Skip to content

Commit

Permalink
add tests for keys roll back
Browse files Browse the repository at this point in the history 
Signed-off-by: OuyangHang33 <[email protected]>
  • Loading branch information
@OuyangHang33
OuyangHang33 committed Apr 1, 2024
1 parent 10affc0 commit 0b8aca7
Show file tree
Hide file tree
Showing 2 changed files with 453 additions and 0 deletions.
248 changes: 248 additions & 0 deletions test/spdmlib-test/src/requester_tests/key_update_req.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,3 +128,251 @@ fn test_case0_send_receive_spdm_key_update() {
};
executor::block_on(future);
}

#[test]
// Test1: requester get correct KEY_UPDATE_ACK response, expect keys updated.
fn test_case1_send_receive_spdm_key_update() {
let future = async {
let (rsp_config_info, rsp_provision_info) = create_info();
let (req_config_info, req_provision_info) = create_info();

let shared_buffer = SharedBuffer::new();
let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new(
shared_buffer,
))));
let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {}));

secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone());

let mut responder = responder::ResponderContext::new(
device_io_responder,
pcidoe_transport_encap,
rsp_config_info,
rsp_provision_info,
);

let rsp_session_id = 0xFFFEu16;
let session_id = (0xffu32 << 16) + rsp_session_id as u32;
responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
responder.common.session = gen_array_clone(SpdmSession::new(), 4);
responder.common.session[0].setup(session_id).unwrap();
responder.common.session[0].set_crypto_param(
SpdmBaseHashAlgo::TPM_ALG_SHA_384,
SpdmDheAlgo::SECP_384_R1,
SpdmAeadAlgo::AES_256_GCM,
SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE,
);
responder.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished);
let dhe_secret = SpdmDheFinalKeyStruct {
data_size: 48,
data: Box::new([0; SPDM_MAX_DHE_KEY_SIZE]),
};

let _ = responder.common.session[0].set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret);
let _ = responder.common.session[0].generate_handshake_secret(
SpdmVersion::SpdmVersion12,
&SpdmDigestStruct {
data_size: 48,
data: Box::new([0; SPDM_MAX_HASH_SIZE]),
},
);
let _ = responder.common.session[0].generate_data_secret(
SpdmVersion::SpdmVersion12,
&SpdmDigestStruct {
data_size: 48,
data: Box::new([0; SPDM_MAX_HASH_SIZE]),
},
);
let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {}));
let shared_buffer = SharedBuffer::new();
let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new(
Arc::new(shared_buffer),
Arc::new(Mutex::new(responder)),
)));

let mut requester = RequesterContext::new(
device_io_requester,
pcidoe_transport_encap2,
req_config_info,
req_provision_info,
);

let rsp_session_id = 0xFFFEu16;
let session_id = (0xffu32 << 16) + rsp_session_id as u32;
requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
requester.common.session = gen_array_clone(SpdmSession::new(), 4);
requester.common.session[0].setup(session_id).unwrap();
requester.common.session[0].set_crypto_param(
SpdmBaseHashAlgo::TPM_ALG_SHA_384,
SpdmDheAlgo::SECP_384_R1,
SpdmAeadAlgo::AES_256_GCM,
SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE,
);
requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished);
let dhe_secret = SpdmDheFinalKeyStruct {
data_size: 48,
data: Box::new([0; SPDM_MAX_DHE_KEY_SIZE]),
};

let _ = requester.common.session[0].set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret);
let _ = requester.common.session[0].generate_handshake_secret(
SpdmVersion::SpdmVersion12,
&SpdmDigestStruct {
data_size: 48,
data: Box::new([0; SPDM_MAX_HASH_SIZE]),
},
);
let _ = requester.common.session[0].generate_data_secret(
SpdmVersion::SpdmVersion12,
&SpdmDigestStruct {
data_size: 48,
data: Box::new([0; SPDM_MAX_HASH_SIZE]),
},
);
let origin_key = requester.common.session[0].export_keys();
// Update requester key S1.
let measurement_summary_hash_type = SpdmKeyUpdateOperation::SpdmUpdateSingleKey;
let status = requester
.send_receive_spdm_key_update(session_id, measurement_summary_hash_type)
.await
.is_ok();
assert!(status);
let new_key = requester.common.session[0].export_keys();

// receiving a correct UPDATE_KEY_ACK message for updating only the request data key.
assert!(&origin_key.0.encryption_key.data[..] != &new_key.0.encryption_key.data[..]);
assert!(&origin_key.1.encryption_key.data[..] == &new_key.1.encryption_key.data[..]);

// Update requester and responder key S1 and S2.
let measurement_summary_hash_type = SpdmKeyUpdateOperation::SpdmUpdateAllKeys;
let status = requester
.send_receive_spdm_key_update(session_id, measurement_summary_hash_type)
.await
.is_ok();
assert!(status);
let new_key = requester.common.session[0].export_keys();

