sizeof(uint16_t); - result = libspdm_challenge_opaque_data( - spdm_context->connection_info.version, - slot_id, - measurement_summary_hash, measurement_summary_hash_size, - opaque_data, &opaque_data_size); - if (!result) { - return libspdm_generate_error_response( - spdm_context, SPDM_ERROR_CODE_UNSPECIFIED, - 0, response_size, response); + if ((libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_12) && + ((spdm_context->connection_info.algorithm.other_params_support & + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK) == SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_NONE)) { + opaque_data_size = 0; + } else { + result = libspdm_challenge_opaque_data( + spdm_context->connection_info.version, + slot_id, + measurement_summary_hash, measurement_summary_hash_size, + opaque_data, &opaque_data_size); + if (!result) { + return libspdm_generate_error_response( + spdm_context, SPDM_ERROR_CODE_UNSPECIFIED, + 0, response_size, response); + } } /*write opaque_data_size*/ diff --git a/library/spdm_responder_lib/libspdm_rsp_csr.c b/library/spdm_responder_lib/libspdm_rsp_csr.c index 209074a0e71..b76c8b758ba 100644 --- a/library/spdm_responder_lib/libspdm_rsp_csr.c +++ b/library/spdm_responder_lib/libspdm_rsp_csr.c @@ -101,6 +101,15 @@ libspdm_return_t libspdm_get_response_csr(libspdm_context_t *spdm_context, SPDM_ERROR_CODE_INVALID_REQUEST, 0, response_size, response); } + if (((spdm_context->connection_info.algorithm.other_params_support & + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK) == SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_NONE) + && (opaque_data_length != 0)) { + LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR, "It's %x, baah!", + spdm_context->connection_info.algorithm.other_params_support)); + return libspdm_generate_error_response(spdm_context, + SPDM_ERROR_CODE_INVALID_REQUEST, 0, + response_size, response); + } if (opaque_data_length > request_size - sizeof(spdm_get_csr_request_t)) { diff --git a/library/spdm_responder_lib/libspdm_rsp_key_exchange.c b/library/spdm_responder_lib/libspdm_rsp_key_exchange.c index 44d261f709b..bb8a2ec6056 100644 --- a/library/spdm_responder_lib/libspdm_rsp_key_exchange.c +++ b/library/spdm_responder_lib/libspdm_rsp_key_exchange.c @@ -225,12 +225,19 @@ libspdm_return_t libspdm_get_response_key_exchange(libspdm_context_t *spdm_conte spdm_context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST, SPDM_KEY_EXCHANGE, response_size, response); } - if (spdm_context->connection_info.connection_state < - LIBSPDM_CONNECTION_STATE_NEGOTIATED) { + if (spdm_context->connection_info.connection_state < LIBSPDM_CONNECTION_STATE_NEGOTIATED) { return libspdm_generate_error_response(spdm_context, SPDM_ERROR_CODE_UNEXPECTED_REQUEST, 0, response_size, response); } + if (libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_12) { + if ((spdm_context->connection_info.algorithm.other_params_support & + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK) != SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1) { + return libspdm_generate_error_response( + spdm_context, SPDM_ERROR_CODE_INVALID_REQUEST, + 0, response_size, response); + } + } if (spdm_context->last_spdm_request_session_id_valid) { return libspdm_generate_error_response(spdm_context, SPDM_ERROR_CODE_UNEXPECTED_REQUEST, diff --git a/library/spdm_responder_lib/libspdm_rsp_measurements.c b/library/spdm_responder_lib/libspdm_rsp_measurements.c index 25b719a3398..3e3811e4308 100644 --- a/library/spdm_responder_lib/libspdm_rsp_measurements.c +++ b/library/spdm_responder_lib/libspdm_rsp_measurements.c @@ -256,22 +256,29 @@ libspdm_return_t libspdm_get_response_measurements(libspdm_context_t *spdm_conte opaque_data = (uint8_t*)response + sizeof(spdm_measurements_response_t) + SPDM_NONCE_SIZE + sizeof(uint16_t); - opaque_data_size = meas_opaque_buffer_size - measurements_size; - ret = libspdm_measurement_opaque_data( - spdm_context->connection_info.version, - spdm_context->connection_info.algorithm.measurement_spec, - spdm_context->connection_info.algorithm.measurement_hash_algo, - measurements_index, - spdm_request->header.param1, - opaque_data, - &opaque_data_size); + if ((libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_12) && + ((spdm_context->connection_info.algorithm.other_params_support & + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK) == SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_NONE)) { + opaque_data_size = 0; + } else { + opaque_data_size = meas_opaque_buffer_size - measurements_size; - if (!ret) { - libspdm_reset_message_m(spdm_context, session_info); - return libspdm_generate_error_response( - spdm_context, SPDM_ERROR_CODE_UNSPECIFIED, - 0, response_size, response); + ret = libspdm_measurement_opaque_data( + spdm_context->connection_info.version, + spdm_context->connection_info.algorithm.measurement_spec, + spdm_context->connection_info.algorithm.measurement_hash_algo, + measurements_index, + spdm_request->header.param1, + opaque_data, + &opaque_data_size); + + if (!ret) { + libspdm_reset_message_m(spdm_context, session_info); + return libspdm_generate_error_response( + spdm_context, SPDM_ERROR_CODE_UNSPECIFIED, + 0, response_size, response); + } } LIBSPDM_ASSERT(opaque_data_size <= (meas_opaque_buffer_size - measurements_size)); diff --git a/library/spdm_responder_lib/libspdm_rsp_psk_exchange.c b/library/spdm_responder_lib/libspdm_rsp_psk_exchange.c index 36890e7bf60..11976534202 100644 --- a/library/spdm_responder_lib/libspdm_rsp_psk_exchange.c +++ b/library/spdm_responder_lib/libspdm_rsp_psk_exchange.c @@ -136,6 +136,14 @@ libspdm_return_t libspdm_get_response_psk_exchange(libspdm_context_t *spdm_conte SPDM_ERROR_CODE_UNEXPECTED_REQUEST, 0, response_size, response); } + if (libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_12) { + if ((spdm_context->connection_info.algorithm.other_params_support & + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_MASK) != SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1) { + return libspdm_generate_error_response( + spdm_context, SPDM_ERROR_CODE_INVALID_REQUEST, + 0, response_size, response); + } + } if (spdm_context->last_spdm_request_session_id_valid) { return libspdm_generate_error_response(spdm_context, SPDM_ERROR_CODE_UNEXPECTED_REQUEST, diff --git a/unit_test/test_spdm_requester/error_test/negotiate_algorithms_err.c b/unit_test/test_spdm_requester/error_test/negotiate_algorithms_err.c index 2933d067767..ba465ce0ee7 100644 --- a/unit_test/test_spdm_requester/error_test/negotiate_algorithms_err.c +++ b/unit_test/test_spdm_requester/error_test/negotiate_algorithms_err.c @@ -1284,9 +1284,9 @@ static libspdm_return_t libspdm_requester_negotiate_algorithm_test_receive_messa spdm_response->header.param1 = 4; spdm_response->header.param2 = 0; spdm_response->length = sizeof(libspdm_algorithms_response_spdm11_t); - spdm_response->measurement_specification_sel = - SPDM_MEASUREMENT_SPECIFICATION_DMTF; - spdm_response->other_params_selection = 0; + spdm_response->measurement_specification_sel = SPDM_MEASUREMENT_SPECIFICATION_DMTF; + /* Return illegal value for OpaqueDataFmt. */ + spdm_response->other_params_selection = 0x3; spdm_response->measurement_hash_algo = m_libspdm_use_measurement_hash_algo; spdm_response->base_asym_sel = m_libspdm_use_asym_algo; spdm_response->base_hash_sel = m_libspdm_use_hash_algo; @@ -1589,8 +1589,7 @@ static libspdm_return_t libspdm_requester_negotiate_algorithm_test_receive_messa SPDM_MEASUREMENT_SPECIFICATION_DMTF; /* Two bits set when only one should be set. */ spdm_response->other_params_selection = - SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_0 | - SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1; + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_0 | SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1; spdm_response->measurement_hash_algo = m_libspdm_use_measurement_hash_algo; spdm_response->base_asym_sel = m_libspdm_use_asym_algo; @@ -2753,7 +2752,7 @@ static void libspdm_test_requester_negotiate_algorithms_error_case34(void **stat spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP; status = libspdm_negotiate_algorithms (spdm_context); - assert_int_equal (status, LIBSPDM_STATUS_NEGOTIATION_FAIL); + assert_int_equal (status, LIBSPDM_STATUS_INVALID_MSG_FIELD); } /** @@ -3010,7 +3009,7 @@ static void libspdm_test_requester_negotiate_algorithms_error_case41(void **stat libspdm_reset_message_a(spdm_context); status = libspdm_negotiate_algorithms(spdm_context); - assert_int_equal(status, LIBSPDM_STATUS_NEGOTIATION_FAIL); + assert_int_equal(status, LIBSPDM_STATUS_INVALID_MSG_FIELD); } /** diff --git a/unit_test/test_spdm_requester/get_csr.c b/unit_test/test_spdm_requester/get_csr.c index fc08706f351..e32fb62fa11 100644 --- a/unit_test/test_spdm_requester/get_csr.c +++ b/unit_test/test_spdm_requester/get_csr.c @@ -380,16 +380,15 @@ void libspdm_test_requester_get_csr_case4(void **state) spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 << SPDM_VERSION_NUMBER_SHIFT_BIT; - spdm_context->connection_info.connection_state = - LIBSPDM_CONNECTION_STATE_NEGOTIATED; + spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED; spdm_context->local_context.capability.flags = 0; - spdm_context->connection_info.capability.flags |= - SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CSR_CAP; + spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CSR_CAP; + + spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo; + spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo; - spdm_context->connection_info.algorithm.base_hash_algo = - m_libspdm_use_hash_algo; - spdm_context->connection_info.algorithm.base_asym_algo = - m_libspdm_use_asym_algo; + spdm_context->connection_info.algorithm.other_params_support = + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_0; status = libspdm_get_csr(spdm_context, NULL, right_req_info, right_req_info_size, diff --git a/unit_test/test_spdm_requester/key_exchange.c b/unit_test/test_spdm_requester/key_exchange.c index a8fb6386bce..c1f0fdca1fc 100644 --- a/unit_test/test_spdm_requester/key_exchange.c +++ b/unit_test/test_spdm_requester/key_exchange.c @@ -7479,8 +7479,7 @@ static void libspdm_test_requester_key_exchange_case30(void **state) spdm_test_context->case_id = 0x1e; spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 << SPDM_VERSION_NUMBER_SHIFT_BIT; - spdm_context->connection_info.connection_state = - LIBSPDM_CONNECTION_STATE_NEGOTIATED; + spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED; spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP; spdm_context->local_context.capability.flags |= @@ -7492,14 +7491,12 @@ static void libspdm_test_requester_key_exchange_case30(void **state) m_libspdm_use_asym_algo, &data, &data_size, &hash, &hash_size); libspdm_reset_message_a(spdm_context); - spdm_context->connection_info.algorithm.base_hash_algo = - m_libspdm_use_hash_algo; - spdm_context->connection_info.algorithm.base_asym_algo = - m_libspdm_use_asym_algo; - spdm_context->connection_info.algorithm.dhe_named_group = - m_libspdm_use_dhe_algo; - spdm_context->connection_info.algorithm.aead_cipher_suite = - m_libspdm_use_aead_algo; + spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo; + spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo; + spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo; + spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo; + spdm_context->connection_info.algorithm.other_params_support = + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1; libspdm_session_info_init(spdm_context, spdm_context->session_info, INVALID_SESSION_ID, false); @@ -7536,8 +7533,7 @@ static void libspdm_test_requester_key_exchange_case30(void **state) libspdm_secured_message_get_session_state( spdm_context->session_info[0].secured_message_context), LIBSPDM_SESSION_STATE_HANDSHAKING); - assert_int_equal( - spdm_context->session_info[0].session_policy, 0xFF); + assert_int_equal(spdm_context->session_info[0].session_policy, 0xFF); free(data); } @@ -7684,14 +7680,12 @@ void libspdm_test_requester_key_exchange_case32(void **state) spdm_context->local_context.peer_public_key_provision_size = data_size; libspdm_reset_message_a(spdm_context); - spdm_context->connection_info.algorithm.base_hash_algo = - m_libspdm_use_hash_algo; - spdm_context->connection_info.algorithm.base_asym_algo = - m_libspdm_use_asym_algo; - spdm_context->connection_info.algorithm.dhe_named_group = - m_libspdm_use_dhe_algo; - spdm_context->connection_info.algorithm.aead_cipher_suite = - m_libspdm_use_aead_algo; + spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo; + spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo; + spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo; + spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo; + spdm_context->connection_info.algorithm.other_params_support = + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1; libspdm_session_info_init(spdm_context, spdm_context->session_info, INVALID_SESSION_ID, false); diff --git a/unit_test/test_spdm_requester/psk_exchange.c b/unit_test/test_spdm_requester/psk_exchange.c index 301b5eb5c27..abff6f83b93 100644 --- a/unit_test/test_spdm_requester/psk_exchange.c +++ b/unit_test/test_spdm_requester/psk_exchange.c @@ -3890,8 +3890,7 @@ void libspdm_test_requester_psk_exchange_case13(void **state) spdm_test_context->case_id = 0xD; spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 << SPDM_VERSION_NUMBER_SHIFT_BIT; - spdm_context->connection_info.connection_state = - LIBSPDM_CONNECTION_STATE_NEGOTIATED; + spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED; spdm_context->connection_info.capability.flags &= ~(SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP); spdm_context->connection_info.capability.flags |= @@ -3905,14 +3904,12 @@ void libspdm_test_requester_psk_exchange_case13(void **state) m_libspdm_use_asym_algo, &data, &data_size, &hash, &hash_size); libspdm_reset_message_a(spdm_context); - spdm_context->connection_info.algorithm.base_hash_algo = - m_libspdm_use_hash_algo; - spdm_context->connection_info.algorithm.dhe_named_group = - m_libspdm_use_dhe_algo; - spdm_context->connection_info.algorithm.aead_cipher_suite = - m_libspdm_use_aead_algo; - spdm_context->connection_info.algorithm.key_schedule = - m_libspdm_use_key_schedule_algo; + spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo; + spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo; + spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo; + spdm_context->connection_info.algorithm.key_schedule = m_libspdm_use_key_schedule_algo; + spdm_context->connection_info.algorithm.other_params_support = + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1; libspdm_session_info_init(spdm_context, spdm_context->session_info, INVALID_SESSION_ID, false); diff --git a/unit_test/test_spdm_responder/algorithms.c b/unit_test/test_spdm_responder/algorithms.c index 4e3bd17c948..7ea80048951 100644 --- a/unit_test/test_spdm_responder/algorithms.c +++ b/unit_test/test_spdm_responder/algorithms.c @@ -659,6 +659,8 @@ libspdm_negotiate_algorithms_request_spdm12_t }, sizeof(libspdm_negotiate_algorithms_request_spdm12_t), SPDM_MEASUREMENT_SPECIFICATION_DMTF, + /* Illegal OpaqueDataFmt. */ + 0x03, }, { { diff --git a/unit_test/test_spdm_responder/csr.c b/unit_test/test_spdm_responder/csr.c index 70bc5f3f608..b431c9ea35c 100644 --- a/unit_test/test_spdm_responder/csr.c +++ b/unit_test/test_spdm_responder/csr.c @@ -538,14 +538,12 @@ void libspdm_test_responder_csr_case4(void **state) spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 << SPDM_VERSION_NUMBER_SHIFT_BIT; - spdm_context->connection_info.connection_state = - LIBSPDM_CONNECTION_STATE_NEGOTIATED; - spdm_context->local_context.capability.flags |= - SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CSR_CAP; - spdm_context->connection_info.algorithm.base_hash_algo = - m_libspdm_use_hash_algo; - spdm_context->connection_info.algorithm.base_asym_algo = - m_libspdm_use_asym_algo; + spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED; + spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CSR_CAP; + spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo; + spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo; + spdm_context->connection_info.algorithm.other_params_support = + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_0; m_libspdm_get_csr_request = malloc(sizeof(spdm_get_csr_request_t) + sizeof(m_csr_opaque_data)); @@ -573,8 +571,7 @@ void libspdm_test_responder_csr_case4(void **state) spdm_response = (void *)response; assert_int_equal(response_size, sizeof(spdm_csr_response_t) + spdm_response->csr_length); - assert_int_equal(spdm_response->header.request_response_code, - SPDM_CSR); + assert_int_equal(spdm_response->header.request_response_code, SPDM_CSR); /*check returned CSR not zero */ assert_memory_not_equal(spdm_response + 1, wrong_csr, spdm_response->csr_length); diff --git a/unit_test/test_spdm_responder/key_exchange.c b/unit_test/test_spdm_responder/key_exchange.c index ee834a4b54c..75b546c6601 100644 --- a/unit_test/test_spdm_responder/key_exchange.c +++ b/unit_test/test_spdm_responder/key_exchange.c @@ -1426,21 +1426,17 @@ void libspdm_test_responder_key_exchange_case17(void **state) SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP; spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP; - spdm_context->connection_info.algorithm.base_hash_algo = - m_libspdm_use_hash_algo; - spdm_context->connection_info.algorithm.base_asym_algo = - m_libspdm_use_asym_algo; - spdm_context->connection_info.algorithm.measurement_spec = - m_libspdm_use_measurement_spec; + spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo; + spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo; + spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec; spdm_context->connection_info.algorithm.measurement_hash_algo = m_libspdm_use_measurement_hash_algo; - spdm_context->connection_info.algorithm.dhe_named_group = - m_libspdm_use_dhe_algo; - spdm_context->connection_info.algorithm.aead_cipher_suite = - m_libspdm_use_aead_algo; + spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo; + spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo; spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 << SPDM_VERSION_NUMBER_SHIFT_BIT; - + spdm_context->connection_info.algorithm.other_params_support = + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1; spdm_context->local_context.secured_message_version.spdm_version_count = 1; libspdm_session_info_init(spdm_context, @@ -1450,14 +1446,12 @@ void libspdm_test_responder_key_exchange_case17(void **state) m_libspdm_use_asym_algo, &data1, &data_size1, NULL, NULL); spdm_context->local_context.local_cert_chain_provision[0] = data1; - spdm_context->local_context.local_cert_chain_provision_size[0] = - data_size1; + spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1; libspdm_reset_message_a(spdm_context); spdm_context->local_context.mut_auth_requested = 0; - libspdm_get_random_number(SPDM_RANDOM_DATA_SIZE, - m_libspdm_key_exchange_request8.random_data); + libspdm_get_random_number(SPDM_RANDOM_DATA_SIZE, m_libspdm_key_exchange_request8.random_data); m_libspdm_key_exchange_request8.req_session_id = 0xFFFF; m_libspdm_key_exchange_request8.reserved = 0; m_libspdm_key_exchange_request8.session_policy = 0xFF; @@ -1482,16 +1476,14 @@ void libspdm_test_responder_key_exchange_case17(void **state) assert_int_equal(spdm_context->session_info[0].session_policy, m_libspdm_key_exchange_request8.session_policy); spdm_response = (void *)response; - assert_int_equal(spdm_response->header.spdm_version, - SPDM_MESSAGE_VERSION_12); + assert_int_equal(spdm_response->header.spdm_version, SPDM_MESSAGE_VERSION_12); assert_int_equal(status, LIBSPDM_STATUS_SUCCESS); assert_int_equal( libspdm_secured_message_get_session_state( spdm_context->session_info[0].secured_message_context), LIBSPDM_SESSION_STATE_HANDSHAKING); spdm_response = (void *)response; - assert_int_equal(spdm_response->header.request_response_code, - SPDM_KEY_EXCHANGE_RSP); + assert_int_equal(spdm_response->header.request_response_code, SPDM_KEY_EXCHANGE_RSP); assert_int_equal(spdm_response->rsp_session_id, 