// receiving a correct UPDATE_KEY_ACK message for updating only the request data key.
assert!(&origin_key.0.encryption_key.data[..] != &new_key.0.encryption_key.data[..]);
assert!(&origin_key.1.encryption_key.data[..] != &new_key.1.encryption_key.data[..]);
};
executor::block_on(future);
}

// Test2: requester send incorrect KEY_UPDATE request (Tag = 1), expect no keys update.
#[test]
fn test_case2_send_receive_spdm_key_update() {
let future = async {
let (rsp_config_info, rsp_provision_info) = create_info();
let (req_config_info, req_provision_info) = create_info();

let shared_buffer = SharedBuffer::new();
let device_io_responder = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new(
shared_buffer,
))));
let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {}));

secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone());

let mut responder = responder::ResponderContext::new(
device_io_responder,
pcidoe_transport_encap,
rsp_config_info,
rsp_provision_info,
);

let rsp_session_id = 0xFFFEu16;
let session_id = (0xffu32 << 16) + rsp_session_id as u32;
responder.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
responder.common.session = gen_array_clone(SpdmSession::new(), 4);
responder.common.session[0].setup(session_id).unwrap();
responder.common.session[0].set_crypto_param(
SpdmBaseHashAlgo::TPM_ALG_SHA_384,
SpdmDheAlgo::SECP_384_R1,
SpdmAeadAlgo::AES_256_GCM,
SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE,
);
responder.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished);
let dhe_secret = SpdmDheFinalKeyStruct {
data_size: 48,
data: Box::new([0; SPDM_MAX_DHE_KEY_SIZE]),
};

let _ = responder.common.session[0].set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret);
let _ = responder.common.session[0].generate_handshake_secret(
SpdmVersion::SpdmVersion12,
&SpdmDigestStruct {
data_size: 48,
data: Box::new([0; SPDM_MAX_HASH_SIZE]),
},
);
let _ = responder.common.session[0].generate_data_secret(
SpdmVersion::SpdmVersion12,
&SpdmDigestStruct {
data_size: 48,
data: Box::new([0; SPDM_MAX_HASH_SIZE]),
},
);
let pcidoe_transport_encap2 = Arc::new(Mutex::new(PciDoeTransportEncap {}));
let shared_buffer = SharedBuffer::new();
let device_io_requester = Arc::new(Mutex::new(FakeSpdmDeviceIo::new(
Arc::new(shared_buffer),
Arc::new(Mutex::new(responder)),
)));

let mut requester = RequesterContext::new(
device_io_requester,
pcidoe_transport_encap2,
req_config_info,
req_provision_info,
);

let rsp_session_id = 0xFFFEu16;
let session_id = (0xffu32 << 16) + rsp_session_id as u32;
requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
requester.common.session = gen_array_clone(SpdmSession::new(), 4);
requester.common.session[0].setup(session_id).unwrap();
requester.common.session[0].set_crypto_param(
SpdmBaseHashAlgo::TPM_ALG_SHA_384,
SpdmDheAlgo::SECP_384_R1,
SpdmAeadAlgo::AES_256_GCM,
SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE,
);
requester.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished);
let dhe_secret = SpdmDheFinalKeyStruct {
data_size: 48,
data: Box::new([0; SPDM_MAX_DHE_KEY_SIZE]),
};

let _ = requester.common.session[0].set_dhe_secret(SpdmVersion::SpdmVersion12, dhe_secret);
let _ = requester.common.session[0].generate_handshake_secret(
SpdmVersion::SpdmVersion12,
&SpdmDigestStruct {
data_size: 48,
data: Box::new([0; SPDM_MAX_HASH_SIZE]),
},
);
let _ = requester.common.session[0].generate_data_secret(
SpdmVersion::SpdmVersion12,
&SpdmDigestStruct {
data_size: 48,
data: Box::new([0; SPDM_MAX_HASH_SIZE]),
},
);

// Wrong SpdmKeyUpdateOperation for key update fail
let origin_key = requester.common.session[0].export_keys();
let measurement_summary_hash_type = SpdmKeyUpdateOperation::Unknown(0);
let status = requester
.send_receive_spdm_key_update(session_id, measurement_summary_hash_type)
.await
.is_err();
assert!(status);
let new_key = requester.common.session[0].export_keys();

// receiving the Unknown UPDATE_KEY_ACK message, roll back requester and responder keys.
assert!(&origin_key.0.encryption_key.data[..] == &new_key.0.encryption_key.data[..]);
assert!(&origin_key.1.encryption_key.data[..] == &new_key.1.encryption_key.data[..]);
};
executor::block_on(future);
}
Loading

0 comments on commit 0b8aca7

Please sign in to comment.