0xFFFF); free(data1); } diff --git a/unit_test/test_spdm_responder/psk_exchange.c b/unit_test/test_spdm_responder/psk_exchange.c index a9a4c19c62f..b6fc8c5616d 100644 --- a/unit_test/test_spdm_responder/psk_exchange.c +++ b/unit_test/test_spdm_responder/psk_exchange.c @@ -838,24 +838,20 @@ void libspdm_test_responder_psk_exchange_case9(void **state) spdm_test_context->case_id = 0x9; spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_12 << SPDM_VERSION_NUMBER_SHIFT_BIT; - spdm_context->connection_info.connection_state = - LIBSPDM_CONNECTION_STATE_NEGOTIATED; + spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED; spdm_context->connection_info.capability.flags |= SPDM_GET_CAPABILITIES_REQUEST_FLAGS_PSK_CAP; spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_PSK_CAP; - spdm_context->connection_info.algorithm.base_hash_algo = - m_libspdm_use_hash_algo; - spdm_context->connection_info.algorithm.measurement_spec = - m_libspdm_use_measurement_spec; + spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo; + spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec; spdm_context->connection_info.algorithm.measurement_hash_algo = m_libspdm_use_measurement_hash_algo; - spdm_context->connection_info.algorithm.dhe_named_group = - m_libspdm_use_dhe_algo; - spdm_context->connection_info.algorithm.aead_cipher_suite = - m_libspdm_use_aead_algo; - spdm_context->connection_info.algorithm.key_schedule = - m_libspdm_use_key_schedule_algo; + spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo; + spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo; + spdm_context->connection_info.algorithm.key_schedule = m_libspdm_use_key_schedule_algo; + spdm_context->connection_info.algorithm.other_params_support = + SPDM_ALGORITHMS_OPAQUE_DATA_FORMAT_1; libspdm_session_info_init(spdm_context, spdm_context->session_info, INVALID_SESSION_ID, false); @@ -863,11 +859,9 @@ void libspdm_test_responder_psk_exchange_case9(void **state) m_libspdm_use_asym_algo, &data1, &data_size1, NULL, NULL); spdm_context->local_context.local_cert_chain_provision[0] = data1; - spdm_context->local_context.local_cert_chain_provision_size[0] = - data_size1; + spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1; spdm_context->connection_info.local_used_cert_chain_buffer = data1; - spdm_context->connection_info.local_used_cert_chain_buffer_size = - data_size1; + spdm_context->connection_info.local_used_cert_chain_buffer_size = data_size1; libspdm_reset_message_a(spdm_context); @@ -876,8 +870,7 @@ void libspdm_test_responder_psk_exchange_case9(void **state) m_libspdm_psk_exchange_request3.context_length = LIBSPDM_PSK_CONTEXT_LENGTH; opaque_psk_exchange_req_size = libspdm_get_opaque_data_supported_version_data_size(spdm_context); - m_libspdm_psk_exchange_request3.opaque_length = - (uint16_t)opaque_psk_exchange_req_size; + m_libspdm_psk_exchange_request3.opaque_length = (uint16_t)opaque_psk_exchange_req_size; m_libspdm_psk_exchange_request3.req_session_id = 0xFFFF; ptr = m_libspdm_psk_exchange_request3.psk_hint; libspdm_copy_mem(ptr, sizeof(m_libspdm_psk_exchange_request3.psk_hint), @@ -904,14 +897,11 @@ void libspdm_test_responder_psk_exchange_case9(void **state) LIBSPDM_SESSION_STATE_HANDSHAKING); assert_int_equal(spdm_context->session_info[0].session_policy, 0); spdm_response = (void *)response; - assert_int_equal(spdm_response->header.spdm_version, - SPDM_MESSAGE_VERSION_12); - assert_int_equal(spdm_response->header.request_response_code, - SPDM_PSK_EXCHANGE_RSP); + assert_int_equal(spdm_response->header.spdm_version, SPDM_MESSAGE_VERSION_12); + assert_int_equal(spdm_response->header.request_response_code, SPDM_PSK_EXCHANGE_RSP); assert_int_equal(spdm_response->rsp_session_id, 0xFFFF); #if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT - assert_int_equal(spdm_context->transcript.message_m.buffer_size, - 0); + assert_int_equal(spdm_context->transcript.message_m.buffer_size, 0); #endif free(data1); }